2 files changed, 20 insertions, 0 deletions

diff --git a/source3/include/proto.h b/source3/include/proto.h
index f7d5e8f8f5..bc55eaff07 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6051,6 +6051,7 @@ NTSTATUS idmap_uid_to_sid(const char *domname, struct dom_sid *sid, uid_t uid);
 NTSTATUS idmap_gid_to_sid(const char *domname, struct dom_sid *sid, gid_t gid);
 NTSTATUS idmap_sid_to_uid(const char *dom_name, struct dom_sid *sid, uid_t *uid);
 NTSTATUS idmap_sid_to_gid(const char *domname, struct dom_sid *sid, gid_t *gid);
+bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom);
 
 /* The following definitions come from winbindd/nss_info.c  */
 
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index 70c109a7a5..3afe9f8607 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -287,3 +287,22 @@ backend:
 	}
 	return NT_STATUS_OK;
 }
+
+/**
+ * check whether a given unix id is inside the filter range of an idmap domain
+ */
+bool idmap_unix_id_is_in_range(uint32_t id, struct idmap_domain *dom)
+{
+	if (id == 0) {
+		/* 0 is not an allowed unix id for id mapping */
+		return false;
+	}
+
+	if ((dom->low_id && (id < dom->low_id)) ||
+	    (dom->high_id && (id > dom->high_id)))
+	{
+		return false;
+	}
+
+	return true;
+}