a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose ID-mapping library
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose Sumit Bose <sbose@redhat.com>
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose Copyright (C) 2012 Red Hat
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose This program is free software; you can redistribute it and/or modify
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose it under the terms of the GNU General Public License as published by
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose the Free Software Foundation; either version 3 of the License, or
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose (at your option) any later version.
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose This program is distributed in the hope that it will be useful,
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose GNU General Public License for more details.
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose You should have received a copy of the GNU General Public License
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl/* Hold all parameters for unix<->sid mapping relevant for
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl * given slice. */
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bosestatic void *default_alloc(size_t size, void *pvt)
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bosestatic char *idmap_strdup(struct sss_idmap_ctx *ctx, const char *str)
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichlstatic bool ranges_eq(const struct idmap_range_params *a,
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl const struct idmap_range_params *b)
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl return false;
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl return true;
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl return false;
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl if (src == NULL || id == NULL || _dst == NULL) {
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl dst = ctx->alloc_func(sizeof(struct idmap_range_params), ctx->alloc_pvt);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return false;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return true;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return false;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Boseconst char *idmap_error_string(enum idmap_error_code err)
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP operation successful";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP Function is not yet implemented";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP general error";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP operation ran out of memory";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP domain not found";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP context is invalid";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP SID is invalid";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP SID not found";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP range not found";
c377d4d604f1e7b35c484711f1084b7a761772b6Sumit Bose return "IDMAP SID from BUILTIN domain";
c377d4d604f1e7b35c484711f1084b7a761772b6Sumit Bose return "IDMAP not more free slices";
c377d4d604f1e7b35c484711f1084b7a761772b6Sumit Bose return "IDMAP new range collides with existing one";
c377d4d604f1e7b35c484711f1084b7a761772b6Sumit Bose return "IDMAP ID managed externally";
c377d4d604f1e7b35c484711f1084b7a761772b6Sumit Bose return "IDMAP domain with the given name not found";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return "IDMAP unknown error code";
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose const char *p;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose long long a;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose if (sid == NULL || strncmp(sid, DOM_SID_PREFIX, DOM_SID_PREFIX_LEN) != 0) {
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return false;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return false;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return false;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return false;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose return true;
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Boseenum idmap_error_code sss_idmap_init(idmap_alloc_func *alloc_func,
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose ctx = alloc_func(sizeof(struct sss_idmap_ctx), alloc_pvt);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose ctx->free_func = (free_func == NULL) ? default_free : free_func;
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* Set default values. */
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek ctx->idmap_opts.autorid_mode = SSS_IDMAP_DEFAULT_AUTORID;
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek ctx->idmap_opts.idmap_lower = SSS_IDMAP_DEFAULT_LOWER;
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek ctx->idmap_opts.idmap_upper = SSS_IDMAP_DEFAULT_UPPER;
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek ctx->idmap_opts.rangesize = SSS_IDMAP_DEFAULT_RANGESIZE;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ctx->idmap_opts.extra_slice_init = SSS_IDMAP_DEFAULT_EXTRA_SLICE_INIT;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlstatic void free_helpers(struct sss_idmap_ctx *ctx,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (helpers_owner == false) {
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichlget_helper_by_id(struct idmap_range_params *helpers, const char *id)
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl for (it = helpers; it != NULL; it = it->next) {
cff4a89e38078337d74aa558f0e628d5756b3bbaSumit Bosestatic void sss_idmap_free_domain(struct sss_idmap_ctx *ctx,
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl ctx->free_func(dom->range_params.range_id, ctx->alloc_pvt);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl free_helpers(ctx, dom->helpers, dom->helpers_owner);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Boseenum idmap_error_code sss_idmap_free(struct sss_idmap_ctx *ctx)
5c94d34d890c75ec179a32d2cda4fa060d2b5f0cPavel BĆezinastatic enum idmap_error_code sss_idmap_free_ptr(struct sss_idmap_ctx *ctx,
5c94d34d890c75ec179a32d2cda4fa060d2b5f0cPavel BĆezinaenum idmap_error_code sss_idmap_free_sid(struct sss_idmap_ctx *ctx,
5c94d34d890c75ec179a32d2cda4fa060d2b5f0cPavel BĆezinaenum idmap_error_code sss_idmap_free_dom_sid(struct sss_idmap_ctx *ctx,
5c94d34d890c75ec179a32d2cda4fa060d2b5f0cPavel BĆezinaenum idmap_error_code sss_idmap_free_smb_sid(struct sss_idmap_ctx *ctx,
5c94d34d890c75ec179a32d2cda4fa060d2b5f0cPavel BĆezinaenum idmap_error_code sss_idmap_free_bin_sid(struct sss_idmap_ctx *ctx,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlstatic bool check_overlap(struct idmap_range_params *range,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return ((range->min_id <= min && range->max_id >= max)
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl || (range->min_id >= min && range->min_id <= max)
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl || (range->max_id >= min && range->max_id <= max));
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlstatic bool check_dom_overlap(struct idmap_range_params *prim_range,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* struct idmap_range_params *sec_ranges, */
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidekenum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx,
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek max_slices = (idmap_upper - idmap_lower) / rangesize;
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* The slice is being set explicitly.
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * This may happen at system startup when we're loading
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * previously-determined slices. In the future, we may also
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * permit configuration to select the slice for a domain
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * explicitly.
0526dde7f3d4089617c0f4a6a85f83e9d266c9f1Marlena Marlenowska min = (rangesize * new_slice) + idmap_lower;
0526dde7f3d4089617c0f4a6a85f83e9d266c9f1Marlena Marlenowska for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) {
0526dde7f3d4089617c0f4a6a85f83e9d266c9f1Marlena Marlenowska if (check_dom_overlap(&dom->range_params,min, max)) {
0526dde7f3d4089617c0f4a6a85f83e9d266c9f1Marlena Marlenowska /* This range overlaps one already registered
0526dde7f3d4089617c0f4a6a85f83e9d266c9f1Marlena Marlenowska * Fail, because the slice was manually configured
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* If slice is -1, we're being asked to pick a new slice */
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* In autorid compatibility mode, always start at 0 and find the
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * first free value.
bda0a8ee67c4222ede597fd57456b74e33116653Pavel Reichl /* Hash the range identifier string */
bda0a8ee67c4222ede597fd57456b74e33116653Pavel Reichl hash_val = murmurhash3(range_id, strlen(range_id), 0xdeadbeef);
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* Now get take the modulus of the hash val and the max_slices
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * to determine its optimal position in the range.
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* Verify that this slice is not already in use */
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) {
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* This range overlaps one already registered
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * We'll try the next available slot
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* loop around to the beginning if necessary */
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* Keep trying until dom is NULL (meaning we got to the end
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * without matching) or we have run out of slices and gotten
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek * back to the first one we tried.
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek /* We looped all the way through and found no empty slots */
46222e5191473f9a46aec581273eb2eef22e23beMichal Zidek _range->min = (rangesize * new_slice) + idmap_lower;
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Boseenum idmap_error_code sss_idmap_check_collision_ex(const char *o_name,
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose const char *o_sid,
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose const char *n_name,
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose const char *n_sid,
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose /* TODO: if both ranges have the same ID check if an update is
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose * needed. */
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose /* Check if ID ranges overlap.
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose * ID ranges with external mapping may overlap. */
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose /* check if domain name and SID are consistent */
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose if ((names_equal && !sids_equal) || (!names_equal && sids_equal)) {
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose /* check if external_mapping is consistent */
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose /* check if RID ranges overlap */
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose && n_first_rid <= o_first_rid + (o_range->max - o_range->min)) {
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Boseenum idmap_error_code sss_idmap_check_collision(struct sss_idmap_ctx *ctx,
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) {
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl err = sss_idmap_check_collision_ex(dom->name, dom->sid,
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichlidmap_error_code dom_check_collision(struct idmap_domain_info *dom_list,
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl struct sss_idmap_range new_dom_range = { new_dom->range_params.min_id,
ff6e24f4474cca6226cd44c47ba2ec6ba6cf9a16Sumit Bose for (dom = dom_list; dom != NULL; dom = dom->next) {
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl err = sss_idmap_check_collision_ex(dom->name, dom->sid,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlgenerate_sec_slice_name(struct sss_idmap_ctx *ctx,
bda0a8ee67c4222ede597fd57456b74e33116653Pavel Reichl len = snprintf(NULL, 0, SEC_SLICE_NAME_FMT, domain_sid, rid);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl slice_name = ctx->alloc_func(len + 1, ctx->alloc_pvt);
bda0a8ee67c4222ede597fd57456b74e33116653Pavel Reichl len2 = snprintf(slice_name, len + 1, SEC_SLICE_NAME_FMT, domain_sid,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlgenerate_slice(struct sss_idmap_ctx *ctx, char *slice_name, uint32_t first_rid,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl slice = ctx->alloc_func(sizeof(struct idmap_range_params), ctx->alloc_pvt);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl err = sss_idmap_calculate_range(ctx, slice_name, NULL, &tmp_range);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl for (int i = 0; i < ctx->idmap_opts.extra_slice_init; i++) {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl secondary_name = generate_sec_slice_name(ctx, domain_sid, first_rid);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl err = generate_slice(ctx, secondary_name, first_rid, &slice);
5554a2a679f72f19f266d660a5681e3b0c657379Pavel Reichl ctx->free_func(secondary_name, ctx->alloc_pvt);
5554a2a679f72f19f266d660a5681e3b0c657379Pavel Reichl /* Free already generated helpers. */
95a08a0c02281b28bd1914e0727b40ae25b4e16aSumit Boseenum idmap_error_code sss_idmap_add_domain_ex(struct sss_idmap_ctx *ctx,
47b326af8e662b215139d55e6d52f2b6066fc6dfSumit Bose /* For algorithmic mapping a valid domain SID is required, for external
47b326af8e662b215139d55e6d52f2b6066fc6dfSumit Bose * mapping it may be NULL, but if set it should be valid. */
47b326af8e662b215139d55e6d52f2b6066fc6dfSumit Bose if ((!external_mapping && !is_domain_sid(domain_sid))
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose dom = ctx->alloc_func(sizeof(struct idmap_domain_info), ctx->alloc_pvt);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose memset(dom, 0, sizeof(struct idmap_domain_info));
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl dom->range_params.range_id = idmap_strdup(ctx, range_id);
95a08a0c02281b28bd1914e0727b40ae25b4e16aSumit Bose err = dom_check_collision(ctx->idmap_domain_info, dom);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlsss_idmap_add_auto_domain_ex(struct sss_idmap_ctx *ctx,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl err = sss_idmap_add_domain_ex(ctx, domain_name, domain_sid, range,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* There's no point in generating secondary ranges if external_mapping
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl is enabled. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ctx->idmap_domain_info->auto_add_ranges = false;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if ((range->max - range->min + 1) != ctx->idmap_opts.rangesize) {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Range of primary slice is not equal to the value of
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ldap_idmap_range_size option. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* No additional secondary ranges should be added if no sec ranges are
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl predeclared. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ctx->idmap_domain_info->auto_add_ranges = false;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Add size of primary slice for first_rid of secondary slices. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ctx->idmap_domain_info->auto_add_ranges = true;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Running out of slices for secondary mapping is a non-fatal
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl * problem. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ctx->idmap_domain_info->auto_add_ranges = false;
95a08a0c02281b28bd1914e0727b40ae25b4e16aSumit Boseenum idmap_error_code sss_idmap_add_domain(struct sss_idmap_ctx *ctx,
9ef0d43b961c05f1aae2ec21eed4142ae3221bc3Sumit Bose return sss_idmap_add_domain_ex(ctx, domain_name, domain_sid, range, NULL,
d6f283302268520c1506fb3da4f2a22f5a741be5Michal Zidekstatic bool sss_idmap_sid_is_builtin(const char *sid)
d6f283302268520c1506fb3da4f2a22f5a741be5Michal Zidek return true;
d6f283302268520c1506fb3da4f2a22f5a741be5Michal Zidek return false;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlstatic bool parse_rid(const char *sid, size_t dom_prefix_len, long long *_rid)
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Use suffix of sid - part after domain and following '-' */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl rid = strtoull(sid + dom_prefix_len + 1, &endptr, 10);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (errno != 0 || rid > UINT32_MAX || *endptr != '\0') {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return false;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return true;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlstatic bool is_sid_from_dom(const char *dom_sid, const char *sid,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return false;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (strlen(sid) < dom_sid_len || sid[dom_sid_len] != '-') {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return false;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return strncmp(sid, dom_sid, dom_sid_len) == 0;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlstatic bool comp_id(struct idmap_range_params *range_params, long long rid,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl id = range_params->min_id + (rid - range_params->first_rid);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return true;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return false;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl first_rid = (rid / ctx->idmap_opts.rangesize) * ctx->idmap_opts.rangesize;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl secondary_name = generate_sec_slice_name(ctx, dom_sid, first_rid);
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl helper = get_helper_by_id(helpers, secondary_name);
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl /* Utilize helper's range. */
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl err = construct_range(ctx, helper, secondary_name, &range);
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl /* Have to generate a whole new range. */
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl err = generate_slice(ctx, secondary_name, first_rid, &range);
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl ctx->free_func(secondary_name, ctx->alloc_pvt);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Find the newly added domain. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Share helpers. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Share call back for storing domains */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Failed to find just added domain. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Store mapping for newly created domain. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl const char *sid,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (parse_rid(sid, strlen(matched_dom->sid), &rid) == false) {
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl err = get_range(ctx, matched_dom->helpers, matched_dom->sid, rid, &range);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ctx->free_func(range->range_id, ctx->alloc_pvt);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Boseenum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx,
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose const char *sid,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Try primary slices */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (is_sid_from_dom(idmap_domain_info->sid, sid, &dom_len)) {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (idmap_domain_info->external_mapping == true) {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (comp_id(&idmap_domain_info->range_params, rid, _id)) {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (matched_dom != NULL && matched_dom->auto_add_ranges) {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return add_dom_for_sid(ctx, matched_dom, sid, _id);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return matched_dom ? IDMAP_NO_RANGE : IDMAP_NO_DOMAIN;
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Boseenum idmap_error_code sss_idmap_check_sid_unix(struct sss_idmap_ctx *ctx,
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Bose const char *sid,
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Bose && strncmp(sid, idmap_domain_info->sid, dom_len) == 0) {
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl if (id >= idmap_domain_info->range_params.min_id
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl && id <= idmap_domain_info->range_params.max_id) {
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Bose return no_range ? IDMAP_NO_RANGE : IDMAP_SID_UNKNOWN;
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlstatic enum idmap_error_code generate_sid(struct sss_idmap_ctx *ctx,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl len = snprintf(NULL, 0, SID_FMT, dom_sid, rid);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl sid = ctx->alloc_func(len + 1, ctx->alloc_pvt);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ret = snprintf(sid, len + 1, SID_FMT, dom_sid, rid);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Boseenum idmap_error_code sss_idmap_unix_to_sid(struct sss_idmap_ctx *ctx,
c3cdd6a644a870531092e4378cbcd1a428ff514cPavel Reichl if (id_is_in_range(id, &idmap_domain_info->range_params, &rid)) {
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return generate_sid(ctx, idmap_domain_info->sid, rid, _sid);
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl /* Check secondary ranges. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl for (struct idmap_range_params *it = idmap_domain_info->helpers;
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl if (idmap_domain_info->helpers_owner == false) {
012d334cec221d8abf86dffbbaf9649ec0a4b585Pavel Reichl /* Checking helpers on owner is sufficient. */
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl if (idmap_domain_info->external_mapping == true
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl return generate_sid(ctx, idmap_domain_info->sid, rid, _sid);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_dom_sid_to_unix(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_bin_sid_to_unix(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose err = sss_idmap_bin_sid_to_sid(ctx, bin_sid, length, &sid);
6f504738cad1ee9daa1bd6eec721caceef65f21dSumit Boseenum idmap_error_code sss_idmap_smb_sid_to_unix(struct sss_idmap_ctx *ctx,
6f504738cad1ee9daa1bd6eec721caceef65f21dSumit Bose err = sss_idmap_smb_sid_to_sid(ctx, smb_sid, &sid);
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Boseenum idmap_error_code sss_idmap_check_dom_sid_to_unix(struct sss_idmap_ctx *ctx,
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Bose err = sss_idmap_dom_sid_to_sid(ctx, dom_sid, &sid);
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Boseenum idmap_error_code sss_idmap_check_bin_sid_unix(struct sss_idmap_ctx *ctx,
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Bose err = sss_idmap_bin_sid_to_sid(ctx, bin_sid, length, &sid);
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Boseenum idmap_error_code sss_idmap_check_smb_sid_unix(struct sss_idmap_ctx *ctx,
9869c20a4db6ce7e285a9d7ae7007718a6de207eSumit Bose err = sss_idmap_smb_sid_to_sid(ctx, smb_sid, &sid);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_unix_to_dom_sid(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose err = sss_idmap_sid_to_dom_sid(ctx, sid, &dom_sid);
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Boseenum idmap_error_code sss_idmap_unix_to_bin_sid(struct sss_idmap_ctx *ctx,
b6dfbf81c61d4431aaa81687ec53e892f8b71edbSumit Bose err = sss_idmap_sid_to_bin_sid(ctx, sid, &bin_sid, &length);
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_set_autorid(struct sss_idmap_ctx *ctx, bool use_autorid)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_set_lower(struct sss_idmap_ctx *ctx, id_t lower)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_set_upper(struct sss_idmap_ctx *ctx, id_t upper)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_set_rangesize(struct sss_idmap_ctx *ctx, id_t rangesize)
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichlsss_idmap_ctx_set_extra_slice_init(struct sss_idmap_ctx *ctx,
8babbeee01e67893af4828ddfc922ecac0be4197Pavel Reichl ctx->idmap_opts.extra_slice_init = extra_slice_init;
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_get_autorid(struct sss_idmap_ctx *ctx, bool *_autorid)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_get_lower(struct sss_idmap_ctx *ctx, id_t *_lower)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_get_upper(struct sss_idmap_ctx *ctx, id_t *_upper)
46222e5191473f9a46aec581273eb2eef22e23beMichal Zideksss_idmap_ctx_get_rangesize(struct sss_idmap_ctx *ctx, id_t *_rangesize)
7f02ba09b9481f59c309fd09a88089857e7fe79fSumit Bosesss_idmap_domain_has_algorithmic_mapping(struct sss_idmap_ctx *ctx,
7f02ba09b9481f59c309fd09a88089857e7fe79fSumit Bose && strncmp(dom_sid, idmap_domain_info->sid, len) == 0) {
7f02ba09b9481f59c309fd09a88089857e7fe79fSumit Bose *has_algorithmic_mapping = !idmap_domain_info->external_mapping;
3cbbfb4b05d0eb0a0809704e83589d0075e117a0Sumit Bosesss_idmap_domain_by_name_has_algorithmic_mapping(struct sss_idmap_ctx *ctx,
3cbbfb4b05d0eb0a0809704e83589d0075e117a0Sumit Bose && strcmp(dom_name, idmap_domain_info->name) == 0) {