summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/idmap/sss_idmap.c12
-rw-r--r--src/tests/sss_idmap-tests.c64
2 files changed, 71 insertions, 5 deletions
diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
index 89c55fc95..17bd5779e 100644
--- a/src/lib/idmap/sss_idmap.c
+++ b/src/lib/idmap/sss_idmap.c
@@ -357,11 +357,13 @@ static enum idmap_error_code dom_check_collision(
/* TODO: if both ranges have the same ID check if an update is
* needed. */
- /* check if ID ranges overlap */
- if ((new_dom->range->min >= dom->range->min
- && new_dom->range->min <= dom->range->max)
- || (new_dom->range->max >= dom->range->min
- && new_dom->range->max <= dom->range->max)) {
+ /* Check if ID ranges overlap.
+ * ID ranges with external mapping may overlap. */
+ if ((!new_dom->external_mapping && !dom->external_mapping)
+ && ((new_dom->range->min >= dom->range->min
+ && new_dom->range->min <= dom->range->max)
+ || (new_dom->range->max >= dom->range->min
+ && new_dom->range->max <= dom->range->max))) {
return IDMAP_COLLISION;
}
diff --git a/src/tests/sss_idmap-tests.c b/src/tests/sss_idmap-tests.c
index eb204137a..65e61351d 100644
--- a/src/tests/sss_idmap-tests.c
+++ b/src/tests/sss_idmap-tests.c
@@ -29,6 +29,9 @@
#define IDMAP_RANGE_MIN 1234
#define IDMAP_RANGE_MAX 9876
+#define IDMAP_RANGE_MIN2 11234
+#define IDMAP_RANGE_MAX2 19876
+
const char test_sid[] = "S-1-5-21-2127521184-1604012920-1887927527-72713";
uint8_t test_bin_sid[] = {0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15,
0x00, 0x00, 0x00, 0xA0, 0x65, 0xCF, 0x7E, 0x78, 0x4B,
@@ -142,6 +145,65 @@ START_TEST(idmap_test_add_domain)
}
END_TEST
+START_TEST(idmap_test_add_domain_collisions)
+{
+ enum idmap_error_code err;
+ struct sss_idmap_range range = {IDMAP_RANGE_MIN, IDMAP_RANGE_MAX};
+ struct sss_idmap_range range2 = {IDMAP_RANGE_MIN2, IDMAP_RANGE_MAX2};
+
+ err = sss_idmap_add_domain(idmap_ctx, "test.dom", "S-1-5-21-1-2-3", &range);
+ fail_unless(err == IDMAP_SUCCESS, "sss_idmap_add_domain failed.");
+
+ err = sss_idmap_add_domain(idmap_ctx, "test.dom", "S-1-5-21-1-2-4",
+ &range2);
+ fail_unless(err == IDMAP_COLLISION,
+ "sss_idmap_add_domain added domain with the same name.");
+
+ err = sss_idmap_add_domain(idmap_ctx, "test.dom2", "S-1-5-21-1-2-3",
+ &range2);
+ fail_unless(err == IDMAP_COLLISION,
+ "sss_idmap_add_domain added domain with the same SID.");
+
+ err = sss_idmap_add_domain(idmap_ctx, "test.dom2", "S-1-5-21-1-2-4",
+ &range);
+ fail_unless(err == IDMAP_COLLISION,
+ "sss_idmap_add_domain added domain with the same range.");
+
+ err = sss_idmap_add_domain(idmap_ctx, "test.dom2", "S-1-5-21-1-2-4",
+ &range2);
+ fail_unless(err == IDMAP_SUCCESS,
+ "sss_idmap_add_domain failed to add second domain.");
+}
+END_TEST
+
+START_TEST(idmap_test_add_domain_collisions_ext_mapping)
+{
+ enum idmap_error_code err;
+ struct sss_idmap_range range = {IDMAP_RANGE_MIN, IDMAP_RANGE_MAX};
+ struct sss_idmap_range range2 = {IDMAP_RANGE_MIN2, IDMAP_RANGE_MAX2};
+
+ err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom", "S-1-5-21-1-2-3",
+ &range, NULL, 0, true);
+ fail_unless(err == IDMAP_SUCCESS, "sss_idmap_add_domain failed.");
+
+ err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom", "S-1-5-21-1-2-4",
+ &range2, NULL, 0, true);
+ fail_unless(err == IDMAP_COLLISION,
+ "sss_idmap_add_domain added domain with the same name.");
+
+ err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom2", "S-1-5-21-1-2-3",
+ &range2, NULL, 0, true);
+ fail_unless(err == IDMAP_COLLISION,
+ "sss_idmap_add_domain added domain with the same SID.");
+
+ err = sss_idmap_add_domain_ex(idmap_ctx, "test.dom2", "S-1-5-21-1-2-4",
+ &range, NULL, 0, true);
+ fail_unless(err == IDMAP_SUCCESS,
+ "sss_idmap_add_domain failed to add second domain with " \
+ "external mapping and the same range.");
+}
+END_TEST
+
START_TEST(idmap_test_sid2uid)
{
enum idmap_error_code err;
@@ -510,6 +572,8 @@ Suite *idmap_test_suite (void)
idmap_ctx_teardown);
tcase_add_test(tc_dom, idmap_test_add_domain);
+ tcase_add_test(tc_dom, idmap_test_add_domain_collisions);
+ tcase_add_test(tc_dom, idmap_test_add_domain_collisions_ext_mapping);
suite_add_tcase(s, tc_dom);