dsdb/common: Add helper function for determining if account is in Protected Users...

author Joseph Sutton <josephsutton@catalyst.net.nz>

Wed, 2 Feb 2022 22:11:56 +0000 (11:11 +1300)

committer Stefan Metzmacher <metze@samba.org>

Fri, 18 Mar 2022 11:55:30 +0000 (11:55 +0000)
author Joseph Sutton <josephsutton@catalyst.net.nz>
Wed, 2 Feb 2022 22:11:56 +0000 (11:11 +1300)
committer Stefan Metzmacher <metze@samba.org>
Fri, 18 Mar 2022 11:55:30 +0000 (11:55 +0000)
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c

index 2381b074d6aec36a43afad8bf38f8d470f0feceb..bd59de5cb326d97420ff76e8e84523935ee86851 100644 (file)
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -5938,3 +5938,34 @@ done:
  
         return ret;
  }
+
+/*
+ * Returns 1 if 'sids' contains the Protected Users group SID for the domain, 0
+ * if not. Returns a negative value on error.
+ */
+int dsdb_is_protected_user(struct ldb_context *ldb,
+                          const struct dom_sid *sids,
+                          uint32_t num_sids)
+{
+       const struct dom_sid *domain_sid = NULL;
+       struct dom_sid protected_users_sid;
+       uint32_t i;
+
+       domain_sid = samdb_domain_sid(ldb);
+       if (domain_sid == NULL) {
+               return -1;
+       }
+
+       protected_users_sid = *domain_sid;
+       if (!sid_append_rid(&protected_users_sid, DOMAIN_RID_PROTECTED_USERS)) {
+               return -1;
+       }
+
+       for (i = 0; i < num_sids; ++i) {
+               if (dom_sid_equal(&protected_users_sid, &sids[i])) {
+                       return 1;
+               }
+       }
+
+       return 0;
+}
author	Joseph Sutton <josephsutton@catalyst.net.nz>
	Wed, 2 Feb 2022 22:11:56 +0000 (11:11 +1300)
committer	Stefan Metzmacher <metze@samba.org>
	Fri, 18 Mar 2022 11:55:30 +0000 (11:55 +0000)