diff options
author | Sumit Bose <sbose@redhat.com> | 2013-06-13 14:26:22 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-06-28 20:20:59 +0200 |
commit | bfb40893be20b45279a40188cf16ef0eec1f9423 (patch) | |
tree | db5d3d52216462f978117ca3c3c1207e68f34e06 /src/providers | |
parent | 949fbc93defad394648b2651b43a7bbfa5bff42b (diff) | |
download | sssd-bfb40893be20b45279a40188cf16ef0eec1f9423.tar.gz sssd-bfb40893be20b45279a40188cf16ef0eec1f9423.tar.xz sssd-bfb40893be20b45279a40188cf16ef0eec1f9423.zip |
Allow different methods to find new domains for idmapping
Currently the range management code is in the generic LDAP provider and
can be used by the LDAP and AD provider. New ranges are allocated with
the help of a hash value of the domain SID.
If the IPA provider cannot find a range for a given domain it cannot
allocate a new range on its own but has to look up the idrange objects
on the FreeIPA server and use them accordingly. To allow the LDAP, AD
and IPA provider to use as much common code as possible a plugin
interface, similar to the one used to find the DNS site, to find a
missing range would be useful. The default plugin will be used by the
LDAP and the AD provider and the IPA provider will implement a plugin to
read the data from the server.
Fixes https://fedorahosted.org/sssd/ticket/1961
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_idmap.c | 23 | ||||
-rw-r--r-- | src/providers/ldap/sdap_idmap.h | 4 |
2 files changed, 24 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c index 5d96fce23..a3b725f99 100644 --- a/src/providers/ldap/sdap_idmap.c +++ b/src/providers/ldap/sdap_idmap.c @@ -95,6 +95,24 @@ sdap_idmap_add_configured_external_range(struct sdap_idmap_ctx *idmap_ctx) return EOK; } +errno_t sdap_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx, + const char *dom_name, + const char *dom_sid_str) +{ + int ret; + + ret = sdap_idmap_add_domain(idmap_ctx, + dom_name, dom_sid_str, + -1); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("Could not add new domain [%s]\n", dom_name)); + return ret; + } + + return EOK; +} + errno_t sdap_idmap_init(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx, @@ -124,6 +142,7 @@ sdap_idmap_init(TALLOC_CTX *mem_ctx, goto done; } idmap_ctx->id_ctx = id_ctx; + idmap_ctx->find_new_domain = sdap_idmap_find_new_domain; idmap_lower = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_LOWER); @@ -418,9 +437,7 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx, goto done; } - ret = sdap_idmap_add_domain(idmap_ctx, - dom_sid_str, dom_sid_str, - -1); + ret = idmap_ctx->find_new_domain(idmap_ctx, dom_sid_str, dom_sid_str); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Could not add new domain for sid [%s]\n", sid_str)); diff --git a/src/providers/ldap/sdap_idmap.h b/src/providers/ldap/sdap_idmap.h index 2e2123ff1..45462c15c 100644 --- a/src/providers/ldap/sdap_idmap.h +++ b/src/providers/ldap/sdap_idmap.h @@ -26,10 +26,14 @@ #include "src/providers/ldap/sdap.h" #include "src/providers/ldap/ldap_common.h" +typedef errno_t (find_new_domain_fn_t)(struct sdap_idmap_ctx *idmap_ctx, + const char *dom_name, + const char *dom_sid_str); struct sdap_idmap_ctx { struct sss_idmap_ctx *map; struct sdap_id_ctx *id_ctx; + find_new_domain_fn_t *find_new_domain; }; errno_t sdap_idmap_init(TALLOC_CTX *mem_ctx, |