From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 2 Feb 2022 22:11:56 +0000 (+1300)
Subject: dsdb/common: Add helper function for determining if account is in Protected Users... 
X-Git-Tag: tevent-0.12.0~371
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a8670c4ca246d6b754352056bc06d8564e1a77d;p=thirdparty%2Fsamba.git

dsdb/common: Add helper function for determining if account is in Protected Users group

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index 2381b074d6a..bd59de5cb32 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -5938,3 +5938,34 @@ done:
 
 	return ret;
 }
+
+/*
+ * Returns 1 if 'sids' contains the Protected Users group SID for the domain, 0
+ * if not. Returns a negative value on error.
+ */
+int dsdb_is_protected_user(struct ldb_context *ldb,
+			   const struct dom_sid *sids,
+			   uint32_t num_sids)
+{
+	const struct dom_sid *domain_sid = NULL;
+	struct dom_sid protected_users_sid;
+	uint32_t i;
+
+	domain_sid = samdb_domain_sid(ldb);
+	if (domain_sid == NULL) {
+		return -1;
+	}
+
+	protected_users_sid = *domain_sid;
+	if (!sid_append_rid(&protected_users_sid, DOMAIN_RID_PROTECTED_USERS)) {
+		return -1;
+	}
+
+	for (i = 0; i < num_sids; ++i) {
+		if (dom_sid_equal(&protected_users_sid, &sids[i])) {
+			return 1;
+		}
+	}
+
+	return 0;
+}