/**
* Add a new remote domain and the corresponding ID range to the context of
* the libsss_idmap. Without this it is not possible to find the Posix UID for
* a user fo the remote domain.
*/
errno_t add_idmap_domain(struct sss_idmap_ctx *idmap_ctx,
struct sysdb_ctx *sysdb,
const char *domain_name,
const char *dom_sid_str)
{
struct sss_idmap_range range = {0, 0};
enum idmap_error_code err;
TALLOC_CTX *tmp_ctx = NULL;
size_t range_count;
struct range_info **range_list;
size_t c;
int ret;
if (domain_name == NULL || dom_sid_str == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("Missing domain name or SID.\n"));
return EINVAL;
}
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n"));
return ENOMEM;
}
ret = sysdb_get_ranges(tmp_ctx, sysdb, &range_count, &range_list);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_ranges failed.\n"));
goto done;
}
for (c = 0; c < range_count; c++) {
if (range_list[c]->trusted_dom_sid != NULL &&
strcmp(range_list[c]->trusted_dom_sid, dom_sid_str) == 0) {
range.min = range_list[c]->base_id;
range.max = range_list[c]->base_id +
range_list[c]->id_range_size - 1;
/* TODO: add support for multiple ranges. */
break;
}
}
if (range.min == 0 && range.max == 0) {
DEBUG(SSSDBG_OP_FAILURE, ("Failed to find mapping range for domain "
"[%s][%s].\n", domain_name, dom_sid_str));
ret = ENOENT;
goto done;
}
err = sss_idmap_add_domain(idmap_ctx, domain_name, dom_sid_str, &range);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_OP_FAILURE, ("sss_idmap_add_domain failed.\n"));
return EFAULT;
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t
sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx,
const char *dom_name,
const char *dom_sid,
id_t slice)
{
errno_t ret;
struct sss_idmap_range range;
enum idmap_error_code err;
id_t idmap_upper;
ret = sss_idmap_ctx_get_upper(idmap_ctx->map, &idmap_upper);
if (ret != IDMAP_SUCCESS) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to get upper bound of available ID range.\n"));
ret = EIO;
goto done;
}
ret = sss_idmap_calculate_range(idmap_ctx->map, dom_sid, &slice, &range);
if (ret != IDMAP_SUCCESS) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to calculate range for domain [%s]: [%d]\n", dom_name,
ret));
ret = EIO;
goto done;
}
DEBUG(SSSDBG_TRACE_LIBS,
("Adding domain [%s] as slice [%llu]\n", dom_sid, slice));
if (range.max > idmap_upper) {
/* This should never happen */
DEBUG(SSSDBG_CRIT_FAILURE,
("BUG: Range maximum exceeds the global maximum: %d > %d\n",
range.max, idmap_upper));
ret = EINVAL;
goto done;
}
/* Add this domain to the map */
err = sss_idmap_add_domain(idmap_ctx->map, dom_name, dom_sid, &range);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Could not add domain [%s] to the map: [%d]\n",
dom_name, err));
ret = EIO;
goto done;
}
/* Add this domain to the SYSDB cache so it will survive reboot */
ret = sysdb_idmap_store_mapping(idmap_ctx->id_ctx->be->domain->sysdb,
idmap_ctx->id_ctx->be->domain,
dom_name, dom_sid,
slice);
done:
return ret;
}
void test_add_domain(void **state)
{
struct test_ctx *test_ctx;
enum idmap_error_code err;
struct sss_idmap_range range;
test_ctx = talloc_get_type(*state, struct test_ctx);
assert_non_null(test_ctx);
range.min = TEST_RANGE_MIN;
range.max = TEST_RANGE_MAX;
err = sss_idmap_add_domain(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID,
&range);
assert_int_equal(err, IDMAP_SUCCESS);
err = sss_idmap_add_domain(test_ctx->idmap_ctx, TEST_DOM_NAME, TEST_DOM_SID,
&range);
assert_int_equal(err, IDMAP_COLLISION);
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME,
TEST_DOM_SID, &range, NULL, 0, false);
assert_int_equal(err, IDMAP_COLLISION);
range.min = TEST_RANGE_MIN + TEST_OFFSET;
range.max = TEST_RANGE_MAX + TEST_OFFSET;
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME,
TEST_DOM_SID, &range, NULL, 0, false);
assert_int_equal(err, IDMAP_COLLISION);
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"X",
TEST_DOM_SID, &range, NULL, TEST_OFFSET,
false);
assert_int_equal(err, IDMAP_COLLISION);
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME,
TEST_DOM_SID"1", &range, NULL, TEST_OFFSET,
false);
assert_int_equal(err, IDMAP_COLLISION);
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME,
TEST_DOM_SID, &range, NULL, TEST_OFFSET,
true);
assert_int_equal(err, IDMAP_COLLISION);
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME,
TEST_DOM_SID, &range, NULL, TEST_OFFSET,
false);
assert_int_equal(err, IDMAP_SUCCESS);
range.min = TEST_RANGE_MIN + 2 * TEST_OFFSET;
range.max = TEST_RANGE_MAX + 2 * TEST_OFFSET;
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"-nosid",
NULL, &range, NULL, TEST_OFFSET,
false);
assert_int_equal(err, IDMAP_SID_INVALID);
err = sss_idmap_add_domain_ex(test_ctx->idmap_ctx, TEST_DOM_NAME"-nosid",
NULL, &range, NULL, TEST_OFFSET,
true);
assert_int_equal(err, IDMAP_SUCCESS);
}
