/** * Add a new remote domain and the corresponding ID range to the context of * the libsss_idmap. Without this it is not possible to find the Posix UID for * a user fo the remote domain. */ errno_t add_idmap_domain(struct sss_idmap_ctx *idmap_ctx, struct sysdb_ctx *sysdb, const char *domain_name, const char *dom_sid_str) { struct sss_idmap_range range = {0, 0}; enum idmap_error_code err; TALLOC_CTX *tmp_ctx = NULL; size_t range_count; struct range_info **range_list; size_t c; int ret; if (domain_name == NULL || dom_sid_str == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Missing domain name or SID.\n")); return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n")); return ENOMEM; } ret = sysdb_get_ranges(tmp_ctx, sysdb, &range_count, &range_list); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_ranges failed.\n")); goto done; } for (c = 0; c < range_count; c++) { if (range_list[c]->trusted_dom_sid != NULL && strcmp(range_list[c]->trusted_dom_sid, dom_sid_str) == 0) { range.min = range_list[c]->base_id; range.max = range_list[c]->base_id + range_list[c]->id_range_size - 1; /* TODO: add support for multiple ranges. */ break; } } if (range.min == 0 && range.max == 0) { DEBUG(SSSDBG_OP_FAILURE, ("Failed to find mapping range for domain " "[%s][%s].\n", domain_name, dom_sid_str)); ret = ENOENT; goto done; } err = sss_idmap_add_domain(idmap_ctx, domain_name, dom_sid_str, &range); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_add_domain failed.\n")); return EFAULT; } ret = EOK; done: talloc_free(tmp_ctx); return ret; }
errno_t sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid, id_t slice) { errno_t ret; struct sss_idmap_range range; enum idmap_error_code err; id_t idmap_upper; ret = sss_idmap_ctx_get_upper(idmap_ctx->map, &idmap_upper); if (ret != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to get upper bound of available ID range.\n")); ret = EIO; goto done; } ret = sss_idmap_calculate_range(idmap_ctx->map, dom_sid, &slice, &range); if (ret != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to calculate range for domain [%s]: [%d]\n", dom_name, ret)); ret = EIO; goto done; } DEBUG(SSSDBG_TRACE_LIBS, ("Adding domain [%s] as slice [%llu]\n", dom_sid, slice)); if (range.max > idmap_upper) { /* This should never happen */ DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: Range maximum exceeds the global maximum: %d > %d\n", range.max, idmap_upper)); ret = EINVAL; goto done; } /* Add this domain to the map */ err = sss_idmap_add_domain(idmap_ctx->map, dom_name, dom_sid, &range); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add domain [%s] to the map: [%d]\n", dom_name, err)); ret = EIO; goto done; } /* Add this domain to the SYSDB cache so it will survive reboot */ ret = sysdb_idmap_store_mapping(idmap_ctx->id_ctx->be->domain->sysdb, idmap_ctx->id_ctx->be->domain, dom_name, dom_sid, slice); done: return ret; }
void test_add_domain(void **state) { struct test_ctx *test_ctx; enum idmap_error_code err; struct sss_idmap_range range; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); range.min = TEST_RANGE_MIN; range.max = TEST_RANGE_MAX; err = sss_idmap_add_domain(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range); assert_int_equal(err, IDMAP_SUCCESS); err = sss_idmap_add_domain(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, 0, false); assert_int_equal(err, IDMAP_COLLISION); range.min = TEST_RANGE_MIN + TEST_OFFSET; range.max = TEST_RANGE_MAX + TEST_OFFSET; err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, 0, false); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"X", TEST_DOM_SID, &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID"1", &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, TEST_OFFSET, true); assert_int_equal(err, IDMAP_COLLISION); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID, &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_SUCCESS); range.min = TEST_RANGE_MIN + 2 * TEST_OFFSET; range.max = TEST_RANGE_MAX + 2 * TEST_OFFSET; err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"-nosid", NULL, &range, NULL, TEST_OFFSET, false); assert_int_equal(err, IDMAP_SID_INVALID); err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"-nosid", NULL, &range, NULL, TEST_OFFSET, true); assert_int_equal(err, IDMAP_SUCCESS); }