summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/idmap/sss_idmap.c111
-rw-r--r--src/lib/idmap/sss_idmap.h75
2 files changed, 186 insertions, 0 deletions
diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
index ca7c5a07e..34539cebe 100644
--- a/src/lib/idmap/sss_idmap.c
+++ b/src/lib/idmap/sss_idmap.c
@@ -541,6 +541,51 @@ enum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx,
return no_range ? IDMAP_NO_RANGE : IDMAP_NO_DOMAIN;
}
+enum idmap_error_code sss_idmap_check_sid_unix(struct sss_idmap_ctx *ctx,
+ const char *sid,
+ uint32_t id)
+{
+ struct idmap_domain_info *idmap_domain_info;
+ size_t dom_len;
+ bool no_range = false;
+
+ if (sid == NULL) {
+ return IDMAP_ERROR;
+ }
+
+ CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
+
+ if (ctx->idmap_domain_info == NULL) {
+ return IDMAP_NO_DOMAIN;
+ }
+
+ idmap_domain_info = ctx->idmap_domain_info;
+
+ if (sss_idmap_sid_is_builtin(sid)) {
+ return IDMAP_BUILTIN_SID;
+ }
+
+ while (idmap_domain_info != NULL) {
+ if (idmap_domain_info->sid != NULL) {
+ dom_len = strlen(idmap_domain_info->sid);
+ if (strlen(sid) > dom_len && sid[dom_len] == '-'
+ && strncmp(sid, idmap_domain_info->sid, dom_len) == 0) {
+
+ if (id >= idmap_domain_info->range->min
+ && id <= idmap_domain_info->range->max) {
+ return IDMAP_SUCCESS;
+ }
+
+ no_range = true;
+ }
+ }
+
+ idmap_domain_info = idmap_domain_info->next;
+ }
+
+ return no_range ? IDMAP_NO_RANGE : IDMAP_SID_UNKNOWN;
+}
+
enum idmap_error_code sss_idmap_unix_to_sid(struct sss_idmap_ctx *ctx,
uint32_t id,
char **_sid)
@@ -656,6 +701,72 @@ done:
return err;
}
+enum idmap_error_code sss_idmap_check_dom_sid_to_unix(struct sss_idmap_ctx *ctx,
+ struct sss_dom_sid *dom_sid,
+ uint32_t id)
+{
+ enum idmap_error_code err;
+ char *sid;
+
+ CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
+
+ err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid);
+ if (err != IDMAP_SUCCESS) {
+ goto done;
+ }
+
+ err = sss_idmap_check_sid_unix(ctx, sid, id);
+
+done:
+ ctx->free_func(sid, ctx->alloc_pvt);
+
+ return err;
+}
+
+enum idmap_error_code sss_idmap_check_bin_sid_unix(struct sss_idmap_ctx *ctx,
+ uint8_t *bin_sid,
+ size_t length,
+ uint32_t id)
+{
+ enum idmap_error_code err;
+ char *sid;
+
+ CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
+
+ err = sss_idmap_bin_sid_to_sid(ctx, bin_sid, length, &sid);
+ if (err != IDMAP_SUCCESS) {
+ goto done;
+ }
+
+ err = sss_idmap_check_sid_unix(ctx, sid, id);
+
+done:
+ ctx->free_func(sid, ctx->alloc_pvt);
+
+ return err;
+}
+
+enum idmap_error_code sss_idmap_check_smb_sid_unix(struct sss_idmap_ctx *ctx,
+ struct dom_sid *smb_sid,
+ uint32_t id)
+{
+ enum idmap_error_code err;
+ char *sid;
+
+ CHECK_IDMAP_CTX(ctx, IDMAP_CONTEXT_INVALID);
+
+ err = sss_idmap_smb_sid_to_sid(ctx, smb_sid, &sid);
+ if (err != IDMAP_SUCCESS) {
+ goto done;
+ }
+
+ err = sss_idmap_check_sid_unix(ctx, sid, id);
+
+done:
+ ctx->free_func(sid, ctx->alloc_pvt);
+
+ return err;
+}
enum idmap_error_code sss_idmap_unix_to_dom_sid(struct sss_idmap_ctx *ctx,
uint32_t id,
struct sss_dom_sid **_dom_sid)
diff --git a/src/lib/idmap/sss_idmap.h b/src/lib/idmap/sss_idmap.h
index 824a7c620..c9e996d0e 100644
--- a/src/lib/idmap/sss_idmap.h
+++ b/src/lib/idmap/sss_idmap.h
@@ -360,6 +360,81 @@ enum idmap_error_code sss_idmap_smb_sid_to_unix(struct sss_idmap_ctx *ctx,
uint32_t *id);
/**
+ * @brief Check if a SID and a unix UID or GID belong to the same range
+ *
+ * @param[in] ctx Idmap context
+ * @param[in] sid Zero-terminated string representation of the SID
+ * @param[in] id Unix UID or GID
+ *
+ * @return
+ * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
+ * - #IDMAP_SID_INVALID: Invalid SID provided
+ * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
+ * idmap context
+ * - #IDMAP_NO_RANGE No matching ID range found
+ */
+enum idmap_error_code sss_idmap_check_sid_unix(struct sss_idmap_ctx *ctx,
+ const char *sid,
+ uint32_t id);
+
+/**
+ * @brief Check if a SID structure and a unix UID or GID belong to the same range
+ *
+ * @param[in] ctx Idmap context
+ * @param[in] dom_sid SID structure
+ * @param[in] id Unix UID or GID
+ *
+ * @return
+ * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
+ * - #IDMAP_SID_INVALID: Invalid SID provided
+ * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
+ * idmap context
+ * - #IDMAP_NO_RANGE No matching ID range found
+ */
+enum idmap_error_code sss_idmap_check_dom_sid_unix(struct sss_idmap_ctx *ctx,
+ struct sss_dom_sid *dom_sid,
+ uint32_t id);
+
+/**
+ * @brief Check if a binary SID and a unix UID or GID belong to the same range
+ *
+ * @param[in] ctx Idmap context
+ * @param[in] bin_sid Array with the binary SID
+ * @param[in] length Size of the array containing the binary SID
+ * @param[in] id Unix UID or GID
+ *
+ * @return
+ * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
+ * - #IDMAP_SID_INVALID: Invalid SID provided
+ * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
+ * idmap context
+ * - #IDMAP_NO_RANGE No matching ID range found
+ */
+enum idmap_error_code sss_idmap_check_bin_sid_unix(struct sss_idmap_ctx *ctx,
+ uint8_t *bin_sid,
+ size_t length,
+ uint32_t id);
+
+/**
+ * @brief Check if a Samba dom_sid structure and a unix UID or GID belong to
+ * the same range
+ *
+ * @param[in] ctx Idmap context
+ * @param[in] smb_sid Samba dom_sid structure
+ * @param[in] id Unix UID or GID
+ *
+ * @return
+ * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
+ * - #IDMAP_SID_INVALID: Invalid SID provided
+ * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
+ * idmap context
+ * - #IDMAP_NO_RANGE No matching ID range found
+ */
+enum idmap_error_code sss_idmap_check_smb_sid_unix(struct sss_idmap_ctx *ctx,
+ struct dom_sid *smb_sid,
+ uint32_t id);
+
+/**
* @brief Translate unix UID or GID to a SID
*
* @param[in] ctx Idmap context
generated by cgit (git 2.34.1) at 2024-05-05 02:18:30 +0000