From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 30 Oct 2023 01:33:00 +0000 (+1300)
Subject: s4:dsdb: Make sids_contains_sid() usable by other Samba modules
X-Git-Tag: talloc-2.4.2~932
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=487e21ec89999f1357db4144775d1923d99260f5;p=thirdparty%2Fsamba.git

s4:dsdb: Make sids_contains_sid() usable by other Samba modules

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index e3be817dd43..7a03af79e76 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -141,6 +141,9 @@ void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids,
 bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
 			     uint32_t rid, uint32_t **pp_rids, size_t *p_num);
 bool is_null_sid(const struct dom_sid *sid);
+bool sids_contains_sid(const struct auth_SidAttr *sids,
+		       const uint32_t num_sids,
+		       const struct dom_sid *sid,
+		       uint32_t attrs);
 
 #endif /*_DOM_SID_H_*/
-
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index b2c21fc59b3..f2eadd6ada6 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -517,6 +517,36 @@ bool is_null_sid(const struct dom_sid *sid)
 	return dom_sid_equal(sid, &null_sid);
 }
 
+/**
+ * Return true if an array of auth_SidAttr contains a certain SID with certain
+ * attributes.
+ *
+ * @param [in] sids	The auth_SidAttr array.
+ * @param [in] num_sids	The size of the auth_SidArray array.
+ * @param [in] sid	The SID in question.
+ * @param [in] attrs	The attributes of the SID.
+ * @returns true if the array contains the SID.
+ */
+bool sids_contains_sid(const struct auth_SidAttr *sids,
+		       const uint32_t num_sids,
+		       const struct dom_sid *sid,
+		       uint32_t attrs)
+{
+	uint32_t i;
+
+	for (i = 0; i < num_sids; i++) {
+		if (attrs != sids[i].attrs) {
+			continue;
+		}
+		if (!dom_sid_equal(&sids[i].sid, sid)) {
+			continue;
+		}
+
+		return true;
+	}
+	return false;
+}
+
 /*
  * See [MS-LSAT] 3.1.1.1.1 Predefined Translation Database and Corresponding View
  */
diff --git a/source4/dsdb/common/util_groups.c b/source4/dsdb/common/util_groups.c
index c7a5e904707..00706b41903 100644
--- a/source4/dsdb/common/util_groups.c
+++ b/source4/dsdb/common/util_groups.c
@@ -26,27 +26,6 @@
 #include "libcli/security/security.h"
 #include "dsdb/common/util.h"
 
-/* This function tests if a SID structure "sids" contains the SID "sid" */
-static bool sids_contains_sid(const struct auth_SidAttr *sids,
-			      const uint32_t num_sids,
-			      const struct dom_sid *sid,
-			      uint32_t attrs)
-{
-	uint32_t i;
-
-	for (i = 0; i < num_sids; i++) {
-		if (attrs != sids[i].attrs) {
-			continue;
-		}
-		if (!dom_sid_equal(&sids[i].sid, sid)) {
-			continue;
-		}
-
-		return true;
-	}
-	return false;
-}
-
 /*
  * This function generates the transitive closure of a given SAM object "dn_val"
  * (it basically expands nested memberships).
diff --git a/source4/dsdb/wscript_build b/source4/dsdb/wscript_build
index 766342fad8e..d0d6439b621 100644
--- a/source4/dsdb/wscript_build
+++ b/source4/dsdb/wscript_build
@@ -16,7 +16,7 @@ bld.SAMBA_LIBRARY('samdb-common',
 	source='common/util.c common/util_trusts.c common/util_groups.c common/util_samr.c common/dsdb_dn.c common/dsdb_access.c common/util_links.c common/rodc_helper.c',
 	autoproto='common/proto.h',
 	private_library=True,
-	deps='ldb NDR_DRSBLOBS util_ldb LIBCLI_AUTH samba-hostconfig samba_socket cli-ldap-common flag_mapping UTIL_RUNCMD SAMBA_VERSION'
+	deps='ldb NDR_DRSBLOBS util_ldb LIBCLI_AUTH samba-hostconfig samba_socket cli-ldap-common flag_mapping UTIL_RUNCMD SAMBA_VERSION samba-security'
 	)