Merge branch 'master' of ssh://git.samba.org/data/git/samba into arc4

Conflicts:
	source3/include/includes.h

18 files changed, 40 insertions, 131 deletions

diff --git a/lib/crypto/hmacmd5.h b/lib/crypto/hmacmd5.h
index d649906bb4..91b8ca586c 100644
--- a/lib/crypto/hmacmd5.h
+++ b/lib/crypto/hmacmd5.h
@@ -21,6 +21,8 @@
 #ifndef _HMAC_MD5_H
 #define _HMAC_MD5_H
 
+#include "../lib/crypto/md5.h"
+
 typedef struct 
 {
         struct MD5Context ctx;
diff --git a/lib/crypto/hmacmd5test.c b/lib/crypto/hmacmd5test.c
index 07ed54c98d..0a98404eda 100644
--- a/lib/crypto/hmacmd5test.c
+++ b/lib/crypto/hmacmd5test.c
@@ -17,7 +17,7 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 struct torture_context;
 
diff --git a/lib/crypto/hmacsha256.c b/lib/crypto/hmacsha256.c
index 6b0af9ee83..53d4fe3883 100644
--- a/lib/crypto/hmacsha256.c
+++ b/lib/crypto/hmacsha256.c
@@ -27,7 +27,7 @@
  */
 
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 /***********************************************************************
  the rfc 2104/2202 version of hmac_sha256 initialisation.
diff --git a/lib/crypto/md4test.c b/lib/crypto/md4test.c
index 5e0451973c..dddf9e61a0 100644
--- a/lib/crypto/md4test.c
+++ b/lib/crypto/md4test.c
@@ -18,7 +18,7 @@
 */
 
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 struct torture_context;
 
diff --git a/lib/crypto/md5test.c b/lib/crypto/md5test.c
index 702e0fcf41..1244dca753 100644
--- a/lib/crypto/md5test.c
+++ b/lib/crypto/md5test.c
@@ -18,7 +18,7 @@
 */
 
 #include "includes.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
 
 struct torture_context;
 
diff --git a/source3/Makefile.in b/source3/Makefile.in
index d48e597ce3..b8ce0523dd 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -320,7 +320,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) \
 	  lib/signal.o lib/system.o lib/sendfile.o lib/recvfile.o lib/time.o \
 	  lib/ufc.o lib/genrand.o lib/username.o \
 	  lib/util_pw.o lib/access.o lib/smbrun.o \
-	  lib/bitmap.o lib/crc32.o lib/dprintf.o \
+	  lib/bitmap.o ../lib/crypto/crc32.o lib/dprintf.o \
 	  lib/xfile.o lib/wins_srv.o $(UTIL_REG_OBJ) \
 	  lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_uuid.o \
 	  lib/util_unistr.o lib/util_file.o lib/data_blob.o \
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 25135d75ed..0417a7e01c 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -688,6 +688,7 @@ typedef char fstring[FSTRING_LEN];
 #include "rap.h"
 #include "../lib/crypto/md5.h"
 #include "../lib/crypto/arcfour.h"
+#include "../lib/crypto/crc32.h"
 #include "../lib/crypto/hmacmd5.h"
 #include "ntlmssp.h"
 #include "auth.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index ad7350c5d1..198248c517 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -432,10 +432,6 @@ int connections_forall(int (*fn)(struct db_record *rec,
 		       void *private_data);
 bool connections_init(bool rw);
 
-/* The following definitions come from lib/crc32.c  */
-
-uint32 crc32_calc_buffer(const char *buf, size_t size);
-
 /* The following definitions come from lib/data_blob.c  */
 
 DATA_BLOB data_blob(const void *p, size_t length);
diff --git a/source3/lib/crc32.c b/source3/lib/crc32.c
deleted file mode 100644
index a4ae90c469..0000000000
--- a/source3/lib/crc32.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/*-
- *  COPYRIGHT (C) 1986 Gary S. Brown.  You may use this program, or
- *  code or tables extracted from it, as desired without restriction.
- *
- *  First, the polynomial itself and its table of feedback terms.  The
- *  polynomial is
- *  X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
- *
- *  Note that we take it "backwards" and put the highest-order term in
- *  the lowest-order bit.  The X^32 term is "implied"; the LSB is the
- *  X^31 term, etc.  The X^0 term (usually shown as "+1") results in
- *  the MSB being 1
- *
- *  Note that the usual hardware shift register implementation, which
- *  is what we're using (we're merely optimizing it by doing eight-bit
- *  chunks at a time) shifts bits into the lowest-order term.  In our
- *  implementation, that means shifting towards the right.  Why do we
- *  do it this way?  Because the calculated CRC must be transmitted in
- *  order from highest-order term to lowest-order term.  UARTs transmit
- *  characters in order from LSB to MSB.  By storing the CRC this way
- *  we hand it to the UART in the order low-byte to high-byte; the UART
- *  sends each low-bit to hight-bit; and the result is transmission bit
- *  by bit from highest- to lowest-order term without requiring any bit
- *  shuffling on our part.  Reception works similarly
- *
- *  The feedback terms table consists of 256, 32-bit entries.  Notes
- *
- *      The table can be generated at runtime if desired; code to do so
- *      is shown later.  It might not be obvious, but the feedback
- *      terms simply represent the results of eight shift/xor opera
- *      tions for all combinations of data and CRC register values
- *
- *      The values must be right-shifted by eight bits by the "updcrc
- *      logic; the shift must be unsigned (bring in zeroes).  On some
- *      hardware you could probably optimize the shift in assembler by
- *      using byte-swap instructions
- *      polynomial $edb88320
- *
- *
- * CRC32 code derived from work by Gary S. Brown.
- */
-
-#include "includes.h"
-
-static const uint32 crc32_tab[] = {
-	0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
-	0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
-	0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
-	0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
-	0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
-	0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
-	0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
-	0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
-	0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
-	0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
-	0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
-	0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
-	0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
-	0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
-	0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
-	0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
-	0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
-	0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
-	0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
-	0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
-	0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
-	0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
-	0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
-	0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
-	0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
-	0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
-	0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
-	0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
-	0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
-	0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
-	0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
-	0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
-	0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
-	0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
-	0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
-	0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
-	0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
-	0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
-	0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
-	0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
-	0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
-	0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
-	0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
-};
-
-uint32 crc32_calc_buffer(const char *buf, size_t size)
-{
-	const unsigned char *p;
-	uint32 crc;
-
-	p = (const unsigned char *)buf;
-	crc = ~0U;
-
-	while (size--)
-		crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8);
-
-	return crc ^ ~0U;
-}
diff --git a/source3/libsmb/ntlmssp_sign.c b/source3/libsmb/ntlmssp_sign.c
index 4db5141cce..5120544058 100644
--- a/source3/libsmb/ntlmssp_sign.c
+++ b/source3/libsmb/ntlmssp_sign.c
@@ -117,7 +117,7 @@ static NTSTATUS ntlmssp_make_packet_signature(NTLMSSP_STATE *ntlmssp_state,
 
 	} else {
 		uint32 crc;
-		crc = crc32_calc_buffer((const char *)data, length);
+		crc = crc32_calc_buffer(data, length);
 		if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) {
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -265,7 +265,7 @@ NTSTATUS ntlmssp_seal_packet(NTLMSSP_STATE *ntlmssp_state,
 		}
 	} else {
 		uint32 crc;
-		crc = crc32_calc_buffer((const char *)data, length);
+		crc = crc32_calc_buffer(data, length);
 		if (!msrpc_gen(sig, "dddd", NTLMSSP_SIGN_VERSION, 0, crc, ntlmssp_state->ntlmv1_seq_num)) {
 			return NT_STATUS_NO_MEMORY;
 		}
diff --git a/source3/libsmb/smbencrypt.c b/source3/libsmb/smbencrypt.c
index 0742976635..05fd808a32 100644
--- a/source3/libsmb/smbencrypt.c
+++ b/source3/libsmb/smbencrypt.c
@@ -847,7 +847,7 @@ DATA_BLOB decrypt_drsuapi_blob(TALLOC_CTX *mem_ctx,
 	 * of the remaining bytes
 	 */
 	crc32_given = IVAL(dec_buffer.data, 0);
-	crc32_calc = crc32_calc_buffer((const char *)dec_buffer.data + 4 , dec_buffer.length - 4);
+	crc32_calc = crc32_calc_buffer(dec_buffer.data + 4 , dec_buffer.length - 4);
 	if (crc32_given != crc32_calc) {
 		DEBUG(1,("CRC32: given[0x%08X] calc[0x%08X]\n",
 		      crc32_given, crc32_calc));
diff --git a/source4/Makefile b/source4/Makefile
index 3630adce56..813f0cedd4 100644
--- a/source4/Makefile
+++ b/source4/Makefile
@@ -132,6 +132,9 @@ else
 include $(srcdir)/static_deps.mk
 endif
 
+clean::
+	@find ../lib ../libcli  -name '*.o' -o -name '*.hd' | xargs rm -f
+
 DEFAULT_HEADERS = $(srcdir)/lib/util/dlinklist.h \
 		  $(srcdir)/version.h
 
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index 2830297ffe..84fc26d127 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -174,6 +174,7 @@ struct gensec_security;
 struct socket_context;
 
 NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
+			    TALLOC_CTX *mem_ctx, 
 			    struct socket_context *current_socket,
 			    struct event_context *ev,
 			    void (*recv_handler)(void *, uint16_t),
diff --git a/source4/auth/gensec/socket.c b/source4/auth/gensec/socket.c
index 27449bf610..319730e2ca 100644
--- a/source4/auth/gensec/socket.c
+++ b/source4/auth/gensec/socket.c
@@ -408,8 +408,10 @@ static NTSTATUS gensec_socket_send(struct socket_context *sock,
 }
 
 /* Turn a normal socket into a potentially GENSEC wrapped socket */
+/* CAREFUL: this function will steal 'current_socket' */
 
 NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
+			    TALLOC_CTX *mem_ctx,
 			    struct socket_context *current_socket,
 			    struct event_context *ev,
 			    void (*recv_handler)(void *, uint16_t),
@@ -420,7 +422,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
 	struct socket_context *new_sock;
 	NTSTATUS nt_status;
 
-	nt_status = socket_create_with_ops(current_socket, &gensec_socket_ops, &new_sock, 
+	nt_status = socket_create_with_ops(mem_ctx, &gensec_socket_ops, &new_sock, 
 					   SOCKET_TYPE_STREAM, current_socket->flags | SOCKET_FLAG_ENCRYPT);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		*new_socket = NULL;
@@ -432,22 +434,19 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
 	gensec_socket = talloc(new_sock, struct gensec_socket);
 	if (gensec_socket == NULL) {
 		*new_socket = NULL;
+		talloc_free(new_sock);
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	new_sock->private_data       = gensec_socket;
 	gensec_socket->socket        = current_socket;
 
-	if (talloc_reference(gensec_socket, current_socket) == NULL) {
-		*new_socket = NULL;
-		return NT_STATUS_NO_MEMORY;
-	}
-
 	/* Nothing to do here, if we are not actually wrapping on this socket */
 	if (!gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) &&
 	    !gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) {
 		
 		gensec_socket->wrap = false;
+		talloc_steal(gensec_socket, current_socket);
 		*new_socket = new_sock;
 		return NT_STATUS_OK;
 	}
@@ -469,6 +468,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
 	gensec_socket->packet = packet_init(gensec_socket);
 	if (gensec_socket->packet == NULL) {
 		*new_socket = NULL;
+		talloc_free(new_sock);
 		return NT_STATUS_NO_MEMORY;
 	}
 
@@ -481,6 +481,7 @@ NTSTATUS gensec_socket_init(struct gensec_security *gensec_security,
 
 	/* TODO: full-request that knows about maximum packet size */
 
+	talloc_steal(gensec_socket, current_socket);
 	*new_socket = new_sock;
 	return NT_STATUS_OK;
 }
diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 8357251a8f..20777e5261 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -208,6 +208,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 		} else {
 			ctx->conn = conn;
 			status = gensec_socket_init(conn->gensec, 
+						    conn->connection,
 						    conn->connection->socket,
 						    conn->connection->event.ctx, 
 						    stream_io_handler_callback,
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index bc6f80e856..6c910b63f1 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -781,7 +781,10 @@ member: cn=ldaptestuser4,cn=ldaptestcontainer,""" + self.base_dn + """
         self.assertTrue("objectGuid" not in res[0])
         self.assertTrue("whenCreated" in res[0])
         self.assertTrue("nTSecurityDescriptor" in res[0])
-        self.assertEquals(res[0]["member"][0].upper(), ("CN=ldaptestuser2,CN=Users," + self.base_dn).upper())
+        memberUP = []
+        for m in res[0]["member"]:
+            memberUP.append(m.upper())
+        self.assertTrue(("CN=ldaptestuser2,CN=Users," + self.base_dn).upper() in memberUP)
 
         ldb.modify_ldif("""
 dn: cn=ldaptestgroup2,cn=users,""" + self.base_dn + """
diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c
index 65673116be..b66232c02e 100644
--- a/source4/libcli/ldap/ldap_bind.c
+++ b/source4/libcli/ldap/ldap_bind.c
@@ -387,6 +387,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn,
 	if (NT_STATUS_IS_OK(status)) {
 		struct socket_context *sasl_socket;
 		status = gensec_socket_init(conn->gensec, 
+					    conn,
 					    conn->sock,
 					    conn->event.event_ctx, 
 					    ldap_read_io_handler,
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index 844238afdb..d7960f901a 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -77,6 +77,12 @@ static void ldap_connection_dead(struct ldap_connection *conn)
 {
 	struct ldap_request *req;
 
+	talloc_free(conn->sock);  /* this will also free event.fde */
+	talloc_free(conn->packet);
+	conn->sock = NULL;
+	conn->event.fde = NULL;
+	conn->packet = NULL;
+
 	/* return an error for any pending request ... */
 	while (conn->pending) {
 		req = conn->pending;
@@ -87,12 +93,6 @@ static void ldap_connection_dead(struct ldap_connection *conn)
 			req->async.fn(req);
 		}
 	}
-
-	talloc_free(conn->sock);  /* this will also free event.fde */
-	talloc_free(conn->packet);
-	conn->sock = NULL;
-	conn->event.fde = NULL;
-	conn->packet = NULL;
 }
 
 static void ldap_reconnect(struct ldap_connection *conn);
@@ -400,6 +400,7 @@ static void ldap_connect_got_sock(struct composite_context *ctx,
 	talloc_steal(conn, conn->sock);
 	if (conn->ldaps) {
 		struct socket_context *tls_socket;
+		struct socket_context *tmp_socket;
 		char *cafile = private_path(conn->sock, conn->lp_ctx, lp_tls_cafile(conn->lp_ctx));
 
 		if (!cafile || !*cafile) {
@@ -414,9 +415,11 @@ static void ldap_connect_got_sock(struct composite_context *ctx,
 			talloc_free(conn->sock);
 			return;
 		}
-		talloc_unlink(conn, conn->sock);
-		conn->sock = tls_socket;
-		talloc_steal(conn, conn->sock);
+
+		/* the original socket, must become a child of the tls socket */
+		tmp_socket = conn->sock;
+		conn->sock = talloc_steal(conn, tls_socket);
+		talloc_steal(conn->sock, tmp_socket);
 	}
 
 	conn->packet = packet_init(conn);