s3:auth remove unused structure member

sids are now completely handled using info3, remove dead code that fills
server info sids and the structure members themselves

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index ea95f33a86af9cab8f460916b3f065358d148202..c9ad507e8c7e6d517e485ad74664b5f5323af01b 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -29,34 +29,6 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
 
-/****************************************************************************
- Ensure primary group SID is always at position 0 in a 
- auth_serversupplied_info struct.
-****************************************************************************/
-
-static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result,
-                               const struct dom_sid *pgroup_sid)
-{
-       unsigned int i;
-
-       if (!result->sids) {
-               return;
-       }
-
-       if (sid_compare(&result->sids[0], pgroup_sid)==0) {
-               return;
-       }
-
-       for (i = 1; i < result->num_sids; i++) {
-               if (sid_compare(pgroup_sid,
-                               &result->sids[i]) == 0) {
-                       sid_copy(&result->sids[i], &result->sids[0]);
-                       sid_copy(&result->sids[0], pgroup_sid);
-                       return;
-               }
-       }
-}
-
 /****************************************************************************
  Create a UNIX user on demand.
 ****************************************************************************/
@@ -567,7 +539,6 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
 {
        NTSTATUS status;
        struct samu *sampass = NULL;
-       gid_t *gids;
        char *qualified_name = NULL;
        TALLOC_CTX *mem_ctx = NULL;
        struct dom_sid u_sid;
@@ -646,13 +617,13 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
                return status;
        }
 
+       TALLOC_FREE(sampass);
 
        result->unix_name = talloc_strdup(result, unix_username);
        result->sanitized_username = sanitize_username(result, unix_username);
 
        if ((result->unix_name == NULL)
            || (result->sanitized_username == NULL)) {
-               TALLOC_FREE(sampass);
                TALLOC_FREE(result);
                return NT_STATUS_NO_MEMORY;
        }
@@ -660,34 +631,6 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
        result->utok.uid = pwd->pw_uid;
        result->utok.gid = pwd->pw_gid;
 
-       status = pdb_enum_group_memberships(result, sampass,
-                                           &result->sids, &gids,
-                                           &result->num_sids);
-
-       if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
-                          nt_errstr(status)));
-               TALLOC_FREE(sampass);
-               TALLOC_FREE(result);
-               return status;
-       }
-
-       TALLOC_FREE(sampass);
-
-       /* FIXME: add to info3 too ? */
-       status = add_sid_to_array_unique(result, &u_sid,
-                                        &result->sids,
-                                        &result->num_sids);
-       if (!NT_STATUS_IS_OK(status)) {
-               TALLOC_FREE(result);
-               return status;
-       }
-
-       /* For now we throw away the gids and convert via sid_to_gid
-        * later. This needs fixing, but I'd like to get the code straight and
-        * simple first. */
-       TALLOC_FREE(gids);
-
        *server_info = result;
 
        return NT_STATUS_OK;
@@ -1189,23 +1132,6 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
        result->utok.uid = uid;
        result->utok.gid = gid;
 
-       /* Create a 'combined' list of all SIDs we might want in the SD */
-
-       result->num_sids = 0;
-       result->sids = NULL;
-
-       nt_status = sid_array_from_info3(result, info3,
-                                        &result->sids,
-                                        &result->num_sids,
-                                        false, false);
-       if (!NT_STATUS_IS_OK(nt_status)) {
-               TALLOC_FREE(result);
-               return nt_status;
-       }
-
-       /* Ensure the primary group sid is at position 0. */
-       sort_sid_array_for_smbd(result, &group_sid);
-
        /* ensure we are never given NULL session keys */
 
        if (memcmp(info3->base.key.key, zeros, sizeof(zeros)) == 0) {

diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
index 9072b6314a4b7b7a17f21e6d0aa22ab166e22ce0..7a33aab2a23f65db754c46acba38c5a1bdb816c8 100644 (file)
--- a/source3/auth/server_info_sam.c
+++ b/source3/auth/server_info_sam.c
@@ -61,7 +61,6 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
                              struct samu *sampass)
 {
        struct passwd *pwd;
-       gid_t *gids;
        struct auth_serversupplied_info *result;
        const char *username = pdb_get_username(sampass);
        NTSTATUS status;
@@ -100,16 +99,6 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
        }
 
        if (IS_DC && is_our_machine_account(username)) {
-               /*
-                * Ensure for a connection from our own
-                * machine account (from winbindd on a DC)
-                * there are no supplementary groups.
-                * Prevents loops in calling gid_to_sid().
-                */
-               result->sids = NULL;
-               gids = NULL;
-               result->num_sids = 0;
-
                /*
                 * This is a hack of monstrous proportions.
                 * If we know it's winbindd talking to us,
@@ -123,28 +112,9 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
                (void)winbind_off();
 
                DEBUG(10, ("make_server_info_sam: our machine account %s "
-                       "setting supplementary group list empty and "
-                       "turning off winbindd requests.\n",
-                       username));
-       } else {
-               status = pdb_enum_group_memberships(result, sampass,
-                                           &result->sids, &gids,
-                                           &result->num_sids);
-
-               if (!NT_STATUS_IS_OK(status)) {
-                       DEBUG(10, ("pdb_enum_group_memberships failed: %s\n",
-                                  nt_errstr(status)));
-                       TALLOC_FREE(result);
-                       return status;
-               }
+                          "turning off winbindd requests.\n", username));
        }
 
-       /* For now we throw away the gids and convert via sid_to_gid
-        * later. This needs fixing, but I'd like to get the code straight and
-        * simple first. */
-
-       TALLOC_FREE(gids);
-
        DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
                 pdb_get_username(sampass), result->unix_name));
 

diff --git a/source3/include/auth.h b/source3/include/auth.h
index 2e22ca70c5716ae6273f9f40033fe1f788ed4f8d..9e55eeec596391d50ca4810368250f7c1b8bb2cc 100644 (file)
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -49,10 +49,6 @@ struct auth_serversupplied_info {
        bool guest;
        bool system;
 
-       struct dom_sid *sids;   /* These SIDs are preliminary between
-                          check_ntlm_password and the token creation. */
-       size_t num_sids;
-
        struct unix_user_token utok;
 
        /* NT group information taken from the info3 structure */