libcli/security: Add auth_SidAttr utility functions

These functions are modelled on add_sid_to_array() and
add_sid_to_array_unique(). They differ in that they operate not on an
array of dom_sid, but of auth_SidAttr, and take an additional 'attrs'
parameter of type uint32_t.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 75 insertions, 0 deletions

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 568916a159d..0f3b6b4a3b4 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -66,6 +66,7 @@ extern const struct dom_sid global_sid_Unix_NFS_Mode;
 extern const struct dom_sid global_sid_Unix_NFS_Other;
 extern const struct dom_sid global_sid_Samba_SMB3;
 
+struct auth_SidAttr;
 enum lsa_SidType;
 
 NTSTATUS dom_sid_lookup_predefined_name(const char *name,
@@ -122,6 +123,12 @@ NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
 			  struct dom_sid **sids, uint32_t *num);
 NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
 				 struct dom_sid **sids, uint32_t *num_sids);
+NTSTATUS add_sid_to_array_attrs(TALLOC_CTX *mem_ctx,
+				const struct dom_sid *sid, uint32_t attrs,
+				struct auth_SidAttr **sids, uint32_t *num);
+NTSTATUS add_sid_to_array_attrs_unique(TALLOC_CTX *mem_ctx,
+				       const struct dom_sid *sid, uint32_t attrs,
+				       struct auth_SidAttr **sids, uint32_t *num_sids);
 void del_sid_from_array(const struct dom_sid *sid, struct dom_sid **sids,
 			uint32_t *num);
 bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 242d7dd9dd1..bd5103659e1 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -27,6 +27,8 @@
 #include "../librpc/gen_ndr/ndr_security.h"
 #include "../librpc/gen_ndr/netlogon.h"
 #include "../libcli/security/security.h"
+#include "auth/auth.h"
+
 
 #undef strcasecmp
 #undef strncasecmp
@@ -383,6 +385,72 @@ NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
 	return add_sid_to_array(mem_ctx, sid, sids, num_sids);
 }
 
+/**
+ * Appends a SID and attribute to an array of auth_SidAttr.
+ *
+ * @param [in] mem_ctx	Talloc memory context on which to allocate the array.
+ * @param [in] sid	The SID to append.
+ * @param [in] attrs	SE_GROUP_* flags to go with the SID.
+ * @param [inout] sids	A pointer to the auth_SidAttr array.
+ * @param [inout] num	A pointer to the size of the auth_SidArray array.
+ * @returns NT_STATUS_OK on success.
+ */
+NTSTATUS add_sid_to_array_attrs(TALLOC_CTX *mem_ctx,
+				const struct dom_sid *sid, uint32_t attrs,
+				struct auth_SidAttr **sids, uint32_t *num)
+{
+	struct auth_SidAttr *tmp = NULL;
+
+	if ((*num) == UINT32_MAX) {
+		return NT_STATUS_INTEGER_OVERFLOW;
+	}
+
+	tmp = talloc_realloc(mem_ctx, *sids, struct auth_SidAttr, (*num)+1);
+	if (tmp == NULL) {
+		*num = 0;
+		return NT_STATUS_NO_MEMORY;
+	}
+	*sids = tmp;
+
+	sid_copy(&((*sids)[*num].sid), sid);
+	(*sids)[*num].attrs = attrs;
+	*num += 1;
+
+	return NT_STATUS_OK;
+}
+
+
+/**
+ * Appends a SID and attribute to an array of auth_SidAttr,
+ * ensuring that it is not already there.
+ *
+ * @param [in] mem_ctx	Talloc memory context on which to allocate the array.
+ * @param [in] sid	The SID to append.
+ * @param [in] attrs	SE_GROUP_* flags to go with the SID.
+ * @param [inout] sids	A pointer to the auth_SidAttr array.
+ * @param [inout] num	A pointer to the size of the auth_SidArray array.
+ * @returns NT_STATUS_OK on success.
+ */
+NTSTATUS add_sid_to_array_attrs_unique(TALLOC_CTX *mem_ctx,
+				       const struct dom_sid *sid, uint32_t attrs,
+				       struct auth_SidAttr **sids, uint32_t *num_sids)
+{
+	uint32_t i;
+
+	for (i=0; i<(*num_sids); i++) {
+		if (attrs != (*sids)[i].attrs) {
+			continue;
+		}
+		if (!dom_sid_equal(sid, &(*sids)[i].sid)) {
+			continue;
+		}
+
+		return NT_STATUS_OK;
+	}
+
+	return add_sid_to_array_attrs(mem_ctx, sid, attrs, sids, num_sids);
+}
+
 /********************************************************************
  Remove SID from an array
 ********************************************************************/