From: Stefan Metzmacher Date: Thu, 19 Dec 2024 14:58:34 +0000 (+0100) Subject: libcli/security: add dom_sid_match_prefix() helper X-Git-Tag: tevent-0.17.0~720 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38f08fbbbdff96b960dac33c877a6902b1816061;p=thirdparty%2Fsamba.git libcli/security: add dom_sid_match_prefix() helper Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 04ac6e4cf53..c898d87f64a 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -374,14 +374,37 @@ NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, return NT_STATUS_OK; } +/* + return true if the 2nd sid contains or matches the prefix_sid +*/ +bool dom_sid_match_prefix(const struct dom_sid *prefix_sid, + const struct dom_sid *sid) +{ + int i; + + if (!prefix_sid || !sid) { + return false; + } + + if (prefix_sid->num_auths > sid->num_auths) { + return false; + } + + for (i = prefix_sid->num_auths-1; i >= 0; --i) { + if (prefix_sid->sub_auths[i] != sid->sub_auths[i]) { + return false; + } + } + + return dom_sid_compare_auth(prefix_sid, sid) == 0; +} + /* return true if the 2nd sid is in the domain given by the first sid */ bool dom_sid_in_domain(const struct dom_sid *domain_sid, const struct dom_sid *sid) { - int i; - if (!domain_sid || !sid) { return false; } @@ -394,13 +417,7 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid, return false; } - for (i = domain_sid->num_auths-1; i >= 0; --i) { - if (domain_sid->sub_auths[i] != sid->sub_auths[i]) { - return false; - } - } - - return dom_sid_compare_auth(domain_sid, sid) == 0; + return dom_sid_match_prefix(domain_sid, sid); } bool dom_sid_has_account_domain(const struct dom_sid *sid) diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index 54ae3c34412..3f52d7fd86f 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -117,6 +117,8 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, uint32_t rid); NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, struct dom_sid **domain, uint32_t *rid); +bool dom_sid_match_prefix(const struct dom_sid *prefix_sid, + const struct dom_sid *sid); bool dom_sid_in_domain(const struct dom_sid *domain_sid, const struct dom_sid *sid); bool dom_sid_has_account_domain(const struct dom_sid *sid);