Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test

(This used to be commit 5a30f6377d37d8a5cadce4fb9a2fc19b78fc1709)

4 files changed, 28 insertions, 9 deletions

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index b2c87174fd..1de9869f90 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -270,7 +270,9 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
 						&info3);
 
 		if (NT_STATUS_IS_OK(nt_status)) {
-			(*server_info)->was_mapped |= user_info->was_mapped;
+			if (user_info->was_mapped) {
+				(*server_info)->was_mapped = user_info->was_mapped;
+			}
 
 			if ( ! (*server_info)->guest) {
 				/* if a real user check pam account restrictions */
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 3f65e6b126..fea1b2d761 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1103,7 +1103,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf
 	struct samu *sampass = NULL;
 	DOM_SID guest_sid;
 	bool ret;
-	static const char zeros[16] = { 0, };
+	char zeros[16];
 
 	if ( !(sampass = samu_new( NULL )) ) {
 		return NT_STATUS_NO_MEMORY;
@@ -1138,6 +1138,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf
 
 	/* annoying, but the Guest really does have a session key, and it is
 	   all zeros! */
+	ZERO_STRUCT(zeros);
 	(*server_info)->user_session_key = data_blob(zeros, sizeof(zeros));
 	(*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros));
 
@@ -1420,7 +1421,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 				auth_serversupplied_info **server_info, 
 				NET_USER_INFO_3 *info3) 
 {
-	static const char zeros[16] = { 0, };
+	char zeros[16];
 
 	NTSTATUS nt_status = NT_STATUS_OK;
 	char *found_username = NULL;
@@ -1624,7 +1625,9 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 					    &(info3->uni_logon_srv));
 
 	/* ensure we are never given NULL session keys */
-	
+
+	ZERO_STRUCT(zeros);
+
 	if (memcmp(info3->user_sess_key, zeros, sizeof(zeros)) == 0) {
 		result->user_session_key = data_blob_null;
 	} else {
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 959c550524..b24aa3a75b 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -134,7 +134,9 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 			}
 			
 			if (NT_STATUS_IS_OK(nt_status)) {
-				(*server_info)->was_mapped |= user_info->was_mapped;
+				if (user_info->was_mapped) {
+					(*server_info)->was_mapped = user_info->was_mapped;
+				}
 			}
 		}
 	} else if (NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index 27c98c9581..9ca5216af0 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -77,12 +77,19 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid )
 
 NT_USER_TOKEN *get_root_nt_token( void )
 {
-	static NT_USER_TOKEN *token = NULL;
+	struct nt_user_token *token = NULL;
 	DOM_SID u_sid, g_sid;
 	struct passwd *pw;
+	void *cache_data;
 
-	if ( token )
-		return token;
+	cache_data = memcache_lookup_talloc(
+		NULL, SINGLETON_CACHE_TALLOC,
+		data_blob_string_const("root_nt_token"));
+
+	if (cache_data != NULL) {
+		return talloc_get_type_abort(
+			cache_data, struct nt_user_token);
+	}
 
 	if ( !(pw = sys_getpwnam( "root" )) ) {
 		DEBUG(0,("get_root_nt_token: getpwnam(\"root\") failed!\n"));
@@ -97,6 +104,11 @@ NT_USER_TOKEN *get_root_nt_token( void )
 
 	token = create_local_nt_token(NULL, &u_sid, False,
 				      1, &global_sid_Builtin_Administrators);
+
+	memcache_add_talloc(
+		NULL, SINGLETON_CACHE_TALLOC,
+		data_blob_string_const("root_nt_token"), token);
+
 	return token;
 }
 
@@ -284,7 +296,7 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 	DEBUG(10, ("Create local NT token for %s\n",
 		   sid_string_dbg(user_sid)));
 
-	if (!(result = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN))) {
+	if (!(result = TALLOC_ZERO_P(mem_ctx, struct nt_user_token))) {
 		DEBUG(0, ("talloc failed\n"));
 		return NULL;
 	}