Line data Source code
1 : /*
2 : SSSD
3 :
4 : Authors:
5 : Stephen Gallagher <sgallagh@redhat.com>
6 :
7 : Copyright (C) 2012 Red Hat
8 :
9 : This program is free software; you can redistribute it and/or modify
10 : it under the terms of the GNU General Public License as published by
11 : the Free Software Foundation; either version 3 of the License, or
12 : (at your option) any later version.
13 :
14 : This program is distributed in the hope that it will be useful,
15 : but WITHOUT ANY WARRANTY; without even the implied warranty of
16 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 : GNU General Public License for more details.
18 :
19 : You should have received a copy of the GNU General Public License
20 : along with this program. If not, see <http://www.gnu.org/licenses/>.
21 : */
22 :
23 : #include "util/util.h"
24 : #include "util/dlinklist.h"
25 : #include "util/murmurhash3.h"
26 : #include "providers/ldap/sdap_idmap.h"
27 : #include "util/util_sss_idmap.h"
28 :
29 : static errno_t
30 7 : sdap_idmap_get_configured_external_range(struct sdap_idmap_ctx *idmap_ctx,
31 : struct sss_idmap_range *range)
32 : {
33 : int int_id;
34 : struct sdap_id_ctx *id_ctx;
35 : uint32_t min;
36 : uint32_t max;
37 :
38 7 : if (idmap_ctx == NULL) {
39 0 : return EINVAL;
40 : }
41 :
42 7 : id_ctx = idmap_ctx->id_ctx;
43 :
44 7 : int_id = dp_opt_get_int(id_ctx->opts->basic, SDAP_MIN_ID);
45 7 : if (int_id < 0) {
46 0 : DEBUG(SSSDBG_CONF_SETTINGS, "ldap_min_id must be greater than 0.\n");
47 0 : return EINVAL;
48 : }
49 7 : min = int_id;
50 :
51 7 : int_id = dp_opt_get_int(id_ctx->opts->basic, SDAP_MAX_ID);
52 7 : if (int_id < 0) {
53 0 : DEBUG(SSSDBG_CONF_SETTINGS, "ldap_max_id must be greater than 0.\n");
54 0 : return EINVAL;
55 : }
56 7 : max = int_id;
57 :
58 7 : if ((min == 0 && max != 0) || (min != 0 && max == 0)) {
59 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Both ldap_min_id and ldap_max_id " \
60 : "either must be 0 (not set) " \
61 : "or positive integers.\n");
62 0 : return EINVAL;
63 : }
64 :
65 7 : if (min == 0 && max == 0) {
66 : /* ldap_min_id and ldap_max_id not set, using min_id and max_id */
67 7 : min = id_ctx->be->domain->id_min;
68 7 : max = id_ctx->be->domain->id_max;
69 7 : if (max == 0) {
70 7 : max = UINT32_MAX;
71 : }
72 : }
73 :
74 7 : range->min = min;
75 7 : range->max =max;
76 :
77 7 : return EOK;
78 : }
79 :
80 : static errno_t
81 7 : sdap_idmap_add_configured_external_range(struct sdap_idmap_ctx *idmap_ctx)
82 : {
83 : int ret;
84 : struct sss_idmap_range range;
85 : struct sdap_id_ctx *id_ctx;
86 : enum idmap_error_code err;
87 :
88 7 : ret = sdap_idmap_get_configured_external_range(idmap_ctx, &range);
89 7 : if (ret != EOK) {
90 0 : DEBUG(SSSDBG_OP_FAILURE,
91 : "sdap_idmap_get_configured_external_range failed.\n");
92 0 : return ret;
93 : }
94 :
95 7 : id_ctx = idmap_ctx->id_ctx;
96 :
97 7 : err = sss_idmap_add_domain_ex(idmap_ctx->map, id_ctx->be->domain->name,
98 7 : id_ctx->be->domain->domain_id, &range,
99 : NULL, 0, true);
100 7 : if (err != IDMAP_SUCCESS) {
101 0 : DEBUG(SSSDBG_CRIT_FAILURE,
102 : "Could not add domain [%s] to the map: [%d]\n",
103 : id_ctx->be->domain->name, err);
104 0 : return EIO;
105 : }
106 :
107 7 : return EOK;
108 : }
109 :
110 0 : errno_t sdap_idmap_find_new_domain(struct sdap_idmap_ctx *idmap_ctx,
111 : const char *dom_name,
112 : const char *dom_sid_str)
113 : {
114 : int ret;
115 :
116 0 : ret = sdap_idmap_add_domain(idmap_ctx,
117 : dom_name, dom_sid_str,
118 : -1);
119 0 : if (ret != EOK) {
120 0 : DEBUG(SSSDBG_MINOR_FAILURE,
121 : "Could not add new domain [%s]\n", dom_name);
122 0 : return ret;
123 : }
124 :
125 0 : return EOK;
126 : }
127 :
128 : errno_t
129 7 : sdap_idmap_init(TALLOC_CTX *mem_ctx,
130 : struct sdap_id_ctx *id_ctx,
131 : struct sdap_idmap_ctx **_idmap_ctx)
132 : {
133 : errno_t ret;
134 : TALLOC_CTX *tmp_ctx;
135 : enum idmap_error_code err;
136 : size_t i;
137 : struct ldb_result *res;
138 : const char *dom_name;
139 : const char *sid_str;
140 : id_t slice_num;
141 : id_t idmap_lower;
142 : id_t idmap_upper;
143 : id_t rangesize;
144 : bool autorid_mode;
145 7 : struct sdap_idmap_ctx *idmap_ctx = NULL;
146 :
147 7 : tmp_ctx = talloc_new(NULL);
148 7 : if (!tmp_ctx) return ENOMEM;
149 :
150 7 : idmap_ctx = talloc_zero(tmp_ctx, struct sdap_idmap_ctx);
151 7 : if (!idmap_ctx) {
152 0 : ret = ENOMEM;
153 0 : goto done;
154 : }
155 7 : idmap_ctx->id_ctx = id_ctx;
156 7 : idmap_ctx->find_new_domain = sdap_idmap_find_new_domain;
157 :
158 7 : idmap_lower = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic,
159 : SDAP_IDMAP_LOWER);
160 7 : idmap_upper = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic,
161 : SDAP_IDMAP_UPPER);
162 7 : rangesize = dp_opt_get_int(idmap_ctx->id_ctx->opts->basic,
163 : SDAP_IDMAP_RANGESIZE);
164 7 : autorid_mode = dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic,
165 : SDAP_IDMAP_AUTORID_COMPAT);
166 :
167 : /* Validate that the values make sense */
168 7 : if (rangesize <= 0
169 7 : || idmap_upper <= idmap_lower
170 7 : || (idmap_upper-idmap_lower) < rangesize)
171 : {
172 0 : DEBUG(SSSDBG_FATAL_FAILURE,
173 : "Invalid settings for range selection: "
174 : "[%"SPRIid"][%"SPRIid"][%"SPRIid"]\n",
175 : idmap_lower, idmap_upper, rangesize);
176 0 : ret = EINVAL;
177 0 : goto done;
178 : }
179 :
180 7 : if (((idmap_upper - idmap_lower) % rangesize) != 0) {
181 0 : DEBUG(SSSDBG_CONF_SETTINGS,
182 : "Range size does not divide evenly. Uppermost range will "
183 : "not be used\n");
184 : }
185 :
186 : /* Initialize the map */
187 7 : err = sss_idmap_init(sss_idmap_talloc, idmap_ctx,
188 : sss_idmap_talloc_free,
189 : &idmap_ctx->map);
190 7 : if (err != IDMAP_SUCCESS) {
191 0 : DEBUG(SSSDBG_CRIT_FAILURE,
192 : "Could not initialize the ID map: [%s]\n",
193 : idmap_error_string(err));
194 0 : if (err == IDMAP_OUT_OF_MEMORY) {
195 0 : ret = ENOMEM;
196 : } else {
197 0 : ret = EINVAL;
198 : }
199 0 : goto done;
200 : }
201 :
202 7 : err = sss_idmap_ctx_set_autorid(idmap_ctx->map, autorid_mode);
203 7 : err |= sss_idmap_ctx_set_lower(idmap_ctx->map, idmap_lower);
204 7 : err |= sss_idmap_ctx_set_upper(idmap_ctx->map, idmap_upper);
205 7 : err |= sss_idmap_ctx_set_rangesize(idmap_ctx->map, rangesize);
206 7 : if (err != IDMAP_SUCCESS) {
207 : /* This should never happen */
208 0 : DEBUG(SSSDBG_CRIT_FAILURE, "sss_idmap_ctx corrupted\n");
209 0 : ret = EIO;
210 0 : goto done;
211 : }
212 :
213 :
214 : /* Setup range for externally managed IDs, i.e. IDs are read from the
215 : * ldap_user_uid_number and ldap_group_gid_number attributes. */
216 7 : if (!dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_ID_MAPPING)) {
217 7 : ret = sdap_idmap_add_configured_external_range(idmap_ctx);
218 7 : if (ret != EOK) {
219 0 : DEBUG(SSSDBG_OP_FAILURE,
220 : "sdap_idmap_add_configured_external_range failed.\n");
221 0 : goto done;
222 : }
223 : }
224 :
225 : /* Read in any existing mappings from the cache */
226 7 : ret = sysdb_idmap_get_mappings(tmp_ctx, id_ctx->be->domain, &res);
227 7 : if (ret != EOK && ret != ENOENT) {
228 0 : DEBUG(SSSDBG_FATAL_FAILURE,
229 : "Could not read ID mappings from the cache: [%s]\n",
230 : strerror(ret));
231 0 : goto done;
232 : }
233 :
234 7 : if (ret == EOK) {
235 0 : DEBUG(SSSDBG_CONF_SETTINGS,
236 : "Initializing [%d] domains for ID-mapping\n", res->count);
237 :
238 0 : for (i = 0; i < res->count; i++) {
239 0 : dom_name = ldb_msg_find_attr_as_string(res->msgs[i],
240 : SYSDB_NAME,
241 : NULL);
242 0 : if (!dom_name) {
243 : /* This should never happen */
244 0 : ret = EINVAL;
245 0 : goto done;
246 : }
247 :
248 0 : sid_str = ldb_msg_find_attr_as_string(res->msgs[i],
249 : SYSDB_IDMAP_SID_ATTR,
250 : NULL);
251 0 : if (!sid_str) {
252 : /* This should never happen */
253 0 : ret = EINVAL;
254 0 : goto done;
255 : }
256 :
257 0 : slice_num = ldb_msg_find_attr_as_int(res->msgs[i],
258 : SYSDB_IDMAP_SLICE_ATTR,
259 : -1);
260 0 : if (slice_num == -1) {
261 : /* This should never happen */
262 0 : ret = EINVAL;
263 0 : goto done;
264 : }
265 :
266 0 : ret = sdap_idmap_add_domain(idmap_ctx, dom_name,
267 : sid_str, slice_num);
268 0 : if (ret != EOK) {
269 0 : DEBUG(SSSDBG_CRIT_FAILURE,
270 : "Could not add domain [%s][%s][%"SPRIid"] "
271 : "to ID map: [%s]\n",
272 : dom_name, sid_str, slice_num, strerror(ret));
273 0 : goto done;
274 : }
275 : }
276 : } else {
277 : /* This is the first time we're setting up id-mapping
278 : * Store the default domain as slice 0
279 : */
280 7 : dom_name = dp_opt_get_string(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_DEFAULT_DOMAIN);
281 7 : if (!dom_name) {
282 : /* If it's not explicitly specified, use the SSSD domain name */
283 7 : dom_name = idmap_ctx->id_ctx->be->domain->name;
284 7 : ret = dp_opt_set_string(idmap_ctx->id_ctx->opts->basic,
285 : SDAP_IDMAP_DEFAULT_DOMAIN,
286 : dom_name);
287 7 : if (ret != EOK) goto done;
288 : }
289 :
290 7 : sid_str = dp_opt_get_string(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_DEFAULT_DOMAIN_SID);
291 7 : if (sid_str) {
292 0 : struct sss_domain_info *domain = idmap_ctx->id_ctx->be->domain;
293 0 : domain->domain_id = talloc_strdup(domain, sid_str);
294 0 : if (domain->domain_id == NULL) {
295 0 : ret = ENOMEM;
296 0 : goto done;
297 : }
298 :
299 : /* Set the default domain as slice 0 */
300 0 : ret = sdap_idmap_add_domain(idmap_ctx, dom_name,
301 : sid_str, 0);
302 0 : if (ret != EOK) {
303 0 : DEBUG(SSSDBG_CRIT_FAILURE,
304 : "Could not add domain [%s][%s][%u] to ID map: [%s]\n",
305 : dom_name, sid_str, 0, strerror(ret));
306 0 : goto done;
307 : }
308 : } else {
309 7 : if (dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_IDMAP_AUTORID_COMPAT)) {
310 : /* In autorid compatibility mode, we MUST have a slice 0 */
311 0 : DEBUG(SSSDBG_CRIT_FAILURE,
312 : "WARNING: Autorid compatibility mode selected, "
313 : "but %s is not set. UID/GID values may differ "
314 : "between clients.\n",
315 : idmap_ctx->id_ctx->opts->basic[SDAP_IDMAP_DEFAULT_DOMAIN_SID].opt_name);
316 : }
317 : /* Otherwise, we'll just fall back to hash values as they are seen */
318 : }
319 : }
320 :
321 7 : *_idmap_ctx = talloc_steal(mem_ctx, idmap_ctx);
322 7 : ret = EOK;
323 :
324 : done:
325 7 : talloc_free(tmp_ctx);
326 7 : return ret;
327 : }
328 :
329 : errno_t
330 0 : sdap_idmap_add_domain(struct sdap_idmap_ctx *idmap_ctx,
331 : const char *dom_name,
332 : const char *dom_sid,
333 : id_t slice)
334 : {
335 : errno_t ret;
336 : struct sss_idmap_range range;
337 : enum idmap_error_code err;
338 : id_t idmap_upper;
339 0 : bool external_mapping = true;
340 :
341 0 : ret = sss_idmap_ctx_get_upper(idmap_ctx->map, &idmap_upper);
342 0 : if (ret != IDMAP_SUCCESS) {
343 0 : DEBUG(SSSDBG_CRIT_FAILURE,
344 : "Failed to get upper bound of available ID range.\n");
345 0 : ret = EIO;
346 0 : goto done;
347 : }
348 :
349 0 : if (dp_opt_get_bool(idmap_ctx->id_ctx->opts->basic, SDAP_ID_MAPPING)) {
350 0 : external_mapping = false;
351 0 : ret = sss_idmap_calculate_range(idmap_ctx->map, dom_sid, &slice, &range);
352 0 : if (ret != IDMAP_SUCCESS) {
353 0 : DEBUG(SSSDBG_CRIT_FAILURE,
354 : "Failed to calculate range for domain [%s]: [%d]\n", dom_name,
355 : ret);
356 0 : ret = EIO;
357 0 : goto done;
358 : }
359 0 : DEBUG(SSSDBG_TRACE_LIBS,
360 : "Adding domain [%s] as slice [%"SPRIid"]\n", dom_sid, slice);
361 :
362 0 : if (range.max > idmap_upper) {
363 : /* This should never happen */
364 0 : DEBUG(SSSDBG_CRIT_FAILURE,
365 : "BUG: Range maximum exceeds the global maximum: "
366 : "%u > %"SPRIid"\n", range.max, idmap_upper);
367 0 : ret = EINVAL;
368 0 : goto done;
369 : }
370 : } else {
371 0 : ret = sdap_idmap_get_configured_external_range(idmap_ctx, &range);
372 0 : if (ret != EOK) {
373 0 : DEBUG(SSSDBG_OP_FAILURE,
374 : "sdap_idmap_get_configured_external_range failed.\n");
375 0 : return ret;
376 : }
377 : }
378 :
379 : /* Add this domain to the map */
380 0 : err = sss_idmap_add_domain_ex(idmap_ctx->map, dom_name, dom_sid, &range,
381 : NULL, 0, external_mapping);
382 0 : if (err != IDMAP_SUCCESS) {
383 0 : DEBUG(SSSDBG_CRIT_FAILURE,
384 : "Could not add domain [%s] to the map: [%d]\n",
385 : dom_name, err);
386 0 : ret = EIO;
387 0 : goto done;
388 : }
389 :
390 : /* If algorithmic mapping is used add this domain to the SYSDB cache so it
391 : * will survive reboot */
392 0 : if (!external_mapping) {
393 0 : ret = sysdb_idmap_store_mapping(idmap_ctx->id_ctx->be->domain,
394 : dom_name, dom_sid,
395 : slice);
396 0 : if (ret != EOK) {
397 0 : DEBUG(SSSDBG_OP_FAILURE, "sysdb_idmap_store_mapping failed.\n");
398 0 : goto done;
399 : }
400 : }
401 :
402 : done:
403 0 : return ret;
404 : }
405 :
406 : errno_t
407 0 : sdap_idmap_get_dom_sid_from_object(TALLOC_CTX *mem_ctx,
408 : const char *object_sid,
409 : char **dom_sid_str)
410 : {
411 : const char *p;
412 : long long a;
413 : size_t c;
414 : char *endptr;
415 :
416 0 : if (object_sid == NULL
417 0 : || strncmp(object_sid, DOM_SID_PREFIX, DOM_SID_PREFIX_LEN) != 0) {
418 0 : return EINVAL;
419 : }
420 :
421 0 : p = object_sid + DOM_SID_PREFIX_LEN;
422 0 : c = 0;
423 :
424 : do {
425 0 : errno = 0;
426 0 : a = strtoull(p, &endptr, 10);
427 0 : if (errno != 0 || a > UINT32_MAX) {
428 0 : return EINVAL;
429 : }
430 :
431 0 : if (*endptr == '-') {
432 0 : p = endptr + 1;
433 : } else {
434 0 : return EINVAL;
435 : }
436 0 : c++;
437 0 : } while(c < 3);
438 :
439 : /* If we made it here, we are now one character past
440 : * the last hyphen in the object-sid.
441 : * Copy the dom-sid substring.
442 : */
443 0 : *dom_sid_str = talloc_strndup(mem_ctx, object_sid,
444 0 : (endptr-object_sid));
445 0 : if (!*dom_sid_str) return ENOMEM;
446 :
447 0 : return EOK;
448 : }
449 :
450 : errno_t
451 0 : sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
452 : const char *sid_str,
453 : id_t *id)
454 : {
455 : errno_t ret;
456 : enum idmap_error_code err;
457 0 : char *dom_sid_str = NULL;
458 :
459 : /* Convert the SID into a UNIX ID */
460 0 : err = sss_idmap_sid_to_unix(idmap_ctx->map,
461 : sid_str,
462 : (uint32_t *)id);
463 0 : switch (err) {
464 : case IDMAP_SUCCESS:
465 0 : break;
466 : case IDMAP_NO_DOMAIN:
467 : /* This is the first time we've seen this domain
468 : * Create a new domain for it. We'll use the dom-sid
469 : * as the domain name for now, since we don't have
470 : * any way to get the real name.
471 : */
472 0 : ret = sdap_idmap_get_dom_sid_from_object(NULL, sid_str,
473 : &dom_sid_str);
474 0 : if (ret != EOK) {
475 0 : DEBUG(SSSDBG_MINOR_FAILURE,
476 : "Could not parse domain SID from [%s]\n", sid_str);
477 0 : goto done;
478 : }
479 :
480 0 : ret = idmap_ctx->find_new_domain(idmap_ctx, dom_sid_str, dom_sid_str);
481 0 : if (ret != EOK) {
482 0 : DEBUG(SSSDBG_MINOR_FAILURE,
483 : "Could not add new domain for sid [%s]\n", sid_str);
484 0 : goto done;
485 : }
486 :
487 : /* Now try converting to a UNIX ID again */
488 0 : err = sss_idmap_sid_to_unix(idmap_ctx->map,
489 : sid_str,
490 : (uint32_t *)id);
491 0 : if (err != IDMAP_SUCCESS) {
492 0 : DEBUG(SSSDBG_MINOR_FAILURE,
493 : "Could not convert objectSID [%s] to a UNIX ID\n",
494 : sid_str);
495 0 : ret = EIO;
496 0 : goto done;
497 : }
498 0 : break;
499 : case IDMAP_BUILTIN_SID:
500 0 : DEBUG(SSSDBG_TRACE_FUNC,
501 : "Object SID [%s] is a built-in one.\n", sid_str);
502 : /* ENOTSUP indicates built-in SID */
503 0 : ret = ENOTSUP;
504 0 : goto done;
505 : break;
506 : case IDMAP_NO_RANGE:
507 0 : DEBUG(SSSDBG_IMPORTANT_INFO,
508 : "Object SID [%s] has a RID that is larger than the "
509 : "ldap_idmap_range_size. See the \"ID MAPPING\" section of "
510 : "sssd-ad(5) for an explanation of how to resolve this issue.",
511 : sid_str);
512 : /* Fall through intentionally */
513 : default:
514 0 : DEBUG(SSSDBG_MINOR_FAILURE,
515 : "Could not convert objectSID [%s] to a UNIX ID\n",
516 : sid_str);
517 0 : ret = EIO;
518 0 : goto done;
519 : }
520 :
521 0 : ret = EOK;
522 :
523 : done:
524 0 : talloc_free(dom_sid_str);
525 0 : return ret;
526 : }
527 :
528 15 : bool sdap_idmap_domain_has_algorithmic_mapping(struct sdap_idmap_ctx *ctx,
529 : const char *dom_name,
530 : const char *dom_sid)
531 : {
532 : enum idmap_error_code err;
533 : bool has_algorithmic_mapping;
534 : char *new_dom_sid;
535 : int ret;
536 15 : TALLOC_CTX *tmp_ctx = NULL;
537 :
538 15 : if (dp_opt_get_bool(ctx->id_ctx->opts->basic, SDAP_ID_MAPPING)
539 0 : && 0 == strcmp("ldap", ctx->id_ctx->be->bet_info[BET_ID].mod_name)) {
540 0 : return true;
541 : }
542 :
543 15 : err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid,
544 : &has_algorithmic_mapping);
545 15 : switch (err){
546 : case IDMAP_SUCCESS:
547 0 : return has_algorithmic_mapping;
548 : case IDMAP_SID_INVALID: /* FALLTHROUGH */
549 : case IDMAP_SID_UNKNOWN: /* FALLTHROUGH */
550 : case IDMAP_NO_DOMAIN: /* FALLTHROUGH */
551 : /* continue with idmap_domain_by_name */
552 15 : break;
553 : default:
554 0 : return false;
555 : }
556 :
557 15 : err = sss_idmap_domain_by_name_has_algorithmic_mapping(ctx->map,
558 : dom_name,
559 : &has_algorithmic_mapping);
560 15 : if (err == IDMAP_SUCCESS) {
561 15 : return has_algorithmic_mapping;
562 0 : } else if (err != IDMAP_NAME_UNKNOWN && err != IDMAP_NO_DOMAIN) {
563 0 : return false;
564 : }
565 :
566 : /* This is the first time we've seen this domain
567 : * Create a new domain for it. We'll use the dom-sid
568 : * as the domain name for now, since we don't have
569 : * any way to get the real name.
570 : */
571 :
572 0 : if (is_domain_sid(dom_sid)) {
573 0 : new_dom_sid = discard_const(dom_sid);
574 : } else {
575 0 : tmp_ctx = talloc_new(NULL);
576 0 : if (tmp_ctx == NULL) {
577 0 : DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
578 0 : return false;
579 : }
580 :
581 0 : ret = sdap_idmap_get_dom_sid_from_object(tmp_ctx, dom_sid,
582 : &new_dom_sid);
583 0 : if (ret != EOK) {
584 0 : DEBUG(SSSDBG_MINOR_FAILURE,
585 : "Could not parse domain SID from [%s]\n", dom_sid);
586 0 : talloc_free(tmp_ctx);
587 0 : return false;
588 : }
589 : }
590 :
591 0 : ret = ctx->find_new_domain(ctx, dom_name, new_dom_sid);
592 0 : talloc_free(tmp_ctx);
593 0 : if (ret != EOK) {
594 0 : DEBUG(SSSDBG_MINOR_FAILURE,
595 : "Could not add new domain for sid [%s]\n", dom_sid);
596 0 : return false;
597 : }
598 :
599 0 : err = sss_idmap_domain_has_algorithmic_mapping(ctx->map, dom_sid,
600 : &has_algorithmic_mapping);
601 0 : if (err == IDMAP_SUCCESS) {
602 0 : return has_algorithmic_mapping;
603 : }
604 :
605 0 : return false;
606 : }
|
