sdap_async_enum.c revision 93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek LDAP Enumeration Module
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek Simo Sorce <ssorce@redhat.com>
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek Jakub Hrozek <jhrozek@redhat.com>
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek Copyright (C) 2013 Red Hat
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek This program is free software; you can redistribute it and/or modify
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek it under the terms of the GNU General Public License as published by
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek the Free Software Foundation; either version 3 of the License, or
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek (at your option) any later version.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek This program is distributed in the hope that it will be useful,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek GNU General Public License for more details.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek You should have received a copy of the GNU General Public License
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek along with this program. If not, see <http://www.gnu.org/licenses/>.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic errno_t enum_users_recv(struct tevent_req *req);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic errno_t enum_groups_recv(struct tevent_req *req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek/* ==Enumeration-Request-with-connections=================================== */
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic errno_t sdap_dom_enum_ex_retry(struct tevent_req *req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic bool sdap_dom_enum_ex_connected(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_users(struct tevent_req *subreq);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic errno_t sdap_dom_enum_search_users(struct tevent_req *req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_users_done(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_svcs(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_svcs_done(struct tevent_req *subreq);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek req = tevent_req_create(ctx, &state, struct sdap_dom_enum_ex_state);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek t = dp_opt_get_int(ctx->opts->basic, SDAP_CACHE_PURGE_TIMEOUT);
66edf42c51f8591c93204b6490c103fa51346f47Jakub Hrozek if ((sdom->last_purge.tv_sec + t) < sdom->last_enum.tv_sec) {
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek state->user_op = sdap_id_op_create(state, user_conn->conn_cache);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create failed for users\n"));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("sdap_dom_enum_ex_retry failed\n"));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic errno_t sdap_dom_enum_ex_retry(struct tevent_req *req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek subreq = sdap_id_op_connect_send(op, state, &ret);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("sdap_id_op_connect_send failed: %d\n", ret));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic bool sdap_dom_enum_ex_connected(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = sdap_id_op_connect_recv(subreq, &dp_error);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Backend is marked offline, retry later!\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Domain enumeration failed to connect to " \
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "LDAP server: (%d)[%s]\n", ret, strerror(ret)));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek return false;
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek return true;
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_users(struct tevent_req *subreq)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek if (sdap_dom_enum_ex_connected(subreq) == false) {
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* If POSIX attributes have been requested with an AD server and we
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek * have no idea about POSIX attributes support, run a one-time check
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek if (use_id_mapping == false &&
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek state->ctx->opts->schema_type == SDAP_SCHEMA_AD &&
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek state->ctx->srv_opts->posix_checked == false) {
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek subreq = sdap_posix_check_send(state, state->ev, state->ctx->opts,
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* Execution resumes in sdap_dom_enum_ex_users_done */
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic void sdap_dom_enum_ex_posix_check_done(struct tevent_req *subreq)
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek ret = sdap_posix_check_recv(subreq, &has_posix);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* We can only finish the id_op on error as the connection
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek * is re-used by the user search
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek ret = sdap_id_op_done(state->user_op, ret, &dp_error);
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n"));
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek ("POSIX check failed: %d: %s\n", ret, sss_strerror(ret)));
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* If the check ran to completion, we know for certain about the attributes
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek if (has_posix == false) {
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek /* Execution resumes in sdap_dom_enum_ex_users_done */
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozekstatic errno_t sdap_dom_enum_search_users(struct tevent_req *req)
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek tevent_req_set_callback(subreq, sdap_dom_enum_ex_users_done, req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_users_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_id_op_done(state->user_op, ret, &dp_error);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n"));
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek ("User enumeration failed: %d: %s\n", ret, sss_strerror(ret)));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek state->group_op = sdap_id_op_create(state, state->group_conn->conn_cache);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create failed for groups\n"));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->group_op,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek /* Continues to sdap_dom_enum_ex_get_groups */
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_groups(struct tevent_req *subreq)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek if (sdap_dom_enum_ex_connected(subreq) == false) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek subreq = enum_groups_send(state, state->ev, state->ctx,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek tevent_req_set_callback(subreq, sdap_dom_enum_ex_groups_done, req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_groups_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_id_op_done(state->group_op, ret, &dp_error);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->group_op,
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n"));
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek ("Group enumeration failed: %d: %s\n", ret, sss_strerror(ret)));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek state->svc_op = sdap_id_op_create(state, state->svc_conn->conn_cache);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create failed for svcs\n"));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->svc_op,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_get_svcs(struct tevent_req *subreq)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek if (sdap_dom_enum_ex_connected(subreq) == false) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek subreq = enum_services_send(state, state->ev, state->ctx,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek tevent_req_set_callback(subreq, sdap_dom_enum_ex_svcs_done, req);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekstatic void sdap_dom_enum_ex_svcs_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek struct sdap_dom_enum_ex_state *state = tevent_req_data(req,
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_id_op_done(state->svc_op, ret, &dp_error);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek ret = sdap_dom_enum_ex_retry(req, state->user_op,
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Backend is offline, retrying later\n"));
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek /* Non-recoverable error */
93dabb2fe0a798f22bb802b9c6521ab9e6a4ac36Jakub Hrozek ("Service enumeration failed: %d: %s\n", ret, sss_strerror(ret)));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* Ok, we've completed an enumeration. Save this to the
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * sysdb so we can postpone starting up the enumeration
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * process on the next SSSD service restart (to avoid
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * slowing down system boot-up
e2ac9be4f293b96f3c8992f1171e44bc1da5cfcaMichal Zidek ret = sysdb_set_enumerated(state->sdom->dom, true);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Could not mark domain as having enumerated.\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* This error is non-fatal, so continue */
fc6afb011198f84a30e6598c62923b5a588ccd54Jakub Hrozek ret = ldap_id_cleanup(state->ctx->opts, state->sdom);
34a63c4a00096da7a8e09d49b5970bb1f807eddcJakub Hrozek /* Not fatal, worst case we'll have stale entries that would be
34a63c4a00096da7a8e09d49b5970bb1f807eddcJakub Hrozek * removed on a subsequent online lookup
34a63c4a00096da7a8e09d49b5970bb1f807eddcJakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, ("Cleanup failed: %d\n", ret));
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekerrno_t sdap_dom_enum_ex_recv(struct tevent_req *req)
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek/* ==Enumeration-Request==================================================== */
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozek return sdap_dom_enum_ex_send(memctx, ev, ctx, sdom, conn, conn, conn);
19fd860d78256a4ab5a268cd58337a8bd2920cebJakub Hrozekerrno_t sdap_dom_enum_recv(struct tevent_req *req)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek/* ==User-Enumeration===================================================== */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek const char **attrs;
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_users_done(struct tevent_req *subreq);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_users_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek req = tevent_req_create(memctx, &state, struct enum_users_state);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We always want to filter on objectclass and an available name */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "(&(objectclass=%s)(%s=*)",
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Failed to build base filter\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* If we're ID-mapping, check for the objectSID as well */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ctx->opts->user_map[SDAP_AT_USER_OBJECTSID].name);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We're not ID-mapping, so make sure to only get entries
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * that have UID and GID
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Failed to build base filter\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if (ctx->srv_opts && ctx->srv_opts->max_user_value && !purge) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* If we have lastUSN available and we're not doing a full
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * refresh, limit to changes with a higher entryUSN value.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "(%s>=%s)(!(%s=%s))",
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Failed to build base filter\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* Terminate the search filter */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek state->filter = talloc_asprintf_append_buffer(state->filter, ")");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* TODO: handle attrs_type */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = build_attrs_from_map(state, ctx->opts->user_map, SDAP_OPTS_USER,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* TODO: restrict the enumerations to using a single
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * search base at a time.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek tevent_req_set_callback(subreq, enum_users_done, req);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_users_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct enum_users_state *state = tevent_req_data(req,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = sdap_get_users_recv(subreq, state, &usn_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek talloc_zfree(state->ctx->srv_opts->max_user_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if ((endptr == NULL || (*endptr == '\0' && endptr != usn_value))
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek && (usn_number > state->ctx->srv_opts->last_usn)) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic errno_t enum_users_recv(struct tevent_req *req)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek/* =Group-Enumeration===================================================== */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek const char **attrs;
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_groups_done(struct tevent_req *subreq);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic struct tevent_req *enum_groups_send(TALLOC_CTX *memctx,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek req = tevent_req_create(memctx, &state, struct enum_groups_state);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek use_mapping = sdap_idmap_domain_has_algorithmic_mapping(
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We always want to filter on objectclass and an available name */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "(&(objectclass=%s)(%s=*)",
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ctx->opts->group_map[SDAP_AT_GROUP_NAME].name);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Failed to build base filter\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* If we're ID-mapping, check for the objectSID as well */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ctx->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* We're not ID-mapping, so make sure to only get entries
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * that have a non-zero GID.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Failed to build base filter\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if (ctx->srv_opts && ctx->srv_opts->max_group_value && !purge) {
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek "(%s>=%s)(!(%s=%s))",
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Failed to build base filter\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* Terminate the search filter */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek state->filter = talloc_asprintf_append_buffer(state->filter, ")");
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ("Failed to build base filter\n"));
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* TODO: handle attrs_type */
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = build_attrs_from_map(state, ctx->opts->group_map, SDAP_OPTS_GROUP,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek /* TODO: restrict the enumerations to using a single
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek * search base at a time.
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek subreq = sdap_get_groups_send(state, state->ev,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek tevent_req_set_callback(subreq, enum_groups_done, req);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozekstatic void enum_groups_done(struct tevent_req *subreq)
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek struct enum_groups_state *state = tevent_req_data(req,
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek ret = sdap_get_groups_recv(subreq, state, &usn_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek talloc_zfree(state->ctx->srv_opts->max_group_value);
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek if ((endptr == NULL || (*endptr == '\0' && endptr != usn_value))
8ca73915a3bf60331468fed6b3b38652c979f95dJakub Hrozek && (usn_number > state->ctx->srv_opts->last_usn)) {