libcli/security: add a function that checks for MS NFS ACEs

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 8304b208528bcce55946aa827d687a9daa31665b..a75942c077069fb3fcfd7f77f33e975d5686ab14 100644 (file)
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -595,3 +595,25 @@ struct security_ace *security_ace_create(TALLOC_CTX *mem_ctx,
 
        return ace;
 }
+
+/*******************************************************************
+ Check for MS NFS ACEs in a sd
+*******************************************************************/
+bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd)
+{
+       int i;
+
+       if (psd->dacl == NULL) {
+               return false;
+       }
+
+       for (i = 0; i < psd->dacl->num_aces; i++) {
+               if (dom_sid_compare_domain(
+                           &global_sid_Unix_NFS,
+                           &psd->dacl->aces[i].trustee) == 0) {
+                       return true;
+               }
+       }
+
+       return false;
+}

diff --git a/libcli/security/security_descriptor.h b/libcli/security/security_descriptor.h
index 1c7f893ead8d29f55a4e0c702d04e6cf1053a5cc..87643bc945af989652f87b3cda742af74d518a26 100644 (file)
--- a/libcli/security/security_descriptor.h
+++ b/libcli/security/security_descriptor.h
@@ -81,4 +81,6 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
                                                       struct dom_sid *default_group, /* valid only for DS, NULL for the other RSs */
                                                       uint32_t (*generic_map)(uint32_t access_mask));
 
+bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd);
+
 #endif /* __SECURITY_DESCRIPTOR_H__ */