libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 32bc3e187a775b4a857bc1922b408f6703d7b27b..891d3c5e17c7d33fc68ffe127faab158669ed128 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -364,6 +364,43 @@ bool dom_sid_in_domain(const struct dom_sid *domain_sid,
        return dom_sid_compare_auth(domain_sid, sid) == 0;
 }
 
+bool dom_sid_has_account_domain(const struct dom_sid *sid)
+{
+       if (sid == NULL) {
+               return false;
+       }
+
+       if (sid->sid_rev_num != 1) {
+               return false;
+       }
+       if (sid->num_auths != 5) {
+               return false;
+       }
+       if (sid->id_auth[5] != 5) {
+               return false;
+       }
+       if (sid->id_auth[4] != 0) {
+               return false;
+       }
+       if (sid->id_auth[3] != 0) {
+               return false;
+       }
+       if (sid->id_auth[2] != 0) {
+               return false;
+       }
+       if (sid->id_auth[1] != 0) {
+               return false;
+       }
+       if (sid->id_auth[0] != 0) {
+               return false;
+       }
+       if (sid->sub_auths[0] != 21) {
+               return false;
+       }
+
+       return true;
+}
+
 bool dom_sid_is_valid_account_domain(const struct dom_sid *sid)
 {
        /*

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 0f3b6b4a3b47366ac63d315ce78e6664b0aaf8ee..98ee935ff97a4c19eead992557896e2536234b3f 100644 (file)
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -102,6 +102,7 @@ NTSTATUS dom_sid_split_rid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
                           struct dom_sid **domain, uint32_t *rid);
 bool dom_sid_in_domain(const struct dom_sid *domain_sid,
                       const struct dom_sid *sid);
+bool dom_sid_has_account_domain(const struct dom_sid *sid);
 bool dom_sid_is_valid_account_domain(const struct dom_sid *sid);
 
 #define DOM_SID_STR_BUFLEN (15*11+25)