From 5a09eaf01aca6fb650973deca4f0142f26be9934 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 18 Apr 2023 12:09:45 +0200
Subject: [PATCH] rpc: Add global_sid_Samba_NPA_Flags SID

This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ebbb93cc7a57a118b82b8f383d25f1eb022397d6)
---
 libcli/security/dom_sid.h  |  3 +++
 libcli/security/util_sid.c |  7 +++++++
 source3/include/proto.h    |  2 ++
 source3/lib/util_sid.c     | 19 +++++++++++++++++++
 4 files changed, 31 insertions(+)

diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index 568916a159d..65d8adc7195 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -66,6 +66,9 @@ extern const struct dom_sid global_sid_Unix_NFS_Mode;
 extern const struct dom_sid global_sid_Unix_NFS_Other;
 extern const struct dom_sid global_sid_Samba_SMB3;
 
+extern const struct dom_sid global_sid_Samba_NPA_Flags;
+#define SAMBA_NPA_FLAGS_NEED_IDLE 1
+
 enum lsa_SidType;
 
 NTSTATUS dom_sid_lookup_predefined_name(const char *name,
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 242d7dd9dd1..a0b77751b78 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -162,6 +162,13 @@ const struct dom_sid global_sid_Unix_NFS_Other =		/* Unix other, MS NFS and Appl
 const struct dom_sid global_sid_Samba_SMB3 =
 {1, 1, {0,0,0,0,0,22}, {1397571891, }};
 
+const struct dom_sid global_sid_Samba_NPA_Flags = {1,
+						   1,
+						   {0, 0, 0, 0, 0, 22},
+						   {
+							   2041152804,
+						   }};
+
 /* Unused, left here for documentary purposes */
 #if 0
 #define SECURITY_NULL_SID_AUTHORITY    0
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ae2a9533f23..a4ab57e84f3 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -437,6 +437,8 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 			      struct dom_sid **user_sids,
 			      uint32_t *num_user_sids,
 			      bool include_user_group_rid);
+bool security_token_find_npa_flags(const struct security_token *token,
+				   uint32_t *_flags);
 
 /* The following definitions come from lib/util_sock.c  */
 
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 75918b440a3..16312d27ee6 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -173,3 +173,22 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx,
 
 	return NT_STATUS_OK;
 }
+
+bool security_token_find_npa_flags(const struct security_token *token,
+				   uint32_t *_flags)
+{
+	const struct dom_sid *npa_flags_sid = NULL;
+	size_t num_npa_sids;
+
+	num_npa_sids =
+		security_token_count_flag_sids(token,
+					       &global_sid_Samba_NPA_Flags,
+					       1,
+					       &npa_flags_sid);
+	if (num_npa_sids != 1) {
+		return false;
+	}
+
+	sid_peek_rid(npa_flags_sid, _flags);
+	return true;
+}