[SCM] Samba Shared Repository - branch v4-9-stable updated

Karolin Seeger kseeger at samba.org
Thu Dec 20 08:29:36 UTC 2018


The branch, v4-9-stable has been updated
       via  f1a0c8355e6 VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release.
       via  9da8cd023f2 WHATSNEW: Add release notes for Samba 4.9.4.
       via  d18c5775771 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name
       via  fa2a9c3be08 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert()
       via  baf1e0f30fe s3:smbd: add twrp args to filename_convert()
       via  f8c144fa191 s3:smbd: add twrp processing to filename_convert_internal()
       via  88863119323 s3:smbd: prepare filename_convert_internal() for twrp
       via  3295cc8b4a5 s3:selftest: add a VSS test reading a stream
       via  1f897e6c1d2 s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
       via  e60c9431c6e vfs_shadow_copy2: nicely deal with attempts to open previous version for writing
       via  256d488b593 vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted
       via  0e355e3826f vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()
       via  0244de24cfe s3:script/tests: add a test for VSS write behaviour
       via  6f8ea0a08ea s4:torture: add a test-suite for VSS
       via  1cf55de5ceb vfs_error_inject: add EBADF error
       via  8eaf7922410 vfs_error_inject: add pwrite
       via  f53459c9232 s3:libads: Add net ads leave keep-account option
       via  1d0e4511ce1 winbindd: Route predefined domains through the BUILTIN domain child
       via  ac2c24cc424 winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
       via  fd91429b529 winbindd: add some braces
       via  cf7e9d3d90f libcli/security: add dom_sid_lookup_is_predefined_domain()
       via  7cc1a8d9caa selftest: test wbinfo -n and --gid-info with "NT Authority"
       via  53b2e9aff3a CVE-2018-14629 dns: fix CNAME loop prevention using counter regression
       via  850a5521a3b CVE-2018-14629: Tests to expose regression from dns cname loop fix
       via  6a549df2419 ctdb-daemon: Exit with error if a database directory does not exist
       via  b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case
       via  a26e6160b33 CVE-2018-16853: Do not segfault if client is not set
       via  a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't crash
       via  09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
       via  d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking ldbsearch
       via  2332c99cba7 libcli/smb: don't overwrite status code
       via  739ce2c7335 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
       via  f678c6f06f0 ldb_controls: Add some talloc error checking for controls
       via  f4105adc285 sync_passwords: Remove dirsync cookie logging for continuous operation
       via  517df6d3da3 dirsync: Allow arbitrary length cookies
       via  a816ca4004a PEP8: fix E231: missing whitespace after ','
       via  b3d376b7d4d VERSION: Bump version up to 4.9.4.
       via  9e05ff6b9bf Merge tag 'samba-4.9.3' into v4-9-test
       via  7cd5db7a63d ctdb-tests: Make the debug hung script test cope with unreadable stacks
       via  041e0945cb5 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
       via  77cf7167374 s4:torture/smb2/session: session reauth response must be signed
       via  f2c456aa1b7 s4:torture/smb2/session: add force_signing to test_session_expire1i
       via  2b164eca304 s4:torture/smb2/session: require a signed session setup reauth response
       via  ff0db7ec9c2 s4:torture/smb2/session: invalidate credential cache
       via  6c3577a5885 libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
       via  6ca7a8a2ffb libcli/smb: defer singing check a little bit
       via  cd8ea322a32 libcli/smb: maintain require_signed_response in smbXcli_req_state
       via  4f5af7ba729 libcli/smb: add smb2cli_session_require_signed_response()
       via  052df0f679d s3:selftest: also run smb2.session torture testsuite against ad_member
       via  e71252ecb2b s3:selftest: split "raw.session" and "smb2.session"
       via  299e6edd0e6 torture: Fix the 32-bit build
       via  5420863dd11 vfs_fruit: validation of writes on AFP_AfpInfo stream
       via  4672656d9e1 vfs_fruit: move a comment to the right place
       via  b6585b6fa67 s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
       via  7f8740c0acf winbindd: Fix crash when taking profiles
       via  7a542190501 lib:util: Fix DEBUGCLASS pointer initializiation
       via  424d4d2b408 VERSION: Bump version up to 4.9.3...
      from  40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                          |   2 +-
 WHATSNEW.txt                                     |  83 +++++-
 ctdb/server/ctdbd.c                              |  20 ++
 ctdb/tests/simple/90_debug_hung_script.sh        |  17 +-
 docs-xml/manpages/net.8.xml                      |   9 +-
 lib/ldb/common/ldb_controls.c                    | 108 +++++++-
 lib/util/debug.c                                 |   4 +-
 libcli/security/dom_sid.h                        |   1 +
 libcli/security/util_sid.c                       |  33 +++
 libcli/smb/smbXcli_base.c                        |  49 +++-
 libcli/smb/smbXcli_base.h                        |   2 +
 nsswitch/tests/test_wbinfo.sh                    |  18 ++
 python/samba/netcmd/user.py                      |   9 +-
 python/samba/tests/dns.py                        | 101 +++++++
 selftest/knownfail.d/dns                         |  14 +-
 selftest/target/Samba3.pm                        |   9 +
 source3/libnet/libnet_join.c                     |   2 +
 source3/modules/vfs_error_inject.c               |  19 ++
 source3/modules/vfs_fruit.c                      |  86 ++++--
 source3/modules/vfs_glusterfs.c                  | 176 ++++++++++--
 source3/modules/vfs_shadow_copy2.c               | 230 ++++++++++++++--
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c        |   2 +
 source3/script/tests/test_shadow_copy_torture.sh | 114 ++++++++
 source3/selftest/tests.py                        |   9 +-
 source3/smbd/filename.c                          |  32 ++-
 source3/smbd/nttrans.c                           |   4 +
 source3/smbd/open.c                              |   1 +
 source3/smbd/proto.h                             |   1 +
 source3/smbd/reply.c                             |  15 +
 source3/smbd/smb2_create.c                       |  30 +-
 source3/smbd/smb2_query_directory.c              |   1 +
 source3/smbd/smb2_sesssetup.c                    |   8 +-
 source3/smbd/trans2.c                            |   8 +
 source3/utils/net.c                              |   3 +-
 source3/utils/net.h                              |   1 +
 source3/utils/net_ads.c                          |   9 +-
 source3/winbindd/winbindd.c                      |   3 +-
 source3/winbindd/winbindd_util.c                 |  37 ++-
 source4/dns_server/dns_query.c                   |  29 +-
 source4/kdc/mit-kdb/kdb_samba_policies.c         |  24 +-
 source4/kdc/mit_samba.c                          |   7 +-
 source4/torture/smb2/create.c                    | 174 ++++++++++++
 source4/torture/smb2/session.c                   | 141 +++++++++-
 source4/torture/smb2/smb2.c                      |   1 +
 source4/torture/vfs/fruit.c                      | 336 +++++++++++++++++++++++
 testprogs/blackbox/test_kinit_mit.sh             |  20 +-
 46 files changed, 1832 insertions(+), 170 deletions(-)
 create mode 100755 source3/script/tests/test_shadow_copy_torture.sh


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 808d4f3a318..7efe718ebbf 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=9
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fc1541dbbe5..b3a39d3291a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,82 @@
+                   =============================
+                   Release Notes for Samba 4.9.4
+                          December 20, 2018
+                   =============================
+
+
+Major bug fixes include:
+------------------------
+
+   o dns: Fix CNAME loop prevention using counter regression (bug #13600).
+
+
+Changes since 4.9.3:
+--------------------
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 9175: libcli/smb: Don't overwrite status code.
+   * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work.
+   * BUG 13661: Session setup reauth fails to sign response.
+   * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream.
+   * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous
+     version for writing.
+   * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails
+     with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name.
+
+o  Isaac Boukris <iboukris at gmail.com>
+   * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
+
+o  G√ľnther Deschner <gd at samba.org>
+   * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
+
+o  Joe Guo <joeg at catalyst.net.nz>
+   * PEP8: fix E231: missing whitespace after ','.
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 13629: winbindd: Fix crash when taking profiles.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
+     regression.
+
+o  Garming Sam <garming at catalyst.net.nz>
+   * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs. 
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 13571: CVE-2018-16853: Do not segfault if client is not set.
+   * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation.
+
+o  Martin Schwenke <martin at meltin.net>
+   * BUG 13696: ctdb-daemon: Exit with error if a database directory does not
+     exist.
+
+o  Justin Stephenson <jstephen at redhat.com>
+   * BUG 13498: s3:libads: Add net ads leave keep-account option.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
                    =============================
                    Release Notes for Samba 4.9.3
                          November 27, 2018
@@ -122,8 +201,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    =============================
                    Release Notes for Samba 4.9.2
diff --git a/ctdb/server/ctdbd.c b/ctdb/server/ctdbd.c
index 721347c4733..45519a7fc3d 100644
--- a/ctdb/server/ctdbd.c
+++ b/ctdb/server/ctdbd.c
@@ -299,8 +299,28 @@ int main(int argc, const char *argv[])
 	 */
 
 	ctdb->db_directory = ctdb_config.dbdir_volatile;
+	ok = directory_exist(ctdb->db_directory);
+	if (! ok) {
+		D_ERR("Volatile database directory %s does not exist\n",
+		      ctdb->db_directory);
+		goto fail;
+	}
+
 	ctdb->db_directory_persistent = ctdb_config.dbdir_persistent;
+	ok = directory_exist(ctdb->db_directory_persistent);
+	if (! ok) {
+		D_ERR("Persistent database directory %s does not exist\n",
+		      ctdb->db_directory_persistent);
+		goto fail;
+	}
+
 	ctdb->db_directory_state = ctdb_config.dbdir_state;
+	ok = directory_exist(ctdb->db_directory_state);
+	if (! ok) {
+		D_ERR("State database directory %s does not exist\n",
+		      ctdb->db_directory_state);
+		goto fail;
+	}
 
 	if (ctdb_config.lock_debug_script != NULL) {
 		ret = setenv("CTDB_DEBUG_LOCKS",
diff --git a/ctdb/tests/simple/90_debug_hung_script.sh b/ctdb/tests/simple/90_debug_hung_script.sh
index 846188fc716..8b8e22b3239 100755
--- a/ctdb/tests/simple/90_debug_hung_script.sh
+++ b/ctdb/tests/simple/90_debug_hung_script.sh
@@ -61,9 +61,21 @@ wait_until 60 onnode $test_node test -s "$debug_output"
 
 echo "Checking output of hung script debugging..."
 try_command_on_node -v $test_node cat "$debug_output"
+hung_script_output="$out"
+
+# Can we actually read kernel stacks
+if try_command_on_node $test_node "cat /proc/$$/stack >/dev/null 2>&1" ; then
+	stackpat='
+---- Stack trace of interesting process [0-9]*\\[sleep\\] ----
+[<[0-9a-f]*>] .*sleep+.*
+'
+else
+	stackpat=''
+fi
 
 while IFS="" read pattern ; do
-    if grep -- "^${pattern}\$" <<<"$out" >/dev/null ; then
+    [ -n "$pattern" ] || continue
+    if grep -- "^${pattern}\$" <<<"$hung_script_output" >/dev/null ; then
 	printf 'GOOD: output contains "%s"\n' "$pattern"
     else
 	printf 'BAD: output does not contain "%s"\n' "$pattern"
@@ -75,8 +87,7 @@ done <<EOF
 pstree -p -a .*:
 00\\\\.test\\\\.script,.*
  *\`-sleep,.*
----- Stack trace of interesting process [0-9]*\\\\[sleep\\\\] ----
-[<[0-9a-f]*>] .*sleep+.*
+${stackpat}
 ---- ctdb scriptstatus monitor: ----
 00\\.test *TIMEDOUT.*
  *OUTPUT: Sleeping for [0-9]* seconds\\\\.\\\\.\\\\.
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 3154ee5ff85..d2bcd24c502 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -377,6 +377,13 @@
 		</para></listitem>
 		</varlistentry>
 
+		<varlistentry>
+		<term>--keep-account</term>
+		<listitem><para>Prevent the machine account removal as
+		part of "net ads leave".
+		</para></listitem>
+		</varlistentry>
+
 		&stdarg.encrypt;
 		&popt.common.samba.client;
 
@@ -1276,7 +1283,7 @@ against an NT4 Domain Controller.
 </refsect2>
 
 <refsect2>
-<title>ADS LEAVE</title>
+<title>ADS LEAVE [--keep-account]</title>
 
 <para>Make the remote host leave the domain it is part of. </para>
 
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index a83768a352c..e0f0eb48f3a 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -520,6 +520,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 							   control->ctxid_len);
 			if (control->contextId == NULL) {
 				ldb_oom(ldb);
+				talloc_free(ctrl);
 				return NULL;
 			}
 		} else {
@@ -534,13 +535,20 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 	if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_NAME) == 0) {
 		struct ldb_dirsync_control *control;
 		const char *p;
-		char cookie[1024];
+		char *cookie = NULL;
 		int crit, max_attrs, ret;
 		uint32_t flags;
 
-		cookie[0] = '\0';
+		cookie = talloc_zero_array(ctrl, char,
+					   strlen(control_strings) + 1);
+		if (cookie == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_NAME)]);
-		ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie);
+		ret = sscanf(p, "%d:%u:%d:%[^$]", &crit, &flags, &max_attrs, cookie);
 
 		if ((ret < 3) || (crit < 0) || (crit > 1) || (max_attrs < 0)) {
 			ldb_set_errstring(ldb,
@@ -561,6 +569,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_DIRSYNC_OID;
 		ctrl->critical = crit;
 		control = talloc(ctrl, struct ldb_dirsync_control);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
 		control->flags = flags;
 		control->max_attributes = max_attrs;
 		if (*cookie) {
@@ -575,6 +588,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 			control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len);
 			if (control->cookie == NULL) {
 				ldb_oom(ldb);
+				talloc_free(ctrl);
 				return NULL;
 			}
 		} else {
@@ -582,17 +596,25 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 			control->cookie_len = 0;
 		}
 		ctrl->data = control;
+		TALLOC_FREE(cookie);
 
 		return ctrl;
 	}
 	if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_EX_NAME) == 0) {
 		struct ldb_dirsync_control *control;
 		const char *p;
-		char cookie[1024];
+		char *cookie = NULL;
 		int crit, max_attrs, ret;
 		uint32_t flags;
 
-		cookie[0] = '\0';
+		cookie = talloc_zero_array(ctrl, char,
+					   strlen(control_strings) + 1);
+		if (cookie == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_EX_NAME)]);
 		ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags, &max_attrs, cookie);
 
@@ -615,6 +637,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_DIRSYNC_EX_OID;
 		ctrl->critical = crit;
 		control = talloc(ctrl, struct ldb_dirsync_control);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
 		control->flags = flags;
 		control->max_attributes = max_attrs;
 		if (*cookie) {
@@ -630,6 +657,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 			control->cookie = (char *)talloc_memdup(control, cookie, control->cookie_len);
 			if (control->cookie == NULL) {
 				ldb_oom(ldb);
+				talloc_free(ctrl);
 				return NULL;
 			}
 		} else {
@@ -637,6 +665,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 			control->cookie_len = 0;
 		}
 		ctrl->data = control;
+		TALLOC_FREE(cookie);
 
 		return ctrl;
 	}
@@ -662,6 +691,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_ASQ_OID;
 		ctrl->critical = crit;
 		control = talloc(ctrl, struct ldb_asq_control);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
 		control->request = 1;
 		control->source_attribute = talloc_strdup(control, attr);
 		control->src_attr_len = strlen(attr);
@@ -693,6 +727,11 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 			control = NULL;
 		} else {
 			control = talloc(ctrl, struct ldb_extended_dn_control);
+			if (control == NULL) {
+				ldb_oom(ldb);
+				talloc_free(ctrl);
+				return NULL;
+			}
 			control->type = type;
 		}
 
@@ -723,6 +762,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_SD_FLAGS_OID;
 		ctrl->critical = crit;
 		control = talloc(ctrl, struct ldb_sd_flags_control);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		control->secinfo_flags = secinfo_flags;
 		ctrl->data = control;
 
@@ -749,6 +794,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_SEARCH_OPTIONS_OID;
 		ctrl->critical = crit;
 		control = talloc(ctrl, struct ldb_search_options_control);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		control->search_options = search_options;
 		ctrl->data = control;
 
@@ -865,6 +916,12 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_PAGED_RESULTS_OID;
 		ctrl->critical = crit;
 		control = talloc(ctrl, struct ldb_paged_control);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		control->size = size;
 		if (cookie[0] != '\0') {
 			int len = ldb_base64_decode(cookie);
@@ -879,6 +936,7 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 			control->cookie = talloc_memdup(control, cookie, control->cookie_len);
 			if (control->cookie == NULL) {
 				ldb_oom(ldb);
+				talloc_free(ctrl);
 				return NULL;
 			}
 		} else {
@@ -912,12 +970,36 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_SERVER_SORT_OID;
 		ctrl->critical = crit;
 		control = talloc_array(ctrl, struct ldb_server_sort_control *, 2);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		control[0] = talloc(control, struct ldb_server_sort_control);
+		if (control[0] == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		control[0]->attributeName = talloc_strdup(control, attr);
-		if (rule[0])
+		if (control[0]->attributeName == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
+		if (rule[0]) {
 			control[0]->orderingRule = talloc_strdup(control, rule);
-		else
+			if (control[0]->orderingRule == NULL) {
+				ldb_oom(ldb);
+				talloc_free(ctrl);
+				return NULL;
+			}
+		} else {
 			control[0]->orderingRule = NULL;
+		}
 		control[0]->reverse = rev;
 		control[1] = NULL;
 		ctrl->data = control;
@@ -1179,7 +1261,19 @@ struct ldb_control *ldb_parse_control_from_string(struct ldb_context *ldb, TALLO
 		ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID;
 		ctrl->critical = crit;
 		control = talloc(ctrl, struct ldb_verify_name_control);
+		if (control == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		control->gc = talloc_strdup(control, gc);
+		if (control->gc == NULL) {
+			ldb_oom(ldb);
+			talloc_free(ctrl);
+			return NULL;
+		}
+
 		control->gc_len = strlen(gc);
 		control->flags = flags;
 		ctrl->data = control;
diff --git a/lib/util/debug.c b/lib/util/debug.c
index d41e0f99c77..847ec1f0a0c 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -557,10 +557,10 @@ static const char *default_classname_table[] = {
  * This is to allow reading of DEBUGLEVEL_CLASS before the debug
  * system has been initialized.
  */
-static const int debug_class_list_initial[ARRAY_SIZE(default_classname_table)];
+static int debug_class_list_initial[ARRAY_SIZE(default_classname_table)];
 
 static size_t debug_num_classes = 0;
-int     *DEBUGLEVEL_CLASS = discard_const_p(int, debug_class_list_initial);
+int     *DEBUGLEVEL_CLASS = debug_class_list_initial;
 
 
 /* -------------------------------------------------------------------------- **
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index d9f4b3fc8a6..491fc0699f4 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -74,6 +74,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid *sid,
 				       enum lsa_SidType *type,
 				       const struct dom_sid **authority_sid,
 				       const char **authority_name);
+bool dom_sid_lookup_is_predefined_domain(const char *domain);
 
 int dom_sid_compare_auth(const struct dom_sid *sid1,
 			 const struct dom_sid *sid2);
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index af04dff1325..531d3809565 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -879,6 +879,39 @@ NTSTATUS dom_sid_lookup_predefined_name(const char *name,
 	return NT_STATUS_NONE_MAPPED;
 }
 
+bool dom_sid_lookup_is_predefined_domain(const char *domain)
+{
+	size_t di;
+	bool match;
+
+	if (domain == NULL) {
+		domain = "";
+	}
+
+	match = strequal(domain, "");
+	if (match) {
+		/*
+		 * Strange, but that's what W2012R2 does.


-- 
Samba Shared Repository



More information about the samba-cvs mailing list