summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-06-13 14:26:22 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-06-28 20:20:59 +0200
commitbfb40893be20b45279a40188cf16ef0eec1f9423 (patch)
treedb5d3d52216462f978117ca3c3c1207e68f34e06 /src/providers
parent949fbc93defad394648b2651b43a7bbfa5bff42b (diff)
downloadsssd-bfb40893be20b45279a40188cf16ef0eec1f9423.tar.gz
sssd-bfb40893be20b45279a40188cf16ef0eec1f9423.tar.xz
sssd-bfb40893be20b45279a40188cf16ef0eec1f9423.zip
Allow different methods to find new domains for idmapping
Currently the range management code is in the generic LDAP provider and can be used by the LDAP and AD provider. New ranges are allocated with the help of a hash value of the domain SID. If the IPA provider cannot find a range for a given domain it cannot allocate a new range on its own but has to look up the idrange objects on the FreeIPA server and use them accordingly. To allow the LDAP, AD and IPA provider to use as much common code as possible a plugin interface, similar to the one used to find the DNS site, to find a missing range would be useful. The default plugin will be used by the LDAP and the AD provider and the IPA provider will implement a plugin to read the data from the server. Fixes https://fedorahosted.org/sssd/ticket/1961
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ldap/sdap_idmap.c23
-rw-r--r--src/providers/ldap/sdap_idmap.h4
2 files changed, 24 insertions, 3 deletions
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index 5d96fce23..a3b725f99 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -95,6 +95,24 @@ sdap_idmap_add_configured_external_range(struct sdap_idmap_ctx *idmap_ctx)
return EOK;
}
+errno_t sdap_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
+ const char *dom_name,
+ const char *dom_sid_str)
+{
+ int ret;
+
+ ret = sdap_idmap_add_domain(idmap_ctx,
+ dom_name, dom_sid_str,
+ -1);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Could not add new domain [%s]\n", dom_name));
+ return ret;
+ }
+
+ return EOK;
+}
+
errno_t
sdap_idmap_init(TALLOC_CTX *mem_ctx,
struct sdap_id_ctx *id_ctx,
@@ -124,6 +142,7 @@ sdap_idmap_init(TALLOC_CTX *mem_ctx,
goto done;
}
idmap_ctx->id_ctx = id_ctx;
+ idmap_ctx->find_new_domain = sdap_idmap_find_new_domain;
idmap_lower = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic,
SDAP_IDMAP_LOWER);
@@ -418,9 +437,7 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
goto done;
}
- ret = sdap_idmap_add_domain(idmap_ctx,
- dom_sid_str, dom_sid_str,
- -1);
+ ret = idmap_ctx->find_new_domain(idmap_ctx, dom_sid_str, dom_sid_str);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Could not add new domain for sid [%s]\n", sid_str));
diff --git a/src/providers/ldap/sdap_idmap.h b/src/providers/ldap/sdap_idmap.h
index 2e2123ff1..45462c15c 100644
--- a/src/providers/ldap/sdap_idmap.h
+++ b/src/providers/ldap/sdap_idmap.h
@@ -26,10 +26,14 @@
#include "src/providers/ldap/sdap.h"
#include "src/providers/ldap/ldap_common.h"
+typedef errno_t (find_new_domain_fn_t)(struct sdap_idmap_ctx *idmap_ctx,
+ const char *dom_name,
+ const char *dom_sid_str);
struct sdap_idmap_ctx {
struct sss_idmap_ctx *map;
struct sdap_id_ctx *id_ctx;
+ find_new_domain_fn_t *find_new_domain;
};
errno_t sdap_idmap_init(TALLOC_CTX *mem_ctx,