Range retrieval

src/db/sysdb.c

@@ -758,7 +758,11 @@
     return ret;
 }
 
-errno_t sysdb_attrs_copy(struct sysdb_attrs *src, struct sysdb_attrs *dst)
+static
+errno_t sysdb_attrs_copy_ext(struct sysdb_attrs *src,
+                             struct sysdb_attrs *dst,
+                             const char **exclude,
+                             bool check)
 {
     int ret;
     size_t c;
@@ -769,9 +773,14 @@
     }
 
     for (c = 0; c < src->num; c++) {
+        if (string_in_list(src->a[c].name, discard_const(exclude), false)) {
+            continue;
+        }
         for (d = 0; d < src->a[c].num_values; d++) {
-            ret = sysdb_attrs_add_val_safe(dst, src->a[c].name,
-                                           &src->a[c].values[d]);
+            ret = sysdb_attrs_add_val_int(dst,
+                                          src->a[c].name,
+                                          check,
+                                          &src->a[c].values[d]);
             if (ret != EOK) {
                 DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n");
                 return ret;
@@ -782,7 +791,20 @@
     return EOK;
 }
 
+errno_t sysdb_attrs_copy(struct sysdb_attrs *src,
+                         struct sysdb_attrs *dst)
+{
+    return sysdb_attrs_copy_ext(src, dst, NULL, true);
+}
+
+errno_t sysdb_attrs_join(struct sysdb_attrs *src,
+                         struct sysdb_attrs *dst,
+                         const char **exclude)
+{
+    return sysdb_attrs_copy_ext(src, dst, exclude, false);
+}
+
 int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs,
                                     const char *attr_name,
                                     const char *domain,
                                     const char *const *list)

src/db/sysdb.h

@@ -461,6 +461,9 @@ int sysdb_attrs_copy_values(struct sysdb_attrs *src,
                             struct sysdb_attrs *dst,
                             const char *name);
 errno_t sysdb_attrs_copy(struct sysdb_attrs *src, struct sysdb_attrs *dst);
+errno_t sysdb_attrs_join(struct sysdb_attrs *src,
+                         struct sysdb_attrs *dst,
+                         const char **exclude);
 int sysdb_attrs_get_el(struct sysdb_attrs *attrs, const char *name,
                        struct ldb_message_element **el);
 int sysdb_attrs_get_el_ext(struct sysdb_attrs *attrs, const char *name,

src/man/sssd-ldap.5.xml

@@ -729,9 +729,10 @@
                             this option prevents SSSD from parsing the range
                             extension. As a result large groups will appear as they
                             have no members.
-                            This option does not enable SSSD to read subsequent
-                            ranges. To retrieve all members of a group, you must
-                            increase the MaxValRange setting in Active Directory.
+                        </para>
+                        <para>
+                            By default, SSSD performs additional queries to obtain
+                            subsequent ranges and to complete information.
                         </para>
                         <para>
                             Default: False

src/providers/ldap/sdap.c

@@ -405,7 +405,8 @@
                      struct sdap_handle *sh, struct sdap_msg *sm,
                      struct sdap_attr_map *map, int attrs_num,
                      struct sysdb_attrs **_attrs,
-                     bool disable_range_retrieval)
+                     bool disable_range_retrieval,
+                     const char ***_next_attrs)
 {
     struct sysdb_attrs *attrs;
     BerElement *ber = NULL;
@@ -420,9 +421,14 @@
     bool base64;
     char *base_attr;
     uint32_t range_offset;
+    const char **next_attrs = NULL;
+    size_t next_attrs_count = 0;
     TALLOC_CTX *tmp_ctx = talloc_new(NULL);
     if (!tmp_ctx) return ENOMEM;
 
+    if (_next_attrs != NULL) {
+        *_next_attrs = NULL;
+    }
     lerrno = 0;
     ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
     if (ret != LDAP_OPT_SUCCESS) {
@@ -452,7 +458,7 @@
     if (ret) goto done;
 
     if (map) {
-        vals = ldap_get_values_len(sh->ldap, sm->msg, "objectClass");
+        vals = ldap_get_values_len(sh->ldap, sm->msg, SYSDB_OBJECTCLASS);
         if (!vals) {
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "Unknown entry type, no objectClasses found!\n");
@@ -499,10 +505,32 @@
             /* This attribute contained range values and needs more to
              * be retrieved
              */
-            /* TODO: return the set of attributes that need additional retrieval
-             * For now, we'll continue below and treat it as regular values.
-             */
-            /* FALLTHROUGH */
+            next_attrs = talloc_realloc(tmp_ctx, next_attrs, const char *,
+                                        next_attrs_count + 2
+                                        + (next_attrs_count > 0 ? 0 : 1));
+            if (next_attrs == NULL) {
+                ret = ENOMEM;
+                goto done;
+            }
+            if (next_attrs_count == 0) {
+                /* we need to ask objectClass to correctly
+                 * identify the object later
+                 */
+                next_attrs[next_attrs_count++] = SYSDB_OBJECTCLASS;
+            }
+            next_attrs[next_attrs_count] = talloc_asprintf(next_attrs,
+                                                           "%s;range=%d-*",
+                                                           base_attr,
+                                                           range_offset);
+            if (next_attrs[next_attrs_count] == NULL) {
+                ret = ENOMEM;
+                goto done;
+            }
+            DEBUG(SSSDBG_TRACE_INTERNAL,
+                  "Attribute [%s] for next range request found\n",
+                  next_attrs[next_attrs_count]);
+            next_attrs[++next_attrs_count] = NULL;
+            break;
         case ECANCELED:
             /* FALLTHROUGH */
         case EOK:
@@ -633,6 +661,9 @@
 
     PROBE(SDAP_PARSE_ENTRY_DONE);
     *_attrs = talloc_steal(memctx, attrs);
+    if (_next_attrs != NULL && disable_range_retrieval == false) {
+        *_next_attrs = talloc_steal(memctx, next_attrs);
+    }
     ret = EOK;
 
 done:
@@ -722,7 +753,7 @@
 
     ocs = NULL;
     for (dval = dref->attrVals; dval != NULL; dval = dval->next) {
-        if (strcasecmp("objectClass", dval->type) == 0) {
+        if (strcasecmp(SYSDB_OBJECTCLASS, dval->type) == 0) {
             if (dval->vals == NULL) {
                 DEBUG(SSSDBG_CONF_SETTINGS,
                       "No value for objectClass, skipping\n");
@@ -1613,7 +1644,7 @@
     }
 
     /* first attribute is "objectclass" not the specific one */
-    attrs[0] = talloc_strdup(memctx, "objectClass");
+    attrs[0] = talloc_strdup(memctx, SYSDB_OBJECTCLASS);
     if (!attrs[0]) return ENOMEM;
 
     /* add the others */
@@ -2022,11 +2053,12 @@
 char *sdap_make_oc_list(TALLOC_CTX *mem_ctx, struct sdap_attr_map *map)
 {
     if (map[SDAP_OC_GROUP_ALT].name == NULL) {
-        return talloc_asprintf(mem_ctx, "objectClass=%s",
+        return talloc_asprintf(mem_ctx, SYSDB_OBJECTCLASS"=%s",
                                map[SDAP_OC_GROUP].name);
     } else {
         return talloc_asprintf(mem_ctx,
-                               "|(objectClass=%s)(objectClass=%s)",
+                               "|("SYSDB_OBJECTCLASS"=%s)"
+                               "("SYSDB_OBJECTCLASS"=%s)",
                                map[SDAP_OC_GROUP].name,
                                map[SDAP_OC_GROUP_ALT].name);
     }

src/providers/ldap/sdap.h

@@ -652,7 +652,8 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
                      struct sdap_handle *sh, struct sdap_msg *sm,
                      struct sdap_attr_map *map, int attrs_num,
                      struct sysdb_attrs **_attrs,
-                     bool disable_range_retrieval);
+                     bool disable_range_retrieval,
+                     const char *** _next_attrs);
 
 errno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
                          struct sdap_attr_map_info *minfo,