s4:security Remove use of user_sid and group_sid from struct security_token

This makes the structure more like Samba3's NT_USER_TOKEN

2 files changed, 7 insertions, 8 deletions

diff --git a/source4/libcli/security/create_descriptor.c b/source4/libcli/security/create_descriptor.c
index d64de2fe22..cb52d6502e 100644
--- a/source4/libcli/security/create_descriptor.c
+++ b/source4/libcli/security/create_descriptor.c
@@ -367,7 +367,7 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
 		if ((inherit_flags & SEC_OWNER_FROM_PARENT) && parent_sd) {
 			new_owner = parent_sd->owner_sid;
 		} else if (!default_owner) {
-			new_owner = token->user_sid;
+			new_owner = token->sids[PRIMARY_USER_SID_INDEX];
 		} else {
 			new_owner = default_owner;
 			new_sd->type |= SEC_DESC_OWNER_DEFAULTED;
@@ -379,8 +379,11 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
 	if (!creator_sd || !creator_sd->group_sid){
 		if ((inherit_flags & SEC_GROUP_FROM_PARENT) && parent_sd) {
 			new_group = parent_sd->group_sid;
+		} else if (!default_group && token->sids[PRIMARY_GROUP_SID_INDEX]) {
+			new_group = token->sids[PRIMARY_GROUP_SID_INDEX];
 		} else if (!default_group) {
-			new_group = token->group_sid;
+			/* This will happen only for anonymous, which has no other groups */
+			new_group = token->sids[PRIMARY_USER_SID_INDEX];
 		} else {
 			new_group = default_group;
 			new_sd->type |= SEC_DESC_GROUP_DEFAULTED;
diff --git a/source4/libcli/security/security_token.c b/source4/libcli/security/security_token.c
index 7cfb566b91..f9be977a26 100644
--- a/source4/libcli/security/security_token.c
+++ b/source4/libcli/security/security_token.c
@@ -36,8 +36,6 @@ struct security_token *security_token_initialise(TALLOC_CTX *mem_ctx)
 		return NULL;
 	}
 
-	st->user_sid = NULL;
-	st->group_sid = NULL;
 	st->num_sids = 0;
 	st->sids = NULL;
 	st->privilege_mask = 0;
@@ -63,9 +61,7 @@ void security_token_debug(int dbg_lev, const struct security_token *token)
 		return;
 	}
 
-	DEBUG(dbg_lev, ("Security token of user %s\n",
-				    dom_sid_string(mem_ctx, token->user_sid) ));
-	DEBUGADD(dbg_lev, (" SIDs (%lu):\n", 
+	DEBUG(dbg_lev, ("Security token SIDs (%lu):\n", 
 				       (unsigned long)token->num_sids));
 	for (i = 0; i < token->num_sids; i++) {
 		DEBUGADD(dbg_lev, ("  SID[%3lu]: %s\n", (unsigned long)i, 
@@ -81,7 +77,7 @@ void security_token_debug(int dbg_lev, const struct security_token *token)
 
 bool security_token_is_sid(const struct security_token *token, const struct dom_sid *sid)
 {
-	if (dom_sid_equal(token->user_sid, sid)) {
+	if (token->sids && dom_sid_equal(token->sids[PRIMARY_USER_SID_INDEX], sid)) {
 		return true;
 	}
 	return false;