void test_map_id_external(void **state)
{
struct test_ctx *test_ctx;
enum idmap_error_code err;
uint32_t id;
char *sid = NULL;
test_ctx = talloc_get_type(*state, struct test_ctx);
assert_non_null(test_ctx);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"1-1", &id);
assert_int_equal(err, IDMAP_NO_DOMAIN);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000",
&id);
assert_int_equal(err, IDMAP_EXTERNAL);
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_OFFSET - 1, &sid);
assert_int_equal(err, IDMAP_NO_DOMAIN);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-0", &id);
assert_int_equal(err, IDMAP_EXTERNAL);
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_RANGE_MIN, &sid);
assert_int_equal(err, IDMAP_EXTERNAL);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx,
TEST_DOM_SID"-"TEST_OFFSET_STR, &id);
assert_int_equal(err, IDMAP_EXTERNAL);
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx,
TEST_RANGE_MIN + TEST_OFFSET, &sid);
assert_int_equal(err, IDMAP_EXTERNAL);
}
/**
* Find the corresponding UID for a user from a remote domain based on the
* domain SID of the remote domain and the RID of the user.
*/
errno_t domsid_rid_to_uid(struct pac_ctx *pac_ctx,
struct sysdb_ctx *sysdb,
const char *domain_name,
struct dom_sid2 *domsid, uint32_t rid,
uid_t *uid)
{
enum idmap_error_code err;
char *sid_str = NULL;
char *dom_sid_str = NULL;
uint32_t id;
int ret;
err = sss_idmap_smb_sid_to_sid(pac_ctx->idmap_ctx, domsid,
&dom_sid_str);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n"));
ret = EFAULT;
goto done;
}
sid_str = talloc_asprintf(NULL, "%s-%lu", dom_sid_str, (unsigned long) rid);
if (sid_str == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("dom_sid_and_rid_string failed.\n"));
return ENOMEM;
}
err = sss_idmap_sid_to_unix(pac_ctx->idmap_ctx, sid_str, &id);
if (err == IDMAP_NO_DOMAIN) {
ret = add_idmap_domain(pac_ctx->idmap_ctx, sysdb, domain_name,
dom_sid_str);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("add_idmap_domain failed.\n"));
goto done;
}
err = sss_idmap_sid_to_unix(pac_ctx->idmap_ctx, sid_str, &id);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, ("sss_idmap_sid_to_unix failed "
"even in the second attempt.\n"));
ret = ENOENT;
goto done;
}
} else if (err != IDMAP_SUCCESS && err != IDMAP_NO_DOMAIN) {
DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_sid_to_unix failed.\n"));
ret = EFAULT;
goto done;
}
*uid = (uid_t) id;
ret = EOK;
done:
talloc_free(dom_sid_str);
talloc_free(sid_str);
return ret;
}
/* ID mapping - bug in computing max id for slice range */
void test_map_id_2922(void **state)
{
const char* TEST_2922_FIRST_SID = TEST_DOM_SID"-0";
/* Last SID = first SID + (default) rangesize -1 */
const char* TEST_2922_LAST_SID = TEST_DOM_SID"-199999";
/* Last SID = first SID + rangesize */
const char* TEST_2922_LAST_SID_PLUS_ONE = TEST_DOM_SID"-200000";
struct test_ctx *test_ctx;
enum idmap_error_code err;
uint32_t id;
char *sid = NULL;
test_ctx = talloc_get_type(*state, struct test_ctx);
assert_non_null(test_ctx);
/* Min UNIX ID to SID */
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_2922_MIN_ID, &sid);
assert_int_equal(err, IDMAP_SUCCESS);
assert_string_equal(sid, TEST_2922_FIRST_SID);
sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
/* First SID to UNIX ID */
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_2922_FIRST_SID, &id);
assert_int_equal(err, IDMAP_SUCCESS);
assert_int_equal(id, TEST_2922_MIN_ID);
/* Max UNIX ID to SID */
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_2922_MAX_ID, &sid);
assert_int_equal(err, IDMAP_SUCCESS);
assert_string_equal(sid, TEST_2922_LAST_SID);
sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
/* Last SID to UNIX ID */
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_2922_LAST_SID, &id);
assert_int_equal(err, IDMAP_SUCCESS);
assert_int_equal(id, TEST_2922_MAX_ID);
/* Max UNIX ID + 1 to SID */
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_2922_MAX_ID + 1,
&sid);
assert_int_equal(err, IDMAP_NO_DOMAIN);
/* Last SID + 1 to UNIX ID */
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx,
TEST_2922_LAST_SID_PLUS_ONE, &id);
/* Auto adding new ranges is disable in this test. */
assert_int_equal(err, IDMAP_NO_RANGE);
}
void test_map_id_sec_slices(void **state)
{
struct test_ctx *test_ctx;
enum idmap_error_code err;
uint32_t id;
char *sid = NULL;
test_ctx = talloc_get_type(*state, struct test_ctx);
assert_non_null(test_ctx);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"1-1", &id);
assert_int_equal(err, IDMAP_NO_DOMAIN);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-4000000",
&id);
assert_int_equal(err, IDMAP_SUCCESS);
assert_int_equal(id, 575600000);
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_OFFSET - 1, &sid);
assert_int_equal(err, IDMAP_NO_DOMAIN);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-0", &id);
assert_int_equal(err, IDMAP_SUCCESS);
assert_int_equal(id, TEST_RANGE_MIN);
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid);
assert_int_equal(err, IDMAP_SUCCESS);
assert_string_equal(sid, TEST_DOM_SID"-0");
sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx,
TEST_DOM_SID"-"TEST_OFFSET_STR, &id);
assert_int_equal(err, IDMAP_SUCCESS);
assert_int_equal(id, TEST_RANGE_MIN+TEST_OFFSET);
err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid);
assert_int_equal(err, IDMAP_SUCCESS);
assert_string_equal(sid, TEST_DOM_SID"-"TEST_OFFSET_STR);
sss_idmap_free_sid(test_ctx->idmap_ctx, sid);
}
errno_t
sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
const char *sid_str,
id_t *id)
{
errno_t ret;
enum idmap_error_code err;
char *dom_sid_str = NULL;
/* Convert the SID into a UNIX ID */
err = sss_idmap_sid_to_unix(idmap_ctx->map,
sid_str,
(uint32_t *)id);
switch (err) {
case IDMAP_SUCCESS:
break;
case IDMAP_NO_DOMAIN:
/* This is the first time we've seen this domain
* Create a new domain for it. We'll use the dom-sid
* as the domain name for now, since we don't have
* any way to get the real name.
*/
ret = sdap_idmap_get_dom_sid_from_object(NULL, sid_str,
&dom_sid_str);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Could not parse domain SID from [%s]\n", sid_str);
goto done;
}
ret = idmap_ctx->find_new_domain(idmap_ctx, dom_sid_str, dom_sid_str);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Could not add new domain for sid [%s]\n", sid_str);
goto done;
}
/* Now try converting to a UNIX ID again */
err = sss_idmap_sid_to_unix(idmap_ctx->map,
sid_str,
(uint32_t *)id);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Could not convert objectSID [%s] to a UNIX ID\n",
sid_str);
ret = EIO;
goto done;
}
break;
case IDMAP_BUILTIN_SID:
DEBUG(SSSDBG_TRACE_FUNC,
"Object SID [%s] is a built-in one.\n", sid_str);
/* ENOTSUP indicates built-in SID */
ret = ENOTSUP;
goto done;
break;
default:
DEBUG(SSSDBG_MINOR_FAILURE,
"Could not convert objectSID [%s] to a UNIX ID\n",
sid_str);
ret = EIO;
goto done;
}
ret = EOK;
done:
talloc_free(dom_sid_str);
return ret;
}
