Manually marshall dom_sid, so we can use a fixed size array for

dom_sid.sub_auths rather than a dynamically allocated one.

This makes it possible to use the same DCE/RPC object code for Samba 3
and Samba 4's DCE/RPC parsers and allows copying sids more easily
(since they no longer contain any pointers). The cost of having additional
manual marshalling code is limited (~35 additional lines of C code).

3 files changed, 1 insertions, 37 deletions

diff --git a/source4/libcli/security/dom_sid.c b/source4/libcli/security/dom_sid.c
index 1a7519e362..d8a83f2abb 100644
--- a/source4/libcli/security/dom_sid.c
+++ b/source4/libcli/security/dom_sid.c
@@ -122,11 +122,6 @@ struct dom_sid *dom_sid_parse_talloc(TALLOC_CTX *mem_ctx, const char *sidstr)
 		return NULL;
 	}
 
-	ret->sub_auths = talloc_array(ret, uint32_t, num_sub_auths);
-	if (!ret->sub_auths) {
-		return NULL;
-	}
-
 	ret->sid_rev_num = rev;
 	ret->id_auth[0] = 0;
 	ret->id_auth[1] = 0;
@@ -183,11 +178,6 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
 		return NULL;
 	}
 
-	ret->sub_auths = talloc_array(ret, uint32_t, dom_sid->num_auths);
-	if (!ret->sub_auths) {
-		return NULL;
-	}
-
 	ret->sid_rev_num = dom_sid->sid_rev_num;
 	ret->id_auth[0] = dom_sid->id_auth[0];
 	ret->id_auth[1] = dom_sid->id_auth[1];
@@ -206,7 +196,7 @@ struct dom_sid *dom_sid_dup(TALLOC_CTX *mem_ctx, const struct dom_sid *dom_sid)
 
 /*
   add a rid to a domain dom_sid to make a full dom_sid. This function
-  returns a new sid in the suppplied memory context
+  returns a new sid in the supplied memory context
 */
 struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx, 
 				const struct dom_sid *domain_sid, 
@@ -219,11 +209,6 @@ struct dom_sid *dom_sid_add_rid(TALLOC_CTX *mem_ctx,
 
 	*sid = *domain_sid;
 
-	sid->sub_auths = talloc_array(sid, uint32_t, sid->num_auths+1);
-	if (!sid->sub_auths) {
-		return NULL;
-	}
-	memcpy(sid->sub_auths, domain_sid->sub_auths, sid->num_auths*sizeof(uint32_t));
 	sid->sub_auths[sid->num_auths] = rid;
 	sid->num_auths++;
 
diff --git a/source4/libcli/security/sddl.c b/source4/libcli/security/sddl.c
index 09522f182a..a8d893f085 100644
--- a/source4/libcli/security/sddl.c
+++ b/source4/libcli/security/sddl.c
@@ -249,7 +249,6 @@ static bool sddl_decode_ace(TALLOC_CTX *mem_ctx, struct security_ace *ace, char
 		return false;
 	}
 	ace->trustee = *sid;
-	talloc_steal(mem_ctx, sid->sub_auths);
 	talloc_free(sid);
 
 	return true;
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c
index 882284dd9b..2bce8e8b08 100644
--- a/source4/libcli/security/security_descriptor.c
+++ b/source4/libcli/security/security_descriptor.c
@@ -65,18 +65,6 @@ static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx,
 		goto failed;
 	}
 
-	/* remapping array in trustee dom_sid from old acl to new acl */
-
-	for (i = 0; i < oacl->num_aces; i++) {
-		nacl->aces[i].trustee.sub_auths = 
-			(uint32_t *)talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths,
-				      sizeof(uint32_t) * nacl->aces[i].trustee.num_auths);
-
-		if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) {
-			goto failed;
-		}
-	}
-
 	nacl->revision = oacl->revision;
 	nacl->size = oacl->size;
 	nacl->num_aces = oacl->num_aces;
@@ -175,14 +163,6 @@ static NTSTATUS security_descriptor_acl_add(struct security_descriptor *sd,
 	}
 
 	acl->aces[acl->num_aces] = *ace;
-	acl->aces[acl->num_aces].trustee.sub_auths =
-		(uint32_t *)talloc_memdup(acl->aces,
-			      acl->aces[acl->num_aces].trustee.sub_auths,
-			      sizeof(uint32_t) *
-			      acl->aces[acl->num_aces].trustee.num_auths);
-	if (acl->aces[acl->num_aces].trustee.sub_auths == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
 
 	switch (acl->aces[acl->num_aces].type) {
 	case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: