[Pkg-samba-maint] r3612 - in branches/samba/upstream: . lib/util/charset libcli/auth librpc/gen_ndr librpc/ndr nsswitch packaging/RHEL packaging/RHEL-CTDB pidl/lib/Parse/Pidl/Samba3 source3 source3/include source3/lib source3/lib/netapi source3/libads source3/libsmb source3/modules source3/printing source3/registry source3/rpc_client source3/rpc_server source3/rpcclient source3/smbd source3/utils source3/winbindd

bubulle at alioth.debian.org bubulle at alioth.debian.org
Sat Oct 9 20:34:03 UTC 2010


Author: bubulle
Date: 2010-10-09 20:33:58 +0000 (Sat, 09 Oct 2010)
New Revision: 3612

Modified:
   branches/samba/upstream/WHATSNEW.txt
   branches/samba/upstream/lib/util/charset/charset.h
   branches/samba/upstream/libcli/auth/credentials.c
   branches/samba/upstream/libcli/auth/proto.h
   branches/samba/upstream/librpc/gen_ndr/cli_epmapper.c
   branches/samba/upstream/librpc/gen_ndr/cli_ntsvcs.c
   branches/samba/upstream/librpc/gen_ndr/cli_winreg.c
   branches/samba/upstream/librpc/ndr/libndr.h
   branches/samba/upstream/librpc/ndr/uuid.c
   branches/samba/upstream/nsswitch/wb_common.c
   branches/samba/upstream/packaging/RHEL-CTDB/samba.spec
   branches/samba/upstream/packaging/RHEL/makerpms.sh
   branches/samba/upstream/packaging/RHEL/samba.spec
   branches/samba/upstream/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
   branches/samba/upstream/source3/Makefile.in
   branches/samba/upstream/source3/VERSION
   branches/samba/upstream/source3/configure
   branches/samba/upstream/source3/configure.in
   branches/samba/upstream/source3/include/config.h.in
   branches/samba/upstream/source3/include/proto.h
   branches/samba/upstream/source3/include/version.h
   branches/samba/upstream/source3/lib/netapi/cm.c
   branches/samba/upstream/source3/lib/netapi/netapi_private.h
   branches/samba/upstream/source3/lib/system.c
   branches/samba/upstream/source3/lib/tdb_validate.c
   branches/samba/upstream/source3/libads/sasl.c
   branches/samba/upstream/source3/libsmb/cliconnect.c
   branches/samba/upstream/source3/libsmb/clikrb5.c
   branches/samba/upstream/source3/libsmb/climessage.c
   branches/samba/upstream/source3/libsmb/clispnego.c
   branches/samba/upstream/source3/libsmb/nmblib.c
   branches/samba/upstream/source3/modules/vfs_acl_common.c
   branches/samba/upstream/source3/printing/load.c
   branches/samba/upstream/source3/printing/nt_printing.c
   branches/samba/upstream/source3/registry/reg_api.c
   branches/samba/upstream/source3/rpc_client/cli_pipe.c
   branches/samba/upstream/source3/rpc_client/init_spoolss.c
   branches/samba/upstream/source3/rpc_server/srv_pipe.c
   branches/samba/upstream/source3/rpc_server/srv_spoolss_nt.c
   branches/samba/upstream/source3/rpc_server/srv_winreg_nt.c
   branches/samba/upstream/source3/rpcclient/cmd_spoolss.c
   branches/samba/upstream/source3/rpcclient/rpcclient.c
   branches/samba/upstream/source3/smbd/fileio.c
   branches/samba/upstream/source3/smbd/notify.c
   branches/samba/upstream/source3/smbd/open.c
   branches/samba/upstream/source3/smbd/oplock.c
   branches/samba/upstream/source3/smbd/process.c
   branches/samba/upstream/source3/smbd/reply.c
   branches/samba/upstream/source3/smbd/sesssetup.c
   branches/samba/upstream/source3/smbd/trans2.c
   branches/samba/upstream/source3/utils/net_ads.c
   branches/samba/upstream/source3/utils/net_rpc_printer.c
   branches/samba/upstream/source3/utils/net_rpc_registry.c
   branches/samba/upstream/source3/utils/profiles.c
   branches/samba/upstream/source3/utils/smbfilter.c
   branches/samba/upstream/source3/winbindd/winbindd_cm.c
   branches/samba/upstream/source3/winbindd/winbindd_dual_srv.c
   branches/samba/upstream/source3/winbindd/winbindd_pam.c
Log:
Load samba-3.5.6 into branches/samba/upstream.

Modified: branches/samba/upstream/WHATSNEW.txt
===================================================================
--- branches/samba/upstream/WHATSNEW.txt	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/WHATSNEW.txt	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1,4 +1,103 @@
                    =============================
+                   Release Notes for Samba 3.5.6
+			  October 8, 2010
+                   =============================
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.6 include:
+
+  o Fix smbd panic on invalid NetBIOS session request (bug #7698).
+  o Fix smbd crash caused by "%D" in "printer admin" (bug #7541).
+  o Fix crash bug with invalid SPNEGO token (bug #7694).
+  o Fix Winbind internal error (bug #7636).
+
+
+Changes since 3.5.5
+-------------------
+
+
+o   Jeremy Allison <jra at samba.org>
+    * BUG 7577: Fix SPNEGO auth when contacting Win7 system using Microsoft Live
+      Sign-in Assistant.
+    * BUG 7578: Fix 'net idmap restore' setting HWM to avoid duplicates.
+    * BUG 7581: Fix "admin users" when using vfs_acl_xattr.
+    * BUG 7583: Fix smbclient to connect to Alfresco JLAN CIFS server using
+      Kerberos.
+    * BUG 7589: Fix using cached credentials in ntlm_auth.
+    * BUG 7590: Fix Winbind offline login.
+    * BUG 7617: Fix smbd coredump due to uninitialized variables in the
+      performance counter code.
+    * BUG 7636: Fix Winbind internal error.
+    * BUG 7651: Fix mknod and mkfifo failing with "No such file or
+      directory".
+    * BUG 7693: Fix smbd changing mode of files on rename.
+    * BUG 7694: Fix crash bug with invalid SPNEGO token.
+    * BUG 7698: Fix smbd panic on invalid NetBIOS session request.
+
+
+o   Günther Deschner <gd at samba.org>
+    * BUG 7541: Fix smbd crash caused by "%D" in "printer admin".
+    * BUG 7568: Make sure cm_connect_lsa_tcp does not reset the secure channel.
+    * BUG 7658: Fix "dereferencing type-punned pointer will break
+      strict-aliasing rules" warnings).
+    * BUG 7665: Fix memory leak in netapi connection manager.
+
+
+o   Björn Jacke <bj at sernet.de>
+    * BUG 7244: Fall back to cups-config for underlinked libs.
+    * BUG 7474: Fix build on platforms without st_blocks and st_blksize stat
+      struct members.
+
+
+o   Volker Lendecke <vl at samba.org>
+    * BUG 7336: Enable idmap_passdb module build as shared.
+    * BUG 7531: Fix the charset_pull routine.
+    * BUG 7635: Fix 'smbclient -M'.
+    * BUG 7656: Fix scalability problem with hundreds of printers.
+    * BUG 7684: Fix fd leak in libwbclient.so.
+    * BUG 7688: Fix crash bug in rpcclient.
+    * BUG 7470: Standardize S_IREAD and S_IWRITE.
+    * BUG 7715: Fix file corruption when setting Samba "write wache wize".
+
+
+o   Jim McDonough <jmcd at samba.org>
+    * BUG 7280: Fix auto printers with registry config.
+
+
+o   Andreas Schneider <asn at samba.org>
+    * BUG 7538: Fix GUID_from_data_blob() with length of 32.
+
+
+o   Chere Zhou <chere.zhou at isilon.com>
+    * BUG 7662: Align change notify replies on 4-byte boundary.
+
+
+######################################################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   =============================
                    Release Notes for Samba 3.5.5
 			 September 14, 2010
                    =============================
@@ -50,9 +149,9 @@
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
 
+
                    =============================
                    Release Notes for Samba 3.5.4
 			   June 23, 2010

Modified: branches/samba/upstream/lib/util/charset/charset.h
===================================================================
--- branches/samba/upstream/lib/util/charset/charset.h	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/lib/util/charset/charset.h	2010-10-09 20:33:58 UTC (rev 3612)
@@ -242,7 +242,7 @@
 			 char **outbuf, size_t *outbytesleft)					\
 {												\
 	while (*inbytesleft >= 1 && *outbytesleft >= 2) {					\
-		*(uint16*)(*outbuf) = to_ucs2[((unsigned char*)(*inbuf))[0]];			\
+		SSVAL(*outbuf, 0, to_ucs2[((unsigned char*)(*inbuf))[0]]);			\
 		(*inbytesleft)  -= 1;								\
 		(*outbytesleft) -= 2;								\
 		(*inbuf)  += 1;									\

Modified: branches/samba/upstream/libcli/auth/credentials.c
===================================================================
--- branches/samba/upstream/libcli/auth/credentials.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/libcli/auth/credentials.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -24,6 +24,7 @@
 #include "system/time.h"
 #include "../lib/crypto/crypto.h"
 #include "libcli/auth/libcli_auth.h"
+#include "../libcli/security/dom_sid.h"
 
 static void netlogon_creds_step_crypt(struct netlogon_creds_CredentialState *creds,
 				      const struct netr_Credential *in,
@@ -202,7 +203,7 @@
 								  struct netr_Credential *initial_credential,
 								  uint32_t negotiate_flags)
 {
-	struct netlogon_creds_CredentialState *creds = talloc(mem_ctx, struct netlogon_creds_CredentialState);
+	struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
 	
 	if (!creds) {
 		return NULL;
@@ -453,3 +454,46 @@
 	}
 }	
 
+/*
+  copy a netlogon_creds_CredentialState struct
+*/
+
+struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
+							   struct netlogon_creds_CredentialState *creds_in)
+{
+	struct netlogon_creds_CredentialState *creds = talloc_zero(mem_ctx, struct netlogon_creds_CredentialState);
+
+	if (!creds) {
+		return NULL;
+	}
+
+	creds->sequence			= creds_in->sequence;
+	creds->negotiate_flags		= creds_in->negotiate_flags;
+	creds->secure_channel_type	= creds_in->secure_channel_type;
+
+	creds->computer_name = talloc_strdup(creds, creds_in->computer_name);
+	if (!creds->computer_name) {
+		talloc_free(creds);
+		return NULL;
+	}
+	creds->account_name = talloc_strdup(creds, creds_in->account_name);
+	if (!creds->account_name) {
+		talloc_free(creds);
+		return NULL;
+	}
+
+	if (creds_in->sid) {
+		creds->sid = dom_sid_dup(creds, creds_in->sid);
+		if (!creds->sid) {
+			talloc_free(creds);
+			return NULL;
+		}
+	}
+
+	memcpy(creds->session_key, creds_in->session_key, sizeof(creds->session_key));
+	memcpy(creds->seed.data, creds_in->seed.data, sizeof(creds->seed.data));
+	memcpy(creds->client.data, creds_in->client.data, sizeof(creds->client.data));
+	memcpy(creds->server.data, creds_in->server.data, sizeof(creds->server.data));
+
+	return creds;
+}

Modified: branches/samba/upstream/libcli/auth/proto.h
===================================================================
--- branches/samba/upstream/libcli/auth/proto.h	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/libcli/auth/proto.h	2010-10-09 20:33:58 UTC (rev 3612)
@@ -35,6 +35,8 @@
 				struct netr_Authenticator *next);
 bool netlogon_creds_client_check(struct netlogon_creds_CredentialState *creds,
 			const struct netr_Credential *received_credentials);
+struct netlogon_creds_CredentialState *netlogon_creds_copy(TALLOC_CTX *mem_ctx,
+							   struct netlogon_creds_CredentialState *creds_in);
 
 /*****************************************************************
 The above functions are common to the client and server interface

Modified: branches/samba/upstream/librpc/gen_ndr/cli_epmapper.c
===================================================================
--- branches/samba/upstream/librpc/gen_ndr/cli_epmapper.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/librpc/gen_ndr/cli_epmapper.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -380,7 +380,11 @@
 	/* Copy out parameters */
 	*state->orig.out.entry_handle = *state->tmp.out.entry_handle;
 	*state->orig.out.num_ents = *state->tmp.out.num_ents;
-	memcpy(state->orig.out.entries, state->tmp.out.entries, (state->tmp.in.max_ents) * sizeof(*state->orig.out.entries));
+	if ((*state->tmp.out.num_ents) > (state->tmp.in.max_ents)) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	memcpy(state->orig.out.entries, state->tmp.out.entries, (*state->tmp.out.num_ents) * sizeof(*state->orig.out.entries));
 
 	/* Copy result */
 	state->orig.out.result = state->tmp.out.result;
@@ -453,7 +457,10 @@
 	/* Return variables */
 	*entry_handle = *r.out.entry_handle;
 	*num_ents = *r.out.num_ents;
-	memcpy(entries, r.out.entries, (r.in.max_ents) * sizeof(*entries));
+	if ((*r.out.num_ents) > (r.in.max_ents)) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	memcpy(entries, r.out.entries, (*r.out.num_ents) * sizeof(*entries));
 
 	/* Return result */
 	return NT_STATUS_OK;
@@ -549,7 +556,11 @@
 	/* Copy out parameters */
 	*state->orig.out.entry_handle = *state->tmp.out.entry_handle;
 	*state->orig.out.num_towers = *state->tmp.out.num_towers;
-	memcpy(state->orig.out.towers, state->tmp.out.towers, (state->tmp.in.max_towers) * sizeof(*state->orig.out.towers));
+	if ((*state->tmp.out.num_towers) > (state->tmp.in.max_towers)) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	memcpy(state->orig.out.towers, state->tmp.out.towers, (*state->tmp.out.num_towers) * sizeof(*state->orig.out.towers));
 
 	/* Copy result */
 	state->orig.out.result = state->tmp.out.result;
@@ -618,7 +629,10 @@
 	/* Return variables */
 	*entry_handle = *r.out.entry_handle;
 	*num_towers = *r.out.num_towers;
-	memcpy(towers, r.out.towers, (r.in.max_towers) * sizeof(*towers));
+	if ((*r.out.num_towers) > (r.in.max_towers)) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	memcpy(towers, r.out.towers, (*r.out.num_towers) * sizeof(*towers));
 
 	/* Return result */
 	return NT_STATUS_OK;

Modified: branches/samba/upstream/librpc/gen_ndr/cli_ntsvcs.c
===================================================================
--- branches/samba/upstream/librpc/gen_ndr/cli_ntsvcs.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/librpc/gen_ndr/cli_ntsvcs.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1459,7 +1459,11 @@
 	}
 
 	/* Copy out parameters */
-	memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.in.length) * sizeof(*state->orig.out.buffer));
+	if ((*state->tmp.out.length) > (*state->tmp.in.length)) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.out.length) * sizeof(*state->orig.out.buffer));
 	*state->orig.out.length = *state->tmp.out.length;
 
 	/* Copy result */
@@ -1525,7 +1529,10 @@
 	}
 
 	/* Return variables */
-	memcpy(buffer, r.out.buffer, (*r.in.length) * sizeof(*buffer));
+	if ((*r.out.length) > (*r.in.length)) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	memcpy(buffer, r.out.buffer, (*r.out.length) * sizeof(*buffer));
 	*length = *r.out.length;
 
 	/* Return result */
@@ -1918,7 +1925,11 @@
 
 	/* Copy out parameters */
 	*state->orig.out.reg_data_type = *state->tmp.out.reg_data_type;
-	memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.in.buffer_size) * sizeof(*state->orig.out.buffer));
+	if ((*state->tmp.out.buffer_size) > (*state->tmp.in.buffer_size)) {
+		tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+		return;
+	}
+	memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.out.buffer_size) * sizeof(*state->orig.out.buffer));
 	*state->orig.out.buffer_size = *state->tmp.out.buffer_size;
 	*state->orig.out.needed = *state->tmp.out.needed;
 
@@ -1992,7 +2003,10 @@
 
 	/* Return variables */
 	*reg_data_type = *r.out.reg_data_type;
-	memcpy(buffer, r.out.buffer, (*r.in.buffer_size) * sizeof(*buffer));
+	if ((*r.out.buffer_size) > (*r.in.buffer_size)) {
+		return NT_STATUS_INVALID_NETWORK_RESPONSE;
+	}
+	memcpy(buffer, r.out.buffer, (*r.out.buffer_size) * sizeof(*buffer));
 	*buffer_size = *r.out.buffer_size;
 	*needed = *r.out.needed;
 

Modified: branches/samba/upstream/librpc/gen_ndr/cli_winreg.c
===================================================================
--- branches/samba/upstream/librpc/gen_ndr/cli_winreg.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/librpc/gen_ndr/cli_winreg.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1668,7 +1668,15 @@
 		*state->orig.out.type = *state->tmp.out.type;
 	}
 	if (state->orig.out.value && state->tmp.out.value) {
-		memcpy(state->orig.out.value, state->tmp.out.value, (*state->tmp.in.size) * sizeof(*state->orig.out.value));
+		if ((*state->tmp.out.size) > (*state->tmp.in.size)) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+		if ((*state->tmp.out.length) > (*state->tmp.out.size)) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+		memcpy(state->orig.out.value, state->tmp.out.value, (*state->tmp.out.length) * sizeof(*state->orig.out.value));
 	}
 	if (state->orig.out.size && state->tmp.out.size) {
 		*state->orig.out.size = *state->tmp.out.size;
@@ -1752,7 +1760,13 @@
 		*type = *r.out.type;
 	}
 	if (value && r.out.value) {
-		memcpy(value, r.out.value, (*r.in.size) * sizeof(*value));
+		if ((*r.out.size) > (*r.in.size)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+		if ((*r.out.length) > (*r.out.size)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+		memcpy(value, r.out.value, (*r.out.length) * sizeof(*value));
 	}
 	if (size && r.out.size) {
 		*size = *r.out.size;
@@ -2823,7 +2837,15 @@
 		*state->orig.out.type = *state->tmp.out.type;
 	}
 	if (state->orig.out.data && state->tmp.out.data) {
-		memcpy(state->orig.out.data, state->tmp.out.data, (state->tmp.in.data_size?*state->tmp.in.data_size:0) * sizeof(*state->orig.out.data));
+		if ((state->tmp.out.data_size?*state->tmp.out.data_size:0) > (state->tmp.in.data_size?*state->tmp.in.data_size:0)) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+		if ((state->tmp.out.data_length?*state->tmp.out.data_length:0) > (state->tmp.out.data_size?*state->tmp.out.data_size:0)) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+		memcpy(state->orig.out.data, state->tmp.out.data, (state->tmp.out.data_length?*state->tmp.out.data_length:0) * sizeof(*state->orig.out.data));
 	}
 	if (state->orig.out.data_size && state->tmp.out.data_size) {
 		*state->orig.out.data_size = *state->tmp.out.data_size;
@@ -2904,7 +2926,13 @@
 		*type = *r.out.type;
 	}
 	if (data && r.out.data) {
-		memcpy(data, r.out.data, (r.in.data_size?*r.in.data_size:0) * sizeof(*data));
+		if ((r.out.data_size?*r.out.data_size:0) > (r.in.data_size?*r.in.data_size:0)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+		if ((r.out.data_length?*r.out.data_length:0) > (r.out.data_size?*r.out.data_size:0)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+		memcpy(data, r.out.data, (r.out.data_length?*r.out.data_length:0) * sizeof(*data));
 	}
 	if (data_size && r.out.data_size) {
 		*data_size = *r.out.data_size;
@@ -4629,7 +4657,11 @@
 	/* Copy out parameters */
 	memcpy(state->orig.out.values, state->tmp.out.values, (state->tmp.in.num_values) * sizeof(*state->orig.out.values));
 	if (state->orig.out.buffer && state->tmp.out.buffer) {
-		memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.in.buffer_size) * sizeof(*state->orig.out.buffer));
+		if ((*state->tmp.out.buffer_size) > (*state->tmp.in.buffer_size)) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);
+			return;
+		}
+		memcpy(state->orig.out.buffer, state->tmp.out.buffer, (*state->tmp.out.buffer_size) * sizeof(*state->orig.out.buffer));
 	}
 	*state->orig.out.buffer_size = *state->tmp.out.buffer_size;
 
@@ -4701,7 +4733,10 @@
 	/* Return variables */
 	memcpy(values, r.out.values, (r.in.num_values) * sizeof(*values));
 	if (buffer && r.out.buffer) {
-		memcpy(buffer, r.out.buffer, (*r.in.buffer_size) * sizeof(*buffer));
+		if ((*r.out.buffer_size) > (*r.in.buffer_size)) {
+			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+		}
+		memcpy(buffer, r.out.buffer, (*r.out.buffer_size) * sizeof(*buffer));
 	}
 	*buffer_size = *r.out.buffer_size;
 

Modified: branches/samba/upstream/librpc/ndr/libndr.h
===================================================================
--- branches/samba/upstream/librpc/ndr/libndr.h	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/librpc/ndr/libndr.h	2010-10-09 20:33:58 UTC (rev 3612)
@@ -543,6 +543,7 @@
 
 /* GUIDs */
 bool GUID_equal(const struct GUID *u1, const struct GUID *u2);
+NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid);
 NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid);
 NTSTATUS GUID_from_string(const char *s, struct GUID *guid);
 NTSTATUS NS_GUID_from_string(const char *s, struct GUID *guid);

Modified: branches/samba/upstream/librpc/ndr/uuid.c
===================================================================
--- branches/samba/upstream/librpc/ndr/uuid.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/librpc/ndr/uuid.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -25,7 +25,26 @@
 #include "librpc/ndr/libndr.h"
 #include "librpc/gen_ndr/ndr_misc.h"
 
+
 /**
+  build a GUID from a NDR data blob
+*/
+_PUBLIC_ NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid)
+{
+	enum ndr_err_code ndr_err;
+	TALLOC_CTX *mem_ctx;
+
+	mem_ctx = talloc_new(NULL);
+	NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
+
+	ndr_err = ndr_pull_struct_blob_all(b, mem_ctx, NULL, guid,
+					   (ndr_pull_flags_fn_t)ndr_pull_GUID);
+	talloc_free(mem_ctx);
+	return ndr_map_error2ntstatus(ndr_err);
+}
+
+
+/**
   build a GUID from a string
 */
 _PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid)
@@ -81,29 +100,16 @@
 	} else if (s->length == 32) {
 		size_t rlen = strhex_to_str((char *)blob16.data, blob16.length,
 					    (const char *)s->data, s->length);
-		if (rlen == blob16.length) {
-			/* goto the ndr_pull_struct_blob() path */
-			status = NT_STATUS_OK;
-			s = &blob16;
+		if (rlen != blob16.length) {
+			return NT_STATUS_INVALID_PARAMETER;
 		}
+
+		s = &blob16;
+		return GUID_from_ndr_blob(s, guid);
 	}
 
 	if (s->length == 16) {
-		enum ndr_err_code ndr_err;
-		struct GUID guid2;
-		TALLOC_CTX *mem_ctx;
-
-		mem_ctx = talloc_new(NULL);
-		NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
-
-		ndr_err = ndr_pull_struct_blob(s, mem_ctx, NULL, &guid2,
-					       (ndr_pull_flags_fn_t)ndr_pull_GUID);
-		talloc_free(mem_ctx);
-		if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-			return ndr_map_error2ntstatus(ndr_err);
-		}
-		*guid = guid2;
-		return NT_STATUS_OK;
+		return GUID_from_ndr_blob(s, guid);
 	}
 
 	if (!NT_STATUS_IS_OK(status)) {

Modified: branches/samba/upstream/nsswitch/wb_common.c
===================================================================
--- branches/samba/upstream/nsswitch/wb_common.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/nsswitch/wb_common.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -61,6 +61,9 @@
 
 /* Close established socket */
 
+#if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR
+__attribute__((destructor))
+#endif
 void winbind_close_sock(void)
 {
 	if (winbindd_fd != -1) {

Modified: branches/samba/upstream/packaging/RHEL/makerpms.sh
===================================================================
--- branches/samba/upstream/packaging/RHEL/makerpms.sh	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/packaging/RHEL/makerpms.sh	2010-10-09 20:33:58 UTC (rev 3612)
@@ -20,7 +20,7 @@
 
 USERID=`id -u`
 GRPID=`id -g`
-VERSION='3.5.5'
+VERSION='3.5.6'
 REVISION=''
 SPECFILE="samba.spec"
 RPMVER=`rpm --version | awk '{print $3}'`

Modified: branches/samba/upstream/packaging/RHEL/samba.spec
===================================================================
--- branches/samba/upstream/packaging/RHEL/samba.spec	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/packaging/RHEL/samba.spec	2010-10-09 20:33:58 UTC (rev 3612)
@@ -5,7 +5,7 @@
 Vendor: Samba Team
 Packager: Samba Team <samba at samba.org>
 Name:         samba
-Version:      3.5.5
+Version:      3.5.6
 Release:      1
 Epoch:        0
 License: GNU GPL version 3

Modified: branches/samba/upstream/packaging/RHEL-CTDB/samba.spec
===================================================================
--- branches/samba/upstream/packaging/RHEL-CTDB/samba.spec	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/packaging/RHEL-CTDB/samba.spec	2010-10-09 20:33:58 UTC (rev 3612)
@@ -5,7 +5,7 @@
 Vendor: Samba Team
 Packager: Samba Team <samba at samba.org>
 Name:         samba
-Version:      3.5.5
+Version:      3.5.6
 Release:      1GITHASH
 Epoch:        0
 License: GNU GPL version 3

Modified: branches/samba/upstream/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm
===================================================================
--- branches/samba/upstream/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm	2010-10-09 20:33:58 UTC (rev 3612)
@@ -15,7 +15,7 @@
 use Parse::Pidl qw(fatal warning error);
 use Parse::Pidl::Util qw(has_property ParseExpr);
 use Parse::Pidl::Samba4 qw(DeclLong);
-use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv);
+use Parse::Pidl::Samba4::Header qw(GenerateFunctionInEnv GenerateFunctionOutEnv);
 
 use vars qw($VERSION);
 $VERSION = '0.01';
@@ -71,12 +71,27 @@
 	}
 }
 
-sub ParseOutputArgument($$$;$$)
+sub ParseInvalidResponse($$)
 {
-	my ($self, $fn, $e, $r, $o) = @_;
+	my ($self, $type) = @_;
+
+	if ($type eq "sync") {
+		$self->pidl("return NT_STATUS_INVALID_NETWORK_RESPONSE;");
+	} elsif ($type eq "async") {
+		$self->pidl("tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE);");
+		$self->pidl("return;");
+	} else {
+		die("ParseInvalidResponse($type)");
+	}
+}
+
+sub ParseOutputArgument($$$;$$$)
+{
+	my ($self, $fn, $e, $r, $o, $invalid_response_type) = @_;
 	my $level = 0;
 	$r = "r." unless defined($r);
 	$o = "" unless defined($o);
+	$invalid_response_type = "sync" unless defined($invalid_response_type);
 
 	if ($e->{LEVELS}[0]->{TYPE} ne "POINTER" and $e->{LEVELS}[0]->{TYPE} ne "ARRAY") {
 		$self->pidl("return NT_STATUS_NOT_SUPPORTED;");
@@ -97,17 +112,37 @@
 		# Since the data is being copied into a user-provided data 
 		# structure, the user should be able to know the size beforehand 
 		# to allocate a structure of the right size.
-		my $env = GenerateFunctionInEnv($fn, $r);
+		my $in_env = GenerateFunctionInEnv($fn, $r);
+		my $out_env = GenerateFunctionOutEnv($fn, $r);
 		my $l = $e->{LEVELS}[$level];
 		unless (defined($l->{SIZE_IS})) {
+			$self->pidl('#error No size known for [out] array `$e->{NAME}');
 			error($e->{ORIGINAL}, "no size known for [out] array `$e->{NAME}'");
-			$self->pidl('#error No size known for [out] array `$e->{NAME}');
 		} else {
-			my $size_is = ParseExpr($l->{SIZE_IS}, $env, $e->{ORIGINAL});
+			my $in_size_is = ParseExpr($l->{SIZE_IS}, $in_env, $e->{ORIGINAL});
+			my $out_size_is = ParseExpr($l->{SIZE_IS}, $out_env, $e->{ORIGINAL});
+			my $out_length_is = $out_size_is;
+			if (defined($l->{LENGTH_IS})) {
+				$out_length_is = ParseExpr($l->{LENGTH_IS}, $out_env, $e->{ORIGINAL});
+			}
+			if ($out_size_is ne $in_size_is) {
+				$self->pidl("if (($out_size_is) > ($in_size_is)) {");
+				$self->indent;
+				$self->ParseInvalidResponse($invalid_response_type);
+				$self->deindent;
+				$self->pidl("}");
+			}
+			if ($out_length_is ne $out_size_is) {
+				$self->pidl("if (($out_length_is) > ($out_size_is)) {");
+				$self->indent;
+				$self->ParseInvalidResponse($invalid_response_type);
+				$self->deindent;
+				$self->pidl("}");
+			}
 			if (has_property($e, "charset")) {
-				$self->pidl("memcpy(discard_const_p(uint8_t *, $o$e->{NAME}), ${r}out.$e->{NAME}, ($size_is) * sizeof(*$o$e->{NAME}));");
+				$self->pidl("memcpy(discard_const_p(uint8_t *, $o$e->{NAME}), ${r}out.$e->{NAME}, ($out_length_is) * sizeof(*$o$e->{NAME}));");
 			} else {
-				$self->pidl("memcpy($o$e->{NAME}, ${r}out.$e->{NAME}, ($size_is) * sizeof(*$o$e->{NAME}));");
+				$self->pidl("memcpy($o$e->{NAME}, ${r}out.$e->{NAME}, ($out_length_is) * sizeof(*$o$e->{NAME}));");
 			}
 		}
 	} else {
@@ -281,7 +316,10 @@
 	foreach my $e (@{$fn->{ELEMENTS}}) {
 		next unless (grep(/out/, @{$e->{DIRECTION}}));
 
-		$self->ParseOutputArgument($fn, $e, "state->tmp.", "state->orig.out.");
+		$self->ParseOutputArgument($fn, $e,
+					   "state->tmp.",
+					   "state->orig.out.",
+					   "async");
 	}
 	$self->pidl("");
 

Modified: branches/samba/upstream/source3/Makefile.in
===================================================================
--- branches/samba/upstream/source3/Makefile.in	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/Makefile.in	2010-10-09 20:33:58 UTC (rev 3612)
@@ -2617,6 +2617,10 @@
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) winbindd/idmap_rid.o
 
+bin/passdb. at SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_passdb.o
+	@echo "Building plugin $@"
+	@$(SHLD_MODULE) winbindd/idmap_passdb.o
+
 bin/ad. at SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_ad.o
 	@echo "Building plugin $@"
 	@$(SHLD_MODULE) winbindd/idmap_ad.o

Modified: branches/samba/upstream/source3/VERSION
===================================================================
--- branches/samba/upstream/source3/VERSION	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/VERSION	2010-10-09 20:33:58 UTC (rev 3612)
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
 
 ########################################################
 # Bug fix releases use a letter for the patch revision #

Modified: branches/samba/upstream/source3/configure
===================================================================
--- branches/samba/upstream/source3/configure	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/configure	2010-10-09 20:33:58 UTC (rev 3612)
@@ -37022,12 +37022,8 @@
 
         if test "x$CUPS_CONFIG" != x; then
 
-		ac_save_CFLAGS=$CFLAGS
 		ac_save_LDFLAGS=$LDFLAGS
 		ac_save_PRINT_LIBS=$PRINT_LIBS
-		CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`"
-		LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`"
-		PRINT_LIBS="$PRINT_LIBS -lcups"
 
 
 for ac_header in cups/cups.h cups/language.h
@@ -37180,9 +37176,108 @@
 
 done
 
+
 		if test x"$ac_cv_header_cups_cups_h" = xyes -a \
 		        x"$ac_cv_header_cups_language_h" = xyes; then
+			# try linking with -lcups alone first. That should work unless libcups is
+			# underlinked. With cups-config --libs we pull in unwanted and unneeded
+			# dendencies including thread libraries - use cups-config only if really
+			# required.
 
+
+
+ac_check_lib_ext_save_LIBS=$LIBS
+LIBS="-lcups $ac_save_PRINT_LIBS   $LIBS"
+
+
+
+
+        { $as_echo "$as_me:$LINENO: checking for httpConnect in -lcups" >&5
+$as_echo_n "checking for httpConnect in -lcups... " >&6; }
+if test "${ac_cv_lib_ext_cups_httpConnect+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char httpConnect ();
+int
+main ()
+{
+return httpConnect ();
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 $as_test_x conftest$ac_exeext
+       }; then
+  ac_cv_lib_ext_cups_httpConnect=yes;
+		  ac_cv_lib_ext_cups=yes
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_cv_lib_ext_cups_httpConnect=no;
+		  ac_cv_lib_ext_cups=no
+fi
+
+rm -rf conftest.dSYM
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext conftest.$ac_ext
+
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ext_cups_httpConnect" >&5
+$as_echo "$ac_cv_lib_ext_cups_httpConnect" >&6; }
+    if test $ac_cv_lib_ext_cups_httpConnect = yes; then
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_HTTPCONNECT 1
+_ACEOF
+
+fi
+
+LIBS=$ac_check_lib_ext_save_LIBS
+
+if test $ac_cv_lib_ext_cups = yes; then
+  PRINT_LIBS"$ac_save_PRINT_LIBS -lcups"
+
+
+else
+  { $as_echo "$as_me:$LINENO: WARNING: your cups library doesn't link with -lcups alone, it might be underlinked." >&5
+$as_echo "$as_me: WARNING: your cups library doesn't link with -lcups alone, it might be underlinked." >&2;} ;
+				 PRINT_LIBS="$ac_save_PRINT_LIBS `$CUPS_CONFIG --libs`"
+fi
+
+
+
 cat >>confdefs.h <<\_ACEOF
 #define HAVE_CUPS 1
 _ACEOF

Modified: branches/samba/upstream/source3/configure.in
===================================================================
--- branches/samba/upstream/source3/configure.in	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/configure.in	2010-10-09 20:33:58 UTC (rev 3612)
@@ -756,15 +756,21 @@
 
         if test "x$CUPS_CONFIG" != x; then
 
-		ac_save_CFLAGS=$CFLAGS
 		ac_save_LDFLAGS=$LDFLAGS
 		ac_save_PRINT_LIBS=$PRINT_LIBS
-		CFLAGS="$CFLAGS `$CUPS_CONFIG --cflags`"
-		LDFLAGS="$LDFLAGS `$CUPS_CONFIG --ldflags`"
-		PRINT_LIBS="$PRINT_LIBS -lcups"
 		AC_CHECK_HEADERS(cups/cups.h cups/language.h)
+
 		if test x"$ac_cv_header_cups_cups_h" = xyes -a \
 		        x"$ac_cv_header_cups_language_h" = xyes; then
+			# try linking with -lcups alone first. That should work unless libcups is
+			# underlinked. With cups-config --libs we pull in unwanted and unneeded
+			# dendencies including thread libraries - use cups-config only if really
+			# required. 
+			AC_CHECK_LIB_EXT(cups, ac_save_PRINT_LIBS , httpConnect,
+				[PRINT_LIBS"$ac_save_PRINT_LIBS -lcups"],
+				[AC_MSG_WARN([your cups library doesn't link with -lcups alone, it might be underlinked.]) ;
+				 PRINT_LIBS="$ac_save_PRINT_LIBS `$CUPS_CONFIG --libs`"])
+
 			AC_DEFINE(HAVE_CUPS,1,[Whether we have CUPS])
 			samba_cv_HAVE_CUPS=yes
 			AC_CHECK_LIB_EXT(cups, PRINT_LIBS, httpConnectEncrypt)

Modified: branches/samba/upstream/source3/include/config.h.in
===================================================================
--- branches/samba/upstream/source3/include/config.h.in	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/include/config.h.in	2010-10-09 20:33:58 UTC (rev 3612)
@@ -914,6 +914,9 @@
 /* Define to 1 if you have the `hstrerror' function. */
 #undef HAVE_HSTRERROR
 
+/* Define to 1 if you have the `httpConnect' function. */
+#undef HAVE_HTTPCONNECT
+
 /* Define to 1 if you have the `httpConnectEncrypt' function. */
 #undef HAVE_HTTPCONNECTENCRYPT
 

Modified: branches/samba/upstream/source3/include/proto.h
===================================================================
--- branches/samba/upstream/source3/include/proto.h	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/include/proto.h	2010-10-09 20:33:58 UTC (rev 3612)
@@ -3191,8 +3191,8 @@
 int matching_len_bits(unsigned char *p1, unsigned char *p2, size_t len);
 void sort_query_replies(char *data, int n, struct in_addr ip);
 char *name_mangle(TALLOC_CTX *mem_ctx, char *In, char name_type);
-int name_extract(char *buf,int ofs, fstring name);
-int name_len(char *s1);
+int name_extract(unsigned char *buf,size_t buf_len, unsigned int ofs, fstring name);
+int name_len(unsigned char *s1, size_t buf_len);
 
 /* The following definitions come from libsmb/nterr.c  */
 
@@ -5595,6 +5595,8 @@
 WERROR push_spoolss_PrinterData(TALLOC_CTX *mem_ctx, DATA_BLOB *blob,
 				enum winreg_Type type,
 				union spoolss_PrinterData *data);
+void spoolss_printerinfo2_to_setprinterinfo2(const struct spoolss_PrinterInfo2 *i,
+					     struct spoolss_SetPrinterInfo2 *s);
 
 /* The following definitions come from rpc_client/init_lsa.c  */
 
@@ -6583,7 +6585,8 @@
 
 /* The following definitions come from smbd/open.c  */
 
-NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
+NTSTATUS smb1_file_se_access_check(connection_struct *conn,
+			  const struct security_descriptor *sd,
                           const NT_USER_TOKEN *token,
                           uint32_t access_desired,
                           uint32_t *access_granted);
@@ -6856,7 +6859,7 @@
 			      files_struct *fsp);
 bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req,
 		      files_struct *fsp);
-void reply_special(char *inbuf);
+void reply_special(char *inbuf, size_t inbuf_len);
 void reply_tcon(struct smb_request *req);
 void reply_tcon_and_X(struct smb_request *req);
 void reply_unknown_new(struct smb_request *req, uint8 type);

Modified: branches/samba/upstream/source3/include/version.h
===================================================================
--- branches/samba/upstream/source3/include/version.h	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/include/version.h	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1,8 +1,8 @@
 /* Autogenerated by script/mkversion.sh */
 #define SAMBA_VERSION_MAJOR 3
 #define SAMBA_VERSION_MINOR 5
-#define SAMBA_VERSION_RELEASE 5
-#define SAMBA_VERSION_OFFICIAL_STRING "3.5.5"
+#define SAMBA_VERSION_RELEASE 6
+#define SAMBA_VERSION_OFFICIAL_STRING "3.5.6"
 #ifdef SAMBA_VERSION_VENDOR_FUNCTION
 #  define SAMBA_VERSION_STRING SAMBA_VERSION_VENDOR_FUNCTION
 #else /* SAMBA_VERSION_VENDOR_FUNCTION */

Modified: branches/samba/upstream/source3/lib/netapi/cm.c
===================================================================
--- branches/samba/upstream/source3/lib/netapi/cm.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/lib/netapi/cm.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -25,18 +25,58 @@
 /********************************************************************
 ********************************************************************/
 
+struct client_ipc_connection {
+	struct client_ipc_connection *prev, *next;
+	struct cli_state *cli;
+	struct client_pipe_connection *pipe_connections;
+};
+
+struct client_pipe_connection {
+	struct client_pipe_connection *prev, *next;
+	struct rpc_pipe_client *pipe;
+};
+
+/********************************************************************
+********************************************************************/
+
+static struct client_ipc_connection *ipc_cm_find(
+	struct libnetapi_private_ctx *priv_ctx, const char *server_name)
+{
+	struct client_ipc_connection *p;
+
+	for (p = priv_ctx->ipc_connections; p; p = p->next) {
+		if (strequal(p->cli->desthost, server_name)) {
+			return p;
+		}
+	}
+
+	return NULL;
+}
+
+/********************************************************************
+********************************************************************/
+
 static WERROR libnetapi_open_ipc_connection(struct libnetapi_ctx *ctx,
 					    const char *server_name,
-					    struct cli_state **cli)
+					    struct client_ipc_connection **pp)
 {
+	struct libnetapi_private_ctx *priv_ctx =
+		(struct libnetapi_private_ctx *)ctx->private_data;
 	struct user_auth_info *auth_info = NULL;
 	struct cli_state *cli_ipc = NULL;
+	struct client_ipc_connection *p;
 
-	if (!ctx || !cli || !server_name) {
+	if (!ctx || !pp || !server_name) {
 		return WERR_INVALID_PARAM;
 	}
 
-	auth_info = user_auth_info_init(NULL);
+	p = ipc_cm_find(priv_ctx, server_name);
+	if (p) {
+		*pp = p;
+		return WERR_OK;
+	}
+
+	auth_info = user_auth_info_init(ctx);
 	if (!auth_info) {
 		return WERR_NOMEM;
 	}
@@ -78,30 +118,29 @@
 		return WERR_CAN_NOT_COMPLETE;
 	}
 
-	*cli = cli_ipc;
+	p = TALLOC_ZERO_P(ctx, struct client_ipc_connection);
+	if (p == NULL) {
+		return WERR_NOMEM;
+	}
 
+	p->cli = cli_ipc;
+	DLIST_ADD(priv_ctx->ipc_connections, p);
+
+	*pp = p;
+
 	return WERR_OK;
 }
 
 /********************************************************************
 ********************************************************************/
 
-struct client_pipe_connection {
-	struct client_pipe_connection *prev, *next;
-	struct rpc_pipe_client *pipe;
-	struct cli_state *cli;
-};
-
-static struct client_pipe_connection *pipe_connections;
-
-/********************************************************************
-********************************************************************/
-
 WERROR libnetapi_shutdown_cm(struct libnetapi_ctx *ctx)
 {
-	struct client_pipe_connection *p;
+	struct libnetapi_private_ctx *priv_ctx =
+		(struct libnetapi_private_ctx *)ctx->private_data;
+	struct client_ipc_connection *p;
 
-	for (p = pipe_connections; p; p = p->next) {
+	for (p = priv_ctx->ipc_connections; p; p = p->next) {
 		cli_shutdown(p->cli);
 	}
 
@@ -111,19 +150,19 @@
 /********************************************************************
 ********************************************************************/
 
-static NTSTATUS pipe_cm_find(struct cli_state *cli,
+static NTSTATUS pipe_cm_find(struct client_ipc_connection *ipc,
 			     const struct ndr_syntax_id *interface,
 			     struct rpc_pipe_client **presult)
 {
 	struct client_pipe_connection *p;
 
-	for (p = pipe_connections; p; p = p->next) {
+	for (p = ipc->pipe_connections; p; p = p->next) {
 
 		if (!rpc_pipe_np_smb_conn(p->pipe)) {
 			return NT_STATUS_PIPE_EMPTY;
 		}
 
-		if (strequal(cli->desthost, p->pipe->desthost)
+		if (strequal(ipc->cli->desthost, p->pipe->desthost)
 		    && ndr_syntax_id_equal(&p->pipe->abstract_syntax,
 					   interface)) {
 			*presult = p->pipe;
@@ -138,7 +177,7 @@
 ********************************************************************/
 
 static NTSTATUS pipe_cm_connect(TALLOC_CTX *mem_ctx,
-				struct cli_state *cli,
+				struct client_ipc_connection *ipc,
 				const struct ndr_syntax_id *interface,
 				struct rpc_pipe_client **presult)
 {
@@ -150,14 +189,13 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	status = cli_rpc_pipe_open_noauth(cli, interface, &p->pipe);
+	status = cli_rpc_pipe_open_noauth(ipc->cli, interface, &p->pipe);
 	if (!NT_STATUS_IS_OK(status)) {
 		TALLOC_FREE(p);
 		return status;
 	}
 
-	p->cli = cli;
-	DLIST_ADD(pipe_connections, p);
+	DLIST_ADD(ipc->pipe_connections, p);
 
 	*presult = p->pipe;
 	return NT_STATUS_OK;
@@ -167,15 +205,15 @@
 ********************************************************************/
 
 static NTSTATUS pipe_cm_open(TALLOC_CTX *ctx,
-			     struct cli_state *cli,
+			     struct client_ipc_connection *ipc,
 			     const struct ndr_syntax_id *interface,
 			     struct rpc_pipe_client **presult)
 {
-	if (NT_STATUS_IS_OK(pipe_cm_find(cli, interface, presult))) {
+	if (NT_STATUS_IS_OK(pipe_cm_find(ipc, interface, presult))) {
 		return NT_STATUS_OK;
 	}
 
-	return pipe_cm_connect(ctx, cli, interface, presult);
+	return pipe_cm_connect(ctx, ipc, interface, presult);
 }
 
 /********************************************************************
@@ -189,18 +227,18 @@
 	struct rpc_pipe_client *result = NULL;
 	NTSTATUS status;
 	WERROR werr;
-	struct cli_state *cli = NULL;
+	struct client_ipc_connection *ipc = NULL;
 
 	if (!presult) {
 		return WERR_INVALID_PARAM;
 	}
 
-	werr = libnetapi_open_ipc_connection(ctx, server_name, &cli);
+	werr = libnetapi_open_ipc_connection(ctx, server_name, &ipc);
 	if (!W_ERROR_IS_OK(werr)) {
 		return werr;
 	}
 
-	status = pipe_cm_open(ctx, cli, interface, &result);
+	status = pipe_cm_open(ctx, ipc, interface, &result);
 	if (!NT_STATUS_IS_OK(status)) {
 		libnetapi_set_error_string(ctx, "failed to open PIPE %s: %s",
 			get_pipe_name_from_syntax(talloc_tos(), interface),

Modified: branches/samba/upstream/source3/lib/netapi/netapi_private.h
===================================================================
--- branches/samba/upstream/source3/lib/netapi/netapi_private.h	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/lib/netapi/netapi_private.h	2010-10-09 20:33:58 UTC (rev 3612)
@@ -43,6 +43,7 @@
 		struct policy_handle builtin_handle;
 	} samr;
 
+	struct client_ipc_connection *ipc_connections;
 };
 
 NET_API_STATUS libnetapi_get_password(struct libnetapi_ctx *ctx, char **password);

Modified: branches/samba/upstream/source3/lib/system.c
===================================================================
--- branches/samba/upstream/source3/lib/system.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/lib/system.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -534,8 +534,17 @@
 	dst->st_ex_mtime = get_mtimespec(src);
 	dst->st_ex_ctime = get_ctimespec(src);
 	make_create_timespec(src, dst, fake_dir_create_times);
+#ifdef HAVE_STAT_ST_BLKSIZE
 	dst->st_ex_blksize = src->st_blksize;
+#else
+	dst->st_ex_blksize = STAT_ST_BLOCKSIZE;
+#endif
+
+#ifdef HAVE_STAT_ST_BLOCKS
 	dst->st_ex_blocks = src->st_blocks;
+#else
+	dst->st_ex_blocks = src->st_size / dst->st_ex_blksize + 1;
+#endif
 
 #ifdef HAVE_STAT_ST_FLAGS
 	dst->st_ex_flags = src->st_flags;

Modified: branches/samba/upstream/source3/lib/tdb_validate.c
===================================================================
--- branches/samba/upstream/source3/lib/tdb_validate.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/lib/tdb_validate.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -192,7 +192,7 @@
 
 	DEBUG(5, ("tdb_validate_open called for tdb '%s'\n", tdb_path));
 
-	tdb = tdb_open_log(tdb_path, 0, TDB_DEFAULT, O_RDONLY, 0);
+	tdb = tdb_open_log(tdb_path, 0, TDB_DEFAULT, O_RDWR, 0);
 	if (!tdb) {
 		DEBUG(1, ("Error opening tdb %s\n", tdb_path));
 		return ret;

Modified: branches/samba/upstream/source3/libads/sasl.c
===================================================================
--- branches/samba/upstream/source3/libads/sasl.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/libads/sasl.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -769,7 +769,8 @@
 
 	/* the server sent us the first part of the SPNEGO exchange in the negprot 
 	   reply */
-	if (!spnego_parse_negTokenInit(blob, OIDs, &given_principal)) {
+	if (!spnego_parse_negTokenInit(blob, OIDs, &given_principal) ||
+			OIDs[0] == NULL) {
 		data_blob_free(&blob);
 		status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
 		goto failed;

Modified: branches/samba/upstream/source3/libsmb/cliconnect.c
===================================================================
--- branches/samba/upstream/source3/libsmb/cliconnect.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/libsmb/cliconnect.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1007,7 +1007,8 @@
 	 * negprot reply. It is WRONG to depend on the principal sent in the
 	 * negprot reply, but right now we do it. If we don't receive one,
 	 * we try to best guess, then fall back to NTLM.  */
-	if (!spnego_parse_negTokenInit(blob, OIDs, &principal)) {
+	if (!spnego_parse_negTokenInit(blob, OIDs, &principal) ||
+			OIDs[0] == NULL) {
 		data_blob_free(&blob);
 		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
 	}
@@ -1872,6 +1873,7 @@
 {
 	char *p;
 	int len = 4;
+	int namelen = 0;
 	char *tmp;
 
 	/* 445 doesn't have session request */
@@ -1890,8 +1892,11 @@
 	}
 
 	p = cli->outbuf+len;
-	memcpy(p, tmp, name_len(tmp));
-	len += name_len(tmp);
+	namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+	if (namelen > 0) {
+		memcpy(p, tmp, namelen);
+		len += namelen;
+	}
 	TALLOC_FREE(tmp);
 
 	/* and my name */
@@ -1903,8 +1908,11 @@
 	}
 
 	p = cli->outbuf+len;
-	memcpy(p, tmp, name_len(tmp));
-	len += name_len(tmp);
+	namelen = name_len((unsigned char *)tmp, talloc_get_size(tmp));
+	if (namelen > 0) {
+		memcpy(p, tmp, namelen);
+		len += namelen;
+	}
 	TALLOC_FREE(tmp);
 
 	/* send a session request (RFC 1002) */

Modified: branches/samba/upstream/source3/libsmb/clikrb5.c
===================================================================
--- branches/samba/upstream/source3/libsmb/clikrb5.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/libsmb/clikrb5.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -28,14 +28,16 @@
 
 #define GSSAPI_CHECKSUM      0x8003             /* Checksum type value for Kerberos */
 #define GSSAPI_BNDLENGTH     16                 /* Bind Length (rfc-1964 pg.3) */
-#define GSSAPI_CHECKSUM_SIZE (12+GSSAPI_BNDLENGTH)
+#define GSSAPI_CHECKSUM_SIZE (4+GSSAPI_BNDLENGTH+4) /* Length of bind length,
+							bind field, flags field. */
 
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
-static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
-                                         krb5_auth_context *auth_context,
-                                         krb5_creds *credsp,
-                                         krb5_ccache ccache,
-                                         krb5_data *authenticator);
+/* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype,
+   but still has the symbol */
+#if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
+krb5_error_code krb5_auth_con_set_req_cksumtype(  
+	krb5_context     context,
+	krb5_auth_context      auth_context,  
+	krb5_cksumtype     cksumtype);
 #endif
 
 /**************************************************************
@@ -645,6 +647,92 @@
 	return True;
 }
 
+/* Allocate and setup the auth context into the state we need. */
+
+static krb5_error_code setup_auth_context(krb5_context context,
+			krb5_auth_context *auth_context)
+{
+	krb5_error_code retval;
+
+	retval = krb5_auth_con_init(context, auth_context );
+	if (retval) {
+		DEBUG(1,("krb5_auth_con_init failed (%s)\n",
+			error_message(retval)));
+		return retval;
+	}
+
+	/* Ensure this is an addressless ticket. */
+	retval = krb5_auth_con_setaddrs(context, *auth_context, NULL, NULL);
+	if (retval) {
+		DEBUG(1,("krb5_auth_con_setaddrs failed (%s)\n",
+			error_message(retval)));
+	}
+
+	return retval;
+}
+
+static krb5_error_code create_gss_checksum(krb5_data *in_data, /* [inout] */
+						uint32_t gss_flags)
+{
+	unsigned int orig_length = in_data->length;
+	unsigned int base_cksum_size = GSSAPI_CHECKSUM_SIZE;
+	char *gss_cksum = NULL;
+
+	if (orig_length) {
+		/* Extra length field for delgated ticket. */
+		base_cksum_size += 4;
+	}
+
+	if ((unsigned int)base_cksum_size + orig_length <
+			(unsigned int)base_cksum_size) {
+                return EINVAL;
+        }
+
+	gss_cksum = (char *)SMB_MALLOC(base_cksum_size + orig_length);
+	if (gss_cksum == NULL) {
+		return ENOMEM;
+        }
+
+	memset(gss_cksum, '\0', base_cksum_size + orig_length);
+	SIVAL(gss_cksum, 0, GSSAPI_BNDLENGTH);
+
+	/* Precalculated MD5sum of NULL channel bindings (20 bytes) */
+	/* Channel bindings are: (all ints encoded as little endian)
+
+		[4 bytes] initiator_addrtype (255 for null bindings)
+		[4 bytes] initiator_address length
+			[n bytes] .. initiator_address data - not present
+				     in null bindings.
+		[4 bytes] acceptor_addrtype (255 for null bindings)
+		[4 bytes] acceptor_address length
+			[n bytes] .. acceptor_address data - not present
+				     in null bindings.
+		[4 bytes] application_data length
+			[n bytes] .. application_ data - not present
+				     in null bindings.
+		MD5 of this is ""\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18"
+	*/
+
+	memcpy(&gss_cksum[4],
+		"\x14\x8f\x0c\xf7\xb1u\xdey*J\x9a%\xdfV\xc5\x18",
+		GSSAPI_BNDLENGTH);
+
+	SIVAL(gss_cksum, 20, gss_flags);
+
+	if (orig_length) {
+		SSVAL(gss_cksum, 24, 1); /* The Delegation Option identifier */
+		SSVAL(gss_cksum, 26, orig_length);
+		/* Copy the kerberos KRB_CRED data */
+		memcpy(gss_cksum + 28, in_data->data, orig_length);
+		free(in_data->data);
+		in_data->data = NULL;
+		in_data->length = 0;
+	}
+	in_data->data = gss_cksum;
+	in_data->length = base_cksum_size + orig_length;
+	return 0;
+}
+
 /*
   we can't use krb5_mk_req because w2k wants the service to be in a particular format
 */
@@ -665,7 +753,8 @@
 	krb5_data in_data;
 	bool creds_ready = False;
 	int i = 0, maxtries = 3;
-	
+	uint32_t gss_flags = 0;
+
 	ZERO_STRUCT(in_data);
 
 	retval = smb_krb5_parse_name(context, principal, &server);
@@ -735,45 +824,51 @@
 		*expire_time = (time_t)credsp->times.endtime;
 	}
 
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
+	/* Allocate the auth_context. */
+	retval = setup_auth_context(context, auth_context);
+	if (retval) {
+		DEBUG(1,("setup_auth_context failed (%s)\n",
+			error_message(retval)));
+		goto cleanup_creds;
+	}
+
+#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SETUSERUSERKEY) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
 	if( credsp->ticket_flags & TKT_FLG_OK_AS_DELEGATE ) {
 		/* Fetch a forwarded TGT from the KDC so that we can hand off a 2nd ticket
 		 as part of the kerberos exchange. */
 
 		DEBUG( 3, ("ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT\n")  );
 
-		if( *auth_context == NULL ) {
-			/* Allocate if it has not yet been allocated. */
-			retval = krb5_auth_con_init( context, auth_context );
-			if (retval) {
-				DEBUG(1,("ads_krb5_mk_req: krb5_auth_con_init failed (%s)\n",
-					error_message(retval)));
-				goto cleanup_creds;
-			}
-		}
-
-		retval = krb5_auth_con_setuseruserkey( context, *auth_context, &credsp->keyblock );
+		retval = krb5_auth_con_setuseruserkey(context,
+					*auth_context,
+					&credsp->keyblock );
 		if (retval) {
-			DEBUG(1,("ads_krb5_mk_req: krb5_auth_con_setuseruserkey failed (%s)\n",
+			DEBUG(1,("krb5_auth_con_setuseruserkey failed (%s)\n",
 				error_message(retval)));
 			goto cleanup_creds;
 		}
 
 		/* Must use a subkey for forwarded tickets. */
-		retval = krb5_auth_con_setflags( context, *auth_context, KRB5_AUTH_CONTEXT_USE_SUBKEY);
+		retval = krb5_auth_con_setflags(context,
+				*auth_context,
+				KRB5_AUTH_CONTEXT_USE_SUBKEY);
 		if (retval) {
-			DEBUG(1,("ads_krb5_mk_req: krb5_auth_con_setflags failed (%s)\n",
+			DEBUG(1,("krb5_auth_con_setflags failed (%s)\n",
 				error_message(retval)));
 			goto cleanup_creds;
 		}
 
-		retval = ads_krb5_get_fwd_ticket( context,
-						auth_context,
-						credsp,
-						ccache,
-						&in_data );
+		retval = krb5_fwd_tgt_creds(context,/* Krb5 context [in] */
+				*auth_context,  /* Authentication context [in] */
+				CONST_DISCARD(char *, KRB5_TGS_NAME),  /* Ticket service name ("krbtgt") [in] */
+				credsp->client, /* Client principal for the tgt [in] */
+				credsp->server, /* Server principal for the tgt [in] */
+				ccache,         /* Credential cache to use for storage [in] */
+				1,              /* Turn on for "Forwardable ticket" [in] */
+				&in_data );     /* Resulting response [out] */
+
 		if (retval) {
-			DEBUG( 3, ("ads_krb5_get_fwd_ticket failed (%s)\n",
+			DEBUG( 3, ("krb5_fwd_tgt_creds failed (%s)\n",
 				   error_message( retval ) ) );
 
 			/*
@@ -788,10 +883,35 @@
 			}
 			krb5_auth_con_free(context, *auth_context);
 			*auth_context = NULL;
+			retval = setup_auth_context(context, auth_context);
+			if (retval) {
+				DEBUG(1,("setup_auth_context failed (%s)\n",
+					error_message(retval)));
+				goto cleanup_creds;
+			}
+		} else {
+			/* We got a delegated ticket. */
+			gss_flags |= GSS_C_DELEG_FLAG;
 		}
 	}
 #endif
 
+	/* Frees and reallocates in_data into a GSS checksum blob. */
+	retval = create_gss_checksum(&in_data, gss_flags);
+	if (retval) {
+		goto cleanup_data;
+	}
+
+#if defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE)
+	/* We always want GSS-checksum types. */
+	retval = krb5_auth_con_set_req_cksumtype(context, *auth_context, GSSAPI_CHECKSUM );
+	if (retval) {
+		DEBUG(1,("krb5_auth_con_set_req_cksumtype failed (%s)\n",
+			error_message(retval)));
+		goto cleanup_data;
+	}
+#endif
+
 	retval = krb5_mk_req_extended(context, auth_context, ap_req_options, 
 				      &in_data, credsp, outbuf);
 	if (retval) {
@@ -799,6 +919,7 @@
 			 error_message(retval)));
 	}
 
+cleanup_data:
 	if (in_data.data) {
 		free( in_data.data );
 		in_data.length = 0;
@@ -1846,128 +1967,6 @@
 	return ret;
 }
 
-#if defined(TKT_FLG_OK_AS_DELEGATE ) && defined(HAVE_KRB5_FWD_TGT_CREDS) && defined(HAVE_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE) && defined(KRB5_AUTH_CONTEXT_USE_SUBKEY)
-/**************************************************************
-Routine: ads_krb5_get_fwd_ticket
- Description:
-    When a service ticket is flagged as trusted
-    for delegation we should provide a forwardable
-    ticket so that the remote host can act on our
-    behalf.  This is done by taking the 2nd forwardable
-    TGT and storing it in the GSS-API authenticator
-    "checksum".  This routine will populate
-    the krb5_data authenticator with this TGT.
- Parameters:
-    krb5_context context: The kerberos context for this authentication.
-    krb5_auth_context:    The authentication context.
-    krb5_creds *credsp:   The ticket credentials (AS-REP).
-    krb5_ccache ccache:   The credentials cache.
-    krb5_data &authenticator: The checksum field that will store the TGT, and
-     authenticator.data must be freed by the caller.
-
- Returns:
-    krb5_error_code: 0 if no errors, otherwise set.
-**************************************************************/
-
-static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context,
-					 krb5_auth_context *auth_context,
-					 krb5_creds *credsp,
-					 krb5_ccache ccache,
-					 krb5_data *authenticator)
-{
-	krb5_data fwdData;
-	krb5_error_code retval = 0;
-	char *pChksum = NULL;
-	char *p = NULL;
-
-/* MIT krb5 1.7beta3 (in Ubuntu Karmic) is missing the prototype,
-   but still has the symbol */
-#if !HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
-krb5_error_code krb5_auth_con_set_req_cksumtype(  
-	krb5_context     context,
-	krb5_auth_context      auth_context,  
-	krb5_cksumtype     cksumtype);
-#endif
-
-	ZERO_STRUCT(fwdData);
-	ZERO_STRUCTP(authenticator);
-
-	retval = krb5_fwd_tgt_creds(context,/* Krb5 context [in] */
-				*auth_context,  /* Authentication context [in] */
-				CONST_DISCARD(char *, KRB5_TGS_NAME),  /* Ticket service name ("krbtgt") [in] */
-				credsp->client, /* Client principal for the tgt [in] */
-				credsp->server, /* Server principal for the tgt [in] */
-				ccache,         /* Credential cache to use for storage [in] */
-				1,              /* Turn on for "Forwardable ticket" [in] */
-				&fwdData );     /* Resulting response [out] */
-
-
-	if (retval) {
-		DEBUG(1,("ads_krb5_get_fwd_ticket: krb5_fwd_tgt_creds failed (%s)\n", 
-			error_message(retval)));
-		goto out;
-	}
-
-	if ((unsigned int)GSSAPI_CHECKSUM_SIZE + (unsigned int)fwdData.length <
-		(unsigned int)GSSAPI_CHECKSUM_SIZE) {
-		retval = EINVAL;
-		goto out;
-	}
-
-	/* We're going to allocate a gssChecksum structure with a little
-	   extra data the length of the kerberos credentials length
-	   (APPLICATION 22) so that we can pack it on the end of the structure.
-	*/
-
-	pChksum	= (char *)SMB_MALLOC(GSSAPI_CHECKSUM_SIZE + fwdData.length );
-	if (!pChksum) {
-		retval = ENOMEM;
-		goto out;
-	}
-
-	p = pChksum;
-
-	SIVAL(p, 0, GSSAPI_BNDLENGTH);
-	p += 4;
-
-	/* Zero out the bindings fields */
-	memset(p, '\0', GSSAPI_BNDLENGTH );
-	p += GSSAPI_BNDLENGTH;
-
-	SIVAL(p, 0, GSS_C_DELEG_FLAG );
-	p += 4;
-	SSVAL(p, 0, 1 );
-	p += 2;
-	SSVAL(p, 0, fwdData.length );
-	p += 2;
-
-	/* Migrate the kerberos KRB_CRED data to the checksum delegation */
-	memcpy(p, fwdData.data, fwdData.length );
-	p += fwdData.length;
-
-	/* We need to do this in order to allow our GSS-API  */
-	retval = krb5_auth_con_set_req_cksumtype( context, *auth_context, GSSAPI_CHECKSUM );
-	if (retval) {
-		goto out;
-	}
-
-	/* We now have a service ticket, now turn it into an AP-REQ. */
-	authenticator->length = fwdData.length + GSSAPI_CHECKSUM_SIZE;
-
-	/* Caller should call free() when they're done with this. */
-	authenticator->data = (char *)pChksum;
-
-  out:
-
- 	/* Remove that input data, we never needed it anyway. */
-   	if (fwdData.length > 0) {
-  		krb5_free_data_contents( context, &fwdData );
-   	}
-
-	return retval;
-}
-#endif
-
 #if defined(HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE) && \
     defined(HAVE_KRB5_GET_CREDS_OPT_ALLOC) && \
     defined(HAVE_KRB5_GET_CREDS)

Modified: branches/samba/upstream/source3/libsmb/climessage.c
===================================================================
--- branches/samba/upstream/source3/libsmb/climessage.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/libsmb/climessage.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -63,8 +63,10 @@
 
 	*p++ = 4;
 	memcpy(p, utmp, ulen);
+	p += ulen;
 	*p++ = 4;
 	memcpy(p, htmp, hlen);
+	p += hlen;
 	TALLOC_FREE(htmp);
 	TALLOC_FREE(utmp);
 
@@ -163,8 +165,8 @@
 		TALLOC_FREE(tmp);
 		return tevent_req_post(req, ev);
 	}
-	SCVAL(bytes, 0, 0);	/* pad */
-	SSVAL(bytes, 1, msglen);
+	SCVAL(bytes, 0, 1);	/* pad */
+	SSVAL(bytes+1, 0, msglen);
 	memcpy(bytes+3, msg, msglen);
 	TALLOC_FREE(tmp);
 

Modified: branches/samba/upstream/source3/libsmb/clispnego.c
===================================================================
--- branches/samba/upstream/source3/libsmb/clispnego.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/libsmb/clispnego.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -4,7 +4,7 @@
    Copyright (C) Andrew Tridgell 2001
    Copyright (C) Jim McDonough <jmcd at us.ibm.com> 2002
    Copyright (C) Luke Howard     2003
-   
+
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
@@ -146,9 +146,16 @@
 	asn1_start_tag(data,ASN1_APPLICATION(0));
 
 	asn1_check_OID(data,OID_SPNEGO);
+
+	/* negTokenInit  [0]  NegTokenInit */
 	asn1_start_tag(data,ASN1_CONTEXT(0));
 	asn1_start_tag(data,ASN1_SEQUENCE(0));
 
+	/* mechTypes [0] MechTypeList  OPTIONAL */
+
+	/* Not really optional, we depend on this to decide
+	 * what mechanisms we have to work with. */
+
 	asn1_start_tag(data,ASN1_CONTEXT(0));
 	asn1_start_tag(data,ASN1_SEQUENCE(0));
 	for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) {
@@ -161,11 +168,45 @@
 	asn1_end_tag(data);
 
 	*principal = NULL;
-	if (asn1_tag_remaining(data) > 0) {
+
+	/*
+	  Win7 + Live Sign-in Assistant attaches a mechToken
+	  ASN1_CONTEXT(2) to the negTokenInit packet
+	  which breaks our negotiation if we just assume
+	  the next tag is ASN1_CONTEXT(3).
+	*/
+
+	if (asn1_peek_tag(data, ASN1_CONTEXT(1))) {
+		uint8 flags;
+
+		/* reqFlags [1] ContextFlags  OPTIONAL */
+		asn1_start_tag(data, ASN1_CONTEXT(1));
+		asn1_start_tag(data, ASN1_BIT_STRING);
+		while (asn1_tag_remaining(data) > 0) {
+			asn1_read_uint8(data, &flags);
+		}
+		asn1_end_tag(data);
+		asn1_end_tag(data);
+	}
+
+	if (asn1_peek_tag(data, ASN1_CONTEXT(2))) {
+		/* mechToken [2] OCTET STRING  OPTIONAL */
+		DATA_BLOB token;
+		asn1_start_tag(data, ASN1_CONTEXT(2));
+		asn1_read_OctetString(data, talloc_autofree_context(),
+			&token);
+		asn1_end_tag(data);
+		/* Throw away the token - not used. */
+		data_blob_free(&token);
+	}
+
+	if (asn1_peek_tag(data, ASN1_CONTEXT(3))) {
+		/* mechListMIC [3] OCTET STRING  OPTIONAL */
 		asn1_start_tag(data, ASN1_CONTEXT(3));
 		asn1_start_tag(data, ASN1_SEQUENCE(0));
 		asn1_start_tag(data, ASN1_CONTEXT(0));
-		asn1_read_GeneralString(data,talloc_autofree_context(),principal);
+		asn1_read_GeneralString(data,talloc_autofree_context(),
+			principal);
 		asn1_end_tag(data);
 		asn1_end_tag(data);
 		asn1_end_tag(data);

Modified: branches/samba/upstream/source3/libsmb/nmblib.c
===================================================================
--- branches/samba/upstream/source3/libsmb/nmblib.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/libsmb/nmblib.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1237,21 +1237,33 @@
 
 /****************************************************************************
  Interpret the weird netbios "name" into a unix fstring. Return the name type.
+ Returns -1 on error.
 ****************************************************************************/
 
-static int name_interpret(char *in, fstring name)
+static int name_interpret(unsigned char *buf, size_t buf_len,
+		unsigned char *in, fstring name)
 {
+	unsigned char *end_ptr = buf + buf_len;
 	int ret;
-	int len = (*in++) / 2;
+	unsigned int len;
 	fstring out_string;
-	char *out = out_string;
+	unsigned char *out = (unsigned char *)out_string;
 
 	*out=0;
 
-	if (len > 30 || len<1)
-		return(0);
+	if (in >= end_ptr) {
+		return -1;
+	}
+	len = (*in++) / 2;
 
+	if (len<1) {
+		return -1;
+	}
+
 	while (len--) {
+		if (&in[1] >= end_ptr) {
+			return -1;
+		}
 		if (in[0] < 'A' || in[0] > 'P' || in[1] < 'A' || in[1] > 'P') {
 			*out = 0;
 			return(0);
@@ -1259,21 +1271,13 @@
 		*out = ((in[0]-'A')<<4) + (in[1]-'A');
 		in += 2;
 		out++;
+		if (PTR_DIFF(out,out_string) >= sizeof(fstring)) {
+			return -1;
+		}
 	}
 	ret = out[-1];
 	out[-1] = 0;
 
-#ifdef NETBIOS_SCOPE
-	/* Handle any scope names */
-	while(*in) {
-		*out++ = '.'; /* Scope names are separated by periods */
-		len = *(unsigned char *)in++;
-		StrnCpy(out, in, len);
-		out += len;
-		*out=0;
-		in += len;
-	}
-#endif
 	pull_ascii_fstring(name, out_string);
 
 	return(ret);
@@ -1352,12 +1356,25 @@
  Find a pointer to a netbios name.
 ****************************************************************************/
 
-static char *name_ptr(char *buf,int ofs)
+static unsigned char *name_ptr(unsigned char *buf, size_t buf_len, unsigned int ofs)
 {
-	unsigned char c = *(unsigned char *)(buf+ofs);
+	unsigned char c = 0;
 
+	if (ofs > buf_len || buf_len < 1) {
+		return NULL;
+	}
+
+	c = *(unsigned char *)(buf+ofs);
 	if ((c & 0xC0) == 0xC0) {
-		uint16 l = RSVAL(buf, ofs) & 0x3FFF;
+		uint16 l = 0;
+
+		if (ofs > buf_len - 1) {
+			return NULL;
+		}
+		l = RSVAL(buf, ofs) & 0x3FFF;
+		if (l > buf_len) {
+			return NULL;
+		}
 		DEBUG(5,("name ptr to pos %d from %d is %s\n",l,ofs,buf+l));
 		return(buf + l);
 	} else {
@@ -1367,37 +1384,48 @@
 
 /****************************************************************************
  Extract a netbios name from a buf (into a unix string) return name type.
+ Returns -1 on error.
 ****************************************************************************/
 
-int name_extract(char *buf,int ofs, fstring name)
+int name_extract(unsigned char *buf, size_t buf_len, unsigned int ofs, fstring name)
 {
-	char *p = name_ptr(buf,ofs);
-	int d = PTR_DIFF(p,buf+ofs);
+	unsigned char *p = name_ptr(buf,buf_len,ofs);
 
 	name[0] = '\0';
-	if (d < -50 || d > 50)
-		return(0);
-	return(name_interpret(p,name));
+	if (p == NULL) {
+		return -1;
+	}
+	return(name_interpret(buf,buf_len,p,name));
 }
 
 /****************************************************************************
  Return the total storage length of a mangled name.
+ Returns -1 on error.
 ****************************************************************************/
 
-int name_len(char *s1)
+int name_len(unsigned char *s1, size_t buf_len)
 {
 	/* NOTE: this argument _must_ be unsigned */
 	unsigned char *s = (unsigned char *)s1;
-	int len;
+	int len = 0;
 
+	if (buf_len < 1) {
+		return -1;
+	}
 	/* If the two high bits of the byte are set, return 2. */
-	if (0xC0 == (*s & 0xC0))
+	if (0xC0 == (*s & 0xC0)) {
+		if (buf_len < 2) {
+			return -1;
+		}
 		return(2);
+	}
 
 	/* Add up the length bytes. */
 	for (len = 1; (*s); s += (*s) + 1) {
 		len += *s + 1;
-		SMB_ASSERT(len < 80);
+		if (len > buf_len) {
+			return -1;
+		}
 	}
 
 	return(len);

Modified: branches/samba/upstream/source3/modules/vfs_acl_common.c
===================================================================
--- branches/samba/upstream/source3/modules/vfs_acl_common.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/modules/vfs_acl_common.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -471,7 +471,8 @@
 			nt_errstr(status) ));
 		return status;
 	}
-	status = smb1_file_se_access_check(parent_desc,
+	status = smb1_file_se_access_check(handle->conn,
+					parent_desc,
 					handle->conn->server_info->ptok,
 					access_mask,
 					&access_granted);
@@ -535,7 +536,8 @@
 				&pdesc);
         if (NT_STATUS_IS_OK(status)) {
 		/* See if we can access it. */
-		status = smb1_file_se_access_check(pdesc,
+		status = smb1_file_se_access_check(handle->conn,
+					pdesc,
 					handle->conn->server_info->ptok,
 					fsp->access_mask,
 					&access_granted);

Modified: branches/samba/upstream/source3/printing/load.c
===================================================================
--- branches/samba/upstream/source3/printing/load.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/printing/load.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -31,6 +31,10 @@
 	char *saveptr;
 
 	if (pnum < 0)
+		if (process_registry_service(PRINTERS_NAME))
+			pnum = lp_servicenumber(PRINTERS_NAME);
+
+	if (pnum < 0)
 		return;
 
 	if ((str = SMB_STRDUP(lp_auto_services())) == NULL)

Modified: branches/samba/upstream/source3/printing/nt_printing.c
===================================================================
--- branches/samba/upstream/source3/printing/nt_printing.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/printing/nt_printing.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -5727,7 +5727,9 @@
 
         if (!NT_STATUS_IS_OK(status) &&
 	    (token_contains_name_in_list(uidtoname(server_info->utok.uid),
-					 NULL, NULL, server_info->ptok,
+					 pdb_get_domain(server_info->sam_account),
+					 NULL,
+					 server_info->ptok,
 					 lp_printer_admin(snum)))) {
 		talloc_destroy(mem_ctx);
 		return True;

Modified: branches/samba/upstream/source3/registry/reg_api.c
===================================================================
--- branches/samba/upstream/source3/registry/reg_api.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/registry/reg_api.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -953,7 +953,7 @@
 	/* open the registry file....fail if the file already exists */
 
 	regfile = regfio_open(fname, (O_RDWR|O_CREAT|O_EXCL),
-			      (S_IREAD|S_IWRITE));
+			      (S_IRUSR|S_IWUSR));
 	if (regfile == NULL) {
 		DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
 			 fname, strerror(errno) ));

Modified: branches/samba/upstream/source3/rpc_client/cli_pipe.c
===================================================================
--- branches/samba/upstream/source3/rpc_client/cli_pipe.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/rpc_client/cli_pipe.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -3213,7 +3213,7 @@
 	result->a_u.schannel_auth->state = SCHANNEL_STATE_START;
 	result->a_u.schannel_auth->seq_num = 0;
 	result->a_u.schannel_auth->initiator = true;
-	result->a_u.schannel_auth->creds = creds;
+	result->a_u.schannel_auth->creds = netlogon_creds_copy(result, creds);
 
 	*presult = result;
 	return NT_STATUS_OK;
@@ -4044,9 +4044,13 @@
 
 	/*
 	 * The credentials on a new netlogon pipe are the ones we are passed
-	 * in - reference them in
+	 * in - copy them over
 	 */
-	result->dc = talloc_move(result, pdc);
+	result->dc = netlogon_creds_copy(result, *pdc);
+	if (result->dc == NULL) {
+		TALLOC_FREE(result);
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	DEBUG(10,("cli_rpc_pipe_open_schannel_with_key: opened pipe %s to machine %s "
 		  "for domain %s and bound using schannel.\n",

Modified: branches/samba/upstream/source3/rpc_client/init_spoolss.c
===================================================================
--- branches/samba/upstream/source3/rpc_client/init_spoolss.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/rpc_client/init_spoolss.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -73,3 +73,32 @@
 	}
 	return WERR_OK;
 }
+
+/*******************************************************************
+ ********************************************************************/
+
+void spoolss_printerinfo2_to_setprinterinfo2(const struct spoolss_PrinterInfo2 *i,
+					     struct spoolss_SetPrinterInfo2 *s)
+{
+	s->servername		= i->servername;
+	s->printername		= i->printername;
+	s->sharename		= i->sharename;
+	s->portname		= i->portname;
+	s->drivername		= i->drivername;
+	s->comment		= i->comment;
+	s->location		= i->location;
+	s->devmode_ptr		= 0;
+	s->sepfile		= i->sepfile;
+	s->printprocessor	= i->printprocessor;
+	s->datatype		= i->datatype;
+	s->parameters		= i->parameters;
+	s->secdesc_ptr		= 0;
+	s->attributes		= i->attributes;
+	s->priority		= i->priority;
+	s->defaultpriority	= i->defaultpriority;
+	s->starttime		= i->starttime;
+	s->untiltime		= i->untiltime;
+	s->status		= i->status;
+	s->cjobs		= i->cjobs;
+	s->averageppm		= i->averageppm;
+}

Modified: branches/samba/upstream/source3/rpc_server/srv_pipe.c
===================================================================
--- branches/samba/upstream/source3/rpc_server/srv_pipe.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/rpc_server/srv_pipe.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1184,7 +1184,8 @@
 	}
 
 	/* parse out the OIDs and the first sec blob */
-	if (!parse_negTokenTarg(blob, OIDs, &secblob)) {
+	if (!parse_negTokenTarg(blob, OIDs, &secblob) ||
+			OIDs[0] == NULL) {
 		DEBUG(0,("pipe_spnego_auth_bind_negotiate: Failed to parse the security blob.\n"));
 		goto err;
         }

Modified: branches/samba/upstream/source3/rpc_server/srv_spoolss_nt.c
===================================================================
--- branches/samba/upstream/source3/rpc_server/srv_spoolss_nt.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/rpc_server/srv_spoolss_nt.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -432,6 +432,14 @@
 	NT_PRINTER_INFO_LEVEL *printer = NULL;
 	WERROR result;
 
+	/*
+	 * Hopefully nobody names his printers like this. Maybe \ or ,
+	 * are illegal in printer names even?
+	 */
+	const char printer_not_found[] = "Printer \\, !@#$%^&*( not found";
+	char *cache_key;
+	char *tmp;
+
 	DEBUG(4,("Setting printer name=%s (len=%lu)\n", handlename,
 		(unsigned long)strlen(handlename)));
 
@@ -474,6 +482,27 @@
 		found = true;
 	}
 
+	/*
+	 * With hundreds of printers, the "for" loop iterating all
+	 * shares can be quite expensive, as it is done on every
+	 * OpenPrinter. The loop maps "aprinter" to "sname", the
+	 * result of which we cache in gencache.
+	 */
+
+	cache_key = talloc_asprintf(talloc_tos(), "PRINTERNAME/%s",
+				    aprinter);
+	if ((cache_key != NULL) && gencache_get(cache_key, &tmp, NULL)) {
+
+		found = (strcmp(tmp, printer_not_found) != 0);
+		if (!found) {
+			DEBUG(4, ("Printer %s not found\n", aprinter));
+			SAFE_FREE(tmp);
+			return false;
+		}
+		fstrcpy(sname, tmp);
+		SAFE_FREE(tmp);
+	}
+
 	/* Search all sharenames first as this is easier than pulling
 	   the printer_info_2 off of disk. Don't use find_service() since
 	   that calls out to map_username() */
@@ -539,10 +568,20 @@
 	free_a_printer( &printer, 2);
 
 	if ( !found ) {
+		if (cache_key != NULL) {
+			gencache_set(cache_key, printer_not_found,
+				     time(NULL)+300);
+			TALLOC_FREE(cache_key);
+		}
 		DEBUGADD(4,("Printer not found\n"));
 		return false;
 	}
 
+	if (cache_key != NULL) {
+		gencache_set(cache_key, sname, time(NULL)+300);
+		TALLOC_FREE(cache_key);
+	}
+
 	DEBUGADD(4,("set_printer_hnd_name: Printer found: %s -> %s\n", aprinter, sname));
 
 	fstrcpy(Printer->sharename, sname);
@@ -1645,7 +1684,8 @@
 						 &se_printop ) &&
 			    !token_contains_name_in_list(
 				    uidtoname(p->server_info->utok.uid),
-				    NULL, NULL,
+				    pdb_get_domain(p->server_info->sam_account),
+				    NULL,
 				    p->server_info->ptok,
 				    lp_printer_admin(snum))) {
 				close_printer_handle(p, r->out.handle);
@@ -1941,8 +1981,10 @@
 	if ( (p->server_info->utok.uid != sec_initial_uid())
 		&& !user_has_privileges(p->server_info->ptok, &se_printop )
 		&& !token_contains_name_in_list(
-			uidtoname(p->server_info->utok.uid), NULL,
-			NULL, p->server_info->ptok,
+			uidtoname(p->server_info->utok.uid),
+			pdb_get_domain(p->server_info->sam_account),
+			NULL,
+			p->server_info->ptok,
 			lp_printer_admin(-1)) )
 	{
 		return WERR_ACCESS_DENIED;
@@ -2040,7 +2082,9 @@
 	if ( (p->server_info->utok.uid != sec_initial_uid())
 		&& !user_has_privileges(p->server_info->ptok, &se_printop )
 		&& !token_contains_name_in_list(
-			uidtoname(p->server_info->utok.uid), NULL, NULL,
+			uidtoname(p->server_info->utok.uid),
+			pdb_get_domain(p->server_info->sam_account),
+			NULL,
 			p->server_info->ptok, lp_printer_admin(-1)) )
 	{
 		return WERR_ACCESS_DENIED;
@@ -7845,7 +7889,8 @@
 	if ((p->server_info->utok.uid != sec_initial_uid()) &&
 	     !user_has_privileges(p->server_info->ptok, &se_printop) &&
 	     !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
-					  NULL, NULL,
+					  pdb_get_domain(p->server_info->sam_account),
+					  NULL,
 					  p->server_info->ptok,
 					  lp_printer_admin(snum))) {
 		DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
@@ -7926,7 +7971,8 @@
 	if ((p->server_info->utok.uid != sec_initial_uid()) &&
 	     !user_has_privileges(p->server_info->ptok, &se_printop) &&
 	     !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
-					  NULL, NULL,
+					  pdb_get_domain(p->server_info->sam_account),
+					  NULL,
 					  p->server_info->ptok,
 					  lp_printer_admin(snum))) {
 		DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
@@ -8009,7 +8055,8 @@
 	if ((p->server_info->utok.uid != sec_initial_uid()) &&
 	     !user_has_privileges(p->server_info->ptok, &se_printop) &&
 	     !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
-					  NULL, NULL,
+					  pdb_get_domain(p->server_info->sam_account),
+					  NULL,
 					  p->server_info->ptok,
 					  lp_printer_admin(snum))) {
 		DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));

Modified: branches/samba/upstream/source3/rpc_server/srv_winreg_nt.c
===================================================================
--- branches/samba/upstream/source3/rpc_server/srv_winreg_nt.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/rpc_server/srv_winreg_nt.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -220,8 +220,8 @@
 	struct registry_key *regkey = find_regkey_by_hnd( p, r->in.handle );
 	prs_struct    prs_hkpd;
 
-	uint8_t *outbuf;
-	uint32_t outbuf_size;
+	uint8_t *outbuf = NULL;
+	uint32_t outbuf_size = 0;
 
 	DATA_BLOB val_blob;
 	bool free_buf = False;

Modified: branches/samba/upstream/source3/rpcclient/cmd_spoolss.c
===================================================================
--- branches/samba/upstream/source3/rpcclient/cmd_spoolss.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/rpcclient/cmd_spoolss.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -462,6 +462,7 @@
 	uint32_t 	info_level = 2;
 	union spoolss_PrinterInfo info;
 	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo2 info2;
 	const char	*printername, *comment = NULL;
 	struct spoolss_DevmodeContainer devmode_ctr;
 	struct sec_desc_buf secdesc_ctr;
@@ -501,12 +502,11 @@
 
 
 	/* Modify the comment. */
-	info.info2.comment = comment;
-	info.info2.secdesc = NULL;
-	info.info2.devmode = NULL;
+	spoolss_printerinfo2_to_setprinterinfo2(&info.info2, &info2);
+	info2.comment = comment;
 
 	info_ctr.level = 2;
-	info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)&info.info2;
+	info_ctr.info.info2 = &info2;
 
 	status = rpccli_spoolss_SetPrinter(cli, mem_ctx,
 					   &pol,
@@ -540,6 +540,7 @@
 	const char 	*printername,
 			*new_printername = NULL;
 	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo2 info2;
 	struct spoolss_DevmodeContainer devmode_ctr;
 	struct sec_desc_buf secdesc_ctr;
 
@@ -577,12 +578,11 @@
                 goto done;
 
 	/* Modify the printername. */
-	info.info2.printername = new_printername;
-	info.info2.devmode = NULL;
-	info.info2.secdesc = NULL;
+	spoolss_printerinfo2_to_setprinterinfo2(&info.info2, &info2);
+	info2.printername = new_printername;
 
-	info_ctr.level = info_level;
-	info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)&info.info2;
+	info_ctr.level = 2;
+	info_ctr.info.info2 = &info2;
 
 	status = rpccli_spoolss_SetPrinter(cli, mem_ctx,
 					   &pol,
@@ -1776,27 +1776,8 @@
 
 	/* Set the printer driver */
 
-	info2.servername	= info.info2.servername;
-	info2.printername	= info.info2.printername;
-	info2.sharename		= info.info2.sharename;
-	info2.portname		= info.info2.portname;
-	info2.drivername	= argv[2];
-	info2.comment		= info.info2.comment;
-	info2.location		= info.info2.location;
-	info2.devmode_ptr	= 0;
-	info2.sepfile		= info.info2.sepfile;
-	info2.printprocessor	= info.info2.printprocessor;
-	info2.datatype		= info.info2.datatype;
-	info2.parameters	= info.info2.parameters;
-	info2.secdesc_ptr	= 0;
-	info2.attributes	= info.info2.attributes;
-	info2.priority		= info.info2.priority;
-	info2.defaultpriority	= info.info2.defaultpriority;
-	info2.starttime		= info.info2.starttime;
-	info2.untiltime		= info.info2.untiltime;
-	info2.status		= info.info2.status;
-	info2.cjobs		= info.info2.cjobs;
-	info2.averageppm	= info.info2.averageppm;
+	spoolss_printerinfo2_to_setprinterinfo2(&info.info2, &info2);
+	info2.drivername = argv[2];
 
 	info_ctr.level = 2;
 	info_ctr.info.info2 = &info2;

Modified: branches/samba/upstream/source3/rpcclient/rpcclient.c
===================================================================
--- branches/samba/upstream/source3/rpcclient/rpcclient.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/rpcclient/rpcclient.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -49,7 +49,7 @@
 ****************************************************************************/
 static char **completion_fn(const char *text, int start, int end)
 {
-#define MAX_COMPLETIONS 100
+#define MAX_COMPLETIONS 1000
 	char **matches;
 	int i, count=0;
 	struct cmd_list *commands = cmd_list;

Modified: branches/samba/upstream/source3/smbd/fileio.c
===================================================================
--- branches/samba/upstream/source3/smbd/fileio.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/fileio.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -312,14 +312,15 @@
 		fsp->modified = True;
 
 		if (SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) == 0) {
-			int dosmode;
 			trigger_write_time_update(fsp);
-			dosmode = dos_mode(fsp->conn, fsp->fsp_name);
-			if ((lp_store_dos_attributes(SNUM(fsp->conn)) ||
-					MAP_ARCHIVE(fsp->conn)) &&
-					!IS_DOS_ARCHIVE(dosmode)) {
-				file_set_dosmode(fsp->conn, fsp->fsp_name,
+			if (!fsp->posix_open &&
+					(lp_store_dos_attributes(SNUM(fsp->conn)) ||
+					MAP_ARCHIVE(fsp->conn))) {
+				int dosmode = dos_mode(fsp->conn, fsp->fsp_name);
+				if (!IS_DOS_ARCHIVE(dosmode)) {
+					file_set_dosmode(fsp->conn, fsp->fsp_name,
 						 dosmode | aARCH, NULL, false);
+				}
 			}
 
 			/*

Modified: branches/samba/upstream/source3/smbd/notify.c
===================================================================
--- branches/samba/upstream/source3/smbd/notify.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/notify.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -76,6 +76,7 @@
 	for (i=0; i<num_changes; i++) {
 		struct notify_change *c;
 		size_t namelen;
+		int    rem = 0;
 		uint32 u32_tmp;	/* Temp arg to prs_uint32 to avoid
 				 * signed/unsigned issues */
 
@@ -101,6 +102,11 @@
 		 */
 
 		u32_tmp = (i == num_changes-1) ? 0 : namelen + 12;
+
+		/* Align on 4-byte boundary according to MS-CIFS 2.2.7.4.2 */
+		if ((rem = u32_tmp % 4 ) != 0)
+			u32_tmp += 4 - rem;
+
 		if (!prs_uint32("offset", ps, 1, &u32_tmp)) goto fail;
 
 		u32_tmp = c->action;
@@ -116,6 +122,10 @@
 		 */
 		prs_set_offset(ps, prs_offset(ps)-2);
 
+		if (rem != 0) {
+			if (!prs_align_custom(ps, 4)) goto fail;
+		}
+
 		TALLOC_FREE(uni_name.buffer);
 
 		if (prs_offset(ps) > max_offset) {

Modified: branches/samba/upstream/source3/smbd/open.c
===================================================================
--- branches/samba/upstream/source3/smbd/open.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/open.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -49,11 +49,23 @@
  SMB1 file varient of se_access_check. Never test FILE_READ_ATTRIBUTES.
 ****************************************************************************/
 
-NTSTATUS smb1_file_se_access_check(const struct security_descriptor *sd,
+NTSTATUS smb1_file_se_access_check(connection_struct *conn,
+			  const struct security_descriptor *sd,
                           const NT_USER_TOKEN *token,
                           uint32_t access_desired,
                           uint32_t *access_granted)
 {
+	*access_granted = 0;
+
+	if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+		/* I'm sorry sir, I didn't know you were root... */
+		*access_granted = access_desired;
+		if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
+			*access_granted |= FILE_GENERIC_ALL;
+		}
+		return NT_STATUS_OK;
+	}
+
 	return se_access_check(sd,
 				token,
 				(access_desired & ~FILE_READ_ATTRIBUTES),
@@ -73,17 +85,6 @@
 	NTSTATUS status;
 	struct security_descriptor *sd = NULL;
 
-	*access_granted = 0;
-
-	if (conn->server_info->utok.uid == 0 || conn->admin_user) {
-		/* I'm sorry sir, I didn't know you were root... */
-		*access_granted = access_mask;
-		if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
-			*access_granted |= FILE_GENERIC_ALL;
-		}
-		return NT_STATUS_OK;
-	}
-
 	status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
 			(OWNER_SECURITY_INFORMATION |
 			GROUP_SECURITY_INFORMATION |
@@ -97,7 +98,8 @@
 		return status;
 	}
 
-	status = smb1_file_se_access_check(sd,
+	status = smb1_file_se_access_check(conn,
+				sd,
 				conn->server_info->ptok,
 				access_mask,
 				access_granted);
@@ -1412,7 +1414,8 @@
 				return NT_STATUS_ACCESS_DENIED;
 			}
 
-			status = smb1_file_se_access_check(sd,
+			status = smb1_file_se_access_check(conn,
+					sd,
 					conn->server_info->ptok,
 					access_mask,
 					&access_granted);

Modified: branches/samba/upstream/source3/smbd/oplock.c
===================================================================
--- branches/samba/upstream/source3/smbd/oplock.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/oplock.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -118,6 +118,7 @@
 	fsp->sent_oplock_break = NO_BREAK_SENT;
 
 	flush_write_cache(fsp, OPLOCK_RELEASE_FLUSH);
+	delete_write_cache(fsp);
 
 	TALLOC_FREE(fsp->oplock_timeout);
 }

Modified: branches/samba/upstream/source3/smbd/process.c
===================================================================
--- branches/samba/upstream/source3/smbd/process.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/process.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1488,7 +1488,7 @@
 		/*
 		 * NetBIOS session request, keepalive, etc.
 		 */
-		reply_special((char *)inbuf);
+		reply_special((char *)inbuf, nread);
 		goto done;
 	}
 

Modified: branches/samba/upstream/source3/smbd/reply.c
===================================================================
--- branches/samba/upstream/source3/smbd/reply.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/reply.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -495,14 +495,11 @@
  Reply to a (netbios-level) special message.
 ****************************************************************************/
 
-void reply_special(char *inbuf)
+void reply_special(char *inbuf, size_t inbuf_size)
 {
 	int msg_type = CVAL(inbuf,0);
 	int msg_flags = CVAL(inbuf,1);
-	fstring name1,name2;
-	char name_type1, name_type2;
 	struct smbd_server_connection *sconn = smbd_server_conn;
-
 	/*
 	 * We only really use 4 bytes of the outbuf, but for the smb_setlen
 	 * calculation & friends (srv_send_smb uses that) we need the full smb
@@ -510,28 +507,49 @@
 	 */
 	char outbuf[smb_size];
 
-	*name1 = *name2 = 0;
-
 	memset(outbuf, '\0', sizeof(outbuf));
 
 	smb_setlen(outbuf,0);
 
 	switch (msg_type) {
 	case 0x81: /* session request */
+	{
+		/* inbuf_size is guarenteed to be at least 4. */
+		fstring name1,name2;
+		int name_type1, name_type2;
+		int name_len1, name_len2;
 
+		*name1 = *name2 = 0;
+
 		if (sconn->nbt.got_session) {
 			exit_server_cleanly("multiple session request not permitted");
 		}
 
 		SCVAL(outbuf,0,0x82);
 		SCVAL(outbuf,3,0);
-		if (name_len(inbuf+4) > 50 || 
-		    name_len(inbuf+4 + name_len(inbuf + 4)) > 50) {
+
+		/* inbuf_size is guaranteed to be at least 4. */
+		name_len1 = name_len((unsigned char *)(inbuf+4),inbuf_size - 4);
+		if (name_len1 <= 0 || name_len1 > inbuf_size - 4) {
 			DEBUG(0,("Invalid name length in session request\n"));
 			return;
 		}
-		name_type1 = name_extract(inbuf,4,name1);
-		name_type2 = name_extract(inbuf,4 + name_len(inbuf + 4),name2);
+		name_len2 = name_len((unsigned char *)(inbuf+4+name_len1),inbuf_size - 4 - name_len1);
+		if (name_len2 <= 0 || name_len2 > inbuf_size - 4 - name_len1) {
+			DEBUG(0,("Invalid name length in session request\n"));
+			return;
+		}
+
+		name_type1 = name_extract((unsigned char *)inbuf,
+				inbuf_size,(unsigned int)4,name1);
+		name_type2 = name_extract((unsigned char *)inbuf,
+				inbuf_size,(unsigned int)(4 + name_len1),name2);
+
+		if (name_type1 == -1 || name_type2 == -1) {
+			DEBUG(0,("Invalid name type in session request\n"));
+			return;
+		}
+
 		DEBUG(2,("netbios connect: name1=%s0x%x name2=%s0x%x\n",
 			 name1, name_type1, name2, name_type2));
 
@@ -565,6 +583,7 @@
 
 		sconn->nbt.got_session = true;
 		break;
+	}
 
 	case 0x89: /* session keepalive request 
 		      (some old clients produce this?) */
@@ -5846,8 +5865,9 @@
 			  "%s -> %s\n", smb_fname_str_dbg(fsp->fsp_name),
 			  smb_fname_str_dbg(smb_fname_dst)));
 
-		if (lp_map_archive(SNUM(conn)) ||
-		    lp_store_dos_attributes(SNUM(conn))) {
+		if (!lp_posix_pathnames() &&
+		    (lp_map_archive(SNUM(conn)) ||
+		    lp_store_dos_attributes(SNUM(conn)))) {
 			/* We must set the archive bit on the newly
 			   renamed file. */
 			if (SMB_VFS_STAT(conn, smb_fname_dst) == 0) {

Modified: branches/samba/upstream/source3/smbd/sesssetup.c
===================================================================
--- branches/samba/upstream/source3/smbd/sesssetup.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/sesssetup.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -725,7 +725,8 @@
 	*kerb_mechOID = NULL;
 
 	/* parse out the OIDs and the first sec blob */
-	if (!parse_negTokenTarg(blob_in, OIDs, pblob_out)) {
+	if (!parse_negTokenTarg(blob_in, OIDs, pblob_out) ||
+			OIDs[0] == NULL) {
 		return NT_STATUS_LOGON_FAILURE;
 	}
 

Modified: branches/samba/upstream/source3/smbd/trans2.c
===================================================================
--- branches/samba/upstream/source3/smbd/trans2.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/smbd/trans2.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -6594,6 +6594,7 @@
 	files_struct *all_fsps = NULL;
 	bool modify_mtime = true;
 	struct file_id id;
+	struct smb_filename *smb_fname_tmp = NULL;
 	SMB_STRUCT_STAT sbuf;
 
 	ZERO_STRUCT(ft);
@@ -6646,7 +6647,6 @@
 	sbuf = smb_fname->st;
 
 	if (!VALID_STAT(sbuf)) {
-		struct smb_filename *smb_fname_tmp = NULL;
 		/*
 		 * The only valid use of this is to create character and block
 		 * devices, and named pipes. This is deprecated (IMHO) and 
@@ -6675,7 +6675,7 @@
 		}
 
 		sbuf = smb_fname_tmp->st;
-		TALLOC_FREE(smb_fname_tmp);
+		smb_fname = smb_fname_tmp;
 
 		/* Ensure we don't try and change anything else. */
 		raw_unixmode = SMB_MODE_NO_CHANGE;

Modified: branches/samba/upstream/source3/utils/net_ads.c
===================================================================
--- branches/samba/upstream/source3/utils/net_ads.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/utils/net_ads.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -541,7 +541,7 @@
 	char *escaped_user;
 	DOM_SID primary_group_sid;
 	uint32_t group_rid;
-	enum SID_NAME_USE type;
+	enum wbcSidType type;
 
 	if (argc < 1 || c->display_usage) {
 		return net_ads_user_usage(c, argc, argv);
@@ -596,7 +596,7 @@
 	wbc_status = wbcLookupSid((struct wbcDomainSid *)&primary_group_sid,
 				  NULL, /* don't look up domain */
 				  &primary_group,
-				  (enum wbcSidType *) &type);
+				  &type);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		d_fprintf(stderr, "wbcLookupSid: %s\n",
 			  wbcErrorString(wbc_status));

Modified: branches/samba/upstream/source3/utils/net_rpc_printer.c
===================================================================
--- branches/samba/upstream/source3/utils/net_rpc_printer.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/utils/net_rpc_printer.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -754,6 +754,7 @@
 	WERROR result;
 	NTSTATUS status;
 	struct spoolss_SetPrinterInfoCtr info_ctr;
+	struct spoolss_SetPrinterInfo2 info2;
 	struct spoolss_DevmodeContainer devmode_ctr;
 	struct sec_desc_buf secdesc_ctr;
 
@@ -773,8 +774,8 @@
 			(void *)&info->info1;
 		break;
 	case 2:
-		info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)
-			(void *)&info->info2;
+		spoolss_printerinfo2_to_setprinterinfo2(&info->info2, &info2);
+		info_ctr.info.info2 = &info2;
 		break;
 	case 3:
 		info_ctr.info.info3 = (struct spoolss_SetPrinterInfo3 *)
@@ -2044,6 +2045,8 @@
 	/* do something for all printers */
 	for (i = 0; i < num_printers; i++) {
 
+		struct spoolss_SetPrinterInfo2 info2;
+
 		/* do some initialization */
 		printername = info_enum[i].info2.printername;
 		sharename = info_enum[i].info2.sharename;
@@ -2095,8 +2098,8 @@
 		d_printf(_("creating printer: %s\n"), printername);
 
 		info_ctr.level = level;
-		info_ctr.info.info2 = (struct spoolss_SetPrinterInfo2 *)
-			(void *)&info_src.info2;
+		spoolss_printerinfo2_to_setprinterinfo2(&info_src.info2, &info2);
+		info_ctr.info.info2 = &info2;
 
 		result = rpccli_spoolss_addprinterex(pipe_hnd_dst,
 						     mem_ctx,

Modified: branches/samba/upstream/source3/utils/net_rpc_registry.c
===================================================================
--- branches/samba/upstream/source3/utils/net_rpc_registry.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/utils/net_rpc_registry.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -1150,7 +1150,8 @@
 	d_printf(_("ok\n"));
 
 	d_printf(_("Opening %s...."), argv[1]);
-	if ( !(outfile = regfio_open( argv[1], (O_RDWR|O_CREAT|O_TRUNC), (S_IREAD|S_IWRITE) )) ) {
+	if ( !(outfile = regfio_open( argv[1], (O_RDWR|O_CREAT|O_TRUNC),
+				      (S_IRUSR|S_IWUSR) )) ) {
 		d_fprintf(stderr, _("Failed to open %s for writing\n"),argv[1]);
 		goto out;
 	}

Modified: branches/samba/upstream/source3/utils/profiles.c
===================================================================
--- branches/samba/upstream/source3/utils/profiles.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/utils/profiles.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -275,7 +275,8 @@
 		exit (1);
 	}
 
-	if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC), (S_IREAD|S_IWRITE) )) ) {
+	if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC),
+				      (S_IRUSR|S_IWUSR) )) ) {
 		fprintf( stderr, "Failed to open new file %s!\n", new_filename );
 		fprintf( stderr, "Error was (%s)\n", strerror(errno) );
 		exit (1);

Modified: branches/samba/upstream/source3/utils/smbfilter.c
===================================================================
--- branches/samba/upstream/source3/utils/smbfilter.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/utils/smbfilter.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -74,20 +74,44 @@
 	}
 }
 
-static void filter_request(char *buf)
+static void filter_request(char *buf, size_t buf_len)
 {
 	int msg_type = CVAL(buf,0);
 	int type = CVAL(buf,smb_com);
+	unsigned x;
 	fstring name1,name2;
-	unsigned x;
+	int name_len1, name_len2;
+	int name_type1, name_type2;
 
 	if (msg_type) {
 		/* it's a netbios special */
-		switch (msg_type) {
+		switch (msg_type)
 		case 0x81:
 			/* session request */
-			name_extract(buf,4,name1);
-			name_extract(buf,4 + name_len(buf + 4),name2);
+			/* inbuf_size is guaranteed to be at least 4. */
+			name_len1 = name_len((unsigned char *)(buf+4),
+					buf_len - 4);
+			if (name_len1 <= 0 || name_len1 > buf_len - 4) {
+				DEBUG(0,("Invalid name length in session request\n"));
+				return;
+			}
+			name_len2 = name_len((unsigned char *)(buf+4+name_len1),
+					buf_len - 4 - name_len1);
+			if (name_len2 <= 0 || name_len2 > buf_len - 4 - name_len1) {
+				DEBUG(0,("Invalid name length in session request\n"));
+				return;
+			}
+
+			name_type1 = name_extract((unsigned char *)buf,
+					buf_len,(unsigned int)4,name1);
+			name_type2 = name_extract((unsigned char *)buf,
+					buf_len,(unsigned int)(4 + name_len1),name2);
+
+			if (name_type1 == -1 || name_type2 == -1) {
+				DEBUG(0,("Invalid name type in session request\n"));
+				return;
+			}
+
 			d_printf("sesion_request: %s -> %s\n",
 				 name1, name2);
 			if (netbiosname) {
@@ -97,11 +121,11 @@
 					/* replace the destination netbios
 					 * name */
 					memcpy(buf+4, mangled,
-					       name_len(mangled));
+					       name_len((unsigned char *)mangled,
+							talloc_get_size(mangled)));
 					TALLOC_FREE(mangled);
 				}
 			}
-		}
 		return;
 	}
 
@@ -118,7 +142,6 @@
 		SIVAL(buf, smb_vwv11, x);
 		break;
 	}
-
 }
 
 /****************************************************************************
@@ -184,7 +207,7 @@
 				d_printf("client closed connection\n");
 				exit(0);
 			}
-			filter_request(packet);
+			filter_request(packet, len);
 			if (!send_smb(s, packet)) {
 				d_printf("server is dead\n");
 				exit(1);

Modified: branches/samba/upstream/source3/winbindd/winbindd_cm.c
===================================================================
--- branches/samba/upstream/source3/winbindd/winbindd_cm.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/winbindd/winbindd_cm.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -2016,30 +2016,30 @@
 /**********************************************************************
 ***********************************************************************/
 
-static bool cm_get_schannel_creds(struct winbindd_domain *domain,
+static NTSTATUS cm_get_schannel_creds(struct winbindd_domain *domain,
 				   struct netlogon_creds_CredentialState **ppdc)
 {
-	NTSTATUS result;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
 	struct rpc_pipe_client *netlogon_pipe;
 
 	if (lp_client_schannel() == False) {
-		return False;
+		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;;
 	}
 
 	result = cm_connect_netlogon(domain, &netlogon_pipe);
 	if (!NT_STATUS_IS_OK(result)) {
-		return False;
+		return result;
 	}
 
 	/* Return a pointer to the struct netlogon_creds_CredentialState from the
 	   netlogon pipe. */
 
 	if (!domain->conn.netlogon_pipe->dc) {
-		return false;
+		return NT_STATUS_INTERNAL_ERROR; /* This shouldn't happen. */
 	}
 
 	*ppdc = domain->conn.netlogon_pipe->dc;
-	return True;
+	return NT_STATUS_OK;
 }
 
 NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
@@ -2136,10 +2136,13 @@
 
 	/* Fall back to schannel if it's a W2K pre-SP1 box. */
 
-	if (!cm_get_schannel_creds(domain, &p_creds)) {
+	result = cm_get_schannel_creds(domain, &p_creds);
+	if (!NT_STATUS_IS_OK(result)) {
 		/* If this call fails - conn->cli can now be NULL ! */
 		DEBUG(10, ("cm_connect_sam: Could not get schannel auth info "
-			   "for domain %s, trying anon\n", domain->name));
+			   "for domain %s (error %s), trying anon\n",
+			domain->name,
+			nt_errstr(result) ));
 		goto anonymous;
 	}
 	result = cli_rpc_pipe_open_schannel_with_key
@@ -2231,6 +2234,7 @@
 			    struct rpc_pipe_client **cli)
 {
 	struct winbindd_cm_conn *conn;
+	struct netlogon_creds_CredentialState *creds;
 	NTSTATUS status;
 
 	DEBUG(10,("cm_connect_lsa_tcp\n"));
@@ -2251,14 +2255,20 @@
 
 	TALLOC_FREE(conn->lsa_pipe_tcp);
 
-	status = cli_rpc_pipe_open_schannel(conn->cli,
-					    &ndr_table_lsarpc.syntax_id,
-					    NCACN_IP_TCP,
-					    DCERPC_AUTH_LEVEL_PRIVACY,
-					    domain->name,
-					    &conn->lsa_pipe_tcp);
+	status = cm_get_schannel_creds(domain, &creds);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(10,("cli_rpc_pipe_open_schannel failed: %s\n",
+		goto done;
+	}
+
+	status = cli_rpc_pipe_open_schannel_with_key(conn->cli,
+						     &ndr_table_lsarpc.syntax_id,
+						     NCACN_IP_TCP,
+						     DCERPC_AUTH_LEVEL_PRIVACY,
+						     domain->name,
+						     &creds,
+						     &conn->lsa_pipe_tcp);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(10,("cli_rpc_pipe_open_schannel_with_key failed: %s\n",
 			nt_errstr(status)));
 		goto done;
 	}
@@ -2338,10 +2348,13 @@
 
 	/* Fall back to schannel if it's a W2K pre-SP1 box. */
 
-	if (!cm_get_schannel_creds(domain, &p_creds)) {
+	result = cm_get_schannel_creds(domain, &p_creds);
+	if (!NT_STATUS_IS_OK(result)) {
 		/* If this call fails - conn->cli can now be NULL ! */
 		DEBUG(10, ("cm_connect_lsa: Could not get schannel auth info "
-			   "for domain %s, trying anon\n", domain->name));
+			   "for domain %s (error %s), trying anon\n",
+			domain->name,
+			nt_errstr(result) ));
 		goto anonymous;
 	}
 	result = cli_rpc_pipe_open_schannel_with_key

Modified: branches/samba/upstream/source3/winbindd/winbindd_dual_srv.c
===================================================================
--- branches/samba/upstream/source3/winbindd/winbindd_dual_srv.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/winbindd/winbindd_dual_srv.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -610,12 +610,12 @@
 
 	id.id = r->in.id;
 
-	switch (id.type) {
+	switch (r->in.type) {
 	case WBINT_ID_TYPE_UID:
 		id.type = ID_TYPE_UID;
 		status = idmap_set_uid_hwm(&id);
 		break;
-	case ID_TYPE_GID:
+	case WBINT_ID_TYPE_GID:
 		id.type = ID_TYPE_GID;
 		status = idmap_set_gid_hwm(&id);
 		break;

Modified: branches/samba/upstream/source3/winbindd/winbindd_pam.c
===================================================================
--- branches/samba/upstream/source3/winbindd/winbindd_pam.c	2010-09-28 20:10:01 UTC (rev 3611)
+++ branches/samba/upstream/source3/winbindd/winbindd_pam.c	2010-10-09 20:33:58 UTC (rev 3612)
@@ -801,7 +801,7 @@
 void winbindd_pam_auth(struct winbindd_cli_state *state)
 {
 	struct winbindd_domain *domain;
-	fstring name_domain, name_user, mapped_user;
+	fstring name_domain, name_user;
 	char *mapped = NULL;
 	NTSTATUS result;
 	NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
@@ -828,17 +828,15 @@
 					       state->request->data.auth.user,
 					       &mapped);
 
-	/* If the name normalization didnt' actually do anything,
-	   just use the original name */
+	/* Update the auth name if we did any mapping */
 
-	if (NT_STATUS_IS_OK(name_map_status)
-	    ||NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED)) {
-		fstrcpy(mapped_user, mapped);
-	} else {
-		fstrcpy(mapped_user, state->request->data.auth.user);
+	if (NT_STATUS_IS_OK(name_map_status) ||
+	    NT_STATUS_EQUAL(name_map_status, NT_STATUS_FILE_RENAMED))
+	{
+		fstrcpy(state->request->data.auth.user, mapped);
 	}
 
-	if (!canonicalize_username(mapped_user, name_domain, name_user)) {
+	if (!canonicalize_username(state->request->data.auth.user, name_domain, name_user)) {
 		result = NT_STATUS_NO_SUCH_USER;
 		goto done;
 	}





More information about the Pkg-samba-maint mailing list