From 17894fc2516daf046b57796b42aa98e016f76444 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 25 Apr 2007 09:36:47 +0000
Subject: r22510: pull patches from SAMBA_3_0_25 and update release notes for
 3.0.25rc3

---
 WHATSNEW.txt                    | 72 +++++++++++++++++++++++++++++++++--------
 source/Makefile.in              | 10 +++---
 source/VERSION                  |  2 +-
 source/groupdb/mapping_tdb.c    | 12 +++----
 source/lib/util_sid.c           |  3 ++
 source/libgpo/gpo_fetch.c       |  1 +
 source/passdb/pdb_ldap.c        |  6 +++-
 source/rpc_server/srv_samr_nt.c |  7 +++-
 source/smbd/posix_acls.c        | 21 ++++++------
 source/smbd/reply.c             | 18 ++++++++++-
 source/smbd/trans2.c            |  6 ++--
 11 files changed, 116 insertions(+), 42 deletions(-)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index dfbff6be5a7..5333e90be20 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,9 +1,9 @@
                    =================================
-                   Release Notes for Samba 3.0.25rc2
-                               Apr 22, 2007
+                   Release Notes for Samba 3.0.25rc3
+                               Apr 25, 2007
                    =================================
 
-This is the second release candidate of the Samba 3.0.25 code base 
+This is the third release candidate of the Samba 3.0.25 code base 
 and is provided for testing only.  An RC release means that we are 
 close to the final release but the code may still have a few 
 remaining minor bugs.  This release is *not* intended for production 
@@ -27,7 +27,7 @@ Major features included in the 3.0.25 code base include:
     by side on the Same server.
   o Improved compatibility with Windows Vista clients including 
     improved read performance with Linux servers.
-  o Man pages for VFS plug-ins.
+  o Man pages for IdMap and VFS plug-ins.
 
 
 Off-line Logons and AD Site Support
@@ -42,14 +42,10 @@ information.
 New IdMap Interface for Winbindd
 ================================
 
-The 3.0.25 release of Samba will include a rewritten IdMap interface
-for winbindd which replaces the "idmap backend" parameter.  The
-initial design document may be found at
-
-	http://www.samba.org/~idra/samba3_newidmap.pdf
-
-Please refer to the "idmap domains" description in the smb.conf(5)
-man page for more details.
+The 3.0.25 release of Samba includes a rewritten IdMap interface
+for winbindd which replaces the "idmap backend" parameter.  Please 
+refer to the "idmap domains" description in the smb.conf(5) man 
+page for more details.
 
 
 Dynamic DNS Updates
@@ -95,8 +91,56 @@ Please refer to vfs_readahead(8) for more information.
 Changes
 #######
 
-Changes since 3.0.25pre2
-------------------------
+Changes since 3.0.25rc2
+-----------------------
+
+commits
+-------
+
+o   Jeremy Allison <jra@samba.org>
+    * Allow Well-Known and Local Groups to be stored in POSIX ACLs
+      as long as there is a SID/gid mapping entry available.
+    * Fix memory corruption bug in the CIFS POSIX open/mkdir.
+    * BUG 4536: Correctly delete symlinks pointing to a directory.
+
+
+o   Gerald (Jerry) Carter <jerry@samba.org>
+    * Ensure winbindd honors the "idmap domains" option and not 
+      default to idmap_tdb.
+    * Fix memory corruption caused by calling free() on talloc()'d
+      memory when adding and removing users from local groups.
+
+
+o   Guenther Deschner <gd@samba.org>
+    * Memory allocation error checks in libgpo.
+
+
+o   Jim McDonough <jmcd@us.ibm.com>
+    * Fix crate_user() access checks when setting the "User Cannot 
+      Change Password" flag.
+
+
+o   Simo Sorce <idra@samba.org>
+    * Fix linking flags used when creating shared libraries.
+
+
+
+Release Notes for older release follow:
+
+      --------------------------------------------------
+
+                   =================================
+                   Release Notes for Samba 3.0.25rc2
+                               Apr 22, 2007
+                   =================================
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.25rc1
+-----------------------
 
 commits
 -------
diff --git a/source/Makefile.in b/source/Makefile.in
index 0046899b727..02396b56437 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -23,10 +23,10 @@ SHLD=@SHLD@
 CFLAGS=@CFLAGS@
 CPPFLAGS=-DHAVE_CONFIG_H @CPPFLAGS@
 EXEEXT=@EXEEXT@
-LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
 AR=@AR@
 LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@
 WINBIND_NSS_LDSHFLAGS=@WINBIND_NSS_LDSHFLAGS@ @LDFLAGS@
+LDFLAGS=@PIE_LDFLAGS@ @LDFLAGS@
 AWK=@AWK@
 PICFLAG=@PICFLAG@
 DYNEXP=@DYNEXP@
@@ -1144,7 +1144,7 @@ bin/smbfilter@EXEEXT@: proto_exists $(SMBFILTER_OBJ) bin/.dummy
 
 bin/libaddns.@SHLIBEXT@: proto_exists $(LIBADDNS_OBJ)
 	@echo Linking libaddns shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBADDNS_OBJ) $(LIBS) \
 		$(KRB5LIBS) $(UUID_LIBS)\
 		@SONAMEFLAG@`basename $@`.$(LIBADDNS_MAJOR)
 
@@ -1154,7 +1154,7 @@ bin/libaddns.a: proto_exists $(LIBADDNS_OBJ)
 
 bin/libsmbclient.@SHLIBEXT@: proto_exists $(LIBSMBCLIENT_OBJ)
 	@echo Linking libsmbclient shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_OBJ) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		@SONAMEFLAG@`basename $@`.$(LIBSMBCLIENT_MAJOR)
 
@@ -1164,7 +1164,7 @@ bin/libsmbclient.a: proto_exists $(LIBSMBCLIENT_OBJ)
 
 bin/libsmbsharemodes.@SHLIBEXT@: proto_exists $(LIBSMBSHAREMODES_OBJ)
 	@echo Linking libsmbsharemodes shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBSHAREMODES_OBJ) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) \
 		@SONAMEFLAG@`basename $@`.$(LIBSMBSHAREMODES_MAJOR)
 
@@ -1174,7 +1174,7 @@ bin/libsmbsharemodes.a: proto_exists $(LIBSMBSHAREMODES_OBJ)
 
 bin/libmsrpc.@SHLIBEXT@: proto_exists $(CAC_OBJ)
 	@echo Linking libmsrpc shared library $@
-	@$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(SHLD) $(LDSHFLAGS) -o $@ $(CAC_OBJ) $(LIBS) \
 	@SONAMEFLAG@`basename $@`.$(LIBMSRPC_MAJOR)
 
 bin/libmsrpc.a: proto_exists $(CAC_OBJ)
diff --git a/source/VERSION b/source/VERSION
index f29d828ada5..816251096ab 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -56,7 +56,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1                      #
 #  ->  "3.0.0rc1"                                      #
 ########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
 
 ########################################################
 # To mark SVN snapshots this should be set to 'yes'    #
diff --git a/source/groupdb/mapping_tdb.c b/source/groupdb/mapping_tdb.c
index cff557ff133..2a4753d24f3 100644
--- a/source/groupdb/mapping_tdb.c
+++ b/source/groupdb/mapping_tdb.c
@@ -466,11 +466,11 @@ static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member)
 
 	for (i=0; i<num; i++) {
 		if (sid_compare(alias, &sids[i]) == 0) {
-			SAFE_FREE(sids);
+			TALLOC_FREE(sids);
 			return True;
 		}
 	}
-	SAFE_FREE(sids);
+	TALLOC_FREE(sids);
 	return False;
 }
 
@@ -637,7 +637,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
 	}
 
 	if (!found) {
-		SAFE_FREE(sids);
+		TALLOC_FREE(sids);
 		return NT_STATUS_MEMBER_NOT_IN_ALIAS;
 	}
 
@@ -659,7 +659,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
 	member_string = SMB_STRDUP("");
 
 	if (member_string == NULL) {
-		SAFE_FREE(sids);
+		TALLOC_FREE(sids);
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -671,7 +671,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
 
 		SAFE_FREE(s);
 		if (member_string == NULL) {
-			SAFE_FREE(sids);
+			TALLOC_FREE(sids);
 			return NT_STATUS_NO_MEMORY;
 		}
 	}
@@ -682,7 +682,7 @@ static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data,
 	result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
 		NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
 
-	SAFE_FREE(sids);
+	TALLOC_FREE(sids);
 	SAFE_FREE(member_string);
 
 	return result;
diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c
index 032be9aa93b..c89abc916f2 100644
--- a/source/lib/util_sid.c
+++ b/source/lib/util_sid.c
@@ -510,6 +510,9 @@ BOOL non_mappable_sid(DOM_SID *sid)
 	DOM_SID dom;
 	uint32 rid;
 
+	if (sid_equal(sid, &global_sid_System))
+		return True;
+
 	sid_copy(&dom, sid);
 	sid_split_rid(&dom, &rid);
 
diff --git a/source/libgpo/gpo_fetch.c b/source/libgpo/gpo_fetch.c
index 3347a36b07e..abc5ab46844 100644
--- a/source/libgpo/gpo_fetch.c
+++ b/source/libgpo/gpo_fetch.c
@@ -188,6 +188,7 @@ NTSTATUS ads_gpo_get_sysvol_gpt_version(ADS_STRUCT *ads,
 
 	if (name && *display_name) {
 		*display_name = talloc_strdup(mem_ctx, name);
+		NT_STATUS_HAVE_NO_MEMORY(*display_name);
 	}
 
 	return NT_STATUS_OK;
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index c4c53c30664..24df6279341 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -455,7 +455,11 @@ static time_t ldapsam_get_entry_timestamp( struct ldapsam_privates *ldap_state,
 			temp))
 		return (time_t) 0;
 
-	strptime(temp, "%Y%m%d%H%M%SZ", &tm);
+	if ( !strptime(temp, "%Y%m%d%H%M%SZ", &tm)) {
+		DEBUG(2,("ldapsam_get_entry_timestamp: strptime failed on: %s\n",
+			(char*)temp));
+		return (time_t) 0;
+	}
 	tzset();
 	return timegm(&tm);
 }
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 0b2e24fa899..db0dc7f5e8a 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -739,7 +739,12 @@ NTSTATUS _samr_set_sec_obj(pipes_struct *p, SAMR_Q_SET_SEC_OBJ *q_u, SAMR_R_SET_
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	status = pdb_update_sam_account(sampass);
+	status = access_check_samr_function(acc_granted, SA_RIGHT_USER_SET_ATTRIBUTES, "_samr_set_sec_obj");
+	if (NT_STATUS_IS_OK(status)) {
+		become_root();
+		status = pdb_update_sam_account(sampass);
+		unbecome_root();
+	}
 
 	TALLOC_FREE(sampass);
 
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 50038dd464c..cdb60a23e72 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -1346,17 +1346,6 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 	for(i = 0; i < dacl->num_aces; i++) {
 		SEC_ACE *psa = &dacl->aces[i];
 
-		/*
-		 * Ignore non-mappable SIDs (NT Authority, BUILTIN etc).
-		 */
-
-		if (non_mappable_sid(&psa->trustee)) {
-			fstring str;
-			DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
-				sid_to_string(str, &psa->trustee) ));
-			continue;
-		}
-
 		/*
 		 * Create a cannon_ace entry representing this NT DACL ACE.
 		 */
@@ -1417,6 +1406,16 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
 		} else {
 			fstring str;
 
+			/*
+			 * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
+			 */
+
+			if (non_mappable_sid(&psa->trustee)) {
+				DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n",
+					sid_to_string(str, &psa->trustee) ));
+				continue;
+			}
+
 			free_canon_ace_list(file_ace);
 			free_canon_ace_list(dir_ace);
 			DEBUG(0,("create_canon_ace_lists: unable to map SID %s to uid or gid.\n",
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index bad3c6f0a80..2f1f5e0ba34 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -3866,7 +3866,23 @@ NTSTATUS rmdir_internals(connection_struct *conn, const char *directory)
 	int ret;
 	SMB_STRUCT_STAT st;
 
-	ret = SMB_VFS_RMDIR(conn,directory);
+	/* Might be a symlink. */
+	if(SMB_VFS_LSTAT(conn, directory, &st) != 0) {
+		return map_nt_error_from_unix(errno);
+	}
+
+	if (S_ISLNK(st.st_mode)) {
+		/* Is what it points to a directory ? */
+		if(SMB_VFS_STAT(conn, directory, &st) != 0) {
+			return map_nt_error_from_unix(errno);
+		}
+		if (!(S_ISDIR(st.st_mode))) {
+			return NT_STATUS_NOT_A_DIRECTORY;
+		}
+		ret = SMB_VFS_UNLINK(conn,directory);
+	} else {
+		ret = SMB_VFS_RMDIR(conn,directory);
+	}
 	if (ret == 0) {
 		notify_fname(conn, NOTIFY_ACTION_REMOVED,
 			     FILE_NOTIFY_CHANGE_DIR_NAME,
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index 2604b21f55f..09faebccc86 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -3717,7 +3717,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
 				SIVAL(pdata,0,0); /* ??? */
 				SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */
 				SOFF_T(pdata,8,file_size);
-				SIVAL(pdata,16,allocation_size);
+				SOFF_T(pdata,16,allocation_size);
 				SIVAL(pdata,20,0); /* ??? */
 				data_size = 24 + byte_len;
 			}
@@ -3738,7 +3738,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
 			put_long_date_timespec(pdata+8,atime_ts);
 			put_long_date_timespec(pdata+16,mtime_ts); /* write time */
 			put_long_date_timespec(pdata+24,mtime_ts); /* change time */
-			SIVAL(pdata,32,allocation_size);
+			SOFF_T(pdata,32,allocation_size);
 			SOFF_T(pdata,40,file_size);
 			SIVAL(pdata,48,mode);
 			SIVAL(pdata,52,0); /* ??? */
@@ -5295,6 +5295,7 @@ static NTSTATUS smb_posix_mkdir(connection_struct *conn,
 		*pdata_return_size = 0;
 		return NT_STATUS_NO_MEMORY;
 	}
+	pdata = *ppdata;
 
 	SSVAL(pdata,0,NO_OPLOCK_RETURN);
 	SSVAL(pdata,2,0); /* No fnum. */
@@ -5471,6 +5472,7 @@ static NTSTATUS smb_posix_open(connection_struct *conn,
 		*pdata_return_size = 0;
 		return NT_STATUS_NO_MEMORY;
 	}
+	pdata = *ppdata;
 
 	if (extended_oplock_granted) {
 		if (flags & REQUEST_BATCH_OPLOCK) {
-- 
cgit