providers/ipa/ipa_idmap.c

8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose/*
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    SSSD
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    Authors:
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        Sumit Bose <sbose@redhat.com>
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    Copyright (C) 2013 Red Hat
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    This program is free software; you can redistribute it and/or modify
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    it under the terms of the GNU General Public License as published by
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    the Free Software Foundation; either version 3 of the License, or
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    (at your option) any later version.
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    This program is distributed in the hope that it will be useful,
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    but WITHOUT ANY WARRANTY; without even the implied warranty of
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    GNU General Public License for more details.
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    You should have received a copy of the GNU General Public License
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    along with this program.  If not, see <http://www.gnu.org/licenses/>.
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose*/
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose#include "util/util.h"
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose#include "providers/ldap/sdap_idmap.h"
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose#include "providers/ipa/ipa_common.h"
a473fb88e6015cf0ccbd2e9005c7e6acca18f452Pavel Březina#include "util/util_sss_idmap.h"
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bosestatic errno_t ipa_idmap_check_posix_child(struct sdap_idmap_ctx *idmap_ctx,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                           const char *dom_name,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                           const char *dom_sid_str,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                           size_t range_count,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                           struct range_info **range_list)
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose{
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    bool has_algorithmic_mapping;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    enum idmap_error_code err;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    struct sss_domain_info *dom;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    struct sss_domain_info *forest_root;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    size_t c;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    struct sss_idmap_range range;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    struct range_info *r;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    char *range_id;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    TALLOC_CTX *tmp_ctx;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    bool found = false;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    int ret;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    err = sss_idmap_domain_has_algorithmic_mapping(idmap_ctx->map, dom_sid_str,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                                   &has_algorithmic_mapping);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (err == IDMAP_SUCCESS) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        DEBUG(SSSDBG_TRACE_ALL,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov              "Idmap of domain [%s] already known, nothing to do.\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                dom_sid_str);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        return EOK;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    } else {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        err = sss_idmap_domain_by_name_has_algorithmic_mapping(idmap_ctx->map,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                                      dom_name,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                                      &has_algorithmic_mapping);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        if (err == IDMAP_SUCCESS) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            DEBUG(SSSDBG_TRACE_ALL,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "Idmap of domain [%s] already known, nothing to do.\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                    dom_sid_str);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            return EOK;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(SSSDBG_TRACE_ALL, "Trying to add idmap for domain [%s].\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                             dom_sid_str);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (err != IDMAP_SID_UNKNOWN && err != IDMAP_NAME_UNKNOWN) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        DEBUG(SSSDBG_OP_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov              "sss_idmap_domain_has_algorithmic_mapping failed.\n");
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        return EINVAL;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
9ca0071db0e226e4e65b2a80fdeddd5048ca8990Pavel Reichl    dom = find_domain_by_sid(idmap_ctx->id_ctx->be->domain, dom_sid_str);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (dom == NULL) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        DEBUG(SSSDBG_OP_FAILURE,
9ca0071db0e226e4e65b2a80fdeddd5048ca8990Pavel Reichl              "find_domain_by_sid failed with SID [%s].\n", dom_sid_str);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        return EINVAL;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (dom->forest == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_MINOR_FAILURE, "No forest available for domain [%s].\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                                     dom_sid_str);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        return EINVAL;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
db18dda869bc6c52a41797b2066cf121cf10f49cPavel Reichl    forest_root = find_domain_by_name(idmap_ctx->id_ctx->be->domain,
db18dda869bc6c52a41797b2066cf121cf10f49cPavel Reichl                                      dom->forest, true);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (forest_root == NULL) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        DEBUG(SSSDBG_OP_FAILURE,
db18dda869bc6c52a41797b2066cf121cf10f49cPavel Reichl              "find_domain_by_name failed to find forest root [%s].\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov               dom->forest);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        return ENOENT;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (forest_root->domain_id == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_MINOR_FAILURE, "Forest root [%s] does not have a SID.\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                                     dom->forest);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        return EINVAL;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    tmp_ctx = talloc_new(NULL);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (tmp_ctx == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        return ENOMEM;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    for (c = 0; c < range_count; c++) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        r = range_list[c];
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        if (r->trusted_dom_sid != NULL
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                && strcmp(r->trusted_dom_sid, forest_root->domain_id) == 0) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            if (r->range_type == NULL
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                    || strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) != 0) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                DEBUG(SSSDBG_MINOR_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                      "Forest root does not have range type [%s].\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                       IPA_RANGE_AD_TRUST_POSIX);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                ret = EINVAL;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                goto done;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            range.min = r->base_id;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            range.max = r->base_id + r->id_range_size -1;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            range_id = talloc_asprintf(tmp_ctx, "%s-%s", dom_sid_str, r->name);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            if (range_id == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                ret = ENOMEM;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                goto done;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            err = sss_idmap_add_domain_ex(idmap_ctx->map, dom_name, dom_sid_str,
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                                          &range, range_id, 0, true);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            if (err != IDMAP_SUCCESS && err != IDMAP_COLLISION) {
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                      "Could not add range [%s] to ID map\n", range_id);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                ret = EIO;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose                goto done;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose            found = true;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    if (!found) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_MINOR_FAILURE, "No idrange found for forest root [%s].\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                                     forest_root->domain_id);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        ret = ENOENT;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose        goto done;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    ret = EOK;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bosedone:
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    talloc_free(tmp_ctx);
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    return ret;
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose}
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Boseerrno_t get_idmap_data_from_range(struct range_info *r, char *domain_name,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                  char **_name, char **_sid, uint32_t *_rid,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                  struct sss_idmap_range *_range,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                  bool *_external_mapping)
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose{
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    if (r->range_type == NULL) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        /* Older IPA servers might not have the range_type attribute, but
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose         * only support local ranges and trusts with algorithmic mapping. */
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        if (r->trusted_dom_sid == NULL && r->secondary_base_rid != 0) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            /* local IPA domain */
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_rid = 0;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_external_mapping = true;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_name = domain_name;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_sid = NULL;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        } else if (r->trusted_dom_sid != NULL
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                && r->secondary_base_rid == 0) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            /* trusted domain */
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_rid = r->base_rid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_external_mapping = false;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_name = r->trusted_dom_sid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_sid = r->trusted_dom_sid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        } else {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            DEBUG(SSSDBG_MINOR_FAILURE, "Cannot determine range type, " \
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        "for id range [%s].\n",
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        r->name);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            return EINVAL;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        }
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    } else {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        if (strcmp(r->range_type, IPA_RANGE_LOCAL) == 0) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_rid = 0;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_external_mapping = true;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_name = domain_name;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_sid = NULL;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST_POSIX) == 0) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_rid = 0;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_external_mapping = true;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_name = r->trusted_dom_sid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_sid = r->trusted_dom_sid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        } else if (strcmp(r->range_type, IPA_RANGE_AD_TRUST) == 0) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_rid = r->base_rid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_external_mapping = false;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_name = r->trusted_dom_sid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            *_sid = r->trusted_dom_sid;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        } else {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            DEBUG(SSSDBG_MINOR_FAILURE, "Range type [%s] of id range " \
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        "[%s] not supported.\n", \
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        r->range_type, r->name);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            return EINVAL;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        }
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    }
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    _range->min = r->base_id;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    _range->max = r->base_id + r->id_range_size -1;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    return EOK;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose}
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Boseerrno_t ipa_idmap_get_ranges_from_sysdb(struct sdap_idmap_ctx *idmap_ctx,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        const char *dom_name,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        const char *dom_sid_str,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        bool allow_collisions)
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose{
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    int ret;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    size_t range_count;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    struct range_info **range_list;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    TALLOC_CTX *tmp_ctx;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    size_t c;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    enum idmap_error_code err;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    struct sss_idmap_range range;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    uint32_t rid;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    bool external_mapping;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    char *name;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    char *sid;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    tmp_ctx = talloc_new(NULL);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    if (tmp_ctx == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        return ENOMEM;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    ret = sysdb_get_ranges(tmp_ctx, idmap_ctx->id_ctx->be->domain->sysdb,
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose                           &range_count, &range_list);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_ranges failed.\n");
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        goto done;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    for (c = 0; c < range_count; c++) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        ret = get_idmap_data_from_range(range_list[c],
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        idmap_ctx->id_ctx->be->domain->name,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        &name, &sid, &rid, &range,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                        &external_mapping);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        if (ret != EOK) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            DEBUG(SSSDBG_OP_FAILURE, "get_idmap_data_from_range failed for " \
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                     "id range [%s], skipping.\n",
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                     range_list[c]->name);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            continue;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        err = sss_idmap_add_domain_ex(idmap_ctx->map, name, sid, &range,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                      range_list[c]->name, rid,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                      external_mapping);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        if (err != IDMAP_SUCCESS) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            if (!allow_collisions || err != IDMAP_COLLISION) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                DEBUG(SSSDBG_CRIT_FAILURE, "Could not add range [%s] to ID map\n",
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                           range_list[c]->name);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                ret = EIO;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                goto done;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    if (dom_name != NULL || dom_sid_str != NULL) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        ret = ipa_idmap_check_posix_child(idmap_ctx, dom_name, dom_sid_str,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                          range_count, range_list);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        if (ret != EOK) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            DEBUG(SSSDBG_OP_FAILURE, "ipa_idmap_check_posix_child failed.\n");
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose            goto done;
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose    }
dc0ae0f9f516d947b1f3369235f50284e6c0540fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    ret = EOK;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bosedone:
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    talloc_free(tmp_ctx);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    return ret;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose}
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Boseerrno_t ipa_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                  const char *dom_name,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                  const char *dom_sid_str)
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose{
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    return ipa_idmap_get_ranges_from_sysdb(idmap_ctx, dom_name, dom_sid_str,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose                                           true);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose}
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Boseerrno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose                       struct sdap_id_ctx *id_ctx,
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose                       struct sdap_idmap_ctx **_idmap_ctx)
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose{
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    errno_t ret;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    TALLOC_CTX *tmp_ctx;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    enum idmap_error_code err;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    struct sdap_idmap_ctx *idmap_ctx = NULL;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    tmp_ctx = talloc_new(NULL);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    if (!tmp_ctx) return ENOMEM;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    idmap_ctx = talloc_zero(tmp_ctx, struct sdap_idmap_ctx);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    if (!idmap_ctx) {
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        ret = ENOMEM;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        goto done;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    idmap_ctx->id_ctx = id_ctx;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    idmap_ctx->find_new_domain = ipa_idmap_find_new_domain;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    /* Initialize the map */
a473fb88e6015cf0ccbd2e9005c7e6acca18f452Pavel Březina    err = sss_idmap_init(sss_idmap_talloc, idmap_ctx,
a473fb88e6015cf0ccbd2e9005c7e6acca18f452Pavel Březina                         sss_idmap_talloc_free,
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose                         &idmap_ctx->map);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    if (err != IDMAP_SUCCESS) {
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov              "Could not initialize the ID map: [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov               idmap_error_string(err));
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        if (err == IDMAP_OUT_OF_MEMORY) {
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose            ret = ENOMEM;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        } else {
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose            ret = EINVAL;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        goto done;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    ret = ipa_idmap_get_ranges_from_sysdb(idmap_ctx, NULL, NULL, false);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose    if (ret != EOK) {
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose        DEBUG(SSSDBG_OP_FAILURE, "ipa_idmap_get_ranges_from_sysdb failed.\n");
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose        goto done;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    }
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    *_idmap_ctx = talloc_steal(mem_ctx, idmap_ctx);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    ret = EOK;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bosedone:
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    talloc_free(tmp_ctx);
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose    return ret;
8ff0aba893d8da1a8163ccaf9ad2c5b6bccd121fSumit Bose}