r1918: revert the passdb.c change; fix typos in release notes; add guenther's fix for pam_winbind

3 files changed, 20 insertions, 30 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 45f47c12c30..8aea1b6bd31 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
                   =============================
                   Release Notes for Samba 3.0.6
-                            Aug 18, 2004
+                            Aug 19, 2004
                   =============================
 
 This is the latest stable release of Samba. This is the version
@@ -52,7 +52,7 @@ New features introduced in this release include:
 unix extensions = yes (default) and symlinks
 --------------------------------------------
 
-Beginning with Samba 3.0.6pre1 (formally known as 3.0.5pre1), 
+Beginning with Samba 3.0.6pre1 (formerly known as 3.0.5pre1), 
 clients supporting the UNIX extensions to the CIFS protocol 
 can create symlinks to absolute paths which will be **followed** 
 by the server.  This functionality has been requested in order 
@@ -86,7 +86,7 @@ following attributes from access by non-administrative users:
    * sambaPasswordHistory
 
 You should refer to your directory server's documentation on how 
-to implement this restriction).
+to implement this restriction.
   
 
 ######################################################################
@@ -115,17 +115,19 @@ o   Gerald (Jerry) Carter <jerry@samba.org>
     * Tighten the cache consistency with the ntprinters.tdb entry 
       an the in memory cache associated with open printer handles.
     * Make sure that register_messages_flags() doesn't overwrite 
-      the originally registers flags.
+      the originally registered flags.
+
+
+o   Guenther Deschner <gd@sernet.de>
+    * Correct infinite loop in pam_winbind's verification of 
+      group membership in the 'other sids' field in the user_info3 
+      struct.
 
 
 o   Steve French <sfrench@us.ibm.com>
     * prevent infinite recusion in reopen_logs() when expanding 
       the smb.conf variable %I.
       
-o   Luke Howard <lukeh@padl.com>
-    * Correctly use uid_to_sid() and gid_to_sid() in 
-      pdb_set_sam_sids().
-
 
 o   Volker Lendecke <vl@samba.org>
     * Improved NT->AFS ACL mapping VFS module.
@@ -138,12 +140,12 @@ o   Lars Mueller <lmuelle@suse.de>
 o   James Peach <jpeach@sgi.com>
     * Prevent smbd from attempting to use sendfile at all if it is not
       supported by the server's OS.
-    * Allow SWAT to search for index.html when searving html files 
+    * Allow SWAT to search for index.html when serving html files 
       in a directory.
 
 
 o   Jelmer Vernooij <jelmer@samba.org>
-    * BUG 1474: Fix build of --with-expsma stuff on Solaris.
+    * BUG 1474: Fix build of --with-expsam stuff on Solaris.
 
 
 Changes since 3.0.5
diff --git a/source/nsswitch/winbindd_pam.c b/source/nsswitch/winbindd_pam.c
index 81d4e69ccd6..03947de8750 100644
--- a/source/nsswitch/winbindd_pam.c
+++ b/source/nsswitch/winbindd_pam.c
@@ -123,7 +123,7 @@ static NTSTATUS check_info3_in_group(TALLOC_CTX *mem_ctx,
            http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp
          */
 
-	for (i = 0; i < info3->num_other_sids; j++) {
+	for (i = 0; i < info3->num_other_sids; i++) {
 		sid_copy(&all_sids[info3->num_groups2 + i + 2],
 			 &info3->other_sids[j].sid);
 		j++;
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index 14c8c67aa3c..743978919b6 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -190,9 +190,7 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 	const char *guest_account = lp_guestaccount();
 	GROUP_MAP map;
 	BOOL ret;
-	DOM_SID user_sid;
-	DOM_SID group_sid;
-
+	
 	if (!account_data || !pwd) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
@@ -200,7 +198,7 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 	/* this is a hack this thing should not be set
 	   this way --SSS */
 	if (!(guest_account && *guest_account)) {
-		DEBUG(1, ("pdb_set_sam_sids: NULL guest account!?!?\n"));
+		DEBUG(1, ("NULL guest account!?!?\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	} else {
 		/* Ensure this *must* be set right */
@@ -215,13 +213,8 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 		}
 	}
 
-	if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, pwd->pw_uid))) {
-		if (!pdb_set_user_sid(account_data, &user_sid, PDB_SET)) {
-			DEBUG(0,("pdb_set_sam_sids: Can't set User SID from mapped UID\n"));
-			return NT_STATUS_INVALID_PARAMETER;
-		}
-	} else if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
-		DEBUG(0,("pdb_set_sam_sids: Can't set User SID from RID!\n"));
+	if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd->pw_uid), PDB_SET)) {
+		DEBUG(0,("Can't set User SID from RID!\n"));
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 	
@@ -232,18 +225,13 @@ static NTSTATUS pdb_set_sam_sids(SAM_ACCOUNT *account_data, const struct passwd
 	
 	if( ret ) {
 		if (!pdb_set_group_sid(account_data, &map.sid, PDB_SET)){
-			DEBUG(0,("pdb_set_sam_sids: Can't set Group SID!\n"));
+			DEBUG(0,("Can't set Group SID!\n"));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 	} 
 	else {
-		if (NT_STATUS_IS_OK(gid_to_sid(&group_sid, pwd->pw_gid))) {
-			if (!pdb_set_group_sid(account_data, &group_sid, PDB_SET)) {
-				DEBUG(0,("pdb_set_sam_sids: Can't set Group SID from mapped GID\n"));
-				return NT_STATUS_INVALID_PARAMETER;
-			}
-		} else if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
-			DEBUG(0,("pdb_set_sam_sids: Can't set Group SID\n"));
+		if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd->pw_gid), PDB_SET)) {
+			DEBUG(0,("Can't set Group SID\n"));
 			return NT_STATUS_INVALID_PARAMETER;
 		}
 	}