Merge branch 'master' of ssh://git.samba.org/data/git/samba

6 files changed, 91 insertions, 35 deletions

diff --git a/source3/lib/debug.c b/source3/lib/debug.c
index 986dff48d7..d64fcb66d9 100644
--- a/source3/lib/debug.c
+++ b/source3/lib/debug.c
@@ -472,7 +472,7 @@ bool debug_parse_levels(const char *params_str)
 	if (AllowDebugChange == False)
 		return True;
 
-	params = str_list_make(talloc_tos(), params_str, NULL);
+	params = str_list_make_v3(talloc_tos(), params_str, NULL);
 
 	if (debug_parse_params(params)) {
 		debug_dump_status(5);
diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c
index 9c892fedfa..606d72ab5a 100644
--- a/source3/lib/memcache.c
+++ b/source3/lib/memcache.c
@@ -63,14 +63,6 @@ static int memcache_destructor(struct memcache *cache) {
 
 	for (e = cache->mru; e != NULL; e = next) {
 		next = e->next;
-		if (memcache_is_talloc((enum memcache_number)e->n)
-		    && (e->valuelength == sizeof(void *))) {
-			DATA_BLOB key, value;
-			void *ptr;
-			memcache_element_parse(e, &key, &value);
-			memcpy(&ptr, value.data, sizeof(ptr));
-			TALLOC_FREE(ptr);
-		}
 		SAFE_FREE(e);
 	}
 	return 0;
@@ -214,6 +206,16 @@ static void memcache_delete_element(struct memcache *cache,
 	}
 	DLIST_REMOVE(cache->mru, e);
 
+	if (memcache_is_talloc(e->n)) {
+		DATA_BLOB cache_key, cache_value;
+		void *ptr;
+
+		memcache_element_parse(e, &cache_key, &cache_value);
+		SMB_ASSERT(cache_value.length == sizeof(ptr));
+		memcpy(&ptr, cache_value.data, sizeof(ptr));
+		TALLOC_FREE(ptr);
+	}
+
 	cache->size -= memcache_element_size(e->keylength, e->valuelength);
 
 	SAFE_FREE(e);
@@ -276,6 +278,12 @@ void memcache_add(struct memcache *cache, enum memcache_number n,
 		memcache_element_parse(e, &cache_key, &cache_value);
 
 		if (value.length <= cache_value.length) {
+			if (memcache_is_talloc(e->n)) {
+				void *ptr;
+				SMB_ASSERT(cache_value.length == sizeof(ptr));
+				memcpy(&ptr, cache_value.data, sizeof(ptr));
+				TALLOC_FREE(ptr);
+			}
 			/*
 			 * We can reuse the existing record
 			 */
@@ -332,9 +340,20 @@ void memcache_add(struct memcache *cache, enum memcache_number n,
 }
 
 void memcache_add_talloc(struct memcache *cache, enum memcache_number n,
-			 DATA_BLOB key, void *ptr)
+			 DATA_BLOB key, void *pptr)
 {
-	memcache_add(cache, n, key, data_blob_const(&ptr, sizeof(ptr)));
+	void **ptr = (void **)pptr;
+	void *p;
+
+	if (cache == NULL) {
+		cache = global_cache;
+	}
+	if (cache == NULL) {
+		return;
+	}
+
+	p = talloc_move(cache, ptr);
+	memcache_add(cache, n, key, data_blob_const(&p, sizeof(p)));
 }
 
 void memcache_flush(struct memcache *cache, enum memcache_number n)
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index 2987306066..df85336603 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -546,6 +546,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
 			ptrustee = creator;
 			new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+		} else if (container &&
+				!(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+			ptrustee = &ace->trustee;
 		}
 
 		init_sec_ace(new_ace, ptrustee, ace->type,
@@ -563,19 +566,20 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 	}
 
 	/* Create child security descriptor to return */
-
-	new_dacl = make_sec_acl(ctx,
+	if (new_ace_list_ndx) {
+		new_dacl = make_sec_acl(ctx,
 				NT4_ACL_REVISION,
 				new_ace_list_ndx,
 				new_ace_list);
 
-	if (!new_dacl) {
-		return NT_STATUS_NO_MEMORY;
+		if (!new_dacl) {
+			return NT_STATUS_NO_MEMORY;
+		}
 	}
+
 	*ppsd = make_sec_desc(ctx,
 			SECURITY_DESCRIPTOR_REVISION_1,
-			SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT|
-				SEC_DESC_DACL_DEFAULTED,
+			SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
 			owner_sid,
 			group_sid,
 			NULL,
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 820cf376be..074b523ae0 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1497,7 +1497,7 @@ uid_t nametouid(const char *name)
 	char *p;
 	uid_t u;
 
-	pass = getpwnam_alloc(NULL, name);
+	pass = getpwnam_alloc(talloc_autofree_context(), name);
 	if (pass) {
 		u = pass->pw_uid;
 		TALLOC_FREE(pass);
@@ -2255,8 +2255,8 @@ char *myhostname(void)
 	static char *ret;
 	if (ret == NULL) {
 		/* This is cached forever so
-		 * use NULL talloc ctx. */
-		ret = talloc_get_myname(NULL);
+		 * use talloc_autofree_context() ctx. */
+		ret = talloc_get_myname(talloc_autofree_context());
 	}
 	return ret;
 }
@@ -2879,6 +2879,25 @@ int this_is_smp(void)
 }
 
 /****************************************************************
+ Check if offset/length fit into bufsize. Should probably be
+ merged with is_offset_safe, but this would require a rewrite
+ of lanman.c. Later :-)
+****************************************************************/
+
+bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length)
+{
+	if ((offset + length < offset) || (offset + length < length)) {
+		/* wrap */
+		return true;
+	}
+	if ((offset > bufsize) || (offset + length > bufsize)) {
+		/* overflow */
+		return true;
+	}
+	return false;
+}
+
+/****************************************************************
  Check if an offset into a buffer is safe.
  If this returns True it's safe to indirect into the byte at
  pointer ptr+off.
diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c
index c0d37f1094..b0baa12c3e 100644
--- a/source3/lib/util_pw.c
+++ b/source3/lib/util_pw.c
@@ -44,30 +44,28 @@ void flush_pwnam_cache(void)
 
 struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name)
 {
-	struct passwd *temp, *cached;
+	struct passwd *pw, *for_cache;
 
-	temp = (struct passwd *)memcache_lookup_talloc(
+	pw = (struct passwd *)memcache_lookup_talloc(
 		NULL, GETPWNAM_CACHE, data_blob_string_const_null(name));
-	if (temp != NULL) {
-		return tcopy_passwd(mem_ctx, temp);
+	if (pw != NULL) {
+		return tcopy_passwd(mem_ctx, pw);
 	}
 
-	temp = sys_getpwnam(name);
-	if (temp == NULL) {
+	pw = sys_getpwnam(name);
+	if (pw == NULL) {
 		return NULL;
 	}
 
-	cached = tcopy_passwd(NULL, temp);
-	if (cached == NULL) {
-		/*
-		 * Just don't add this into the cache, ignore the failure
-		 */
-		return temp;
+	for_cache = tcopy_passwd(talloc_autofree_context(), pw);
+	if (for_cache == NULL) {
+		return NULL;
 	}
 
-	memcache_add_talloc(NULL, GETPWNAM_CACHE, data_blob_string_const_null(name),
-			    cached);
-	return tcopy_passwd(mem_ctx, temp);
+	memcache_add_talloc(NULL, GETPWNAM_CACHE,
+			    data_blob_string_const_null(name), &for_cache);
+
+	return tcopy_passwd(mem_ctx, pw);
 }
 
 struct passwd *getpwuid_alloc(TALLOC_CTX *mem_ctx, uid_t uid) 
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 046ce61ea3..fde4f825e8 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -2532,3 +2532,19 @@ char *escape_shell_string(const char *src)
 	*dest++ = '\0';
 	return ret;
 }
+
+/***************************************************
+ Wrapper for str_list_make() to restore the s3 behavior.
+ In samba 3.2 passing NULL or an empty string returned NULL.
+
+ In master, it now returns a list of length 1 with the first string set
+ to NULL (an empty list)
+***************************************************/
+
+char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, const char *sep)
+{
+	if (!string || !*string) {
+		return NULL;
+	}
+	return str_list_make(mem_ctx, string, sep);
+}