Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba

7 files changed, 56 insertions, 36 deletions

diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index ac2a87ffce..ce1a1fe52f 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -59,7 +59,7 @@ struct messaging_context *winbind_messaging_context(void)
 
 /* Reload configuration */
 
-static bool reload_services_file(const char *logfile)
+static bool reload_services_file(const char *lfile)
 {
 	bool ret;
 
@@ -73,8 +73,8 @@ static bool reload_services_file(const char *logfile)
 
 	/* if this is a child, restore the logfile to the special
 	   name - <domain>, idmap, etc. */
-	if (logfile && *logfile) {
-		lp_set_logfile(logfile);
+	if (lfile && *lfile) {
+		lp_set_logfile(lfile);
 	}
 
 	reopen_logs();
@@ -792,14 +792,14 @@ static bool remove_idle_client(void)
 }
 
 /* check if HUP has been received and reload files */
-void winbind_check_sighup(const char *logfile)
+void winbind_check_sighup(const char *lfile)
 {
 	if (do_sighup) {
 
 		DEBUG(3, ("got SIGHUP\n"));
 
 		flush_caches();
-		reload_services_file(logfile);
+		reload_services_file(lfile);
 
 		do_sighup = False;
 	}
@@ -1096,11 +1096,11 @@ int main(int argc, char **argv, char **envp)
 	poptFreeContext(pc);
 
 	if (!override_logfile) {
-		char *logfile = NULL;
-		if (asprintf(&logfile,"%s/log.winbindd",
+		char *lfile = NULL;
+		if (asprintf(&lfile,"%s/log.winbindd",
 				get_dyn_LOGFILEBASE()) > 0) {
-			lp_set_logfile(logfile);
-			SAFE_FREE(logfile);
+			lp_set_logfile(lfile);
+			SAFE_FREE(lfile);
 		}
 	}
 	setup_logging("winbindd", log_stdout);
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 9268542da6..3c69859731 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -225,10 +225,10 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
 	close_conns_after_fork();
 
 	if (!override_logfile) {
-		char *logfile;
-		if (asprintf(&logfile, "%s/log.winbindd-dc-connect", get_dyn_LOGFILEBASE()) > 0) {
-			lp_set_logfile(logfile);
-			SAFE_FREE(logfile);
+		char *lfile;
+		if (asprintf(&lfile, "%s/log.winbindd-dc-connect", get_dyn_LOGFILEBASE()) > 0) {
+			lp_set_logfile(lfile);
+			SAFE_FREE(lfile);
 			reopen_logs();
 		}
 	}
@@ -672,7 +672,7 @@ static bool get_dc_name_via_netlogon(struct winbindd_domain *domain,
 
 	if (!W_ERROR_IS_OK(werr)) {
 		DEBUG(10,("rpccli_netr_GetAnyDCName failed: %s\n",
-			   dos_errstr(werr)));
+			   win_errstr(werr)));
 		talloc_destroy(mem_ctx);
 		return false;
 	}
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index f2b6fbefb5..8e56138bb5 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -382,6 +382,24 @@ static int namecmp( const void *a, const void *b )
 	return StrCaseCmp( * (char * const *) a, * (char * const *) b);
 }
 
+static void sort_unique_list(char ***list, uint32 *n_list)
+{
+	uint32_t i;
+
+	/* search for duplicates for sorting and looking for matching
+	   neighbors */
+
+	qsort(*list, *n_list, sizeof(char*), QSORT_CAST namecmp);
+
+	for (i=1; i < *n_list; i++) {
+		if (strcmp((*list)[i-1], (*list)[i]) == 0) {
+			memmove(&((*list)[i-1]), &((*list)[i]),
+				 sizeof(char*)*((*n_list)-i));
+			(*n_list)--;
+		}
+	}
+}
+
 static NTSTATUS add_names_to_list( TALLOC_CTX *ctx,
 				   char ***list, uint32 *n_list,
 				   char **names, uint32 n_names )
@@ -414,19 +432,6 @@ static NTSTATUS add_names_to_list( TALLOC_CTX *ctx,
 		new_list[i] = talloc_strdup( new_list, names[j] );
 	}
 
-	/* search for duplicates for sorting and looking for matching
-	   neighbors */
-
-	qsort( new_list, n_new_list, sizeof(char*), QSORT_CAST namecmp );
-
-	for ( i=1; i<n_new_list; i++ ) {
-		if ( strcmp( new_list[i-1], new_list[i] ) == 0 ) {
-			memmove( &new_list[i-1], &new_list[i],
-				 sizeof(char*)*(n_new_list-i) );
-			n_new_list--;
-		}
-	}
-
 	*list = new_list;
 	*n_list = n_new_list;
 
@@ -663,6 +668,8 @@ static bool fill_grent_mem(struct winbindd_domain *domain,
 	}
 	TALLOC_FREE( glist );
 
+	sort_unique_list(&names, &num_names);
+
 	DEBUG(10, ("looked up %d names\n", num_names));
 
  again:
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 50936c01a3..0e34615c3a 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -492,7 +492,7 @@ enum winbindd_result winbindd_dual_getdcname(struct winbindd_domain *domain,
 
 	if (!W_ERROR_IS_OK(werr)) {
 		DEBUG(5, ("Error requesting DCname for domain %s: %s\n",
-			state->request.domain_name, dos_errstr(werr)));
+			state->request.domain_name, win_errstr(werr)));
 		return WINBINDD_ERROR;
 	}
 
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 9ff3899661..7de28b08a9 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1854,17 +1854,28 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
 
 	if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp)
 		|| state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) {
-		DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n",
-			  state->request.data.auth_crap.lm_resp_len,
-			  state->request.data.auth_crap.nt_resp_len));
-		result = NT_STATUS_INVALID_PARAMETER;
-		goto done;
+		if (!state->request.flags & WBFLAG_BIG_NTLMV2_BLOB ||
+		     state->request.extra_len != state->request.data.auth_crap.nt_resp_len) {
+			DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n",
+				  state->request.data.auth_crap.lm_resp_len,
+				  state->request.data.auth_crap.nt_resp_len));
+			result = NT_STATUS_INVALID_PARAMETER;
+			goto done;
+		}
 	}
 
 	lm_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.lm_resp,
 					state->request.data.auth_crap.lm_resp_len);
-	nt_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.nt_resp,
-					state->request.data.auth_crap.nt_resp_len);
+
+	if (state->request.flags & WBFLAG_BIG_NTLMV2_BLOB) {
+		nt_resp = data_blob_talloc(state->mem_ctx,
+					   state->request.extra_data.data,
+					   state->request.data.auth_crap.nt_resp_len);
+	} else {
+		nt_resp = data_blob_talloc(state->mem_ctx,
+					   state->request.data.auth_crap.nt_resp,
+					   state->request.data.auth_crap.nt_resp_len);
+	}
 
 	/* what domain should we contact? */
 
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index 95ccf30cfe..65ad47dd03 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -63,7 +63,7 @@ void setup_async_write(struct fd_event *event, void *data, size_t length,
 		       void *private_data);
 void request_error(struct winbindd_cli_state *state);
 void request_ok(struct winbindd_cli_state *state);
-void winbind_check_sighup(const char *logfile);
+void winbind_check_sighup(const char *lfile);
 void winbind_check_sigterm(bool in_parent);
 int main(int argc, char **argv, char **envp);
 
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index d966e50159..7dea342a53 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -636,6 +636,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
 	return NT_STATUS_OK;
 }
 
+#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */
+
 NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain,
 				  TALLOC_CTX *mem_ctx,
 				  uint32 num_sids, const DOM_SID *sids,