};
char *netbios_encoded = NULL;
char *dns_encoded = NULL;
- struct dom_sid *tmp_sid1;
- struct dom_sid *tmp_sid2;
- uint32_t tmp_rid;
char *sid_encoded = NULL;
int ret;
struct trustAuthInOutBlob taiob;
* We expect S-1-5-21-A-B-C, but we don't
* allow S-1-5-21-0-0-0 as this is used
* for claims and compound identities.
- *
- * So we call dom_sid_split_rid() 3 times
- * and compare the result to S-1-5-21
*/
- status = dom_sid_split_rid(tmp_ctx,
- &td->security_identifier,
- &tmp_sid1, &tmp_rid);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
- status = dom_sid_split_rid(tmp_ctx, tmp_sid1, &tmp_sid2, &tmp_rid);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
- status = dom_sid_split_rid(tmp_ctx, tmp_sid2, &tmp_sid1, &tmp_rid);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
- ok = dom_sid_parse("S-1-5-21", tmp_sid2);
- if (!ok) {
- status = NT_STATUS_INTERNAL_ERROR;
- goto out;
- }
- ok = dom_sid_equal(tmp_sid1, tmp_sid2);
- if (!ok) {
- status = NT_STATUS_INVALID_PARAMETER;
- goto out;
- }
- ok = dom_sid_parse("S-1-5-21-0-0-0", tmp_sid2);
- if (!ok) {
- return NT_STATUS_INTERNAL_ERROR;
- }
- ok = !dom_sid_equal(&td->security_identifier, tmp_sid2);
+ ok = dom_sid_is_valid_account_domain(&td->security_identifier);
if (!ok) {
status = NT_STATUS_INVALID_PARAMETER;
goto out;