The branch, master has been updated via 102a70e s3-util: use shared dom_sid_dup. via 4dbd743 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. via 4006160 libcli: add dom_sid_compare_domain() from 62544c5 s3-build: only include smbldap.h where needed.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 102a70e809b262fca8ea09fbd4e2788511150006 Author: Günther Deschner <g...@samba.org> Date: Thu Aug 26 17:21:39 2010 +0200 s3-util: use shared dom_sid_dup. Guenther commit 4dbd743e467096624961533335afccadc67af0e6 Author: Günther Deschner <g...@samba.org> Date: Thu Aug 26 15:48:50 2010 +0200 s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions. Guenther commit 400616017974f057c8a2e817b62b90b1490d4129 Author: Günther Deschner <g...@samba.org> Date: Thu Aug 26 16:41:15 2010 +0200 libcli: add dom_sid_compare_domain() Guenther ----------------------------------------------------------------------- Summary of changes: libcli/security/dom_sid.c | 18 +++++ libcli/security/dom_sid.h | 2 + source3/auth/auth_util.c | 3 +- source3/auth/server_info.c | 15 ++-- source3/auth/token_util.c | 4 +- source3/groupdb/mapping_tdb.c | 9 ++- source3/include/proto.h | 4 - source3/lib/netapi/group.c | 5 +- source3/lib/netapi/localgroup.c | 5 +- source3/lib/netapi/user.c | 15 ++-- source3/lib/secdesc.c | 9 ++- source3/lib/util_nttoken.c | 3 +- source3/lib/util_sid.c | 111 ++------------------------------ source3/libnet/libnet_join.c | 7 +- source3/libnet/libnet_samsync.c | 3 +- source3/libnet/libnet_samsync_passdb.c | 3 +- source3/libsmb/libsmb_xattr.c | 7 +- source3/modules/vfs_afsacl.c | 18 +++--- source3/passdb/lookup_sid.c | 7 +- source3/passdb/machine_sid.c | 5 +- source3/passdb/pdb_get_set.c | 3 +- source3/passdb/pdb_interface.c | 3 +- source3/passdb/pdb_ldap.c | 9 ++- source3/passdb/pdb_smbpasswd.c | 3 +- source3/passdb/util_builtin.c | 3 +- source3/passdb/util_unixsids.c | 5 +- source3/passdb/util_wellknown.c | 5 +- source3/rpc_client/cli_lsarpc.c | 3 +- source3/rpc_server/srv_lsa_nt.c | 15 ++-- source3/rpc_server/srv_netlog_nt.c | 3 +- source3/rpc_server/srv_samr_nt.c | 7 +- source3/rpc_server/srv_spoolss_util.c | 3 +- source3/rpcclient/cmd_samr.c | 3 +- source3/smbd/posix_acls.c | 35 +++++----- source3/torture/torture.c | 2 +- source3/utils/net_rpc.c | 3 +- source3/utils/net_rpc_samsync.c | 7 +- source3/utils/profiles.c | 9 ++- source3/utils/sharesec.c | 7 +- source3/utils/smbcacls.c | 7 +- source3/winbindd/idmap_ad.c | 3 +- source3/winbindd/idmap_ldap.c | 3 +- source3/winbindd/wb_getgrsid.c | 3 +- source3/winbindd/winbindd_cache.c | 7 +- source3/winbindd/winbindd_rpc.c | 5 +- source3/winbindd/winbindd_util.c | 7 +- 46 files changed, 187 insertions(+), 229 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c index 93f8871..f94d952 100644 --- a/libcli/security/dom_sid.c +++ b/libcli/security/dom_sid.c @@ -98,6 +98,24 @@ bool sid_append_rid(struct dom_sid *sid, uint32_t rid) return false; } +/* + See if 2 SIDs are in the same domain + this just compares the leading sub-auths +*/ +int dom_sid_compare_domain(const struct dom_sid *sid1, + const struct dom_sid *sid2) +{ + int n, i; + + n = MIN(sid1->num_auths, sid2->num_auths); + + for (i = n-1; i >= 0; --i) + if (sid1->sub_auths[i] != sid2->sub_auths[i]) + return sid1->sub_auths[i] - sid2->sub_auths[i]; + + return dom_sid_compare_auth(sid1, sid2); +} + /***************************************************************** Convert a string to a SID. Returns True on success, False on fail. *****************************************************************/ diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h index e892535..ac8669d 100644 --- a/libcli/security/dom_sid.h +++ b/libcli/security/dom_sid.h @@ -26,6 +26,8 @@ #include "librpc/gen_ndr/security.h" int dom_sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2); +int dom_sid_compare_domain(const struct dom_sid *sid1, + const struct dom_sid *sid2); bool dom_sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); bool dom_sid_parse(const char *sidstr, struct dom_sid *ret); struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr); diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 5e3091c..8254520 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -26,6 +26,7 @@ #include "../libcli/auth/libcli_auth.h" #include "../lib/crypto/arcfour.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -664,7 +665,7 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, /* Domain sid */ sid_copy(&domain_sid, get_global_sam_sid()); - info3->base.domain_sid = sid_dup_talloc(mem_ctx, &domain_sid); + info3->base.domain_sid = dom_sid_dup(mem_ctx, &domain_sid); if (info3->base.domain_sid == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index e457bd4..690838d 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -20,6 +20,7 @@ #include "includes.h" #include "../lib/crypto/arcfour.h" #include "../librpc/gen_ndr/netlogon.h" +#include "../libcli/security/dom_sid.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -229,7 +230,7 @@ static NTSTATUS append_netr_SidAttr(TALLOC_CTX *mem_ctx, if (*sids == NULL) { return NT_STATUS_NO_MEMORY; } - (*sids)[t].sid = sid_dup_talloc(*sids, asid); + (*sids)[t].sid = dom_sid_dup(*sids, asid); if ((*sids)[t].sid == NULL) { return NT_STATUS_NO_MEMORY; } @@ -332,7 +333,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, /* check if this is a "Unix Users" domain user, * we need to handle it in a special way if that's the case */ - if (sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) { + if (dom_sid_compare_domain(user_sid, &global_sid_Unix_Users) == 0) { /* in info3 you can only set rids for the user and the * primary group, and the domain sid must be that of * the sam domain. @@ -358,7 +359,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, /* check if this is a "Unix Groups" domain group, * if so we need special handling */ - if (sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) { + if (dom_sid_compare_domain(group_sid, &global_sid_Unix_Groups) == 0) { /* in info3 you can only set rids for the user and the * primary group, and the domain sid must be that of * the sam domain. @@ -467,7 +468,7 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx, pdb_get_domain(samu)); RET_NOMEM(info3->base.domain.string); - info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid); + info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); RET_NOMEM(info3->base.domain_sid); info3->base.acct_flags = pdb_get_acct_ctrl(samu); @@ -547,7 +548,7 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, } if (orig->base.domain_sid) { - info3->base.domain_sid = sid_dup_talloc(info3, orig->base.domain_sid); + info3->base.domain_sid = dom_sid_dup(info3, orig->base.domain_sid); RET_NOMEM(info3->base.domain_sid); } @@ -557,7 +558,7 @@ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx, orig->sidcount); RET_NOMEM(info3->sids); for (i = 0; i < orig->sidcount; i++) { - info3->sids[i].sid = sid_dup_talloc(info3->sids, + info3->sids[i].sid = dom_sid_dup(info3->sids, orig->sids[i].sid); RET_NOMEM(info3->sids[i].sid); info3->sids[i].attributes = @@ -694,7 +695,7 @@ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx, RET_NOMEM(info3->base.domain.string); } - info3->base.domain_sid = sid_dup_talloc(info3, &domain_sid); + info3->base.domain_sid = dom_sid_dup(info3, &domain_sid); RET_NOMEM(info3->base.domain_sid); memcpy(info3->base.LMSessKey.key, info->lm_session_key, 8); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index bc7d998..4385dc4 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -27,7 +27,7 @@ #include "includes.h" #include "secrets.h" #include "memcache.h" - +#include "../libcli/security/dom_sid.h" #include "../librpc/gen_ndr/netlogon.h" /**************************************************************************** @@ -42,7 +42,7 @@ bool nt_token_check_sid ( const struct dom_sid *sid, const struct security_token return False; for ( i=0; i<token->num_sids; i++ ) { - if ( sid_equal( sid, &token->sids[i] ) ) + if ( dom_sid_equal( sid, &token->sids[i] ) ) return True; } diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index 140fd28..dab2520 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -23,6 +23,7 @@ #include "includes.h" #include "groupdb/mapping.h" #include "dbwrap.h" +#include "../libcli/security/dom_sid.h" static struct db_context *db; /* used for driver files */ @@ -340,7 +341,7 @@ static int collect_map(struct db_record *rec, void *private_data) } if ((state->domsid != NULL) && - (sid_compare_domain(state->domsid, &map.sid) != 0)) { + (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) { DEBUG(11,("enum_group_mapping: group %s is not in domain\n", sid_string_dbg(&map.sid))); return 0; @@ -455,7 +456,7 @@ static bool is_aliasmem(const struct dom_sid *alias, const struct dom_sid *membe return False; for (i=0; i<num; i++) { - if (sid_compare(alias, &sids[i]) == 0) { + if (dom_sid_compare(alias, &sids[i]) == 0) { TALLOC_FREE(sids); return True; } @@ -576,7 +577,7 @@ static int collect_aliasmem(struct db_record *rec, void *priv) if (!string_to_sid(&alias, alias_string)) continue; - if (sid_compare(state->alias, &alias) != 0) + if (dom_sid_compare(state->alias, &alias) != 0) continue; /* Ok, we found the alias we're looking for in the membership @@ -656,7 +657,7 @@ static NTSTATUS del_aliasmem(const struct dom_sid *alias, const struct dom_sid * } for (i=0; i<num; i++) { - if (sid_compare(&sids[i], alias) == 0) { + if (dom_sid_compare(&sids[i], alias) == 0) { found = True; break; } diff --git a/source3/include/proto.h b/source3/include/proto.h index 9902198..d19cea8 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1294,13 +1294,9 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid void sid_copy(struct dom_sid *dst, const struct dom_sid *src); bool sid_linearize(char *outbuf, size_t len, const struct dom_sid *sid); bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid); -int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2); -int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2); -bool sid_equal(const struct dom_sid *sid1, const struct dom_sid *sid2); bool non_mappable_sid(struct dom_sid *sid); char *sid_binstring(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); char *sid_binstring_hex(const struct dom_sid *sid); -struct dom_sid *sid_dup_talloc(TALLOC_CTX *ctx, const struct dom_sid *src); NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, struct dom_sid **sids, uint32_t *num); NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c index 53114b5..6a92695 100644 --- a/source3/lib/netapi/group.c +++ b/source3/lib/netapi/group.c @@ -25,6 +25,7 @@ #include "lib/netapi/libnetapi.h" #include "../librpc/gen_ndr/cli_samr.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" /**************************************************************** ****************************************************************/ @@ -603,7 +604,7 @@ static WERROR map_group_info_to_buffer(TALLOC_CTX *mem_ctx, info3.grpi3_name = info->name.string; info3.grpi3_comment = info->description.string; info3.grpi3_attributes = info->attributes; - info3.grpi3_group_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + info3.grpi3_group_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); *buffer = (uint8_t *)talloc_memdup(mem_ctx, &info3, sizeof(info3)); @@ -1086,7 +1087,7 @@ static WERROR convert_samr_disp_groups_to_GROUP_INFO_3_buffer(TALLOC_CTX *mem_ct groups->entries[i].account_name.string); g3[i].grpi3_comment = talloc_strdup(mem_ctx, groups->entries[i].description.string); - g3[i].grpi3_group_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + g3[i].grpi3_group_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); g3[i].grpi3_attributes = groups->entries[i].acct_flags; W_ERROR_HAVE_NO_MEMORY(g3[i].grpi3_name); } diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c index 69cf974..c9e1b72 100644 --- a/source3/lib/netapi/localgroup.c +++ b/source3/lib/netapi/localgroup.c @@ -27,6 +27,7 @@ #include "../librpc/gen_ndr/cli_lsa.h" #include "rpc_client/cli_lsarpc.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx, struct rpc_pipe_client *pipe_cli, @@ -1171,7 +1172,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (i=0; i < r->in.total_entries; i++) { bool already_member = false; for (k=0; k < current_sids.num_sids; k++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { already_member = true; break; @@ -1193,7 +1194,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx, for (k=0; k < current_sids.num_sids; k++) { bool keep_member = false; for (i=0; i < r->in.total_entries; i++) { - if (sid_equal(&member_sids[i], + if (dom_sid_equal(&member_sids[i], current_sids.sids[k].sid)) { keep_member = true; break; diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index 67a7443..de0fc7d 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -27,6 +27,7 @@ #include "rpc_client/init_samr.h" #include "../libds/common/flags.h" #include "rpc_client/init_lsa.h" +#include "../libcli/security/dom_sid.h" /**************************************************************** ****************************************************************/ @@ -705,12 +706,12 @@ static NTSTATUS libnetapi_samr_lookup_user(TALLOC_CTX *mem_ctx, for (i=0; i<rid_array->count; i++) { sid_compose(&sid, domain_sid, rid_array->rids[i].rid); - sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sid); + sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid); NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid); } sid_compose(&sid, domain_sid, rid); - sid_array.sids[i].sid = sid_dup_talloc(mem_ctx, &sid); + sid_array.sids[i].sid = dom_sid_dup(mem_ctx, &sid); NT_STATUS_HAVE_NO_MEMORY(sid_array.sids[i].sid); status = rpccli_samr_GetAliasMembership(pipe_cli, mem_ctx, @@ -923,7 +924,7 @@ static NTSTATUS info21_to_USER_INFO_4(TALLOC_CTX *mem_ctx, if (!sid_compose(&sid, domain_sid, i21->rid)) { return NT_STATUS_NO_MEMORY; } - i->usri4_user_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + i->usri4_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); i->usri4_primary_group_id = i21->primary_gid; i->usri4_profile = talloc_strdup(mem_ctx, i21->profile_path.string); i->usri4_home_dir_drive = talloc_strdup(mem_ctx, i21->home_drive.string); @@ -1024,7 +1025,7 @@ static NTSTATUS info21_to_USER_INFO_23(TALLOC_CTX *mem_ctx, if (!sid_compose(&sid, domain_sid, i21->rid)) { return NT_STATUS_NO_MEMORY; } - i->usri23_user_sid = (struct domsid *)sid_dup_talloc(mem_ctx, &sid); + i->usri23_user_sid = (struct domsid *)dom_sid_dup(mem_ctx, &sid); return NT_STATUS_OK; } @@ -2066,7 +2067,7 @@ static NTSTATUS query_USER_MODALS_INFO_2(TALLOC_CTX *mem_ctx, info2->usrmod2_domain_name = talloc_strdup(mem_ctx, dom_info5.domain_name.string); info2->usrmod2_domain_id = - (struct domsid *)sid_dup_talloc(mem_ctx, domain_sid); + (struct domsid *)dom_sid_dup(mem_ctx, domain_sid); NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_name); NT_STATUS_HAVE_NO_MEMORY(info2->usrmod2_domain_id); @@ -3334,7 +3335,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx, goto done; } - sid_array.sids[0].sid = sid_dup_talloc(ctx, &user_sid); + sid_array.sids[0].sid = dom_sid_dup(ctx, &user_sid); if (!sid_array.sids[0].sid) { werr = WERR_NOMEM; goto done; @@ -3348,7 +3349,7 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx, goto done; } - sid_array.sids[i+1].sid = sid_dup_talloc(ctx, &sid); + sid_array.sids[i+1].sid = dom_sid_dup(ctx, &sid); if (!sid_array.sids[i+1].sid) { werr = WERR_NOMEM; goto done; diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index b9ed955..1125681 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -22,6 +22,7 @@ #include "includes.h" #include "../librpc/gen_ndr/ndr_security.h" +#include "../libcli/security/dom_sid.h" #define ALL_SECURITY_INFORMATION (SECINFO_OWNER|SECINFO_GROUP|\ SECINFO_DACL|SECINFO_SACL|\ @@ -190,10 +191,10 @@ struct security_descriptor *make_sec_desc(TALLOC_CTX *ctx, dst->sacl = NULL; dst->dacl = NULL; - if(owner_sid && ((dst->owner_sid = sid_dup_talloc(dst,owner_sid)) == NULL)) + if(owner_sid && ((dst->owner_sid = dom_sid_dup(dst,owner_sid)) == NULL)) goto error_exit; - if(grp_sid && ((dst->group_sid = sid_dup_talloc(dst,grp_sid)) == NULL)) + if(grp_sid && ((dst->group_sid = dom_sid_dup(dst,grp_sid)) == NULL)) goto error_exit; if(sacl && ((dst->sacl = dup_sec_acl(dst, sacl)) == NULL)) @@ -607,10 +608,10 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } /* The CREATOR sids are special when inherited */ - if (sid_equal(ptrustee, &global_sid_Creator_Owner)) { + if (dom_sid_equal(ptrustee, &global_sid_Creator_Owner)) { creator = &global_sid_Creator_Owner; ptrustee = owner_sid; - } else if (sid_equal(ptrustee, &global_sid_Creator_Group)) { + } else if (dom_sid_equal(ptrustee, &global_sid_Creator_Group)) { creator = &global_sid_Creator_Group; ptrustee = group_sid; } diff --git a/source3/lib/util_nttoken.c b/source3/lib/util_nttoken.c index 3130ed8..680dd29 100644 --- a/source3/lib/util_nttoken.c +++ b/source3/lib/util_nttoken.c @@ -26,6 +26,7 @@ /* function(s) moved from auth/auth_util.c to minimize linker deps */ #include "includes.h" +#include "../libcli/security/dom_sid.h" /**************************************************************************** Duplicate a SID token. @@ -120,7 +121,7 @@ bool token_sid_in_ace(const struct security_token *token, const struct security_ size_t i; for (i = 0; i < token->num_sids; i++) { - if (sid_equal(&ace->trustee, &token->sids[i])) + if (dom_sid_equal(&ace->trustee, &token->sids[i])) return true; } diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index 92218ff..d75c8e2 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -244,7 +244,7 @@ bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid return False; } - if (sid_compare_domain(exp_dom_sid, sid)!=0){ + if (dom_sid_compare_domain(exp_dom_sid, sid)!=0){ *rid=(-1); return False; } @@ -308,84 +308,6 @@ bool sid_parse(const char *inbuf, size_t len, struct dom_sid *sid) } /***************************************************************** - Compare the auth portion of two sids. -*****************************************************************/ - -static int sid_compare_auth(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - if (sid1->sid_rev_num != sid2->sid_rev_num) - return sid1->sid_rev_num - sid2->sid_rev_num; - - for (i = 0; i < 6; i++) - if (sid1->id_auth[i] != sid2->id_auth[i]) - return sid1->id_auth[i] - sid2->id_auth[i]; - - return 0; -} - -/***************************************************************** - Compare two sids. -*****************************************************************/ - -int sid_compare(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int i; - - if (sid1 == sid2) - return 0; - if (!sid1) - return -1; - if (!sid2) - return 1; - - /* Compare most likely different rids, first: i.e start at end */ - if (sid1->num_auths != sid2->num_auths) - return sid1->num_auths - sid2->num_auths; - - for (i = sid1->num_auths-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -} - -/***************************************************************** - See if 2 SIDs are in the same domain - this just compares the leading sub-auths -*****************************************************************/ - -int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2) -{ - int n, i; - - n = MIN(sid1->num_auths, sid2->num_auths); - - for (i = n-1; i >= 0; --i) - if (sid1->sub_auths[i] != sid2->sub_auths[i]) - return sid1->sub_auths[i] - sid2->sub_auths[i]; - - return sid_compare_auth(sid1, sid2); -- Samba Shared Repository