diff options
author | Joseph Sutton <josephsutton@catalyst.net.nz> | 2022-12-16 12:08:41 +1300 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2023-02-08 00:03:39 +0000 |
commit | e20067c52d642123b7ed929c1e35a2c0d144b13c (patch) | |
tree | 7b0c97ed0ada07c40e068194fa9fb51217ffd241 /auth | |
parent | 5147f011d9b2b37dd46939d4b50d71d50a6776c1 (diff) | |
download | samba-e20067c52d642123b7ed929c1e35a2c0d144b13c.tar.gz |
auth: Make more liberal use of SID index constants
Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'auth')
-rw-r--r-- | auth/auth_log.c | 4 | ||||
-rw-r--r-- | auth/auth_sam_reply.c | 4 | ||||
-rw-r--r-- | auth/wbc_auth_util.c | 8 |
3 files changed, 8 insertions, 8 deletions
diff --git a/auth/auth_log.c b/auth/auth_log.c index dc1cea12390..787a9ec6b42 100644 --- a/auth/auth_log.c +++ b/auth/auth_log.c @@ -407,7 +407,7 @@ static void log_successful_authz_event_json( goto failure; } rc = json_add_sid( - &authorization, "sid", &session_info->security_token->sids[0]); + &authorization, "sid", &session_info->security_token->sids[PRIMARY_USER_SID_INDEX]); if (rc != 0) { goto failure; } @@ -758,7 +758,7 @@ static void log_successful_authz_event_human_readable( auth_type, log_escape(frame, session_info->info->domain_name), log_escape(frame, session_info->info->account_name), - dom_sid_str_buf(&session_info->security_token->sids[0], + dom_sid_str_buf(&session_info->security_token->sids[PRIMARY_USER_SID_INDEX], &sid_buf), ts, remote_str, diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c index 72edf0eed15..93a8c6e9bb0 100644 --- a/auth/auth_sam_reply.c +++ b/auth/auth_sam_reply.c @@ -371,7 +371,7 @@ NTSTATUS auth_convert_user_info_dc_saminfo6(TALLOC_CTX *mem_ctx, } /* We don't put the user and group SIDs in there */ - for (i=2; i<user_info_dc->num_sids; i++) { + for (i=REMAINING_SIDS_INDEX; i<user_info_dc->num_sids; i++) { struct auth_SidAttr *group_sid = &user_info_dc->sids[i]; bool belongs_in_base = is_base_sid(group_sid, sam6->base.domain_sid); if (belongs_in_base) { @@ -668,7 +668,7 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - user_info_dc->num_sids = 2; + user_info_dc->num_sids = PRIMARY_SIDS_COUNT; user_info_dc->sids = talloc_array(user_info_dc, struct auth_SidAttr, user_info_dc->num_sids + base->groups.count); NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids); diff --git a/auth/wbc_auth_util.c b/auth/wbc_auth_util.c index 311052c9108..83b22adc9d2 100644 --- a/auth/wbc_auth_util.c +++ b/auth/wbc_auth_util.c @@ -116,8 +116,8 @@ struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx, NTSTATUS status; bool ok; - memcpy(&user_sid, &info->sids[0].sid, sizeof(user_sid)); - memcpy(&group_sid, &info->sids[1].sid, sizeof(group_sid)); + memcpy(&user_sid, &info->sids[PRIMARY_USER_SID_INDEX].sid, sizeof(user_sid)); + memcpy(&group_sid, &info->sids[PRIMARY_GROUP_SID_INDEX].sid, sizeof(group_sid)); info6 = talloc_zero(mem_ctx, struct netr_SamInfo6); if (!info6) return NULL; @@ -196,7 +196,7 @@ struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx, status = wbcsids_to_samr_RidWithAttributeArray(info6, &info6->base.groups, &domain_sid, - &info->sids[1], + &info->sids[PRIMARY_GROUP_SID_INDEX], info->num_sids - 1); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(info6); @@ -204,7 +204,7 @@ struct netr_SamInfo6 *wbcAuthUserInfo_to_netr_SamInfo6(TALLOC_CTX *mem_ctx, } status = wbcsids_to_netr_SidAttrArray(&domain_sid, - &info->sids[1], + &info->sids[PRIMARY_GROUP_SID_INDEX], info->num_sids - 1, info6, &info6->sids, |