From cfe8b79c779f313c45c213621f8c5fc48148fc7d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 9 May 2003 09:33:51 +0000
Subject: When checking if a SID is in a domain, make sure that indeed the user
 RID is one element longer than the domain sid.

Andrew Bartlett
(This used to be commit c61e5e38776d2de53d120b592a6685158e79ebb8)
---
 source3/lib/util_sid.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'source3/lib')

diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index e239ef56c7..00f14d7d26 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -391,6 +391,9 @@ BOOL sid_peek_check_rid(const DOM_SID *exp_dom_sid, const DOM_SID *sid, uint32 *
 	if (!exp_dom_sid || !sid || !rid)
 		return False;
 			
+	if (sid->num_auths != (exp_dom_sid->num_auths+1)) {
+		return False;
+	}
 
 	if (sid_compare_domain(exp_dom_sid, sid)!=0){
 		*rid=(-1);
-- 
cgit