libcli/security: add dom_sid_match_prefix() helper

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 04ac6e4cf539eeb492d599c3968b4b7a0e7048a7..c898d87f64a669cf9a6e87d3768dc22cf773a1df 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -374,14 +374,37 @@ NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
        return NT_STATUS_OK;
 }
 
+/*
+  return true if the 2nd sid contains or matches the prefix_sid
+*/
+bool dom_sid_match_prefix(const struct dom_sid *prefix_sid,
+                         const struct dom_sid *sid)
+{
+       int i;
+
+       if (!prefix_sid || !sid) {
+               return false;
+       }
+
+       if (prefix_sid->num_auths > sid->num_auths) {
+               return false;
+       }
+
+       for (i = prefix_sid->num_auths-1; i >= 0; --i) {
+               if (prefix_sid->sub_auths[i] != sid->sub_auths[i]) {
+                       return false;
+               }
+       }
+
+       return dom_sid_compare_auth(prefix_sid, sid) == 0;
+}
+
 /*
   return true if the 2nd sid is in the domain given by the first sid
 */
 bool dom_sid_in_domain(const struct dom_sid *domain_sid,
                       const struct dom_sid *sid)
 {
-       int i;
-
        if (!domain_sid || !sid) {
                return false;
        }
@@ -394,13 +417,7 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid,
                return false;
        }
 
-       for (i = domain_sid->num_auths-1; i >= 0; --i) {
-               if (domain_sid->sub_auths[i] != sid->sub_auths[i]) {
-                       return false;
-               }
-       }
-
-       return dom_sid_compare_auth(domain_sid, sid) == 0;
+       return dom_sid_match_prefix(domain_sid, sid);
 }
 
 bool dom_sid_has_account_domain(const struct dom_sid *sid)

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 54ae3c34412128bf46a347792b5cea8dae25b798..3f52d7fd86f094bcf0430330406f192028812e1a 100644 (file)
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -117,6 +117,8 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
                                uint32_t rid);
 NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
                           struct dom_sid **domain, uint32_t *rid);
+bool dom_sid_match_prefix(const struct dom_sid *prefix_sid,
+                         const struct dom_sid *sid);
 bool dom_sid_in_domain(const struct dom_sid *domain_sid,
                       const struct dom_sid *sid);
 bool dom_sid_has_account_domain(const struct dom_sid *sid);