r924: got rid of the global well-known SIDs, instead using const defines in misc.idl

(This used to be commit ce7920a5fac0dbccb01402129c341b410a032e60)

4 files changed, 40 insertions, 101 deletions

diff --git a/source4/auth/auth_util.c b/source4/auth/auth_util.c
index d5d75e6aa5..8a10a33b0c 100644
--- a/source4/auth/auth_util.c
+++ b/source4/auth/auth_util.c
@@ -26,16 +26,9 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
-extern struct dom_sid *global_sid_World;
-extern struct dom_sid *global_sid_Anonymous;
-extern struct dom_sid *global_sid_Network;
-extern struct dom_sid *global_sid_Builtin_Guests;
-extern struct dom_sid *global_sid_Authenticated_Users;
-
 /****************************************************************************
  Create an auth_usersupplied_data structure
 ****************************************************************************/
-
 static NTSTATUS make_user_info(auth_usersupplied_info **user_info, 
                                const char *smb_name, 
                                const char *internal_username,
@@ -459,15 +452,14 @@ NTSTATUS create_nt_user_token(TALLOC_CTX *mem_ctx,
 	 * The only difference between guest and "anonymous" (which we
 	 * don't really support) is the addition of Authenticated_Users.
 	 */
-
-	ptoken->user_sids[2] = global_sid_World;
-	ptoken->user_sids[3] = global_sid_Network;
+	ptoken->user_sids[2] = dom_sid_parse_talloc(mem_ctx, SID_WORLD);
+	ptoken->user_sids[3] = dom_sid_parse_talloc(mem_ctx, SID_NETWORK);
 
 	if (is_guest) {
-		ptoken->user_sids[4] = global_sid_Builtin_Guests;
+		ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_BUILTIN_GUESTS);
 		ptoken->num_sids++;
 	} else {
-		ptoken->user_sids[4] = global_sid_Authenticated_Users;
+		ptoken->user_sids[4] = dom_sid_parse_talloc(mem_ctx, SID_AUTHENTICATED_USERS);
 		ptoken->num_sids++;
 	}
 
@@ -516,11 +508,12 @@ NTSTATUS make_server_info(auth_serversupplied_info **server_info, const char *us
 /***************************************************************************
  Make (and fill) a user_info struct for a guest login.
 ***************************************************************************/
-
 NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
 {
 	NTSTATUS nt_status;
 	static const char zeros[16];
+	struct dom_sid *sid_Anonymous;
+	struct dom_sid *sid_Builtin_Guests;
 
 	nt_status = make_server_info(server_info, "");
 
@@ -529,9 +522,12 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
 	}
 	
 	(*server_info)->guest = True;
+
+	sid_Anonymous = dom_sid_parse_talloc((*server_info)->mem_ctx, SID_ANONYMOUS);
+	sid_Builtin_Guests = dom_sid_parse_talloc((*server_info)->mem_ctx, SID_BUILTIN_GUESTS);
 	
 	if (!NT_STATUS_IS_OK(nt_status = create_nt_user_token((*server_info)->mem_ctx, 
-							      global_sid_Anonymous, global_sid_Builtin_Guests,
+							      sid_Anonymous, sid_Builtin_Guests,
 							      0, NULL, 
 							      True, &(*server_info)->ptok))) {
 		DEBUG(1,("check_sam_security: create_nt_user_token failed with '%s'\n", nt_errstr(nt_status)));
diff --git a/source4/lib/util_sid.c b/source4/lib/util_sid.c
index c370beed5f..6eb19b59e6 100644
--- a/source4/lib/util_sid.c
+++ b/source4/lib/util_sid.c
@@ -24,40 +24,6 @@
 
 #include "includes.h"
 
-/*
- * Some useful sids
- */
-
-struct dom_sid *global_sid_World_Domain;	    	/* Everyone domain */
-struct dom_sid *global_sid_World;    				/* Everyone */
-struct dom_sid *global_sid_Creator_Owner_Domain;    /* Creator Owner domain */
-struct dom_sid *global_sid_NT_Authority;    		/* NT Authority */
-struct dom_sid *global_sid_System;    		/* System */
-struct dom_sid *global_sid_NULL;            		/* NULL sid */
-struct dom_sid *global_sid_Authenticated_Users;		/* All authenticated rids */
-struct dom_sid *global_sid_Network;			/* Network rids */
-
-struct dom_sid *global_sid_Creator_Owner;	/* Creator Owner */
-struct dom_sid *global_sid_Creator_Group;	/* Creator Group */
-struct dom_sid *global_sid_Anonymous;		/* Anonymous login */
-
-struct dom_sid *global_sid_Builtin; 			/* Local well-known domain */
-struct dom_sid *global_sid_Builtin_Administrators;	/* Builtin administrators */
-struct dom_sid *global_sid_Builtin_Users;		/* Builtin users */
-struct dom_sid *global_sid_Builtin_Guests;		/* Builtin guest users */
-struct dom_sid *global_sid_Builtin_Power_Users;		/* Builtin power users */
-struct dom_sid *global_sid_Builtin_Account_Operators;	/* Builtin account operators */
-struct dom_sid *global_sid_Builtin_Server_Operators;	/* Builtin server operators */
-struct dom_sid *global_sid_Builtin_Print_Operators;	/* Builtin print operators */
-struct dom_sid *global_sid_Builtin_Backup_Operators;	/* Builtin backup operators */
-struct dom_sid *global_sid_Builtin_Replicator;		/* Builtin replicator */
-
-#define SECURITY_NULL_SID_AUTHORITY    0
-#define SECURITY_WORLD_SID_AUTHORITY   1
-#define SECURITY_LOCAL_SID_AUTHORITY   2
-#define SECURITY_CREATOR_SID_AUTHORITY 3
-#define SECURITY_NT_AUTHORITY          5
-
 /****************************************************************************
  Lookup string names for SID types.
 ****************************************************************************/
@@ -93,60 +59,9 @@ const char *sid_type_lookup(uint32_t sid_type)
 	return "SID *TYPE* is INVALID";
 }
 
-/****************************************************************************
- Creates some useful well known sids
-****************************************************************************/
-
-void generate_wellknown_sids(void)
-{
-	static BOOL initialised = False;
-	static TALLOC_CTX *mem_ctx;
-
-	if (initialised) 
-		return;
-
-	mem_ctx = talloc_init("Well known groups, global static context");
-	if (!mem_ctx)
-		return;
-
-	/* SECURITY_NULL_SID_AUTHORITY */
-	global_sid_NULL = dom_sid_parse_talloc(mem_ctx, "S-1-0-0");
-
-	/* SECURITY_WORLD_SID_AUTHORITY */
-	global_sid_World_Domain = dom_sid_parse_talloc(mem_ctx, "S-1-1");
-	global_sid_World = dom_sid_parse_talloc(mem_ctx, "S-1-1-0");
-
-	/* SECURITY_CREATOR_SID_AUTHORITY */
-	global_sid_Creator_Owner_Domain = dom_sid_parse_talloc(mem_ctx, "S-1-3");
-	global_sid_Creator_Owner = dom_sid_parse_talloc(mem_ctx, "S-1-3-0");
-	global_sid_Creator_Group = dom_sid_parse_talloc(mem_ctx, "S-1-3-1");
-
-	/* SECURITY_NT_AUTHORITY */
-	global_sid_NT_Authority = dom_sid_parse_talloc(mem_ctx, "S-1-5");
-	global_sid_Network = dom_sid_parse_talloc(mem_ctx, "S-1-5-2");
-	global_sid_Anonymous = dom_sid_parse_talloc(mem_ctx, "S-1-5-7");
-	global_sid_Authenticated_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-11");
-	global_sid_System = dom_sid_parse_talloc(mem_ctx, "S-1-5-18");
-
-	/* SECURITY_BUILTIN_DOMAIN_RID */
-	global_sid_Builtin = dom_sid_parse_talloc(mem_ctx, "S-1-5-32");
-	global_sid_Builtin_Administrators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-544");
-	global_sid_Builtin_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-545");
-	global_sid_Builtin_Guests = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-546");
-	global_sid_Builtin_Power_Users = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-547");
-	global_sid_Builtin_Account_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-548");
-	global_sid_Builtin_Server_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-549");
-	global_sid_Builtin_Print_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-550");
-	global_sid_Builtin_Backup_Operators = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-551");
-	global_sid_Builtin_Replicator = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-552");
-
-	initialised = True;
-}
-
 /*****************************************************************
  Return the last rid from the end of a sid
 *****************************************************************/  
-
 BOOL sid_peek_rid(const struct dom_sid *sid, uint32_t *rid)
 {
 	if (!sid || !rid)
diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl
index 551803fa8e..c5e0b06a23 100644
--- a/source4/librpc/idl/misc.idl
+++ b/source4/librpc/idl/misc.idl
@@ -7,6 +7,36 @@
 [] 
 interface misc
 {
+	/* a NULL sid */
+	const string SID_NULL = "S-1-0-0";
+
+	/* the world domain */
+	const string SID_WORLD_DOMAIN = "S-1-1";
+	const string SID_WORLD        = "S-1-1-0";
+
+	/* SECURITY_CREATOR_SID_AUTHORITY */
+	const string SID_CREATOR_OWNER_DOMAIN = "S-1-3";
+	const string SID_CREATOR_OWNER        = "S-1-3-0";
+	const string SID_CREATOR_GROUP        = "S-1-3-1";
+
+	/* SECURITY_NT_AUTHORITY */
+	const string SID_NT_AUTHORITY        = "S-1-5";
+	const string SID_NETWORK             = "S-1-5-2";
+	const string SID_ANONYMOUS           = "S-1-5-7";
+	const string SID_AUTHENTICATED_USERS = "S-1-5-11";
+	const string SID_SYSTEM              = "S-1-5-18";
+
+	/* SECURITY_BUILTIN_DOMAIN_RID */
+	const string SID_BUILTIN                   = "S-1-5-32";
+	const string SID_BUILTIN_ADMINISTRATORS    = "S-1-5-32-544";
+	const string SID_BUILTIN_USERS             = "S-1-5-32-545";
+	const string SID_BUILTIN_GUESTS            = "S-1-5-32-546";
+	const string SID_BUILTIN_POWER_USERS       = "S-1-5-32-547";
+	const string SID_BUILTIN_ACCOUNT_OPERATORS = "S-1-5-32-548";
+	const string SID_BUILTIN_SERVER_OPERATORS  = "S-1-5-32-549";
+	const string SID_BUILTIN_PRINT_OPERATORS   = "S-1-5-32-550";
+	const string SID_BUILTIN_BACKUP_OPERATORS  = "S-1-5-32-551";
+	const string SID_BUILTIN_REPLICATOR        = "S-1-5-32-552";
 
 	typedef [public,noprint] struct {
 		uint32 time_low;
diff --git a/source4/smbd/process.c b/source4/smbd/process.c
index 8a79daeaf8..232c7c2e88 100644
--- a/source4/smbd/process.c
+++ b/source4/smbd/process.c
@@ -28,8 +28,6 @@ void smbd_process_init(void)
 {
 	TALLOC_CTX *mem_ctx;
 
-	generate_wellknown_sids();
-	
 	mem_ctx = talloc_init("smbd_process_init talloc");
 	if (!mem_ctx) {
 		DEBUG(0,("smbd_process_init: ERROR: No memory\n"));