From be606e8eeb0a419189bd8f44975c80e182474993 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Thu, 6 Jan 2005 23:27:28 +0000
Subject: r4579: small changes to allow the members og the Domain Admins group
 on the Samba DC to join clients to the domain -- needs more testing and
 security review but does work with initial testing (This used to be commit
 9ade9bf49c7125fb29658f943e9ebb6be9496180)

---
 source3/auth/auth_util.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'source3/auth')

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 2eacc2b0d1..98ecd00d1c 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1444,6 +1444,35 @@ NT_USER_TOKEN *dup_nt_token(NT_USER_TOKEN *ptoken)
 	return token;
 }
 
+/****************************************************************************
+ Check for a SID in an NT_USER_TOKEN
+****************************************************************************/
+
+BOOL nt_token_check_sid ( DOM_SID *sid, NT_USER_TOKEN *token )
+{
+	int i;
+	
+	if ( !sid || !token )
+		return False;
+	
+	for ( i=0; i<token->num_sids; i++ ) {
+		if ( sid_equal( sid, &token->user_sids[i] ) )
+			return True;
+	}
+
+	return False;
+}
+
+BOOL nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) 
+{
+	DOM_SID domain_sid;
+
+	sid_copy( &domain_sid, get_global_sam_sid() );
+	sid_append_rid( &domain_sid, rid );
+	
+	return nt_token_check_sid( &domain_sid, token );\
+}
+
 /**
  * Verify whether or not given domain is trusted.
  *
-- 
cgit