summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_idmap.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa/ipa_idmap.c')
-rw-r--r--src/providers/ipa/ipa_idmap.c246
1 files changed, 99 insertions, 147 deletions
diff --git a/src/providers/ipa/ipa_idmap.c b/src/providers/ipa/ipa_idmap.c
index eaca0ed3c..a65086af4 100644
--- a/src/providers/ipa/ipa_idmap.c
+++ b/src/providers/ipa/ipa_idmap.c
@@ -156,9 +156,68 @@ done:
return ret;
}
-errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
- const char *dom_name,
- const char *dom_sid_str)
+errno_t get_idmap_data_from_range(struct range_info *r, char *domain_name,
+ char **_name, char **_sid, uint32_t *_rid,
+ struct sss_idmap_range *_range,
+ bool *_external_mapping)
+{
+ if (r->range_type == NULL) {
+ /* Older IPA servers might not have the range_type attribute, but
+ * only support local ranges and trusts with algorithmic mapping. */
+
+ if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) {
+ /* local IPA domain */
+ *_rid = 0;
+ *_external_mapping = true;
+ *_name = domain_name;
+ *_sid = NULL;
+ } else if (r->trusted_dom_sid != NULL
+ && r->secondary_base_rid == 0) {
+ /* trusted domain */
+ *_rid = r->base_rid;
+ *_external_mapping = false;
+ *_name = r->trusted_dom_sid;
+ *_sid = r->trusted_dom_sid;
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot determine range type, " \
+ "for id range [%s].\n",
+ r->name));
+ return EINVAL;
+ }
+ } else {
+ if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) {
+ *_rid = 0;
+ *_external_mapping = true;
+ *_name = domain_name;
+ *_sid = NULL;
+ } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) {
+ *_rid = 0;
+ *_external_mapping = true;
+ *_name = r->trusted_dom_sid;
+ *_sid = r->trusted_dom_sid;
+ } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) {
+ *_rid = r->base_rid;
+ *_external_mapping = false;
+ *_name = r->trusted_dom_sid;
+ *_sid = r->trusted_dom_sid;
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Range type [%s] of id range " \
+ "[%s] not supported.\n", \
+ r->range_type, r->name));
+ return EINVAL;
+ }
+ }
+
+ _range->min = r->base_id;
+ _range->max = r->base_id + r->id_range_size -1;
+
+ return EOK;
+}
+
+errno_t ipa_idmap_get_ranges_from_sysdb(struct sdap_idmap_ctx *idmap_ctx,
+ const char *dom_name,
+ const char *dom_sid_str,
+ bool allow_collisions)
{
int ret;
size_t range_count;
@@ -166,7 +225,6 @@ errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
TALLOC_CTX *tmp_ctx;
size_t c;
enum idmap_error_code err;
- struct range_info *r;
struct sss_idmap_range range;
uint32_t rid;
bool external_mapping;
@@ -187,72 +245,37 @@ errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
}
for (c = 0; c < range_count; c++) {
- r = range_list[c];
-
- if (r->range_type == NULL) {
- /* Older IPA servers might not have the range_type attribute, but
- * only support local ranges and trusts with algorithmic mapping. */
-
- if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) {
- /* local IPA domain */
- rid = 0;
- external_mapping = true;
- name = idmap_ctx->id_ctx->be->domain->name;
- sid = NULL;
- } else if (r->trusted_dom_sid != NULL
- && r->secondary_base_rid == 0) {
- /* trusted domain */
- rid = r->base_rid;
- external_mapping = false;
- name = r->trusted_dom_sid;
- sid = r->trusted_dom_sid;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot determine range type, " \
- "skipping id ange [%s].\n",
- r->name));
- continue;
- }
- } else {
- if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) {
- rid = 0;
- external_mapping = true;
- name = idmap_ctx->id_ctx->be->domain->name;
- sid = NULL;
- } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) {
- rid = 0;
- external_mapping = true;
- name = r->trusted_dom_sid;
- sid = r->trusted_dom_sid;
- } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) {
- rid = r->base_rid;
- external_mapping = false;
- name = r->trusted_dom_sid;
- sid = r->trusted_dom_sid;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE, ("Range type [%s] not supported, " \
- "skipping id range [%s].\n",
- r->range_type, r->name));
- continue;
- }
+ ret = get_idmap_data_from_range(range_list[c],
+ idmap_ctx->id_ctx->be->domain->name,
+ &name, &sid, &rid, &range,
+ &external_mapping);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("get_idmap_data_from_range failed for " \
+ "id range [%s], skipping.\n",
+ range_list[c]->name));
+ continue;
}
- range.min = r->base_id;
- range.max = r->base_id + r->id_range_size -1;
err = sss_idmap_add_domain_ex(idmap_ctx->map, name, sid, &range,
- r->name, rid, external_mapping);
- if (err != IDMAP_SUCCESS && err != IDMAP_COLLISION) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n",
- r->name));
- ret = EIO;
- goto done;
+ range_list[c]->name, rid,
+ external_mapping);
+ if (err != IDMAP_SUCCESS) {
+ if (!allow_collisions || err != IDMAP_COLLISION) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n",
+ range_list[c]->name));
+ ret = EIO;
+ goto done;
+ }
}
}
- ret = ipa_idmap_check_posix_child(idmap_ctx, dom_name, dom_sid_str,
- range_count, range_list);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("ipa_idmap_check_posix_child failed.\n"));
- goto done;
+ if (dom_name != NULL || dom_sid_str != NULL) {
+ ret = ipa_idmap_check_posix_child(idmap_ctx, dom_name, dom_sid_str,
+ range_count, range_list);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("ipa_idmap_check_posix_child failed.\n"));
+ goto done;
+ }
}
ret = EOK;
@@ -263,6 +286,14 @@ done:
return ret;
}
+errno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
+ const char *dom_name,
+ const char *dom_sid_str)
+{
+ return ipa_idmap_get_ranges_from_sysdb(idmap_ctx, dom_name, dom_sid_str,
+ true);
+}
+
errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
struct sdap_id_ctx *id_ctx,
struct sdap_idmap_ctx **_idmap_ctx)
@@ -270,17 +301,7 @@ errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
errno_t ret;
TALLOC_CTX *tmp_ctx;
enum idmap_error_code err;
- size_t c;
struct sdap_idmap_ctx *idmap_ctx = NULL;
- struct sysdb_ctx *sysdb = id_ctx->be->domain->sysdb;
- size_t range_count;
- struct range_info **range_list;
- struct range_info *r;
- struct sss_idmap_range range;
- uint32_t rid;
- bool external_mapping;
- char *name;
- char *sid;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
@@ -309,82 +330,13 @@ errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
goto done;
}
-
- /* Read in any existing mappings from the cache */
- ret = sysdb_get_ranges(tmp_ctx, sysdb, &range_count, &range_list);
- if (ret != EOK && ret != ENOENT) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("Could not read ranges from the cache: [%s]\n",
- strerror(ret)));
+ ret = ipa_idmap_get_ranges_from_sysdb(idmap_ctx, NULL, NULL, false);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("ipa_idmap_get_ranges_from_sysdb failed.\n"));
goto done;
}
- DEBUG(SSSDBG_CONF_SETTINGS,
- ("Initializing [%zu] domains for ID-mapping\n", range_count));
-
- for (c = 0; c < range_count; c++) {
-
- r = range_list[c];
-
- if (r->range_type == NULL) {
- /* Older IPA servers might not have the range_type attribute, but
- * only support local ranges and trusts with algorithmic mapping. */
-
- if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) {
- /* local IPA domain */
- rid = 0;
- external_mapping = true;
- sid = NULL;
- name = id_ctx->be->domain->name;
- } else if (r->trusted_dom_sid != NULL
- && r->secondary_base_rid == 0) {
- /* trusted domain */
- rid = r->base_rid;
- external_mapping = false;
- sid = r->trusted_dom_sid;
- name = sid;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE, ("Cannot determine range type, " \
- "skipping id ange [%s].\n",
- r->name));
- continue;
- }
- } else {
- if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) {
- rid = 0;
- external_mapping = true;
- sid = NULL;
- name = id_ctx->be->domain->name;
- } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) {
- rid = 0;
- external_mapping = true;
- sid = r->trusted_dom_sid;
- name = sid;
- } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) {
- rid = r->base_rid;
- external_mapping = false;
- sid = r->trusted_dom_sid;
- name = sid;
- } else {
- DEBUG(SSSDBG_MINOR_FAILURE, ("Range type [%s] not supported, " \
- "skipping id range [%s].\n",
- r->range_type, r->name));
- continue;
- }
- }
-
- range.min = r->base_id;
- range.max = r->base_id + r->id_range_size -1;
- err = sss_idmap_add_domain_ex(idmap_ctx->map, name, sid, &range,
- r->name, rid, external_mapping);
- if (err != IDMAP_SUCCESS) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Could not add range [%s] to ID map\n",
- r->name));
- ret = EIO;
- goto done;
- }
- }
-
*_idmap_ctx = talloc_steal(mem_ctx, idmap_ctx);
ret = EOK;
generated by cgit (git 2.34.1) at 2024-04-25 12:33:48 +0000