r17911: Mgeres from SAMBA_3_0_23:

* DNS SRV fixes
* fd leak fix in async dns lookup code (nmbd)
* krb5 sesssetup double username map fix
* NULL deref fix in reg_objects.c

5 files changed, 44 insertions, 4 deletions

diff --git a/source/include/ads_dns.h b/source/include/ads_dns.h
index 9b65db0c8e4..fed886523f1 100644
--- a/source/include/ads_dns.h
+++ b/source/include/ads_dns.h
@@ -47,7 +47,9 @@ struct dns_rr_srv {
 	uint16 priority;
 	uint16 weight;
 	uint16 port;
-	struct in_addr ip;
+	size_t num_ips;
+	struct in_addr *ips;    /* support multi-homed hosts */
+
 };
 
 
diff --git a/source/libads/dns.c b/source/libads/dns.c
index 7dd877ea76d..23c76213cf4 100644
--- a/source/libads/dns.c
+++ b/source/libads/dns.c
@@ -334,14 +334,42 @@ NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, const char *name, struct dns_rr_sr
 		}
 
 		/* only interested in A records as a shortcut for having to come 
-		   back later and lookup the name */
+		   back later and lookup the name.  For multi-homed hosts, the 
+		   number of additional records and exceed the number of answer 
+		   records. */
+		  
 
 		if ( (rr.type != T_A) || (rr.rdatalen != 4) ) 
 			continue;
 
 		for ( i=0; i<idx; i++ ) {
 			if ( strcmp( rr.hostname, dcs[i].hostname ) == 0 ) {
-				uint8 *buf = (uint8*)&dcs[i].ip.s_addr;
+				int num_ips = dcs[i].num_ips;
+				uint8 *buf;
+				struct in_addr *tmp_ips;
+
+				/* allocate new memory */
+				
+				if ( dcs[i].num_ips == 0 ) {
+					if ( (dcs[i].ips = TALLOC_ARRAY( dcs, 
+						struct in_addr, 1 )) == NULL ) 
+					{
+						return NT_STATUS_NO_MEMORY;
+					}
+				} else {
+					if ( (tmp_ips = TALLOC_REALLOC_ARRAY( dcs, dcs[i].ips,
+						struct in_addr, dcs[i].num_ips+1)) == NULL ) 
+					{
+						return NT_STATUS_NO_MEMORY;
+					}
+					
+					dcs[i].ips = tmp_ips;
+				}
+				dcs[i].num_ips++;
+				
+				/* copy the new IP address */
+				
+				buf = (uint8*)&dcs[i].ips[num_ips].s_addr;
 				memcpy( buf, rr.rdata, 4 );
 			}
 		}
diff --git a/source/nmbd/asyncdns.c b/source/nmbd/asyncdns.c
index c8caa3fee29..0c7a1e50b78 100644
--- a/source/nmbd/asyncdns.c
+++ b/source/nmbd/asyncdns.c
@@ -205,6 +205,7 @@ void run_dns_queue(void)
 
 	if (!process_exists_by_pid(child_pid)) {
 		close(fd_in);
+		close(fd_out);
 		start_async_dns();
 	}
 
diff --git a/source/registry/reg_objects.c b/source/registry/reg_objects.c
index 33c2660331b..ecad94f1d6c 100644
--- a/source/registry/reg_objects.c
+++ b/source/registry/reg_objects.c
@@ -109,6 +109,10 @@ BOOL regsubkey_ctr_key_exists( REGSUBKEY_CTR *ctr, const char *keyname )
 {
 	int 	i;
 	
+	if (!ctr->subkeys) {
+		return False;
+	}
+
 	for ( i=0; i<ctr->num_subkeys; i++ ) {
 		if ( strequal( ctr->subkeys[i],keyname ) )
 			return True;
@@ -181,6 +185,7 @@ REGISTRY_VALUE* dup_registry_value( REGISTRY_VALUE *val )
 			DEBUG(0,("dup_registry_value: memdup() failed for [%d] bytes!\n",
 				val->size));
 			SAFE_FREE( copy );
+			return NULL;
 		}
 		copy->size = val->size;
 	}
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index fb579707cae..dd8d9fc8525 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -320,10 +320,14 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	
 	sub_set_smb_name( real_username );
 	reload_services(True);
+
 	if ( map_domainuser_to_guest ) {
 		make_server_info_guest(&server_info);
 	} else if (logon_info) {
-		ret = make_server_info_info3(mem_ctx, real_username, domain, 
+		/* pass the unmapped username here since map_username() 
+		   will be called again from inside make_server_info_info3() */
+		
+		ret = make_server_info_info3(mem_ctx, user, domain, 
 					     &server_info, &logon_info->info3);
 		if ( !NT_STATUS_IS_OK(ret) ) {
 			DEBUG(1,("make_server_info_info3 failed: %s!\n",