void test_has_algorithmic(void **state) { struct test_ctx *test_ctx; bool use_id_mapping; enum idmap_error_code err; test_ctx = talloc_get_type(*state, struct test_ctx); assert_non_null(test_ctx); err = sss_idmap_domain_has_algorithmic_mapping(NULL, NULL, &use_id_mapping); assert_int_equal(err, IDMAP_SID_INVALID); err = sss_idmap_domain_has_algorithmic_mapping(NULL, TEST_DOM_SID, &use_id_mapping); assert_int_equal(err, IDMAP_CONTEXT_INVALID); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, NULL, &use_id_mapping); assert_int_equal(err, IDMAP_SID_INVALID); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_DOM_SID"1", &use_id_mapping); assert_int_equal(err, IDMAP_SID_UNKNOWN); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_DOM_SID, &use_id_mapping); assert_int_equal(err, IDMAP_SUCCESS); assert_true(use_id_mapping); err = sss_idmap_domain_has_algorithmic_mapping(test_ctx->idmap_ctx, TEST_2_DOM_SID, &use_id_mapping); assert_int_equal(err, IDMAP_SUCCESS); assert_false(use_id_mapping); }
bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx, const char *dom_name, const char *dom_sid) { enum idmap_error_code err; bool has_algorithmic_mapping; char *new_dom_sid; int ret; TALLOC_CTX *tmp_ctx = NULL; if (dp_opt_get_bool(ctx->id_ctx->opts->basic, SDAP_ID_MAPPING) && 0 == strcmp("ldap", ctx->id_ctx->be->bet_info[BET_ID].mod_name)) { return true; } err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid, &has_algorithmic_mapping); switch (err){ case IDMAP_SUCCESS: return has_algorithmic_mapping; case IDMAP_SID_INVALID: /* FALLTHROUGH */ case IDMAP_SID_UNKNOWN: /* FALLTHROUGH */ case IDMAP_NO_DOMAIN: /* FALLTHROUGH */ /* continue with idmap_domain_by_name */ break; default: return false; } err = sss_idmap_domain_by_name_has_algorithmic_mapping(ctx->map, dom_name, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { return has_algorithmic_mapping; } else if (err != IDMAP_NAME_UNKNOWN && err != IDMAP_NO_DOMAIN) { return false; } /* This is the first time we've seen this domain * Create a new domain for it. We'll use the dom-sid * as the domain name for now, since we don't have * any way to get the real name. */ if (is_domain_sid(dom_sid)) { new_dom_sid = discard_const(dom_sid); } else { tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); return false; } ret = sdap_idmap_get_dom_sid_from_object(tmp_ctx, dom_sid, &new_dom_sid); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not parse domain SID from [%s]\n", dom_sid); talloc_free(tmp_ctx); return false; } } ret = ctx->find_new_domain(ctx, dom_name, new_dom_sid); talloc_free(tmp_ctx); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Could not add new domain for sid [%s]\n", dom_sid); return false; } err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { return has_algorithmic_mapping; } return false; }
static errno_t ipa_idmap_check_posix_child(struct sdap_idmap_ctx *idmap_ctx, const char *dom_name, const char *dom_sid_str, size_t range_count, struct range_info **range_list) { bool has_algorithmic_mapping; enum idmap_error_code err; struct sss_domain_info *dom; struct sss_domain_info *forest_root; size_t c; struct sss_idmap_range range; struct range_info *r; char *range_id; TALLOC_CTX *tmp_ctx; bool found = false; int ret; err = sss_idmap_domain_has_algorithmic_mapping(idmap_ctx->map, dom_sid_str, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { DEBUG(SSSDBG_TRACE_ALL, "Idmap of domain [%s] already known, nothing to do.\n", dom_sid_str); return EOK; } else { err = sss_idmap_domain_by_name_has_algorithmic_mapping(idmap_ctx->map, dom_name, &has_algorithmic_mapping); if (err == IDMAP_SUCCESS) { DEBUG(SSSDBG_TRACE_ALL, "Idmap of domain [%s] already known, nothing to do.\n", dom_sid_str); return EOK; } } DEBUG(SSSDBG_TRACE_ALL, "Trying to add idmap for domain [%s].\n", dom_sid_str); if (err != IDMAP_SID_UNKNOWN && err != IDMAP_NAME_UNKNOWN) { DEBUG(SSSDBG_OP_FAILURE, "sss_idmap_domain_has_algorithmic_mapping failed.\n"); return EINVAL; } dom = find_subdomain_by_sid(idmap_ctx->id_ctx->be->domain, dom_sid_str); if (dom == NULL) { DEBUG(SSSDBG_OP_FAILURE, "find_subdomain_by_sid failed with SID [%s].\n", dom_sid_str); return EINVAL; } if (dom->forest == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, "No forest available for domain [%s].\n", dom_sid_str); return EINVAL; } forest_root = find_subdomain_by_name(idmap_ctx->id_ctx->be->domain, dom->forest, true); if (forest_root == NULL) { DEBUG(SSSDBG_OP_FAILURE, "find_subdomain_by_name failed to find forest root [%s].\n", dom->forest); return ENOENT; } if (forest_root->domain_id == NULL) { DEBUG(SSSDBG_MINOR_FAILURE, "Forest root [%s] does not have a SID.\n", dom->forest); return EINVAL; } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n"); return ENOMEM; } for (c = 0; c < range_count; c++) { r = range_list[c]; if (r->trusted_dom_sid != NULL && strcmp(r->trusted_dom_sid, forest_root->domain_id) == 0) { if (r->range_type == NULL || strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) != 0) { DEBUG(SSSDBG_MINOR_FAILURE, "Forest root does not have range type [%s].\n", IPA_RANGE_AD_TRUST_POSIX); ret = EINVAL; goto done; } range.min = r->base_id; range.max = r->base_id + r->id_range_size -1; range_id = talloc_asprintf(tmp_ctx, "%s-%s", dom_sid_str, r->name); if (range_id == NULL) { DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n"); ret = ENOMEM; goto done; } err = sss_idmap_add_domain_ex(idmap_ctx->map, dom_name, dom_sid_str, &range, range_id, 0, true); if (err != IDMAP_SUCCESS && err != IDMAP_COLLISION) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not add range [%s] to ID map\n", range_id); ret = EIO; goto done; } found = true; } } if (!found) { DEBUG(SSSDBG_MINOR_FAILURE, "No idrange found for forest root [%s].\n", forest_root->domain_id); ret = ENOENT; goto done; } ret = EOK; done: talloc_free(tmp_ctx); return ret; }