libcli: add dom_sid_compare_domain()

Guenther

diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 93f887134e56ce30b135826c0baa5125cf22d178..f94d952b4d1cf6f430bae8877f8e0e598fcb1b25 100644 (file)
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -98,6 +98,24 @@ bool sid_append_rid(struct dom_sid *sid, uint32_t rid)
        return false;
 }
 
+/*
+  See if 2 SIDs are in the same domain
+  this just compares the leading sub-auths
+*/
+int dom_sid_compare_domain(const struct dom_sid *sid1,
+                          const struct dom_sid *sid2)
+{
+       int n, i;
+
+       n = MIN(sid1->num_auths, sid2->num_auths);
+
+       for (i = n-1; i >= 0; --i)
+               if (sid1->sub_auths[i] != sid2->sub_auths[i])
+                       return sid1->sub_auths[i] - sid2->sub_auths[i];
+
+       return dom_sid_compare_auth(sid1, sid2);
+}
+
 /*****************************************************************
  Convert a string to a SID. Returns True on success, False on fail.
 *****************************************************************/

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index e89253554e81251faf60616cd56dea2427f3b9fd..ac8669d725688c412d79c7b34a29ec1e81a4f520 100644 (file)
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -26,6 +26,8 @@
 #include "librpc/gen_ndr/security.h"
 
 int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2);
+int dom_sid_compare_domain(const struct dom_sid *sid1,
+                          const struct dom_sid *sid2);
 bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2);
 bool dom_sid_parse(const char *sidstr, struct dom_sid *ret);
 struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr);