From 515c92a759ad30059f65d3e65dc9f642dc03852a Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 21 Oct 2006 09:46:12 +0000
Subject: r19441: work in progress support for NFS4 ACLs in Samba4 on Linux.
 Still work to do, particularly with getting the detailed bit mappings right,
 and on sid mapping. Does not pass RAW-ACLS yet (This used to be commit
 b92553481b534d0ef5277dbfe8c0d64a03f819eb)

---
 source4/dsdb/common/sidmap.c | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'source4/dsdb/common/sidmap.c')

diff --git a/source4/dsdb/common/sidmap.c b/source4/dsdb/common/sidmap.c
index 73bfde2794..67649c1218 100644
--- a/source4/dsdb/common/sidmap.c
+++ b/source4/dsdb/common/sidmap.c
@@ -215,6 +215,47 @@ allocated_sid:
 }
 
 
+/*
+  see if a sid is a group - very inefficient!
+*/
+_PUBLIC_ BOOL sidmap_sid_is_group(struct sidmap_context *sidmap, struct dom_sid *sid)
+{
+	const char *attrs[] = { "sAMAccountType", NULL };
+	int ret;
+	TALLOC_CTX *tmp_ctx;
+	struct ldb_message **res;
+	NTSTATUS status;
+	struct dom_sid *domain_sid;
+	BOOL is_group;
+
+	tmp_ctx = talloc_new(sidmap);
+
+	ret = gendb_search(sidmap->samctx, tmp_ctx, NULL, &res, attrs, 
+			   "objectSid=%s", ldap_encode_ndr_dom_sid(tmp_ctx, sid));
+	if (ret == 1) {
+		is_group = is_group_account(res[0]);
+		talloc_free(tmp_ctx);
+		return is_group;
+	}
+
+	status = sidmap_primary_domain_sid(sidmap, tmp_ctx, &domain_sid);
+	if (!NT_STATUS_IS_OK(status)) {
+		talloc_free(tmp_ctx);
+		return False;
+	}
+
+	if (dom_sid_in_domain(domain_sid, sid)) {
+		uint32_t rid = sid->sub_auths[sid->num_auths-1];
+		if (rid >= SIDMAP_LOCAL_GROUP_BASE) {
+			talloc_free(tmp_ctx);
+			return True;
+		}
+	}
+
+	talloc_free(tmp_ctx);
+	return False;
+}
+
 /*
   map a sid to a unix gid
 */
-- 
cgit