23 files changed, 83 insertions, 171 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 7cab3df99e..a50a449815 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -26,11 +26,6 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Network;
-extern DOM_SID global_sid_Builtin_Guests;
-extern DOM_SID global_sid_Authenticated_Users;
-
 
 /****************************************************************************
  Create a UNIX user on demand.
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index d02c512054..6e9d9b8e6c 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -21,8 +21,6 @@
 
 #include "includes.h"
 
-extern DOM_SID global_sid_Builtin;
-
 static TDB_CONTEXT *tdb; /* used for driver files */
 
 #define DATABASE_VERSION_V1 1 /* native byte format. */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index d12459c2f9..80b2075651 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -287,6 +287,28 @@ typedef struct sid_info
 
 } DOM_SID;
 
+/* Some well-known SIDs */
+extern const DOM_SID global_sid_World_Domain;
+extern const DOM_SID global_sid_World;
+extern const DOM_SID global_sid_Creator_Owner_Domain;
+extern const DOM_SID global_sid_NT_Authority;
+extern const DOM_SID global_sid_System;
+extern const DOM_SID global_sid_NULL;
+extern const DOM_SID global_sid_Authenticated_Users;
+extern const DOM_SID global_sid_Network;
+extern const DOM_SID global_sid_Creator_Owner;
+extern const DOM_SID global_sid_Creator_Group;
+extern const DOM_SID global_sid_Anonymous;
+extern const DOM_SID global_sid_Builtin;
+extern const DOM_SID global_sid_Builtin_Administrators;
+extern const DOM_SID global_sid_Builtin_Users;
+extern const DOM_SID global_sid_Builtin_Guests;
+extern const DOM_SID global_sid_Builtin_Power_Users;
+extern const DOM_SID global_sid_Builtin_Account_Operators;
+extern const DOM_SID global_sid_Builtin_Server_Operators;
+extern const DOM_SID global_sid_Builtin_Print_Operators;
+extern const DOM_SID global_sid_Builtin_Backup_Operators;
+extern const DOM_SID global_sid_Builtin_Replicator;
 
 /*
  * The complete list of SIDS belonging to this user.
diff --git a/source3/lib/account_pol.c b/source3/lib/account_pol.c
index 72d6e77ddd..423dc1675a 100644
--- a/source3/lib/account_pol.c
+++ b/source3/lib/account_pol.c
@@ -24,14 +24,6 @@ static TDB_CONTEXT *tdb;
 
 #define DATABASE_VERSION 2
 
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin_Administrators;
-extern DOM_SID global_sid_Builtin_Account_Operators;
-extern DOM_SID global_sid_Builtin_Server_Operators;
-extern DOM_SID global_sid_Builtin_Print_Operators;
-extern DOM_SID global_sid_Builtin_Backup_Operators;
-
-
 /****************************************************************************
  Set default for a field if it is empty
 ****************************************************************************/
diff --git a/source3/lib/secace.c b/source3/lib/secace.c
index e44d9aa940..c550dcce31 100644
--- a/source3/lib/secace.c
+++ b/source3/lib/secace.c
@@ -57,7 +57,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src)
  Sets up a SEC_ACE structure.
 ********************************************************************/
 
-void init_sec_ace(SEC_ACE *t, DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
+void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, uint8 type, SEC_ACCESS mask, uint8 flag)
 {
 	t->type = type;
 	t->flags = flag;
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 686a4edf77..ace0aee866 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -179,7 +179,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
 ********************************************************************/
 
 SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type,
-			DOM_SID *owner_sid, DOM_SID *grp_sid,
+			const DOM_SID *owner_sid, const DOM_SID *grp_sid,
 			SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
 {
 	SEC_DESC *dst;
@@ -269,7 +269,7 @@ SEC_DESC *dup_sec_desc(TALLOC_CTX *ctx, const SEC_DESC *src)
  Creates a SEC_DESC structure with typical defaults.
 ********************************************************************/
 
-SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid,
+SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, const DOM_SID *owner_sid, const DOM_SID *grp_sid,
 				 SEC_ACL *dacl, size_t *sd_size)
 {
 	return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 362504e46b..73fc45c844 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -21,8 +21,6 @@
 
 #include "includes.h"
 
-extern DOM_SID global_sid_Builtin;
-extern DOM_SID global_sid_World;
 extern NT_USER_TOKEN anonymous_token;
 
 /*********************************************************************************
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index 00fb40cd73..1838da1313 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -28,29 +28,51 @@
  * Some useful sids
  */
 
-DOM_SID global_sid_World_Domain;	    	/* Everyone domain */
-DOM_SID global_sid_World;    				/* Everyone */
-DOM_SID global_sid_Creator_Owner_Domain;    /* Creator Owner domain */
-DOM_SID global_sid_NT_Authority;    		/* NT Authority */
-DOM_SID global_sid_System;    		/* System */
-DOM_SID global_sid_NULL;            		/* NULL sid */
-DOM_SID global_sid_Authenticated_Users;		/* All authenticated rids */
-DOM_SID global_sid_Network;			/* Network rids */
-
-DOM_SID global_sid_Creator_Owner;	/* Creator Owner */
-DOM_SID global_sid_Creator_Group;	/* Creator Group */
-DOM_SID global_sid_Anonymous;		/* Anonymous login */
-
-DOM_SID global_sid_Builtin; 			/* Local well-known domain */
-DOM_SID global_sid_Builtin_Administrators;	/* Builtin administrators */
-DOM_SID global_sid_Builtin_Users;		/* Builtin users */
-DOM_SID global_sid_Builtin_Guests;		/* Builtin guest users */
-DOM_SID global_sid_Builtin_Power_Users;		/* Builtin power users */
-DOM_SID global_sid_Builtin_Account_Operators;	/* Builtin account operators */
-DOM_SID global_sid_Builtin_Server_Operators;	/* Builtin server operators */
-DOM_SID global_sid_Builtin_Print_Operators;	/* Builtin print operators */
-DOM_SID global_sid_Builtin_Backup_Operators;	/* Builtin backup operators */
-DOM_SID global_sid_Builtin_Replicator;		/* Builtin replicator */
+
+const DOM_SID global_sid_World_Domain =               /* Everyone domain */
+{ 1, 0, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_World =                      /* Everyone */
+{ 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Creator_Owner_Domain =       /* Creator Owner domain */
+{ 1, 0, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_NT_Authority =    		/* NT Authority */
+{ 1, 0, {0,0,0,0,0,5}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_System =			/* System */
+{ 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_NULL =            		/* NULL sid */
+{ 1, 1, {0,0,0,0,0,0}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Authenticated_Users =	/* All authenticated rids */
+{ 1, 1, {0,0,0,0,0,5}, {11,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Network =			/* Network rids */
+{ 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+
+const DOM_SID global_sid_Creator_Owner =		/* Creator Owner */
+{ 1, 1, {0,0,0,0,0,3}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Creator_Group =		/* Creator Group */
+{ 1, 1, {0,0,0,0,0,3}, {1,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Anonymous =			/* Anonymous login */
+{ 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+
+const DOM_SID global_sid_Builtin = 			/* Local well-known domain */
+{ 1, 1, {0,0,0,0,0,5}, {32,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Administrators =	/* Builtin administrators */
+{ 1, 2, {0,0,0,0,0,5}, {32,544,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Users =		/* Builtin users */
+{ 1, 2, {0,0,0,0,0,5}, {32,545,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Guests =		/* Builtin guest users */
+{ 1, 2, {0,0,0,0,0,5}, {32,546,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Power_Users =	/* Builtin power users */
+{ 1, 2, {0,0,0,0,0,5}, {32,547,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Account_Operators =	/* Builtin account operators */
+{ 1, 2, {0,0,0,0,0,5}, {32,548,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Server_Operators =	/* Builtin server operators */
+{ 1, 2, {0,0,0,0,0,5}, {32,549,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Print_Operators =	/* Builtin print operators */
+{ 1, 2, {0,0,0,0,0,5}, {32,550,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Backup_Operators =	/* Builtin backup operators */
+{ 1, 2, {0,0,0,0,0,5}, {32,551,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const DOM_SID global_sid_Builtin_Replicator =		/* Builtin replicator */
+{ 1, 2, {0,0,0,0,0,5}, {32,552,0,0,0,0,0,0,0,0,0,0,0,0,0}};
 
 #define SECURITY_NULL_SID_AUTHORITY    0
 #define SECURITY_WORLD_SID_AUTHORITY   1
@@ -62,18 +84,15 @@ DOM_SID global_sid_Builtin_Replicator;		/* Builtin replicator */
  * An NT compatible anonymous token.
  */
 
-static DOM_SID anon_sid_array[3];
-
-NT_USER_TOKEN anonymous_token = {
-	3,
-	anon_sid_array
-};
+static DOM_SID anon_sid_array[3] =
+{ { 1, 1, {0,0,0,0,0,1}, {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
+  { 1, 1, {0,0,0,0,0,5}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}},
+  { 1, 1, {0,0,0,0,0,5}, {7,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
+NT_USER_TOKEN anonymous_token = { 3, anon_sid_array, SE_NONE };
 
-static DOM_SID system_sid_array[4];
-NT_USER_TOKEN system_token = {
-	1,
-	system_sid_array
-};
+static DOM_SID system_sid_array[1] =
+{ { 1, 1, {0,0,0,0,0,5}, {18,0,0,0,0,0,0,0,0,0,0,0,0,0,0}} };
+NT_USER_TOKEN system_token = { 1, system_sid_array, SE_ALL_PRIVS };
 
 /****************************************************************************
  Lookup string names for SID types.
@@ -111,66 +130,12 @@ const char *sid_type_lookup(uint32 sid_type)
 	return "SID *TYPE* is INVALID";
 }
 
-/****************************************************************************
- Creates some useful well known sids
-****************************************************************************/
-
-void generate_wellknown_sids(void)
-{
-	static BOOL initialised = False;
-
-	if (initialised) 
-		return;
-
-	/* SECURITY_NULL_SID_AUTHORITY */
-	string_to_sid(&global_sid_NULL, "S-1-0-0");
-
-	/* SECURITY_WORLD_SID_AUTHORITY */
-	string_to_sid(&global_sid_World_Domain, "S-1-1");
-	string_to_sid(&global_sid_World, "S-1-1-0");
-
-	/* SECURITY_CREATOR_SID_AUTHORITY */
-	string_to_sid(&global_sid_Creator_Owner_Domain, "S-1-3");
-	string_to_sid(&global_sid_Creator_Owner, "S-1-3-0");
-	string_to_sid(&global_sid_Creator_Group, "S-1-3-1");
-
-	/* SECURITY_NT_AUTHORITY */
-	string_to_sid(&global_sid_NT_Authority, "S-1-5");
-	string_to_sid(&global_sid_Network, "S-1-5-2");
-	string_to_sid(&global_sid_Anonymous, "S-1-5-7");
-	string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11");
-	string_to_sid(&global_sid_System, "S-1-5-18");
-
-	/* SECURITY_BUILTIN_DOMAIN_RID */
-	string_to_sid(&global_sid_Builtin, "S-1-5-32");
-	string_to_sid(&global_sid_Builtin_Administrators, "S-1-5-32-544");
-	string_to_sid(&global_sid_Builtin_Users, "S-1-5-32-545");
-	string_to_sid(&global_sid_Builtin_Guests, "S-1-5-32-546");
-	string_to_sid(&global_sid_Builtin_Power_Users, "S-1-5-32-547");
-	string_to_sid(&global_sid_Builtin_Account_Operators, "S-1-5-32-548");
-	string_to_sid(&global_sid_Builtin_Server_Operators, "S-1-5-32-549");
-	string_to_sid(&global_sid_Builtin_Print_Operators, "S-1-5-32-550");
-	string_to_sid(&global_sid_Builtin_Backup_Operators, "S-1-5-32-551");
-	string_to_sid(&global_sid_Builtin_Replicator, "S-1-5-32-552");
-
-	/* Create the anon token. */
-	sid_copy( &anonymous_token.user_sids[0], &global_sid_World);
-	sid_copy( &anonymous_token.user_sids[1], &global_sid_Network);
-	sid_copy( &anonymous_token.user_sids[2], &global_sid_Anonymous);
-
-	/* Create the system token. */
-	sid_copy( &system_token.user_sids[0], &global_sid_System);
-	
-	initialised = True;
-}
-
 /**************************************************************************
  Create the SYSTEM token.
 ***************************************************************************/
 
 NT_USER_TOKEN *get_system_token(void) 
 {
-	generate_wellknown_sids(); /* The token is initialised here */
 	return &system_token;
 }
 
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 3a920c1134..5e08c0853e 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -28,8 +28,6 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
 
-extern DOM_SID global_sid_NULL;            		/* NULL sid */
-
 NSS_STATUS winbindd_request(int req_type,
                                  struct winbindd_request *request,
                                  struct winbindd_response *response);
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 6f4a0a2753..6840dd9187 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -898,8 +898,6 @@ int main(int argc, char **argv)
 		idmap_proxyonly();
 	}
 
-	generate_wellknown_sids();
-
 	/* Unblock all signals we are interested in as they may have been
 	   blocked by the parent process. */
 
diff --git a/source3/nsswitch/winbindd_util.c b/source3/nsswitch/winbindd_util.c
index b9fb49ea7f..686caf19f3 100644
--- a/source3/nsswitch/winbindd_util.c
+++ b/source3/nsswitch/winbindd_util.c
@@ -24,7 +24,6 @@
 #include "includes.h"
 #include "winbindd.h"
 
-extern DOM_SID global_sid_Builtin;
 extern struct winbindd_methods cache_methods;
 extern struct winbindd_methods passdb_methods;
 
@@ -105,7 +104,7 @@ static BOOL is_internal_domain(const DOM_SID *sid)
 /* Add a trusted domain to our list of domains */
 static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
 						  struct winbindd_methods *methods,
-						  DOM_SID *sid)
+						  const DOM_SID *sid)
 {
 	struct winbindd_domain *domain;
 	const char *alternative_name = NULL;
diff --git a/source3/passdb/machine_sid.c b/source3/passdb/machine_sid.c
index ae0b16273f..ecc7d291f6 100644
--- a/source3/passdb/machine_sid.c
+++ b/source3/passdb/machine_sid.c
@@ -86,8 +86,6 @@ static DOM_SID *pdb_generate_sam_sid(void)
 	if(!(sam_sid=SMB_MALLOC_P(DOM_SID)))
 		return NULL;
 			
-	generate_wellknown_sids();
-
 	switch (lp_server_role()) {
 	case ROLE_DOMAIN_PDC:
 	case ROLE_DOMAIN_BDC:
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 090621666f..3899949058 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -45,8 +45,6 @@
 
 #include "includes.h"
 
-extern DOM_SID global_sid_NULL;
-
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_PASSDB
 
diff --git a/source3/passdb/util_sam_sid.c b/source3/passdb/util_sam_sid.c
index 1fddfc7925..a9e1921e0d 100644
--- a/source3/passdb/util_sam_sid.c
+++ b/source3/passdb/util_sam_sid.c
@@ -32,17 +32,11 @@ typedef struct _known_sid_users {
 
 static struct sid_name_map_info
 {
-	DOM_SID *sid;
+	const DOM_SID *sid;
 	const char *name;
 	const known_sid_users *known_users;
 } sid_name_map[MAX_SID_NAMES];
 
-extern DOM_SID global_sid_Builtin; 				/* Local well-known domain */
-extern DOM_SID global_sid_World_Domain;	    	/* Everyone domain */
-extern DOM_SID global_sid_Creator_Owner_Domain;    /* Creator Owner domain */
-extern DOM_SID global_sid_NT_Authority;    		/* NT Authority */
-
-
 static BOOL sid_name_map_initialized = False;
 /* static known_sid_users no_users[] = {{0, 0, NULL}}; */
 
@@ -99,8 +93,6 @@ static void init_sid_name_map (void)
 	
 	if (sid_name_map_initialized) return;
 
-	generate_wellknown_sids();
-
 	if ((lp_security() == SEC_USER) && lp_domain_logons()) {
 		sid_name_map[i].sid = get_global_sam_sid();
 		/* This is not lp_workgroup() for good reason:
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 97d01d43a5..40d815cead 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -23,7 +23,6 @@
 #include "includes.h"
 
 extern struct current_user current_user;
-extern DOM_SID global_sid_World;
 
 static TDB_CONTEXT *tdb_forms; /* used for forms files */
 static TDB_CONTEXT *tdb_drivers; /* used for driver files */
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index f5f22d8cc0..5e949f0e63 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -33,8 +33,6 @@
 #define DBGC_CLASS DBGC_RPC_SRV
 
 extern PRIVS privs[];
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin;
 
 struct lsa_info {
 	DOM_SID sid;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 24ff6f1f2c..2384ddb9d3 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -39,9 +39,6 @@
 		  SA_RIGHT_USER_CHANGE_PASSWORD	| \
 		  SA_RIGHT_USER_SET_LOC_COM )
 
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin;
-
 extern rid_name domain_group_rids[];
 extern rid_name domain_alias_rids[];
 extern rid_name builtin_alias_rids[];
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index d806dcdc5a..b5768a09af 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -24,7 +24,6 @@
 
 #include "includes.h"
 
-extern DOM_SID global_sid_World;
 extern struct generic_mapping file_generic_mapping;
 
 #undef DBGC_CLASS
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index 910ccbb7fa..53019dc1b2 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -575,9 +575,6 @@ static NTSTATUS cmd_samr_query_useraliases(struct cli_state *cli,
 	int 			i;
 	fstring			server;
 	DOM_SID2	       *sid2;
-	DOM_SID global_sid_Builtin;
-
-	string_to_sid(&global_sid_Builtin, "S-1-5-32");
 
 	if (argc < 3) {
 		printf("Usage: %s builtin|domain sid1 sid2 ...\n", argv[0]);
@@ -869,11 +866,8 @@ static NTSTATUS cmd_samr_enum_als_groups(struct cli_state *cli,
 	uint32 start_idx, size, num_als_groups, i;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 	struct acct_info *als_groups;
-	DOM_SID global_sid_Builtin;
 	BOOL got_connect_pol = False, got_domain_pol = False;
 
-	string_to_sid(&global_sid_Builtin, "S-1-5-32");
-
 	if ((argc < 2) || (argc > 3)) {
 		printf("Usage: %s builtin|domain [access mask]\n", argv[0]);
 		return NT_STATUS_OK;
@@ -951,9 +945,6 @@ static NTSTATUS cmd_samr_query_aliasmem(struct cli_state *cli,
 	uint32 alias_rid, num_members, i;
 	uint32 access_mask = MAXIMUM_ALLOWED_ACCESS;
 	DOM_SID *alias_sids;
-	DOM_SID global_sid_Builtin;
-	
-	string_to_sid(&global_sid_Builtin, "S-1-5-32");
 
 	if ((argc < 3) || (argc > 4)) {
 		printf("Usage: %s builtin|domain rid [access mask]\n", argv[0]);
@@ -1364,9 +1355,6 @@ static NTSTATUS cmd_samr_lookup_names(struct cli_state *cli,
 	uint32 num_rids, num_names, *name_types, *rids;
 	const char **names;
 	int i;
-	DOM_SID global_sid_Builtin;
-
-	string_to_sid(&global_sid_Builtin, "S-1-5-32");
 
 	if (argc < 3) {
 		printf("Usage: %s  domain|builtin name1 [name2 [name3] [...]]\n", argv[0]);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 69b83fe3da..4dffe870c5 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -21,7 +21,6 @@
 
 #include "includes.h"
 
-extern DOM_SID global_sid_World;
 extern int max_send;
 extern enum protocol_types Protocol;
 extern int smb_read_error;
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 31135f0907..e0d98f4b89 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -22,11 +22,6 @@
 #include "includes.h"
 
 extern struct current_user current_user;
-extern DOM_SID global_sid_Creator_Owner;
-extern DOM_SID global_sid_Creator_Group;
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin_Administrators;
-extern DOM_SID global_sid_Builtin_Users;
 extern struct generic_mapping file_generic_mapping;
 
 #undef  DBGC_CLASS
@@ -1045,8 +1040,8 @@ static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
 
 static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
 							files_struct *fsp,
-							DOM_SID *pfile_owner_sid,
-							DOM_SID *pfile_grp_sid,
+							const DOM_SID *pfile_owner_sid,
+							const DOM_SID *pfile_grp_sid,
 							SMB_STRUCT_STAT *pst,
 							BOOL setting_acl)
 {
@@ -2063,7 +2058,7 @@ static void arrange_posix_perms( char *filename, canon_ace **pp_list_head)
 ****************************************************************************/
 
 static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_STRUCT_STAT *psbuf,
-					DOM_SID *powner, DOM_SID *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
+					const DOM_SID *powner, const DOM_SID *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
 {
 	connection_struct *conn = fsp->conn;
 	mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index ca9470c865..6e884c24df 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -1909,7 +1909,6 @@ rpc_group_list_internals(const DOM_SID *domain_sid, const char *domain_name,
 	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	uint32 start_idx=0, max_entries=250, num_entries, i, loop_count = 0;
 	struct acct_info *groups;
-	DOM_SID global_sid_Builtin;
 	BOOL global = False;
 	BOOL local = False;
 	BOOL builtin = False;
@@ -1931,8 +1930,6 @@ rpc_group_list_internals(const DOM_SID *domain_sid, const char *domain_name,
 			builtin = True;
 	}
 
-	string_to_sid(&global_sid_Builtin, "S-1-5-32");
-
 	/* Get sam policy handle */
 	
 	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
@@ -3278,7 +3275,6 @@ rpc_aliaslist_internals(const DOM_SID *domain_sid, const char *domain_name,
 {
 	NTSTATUS result;
 	POLICY_HND connect_pol;
-	DOM_SID global_sid_Builtin;
 
 	result = cli_samr_connect(cli, mem_ctx, MAXIMUM_ALLOWED_ACCESS, 
 				  &connect_pol);
@@ -3286,8 +3282,6 @@ rpc_aliaslist_internals(const DOM_SID *domain_sid, const char *domain_name,
 	if (!NT_STATUS_IS_OK(result))
 		goto done;
 	
-	string_to_sid(&global_sid_Builtin, "S-1-5-32");
-
 	result = rpc_fetch_domain_aliases(cli, mem_ctx, &connect_pol,
 					  &global_sid_Builtin);
 
@@ -3304,14 +3298,6 @@ rpc_aliaslist_internals(const DOM_SID *domain_sid, const char *domain_name,
 
 static void init_user_token(NT_USER_TOKEN *token, DOM_SID *user_sid)
 {
-	DOM_SID global_sid_World;
-	DOM_SID global_sid_Network;
-	DOM_SID global_sid_Authenticated_Users;
-
-	string_to_sid(&global_sid_World, "S-1-1-0");
-	string_to_sid(&global_sid_Network, "S-1-5-2");
-	string_to_sid(&global_sid_Authenticated_Users, "S-1-5-11");
-
 	token->num_sids = 4;
 
 	token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4);
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 3ddfc5c9d9..fa38004fe6 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -24,8 +24,6 @@
 #include "includes.h"
 #include "utils/net.h"
 
-extern DOM_SID global_sid_Builtin; 
-
 static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g)
 {
 	int i;