[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Fri May 13 11:52:02 MDT 2011


The branch, master has been updated
       via  46168e9 s3-param Deprecate a number of security parameters for 3.6
       via  c31f95f do an explicit A record search for SRV entries
       via  816c5cc s3-build: use ndr-standard in msrpc3
       via  1535296 build: Move NDR_DSSETUP and NDR_SPOOLSS into ndr-standard
       via  f18cca9 lib/util/charset Move built-in charset modules to the top level
       via  ef2a7c6 s3-netapi Initialise global variables in libnetapi
       via  a37de9a s3-libnetapi Don't create a talloc_stackframe() in a global variable
       via  5db0cd5 lib/util/ Fix crash bug caused by gfree_debug()
      from  3d10021 s3-net: fix potential crash bug in display_print_driver3().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 46168e99f7c6116b96335635ad974c7d8e20948e
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri May 13 17:55:41 2011 +0200

    s3-param Deprecate a number of security parameters for 3.6
    
    This follows up on the agreement on the samba-technical list in Jan
    2011 to deprecate these options, and to possibly remove these in the
    4.0 release after user feedback.
    
    Andrew Bartlett
    
    Autobuild-User: Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date: Fri May 13 19:51:41 CEST 2011 on sn-devel-104

commit c31f95f66dcf1c11646b1edd84966e8369904a8c
Author: Luke Howard <lukeh at padl.com>
Date:   Thu May 12 20:52:52 2011 +0200

    do an explicit A record search for SRV entries
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 816c5ccc34d6107c3de619cdf4e2c99fdfd25d59
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri May 13 11:49:49 2011 +0200

    s3-build: use ndr-standard in msrpc3
    
    This avoids pulling in the symbols from the NDR_ subsystems directly.
    
    Andrew Bartlett

commit 153529636f42212f618e970a922d2595fabb13d2
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri May 13 11:48:14 2011 +0200

    build: Move NDR_DSSETUP and NDR_SPOOLSS into ndr-standard
    
    This is to address multiple defintion of symbol issues in msrpc3
    linked libraries.
    
    Andrew Bartlett

commit f18cca9a0a690013eb609719c4798da9b0e1054b
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Fri May 13 10:26:20 2011 +0200

    lib/util/charset Move built-in charset modules to the top level
    
    This removes the 'charset' subsystem and allows these modules to be
    used across the whole of Samba.
    
    Andrew Bartlett

commit ef2a7c653808a5e0abdd87dc74579bb6c006b730
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue May 10 22:11:55 2011 +0200

    s3-netapi Initialise global variables in libnetapi
    
    It is important to initalise the global variables when loading this
    configuration for the potentially first time.
    
    Andrew Bartlett

commit a37de9a95974c138d264d9cb0c7829bb426bb2d6
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue May 10 22:08:36 2011 +0200

    s3-libnetapi Don't create a talloc_stackframe() in a global variable
    
    This also ensures that libnetapi_free() invalidates the global
    stat_ctx variable, and changes the API so that the behaviour of the
    error string routines is to consistently return a allocated string.
    
    Pair-Programmed-With: Günther Deschner <gd at samba.org>
    
    Andrew Bartlett

commit 5db0cd55d4db9cc71f32dc0097e2f014c22967bc
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 9 17:43:45 2011 +0200

    lib/util/ Fix crash bug caused by gfree_debug()
    
    The issue is that we should reset the debug_num_classes to 0 when we
    un-initialise the debug system.
    
    Andrew Bartlett

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/logon/enableprivileges.xml     |    2 +-
 docs-xml/smbdotconf/protocol/usespnego.xml         |    2 +-
 docs-xml/smbdotconf/security/passwordlevel.xml     |    2 +-
 docs-xml/smbdotconf/security/security.xml          |  142 +++++++++-----------
 docs-xml/smbdotconf/security/username.xml          |    2 +-
 {source3/modules => lib/util/charset}/CP437.c      |    2 +-
 {source3/modules => lib/util/charset}/CP850.c      |    2 +-
 lib/util/charset/charset.h                         |    2 +-
 .../util/charset}/charset_macosxfs.c               |    0
 {source3/modules => lib/util/charset}/weird.c      |    0
 lib/util/charset/wscript_build                     |   33 +++++
 lib/util/debug.c                                   |    2 +-
 librpc/wscript_build                               |    2 +-
 source3/Makefile.in                                |    8 +-
 source3/lib/netapi/netapi.c                        |   46 +++++--
 source3/lib/netapi/netapi.h                        |    9 +-
 source3/modules/wscript_build                      |   39 ------
 source3/param/loadparm.c                           |   16 ++-
 source3/wscript_build                              |    9 +-
 source4/libcli/resolve/dns_ex.c                    |   26 +++-
 20 files changed, 188 insertions(+), 158 deletions(-)
 rename {source3/modules => lib/util/charset}/CP437.c (99%)
 rename {source3/modules => lib/util/charset}/CP850.c (99%)
 rename {source3/modules => lib/util/charset}/charset_macosxfs.c (100%)
 rename {source3/modules => lib/util/charset}/weird.c (100%)


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/logon/enableprivileges.xml b/docs-xml/smbdotconf/logon/enableprivileges.xml
index 3e958e0..0fbc504 100644
--- a/docs-xml/smbdotconf/logon/enableprivileges.xml
+++ b/docs-xml/smbdotconf/logon/enableprivileges.xml
@@ -5,7 +5,7 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>
-	This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
+	This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either
 	 <command>net rpc rights</command> or one of the Windows user and group manager tools.  This parameter is
 	enabled by default. It can be disabled to prevent members of the Domain Admins group from being able to
 	assign privileges to users or groups which can then result in certain smbd operations running as root that
diff --git a/docs-xml/smbdotconf/protocol/usespnego.xml b/docs-xml/smbdotconf/protocol/usespnego.xml
index 8fb559c..e16c7ce 100644
--- a/docs-xml/smbdotconf/protocol/usespnego.xml
+++ b/docs-xml/smbdotconf/protocol/usespnego.xml
@@ -4,7 +4,7 @@
                  developer="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
-    <para>This variable controls controls whether samba will try 
+    <para>This deprecated variable controls controls whether samba will try 
     to use Simple and Protected NEGOciation (as specified by rfc2478) with 
     WindowsXP and Windows2000 clients to agree upon an authentication mechanism. 
 </para>
diff --git a/docs-xml/smbdotconf/security/passwordlevel.xml b/docs-xml/smbdotconf/security/passwordlevel.xml
index 1da11e4..eee838f 100644
--- a/docs-xml/smbdotconf/security/passwordlevel.xml
+++ b/docs-xml/smbdotconf/security/passwordlevel.xml
@@ -13,7 +13,7 @@
     text passwords even when NT LM 0.12 selected by the protocol
     negotiation request/response.</para>
 
-    <para>This parameter defines the maximum number of characters 
+    <para>This deprecated parameter defines the maximum number of characters 
     that may be upper case in passwords.</para>
 
     <para>For example, say the password given was "FRED". If <parameter moreinfo="none">
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index 514ea54..e20a73d 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -22,32 +22,18 @@
     the most common setting needed when talking to Windows 98 and 
     Windows NT.</para>
 
-    <para>The alternatives are <command moreinfo="none">security = share</command>,
-    <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain
-    </command>.</para>
+    <para>The alternatives are
+    <command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
+    </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = share</command> and <command moreinfo="none">security = server</command>, both of which are deprecated.</para>
 
     <para>In versions of Samba prior to 2.0.0, the default was 
     <command moreinfo="none">security = share</command> mainly because that was
     the only option at one stage.</para>
 
-    <para>There is a bug in WfWg that has relevance to this 
-    setting. When in user or server level security a WfWg client 
-    will totally ignore the username and password you type in the "connect 
-    drive" dialog box. This makes it very difficult (if not impossible) 
-    to connect to a Samba service as anyone except the user that 
-    you are logged into WfWg as.</para>
-
-    <para>If your PCs use usernames that are the same as their 
-    usernames on the UNIX machine then you will want to use 
-    <command moreinfo="none">security = user</command>. If you mostly use usernames 
-    that don't exist on the UNIX box then use <command moreinfo="none">security = 
-    share</command>.</para>
-
-    <para>You should also use <command moreinfo="none">security = share</command> if you 
+    <para>You should use <command moreinfo="none">security = user</command> and 
+    <smbconfoption name="map to guest"/> if you 
     want to mainly setup shares without a password (guest shares). This 
-    is commonly used for a shared printer server. It is more difficult 
-    to setup guest shares with <command moreinfo="none">security = user</command>, see 
-    the <smbconfoption name="map to guest"/> parameter for details.</para>
+    is commonly used for a shared printer server. </para>
 		
     <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis>
     hybrid mode</emphasis> where it is offers both user and share 
@@ -56,7 +42,62 @@
     <para>The different settings will now be explained.</para>
 
 
+    <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
+
+    <para>This is the default security setting in Samba. 
+    With user-level security a client must first "log-on" with a 
+    valid username and password (which can be mapped using the <smbconfoption name="username map"/> 
+    parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
+    be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
+	name="guest only"/> if set	are then applied and 
+    may change the UNIX user to use on this connection, but only after 
+    the user has been successfully authenticated.</para>
+
+    <para><emphasis>Note</emphasis> that the name of the resource being 
+    requested is <emphasis>not</emphasis> sent to the server until after 
+    the server has successfully authenticated the client. This is why 
+    guest shares don't work in user level security without allowing 
+    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
+    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+    <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+    <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
+
+    <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
+    <manvolnum>8</manvolnum></citerefentry> has been used to add this
+    machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
+	parameter to be set to <constant>yes</constant>. In this 
+    mode Samba will try to validate the username/password by passing
+    it to a Windows NT Primary or Backup Domain Controller, in exactly 
+    the same way that a Windows NT Server would do.</para>
+
+    <para><emphasis>Note</emphasis> that a valid UNIX user must still 
+    exist as well as the account on the Domain Controller to allow 
+    Samba to have a valid UNIX account to map file access to.</para>
+
+    <para><emphasis>Note</emphasis> that from the client's point 
+    of view <command moreinfo="none">security = domain</command> is the same 
+    as <command moreinfo="none">security = user</command>. It only 
+    affects how the server deals with the authentication, 
+    it does not in any way affect what the client sees.</para>
+
+    <para><emphasis>Note</emphasis> that the name of the resource being 
+    requested is <emphasis>not</emphasis> sent to the server until after 
+    the server has successfully authenticated the client. This is why 
+    guest shares don't work in user level security without allowing 
+    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
+    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
+
+    <para>See also the section <link linkend="VALIDATIONSECT">
+    NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
+
+    <para>See also the <smbconfoption name="password server"/> parameter and
+	 the <smbconfoption name="encrypted passwords"/> parameter.</para>
+
     <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para> 
+
+    <note><para>This option is deprecated as it is incompatible with SMB2</para></note>
 		
     <para>When clients connect to a share level security server, they 
     need not log onto the server with a valid username and password before 
@@ -135,63 +176,10 @@
     <para>See also the section <link linkend="VALIDATIONSECT">
     NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
 
-    <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para>
-
-    <para>This is the default security setting in Samba 3.0. 
-    With user-level security a client must first "log-on" with a 
-    valid username and password (which can be mapped using the <smbconfoption name="username map"/> 
-    parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
-    be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
-	name="guest only"/> if set	are then applied and 
-    may change the UNIX user to use on this connection, but only after 
-    the user has been successfully authenticated.</para>
-
-    <para><emphasis>Note</emphasis> that the name of the resource being 
-    requested is <emphasis>not</emphasis> sent to the server until after 
-    the server has successfully authenticated the client. This is why 
-    guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
-    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
-
-    <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
-    <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para>
-
-    <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
-    <manvolnum>8</manvolnum></citerefentry> has been used to add this
-    machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
-	parameter to be set to <constant>yes</constant>. In this 
-    mode Samba will try to validate the username/password by passing
-    it to a Windows NT Primary or Backup Domain Controller, in exactly 
-    the same way that a Windows NT Server would do.</para>
-
-    <para><emphasis>Note</emphasis> that a valid UNIX user must still 
-    exist as well as the account on the Domain Controller to allow 
-    Samba to have a valid UNIX account to map file access to.</para>
-
-    <para><emphasis>Note</emphasis> that from the client's point 
-    of view <command moreinfo="none">security = domain</command> is the same 
-    as <command moreinfo="none">security = user</command>. It only 
-    affects how the server deals with the authentication, 
-    it does not in any way affect what the client sees.</para>
-
-    <para><emphasis>Note</emphasis> that the name of the resource being 
-    requested is <emphasis>not</emphasis> sent to the server until after 
-    the server has successfully authenticated the client. This is why 
-    guest shares don't work in user level security without allowing 
-    the server to automatically map unknown users into the <smbconfoption name="guest account"/>. 
-    See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
-
-    <para>See also the section <link linkend="VALIDATIONSECT">
-    NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para>
-
-    <para>See also the <smbconfoption name="password server"/> parameter and
-	 the <smbconfoption name="encrypted passwords"/> parameter.</para>
-
     <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para>
 
     <para>
-	In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an
+	In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an
 	NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the
 	<smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote
 	server does not support them.  However note that if encrypted passwords have been negotiated then Samba cannot
@@ -203,10 +191,10 @@
 	<note><para>This mode of operation has
     significant pitfalls since it is more vulnerable to
     man-in-the-middle attacks and server impersonation.  In particular,
-    this mode of operation can cause significant resource consuption on
+    this mode of operation can cause significant resource consumption on
     the PDC, as it must maintain an active connection for the duration
     of the user's session.  Furthermore, if this connection is lost,
-    there is no way to reestablish it, and futher authentications to the
+    there is no way to reestablish it, and further authentications to the
     Samba server may fail (from a single client, till it disconnects).
 	</para></note>
 
@@ -216,6 +204,8 @@
     only affects how the server deals  with the authentication, it does
 	not in any way affect what the  client sees.</para></note>
 
+    <note><para>This option is deprecated, and may be removed in future</para></note>
+
     <para><emphasis>Note</emphasis> that the name of the resource being 
     requested is <emphasis>not</emphasis> sent to the server until after 
     the server has successfully authenticated the client. This is why 
diff --git a/docs-xml/smbdotconf/security/username.xml b/docs-xml/smbdotconf/security/username.xml
index 3a45d4d..19d8a2e 100644
--- a/docs-xml/smbdotconf/security/username.xml
+++ b/docs-xml/smbdotconf/security/username.xml
@@ -9,7 +9,7 @@
     list, in which case the supplied password will be tested against 
     each username in turn (left to right).</para>
 
-    <para>The <parameter moreinfo="none">username</parameter> line is needed only when 
+    <para>The deprecated <parameter moreinfo="none">username</parameter> line is needed only when 
     the PC is unable to supply its own username. This is the case 
     for the COREPLUS protocol or where your users have different WfWg 
     usernames to UNIX usernames. In both these cases you may also be 
diff --git a/source3/modules/CP437.c b/lib/util/charset/CP437.c
similarity index 99%
rename from source3/modules/CP437.c
rename to lib/util/charset/CP437.c
index 96d14b1..1e478d6 100644
--- a/source3/modules/CP437.c
+++ b/lib/util/charset/CP437.c
@@ -22,7 +22,7 @@
 
 #include "includes.h"
 
-static const uint16 to_ucs2[256] = {
+static const uint16_t to_ucs2[256] = {
  0x0000, 0x0001, 0x0002, 0x0003, 0x0004, 0x0005, 0x0006, 0x0007,
  0x0008, 0x0009, 0x000A, 0x000B, 0x000C, 0x000D, 0x000E, 0x000F,
  0x0010, 0x0011, 0x0012, 0x0013, 0x0014, 0x0015, 0x0016, 0x0017,
diff --git a/source3/modules/CP850.c b/lib/util/charset/CP850.c
similarity index 99%
rename from source3/modules/CP850.c
rename to lib/util/charset/CP850.c
index 40730c0..87a76f4 100644
--- a/source3/modules/CP850.c
+++ b/lib/util/charset/CP850.c
@@ -22,7 +22,7 @@
 
 #include "includes.h"
 
-static const uint16 to_ucs2[256] = {
+static const uint16_t to_ucs2[256] = {
  0x0000, 0x0001, 0x0002, 0x0003, 0x0004, 0x0005, 0x0006, 0x0007,
  0x0008, 0x0009, 0x000A, 0x000B, 0x000C, 0x000D, 0x000E, 0x000F,
  0x0010, 0x0011, 0x0012, 0x0013, 0x0014, 0x0015, 0x0016, 0x0017,
diff --git a/lib/util/charset/charset.h b/lib/util/charset/charset.h
index e5fd596..a7e5542 100644
--- a/lib/util/charset/charset.h
+++ b/lib/util/charset/charset.h
@@ -279,7 +279,7 @@ static size_t CHARSETNAME ## _push(void *cd, const char **inbuf, size_t *inbytes
 		int i; 										\
 		int done = 0; 									\
 												\
-		uint16 ch = SVAL(*inbuf,0); 							\
+		uint16_t ch = SVAL(*inbuf,0); 							\
 												\
 		for (i=0; from_idx[i].start != 0xffff; i++) {					\
 			if ((from_idx[i].start <= ch) && (from_idx[i].end >= ch)) {		\
diff --git a/source3/modules/charset_macosxfs.c b/lib/util/charset/charset_macosxfs.c
similarity index 100%
rename from source3/modules/charset_macosxfs.c
rename to lib/util/charset/charset_macosxfs.c
diff --git a/source3/modules/weird.c b/lib/util/charset/weird.c
similarity index 100%
rename from source3/modules/weird.c
rename to lib/util/charset/weird.c
diff --git a/lib/util/charset/wscript_build b/lib/util/charset/wscript_build
index 7623131..3b29ace 100644
--- a/lib/util/charset/wscript_build
+++ b/lib/util/charset/wscript_build
@@ -9,3 +9,36 @@ bld.SAMBA_SUBSYSTEM('CHARSET',
                     source='codepoints.c convert_string.c util_str.c util_unistr_w.c charcnv.c pull_push.c util_unistr.c',
                     deps='DYNCONFIG ICONV_WRAPPER'
                     )
+
+bld.SAMBA_MODULE('charset_weird',
+                 subsystem='CHARSET',
+                 source='weird.c',
+                 init_function='',
+                 deps='samba-util',
+                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('charset_weird'),
+                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('charset_weird'))
+
+bld.SAMBA_MODULE('charset_CP850',
+                 subsystem='CHARSET',
+                 source='CP850.c',
+                 init_function='',
+                 deps='samba-util',
+                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('charset_CP850'),
+                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('charset_CP850'))
+
+bld.SAMBA_MODULE('charset_CP437',
+                 subsystem='CHARSET',
+                 source='CP437.c',
+                 init_function='',
+                 deps='samba-util',
+                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('charset_CP437'),
+                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('charset_CP437'))
+
+bld.SAMBA_MODULE('charset_macosxfs',
+                 subsystem='CHARSET',
+                 source='charset_macosxfs.c',
+                 init_function='',
+                 internal_module=bld.SAMBA3_IS_STATIC_MODULE('charset_macosxfs'),
+                 enabled=bld.SAMBA3_IS_ENABLED_MODULE('charset_macosxfs'))
+
+
diff --git a/lib/util/debug.c b/lib/util/debug.c
index b0a7882..c1b33de 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -203,7 +203,7 @@ void gfree_debugsyms(void)
 
 	TALLOC_FREE(format_bufr);
 
-	debug_num_classes = DBGC_MAX_FIXED;
+	debug_num_classes = 0;
 
 	state.initialized = false;
 }
diff --git a/librpc/wscript_build b/librpc/wscript_build
index d6f0f6d..a180c38 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -305,7 +305,7 @@ bld.SAMBA_LIBRARY('ndr-standard',
 	pc_files='ndr_standard.pc',
 	deps='''NDR_SECURITY NDR_LSA NDR_SAMR NDR_NETLOGON NDR_EVENTLOG NDR_DFS
 	NDR_NTSVCS NDR_SVCCTL NDR_INITSHUTDOWN NDR_WKSSVC NDR_SRVSVC NDR_WINREG
-	NDR_ECHO security NDR_DNS NDR_ATSVC''',
+	NDR_ECHO security NDR_DNS NDR_ATSVC NDR_SPOOLSS NDR_DSSETUP''',
 	public_deps='ndr',
 	public_headers='gen_ndr/samr.h gen_ndr/ndr_samr.h gen_ndr/lsa.h gen_ndr/netlogon.h gen_ndr/atsvc.h gen_ndr/ndr_atsvc.h gen_ndr/ndr_svcctl.h gen_ndr/svcctl.h',
 	header_path='gen_ndr'
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 2ad1dc7..84bfd9a 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -778,10 +778,10 @@ PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
 		lib/util_nscd.o lib/winbind_util.o $(SERVER_MUTEX_OBJ) \
 		passdb/pdb_util.o
 
-DEVEL_HELP_WEIRD_OBJ = modules/weird.o
-CP850_OBJ = modules/CP850.o
-CP437_OBJ = modules/CP437.o
-CHARSET_MACOSXFS_OBJ = modules/charset_macosxfs.o
+DEVEL_HELP_WEIRD_OBJ = ../lib/util/charset/weird.o
+CP850_OBJ = ../lib/util/charset/CP850.o
+CP437_OBJ = ../lib/util/charset/CP437.o
+CHARSET_MACOSXFS_OBJ = ../lib/util/charset/charset_macosxfs.o
 
 GROUPDB_OBJ = groupdb/mapping.o groupdb/mapping_tdb.o
 
diff --git a/source3/lib/netapi/netapi.c b/source3/lib/netapi/netapi.c
index cd59027..06e353d 100644
--- a/source3/lib/netapi/netapi.c
+++ b/source3/lib/netapi/netapi.c
@@ -24,7 +24,6 @@
 #include "krb5_env.h"
 
 struct libnetapi_ctx *stat_ctx = NULL;
-TALLOC_CTX *frame = NULL;
 static bool libnetapi_initialized = false;
 
 /****************************************************************
@@ -57,6 +56,8 @@ were not expecting it.
 
 NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context)
 {
+	NET_API_STATUS ret;
+	TALLOC_CTX *frame;
 	if (stat_ctx && libnetapi_initialized) {
 		*context = stat_ctx;
 		return NET_API_STATUS_SUCCESS;
@@ -76,7 +77,7 @@ NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context)
 	lp_set_cmdline("log level", "0");
 	setup_logging("libnetapi", DEBUG_STDERR);
 
-	if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, false)) {
+	if (!lp_load(get_dyn_CONFIGFILE(), true, false, false, true)) {
 		TALLOC_FREE(frame);
 		fprintf(stderr, "error loading %s\n", get_dyn_CONFIGFILE() );
 		return W_ERROR_V(WERR_GENERAL_FAILURE);
@@ -88,7 +89,9 @@ NET_API_STATUS libnetapi_init(struct libnetapi_ctx **context)
 
 	BlockSignals(True, SIGPIPE);
 
-	return libnetapi_net_init(context);
+	ret = libnetapi_net_init(context);
+	TALLOC_FREE(frame);
+	return ret;
 }
 
 /****************************************************************
@@ -105,7 +108,7 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context)
 	struct libnetapi_ctx *ctx = NULL;
 	char *krb5_cc_env = NULL;
 
-	frame = talloc_stackframe();
+	TALLOC_CTX *frame = talloc_stackframe();
 
 	ctx = talloc_zero(frame, struct libnetapi_ctx);
 	if (!ctx) {
@@ -117,14 +120,14 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context)
 
 	krb5_cc_env = getenv(KRB5_ENV_CCNAME);
 	if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) {
-		ctx->krb5_cc_env = talloc_strdup(frame, "MEMORY:libnetapi");
+		ctx->krb5_cc_env = talloc_strdup(ctx, "MEMORY:libnetapi");
 		setenv(KRB5_ENV_CCNAME, ctx->krb5_cc_env, 1);
 	}
 
 	if (getenv("USER")) {
-		ctx->username = talloc_strdup(frame, getenv("USER"));
+		ctx->username = talloc_strdup(ctx, getenv("USER"));
 	} else {
-		ctx->username = talloc_strdup(frame, "");
+		ctx->username = talloc_strdup(ctx, "");
 	}
 	if (!ctx->username) {
 		TALLOC_FREE(frame);
@@ -140,8 +143,10 @@ NET_API_STATUS libnetapi_net_init(struct libnetapi_ctx **context)
 
 	libnetapi_initialized = true;
 
+	talloc_steal(NULL, ctx);
 	*context = stat_ctx = ctx;
-
+	
+	TALLOC_FREE(frame);
 	return NET_API_STATUS_SUCCESS;
 }
 
@@ -187,8 +192,10 @@ NET_API_STATUS libnetapi_free(struct libnetapi_ctx *ctx)
 
 	secrets_shutdown();
 
+	if (ctx == stat_ctx) {
+		stat_ctx = NULL;
+	}
 	TALLOC_FREE(ctx);
-	TALLOC_FREE(frame);
 
 	gfree_debugsyms();
 
@@ -202,10 +209,14 @@ NET_API_STATUS libnetapi_free(struct libnetapi_ctx *ctx)
 NET_API_STATUS libnetapi_set_debuglevel(struct libnetapi_ctx *ctx,
 					const char *debuglevel)
 {
+	TALLOC_CTX *frame = talloc_stackframe();
 	ctx->debuglevel = talloc_strdup(ctx, debuglevel);
+	
 	if (!lp_set_cmdline("log level", debuglevel)) {
+		TALLOC_FREE(frame);
 		return W_ERROR_V(WERR_GENERAL_FAILURE);
 	}
+	TALLOC_FREE(frame);
 	return NET_API_STATUS_SUCCESS;
 }
 
@@ -272,15 +283,21 @@ NET_API_STATUS libnetapi_set_use_ccache(struct libnetapi_ctx *ctx)
 }
 
 /****************************************************************
+Return a libnetapi error as a string, caller must free with NetApiBufferFree
 ****************************************************************/
 
-const char *libnetapi_errstr(NET_API_STATUS status)
+char *libnetapi_errstr(NET_API_STATUS status)


-- 
Samba Shared Repository


More information about the samba-cvs mailing list