The branch, v4-9-stable has been updated
via f1a0c8355e6 VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release.
via 9da8cd023f2 WHATSNEW: Add release notes for Samba 4.9.4.
via d18c5775771 vfs_shadow_copy2: in fstat also convert fsp->fsp_name
and fsp->base_fsp->fsp_name
via fa2a9c3be08 s3:smbd: pass down twrp from SMB2_CREATE to
filename_convert()
via baf1e0f30fe s3:smbd: add twrp args to filename_convert()
via f8c144fa191 s3:smbd: add twrp processing to
filename_convert_internal()
via 88863119323 s3:smbd: prepare filename_convert_internal() for twrp
via 3295cc8b4a5 s3:selftest: add a VSS test reading a stream
via 1f897e6c1d2 s3-vfs: Prevent NULL pointer dereference in
vfs_glusterfs.
via e60c9431c6e vfs_shadow_copy2: nicely deal with attempts to open
previous version for writing
via 256d488b593 vfs_shadow_copy2: add
shadow_copy2_strip_snapshot_converted
via 0e355e3826f vfs_shadow_copy2: add _already_converted arg to
shadow_copy2_strip_snapshot_internal()
via 0244de24cfe s3:script/tests: add a test for VSS write behaviour
via 6f8ea0a08ea s4:torture: add a test-suite for VSS
via 1cf55de5ceb vfs_error_inject: add EBADF error
via 8eaf7922410 vfs_error_inject: add pwrite
via f53459c9232 s3:libads: Add net ads leave keep-account option
via 1d0e4511ce1 winbindd: Route predefined domains through the BUILTIN
domain child
via ac2c24cc424 winbindd: fix predefined domains routing in
find_lookup_domain_from_sid()
via fd91429b529 winbindd: add some braces
via cf7e9d3d90f libcli/security: add
dom_sid_lookup_is_predefined_domain()
via 7cc1a8d9caa selftest: test wbinfo -n and --gid-info with "NT
Authority"
via 53b2e9aff3a CVE-2018-14629 dns: fix CNAME loop prevention using
counter regression
via 850a5521a3b CVE-2018-14629: Tests to expose regression from dns
cname loop fix
via 6a549df2419 ctdb-daemon: Exit with error if a database directory
does not exist
via b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case
via a26e6160b33 CVE-2018-16853: Do not segfault if client is not set
via a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't
crash
via 09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can
actually be a TGS
via d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking
ldbsearch
via 2332c99cba7 libcli/smb: don't overwrite status code
via 739ce2c7335 s4:torture/smb2/session: test
smbXcli_session_set_disconnect_expired() works
via f678c6f06f0 ldb_controls: Add some talloc error checking for
controls
via f4105adc285 sync_passwords: Remove dirsync cookie logging for
continuous operation
via 517df6d3da3 dirsync: Allow arbitrary length cookies
via a816ca4004a PEP8: fix E231: missing whitespace after ','
via b3d376b7d4d VERSION: Bump version up to 4.9.4.
via 9e05ff6b9bf Merge tag 'samba-4.9.3' into v4-9-test
via 7cd5db7a63d ctdb-tests: Make the debug hung script test cope with
unreadable stacks
via 041e0945cb5 s3:smb2_sesssetup: check session_info security level
before it gets talloc_move'd
via 77cf7167374 s4:torture/smb2/session: session reauth response must
be signed
via f2c456aa1b7 s4:torture/smb2/session: add force_signing to
test_session_expire1i
via 2b164eca304 s4:torture/smb2/session: require a signed session setup
reauth response
via ff0db7ec9c2 s4:torture/smb2/session: invalidate credential cache
via 6c3577a5885 libcli/smb: use require_signed_response in
smb2cli_conn_dispatch_incoming()
via 6ca7a8a2ffb libcli/smb: defer singing check a little bit
via cd8ea322a32 libcli/smb: maintain require_signed_response in
smbXcli_req_state
via 4f5af7ba729 libcli/smb: add
smb2cli_session_require_signed_response()
via 052df0f679d s3:selftest: also run smb2.session torture testsuite
against ad_member
via e71252ecb2b s3:selftest: split "raw.session" and "smb2.session"
via 299e6edd0e6 torture: Fix the 32-bit build
via 5420863dd11 vfs_fruit: validation of writes on AFP_AfpInfo stream
via 4672656d9e1 vfs_fruit: move a comment to the right place
via b6585b6fa67 s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
via 7f8740c0acf winbindd: Fix crash when taking profiles
via 7a542190501 lib:util: Fix DEBUGCLASS pointer initializiation
via 424d4d2b408 VERSION: Bump version up to 4.9.3...
from 40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 83 +++++-
ctdb/server/ctdbd.c | 20 ++
ctdb/tests/simple/90_debug_hung_script.sh | 17 +-
docs-xml/manpages/net.8.xml | 9 +-
lib/ldb/common/ldb_controls.c | 108 +++++++-
lib/util/debug.c | 4 +-
libcli/security/dom_sid.h | 1 +
libcli/security/util_sid.c | 33 +++
libcli/smb/smbXcli_base.c | 49 +++-
libcli/smb/smbXcli_base.h | 2 +
nsswitch/tests/test_wbinfo.sh | 18 ++
python/samba/netcmd/user.py | 9 +-
python/samba/tests/dns.py | 101 +++++++
selftest/knownfail.d/dns | 14 +-
selftest/target/Samba3.pm | 9 +
source3/libnet/libnet_join.c | 2 +
source3/modules/vfs_error_inject.c | 19 ++
source3/modules/vfs_fruit.c | 86 ++++--
source3/modules/vfs_glusterfs.c | 176 ++++++++++--
source3/modules/vfs_shadow_copy2.c | 230 ++++++++++++++--
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 2 +
source3/script/tests/test_shadow_copy_torture.sh | 114 ++++++++
source3/selftest/tests.py | 9 +-
source3/smbd/filename.c | 32 ++-
source3/smbd/nttrans.c | 4 +
source3/smbd/open.c | 1 +
source3/smbd/proto.h | 1 +
source3/smbd/reply.c | 15 +
source3/smbd/smb2_create.c | 30 +-
source3/smbd/smb2_query_directory.c | 1 +
source3/smbd/smb2_sesssetup.c | 8 +-
source3/smbd/trans2.c | 8 +
source3/utils/net.c | 3 +-
source3/utils/net.h | 1 +
source3/utils/net_ads.c | 9 +-
source3/winbindd/winbindd.c | 3 +-
source3/winbindd/winbindd_util.c | 37 ++-
source4/dns_server/dns_query.c | 29 +-
source4/kdc/mit-kdb/kdb_samba_policies.c | 24 +-
source4/kdc/mit_samba.c | 7 +-
source4/torture/smb2/create.c | 174 ++++++++++++
source4/torture/smb2/session.c | 141 +++++++++-
source4/torture/smb2/smb2.c | 1 +
source4/torture/vfs/fruit.c | 336 +++++++++++++++++++++++
testprogs/blackbox/test_kinit_mit.sh | 20 +-
46 files changed, 1832 insertions(+), 170 deletions(-)
create mode 100755 source3/script/tests/test_shadow_copy_torture.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 808d4f3a318..7efe718ebbf 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=9
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fc1541dbbe5..b3a39d3291a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,82 @@
+ =============================
+ Release Notes for Samba 4.9.4
+ December 20, 2018
+ =============================
+
+
+Major bug fixes include:
+------------------------
+
+ o dns: Fix CNAME loop prevention using counter regression (bug #13600).
+
+
+Changes since 4.9.3:
+--------------------
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 9175: libcli/smb: Don't overwrite status code.
+ * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work.
+ * BUG 13661: Session setup reauth fails to sign response.
+ * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream.
+ * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous
+ version for writing.
+ * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2
fails
+ with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name.
+
+o Isaac Boukris <ibouk...@gmail.com>
+ * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
+
+o Günther Deschner <g...@samba.org>
+ * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs.
+
+o Joe Guo <j...@catalyst.net.nz>
+ * PEP8: fix E231: missing whitespace after ','.
+
+o Volker Lendecke <v...@samba.org>
+ * BUG 13629: winbindd: Fix crash when taking profiles.
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
+ regression.
+
+o Garming Sam <garm...@catalyst.net.nz>
+ * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many
DCs.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 13571: CVE-2018-16853: Do not segfault if client is not set.
+ * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation.
+
+o Martin Schwenke <mar...@meltin.net>
+ * BUG 13696: ctdb-daemon: Exit with error if a database directory does not
+ exist.
+
+o Justin Stephenson <jstep...@redhat.com>
+ * BUG 13498: s3:libads: Add net ads leave keep-account option.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
=============================
Release Notes for Samba 4.9.3
November 27, 2018
@@ -122,8 +201,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.9.2
diff --git a/ctdb/server/ctdbd.c b/ctdb/server/ctdbd.c
index 721347c4733..45519a7fc3d 100644
--- a/ctdb/server/ctdbd.c
+++ b/ctdb/server/ctdbd.c
@@ -299,8 +299,28 @@ int main(int argc, const char *argv[])
*/
ctdb->db_directory = ctdb_config.dbdir_volatile;
+ ok = directory_exist(ctdb->db_directory);
+ if (! ok) {
+ D_ERR("Volatile database directory %s does not exist\n",
+ ctdb->db_directory);
+ goto fail;
+ }
+
ctdb->db_directory_persistent = ctdb_config.dbdir_persistent;
+ ok = directory_exist(ctdb->db_directory_persistent);
+ if (! ok) {
+ D_ERR("Persistent database directory %s does not exist\n",
+ ctdb->db_directory_persistent);
+ goto fail;
+ }
+
ctdb->db_directory_state = ctdb_config.dbdir_state;
+ ok = directory_exist(ctdb->db_directory_state);
+ if (! ok) {
+ D_ERR("State database directory %s does not exist\n",
+ ctdb->db_directory_state);
+ goto fail;
+ }
if (ctdb_config.lock_debug_script != NULL) {
ret = setenv("CTDB_DEBUG_LOCKS",
diff --git a/ctdb/tests/simple/90_debug_hung_script.sh
b/ctdb/tests/simple/90_debug_hung_script.sh
index 846188fc716..8b8e22b3239 100755
--- a/ctdb/tests/simple/90_debug_hung_script.sh
+++ b/ctdb/tests/simple/90_debug_hung_script.sh
@@ -61,9 +61,21 @@ wait_until 60 onnode $test_node test -s "$debug_output"
echo "Checking output of hung script debugging..."
try_command_on_node -v $test_node cat "$debug_output"
+hung_script_output="$out"
+
+# Can we actually read kernel stacks
+if try_command_on_node $test_node "cat /proc/$$/stack >/dev/null 2>&1" ; then
+ stackpat='
+---- Stack trace of interesting process [0-9]*\\[sleep\\] ----
+[<[0-9a-f]*>] .*sleep+.*
+'
+else
+ stackpat=''
+fi
while IFS="" read pattern ; do
- if grep -- "^${pattern}\$" <<<"$out" >/dev/null ; then
+ [ -n "$pattern" ] || continue
+ if grep -- "^${pattern}\$" <<<"$hung_script_output" >/dev/null ; then
printf 'GOOD: output contains "%s"\n' "$pattern"
else
printf 'BAD: output does not contain "%s"\n' "$pattern"
@@ -75,8 +87,7 @@ done <<EOF
pstree -p -a .*:
00\\\\.test\\\\.script,.*
*\`-sleep,.*
----- Stack trace of interesting process [0-9]*\\\\[sleep\\\\] ----
-[<[0-9a-f]*>] .*sleep+.*
+${stackpat}
---- ctdb scriptstatus monitor: ----
00\\.test *TIMEDOUT.*
*OUTPUT: Sleeping for [0-9]* seconds\\\\.\\\\.\\\\.
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 3154ee5ff85..d2bcd24c502 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -377,6 +377,13 @@
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>--keep-account</term>
+ <listitem><para>Prevent the machine account removal as
+ part of "net ads leave".
+ </para></listitem>
+ </varlistentry>
+
&stdarg.encrypt;
&popt.common.samba.client;
@@ -1276,7 +1283,7 @@ against an NT4 Domain Controller.
</refsect2>
<refsect2>
-<title>ADS LEAVE</title>
+<title>ADS LEAVE [--keep-account]</title>
<para>Make the remote host leave the domain it is part of. </para>
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index a83768a352c..e0f0eb48f3a 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -520,6 +520,7 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
control->ctxid_len);
if (control->contextId == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -534,13 +535,20 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_NAME) == 0) {
struct ldb_dirsync_control *control;
const char *p;
- char cookie[1024];
+ char *cookie = NULL;
int crit, max_attrs, ret;
uint32_t flags;
- cookie[0] = '\0';
+ cookie = talloc_zero_array(ctrl, char,
+ strlen(control_strings) + 1);
+ if (cookie == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_NAME)]);
- ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags,
&max_attrs, cookie);
+ ret = sscanf(p, "%d:%u:%d:%[^$]", &crit, &flags, &max_attrs,
cookie);
if ((ret < 3) || (crit < 0) || (crit > 1) || (max_attrs < 0)) {
ldb_set_errstring(ldb,
@@ -561,6 +569,11 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_DIRSYNC_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_dirsync_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->flags = flags;
control->max_attributes = max_attrs;
if (*cookie) {
@@ -575,6 +588,7 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
control->cookie = (char *)talloc_memdup(control,
cookie, control->cookie_len);
if (control->cookie == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -582,17 +596,25 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
control->cookie_len = 0;
}
ctrl->data = control;
+ TALLOC_FREE(cookie);
return ctrl;
}
if (LDB_CONTROL_CMP(control_strings, LDB_CONTROL_DIRSYNC_EX_NAME) == 0)
{
struct ldb_dirsync_control *control;
const char *p;
- char cookie[1024];
+ char *cookie = NULL;
int crit, max_attrs, ret;
uint32_t flags;
- cookie[0] = '\0';
+ cookie = talloc_zero_array(ctrl, char,
+ strlen(control_strings) + 1);
+ if (cookie == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
p = &(control_strings[sizeof(LDB_CONTROL_DIRSYNC_EX_NAME)]);
ret = sscanf(p, "%d:%u:%d:%1023[^$]", &crit, &flags,
&max_attrs, cookie);
@@ -615,6 +637,11 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_DIRSYNC_EX_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_dirsync_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->flags = flags;
control->max_attributes = max_attrs;
if (*cookie) {
@@ -630,6 +657,7 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
control->cookie = (char *)talloc_memdup(control,
cookie, control->cookie_len);
if (control->cookie == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -637,6 +665,7 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
control->cookie_len = 0;
}
ctrl->data = control;
+ TALLOC_FREE(cookie);
return ctrl;
}
@@ -662,6 +691,11 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_ASQ_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_asq_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->request = 1;
control->source_attribute = talloc_strdup(control, attr);
control->src_attr_len = strlen(attr);
@@ -693,6 +727,11 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
control = NULL;
} else {
control = talloc(ctrl, struct ldb_extended_dn_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
control->type = type;
}
@@ -723,6 +762,12 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_SD_FLAGS_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_sd_flags_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->secinfo_flags = secinfo_flags;
ctrl->data = control;
@@ -749,6 +794,12 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_SEARCH_OPTIONS_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_search_options_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->search_options = search_options;
ctrl->data = control;
@@ -865,6 +916,12 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_PAGED_RESULTS_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_paged_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->size = size;
if (cookie[0] != '\0') {
int len = ldb_base64_decode(cookie);
@@ -879,6 +936,7 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
control->cookie = talloc_memdup(control, cookie,
control->cookie_len);
if (control->cookie == NULL) {
ldb_oom(ldb);
+ talloc_free(ctrl);
return NULL;
}
} else {
@@ -912,12 +970,36 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_SERVER_SORT_OID;
ctrl->critical = crit;
control = talloc_array(ctrl, struct ldb_server_sort_control *,
2);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control[0] = talloc(control, struct ldb_server_sort_control);
+ if (control[0] == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control[0]->attributeName = talloc_strdup(control, attr);
- if (rule[0])
+ if (control[0]->attributeName == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
+ if (rule[0]) {
control[0]->orderingRule = talloc_strdup(control, rule);
- else
+ if (control[0]->orderingRule == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+ } else {
control[0]->orderingRule = NULL;
+ }
control[0]->reverse = rev;
control[1] = NULL;
ctrl->data = control;
@@ -1179,7 +1261,19 @@ struct ldb_control *ldb_parse_control_from_string(struct
ldb_context *ldb, TALLO
ctrl->oid = LDB_CONTROL_VERIFY_NAME_OID;
ctrl->critical = crit;
control = talloc(ctrl, struct ldb_verify_name_control);
+ if (control == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->gc = talloc_strdup(control, gc);
+ if (control->gc == NULL) {
+ ldb_oom(ldb);
+ talloc_free(ctrl);
+ return NULL;
+ }
+
control->gc_len = strlen(gc);
control->flags = flags;
ctrl->data = control;
diff --git a/lib/util/debug.c b/lib/util/debug.c
index d41e0f99c77..847ec1f0a0c 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -557,10 +557,10 @@ static const char *default_classname_table[] = {
* This is to allow reading of DEBUGLEVEL_CLASS before the debug
* system has been initialized.
*/
-static const int debug_class_list_initial[ARRAY_SIZE(default_classname_table)];
+static int debug_class_list_initial[ARRAY_SIZE(default_classname_table)];
static size_t debug_num_classes = 0;
-int *DEBUGLEVEL_CLASS = discard_const_p(int, debug_class_list_initial);
+int *DEBUGLEVEL_CLASS = debug_class_list_initial;
/* --------------------------------------------------------------------------
**
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index d9f4b3fc8a6..491fc0699f4 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -74,6 +74,7 @@ NTSTATUS dom_sid_lookup_predefined_sid(const struct dom_sid
*sid,
enum lsa_SidType *type,
const struct dom_sid **authority_sid,
const char **authority_name);
+bool dom_sid_lookup_is_predefined_domain(const char *domain);
int dom_sid_compare_auth(const struct dom_sid *sid1,
const struct dom_sid *sid2);
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index af04dff1325..531d3809565 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -879,6 +879,39 @@ NTSTATUS dom_sid_lookup_predefined_name(const char *name,
return NT_STATUS_NONE_MAPPED;
}
+bool dom_sid_lookup_is_predefined_domain(const char *domain)
+{
+ size_t di;
+ bool match;
+
+ if (domain == NULL) {
+ domain = "";
+ }
+
+ match = strequal(domain, "");
+ if (match) {
+ /*
+ * Strange, but that's what W2012R2 does.
--
Samba Shared Repository
