void test_map_id_external(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; uint32_t id; char *sid = NULL; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"1-1", &id); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-400000", &id); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_OFFSET - 1, &sid); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-0", &id); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_RANGE_MIN, &sid); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-"TEST_OFFSET_STR, &id); assert_int_equal(err, IDMAP_EXTERNAL); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_RANGE_MIN + TEST_OFFSET, &sid); assert_int_equal(err, IDMAP_EXTERNAL); }
/** * Find the corresponding UID for a user from a remote domain based on the * domain SID of the remote domain and the RID of the user. */ errno_t domsid_rid_to_uid(struct pac_ctx *pac_ctx, struct sysdb_ctx *sysdb, const char *domain_name, struct dom_sid2 *domsid, uint32_t rid, uid_t *uid) { enum idmap_error_code err; char *sid_str = NULL; char *dom_sid_str = NULL; uint32_t id; int ret; err = sss_idmap_smb_sid_to_sid(pac_ctx->idmap_ctx, domsid, &dom_sid_str); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_smb_sid_to_sid failed.\n")); ret = EFAULT; goto done; } sid_str = talloc_asprintf(NULL, "%s-%lu", dom_sid_str, (unsigned long) rid); if (sid_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("dom_sid_and_rid_string failed.\n")); return ENOMEM; } err = sss_idmap_sid_to_unix(pac_ctx->idmap_ctx, sid_str, &id); if (err == IDMAP_NO_DOMAIN) { ret = add_idmap_domain(pac_ctx->idmap_ctx, sysdb, domain_name, dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("add_idmap_domain failed.\n")); goto done; } err = sss_idmap_sid_to_unix(pac_ctx->idmap_ctx, sid_str, &id); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_idmap_sid_to_unix failed " "even in the second attempt.\n")); ret = ENOENT; goto done; } } else if (err != IDMAP_SUCCESS && err != IDMAP_NO_DOMAIN) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_sid_to_unix failed.\n")); ret = EFAULT; goto done; } *uid = (uid_t) id; ret = EOK; done: talloc_free(dom_sid_str); talloc_free(sid_str); return ret; }
/* ID mapping - bug in computing max id for slice range */ void test_map_id_2922(void **state) { const char* TEST_2922_FIRST_SID = TEST_DOM_SID"-0"; /* Last SID = first SID + (default) rangesize -1 */ const char* TEST_2922_LAST_SID = TEST_DOM_SID"-199999"; /* Last SID = first SID + rangesize */ const char* TEST_2922_LAST_SID_PLUS_ONE = TEST_DOM_SID"-200000"; struct test_ctx *test_ctx; enum idmap_error_code err; uint32_t id; char *sid = NULL; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); /* Min UNIX ID to SID */ err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_2922_MIN_ID, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_2922_FIRST_SID); sss_idmap_free_sid(test_ctx->idmap_ctx, sid); /* First SID to UNIX ID */ err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_2922_FIRST_SID, &id); assert_int_equal(err, IDMAP_SUCCESS); assert_int_equal(id, TEST_2922_MIN_ID); /* Max UNIX ID to SID */ err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_2922_MAX_ID, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_2922_LAST_SID); sss_idmap_free_sid(test_ctx->idmap_ctx, sid); /* Last SID to UNIX ID */ err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_2922_LAST_SID, &id); assert_int_equal(err, IDMAP_SUCCESS); assert_int_equal(id, TEST_2922_MAX_ID); /* Max UNIX ID + 1 to SID */ err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_2922_MAX_ID + 1, &sid); assert_int_equal(err, IDMAP_NO_DOMAIN); /* Last SID + 1 to UNIX ID */ err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_2922_LAST_SID_PLUS_ONE, &id); /* Auto adding new ranges is disable in this test. */ assert_int_equal(err, IDMAP_NO_RANGE); }
void test_map_id_sec_slices(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; uint32_t id; char *sid = NULL; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"1-1", &id); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-4000000", &id); assert_int_equal(err, IDMAP_SUCCESS); assert_int_equal(id, 575600000); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, TEST_OFFSET - 1, &sid); assert_int_equal(err, IDMAP_NO_DOMAIN); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-0", &id); assert_int_equal(err, IDMAP_SUCCESS); assert_int_equal(id, TEST_RANGE_MIN); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_DOM_SID"-0"); sss_idmap_free_sid(test_ctx->idmap_ctx, sid); err = sss_idmap_sid_to_unix(test_ctx->idmap_ctx, TEST_DOM_SID"-"TEST_OFFSET_STR, &id); assert_int_equal(err, IDMAP_SUCCESS); assert_int_equal(id, TEST_RANGE_MIN+TEST_OFFSET); err = sss_idmap_unix_to_sid(test_ctx->idmap_ctx, id, &sid); assert_int_equal(err, IDMAP_SUCCESS); assert_string_equal(sid, TEST_DOM_SID"-"TEST_OFFSET_STR); sss_idmap_free_sid(test_ctx->idmap_ctx, sid); }
errno_t sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx, const char *sid_str, id_t *id) { errno_t ret; enum idmap_error_code err; char *dom_sid_str = NULL; /* Convert the SID into a UNIX ID */ err = sss_idmap_sid_to_unix(idmap_ctx->map, sid_str, (uint32_t *)id); switch (err) { case IDMAP_SUCCESS: break; case IDMAP_NO_DOMAIN: /* This is the first time we've seen this domain * Create a new domain for it. We'll use the dom-sid * as the domain name for now, since we don't have * any way to get the real name. */ ret = sdap_idmap_get_dom_sid_from_object(NULL, sid_str, &dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse domain SID from [%s]\n", sid_str); goto done; } ret = idmap_ctx->find_new_domain(idmap_ctx, dom_sid_str, dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not add new domain for sid [%s]\n", sid_str); goto done; } /* Now try converting to a UNIX ID again */ err = sss_idmap_sid_to_unix(idmap_ctx->map, sid_str, (uint32_t *)id); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not convert objectSID [%s] to a UNIX ID\n", sid_str); ret = EIO; goto done; } break; case IDMAP_BUILTIN_SID: DEBUG(SSSDBG_TRACE_FUNC, "Object SID [%s] is a built-in one.\n", sid_str); /* ENOTSUP indicates built-in SID */ ret = ENOTSUP; goto done; break; default: DEBUG(SSSDBG_MINOR_FAILURE, "Could not convert objectSID [%s] to a UNIX ID\n", sid_str); ret = EIO; goto done; } ret = EOK; done: talloc_free(dom_sid_str); return ret; }