ipasam: Replace sid_peek_check_rid()

1 files changed, 17 insertions, 1 deletions

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index d666664a7..199c306a7 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -89,7 +89,6 @@ bool string_to_sid(struct dom_sid *sidout, const char *sidstr); /* available in
 char *sid_string_talloc(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); /* available in libsmbconf.so */
 char *sid_string_dbg(const struct dom_sid *sid); /* available in libsmbconf.so */
 bool trim_char(char *s,char cfront,char cback); /* available in libutil_str.so */
-bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid, const struct dom_sid *sid, uint32_t *rid); /* available in libsecurity.so */
 char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s); /* available in libsmbconf.so */
 extern const struct dom_sid global_sid_Builtin; /* available in libsecurity.so */
 bool secrets_store(const char *key, const void *data, size_t size); /* available in libpdb.so */
@@ -241,6 +240,23 @@ static int dom_sid_compare_domain(const struct dom_sid *sid1,
 	return 0;
 }
 
+static bool sid_peek_check_rid(const struct dom_sid *exp_dom_sid,
+			       const struct dom_sid *sid, uint32_t *rid)
+{
+	if((exp_dom_sid->num_auths + 1) != sid->num_auths ||
+	    sid->num_auths <= 0) {
+		return false;
+	}
+
+	if (dom_sid_compare_domain(exp_dom_sid, sid) != 0) {
+		return false;
+	}
+
+	*rid = sid->sub_auths[sid->num_auths - 1];
+
+	return true;
+}
+
 static bool strnequal(const char *s1, const char *s2, size_t n) {
 	if (s1 == s2) {
 		return true;