s4-auth Remove special case for account_sid from auth_serversupplied_info

This makes everything reference a server_info->sids list, which is now
a struct dom_sid *, not a struct dom_sid **.  This is in keeping with
the other sid lists in the security_token etc.

In the process, I also tidy up the talloc tree (move more structures
under their logical parents) and check for some possible overflows in
situations with a pathological number of sids.

Andrew Bartlett

3 files changed, 12 insertions, 21 deletions

diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index 96491d62c9..6384d98986 100644
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -68,15 +68,11 @@ static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
 	server_info = talloc(mem_ctx, struct auth_serversupplied_info);
 	NT_STATUS_HAVE_NO_MEMORY(server_info);
 
-	server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
-	NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
-
-	/* is this correct? */
-	server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS);
-	NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
-
-	server_info->n_domain_groups = 0;
-	server_info->domain_groups = NULL;
+	/* This returns a pointer to a struct dom_sid, which is the
+	 * same as a 1 element list of struct dom_sid */
+	server_info->num_sids = 1;
+	server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
+	NT_STATUS_HAVE_NO_MEMORY(server_info->sids);
 
 	/* annoying, but the Anonymous really does have a session key, 
 	   and it is all zeros! */
diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c
index 898e2cce67..8e9e73c43d 100644
--- a/source4/auth/ntlm/auth_server.c
+++ b/source4/auth/ntlm/auth_server.c
@@ -159,15 +159,12 @@ static NTSTATUS server_check_password(struct auth_method_context *ctx,
 	server_info = talloc(mem_ctx, struct auth_serversupplied_info);
 	NT_STATUS_HAVE_NO_MEMORY(server_info);
 
-	server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
-	NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
+	server_info->num_sids = 1;
 
-	/* is this correct? */
-	server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS);
-	NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
-
-	server_info->n_domain_groups = 0;
-	server_info->domain_groups = NULL;
+	/* This returns a pointer to a struct dom_sid, which is the
+	 * same as a 1 element list of struct dom_sid */
+	server_info->sids = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
+	NT_STATUS_HAVE_NO_MEMORY(server_info->sids);
 
 	/* annoying, but the Anonymous really does have a session key, 
 	   and it is all zeros! */
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index 1c026f6990..ba37e0a95e 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -65,10 +65,8 @@ static NTSTATUS authunix_make_server_info(TALLOC_CTX *mem_ctx,
 		NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
 
 		/* This isn't in any way correct.. */
-		server_info->account_sid = NULL;
-		server_info->primary_group_sid = NULL;
-		server_info->n_domain_groups = 0;
-		server_info->domain_groups = NULL;
+		server_info->num_sids = 0;
+		server_info->sids = NULL;
 	}
 	server_info->user_session_key = data_blob(NULL,0);
 	server_info->lm_session_key = data_blob(NULL,0);