libcli/security: helper to find resource attribute ACEs

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/secace.c b/libcli/security/secace.c
index 8d7b22d1f6885a0085d1de25202b49aebc33890b..e6ac6572ba2e746a6aeca9f692ba2a5e8b2c5f96 100644 (file)
--- a/libcli/security/secace.c
+++ b/libcli/security/secace.c
@@ -64,6 +64,15 @@ bool sec_ace_callback(uint8_t type)
        return false;
 }
 
+/**
+ * Check if an ACE type is resource attribute, which means it will
+ * have a blob of data at the end defining an attribute on the object.
+ * Resource attribute ACEs should only occur in SACLs.
+ */
+bool sec_ace_resource(uint8_t type)
+{
+       return type == SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE;
+}
 
 /*******************************************************************
  Sets up a struct security_ace structure.

diff --git a/libcli/security/secace.h b/libcli/security/secace.h
index 6b2e8995ea07dedf08366647b48f6df5f6fa297f..97be534873571e7507c87fbc9e102cbb25b24634 100644 (file)
--- a/libcli/security/secace.h
+++ b/libcli/security/secace.h
@@ -26,6 +26,7 @@
 bool sec_ace_object(uint8_t type);
 size_t ndr_subcontext_size_of_ace_coda(const struct security_ace *ace, size_t ace_size, int flags);
 bool sec_ace_callback(uint8_t type);
+bool sec_ace_resource(uint8_t type);
 
 void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type,
                  uint32_t mask, uint8_t flag);