auth: Make more liberal use of SID index constants

Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

3 files changed, 8 insertions, 8 deletions

diff --git a/auth/auth_log.c b/auth/auth_log.c
index dc1cea12390..787a9ec6b42 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -407,7 +407,7 @@ static void log_successful_authz_event_json(
 		goto failure;
 	}
 	rc = json_add_sid(
-	    &authorization, "sid", &session_info->security_token->sids[0]);
+	    &authorization, "sid", &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]);
 	if (rc != 0) {
 		goto failure;
 	}
@@ -758,7 +758,7 @@ static void log_successful_authz_event_human_readable(
 		auth_type,
 		log_escape(frame, session_info->info->domain_name),
 		log_escape(frame, session_info->info->account_name),
-		dom_sid_str_buf(&session_info->security_token->sids[0],
+		dom_sid_str_buf(&session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
 				&sid_buf),
 		ts,
 		remote_str,
diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index 72edf0eed15..93a8c6e9bb0 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -371,7 +371,7 @@ NTSTATUS auth_convert_user_info_dc_saminfo6(TALLOC_CTX *mem_ctx,
 	}
 
 	/* We don't put the user and group SIDs in there */
-	for (i=2; i<user_info_dc->num_sids; i++) {
+	for (i=REMAINING_SIDS_INDEX; i<user_info_dc->num_sids; i++) {
 		struct auth_SidAttr *group_sid = &user_info_dc->sids[i];
 		bool belongs_in_base = is_base_sid(group_sid, sam6->base.domain_sid);
 		if (belongs_in_base) {
@@ -668,7 +668,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	user_info_dc->num_sids = 2;
+	user_info_dc->num_sids = PRIMARY_SIDS_COUNT;
 
 	user_info_dc->sids = talloc_array(user_info_dc, struct auth_SidAttr,  user_info_dc->num_sids + base->groups.count);
 	NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
diff --git a/auth/wbc_auth_util.c b/auth/wbc_auth_util.c
index 311052c9108..83b22adc9d2 100644
--- a/auth/wbc_auth_util.c
+++ b/auth/wbc_auth_util.c
@@ -116,8 +116,8 @@ struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	bool ok;
 
-	memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid));
-	memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid));
+	memcpy(&user_sid, &info->sids[PRIMARY_USER_SID_INDEX].sid, sizeof(user_sid));
+	memcpy(&group_sid, &info->sids[PRIMARY_GROUP_SID_INDEX].sid, sizeof(group_sid));
 
 	info6 = talloc_zero(mem_ctx, struct netr_SamInfo6);
 	if (!info6) return NULL;
@@ -196,7 +196,7 @@ struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx,
 	status = wbcsids_to_samr_RidWithAttributeArray(info6,
 						       &info6->base.groups,
 						       &domain_sid,
-						       &info->sids[1],
+						       &info->sids[PRIMARY_GROUP_SID_INDEX],
 						       info->num_sids - 1);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(info6);
@@ -204,7 +204,7 @@ struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx,
 	}
 
 	status = wbcsids_to_netr_SidAttrArray(&domain_sid,
-					      &info->sids[1],
+					      &info->sids[PRIMARY_GROUP_SID_INDEX],
 					      info->num_sids - 1,
 					      info6,
 					      &info6->sids,