s3:winbindd: add idmap_find_domain_with_sid()

This will return the passdb domain if the given sid is in our sam or builtin
or is the domain sid of those domains. Otherwise it returns the idmap domain
that results from the idmap configuration.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

2 files changed, 18 insertions, 0 deletions

diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 07295e757a..065b7e67db 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -422,6 +422,22 @@ struct idmap_domain *idmap_find_domain(const char *domname)
 	return result;
 }
 
+struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
+						const struct dom_sid *sid)
+{
+	idmap_init();
+
+	if (sid_check_is_in_builtin(sid) ||
+	    sid_check_is_builtin(sid) ||
+	    sid_check_is_in_our_sam(sid) ||
+	    sid_check_is_our_sam(sid))
+	{
+		return idmap_passdb_domain(NULL);
+	}
+
+	return idmap_find_domain(domname);
+}
+
 void idmap_close(void)
 {
 	TALLOC_FREE(default_idmap_domain);
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 4e5fb7389c..5952bf96bc 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -317,6 +317,8 @@ NTSTATUS winbindd_print_groupmembers(struct talloc_dict *members,
 void init_idmap_child(void);
 struct winbindd_child *idmap_child(void);
 struct idmap_domain *idmap_find_domain(const char *domname);
+struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
+						const struct dom_sid *sid);
 
 /* The following definitions come from winbindd/winbindd_locator.c  */