From 301d51e13a1aa4e633e2da161b0dd260a8a499cd Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 13 Feb 2006 17:08:25 +0000
Subject: r13494: Merge the stuff I've done in head the last days.

Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
---
 source3/auth/auth_util.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

(limited to 'source3/auth')

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 1567b6e40b..ad02b24a42 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1018,6 +1018,72 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 	return result;
 }
 
+/***************************************************************************
+ Build upon create_token_from_username:
+
+ Expensive helper function to figure out whether a user given its name is
+ member of a particular group.
+***************************************************************************/
+BOOL user_in_group_sid(const char *username, const DOM_SID *group_sid)
+{
+	NTSTATUS status;
+	uid_t uid;
+	gid_t gid;
+	char *found_username;
+	struct nt_user_token *token;
+	BOOL result;
+
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		DEBUG(0, ("talloc_new failed\n"));
+		return False;
+	}
+
+	status = create_token_from_username(mem_ctx, username, False,
+					    &uid, &gid, &found_username,
+					    &token);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10, ("could not create token for %s\n", username));
+		return False;
+	}
+
+	result = nt_token_check_sid(group_sid, token);
+
+	talloc_free(mem_ctx);
+	return result;
+	
+}
+
+BOOL user_in_group(const char *username, const char *groupname)
+{
+	TALLOC_CTX *mem_ctx;
+	DOM_SID group_sid;
+	NTSTATUS status;
+	BOOL ret;
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		DEBUG(0, ("talloc_new failed\n"));
+		return False;
+	}
+
+	ret = lookup_name(mem_ctx, groupname, LOOKUP_NAME_ALL,
+			  NULL, NULL, &group_sid, NULL);
+	talloc_free(mem_ctx);
+
+	if (!ret) {
+		DEBUG(10, ("lookup_name(%s) failed: %s\n", groupname,
+			   nt_errstr(status)));
+		return False;
+	}
+
+	return user_in_group_sid(username, &group_sid);
+}
+
+
 /***************************************************************************
  Make (and fill) a user_info struct from a Kerberos PAC logon_info by
  conversion to a SAM_ACCOUNT
-- 
cgit