summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/idmap/sss_idmap.c123
-rw-r--r--src/lib/idmap/sss_idmap.h65
-rw-r--r--src/tests/cmocka/test_sss_idmap.c93
3 files changed, 244 insertions, 37 deletions
diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
index 3f1e7a58f..4c4531205 100644
--- a/src/lib/idmap/sss_idmap.c
+++ b/src/lib/idmap/sss_idmap.c
@@ -380,55 +380,104 @@ enum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx,
return IDMAP_SUCCESS;
}
-static enum idmap_error_code dom_check_collision(
- struct idmap_domain_info *dom_list,
- struct idmap_domain_info *new_dom)
+enum idmap_error_code sss_idmap_check_collision_ex(const char *o_name,
+ const char *o_sid,
+ struct sss_idmap_range *o_range,
+ uint32_t o_first_rid,
+ const char *o_range_id,
+ bool o_external_mapping,
+ const char *n_name,
+ const char *n_sid,
+ struct sss_idmap_range *n_range,
+ uint32_t n_first_rid,
+ const char *n_range_id,
+ bool n_external_mapping)
{
- struct idmap_domain_info *dom;
bool names_equal;
bool sids_equal;
- for (dom = dom_list; dom != NULL; dom = dom->next) {
+ /* TODO: if both ranges have the same ID check if an update is
+ * needed. */
+
+ /* Check if ID ranges overlap.
+ * ID ranges with external mapping may overlap. */
+ if ((!n_external_mapping && !o_external_mapping)
+ && ((n_range->min >= o_range->min
+ && n_range->min <= o_range->max)
+ || (n_range->max >= o_range->min
+ && n_range->max <= o_range->max))) {
+ return IDMAP_COLLISION;
+ }
- /* TODO: if both ranges have the same ID check if an update is
- * needed. */
-
- /* Check if ID ranges overlap.
- * ID ranges with external mapping may overlap. */
- if ((!new_dom->external_mapping && !dom->external_mapping)
- && ((new_dom->range->min >= dom->range->min
- && new_dom->range->min <= dom->range->max)
- || (new_dom->range->max >= dom->range->min
- && new_dom->range->max <= dom->range->max))) {
- return IDMAP_COLLISION;
- }
+ names_equal = (strcasecmp(n_name, o_name) == 0);
+ sids_equal = ((n_sid == NULL && o_sid == NULL)
+ || (n_sid != NULL && o_sid != NULL
+ && strcasecmp(n_sid, o_sid) == 0));
+
+ /* check if domain name and SID are consistent */
+ if ((names_equal && !sids_equal) || (!names_equal && sids_equal)) {
+ return IDMAP_COLLISION;
+ }
- names_equal = (strcasecmp(new_dom->name, dom->name) == 0);
- sids_equal = ((new_dom->sid == NULL && dom->sid == NULL)
- || (new_dom->sid != NULL && dom->sid != NULL
- && strcasecmp(new_dom->sid, dom->sid) == 0));
+ /* check if external_mapping is consistent */
+ if (names_equal && sids_equal
+ && n_external_mapping != o_external_mapping) {
+ return IDMAP_COLLISION;
+ }
- /* check if domain name and SID are consistent */
- if ((names_equal && !sids_equal) || (!names_equal && sids_equal)) {
- return IDMAP_COLLISION;
- }
+ /* check if RID ranges overlap */
+ if (names_equal && sids_equal
+ && n_external_mapping == false
+ && n_first_rid >= o_first_rid
+ && n_first_rid <= o_first_rid + (o_range->max - o_range->min)) {
+ return IDMAP_COLLISION;
+ }
- /* check if external_mapping is consistent */
- if (names_equal && sids_equal
- && new_dom->external_mapping != dom->external_mapping) {
- return IDMAP_COLLISION;
- }
+ return IDMAP_SUCCESS;
+}
- /* check if RID ranges overlap */
- if (names_equal && sids_equal
- && new_dom->external_mapping == false
- && new_dom->first_rid >= dom->first_rid
- && new_dom->first_rid <=
- dom->first_rid + (dom->range->max - dom->range->min)) {
- return IDMAP_COLLISION;
+enum idmap_error_code sss_idmap_check_collision(struct sss_idmap_ctx *ctx,
+ char *n_name, char *n_sid,
+ struct sss_idmap_range *n_range,
+ uint32_t n_first_rid,
+ char *n_range_id,
+ bool n_external_mapping)
+{
+ struct idmap_domain_info *dom;
+ enum idmap_error_code err;
+
+ for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) {
+ err = sss_idmap_check_collision_ex(dom->name, dom->sid, dom->range,
+ dom->first_rid, dom->range_id,
+ dom->external_mapping,
+ n_name, n_sid, n_range, n_first_rid,
+ n_range_id, n_external_mapping);
+ if (err != IDMAP_SUCCESS) {
+ return err;
}
}
+ return IDMAP_SUCCESS;
+}
+static enum idmap_error_code dom_check_collision(
+ struct idmap_domain_info *dom_list,
+ struct idmap_domain_info *new_dom)
+{
+ struct idmap_domain_info *dom;
+ enum idmap_error_code err;
+
+ for (dom = dom_list; dom != NULL; dom = dom->next) {
+ err = sss_idmap_check_collision_ex(dom->name, dom->sid, dom->range,
+ dom->first_rid, dom->range_id,
+ dom->external_mapping,
+ new_dom->name, new_dom->sid,
+ new_dom->range, new_dom->first_rid,
+ new_dom->range_id,
+ new_dom->external_mapping);
+ if (err != IDMAP_SUCCESS) {
+ return err;
+ }
+ }
return IDMAP_SUCCESS;
}
diff --git a/src/lib/idmap/sss_idmap.h b/src/lib/idmap/sss_idmap.h
index 1e1c9a5cf..ccc63f7f7 100644
--- a/src/lib/idmap/sss_idmap.h
+++ b/src/lib/idmap/sss_idmap.h
@@ -289,6 +289,71 @@ enum idmap_error_code sss_idmap_add_domain_ex(struct sss_idmap_ctx *ctx,
const char *range_id,
uint32_t rid,
bool external_mapping);
+
+/**
+ * @brief Check if a new range would collide with any existing one
+ *
+ * @param[in] ctx Idmap context
+ * @param[in] n_name Zero-terminated string with the domain name the new
+ * range should belong to
+ * @param[in] n_sid Zero-terminated string representation of the domain
+ * SID (S-1-15-.....) the new range sould belong to
+ * @param[in] n_range The new id range
+ * @param[in] n_range_id unique identifier of the new range, it is needed
+ * to allow updates at runtime, may be NULL
+ * @param[in] n_first_rid The RID that should be mapped to the first ID of the
+ * new range.
+ * @param[in] n_external_mapping Mapping type of the new range
+ *
+ * @return
+ * - #IDMAP_COLLISION: New range collides with existing one
+ */
+enum idmap_error_code sss_idmap_check_collision(struct sss_idmap_ctx *ctx,
+ char *n_name, char *n_sid,
+ struct sss_idmap_range *n_range,
+ uint32_t n_first_rid,
+ char *n_range_id,
+ bool n_external_mapping);
+
+/**
+ * @brief Check if two ranges would collide
+ *
+ * @param[in] o_name Zero-terminated string with the domain name the
+ * first range should belong to
+ * @param[in] o_sid Zero-terminated string representation of the domain
+ * SID (S-1-15-.....) the first range sould belong to
+ * @param[in] o_range The first id range
+ * @param[in] o_range_id unique identifier of the first range, it is needed
+ * to allow updates at runtime, may be NULL
+ * @param[in] o_first_rid The RID that should be mapped to the first ID of the
+ * first range.
+ * @param[in] o_external_mapping Mapping type of the first range
+ * @param[in] n_name Zero-terminated string with the domain name the
+ * second range should belong to
+ * @param[in] n_sid Zero-terminated string representation of the domain
+ * SID (S-1-15-.....) the second range sould belong to
+ * @param[in] n_range The second id range
+ * @param[in] n_range_id unique identifier of the second range, it is needed
+ * to allow updates at runtime, may be NULL
+ * @param[in] n_first_rid The RID that should be mapped to the first ID of the
+ * second range.
+ * @param[in] n_external_mapping Mapping type of the second range
+ *
+ * @return
+ * - #IDMAP_COLLISION: New range collides with existing one
+ */
+enum idmap_error_code sss_idmap_check_collision_ex(const char *o_name,
+ const char *o_sid,
+ struct sss_idmap_range *o_range,
+ uint32_t o_first_rid,
+ const char *o_range_id,
+ bool o_external_mapping,
+ const char *n_name,
+ const char *n_sid,
+ struct sss_idmap_range *n_range,
+ uint32_t n_first_rid,
+ const char *n_range_id,
+ bool n_external_mapping);
/**
* @brief Translate SID to a unix UID or GID
*
diff --git a/src/tests/cmocka/test_sss_idmap.c b/src/tests/cmocka/test_sss_idmap.c
index 019b4618e..ff9332164 100644
--- a/src/tests/cmocka/test_sss_idmap.c
+++ b/src/tests/cmocka/test_sss_idmap.c
@@ -30,11 +30,15 @@
#define TEST_RANGE_MAX 399999
#define TEST_DOM_NAME "test.dom"
#define TEST_DOM_SID "S-1-5-21-123-456-789"
+#define TEST_FIRST_RID 0
+#define TEST_EXT_MAPPING true
#define TEST_2_RANGE_MIN 600000
#define TEST_2_RANGE_MAX 799999
#define TEST_2_DOM_NAME "test2.dom"
#define TEST_2_DOM_SID "S-1-5-21-987-654-321"
+#define TEST_2_FIRST_RID 1000000
+#define TEST_2_EXT_MAPPING true
#define TEST_OFFSET 1000000
#define TEST_OFFSET_STR "1000000"
@@ -408,6 +412,94 @@ void test_has_algorithmic_by_name(void **state)
assert_false(use_id_mapping);
}
+void test_sss_idmap_check_collision_ex(void **state)
+{
+ enum idmap_error_code err;
+ struct sss_idmap_range r1 = {TEST_RANGE_MIN, TEST_RANGE_MAX};
+ struct sss_idmap_range r2 = {TEST_2_RANGE_MIN, TEST_2_RANGE_MAX};
+
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ TEST_EXT_MAPPING,
+ TEST_2_DOM_NAME, TEST_2_DOM_SID, &r2,
+ TEST_2_FIRST_RID, NULL,
+ TEST_2_EXT_MAPPING);
+ assert_int_equal(err, IDMAP_SUCCESS);
+
+ /* Same name, different SID */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ TEST_EXT_MAPPING,
+ TEST_DOM_NAME, TEST_2_DOM_SID, &r2,
+ TEST_2_FIRST_RID, NULL,
+ TEST_2_EXT_MAPPING);
+ assert_int_equal(err, IDMAP_COLLISION);
+
+ /* Same SID, different name */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ TEST_EXT_MAPPING,
+ TEST_2_DOM_NAME, TEST_DOM_SID, &r2,
+ TEST_2_FIRST_RID, NULL,
+ TEST_2_EXT_MAPPING);
+ assert_int_equal(err, IDMAP_COLLISION);
+
+ /* Same SID and name, no overlaps */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ TEST_EXT_MAPPING,
+ TEST_DOM_NAME, TEST_DOM_SID, &r2,
+ TEST_2_FIRST_RID, NULL,
+ TEST_2_EXT_MAPPING);
+ assert_int_equal(err, IDMAP_SUCCESS);
+
+ /* Same SID and name, different mappings */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ TEST_EXT_MAPPING,
+ TEST_DOM_NAME, TEST_DOM_SID, &r2,
+ TEST_2_FIRST_RID, NULL,
+ !TEST_EXT_MAPPING);
+ assert_int_equal(err, IDMAP_COLLISION);
+
+ /* Same SID and name, Overlapping RID range */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ false,
+ TEST_DOM_NAME, TEST_DOM_SID, &r2,
+ TEST_FIRST_RID, NULL,
+ false);
+ assert_int_equal(err, IDMAP_COLLISION);
+
+ /* Different SID and name, Overlapping RID range */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ false,
+ TEST_2_DOM_NAME, TEST_2_DOM_SID, &r2,
+ TEST_FIRST_RID, NULL,
+ false);
+ assert_int_equal(err, IDMAP_SUCCESS);
+
+
+ /* Overlapping ranges with no external mapping */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ false,
+ TEST_2_DOM_NAME, TEST_2_DOM_SID, &r1,
+ TEST_2_FIRST_RID, NULL,
+ false);
+ assert_int_equal(err, IDMAP_COLLISION);
+
+ /* Overlapping ranges with external mapping */
+ err = sss_idmap_check_collision_ex(TEST_DOM_NAME, TEST_DOM_SID, &r1,
+ TEST_FIRST_RID, NULL,
+ true,
+ TEST_2_DOM_NAME, TEST_2_DOM_SID, &r1,
+ TEST_2_FIRST_RID, NULL,
+ true);
+ assert_int_equal(err, IDMAP_SUCCESS);
+}
+
int main(int argc, const char *argv[])
{
poptContext pc;
@@ -439,6 +531,7 @@ int main(int argc, const char *argv[])
unit_test_setup_teardown(test_has_algorithmic_by_name,
test_sss_idmap_setup_with_both,
test_sss_idmap_teardown),
+ unit_test(test_sss_idmap_check_collision_ex),
};
/* Set debug level to invalid value so we can deside if -d 0 was used. */