last show stoppers for 3.0.1rc2 (i really mean it this time)

10 files changed, 98 insertions, 26 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 24e6295d282..3acaa4c11b8 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -35,8 +35,16 @@ details:
 7)  Protect alloc_sub_basic() from crashing when the source string 
     is NULL (partial work on bug 687).
 8)  Fix spinlocks on IRIX.
-9)  Corrected some bad paths with using --with-fhs to configure.
+9)  Corrected some bad destination paths when running "configure 
+    --with-fhs".
 10) Add packaging for Fedora Core 1.
+11) Correct bug in SWAT install script for non=english languages.
+12) Support character set ISO-8859-1 internally (bug 558).
+13) Fixed more LDAP access errors when looking up group mappings 
+    (bug 281).
+14) Fix UNISTR2 length bug in LsaQueryInfo(3) that caused SID 
+    resolution to fail on local files on on domain members 
+    (bug 875).
 
 
 Changes since 3.0.1pre3
diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c
index b1c260581ee..08ac6a25a53 100644
--- a/source/groupdb/mapping.c
+++ b/source/groupdb/mapping.c
@@ -504,7 +504,8 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
 BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 {
 	struct group *grp;
-
+	BOOL ret;
+	
 	if(!init_group_mapping()) {
 		DEBUG(0,("failed to initialize group mapping"));
 		return(False);
@@ -513,7 +514,12 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 	DEBUG(10, ("get_domain_group_from_sid\n"));
 
 	/* if the group is NOT in the database, it CAN NOT be a domain group */
-	if(!pdb_getgrsid(map, sid))
+	
+	become_root();
+	ret = pdb_getgrsid(map, sid);
+	unbecome_root();
+	
+	if ( !ret ) 
 		return False;
 
 	DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n"));
@@ -547,14 +553,19 @@ BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 
 BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 {
+	BOOL ret;
+	
 	if(!init_group_mapping()) {
 		DEBUG(0,("failed to initialize group mapping"));
 		return(False);
 	}
 
 	/* The group is in the mapping table */
+	become_root();
+	ret = pdb_getgrsid(map, sid);
+	unbecome_root();
 	
-	if( !pdb_getgrsid(map, sid) ) 
+	if ( !ret )
 		return False;
 		
 	if ( (map->sid_name_use != SID_NAME_ALIAS)
@@ -564,7 +575,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 		return False;
 	} 		
 			
-#if 0 	/* JERRY */
+#if 1 	/* JERRY */
 	/* local groups only exist in the group mapping DB so this 
 	   is not necessary */
 	   
@@ -572,6 +583,7 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 		/* the group isn't in the mapping table.
 		 * make one based on the unix information */
 		uint32 alias_rid;
+		struct group *grp;
 
 		sid_peek_rid(&sid, &alias_rid);
 		map->gid=pdb_group_rid_to_gid(alias_rid);
@@ -599,13 +611,19 @@ BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map)
 {
 	struct group *grp;
+	BOOL ret;
+	
 
 	if(!init_group_mapping()) {
 		DEBUG(0,("failed to initialize group mapping"));
 		return(False);
 	}
 
-	if(!pdb_getgrsid(map, sid))
+	become_root();
+	ret = pdb_getgrsid(map, sid);
+	unbecome_root();
+	
+	if ( !ret )
 		return False;
 
 	if (map->sid_name_use!=SID_NAME_WKN_GRP) {
diff --git a/source/include/rpc_misc.h b/source/include/rpc_misc.h
index aaaad55c20c..29ae2121857 100644
--- a/source/include/rpc_misc.h
+++ b/source/include/rpc_misc.h
@@ -403,5 +403,5 @@ typedef struct buffer4_info
 }
 BUFFER4;
 
-enum unistr2_term_codes { UNI_FLAGS_NONE = 0, UNI_STR_TERMINATE = 1, UNI_MAXLEN_TERMINATE = 2 };
+enum unistr2_term_codes { UNI_FLAGS_NONE = 0, UNI_STR_TERMINATE = 1, UNI_MAXLEN_TERMINATE = 2, UNI_BROKEN_NON_NULL = 3 };
 #endif /* _RPC_MISC_H */
diff --git a/source/lib/iconv.c b/source/lib/iconv.c
index 9f6db79ee24..b0c13a5ee68 100644
--- a/source/lib/iconv.c
+++ b/source/lib/iconv.c
@@ -53,6 +53,7 @@
 
 static size_t ascii_pull(void *,char **, size_t *, char **, size_t *);
 static size_t ascii_push(void *,char **, size_t *, char **, size_t *);
+static size_t latin1_push(void *,char **, size_t *, char **, size_t *);
 static size_t  utf8_pull(void *,char **, size_t *, char **, size_t *);
 static size_t  utf8_push(void *,char **, size_t *, char **, size_t *);
 static size_t ucs2hex_pull(void *,char **, size_t *, char **, size_t *);
@@ -64,6 +65,7 @@ static struct charset_functions builtin_functions[] = {
 	{"UTF8",   utf8_pull,  utf8_push},
 	{"ASCII", ascii_pull, ascii_push},
 	{"646", ascii_pull, ascii_push},
+	{"ISO-8859-1", ascii_pull, latin1_push},
 	{"UCS2-HEX", ucs2hex_pull, ucs2hex_push},
 	{NULL, NULL, NULL}
 };
@@ -354,6 +356,32 @@ static size_t ascii_push(void *cd, char **inbuf, size_t *inbytesleft,
 	return ir_count;
 }
 
+static size_t latin1_push(void *cd, char **inbuf, size_t *inbytesleft,
+			 char **outbuf, size_t *outbytesleft)
+{
+	int ir_count=0;
+
+	while (*inbytesleft >= 2 && *outbytesleft >= 1) {
+		(*outbuf)[0] = (*inbuf)[0];
+		if ((*inbuf)[1]) ir_count++;
+		(*inbytesleft)  -= 2;
+		(*outbytesleft) -= 1;
+		(*inbuf)  += 2;
+		(*outbuf) += 1;
+	}
+
+	if (*inbytesleft == 1) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (*inbytesleft > 1) {
+		errno = E2BIG;
+		return -1;
+	}
+	
+	return ir_count;
+}
 
 static size_t ucs2hex_pull(void *cd, char **inbuf, size_t *inbytesleft,
 			 char **outbuf, size_t *outbytesleft)
diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c
index 6246cdaee13..cfa39685e39 100644
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@@ -707,6 +707,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
 	uint32 rid;
 	SAM_ACCOUNT *sam_account = NULL;
 	GROUP_MAP map;
+	BOOL ret;
 
 	if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
 		DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n",
@@ -736,9 +737,10 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
 	
 	/* see if the passdb can help us with the name of the user */
 
+	/* BEING ROOT BLLOCK */
 	become_root();
 	if (pdb_getsampwsid(sam_account, sid)) {
-		unbecome_root();
+		unbecome_root();			/* -----> EXIT BECOME_ROOT() */
 		fstrcpy(name, pdb_get_username(sam_account));
 		*psid_name_use = SID_NAME_USER;
 
@@ -746,10 +748,13 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
 			
 		return True;
 	}
-	unbecome_root();
 	pdb_free_sam(&sam_account);
-		
-	if (pdb_getgrsid(&map, *sid)) {
+	
+	ret = pdb_getgrsid(&map, *sid);
+	unbecome_root();
+	/* END BECOME_ROOT BLOCK */
+	
+	if ( ret ) {
 		if (map.gid!=(gid_t)-1) {
 			DEBUG(5,("local_lookup_sid: mapped group %s to gid %u\n", map.nt_name, (unsigned int)map.gid));
 		} else {
@@ -1233,6 +1238,7 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
 {
 	uint32 rid;
 	GROUP_MAP group;
+	BOOL ret;
 
 	*name_type = SID_NAME_UNKNOWN;
 
@@ -1241,8 +1247,12 @@ BOOL local_sid_to_gid(gid_t *pgid, const DOM_SID *psid, enum SID_NAME_USE *name_
 
 	/* we don't need to disable winbindd since the gid is stored in 
 	   the GROUP_MAP object */
-
-	if ( !pdb_getgrsid(&group, *psid) ) {
+	   
+	become_root();
+	pdb_getgrsid(&group, *psid);
+	unbecome_root();
+	
+	if ( !ret ) {
 
 		/* fallback to rid mapping if enabled */
 
diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c
index afdf0fc4c9b..976ba206810 100644
--- a/source/rpc_parse/parse_misc.c
+++ b/source/rpc_parse/parse_misc.c
@@ -914,7 +914,7 @@ void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags)
 	str->uni_max_len = num_chars;
 	str->offset = 0;
 	str->uni_str_len = num_chars;
-	if (num_chars && (flags == UNI_MAXLEN_TERMINATE))
+	if ( num_chars && ((flags == UNI_MAXLEN_TERMINATE) || (flags == UNI_BROKEN_NON_NULL)) )
 		str->uni_max_len++;
 }
 
diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c
index e545d8c2673..2b2cb919245 100644
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@@ -66,7 +66,7 @@ static void init_dom_query(DOM_QUERY *d_q, const char *dom_name, DOM_SID *dom_si
 
 	/* this string is supposed to be non-null terminated. */
 	/* But the maxlen in this UNISTR2 must include the terminating null. */
-	init_unistr2(&d_q->uni_domain_name, dom_name, UNI_MAXLEN_TERMINATE);
+	init_unistr2(&d_q->uni_domain_name, dom_name, UNI_BROKEN_NON_NULL);
 
 	/*
 	 * I'm not sure why this really odd combination of length
diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c
index 7f57a9fc9d4..c84e288a4be 100644
--- a/source/rpc_server/srv_samr_nt.c
+++ b/source/rpc_server/srv_samr_nt.c
@@ -1246,6 +1246,7 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
 	DOM_SID   sid;
 	GROUP_MAP map;
 	uint32    acc_granted;
+	BOOL ret;
 
 	r_u->status = NT_STATUS_OK;
 
@@ -1262,7 +1263,11 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM
 	    !sid_check_is_in_builtin(&sid))
 		return NT_STATUS_OBJECT_TYPE_MISMATCH;
 
-	if (!pdb_getgrsid(&map, sid))
+	become_root();
+	ret = pdb_getgrsid(&map, sid);
+	unbecome_root();
+	
+	if ( !ret )
 		return NT_STATUS_NO_SUCH_ALIAS;
 
 	switch (q_u->switch_level) {
diff --git a/source/rpc_server/srv_util.c b/source/rpc_server/srv_util.c
index c2395e6faec..504e6a83c00 100644
--- a/source/rpc_server/srv_util.c
+++ b/source/rpc_server/srv_util.c
@@ -147,8 +147,6 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	become_root();
-	
 	for (i=0;i<num_groups;i++) {
 
 		if (!get_group_from_gid(groups[i], &map)) {
@@ -197,9 +195,8 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 		break;
 	}
 
-	unbecome_root();
-	
-	if(num_groups) free(groups);
+	if(num_groups) 
+		free(groups);
 
 	/* now check for the user's gid (the primary group rid) */
 	for (i=0; i<cur_rid && grid!=rids[i]; i++)
@@ -213,15 +210,12 @@ NTSTATUS get_alias_user_groups(TALLOC_CTX *ctx, DOM_SID *sid, int *numgroups, ui
 
 	DEBUG(10,("get_alias_user_groups: looking for gid %d of user %s\n", (int)gid, user_name));
 
-	become_root();
-
 	if(!get_group_from_gid(gid, &map)) {
-		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your /etc/passwd and /etc/group files\n", user_name));
+		DEBUG(0,("get_alias_user_groups: gid of user %s doesn't exist. Check your "
+		"/etc/passwd and /etc/group files\n", user_name));
 		goto done;
 	}	
 
-	unbecome_root();
-
 	/* the primary group isn't an alias */
 	if (map.sid_name_use!=SID_NAME_ALIAS) {
 		DEBUG(10,("get_alias_user_groups: not returing %s, not an ALIAS group.\n", map.nt_name));
diff --git a/source/script/installswat.sh b/source/script/installswat.sh
index 7ac675de103..c0285bda558 100755
--- a/source/script/installswat.sh
+++ b/source/script/installswat.sh
@@ -29,6 +29,9 @@ done
 for ln in $LANGS; do
 
   for f in $SRCDIR../swat/$ln/images/*.gif; do
+      if [ ! -f $f ] ; then
+	continue
+      fi
       FNAME=$SWATDIR/$ln/images/`basename $f`
       echo $FNAME
       cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
@@ -38,6 +41,9 @@ for ln in $LANGS; do
   # Install html help
 
   for f in $SRCDIR../swat/$ln/help/*.html; do
+      if [ ! -f $f ] ; then
+	continue
+      fi
       FNAME=$SWATDIR/$ln/help/`basename $f`
       echo $FNAME
       if [ "x$BOOKDIR" = "x" ]; then
@@ -54,6 +60,9 @@ for ln in $LANGS; do
   # Install "server-side" includes
 
   for f in $SRCDIR../swat/$ln/include/*.html; do
+      if [ ! -f $f ] ; then
+	continue
+      fi
       FNAME=$SWATDIR/$ln/include/`basename $f`
       echo $FNAME
       cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?