diff --git a/configure b/configure
index 0360086..4515fb8 100755
--- a/configure
+++ b/configure
@@ -4580,6 +4580,102 @@ fi
LDFLAGS="${AF_tmp_ldflags}"
+
+
+for ac_func in ldap_create_page_control ldap_parse_page_control
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+{ echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6; }
+if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$ac_func || defined __stub___$ac_func
+choke me
+#endif
+
+int
+main ()
+{
+return $ac_func ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
+ (eval "$ac_link") 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext &&
+ $as_test_x conftest$ac_exeext; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ eval "$as_ac_var=no"
+fi
+
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+ac_res=`eval echo '${'$as_ac_var'}'`
+ { echo "$as_me:$LINENO: result: $ac_res" >&5
+echo "${ECHO_T}$ac_res" >&6; }
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
#
# SASL support
# configure magic taken from:
diff --git a/configure.in b/configure.in
index a83b3f1..8d5e6c9 100644
--- a/configure.in
+++ b/configure.in
@@ -210,6 +210,8 @@ AC_SUBST(HAVE_LDAP)
AC_SUBST(LIBLDAP)
LDFLAGS="${AF_tmp_ldflags}"
+AC_CHECK_FUNCS(ldap_create_page_control ldap_parse_page_control)
+
#
# SASL support
# configure magic taken from:
diff --git a/include/config.h.in b/include/config.h.in
index 9669872..d8f1747 100644
--- a/include/config.h.in
+++ b/include/config.h.in
@@ -21,6 +21,12 @@
/* Define to 1 if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
+/* Define to 1 if you have the `ldap_create_page_control' function. */
+#undef HAVE_LDAP_CREATE_PAGE_CONTROL
+
+/* Define to 1 if you have the `ldap_parse_page_control' function. */
+#undef HAVE_LDAP_PARSE_PAGE_CONTROL
+
/* Define if you have the Linux /proc filesystem. */
#undef HAVE_LINUX_PROCFS
diff --git a/modules/lookup_ldap.c b/modules/lookup_ldap.c
index 65f1fda..29e26db 100644
--- a/modules/lookup_ldap.c
+++ b/modules/lookup_ldap.c
@@ -49,8 +49,79 @@ static struct ldap_schema common_schema[] = {
};
static unsigned int common_schema_count = sizeof(common_schema)/sizeof(struct ldap_schema);
+struct ldap_search_params {
+ struct autofs_point *ap;
+ LDAP *ldap;
+ char *query, **attrs;
+ struct berval *cookie;
+ int morePages;
+ unsigned int totalCount;
+ LDAPMessage *result;
+ time_t age;
+};
+
static LDAP *auth_init(unsigned logopt, const char *, struct lookup_context *);
+#ifndef HAVE_LDAP_CREATE_PAGE_CONTROL
+int ldap_create_page_control(LDAP *ldap, unsigned int pagesize,
+ struct berval *cookie, char isCritical,
+ LDAPControl **output)
+{
+ BerElement *ber;
+ int rc;
+
+ if (!ldap || !output)
+ return LDAP_PARAM_ERROR;
+
+ ber = ber_alloc_t(LBER_USE_DER);
+ if (!ber)
+ return LDAP_NO_MEMORY;
+
+ if (ber_printf(ber, "{io}", pagesize,
+ (cookie && cookie->bv_val) ? cookie->bv_val : "",
+ (cookie && cookie->bv_val) ? cookie->bv_len : 0)
+ == LBER_ERROR) {
+ ber_free(ber, 1);
+ return LDAP_ENCODING_ERROR;
+ }
+
+ rc = ldap_create_control(LDAP_CONTROL_PAGEDRESULTS, ber, isCritical, output);
+
+ return rc;
+}
+#endif /* HAVE_LDAP_CREATE_PAGE_CONTROL */
+
+#ifndef HAVE_LDAP_PARSE_PAGE_CONTROL
+int ldap_parse_page_control(LDAP *ldap, LDAPControl **controls,
+ unsigned int *totalcount, struct berval **cookie)
+{
+ int i, rc;
+ BerElement *theBer;
+ LDAPControl *listCtrlp;
+
+ for (i = 0; controls[i] != NULL; i++) {
+ if (strcmp(controls[i]->ldctl_oid, LDAP_CONTROL_PAGEDRESULTS) == 0) {
+ listCtrlp = controls[i];
+
+ theBer = ber_init(&listCtrlp->ldctl_value);
+ if (!theBer)
+ return LDAP_NO_MEMORY;
+
+ rc = ber_scanf(theBer, "{iO}", totalcount, cookie);
+ if (rc == LBER_ERROR) {
+ ber_free(theBer, 1);
+ return LDAP_DECODING_ERROR;
+ }
+
+ ber_free(theBer, 1);
+ return LDAP_SUCCESS;
+ }
+ }
+
+ return LDAP_CONTROL_NOT_FOUND;
+}
+#endif /* HAVE_LDAP_PARSE_PAGE_CONTROL */
+
int bind_ldap_anonymous(unsigned logopt, LDAP *ldap, struct lookup_context *ctxt)
{
int rv;
@@ -1545,80 +1616,118 @@ static int encode_percent_hack(const char *name, char **key, unsigned int use_cl
return strlen(new);
}
-static int read_one_map(struct autofs_point *ap,
- struct lookup_context *ctxt,
- time_t age, int *result_ldap)
+static int do_paged_query(struct ldap_search_params *sp, struct lookup_context *ctxt)
{
- struct map_source *source;
- struct mapent_cache *mc;
- int rv, i, l, count;
- char buf[MAX_ERR_BUF];
- char *query;
- LDAPMessage *result, *e;
- char *class, *info, *entry;
- struct berval **bvKey;
- struct berval **bvValues;
- char *attrs[3];
- int scope = LDAP_SCOPE_SUBTREE;
- LDAP *ldap;
-
- source = ap->entry->current;
- ap->entry->current = NULL;
- master_source_current_signal(ap->entry);
-
- mc = source->mc;
+ struct autofs_point *ap = sp->ap;
+ LDAPControl *pageControl=NULL, *controls[2] = { NULL, NULL };
+ LDAPControl **returnedControls = NULL;
+ static unsigned long pageSize = 1000;
+ static char pagingCriticality = 'T';
+ int rv, scope = LDAP_SCOPE_SUBTREE;
+
+ if (sp->morePages == TRUE)
+ goto do_paged;
+
+ rv = ldap_search_s(sp->ldap, ctxt->qdn, scope, sp->query, sp->attrs, 0, &sp->result);
+ if ((rv != LDAP_SUCCESS) || !sp->result) {
+ /*
+ * Check for Size Limit exceeded and force run through loop
+ * and requery using page control.
+ */
+ if (rv == LDAP_SIZELIMIT_EXCEEDED)
+ sp->morePages = TRUE;
+ else {
+ debug(ap->logopt,
+ MODPREFIX "query failed for %s: %s",
+ sp->query, ldap_err2string(rv));
+ return rv;
+ }
+ }
+ return rv;
- class = ctxt->schema->entry_class;
- entry = ctxt->schema->entry_attr;
- info = ctxt->schema->value_attr;
+do_paged:
+ /* we need to use page controls so requery LDAP */
+ debug(ap->logopt, MODPREFIX "geting page of results");
- attrs[0] = entry;
- attrs[1] = info;
- attrs[2] = NULL;
+ rv = ldap_create_page_control(sp->ldap, pageSize, sp->cookie,
+ pagingCriticality, &pageControl);
+ if (rv != LDAP_SUCCESS) {
+ warn(ap->logopt, MODPREFIX "failed to create page control");
+ return rv;
+ }
- /* Build a query string. */
- l = strlen("(objectclass=)") + strlen(class) + 1;
+ /* Insert the control into a list to be passed to the search. */
+ controls[0] = pageControl;
- query = alloca(l);
- if (query == NULL) {
- char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
- logerr(MODPREFIX "malloc: %s", estr);
- return NSS_STATUS_UNAVAIL;
+ /* Search for entries in the directory using the parmeters. */
+ rv = ldap_search_ext_s(sp->ldap,
+ ctxt->qdn, scope, sp->query, sp->attrs,
+ 0, controls, NULL, NULL, 0, &sp->result);
+ if ((rv != LDAP_SUCCESS) && (rv != LDAP_PARTIAL_RESULTS)) {
+ debug(ap->logopt,
+ MODPREFIX "query failed for %s: %s",
+ sp->query, ldap_err2string(rv));
+ ldap_control_free(pageControl);
+ return rv;
}
- if (sprintf(query, "(objectclass=%s)", class) >= l) {
- error(ap->logopt, MODPREFIX "error forming query string");
- return NSS_STATUS_UNAVAIL;
+ /* Parse the results to retrieve the contols being returned. */
+ rv = ldap_parse_result(sp->ldap, sp->result,
+ NULL, NULL, NULL, NULL,
+ &returnedControls, FALSE);
+ if (sp->cookie != NULL) {
+ ber_bvfree(sp->cookie);
+ sp->cookie = NULL;
}
- query[l] = '\0';
- /* Initialize the LDAP context. */
- ldap = do_reconnect(ap->logopt, ctxt);
- if (!ldap)
- return NSS_STATUS_UNAVAIL;
+ /*
+ * Parse the page control returned to get the cookie and
+ * determine whether there are more pages.
+ */
+ rv = ldap_parse_page_control(sp->ldap,
+ returnedControls, &sp->totalCount,
+ &sp->cookie);
+ if (sp->cookie && sp->cookie->bv_val && strlen(sp->cookie->bv_val))
+ sp->morePages = TRUE;
+ else
+ sp->morePages = FALSE;
- /* Look around. */
- debug(ap->logopt,
- MODPREFIX "searching for \"%s\" under \"%s\"", query, ctxt->qdn);
+ /* Cleanup the controls used. */
+ if (returnedControls)
+ ldap_controls_free(returnedControls);
- rv = ldap_search_s(ldap, ctxt->qdn, scope, query, attrs, 0, &result);
+ ldap_control_free(pageControl);
- if ((rv != LDAP_SUCCESS) || !result) {
- debug(ap->logopt,
- MODPREFIX "query failed for %s: %s",
- query, ldap_err2string(rv));
- unbind_ldap_connection(ap->logopt, ldap, ctxt);
- *result_ldap = rv;
- return NSS_STATUS_NOTFOUND;
- }
+ return rv;
+}
- e = ldap_first_entry(ldap, result);
+static int do_get_entries(struct ldap_search_params *sp, struct map_source *source, struct lookup_context *ctxt)
+{
+ struct autofs_point *ap = sp->ap;
+ struct mapent_cache *mc = source->mc;
+ char buf[MAX_ERR_BUF];
+ struct berval **bvKey;
+ struct berval **bvValues;
+ LDAPMessage *e;
+ char *class, *info, *entry;
+ int rv, ret;
+ int i, count;
+
+ class = ctxt->schema->entry_class;
+ entry = ctxt->schema->entry_attr;
+ info = ctxt->schema->value_attr;
+
+ e = ldap_first_entry(sp->ldap, sp->result);
if (!e) {
debug(ap->logopt,
- MODPREFIX "query succeeded, no matches for %s", query);
- ldap_msgfree(result);
- unbind_ldap_connection(ap->logopt, ldap, ctxt);
- return NSS_STATUS_NOTFOUND;
+ MODPREFIX "query succeeded, no matches for %s",
+ sp->query);
+ ret = ldap_parse_result(sp->ldap, sp->result,
+ &rv, NULL, NULL, NULL, NULL, 0);
+ if (ret == LDAP_SUCCESS)
+ return rv;
+ else
+ return LDAP_OPERATIONS_ERROR;
} else
debug(ap->logopt, MODPREFIX "examining entries");
@@ -1629,10 +1738,21 @@ static int read_one_map(struct autofs_point *ap,
ber_len_t k_len;
char *s_key;
- bvKey = ldap_get_values_len(ldap, e, entry);
-
+ bvKey = ldap_get_values_len(sp->ldap, e, entry);
if (!bvKey || !*bvKey) {
- e = ldap_next_entry(ldap, e);
+ e = ldap_next_entry(sp->ldap, e);
+ if (!e) {
+ debug(ap->logopt, MODPREFIX
+ "failed to get next entry for query %s",
+ sp->query);
+ ret = ldap_parse_result(sp->ldap,
+ sp->result, &rv,
+ NULL, NULL, NULL, NULL, 0);
+ if (ret == LDAP_SUCCESS)
+ return rv;
+ else
+ return LDAP_OPERATIONS_ERROR;
+ }
continue;
}
@@ -1697,8 +1817,7 @@ static int read_one_map(struct autofs_point *ap,
if (!k_val) {
error(ap->logopt,
- MODPREFIX
- "invalid entry %.*s - ignoring",
+ MODPREFIX "invalid entry %.*s - ignoring",
bvKey[0]->bv_len, bvKey[0]->bv_val);
goto next;
}
@@ -1721,10 +1840,10 @@ static int read_one_map(struct autofs_point *ap,
goto next;
}
- bvValues = ldap_get_values_len(ldap, e, info);
+ bvValues = ldap_get_values_len(sp->ldap, e, info);
if (!bvValues || !*bvValues) {
debug(ap->logopt,
- MODPREFIX "no %s defined for %s", info, query);
+ MODPREFIX "no %s defined for %s", info, sp->query);
goto next;
}
@@ -1737,7 +1856,6 @@ static int read_one_map(struct autofs_point *ap,
* options or the actual order of entries causes problems
* it won't be supported. Perhaps someone can instruct us
* how to force an ordering.
- *
*/
count = ldap_count_values_len(bvValues);
for (i = 0; i < count; i++) {
@@ -1807,7 +1925,7 @@ static int read_one_map(struct autofs_point *ap,
}
cache_writelock(mc);
- cache_update(mc, source, s_key, mapent, age);
+ cache_update(mc, source, s_key, mapent, sp->age);
cache_unlock(mc);
free(s_key);
@@ -1818,14 +1936,112 @@ next:
}
ldap_value_free_len(bvKey);
- e = ldap_next_entry(ldap, e);
+ e = ldap_next_entry(sp->ldap, e);
+ if (!e) {
+ debug(ap->logopt, MODPREFIX
+ "failed to get next entry for query %s",
+ sp->query);
+ ret = ldap_parse_result(sp->ldap,
+ sp->result, &rv,
+ NULL, NULL, NULL, NULL, 0);
+ if (ret == LDAP_SUCCESS)
+ return rv;
+ else
+ return LDAP_OPERATIONS_ERROR;
+ }
+ }
+
+ return LDAP_SUCCESS;
+}
+
+
+static int read_one_map(struct autofs_point *ap,
+ struct lookup_context *ctxt,
+ time_t age, int *result_ldap)
+{
+ struct map_source *source;
+ struct ldap_search_params sp;
+ char buf[MAX_ERR_BUF];
+ char *class, *info, *entry;
+ char *attrs[3];
+ int rv, l;
+
+ source = ap->entry->current;
+ ap->entry->current = NULL;
+ master_source_current_signal(ap->entry);
+
+ sp.ap = ap;
+ sp.age = age;
+
+ class = ctxt->schema->entry_class;
+ entry = ctxt->schema->entry_attr;
+ info = ctxt->schema->value_attr;
+
+ attrs[0] = entry;
+ attrs[1] = info;
+ attrs[2] = NULL;
+ sp.attrs = attrs;
+
+ /* Build a query string. */
+ l = strlen("(objectclass=)") + strlen(class) + 1;
+
+ sp.query = alloca(l);
+ if (sp.query == NULL) {
+ char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
+ logerr(MODPREFIX "malloc: %s", estr);
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ if (sprintf(sp.query, "(objectclass=%s)", class) >= l) {
+ error(ap->logopt, MODPREFIX "error forming query string");
+ return NSS_STATUS_UNAVAIL;
}
+ sp.query[l] = '\0';
+
+ /* Initialize the LDAP context. */
+ sp.ldap = do_reconnect(ap->logopt, ctxt);
+ if (!sp.ldap)
+ return NSS_STATUS_UNAVAIL;
+
+ /* Look around. */
+ debug(ap->logopt,
+ MODPREFIX "searching for \"%s\" under \"%s\"", sp.query, ctxt->qdn);
+
+ sp.cookie = NULL;
+ sp.morePages = FALSE;
+ sp.totalCount = 0;
+ sp.result = NULL;
+
+ do {
+ rv = do_paged_query(&sp, ctxt);
+ if (rv == LDAP_SIZELIMIT_EXCEEDED)
+ {
+ debug(ap->logopt, MODPREFIX "result size exceed");
+ if (sp.result)
+ ldap_msgfree(sp.result);
+
+ continue;
+ }
+
+ if (rv != LDAP_SUCCESS || !sp.result) {
+ unbind_ldap_connection(ap->logopt, sp.ldap, ctxt);
+ *result_ldap = rv;
+ return NSS_STATUS_UNAVAIL;
+ }
+
+ rv = do_get_entries(&sp, source, ctxt);
+ if (rv != LDAP_SUCCESS) {
+ ldap_msgfree(sp.result);
+ unbind_ldap_connection(ap->logopt, sp.ldap, ctxt);
+ *result_ldap = rv;
+ return NSS_STATUS_NOTFOUND;
+ }
+ ldap_msgfree(sp.result);
+ } while (sp.morePages == TRUE);
debug(ap->logopt, MODPREFIX "done updating map");
- /* Clean up. */
- ldap_msgfree(result);
- unbind_ldap_connection(ap->logopt, ldap, ctxt);
+ unbind_ldap_connection(ap->logopt, sp.ldap, ctxt);
source->age = age;