void test_has_algorithmic_by_name(void **state)
{
struct test_ctx *test_ctx;
bool use_id_mapping;
enum idmap_error_code err;
test_ctx = talloc_get_type(*state, struct test_ctx);
assert_non_null(test_ctx);
err = sss_idmap_domain_by_name_has_algorithmic_mapping(NULL, NULL, &use_id_mapping);
assert_int_equal(err, IDMAP_ERROR);
err = sss_idmap_domain_by_name_has_algorithmic_mapping(NULL, TEST_DOM_SID,
&use_id_mapping);
assert_int_equal(err, IDMAP_CONTEXT_INVALID);
err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx, NULL,
&use_id_mapping);
assert_int_equal(err, IDMAP_ERROR);
err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx,
TEST_DOM_NAME"1",
&use_id_mapping);
assert_int_equal(err, IDMAP_NAME_UNKNOWN);
err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx,
TEST_DOM_NAME,
&use_id_mapping);
assert_int_equal(err, IDMAP_SUCCESS);
assert_true(use_id_mapping);
err = sss_idmap_domain_by_name_has_algorithmic_mapping(test_ctx->idmap_ctx,
TEST_2_DOM_NAME,
&use_id_mapping);
assert_int_equal(err, IDMAP_SUCCESS);
assert_false(use_id_mapping);
}
bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx,
const char *dom_name,
const char *dom_sid)
{
enum idmap_error_code err;
bool has_algorithmic_mapping;
char *new_dom_sid;
int ret;
TALLOC_CTX *tmp_ctx = NULL;
if (dp_opt_get_bool(ctx->id_ctx->opts->basic, SDAP_ID_MAPPING)
&& 0 == strcmp("ldap", ctx->id_ctx->be->bet_info[BET_ID].mod_name)) {
return true;
}
err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid,
&has_algorithmic_mapping);
switch (err){
case IDMAP_SUCCESS:
return has_algorithmic_mapping;
case IDMAP_SID_INVALID: /* FALLTHROUGH */
case IDMAP_SID_UNKNOWN: /* FALLTHROUGH */
case IDMAP_NO_DOMAIN: /* FALLTHROUGH */
/* continue with idmap_domain_by_name */
break;
default:
return false;
}
err = sss_idmap_domain_by_name_has_algorithmic_mapping(ctx->map,
dom_name,
&has_algorithmic_mapping);
if (err == IDMAP_SUCCESS) {
return has_algorithmic_mapping;
} else if (err != IDMAP_NAME_UNKNOWN && err != IDMAP_NO_DOMAIN) {
return false;
}
/* This is the first time we've seen this domain
* Create a new domain for it. We'll use the dom-sid
* as the domain name for now, since we don't have
* any way to get the real name.
*/
if (is_domain_sid(dom_sid)) {
new_dom_sid = discard_const(dom_sid);
} else {
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
return false;
}
ret = sdap_idmap_get_dom_sid_from_object(tmp_ctx, dom_sid,
&new_dom_sid);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Could not parse domain SID from [%s]\n", dom_sid);
talloc_free(tmp_ctx);
return false;
}
}
ret = ctx->find_new_domain(ctx, dom_name, new_dom_sid);
talloc_free(tmp_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Could not add new domain for sid [%s]\n", dom_sid);
return false;
}
err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid,
&has_algorithmic_mapping);
if (err == IDMAP_SUCCESS) {
return has_algorithmic_mapping;
}
return false;
}
static errno_t ipa_idmap_check_posix_child(struct sdap_idmap_ctx *idmap_ctx,
const char *dom_name,
const char *dom_sid_str,
size_t range_count,
struct range_info **range_list)
{
bool has_algorithmic_mapping;
enum idmap_error_code err;
struct sss_domain_info *dom;
struct sss_domain_info *forest_root;
size_t c;
struct sss_idmap_range range;
struct range_info *r;
char *range_id;
TALLOC_CTX *tmp_ctx;
bool found = false;
int ret;
err = sss_idmap_domain_has_algorithmic_mapping(idmap_ctx->map, dom_sid_str,
&has_algorithmic_mapping);
if (err == IDMAP_SUCCESS) {
DEBUG(SSSDBG_TRACE_ALL,
"Idmap of domain [%s] already known, nothing to do.\n",
dom_sid_str);
return EOK;
} else {
err = sss_idmap_domain_by_name_has_algorithmic_mapping(idmap_ctx->map,
dom_name,
&has_algorithmic_mapping);
if (err == IDMAP_SUCCESS) {
DEBUG(SSSDBG_TRACE_ALL,
"Idmap of domain [%s] already known, nothing to do.\n",
dom_sid_str);
return EOK;
}
}
DEBUG(SSSDBG_TRACE_ALL, "Trying to add idmap for domain [%s].\n",
dom_sid_str);
if (err != IDMAP_SID_UNKNOWN && err != IDMAP_NAME_UNKNOWN) {
DEBUG(SSSDBG_OP_FAILURE,
"sss_idmap_domain_has_algorithmic_mapping failed.\n");
return EINVAL;
}
dom = find_subdomain_by_sid(idmap_ctx->id_ctx->be->domain, dom_sid_str);
if (dom == NULL) {
DEBUG(SSSDBG_OP_FAILURE,
"find_subdomain_by_sid failed with SID [%s].\n", dom_sid_str);
return EINVAL;
}
if (dom->forest == NULL) {
DEBUG(SSSDBG_MINOR_FAILURE, "No forest available for domain [%s].\n",
dom_sid_str);
return EINVAL;
}
forest_root = find_subdomain_by_name(idmap_ctx->id_ctx->be->domain,
dom->forest, true);
if (forest_root == NULL) {
DEBUG(SSSDBG_OP_FAILURE,
"find_subdomain_by_name failed to find forest root [%s].\n",
dom->forest);
return ENOENT;
}
if (forest_root->domain_id == NULL) {
DEBUG(SSSDBG_MINOR_FAILURE, "Forest root [%s] does not have a SID.\n",
dom->forest);
return EINVAL;
}
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
return ENOMEM;
}
for (c = 0; c < range_count; c++) {
r = range_list[c];
if (r->trusted_dom_sid != NULL
&& strcmp(r->trusted_dom_sid, forest_root->domain_id) == 0) {
if (r->range_type == NULL
|| strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) != 0) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Forest root does not have range type [%s].\n",
IPA_RANGE_AD_TRUST_POSIX);
ret = EINVAL;
goto done;
}
range.min = r->base_id;
range.max = r->base_id + r->id_range_size -1;
range_id = talloc_asprintf(tmp_ctx, "%s-%s", dom_sid_str, r->name);
if (range_id == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ret = ENOMEM;
goto done;
}
err = sss_idmap_add_domain_ex(idmap_ctx->map, dom_name, dom_sid_str,
&range, range_id, 0, true);
if (err != IDMAP_SUCCESS && err != IDMAP_COLLISION) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not add range [%s] to ID map\n", range_id);
ret = EIO;
goto done;
}
found = true;
}
}
if (!found) {
DEBUG(SSSDBG_MINOR_FAILURE, "No idrange found for forest root [%s].\n",
forest_root->domain_id);
ret = ENOENT;
goto done;
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
