3 files changed, 95 insertions, 29 deletions

diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index bedd318c3c..8ad6329da9 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -50,6 +50,8 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
         NTSTATUS result;
 	struct rpc_pipe_client *netlogon_pipe = NULL;
 
+	*cli = NULL;
+
 	*pipe_ret = NULL;
 
 	/* TODO: Send a SAMLOGON request to determine whether this is a valid
@@ -81,6 +83,11 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
 			result = NT_STATUS_NO_LOGON_SERVERS;
 		}
 
+		if (*cli) {
+			cli_shutdown(*cli);
+			*cli = NULL;
+		}
+
 		release_server_mutex();
 		return result;
 	}
@@ -111,6 +118,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
 		DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \
 machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 		cli_shutdown(*cli);
+		*cli = NULL;
 		release_server_mutex();
 		return result;
 	}
@@ -126,6 +134,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 			"trust account password for domain '%s'\n",
 				domain));
 			cli_shutdown(*cli);
+			*cli = NULL;
 			release_server_mutex();
 			return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 		}
@@ -141,6 +150,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 
 		if (!NT_STATUS_IS_OK(result)) {
 			cli_shutdown(*cli);
+			*cli = NULL;
 			release_server_mutex();
 			return result;
 		}
@@ -150,6 +160,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
 		DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \
 machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
 		cli_shutdown(*cli);
+		*cli = NULL;
 		release_server_mutex();
 		return NT_STATUS_NO_LOGON_SERVERS;
 	}
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 7bec1b4128..6e4dba0be2 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -39,7 +39,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
 	char *pserver;
 	BOOL connected_ok = False;
 
-	if (!(cli = cli_initialise(cli)))
+	if (!(cli = cli_initialise()))
 		return NULL;
 
 	/* security = server just can't function with spnego */
@@ -49,7 +49,8 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
 	p = pserver;
 
         while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {
-		standard_sub_basic(current_user_info.smb_name, desthost, sizeof(desthost));
+		standard_sub_basic(current_user_info.smb_name, current_user_info.domain,
+				   desthost, sizeof(desthost));
 		strupper_m(desthost);
 
 		if(!resolve_name( desthost, &dest_ip, 0x20)) {
@@ -85,7 +86,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
 		return NULL;
 	}
 	
-	if (!attempt_netbios_session_request(cli, global_myname(), 
+	if (!attempt_netbios_session_request(&cli, global_myname(), 
 					     desthost, &dest_ip)) {
 		release_server_mutex();
 		DEBUG(1,("password server fails session request\n"));
@@ -129,7 +130,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
 	}
 	
 	release_server_mutex();
-	
+
 	DEBUG(3,("password server OK\n"));
 	
 	return cli;
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 493d7393d0..823bf8c322 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -611,12 +611,17 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
  * Add alias SIDs from memberships within the partially created token SID list
  */
 
-static NTSTATUS add_aliases(TALLOC_CTX *tmp_ctx, const DOM_SID *domain_sid,
+static NTSTATUS add_aliases(const DOM_SID *domain_sid,
 			    struct nt_user_token *token)
 {
 	uint32 *aliases;
 	size_t i, num_aliases;
 	NTSTATUS status;
+	TALLOC_CTX *tmp_ctx;
+
+	if (!(tmp_ctx = talloc_init("add_aliases"))) {
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	aliases = NULL;
 	num_aliases = 0;
@@ -629,6 +634,7 @@ static NTSTATUS add_aliases(TALLOC_CTX *tmp_ctx, const DOM_SID *domain_sid,
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("pdb_enum_alias_memberships failed: %s\n",
 			   nt_errstr(status)));
+		TALLOC_FREE(tmp_ctx);
 		return status;
 	}
 
@@ -640,10 +646,12 @@ static NTSTATUS add_aliases(TALLOC_CTX *tmp_ctx, const DOM_SID *domain_sid,
 					&token->num_sids);
 		if (token->user_sids == NULL) {
 			DEBUG(0, ("add_sid_to_array failed\n"));
+			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 	}
 
+	TALLOC_FREE(tmp_ctx);
 	return NT_STATUS_OK;
 }
 
@@ -686,7 +694,7 @@ static NTSTATUS log_nt_token(TALLOC_CTX *tmp_ctx, NT_USER_TOKEN *token)
 /*******************************************************************
 *******************************************************************/
 
-static NTSTATUS add_builtin_administrators( TALLOC_CTX *ctx, struct nt_user_token *token )
+static NTSTATUS add_builtin_administrators( struct nt_user_token *token )
 {
 	DOM_SID domadm;
 
@@ -808,22 +816,14 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 						   int num_groupsids,
 						   const DOM_SID *groupsids)
 {
-	TALLOC_CTX *tmp_ctx;
 	struct nt_user_token *result = NULL;
 	int i;
 	NTSTATUS status;
 	gid_t gid;
 
-	tmp_ctx = talloc_new(mem_ctx);
-	if (tmp_ctx == NULL) {
-		DEBUG(0, ("talloc_new failed\n"));
-		return NULL;
-	}
-
-	result = TALLOC_ZERO_P(tmp_ctx, NT_USER_TOKEN);
-	if (result == NULL) {
+	if (!(result = TALLOC_ZERO_P(mem_ctx, NT_USER_TOKEN))) {
 		DEBUG(0, ("talloc failed\n"));
-		goto done;
+		return NULL;
 	}
 
 	/* Add the user and primary group sid */
@@ -875,7 +875,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 			unbecome_root();
 		}
 		else {
-			status = add_builtin_administrators( tmp_ctx, result );	
+			status = add_builtin_administrators( result );
 			if ( !NT_STATUS_IS_OK(status) ) {
 				/* just log a complaint but do not fail */
 				DEBUG(3,("create_local_nt_token: failed to check for local Administrators"
@@ -896,7 +896,7 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 			become_root();
 			status = create_builtin_users( );
 			if ( !NT_STATUS_IS_OK(status) ) {
-				DEBUG(0,("create_local_nt_token: Failed to create BUILTIN\\Administrators group!\n"));
+				DEBUG(0,("create_local_nt_token: Failed to create BUILTIN\\Users group!\n"));
 				/* don't fail, just log the message */
 			}
 			unbecome_root();
@@ -909,31 +909,26 @@ static struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 
 		/* Now add the aliases. First the one from our local SAM */
 
-		status = add_aliases(tmp_ctx, get_global_sam_sid(), result);
+		status = add_aliases(get_global_sam_sid(), result);
 
 		if (!NT_STATUS_IS_OK(status)) {
-			result = NULL;
-			goto done;
+			TALLOC_FREE(result);
+			return NULL;
 		}
 
 		/* Finally the builtin ones */
 
-		status = add_aliases(tmp_ctx, &global_sid_Builtin, result);
+		status = add_aliases(&global_sid_Builtin, result);
 
 		if (!NT_STATUS_IS_OK(status)) {
-			result = NULL;
-			goto done;
+			TALLOC_FREE(result);
+			return NULL;
 		}
 	} 
 
 
 	get_privileges_for_sids(&result->privileges, result->user_sids,
 				result->num_sids);
-
-	talloc_steal(mem_ctx, result);
-
- done:
-	TALLOC_FREE(tmp_ctx);
 	return result;
 }
 
@@ -1443,6 +1438,65 @@ NTSTATUS make_server_info_guest(auth_serversupplied_info **server_info)
 	return (*server_info != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
 }
 
+BOOL copy_current_user(struct current_user *dst, struct current_user *src)
+{
+	gid_t *groups;
+	NT_USER_TOKEN *nt_token;
+
+	groups = memdup(src->ut.groups, sizeof(gid_t) * src->ut.ngroups);
+	if ((src->ut.ngroups != 0) && (groups == NULL)) {
+		return False;
+	}
+
+	nt_token = dup_nt_token(NULL, src->nt_user_token);
+	if (nt_token == NULL) {
+		SAFE_FREE(groups);
+		return False;
+	}
+
+	dst->conn = src->conn;
+	dst->vuid = src->vuid;
+	dst->ut.uid = src->ut.uid;
+	dst->ut.gid = src->ut.gid;
+	dst->ut.ngroups = src->ut.ngroups;
+	dst->ut.groups = groups;
+	dst->nt_user_token = nt_token;
+	return True;
+}
+
+BOOL set_current_user_guest(struct current_user *dst)
+{
+	gid_t *groups;
+	NT_USER_TOKEN *nt_token;
+
+	groups = memdup(guest_info->groups,
+			sizeof(gid_t) * guest_info->n_groups);
+	if (groups == NULL) {
+		return False;
+	}
+
+	nt_token = dup_nt_token(NULL, guest_info->ptok);
+	if (nt_token == NULL) {
+		SAFE_FREE(groups);
+		return False;
+	}
+
+	TALLOC_FREE(dst->nt_user_token);
+	SAFE_FREE(dst->ut.groups);
+
+	/* dst->conn is never really dereferenced, it's only tested for
+	 * equality in uid.c */
+	dst->conn = NULL;
+
+	dst->vuid = UID_FIELD_INVALID;
+	dst->ut.uid = guest_info->uid;
+	dst->ut.gid = guest_info->gid;
+	dst->ut.ngroups = guest_info->n_groups;
+	dst->ut.groups = groups;
+	dst->nt_user_token = nt_token;
+	return True;
+}
+
 /***************************************************************************
  Purely internal function for make_server_info_info3
  Fill the sam account from getpwnam