pdb_samba_dsdb: make use of dom_sid_is_valid_account_domain()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 20 01:29:40 CET 2018 on sn-devel-144

diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c
index 4e55a15a0cc0cd4dd06df3e331d32bc8bbc7cc9a..05052a6636190fa6a1340b31c8ec3704c41c7d73 100644 (file)
--- a/source3/passdb/pdb_samba_dsdb.c
+++ b/source3/passdb/pdb_samba_dsdb.c
@@ -3280,9 +3280,6 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct pdb_methods *methods,
        };
        char *netbios_encoded = NULL;
        char *dns_encoded = NULL;
-       struct dom_sid *tmp_sid1;
-       struct dom_sid *tmp_sid2;
-       uint32_t tmp_rid;
        char *sid_encoded = NULL;
        int ret;
        struct trustAuthInOutBlob taiob;
@@ -3300,39 +3297,8 @@ static NTSTATUS pdb_samba_dsdb_set_trusted_domain(struct pdb_methods *methods,
         * We expect S-1-5-21-A-B-C, but we don't
         * allow S-1-5-21-0-0-0 as this is used
         * for claims and compound identities.
-        *
-        * So we call dom_sid_split_rid() 3 times
-        * and compare the result to S-1-5-21
         */
-       status = dom_sid_split_rid(tmp_ctx,
-                                  &td->security_identifier,
-                                  &tmp_sid1, &tmp_rid);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
-       status = dom_sid_split_rid(tmp_ctx, tmp_sid1, &tmp_sid2, &tmp_rid);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
-       status = dom_sid_split_rid(tmp_ctx, tmp_sid2, &tmp_sid1, &tmp_rid);
-       if (!NT_STATUS_IS_OK(status)) {
-               goto out;
-       }
-       ok = dom_sid_parse("S-1-5-21", tmp_sid2);
-       if (!ok) {
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto out;
-       }
-       ok = dom_sid_equal(tmp_sid1, tmp_sid2);
-       if (!ok) {
-               status = NT_STATUS_INVALID_PARAMETER;
-               goto out;
-       }
-       ok = dom_sid_parse("S-1-5-21-0-0-0", tmp_sid2);
-       if (!ok) {
-               return NT_STATUS_INTERNAL_ERROR;
-       }
-       ok = !dom_sid_equal(&td->security_identifier, tmp_sid2);
+       ok = dom_sid_is_valid_account_domain(&td->security_identifier);
        if (!ok) {
                status = NT_STATUS_INVALID_PARAMETER;
                goto out;