From 6cf29b3e4f3880882eb7df45dbcfaf7bd2b8d9f4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 20 Aug 2010 12:15:15 +1000
Subject: s4:security Change struct security_token->sids from struct dom_sid *
 to struct dom_sid

This makes the structure much more like NT_USER_TOKEN in the source3/
code.  (The remaining changes are that privilages still need to be merged)

Andrew Bartlett
---
 source4/dsdb/samdb/ldb_modules/acl.c         |  2 +-
 source4/dsdb/samdb/ldb_modules/operational.c |  2 +-
 source4/dsdb/samdb/ldb_modules/rootdse.c     |  2 +-
 source4/dsdb/samdb/samdb.c                   | 47 +++++++++++++---------------
 source4/dsdb/samdb/samdb_privilege.c         |  2 +-
 5 files changed, 26 insertions(+), 29 deletions(-)

(limited to 'source4/dsdb/samdb')

diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 55d252b100..826884f811 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -710,7 +710,7 @@ static int acl_check_self_membership(TALLOC_CTX *mem_ctx,
 	}
 	/* if we are adding/deleting ourselves, check for self membership */
 	ret = dsdb_find_dn_by_sid(ldb, mem_ctx, 
-				  acl_user_token(module)->sids[PRIMARY_USER_SID_INDEX], 
+				  &acl_user_token(module)->sids[PRIMARY_USER_SID_INDEX], 
 				  &user_dn);
 	if (ret != LDB_SUCCESS) {
 		return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index c1da400b8d..56fb272e2a 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -181,7 +181,7 @@ static int construct_token_groups(struct ldb_module *module,
 	for (i = 1; i < session_info->security_token->num_sids; i++) {
 		ret = samdb_msg_add_dom_sid(ldb, msg, msg,
 					    "tokenGroups",
-					    session_info->security_token->sids[i]);
+					    &session_info->security_token->sids[i]);
 		if (ret != LDB_SUCCESS) {
 			talloc_free(tmp_ctx);
 			return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index 3e5a94673f..0949b83b43 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -392,7 +392,7 @@ static int rootdse_add_dynamic(struct ldb_module *module, struct ldb_message *ms
 			for (i = 0; i < session_info->security_token->num_sids; i++) {
 				if (samdb_msg_add_dom_sid(ldb, msg, msg,
 							  "tokenGroups",
-							  session_info->security_token->sids[i]) != 0) {
+							  &session_info->security_token->sids[i]) != 0) {
 					goto failed;
 				}
 			}
diff --git a/source4/dsdb/samdb/samdb.c b/source4/dsdb/samdb/samdb.c
index 0a2d5c3c7c..ddcd0d2d12 100644
--- a/source4/dsdb/samdb/samdb.c
+++ b/source4/dsdb/samdb/samdb.c
@@ -159,17 +159,17 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
 
 	ptoken->privilege_mask = 0;
 
-	ptoken->sids = talloc_array(ptoken, struct dom_sid *, n_groupSIDs + 6 /* over-allocate */);
+	ptoken->sids = talloc_array(ptoken, struct dom_sid, n_groupSIDs + 6 /* over-allocate */);
 	NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
 	ptoken->num_sids = 1;
 
-	ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid *, ptoken->num_sids + 1);
+	ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid, ptoken->num_sids + 1);
 	NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
-	ptoken->sids[PRIMARY_USER_SID_INDEX] = talloc_reference(ptoken, user_sid);
+	ptoken->sids[PRIMARY_USER_SID_INDEX] = *user_sid;
 	if (!dom_sid_equal(user_sid, group_sid)) {
-		ptoken->sids[PRIMARY_GROUP_SID_INDEX] = talloc_reference(ptoken, group_sid);
+		ptoken->sids[PRIMARY_GROUP_SID_INDEX] = *group_sid;
 		ptoken->num_sids++;
 	}
 
@@ -180,38 +180,37 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
 	 */
 
 	if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
-		ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid *, ptoken->num_sids + 1);
+		ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid, ptoken->num_sids + 2);
 		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
-		ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_WORLD);
-		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+		if (!dom_sid_parse(SID_WORLD, &ptoken->sids[ptoken->num_sids])) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 		ptoken->num_sids++;
 
-		ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid *, ptoken->num_sids + 1);
-		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
-
-		ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_NT_NETWORK);
-		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+		if (!dom_sid_parse(SID_NT_NETWORK, &ptoken->sids[ptoken->num_sids])) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 		ptoken->num_sids++;
-
-
 	}
 
 	if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
-		ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid *, ptoken->num_sids + 1);
+		ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid, ptoken->num_sids + 1);
 		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
-		ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_NT_AUTHENTICATED_USERS);
-		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+		if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &ptoken->sids[ptoken->num_sids])) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 		ptoken->num_sids++;
 	}
 
 	if (session_info_flags & AUTH_SESSION_INFO_ENTERPRISE_DC) {
-		ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid *, ptoken->num_sids + 1);
+		ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid, ptoken->num_sids + 1);
 		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
-		ptoken->sids[ptoken->num_sids] = dom_sid_parse_talloc(ptoken->sids, SID_NT_ENTERPRISE_DCS);
-		NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+		if (!dom_sid_parse(SID_NT_ENTERPRISE_DCS, &ptoken->sids[ptoken->num_sids])) {
+			return NT_STATUS_INTERNAL_ERROR;
+		}
 		ptoken->num_sids++;
 	}
 
@@ -220,19 +219,17 @@ NTSTATUS security_token_create(TALLOC_CTX *mem_ctx,
 		for (check_sid_idx = 1; 
 		     check_sid_idx < ptoken->num_sids; 
 		     check_sid_idx++) {
-			if (dom_sid_equal(ptoken->sids[check_sid_idx], groupSIDs[i])) {
+			if (dom_sid_equal(&ptoken->sids[check_sid_idx], groupSIDs[i])) {
 				break;
 			}
 		}
 
 		if (check_sid_idx == ptoken->num_sids) {
-			ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid *, ptoken->num_sids + 1);
+			ptoken->sids = talloc_realloc(ptoken, ptoken->sids, struct dom_sid, ptoken->num_sids + 1);
 			NT_STATUS_HAVE_NO_MEMORY(ptoken->sids);
 
-			ptoken->sids[ptoken->num_sids] = talloc_reference(ptoken->sids, groupSIDs[i]);
-			NT_STATUS_HAVE_NO_MEMORY(ptoken->sids[ptoken->num_sids]);
+			ptoken->sids[ptoken->num_sids] = *groupSIDs[i];
 			ptoken->num_sids++;
-
 		}
 	}
 
diff --git a/source4/dsdb/samdb/samdb_privilege.c b/source4/dsdb/samdb/samdb_privilege.c
index 38e5a33831..fd74133e2f 100644
--- a/source4/dsdb/samdb/samdb_privilege.c
+++ b/source4/dsdb/samdb/samdb_privilege.c
@@ -119,7 +119,7 @@ NTSTATUS samdb_privilege_setup(struct tevent_context *ev_ctx,
 	
 	for (i=0;i<token->num_sids;i++) {
 		status = samdb_privilege_setup_sid(pdb, mem_ctx,
-						   token, token->sids[i]);
+						   token, &token->sids[i]);
 		if (!NT_STATUS_IS_OK(status)) {
 			talloc_free(mem_ctx);
 			return status;
-- 
cgit