diff --git a/.samba.metadata b/.samba.metadata
index 8d59ac5..e66477a 100644
--- a/.samba.metadata
+++ b/.samba.metadata
@@ -1 +1 @@
-0a30103eaf9664c67d6af76d098b53fde7e6de3a SOURCES/samba-4.1.0.tar.xz
+7858cf2570eb436e7b50ddfc4acf23844cf83179 SOURCES/samba-4.1.1.tar.xz
diff --git a/SOURCES/samba-4.1.0-upn.patch b/SOURCES/samba-4.1.0-upn.patch
new file mode 100644
index 0000000..b5caa31
--- /dev/null
+++ b/SOURCES/samba-4.1.0-upn.patch
@@ -0,0 +1,53 @@
+From d161c173088ce82ea11a914ce62c5b77af9f4f9f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Wed, 6 Nov 2013 18:21:32 +0100
+Subject: [PATCH] s3-libnetjoin: use upper-case realm when composing default
+ upn.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In case we are about to generate a keytab during the join make sure the default
+upn we create is usable with kinit -k.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+---
+ source3/libnet/libnet_join.c | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index 2dcb920..b84fcd6 100644
+--- a/source3/libnet/libnet_join.c
++++ b/source3/libnet/libnet_join.c
+@@ -449,10 +449,25 @@ static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx,
+ }
+
+ if (!r->in.upn) {
++ char *realm = r->out.dns_domain_name;
++
++ /* in case we are about to generate a keytab during the join
++ * make sure the default upn we create is usable with kinit -k.
++ * gd */
++
++ if (USE_KERBEROS_KEYTAB) {
++ realm = talloc_strdup_upper(mem_ctx,
++ r->out.dns_domain_name);
++ }
++
++ if (!realm) {
++ return ADS_ERROR(LDAP_NO_MEMORY);
++ }
++
+ r->in.upn = talloc_asprintf(mem_ctx,
+ "host/%s@%s",
+ r->in.machine_name,
+- r->out.dns_domain_name);
++ realm);
+ if (!r->in.upn) {
+ return ADS_ERROR(LDAP_NO_MEMORY);
+ }
+--
+1.8.3.1
+
diff --git a/SOURCES/samba-4.1.1-Fix-memset-in-ntdb.patch b/SOURCES/samba-4.1.1-Fix-memset-in-ntdb.patch
new file mode 100644
index 0000000..85362d1
--- /dev/null
+++ b/SOURCES/samba-4.1.1-Fix-memset-in-ntdb.patch
@@ -0,0 +1,38 @@
+commit 45a1cbb7514f9db5fe2d7c2207d7723092aa164d
+Author: Volker Lendecke <vl@samba.org>
+AuthorDate: Thu Jul 11 14:57:53 2013 +0200
+Commit: Karolin Seeger <kseeger@samba.org>
+CommitDate: Mon Oct 14 10:11:48 2013 +0200
+
+ ccan: Fix calling memset with zero length parameter
+
+ Signed-off-by: Volker Lendecke <vl@samba.org>
+ Reviewed-by: Andreas Schneider <asn@samba.org>
+
+ Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+ Autobuild-Date(master): Thu Jul 11 16:55:49 CEST 2013 on sn-devel-104
+
+ Signed-off-by: Andreas Schneider <asn@samba.org>
+
+ Fix bug #10190 - Fix memset used with constant zero length parameter.
+---
+ lib/ccan/tally/tally.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ccan/tally/tally.c b/lib/ccan/tally/tally.c
+index 774373c..29f0555 100644
+--- a/lib/ccan/tally/tally.c
++++ b/lib/ccan/tally/tally.c
+@@ -506,11 +506,11 @@ char *tally_histogram(const struct tally *tally,
+
+ if (count > covered) {
+ count -= covered;
++ memset(p, '*', count);
+ } else {
+ count = 0;
+ }
+
+- memset(p, '*', count);
+ p += count;
+ *p = '\n';
+ p++;
diff --git a/SOURCES/samba-4.1.2-doc.patch b/SOURCES/samba-4.1.2-doc.patch
new file mode 100644
index 0000000..93aa45c
--- /dev/null
+++ b/SOURCES/samba-4.1.2-doc.patch
@@ -0,0 +1,4246 @@
+From 1573638212a9733a44939a4d38a226f38dca36f1 Mon Sep 17 00:00:00 2001
+From: Michele Baldessari <michele@acksyn.org>
+Date: Tue, 9 Jul 2013 23:23:33 +0200
+Subject: [PATCH] Fix typos in man-pages
+
+Fix some typos in the man-pages.
+
+Signed-off-by: Michele Baldessari <michele@acksyn.org>
+Reviewed-by: Simo Sorce <idra@samba.org>
+
+Autobuild-User(master): Simo Sorce <idra@samba.org>
+Autobuild-Date(master): Wed Jul 10 16:45:07 CEST 2013 on sn-devel-104
+---
+ docs-xml/manpages/dbwrap_tool.1.xml | 2 +-
+ docs-xml/manpages/idmap_autorid.8.xml | 2 +-
+ docs-xml/manpages/net.8.xml | 2 +-
+ docs-xml/manpages/pdbedit.8.xml | 2 +-
+ docs-xml/manpages/samba.7.xml | 2 +-
+ docs-xml/manpages/smbclient.1.xml | 2 +-
+ docs-xml/manpages/smbpasswd.5.xml | 2 +-
+ docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml | 2 +-
+ 8 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml
+index e2b2cee..a1a2f97 100644
+--- a/docs-xml/manpages/dbwrap_tool.1.xml
++++ b/docs-xml/manpages/dbwrap_tool.1.xml
+@@ -49,7 +49,7 @@
+ <listitem><para>fetch: fetch a record</para></listitem>
+ <listitem><para>store: create or modify a record</para></listitem>
+ <listitem><para>delete: remove a record</para></listitem>
+- <listitem><para>exists: test for existance of a record</para></listitem>
++ <listitem><para>exists: test for existence of a record</para></listitem>
+ <listitem><para>erase: remove all records</para></listitem>
+ <listitem><para>listkeys: list all available records</para></listitem>
+ <listitem><para>listwatchers: list processes, which are waiting for changes in a record</para></listitem>
+diff --git a/docs-xml/manpages/idmap_autorid.8.xml b/docs-xml/manpages/idmap_autorid.8.xml
+index c35f903..7446d53 100644
+--- a/docs-xml/manpages/idmap_autorid.8.xml
++++ b/docs-xml/manpages/idmap_autorid.8.xml
+@@ -109,7 +109,7 @@
+ <title>EXAMPLES</title>
+ <para>
+ This example shows you the minimal configuration that will
+- work for the principial domain and 19 trusted domains / range
++ work for the principal domain and 19 trusted domains / range
+ extensions.
+ </para>
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index dd5b3ab..0df2e07 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -1671,7 +1671,7 @@ shares created by other users.
+
+ <para>Starting with version 3.2.0, a Samba server can be configured by data
+ stored in registry. This configuration data can be edited with the new "net
+-conf" commands. There is also the possiblity to configure a remote Samba server
++conf" commands. There is also the possibility to configure a remote Samba server
+ by enabling the RPC conf mode and specifying the the address of the remote server.
+ </para>
+
+diff --git a/docs-xml/manpages/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml
+index 4bb3751..c5d6b23 100644
+--- a/docs-xml/manpages/pdbedit.8.xml
++++ b/docs-xml/manpages/pdbedit.8.xml
+@@ -289,7 +289,7 @@ retype new password
+ </programlisting>
+ </para>
+
+- <note><para>pdbedit does not call the unix password syncronisation
++ <note><para>pdbedit does not call the unix password synchronization
+ script if <smbconfoption name="unix password sync"/>
+ has been set. It only updates the data in the Samba
+ user database.
+diff --git a/docs-xml/manpages/samba.7.xml b/docs-xml/manpages/samba.7.xml
+index 9299660..cedb4e4 100644
+--- a/docs-xml/manpages/samba.7.xml
++++ b/docs-xml/manpages/samba.7.xml
+@@ -91,7 +91,7 @@
+ <manvolnum>8</manvolnum></citerefentry></term>
+ <listitem><para>The <command>samba-tool</command>
+ is the main Samba Administration tool regarding
+- Acitive Directory services.</para>
++ Active Directory services.</para>
+ </listitem>
+ </varlistentry>
+
+diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml
+index 328fd50..b222c56 100644
+--- a/docs-xml/manpages/smbclient.1.xml
++++ b/docs-xml/manpages/smbclient.1.xml
+@@ -564,7 +564,7 @@
+ sent to the server on directory listings and file opens. If
+ the "backup intent" flag is true, the server will try and
+ bypass some file system checks if the user has been granted
+- SE_BACKUP or SE_RESTORE privilages. This state is useful when
++ SE_BACKUP or SE_RESTORE privileges. This state is useful when
+ performing a backup or restore operation.
+ </para></listitem>
+ </varlistentry>
+diff --git a/docs-xml/manpages/smbpasswd.5.xml b/docs-xml/manpages/smbpasswd.5.xml
+index fc512b8..986dedb 100644
+--- a/docs-xml/manpages/smbpasswd.5.xml
++++ b/docs-xml/manpages/smbpasswd.5.xml
+@@ -39,7 +39,7 @@
+ <para>The format of the smbpasswd file used by Samba 2.2
+ is very similar to the familiar Unix <filename>passwd(5)</filename>
+ file. It is an ASCII file containing one line for each user. Each field
+- ithin each line is separated from the next by a colon. Any entry
++ within each line is separated from the next by a colon. Any entry
+ beginning with '#' is ignored. The smbpasswd file contains the
+ following information for each user: </para>
+
+diff --git a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
+index 0daafc6..38644e7 100644
+--- a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
++++ b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
+@@ -139,7 +139,7 @@
+ The module now can identify itself against the receiver with a sub-release number, where
+ the receiver may run with a different sub-release number than the module. However, as
+ long as both run on the V2.x protocol, the receiver will not crash, even if the module
+- uses features only implemented in the newer subrelease. Ultimatively, if the module uses
++ uses features only implemented in the newer subrelease. Ultimately, if the module uses
+ a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
+ ignoring the functionality. Of course it is best to have both the receiver and the module
+ running the same subrelease of the protocol.
+--
+1.8.3.1
+
+From 16a873bf7c5c3d236e4bc107953dc6f3159764a2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 17:42:06 +0200
+Subject: [PATCH 01/83] docs: remove duplicate word "the" in idmap_ad manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/idmap_ad.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml
+index 2ae490b..56378c1 100644
+--- a/docs-xml/manpages/idmap_ad.8.xml
++++ b/docs-xml/manpages/idmap_ad.8.xml
+@@ -31,7 +31,7 @@
+
+ <para>
+ Currently, the <parameter>ad</parameter> backend
+- does not work as the the default idmap backend, but one has
++ does not work as the default idmap backend, but one has
+ to configure it separately for each domain for which one wants
+ to use it, using disjoint ranges. One usually needs to configure
+ a writeable default idmap range, using for example the
+--
+1.8.3.1
+
+
+From f17f61a4c0d5c13a273eae0b72521e464b1d3d8f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 17:44:12 +0200
+Subject: [PATCH 02/83] docs: remove duplicate word "name" in nmblookup
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmblookup.1.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/nmblookup.1.xml b/docs-xml/manpages/nmblookup.1.xml
+index bb4bd96..12c707f 100644
+--- a/docs-xml/manpages/nmblookup.1.xml
++++ b/docs-xml/manpages/nmblookup.1.xml
+@@ -57,7 +57,7 @@
+ <varlistentry>
+ <term>-M</term>
+ <listitem><para>Searches for a master browser by looking
+- up the NetBIOS name <replaceable>name</replaceable> with a
++ up the NetBIOS <replaceable>name</replaceable> with a
+ type of <constant>0x1d</constant>. If <replaceable>
+ name</replaceable> is "-" then it does a lookup on the special name
+ <constant>__MSBROWSE__</constant>. Please note that in order to
+--
+1.8.3.1
+
+
+From 4112eb0529780113716c6032561504196be8235f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 17:45:21 +0200
+Subject: [PATCH 03/83] docs: remove duplicate word "name" in nmblookup4
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ libcli/nbt/man/nmblookup4.1.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libcli/nbt/man/nmblookup4.1.xml b/libcli/nbt/man/nmblookup4.1.xml
+index 198afec..b6fe48c 100644
+--- a/libcli/nbt/man/nmblookup4.1.xml
++++ b/libcli/nbt/man/nmblookup4.1.xml
+@@ -57,7 +57,7 @@
+ <varlistentry>
+ <term>-M</term>
+ <listitem><para>Searches for a master browser by looking
+- up the NetBIOS name <replaceable>name</replaceable> with a
++ up the NetBIOS <replaceable>name</replaceable> with a
+ type of <constant>0x1d</constant>. If <replaceable>
+ name</replaceable> is "-" then it does a lookup on the special name
+ <constant>__MSBROWSE__</constant>. Please note that in order to
+--
+1.8.3.1
+
+
+From e320d57ed6a4d732980656eb01a5f777357f9715 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 17:50:28 +0200
+Subject: [PATCH 04/83] docs: remove duplicate arguments listing in regdiff
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source4/lib/registry/man/regdiff.1.xml | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/source4/lib/registry/man/regdiff.1.xml b/source4/lib/registry/man/regdiff.1.xml
+index 3fe965c..23aae34 100644
+--- a/source4/lib/registry/man/regdiff.1.xml
++++ b/source4/lib/registry/man/regdiff.1.xml
+@@ -21,11 +21,8 @@
+ <command>regdiff</command>
+ <arg choice="opt">--help</arg>
+ <arg choice="opt">--backend=BACKEND</arg>
+- <arg choice="opt">--backend=BACKEND</arg>
+- <arg choice="opt">--credentials=CREDENTIALS</arg>
+ <arg choice="opt">--credentials=CREDENTIALS</arg>
+ <arg choice="opt">location</arg>
+- <arg choice="opt">location</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+--
+1.8.3.1
+
+
+From d33ca796071a2a6f8bf65d6eed2fe159a75de8c5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 17:55:03 +0200
+Subject: [PATCH 05/83] docs: remove duplicate word "the" in winbindd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/winbindd.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml
+index 5100493..1cb49ca 100644
+--- a/docs-xml/manpages/winbindd.8.xml
++++ b/docs-xml/manpages/winbindd.8.xml
+@@ -364,7 +364,7 @@ auth required /lib/security/pam_unix.so \
+ be the same. The user and group ids will only be valid for the local
+ machine, unless a shared <smbconfoption name="idmap config * : backend"/> is configured.</para>
+
+- <para>If the the Windows NT SID to UNIX user and group id mapping
++ <para>If the Windows NT SID to UNIX user and group id mapping
+ file is damaged or destroyed then the mappings will be lost. </para>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 6a0b75f901052234f35d4ba596754e7714af7e87 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 17:58:45 +0200
+Subject: [PATCH 06/83] docs: remove duplicate mention of "smbtorture" in
+ smbtorture manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source4/torture/man/smbtorture.1.xml | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/source4/torture/man/smbtorture.1.xml b/source4/torture/man/smbtorture.1.xml
+index 9b70b9b..09e19ed 100644
+--- a/source4/torture/man/smbtorture.1.xml
++++ b/source4/torture/man/smbtorture.1.xml
+@@ -19,10 +19,6 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>smbtorture</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>smbtorture</command>
+ <arg choice="req">//server/share</arg>
+ <arg choice="opt">-d debuglevel</arg>
+ <arg choice="opt">-U user%pass</arg>
+--
+1.8.3.1
+
+
+From e003650f5cf0b9581da00ad39b0784aab074119b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 17:59:22 +0200
+Subject: [PATCH 07/83] docs: remove duplicate mention of "ntdbtool" in
+ ntdbtool manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ lib/ntdb/man/ntdbtool.8.xml | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/lib/ntdb/man/ntdbtool.8.xml b/lib/ntdb/man/ntdbtool.8.xml
+index a23a48e..7e6530c 100644
+--- a/lib/ntdb/man/ntdbtool.8.xml
++++ b/lib/ntdb/man/ntdbtool.8.xml
+@@ -20,10 +20,6 @@
+
+ <cmdsynopsis>
+ <command>ntdbtool</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>ntdbtool</command>
+ <arg choice="plain">
+ <replaceable>NTDBFILE</replaceable>
+ </arg>
+--
+1.8.3.1
+
+
+From 56cff0b3f40b98c0d00323eb94a2204af6c48fed Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 18:00:02 +0200
+Subject: [PATCH 08/83] docs: remove duplicate mention of "smbta-util" in
+ smbta-util manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbta-util.8.xml | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/docs-xml/manpages/smbta-util.8.xml b/docs-xml/manpages/smbta-util.8.xml
+index ef38926..3925e87 100644
+--- a/docs-xml/manpages/smbta-util.8.xml
++++ b/docs-xml/manpages/smbta-util.8.xml
+@@ -20,10 +20,6 @@
+
+ <cmdsynopsis>
+ <command>smbta-util</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>smbta-util</command>
+ <arg rep="repeat" choice="opt">
+ <replaceable>COMMANDS</replaceable>
+ </arg>
+--
+1.8.3.1
+
+
+From a2a7991624fa273b01898a26c86f951b928525e6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 18:02:47 +0200
+Subject: [PATCH 09/83] docs: remove duplicate word "trust" from net manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index 2f04deb..aad5fb5 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -877,7 +877,7 @@ net rpc trust create \
+ <refsect3>
+ <title>RPC TRUST DELETE</title>
+
+-<para>Delete a trust trust object by calling lsaDeleteTrustedDomain.
++<para>Delete a trust object by calling lsaDeleteTrustedDomain.
+ The can be done on a single server or on two servers at once.</para>
+
+ <variablelist><title>Options:</title>
+--
+1.8.3.1
+
+
+From 93f32c777c1a36d9d4dc91b6aa1e9e14ee13fb91 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 14 Oct 2013 18:03:14 +0200
+Subject: [PATCH 10/83] docs: remove duplicate word "the" from net manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index aad5fb5..5fa042e 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -1737,7 +1737,7 @@ shares created by other users.
+ <para>Starting with version 3.2.0, a Samba server can be configured by data
+ stored in registry. This configuration data can be edited with the new "net
+ conf" commands. There is also the possibility to configure a remote Samba server
+-by enabling the RPC conf mode and specifying the the address of the remote server.
++by enabling the RPC conf mode and specifying the address of the remote server.
+ </para>
+
+ <para>
+--
+1.8.3.1
+
+
+From 05db55af943e50bd8f7b29f8210f32350239ea59 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 15 Oct 2013 15:11:33 +0200
+Subject: [PATCH 11/83] docs: mention more options in winbindd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/winbindd.8.xml | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/docs-xml/manpages/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml
+index 1cb49ca..f6aad3f 100644
+--- a/docs-xml/manpages/winbindd.8.xml
++++ b/docs-xml/manpages/winbindd.8.xml
+@@ -20,13 +20,13 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>winbindd</command>
+- <arg choice="opt">-D</arg>
+- <arg choice="opt">-F</arg>
+- <arg choice="opt">-S</arg>
+- <arg choice="opt">-i</arg>
++ <arg choice="opt">-D|--daemon</arg>
++ <arg choice="opt">-F|--foreground</arg>
++ <arg choice="opt">-S|--stdout</arg>
++ <arg choice="opt">-i|--interactive</arg>
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-s <smb config file></arg>
+- <arg choice="opt">-n</arg>
++ <arg choice="opt">-n|--no-caching</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -135,7 +135,7 @@ hosts: files wins
+
+ <variablelist>
+ <varlistentry>
+- <term>-D</term>
++ <term>-D|--daemon</term>
+ <listitem><para>If specified, this parameter causes
+ the server to operate as a daemon. That is, it detaches
+ itself and runs in the background on the appropriate port.
+@@ -145,7 +145,7 @@ hosts: files wins
+ </varlistentry>
+
+ <varlistentry>
+- <term>-F</term>
++ <term>-F|--foreground</term>
+ <listitem><para>If specified, this parameter causes
+ the main <command>winbindd</command> process to not daemonize,
+ i.e. double-fork and disassociate with the terminal.
+@@ -160,7 +160,7 @@ hosts: files wins
+ </varlistentry>
+
+ <varlistentry>
+- <term>-S</term>
++ <term>-S|--stdout</term>
+ <listitem><para>If specified, this parameter causes
+ <command>winbindd</command> to log to standard output rather
+ than a file.</para></listitem>
+@@ -171,7 +171,7 @@ hosts: files wins
+ &stdarg.help;
+
+ <varlistentry>
+- <term>-i</term>
++ <term>-i|--interactive</term>
+ <listitem><para>Tells <command>winbindd</command> to not
+ become a daemon and detach from the current terminal. This
+ option is used by developers when interactive debugging
+@@ -182,7 +182,7 @@ hosts: files wins
+ </varlistentry>
+
+ <varlistentry>
+- <term>-n</term>
++ <term>-n|--no-caching</term>
+ <listitem><para>Disable some caching. This means winbindd will
+ often have to wait for a response from the domain controller
+ before it can respond to a client and this thus makes things
+--
+1.8.3.1
+
+
+From b5fa1139a4e9ef7bd79ace6efe7bf06af595daa4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 15:19:59 +0100
+Subject: [PATCH 12/83] docs: mention --no-process-group in winbindd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/winbindd.8.xml | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/docs-xml/manpages/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml
+index f6aad3f..fd644c3 100644
+--- a/docs-xml/manpages/winbindd.8.xml
++++ b/docs-xml/manpages/winbindd.8.xml
+@@ -27,6 +27,7 @@
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-s <smb config file></arg>
+ <arg choice="opt">-n|--no-caching</arg>
++ <arg choice="opt">--no-process-group</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -194,6 +195,12 @@ hosts: files wins
+ </para></listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term>--no-process-group</term>
++ <listitem><para>Do not create a new process group for winbindd.
++ </para></listitem>
++ </varlistentry>
++
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 4f790b10d5a6737f1b5978fca27d78a0b27aa75d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 16:23:03 +0100
+Subject: [PATCH 13/83] docs: mention --dc-info in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index f970a5e..2df86ca 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -27,6 +27,7 @@
+ <arg choice="opt">--ccache-save</arg>
+ <arg choice="opt">--change-user-password</arg>
+ <arg choice="opt">-D domain</arg>
++ <arg choice="opt">--dc-info domain</arg>
+ <arg choice="opt">--domain domain</arg>
+ <arg choice="opt">--dsgetdcname domain</arg>
+ <arg choice="opt">-g</arg>
+@@ -142,6 +143,12 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--dc-info <replaceable>domain</replaceable></term>
++ <listitem><para>Displays information about the current domain controller for a domain.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>--domain <replaceable>name</replaceable></term>
+ <listitem><para>This parameter sets the domain on which any specified
+ operations will performed. If special domain name '.' is used to represent
+--
+1.8.3.1
+
+
+From 824c468261a3d61732fea88a5d6cfb9aa5c7ed94 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 16:23:20 +0100
+Subject: [PATCH 14/83] docs: mention --krb5ccname option in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index 2df86ca..4de3c81 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -40,6 +40,7 @@
+ <arg choice="opt">-i user</arg>
+ <arg choice="opt">-I ip</arg>
+ <arg choice="opt">-K user%password</arg>
++ <arg choice="opt">--krb5ccname cctype</arg>
+ <arg choice="opt">--lanman</arg>
+ <arg choice="opt">-m</arg>
+ <arg choice="opt">-n name</arg>
+@@ -246,6 +247,13 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--krb5ccname <replaceable>KRB5CCNAME</replaceable></term>
++ <listitem><para>Allows to request a sepcific kerberos credential
++ cache type used for authentication.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>--lanman</term>
+ <listitem><para>Use lanman cryptography for user authentication.
+ </para></listitem>
+--
+1.8.3.1
+
+
+From fa47e425132f6022cd41118e2c6ac34181adc4a6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 16:29:10 +0100
+Subject: [PATCH 15/83] docs: mention logoff options in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index 4de3c81..cb1812f 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -42,6 +42,9 @@
+ <arg choice="opt">-K user%password</arg>
+ <arg choice="opt">--krb5ccname cctype</arg>
+ <arg choice="opt">--lanman</arg>
++ <arg choice="opt">--logoff</arg>
++ <arg choice="opt">--logoff-uid uid</arg>
++ <arg choice="opt">--logoff-user username</arg>
+ <arg choice="opt">-m</arg>
+ <arg choice="opt">-n name</arg>
+ <arg choice="opt">-N netbios-name</arg>
+@@ -260,6 +263,24 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--logoff</term>
++ <listitem><para>Logoff a user.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--logoff-uid <replaceable>UID</replaceable></term>
++ <listitem><para>Define user uid used during logoff request.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--logoff-user <replaceable>USERNAME</replaceable></term>
++ <listitem><para>Define username used during logoff request.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-m|--trusted-domains</term>
+ <listitem><para>Produce a list of domains trusted by the
+ Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle>
+--
+1.8.3.1
+
+
+From 7c4c66853f4f0fa426d11d01bc4732186501d6ec Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 16:33:19 +0100
+Subject: [PATCH 16/83] docs: mention --lookup-sids in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index cb1812f..a3d4d5f 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -45,6 +45,7 @@
+ <arg choice="opt">--logoff</arg>
+ <arg choice="opt">--logoff-uid uid</arg>
+ <arg choice="opt">--logoff-user username</arg>
++ <arg choice="opt">--lookup-sids</arg>
+ <arg choice="opt">-m</arg>
+ <arg choice="opt">-n name</arg>
+ <arg choice="opt">-N netbios-name</arg>
+@@ -281,6 +282,13 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--lookup-sids <replaceable>SID1,SID2...</replaceable></term>
++ <listitem><para>Looks up SIDs. SIDs must be specified as ASCII strings in the traditional Microsoft
++ format. For example, S-1-5-21-1455342024-3071081365-2475485837-500.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-m|--trusted-domains</term>
+ <listitem><para>Produce a list of domains trusted by the
+ Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle>
+--
+1.8.3.1
+
+
+From 7d41f1c4d30eef9fa20a7741be1cb50e566b40cb Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 16:36:21 +0100
+Subject: [PATCH 17/83] docs: mention --pam-logon in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index a3d4d5f..a091e94 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -54,6 +54,7 @@
+ <arg choice="opt">--own-domain</arg>
+ <arg choice="opt">-p</arg>
+ <arg choice="opt">-P|--ping-dc</arg>
++ <arg choice="opt">--pam-logon user%password</arg>
+ <arg choice="opt">-r user</arg>
+ <arg choice="opt">-R|--lookup-rids</arg>
+ <arg choice="opt">-s sid</arg>
+@@ -343,6 +344,13 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--pam-logon <replaceable>username%password</replaceable></term>
++ <listitem><para>Attempt to authenticate a user in the same way
++ pam_winbind would do.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-p|--ping</term>
+ <listitem><para>Check whether <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> is still alive.
+--
+1.8.3.1
+
+
+From 27d49babb19759e0d3ef93a2290c049e1ba6aaa3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 16:40:56 +0100
+Subject: [PATCH 18/83] docs: mention --remove-gid-mapping/--remove-uid-mapping
+ in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index a091e94..31362ac 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -57,6 +57,8 @@
+ <arg choice="opt">--pam-logon user%password</arg>
+ <arg choice="opt">-r user</arg>
+ <arg choice="opt">-R|--lookup-rids</arg>
++ <arg choice="opt">--remove-gid-mapping gid,sid</arg>
++ <arg choice="opt">--remove-uid-mapping uid,sid</arg>
+ <arg choice="opt">-s sid</arg>
+ <arg choice="opt">--separator</arg>
+ <arg choice="opt">--set-auth-user user%password</arg>
+@@ -383,6 +385,18 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--remove-gid-mapping <replaceable>GID,SID</replaceable></term>
++ <listitem><para>Removes an existing GID to SID mapping from the database.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--remove-uid-mapping <replaceable>UID,SID</replaceable></term>
++ <listitem><para>Removes an existing UID to SID mapping from the database.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-s|--sid-to-name <replaceable>sid</replaceable></term>
+ <listitem><para>Use <parameter>-s</parameter> to resolve
+ a SID to a name. This is the inverse of the <parameter>-n
+--
+1.8.3.1
+
+
+From 80ab6eaa973df8874567306d1488a813801ab39c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 16:42:56 +0100
+Subject: [PATCH 19/83] docs: mention --set-gid-mapping/--set-uid-mapping in
+ wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index 31362ac..3dbcfc1 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -62,6 +62,8 @@
+ <arg choice="opt">-s sid</arg>
+ <arg choice="opt">--separator</arg>
+ <arg choice="opt">--set-auth-user user%password</arg>
++ <arg choice="opt">--set-gid-mapping gid,sid</arg>
++ <arg choice="opt">--set-uid-mapping uid,sid</arg>
+ <arg choice="opt">-S sid</arg>
+ <arg choice="opt">--sid-aliases sid</arg>
+ <arg choice="opt">--sid-to-fullname sid</arg>
+@@ -423,6 +425,18 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--set-gid-mapping <replaceable>GID,SID</replaceable></term>
++ <listitem><para>Create a GID to SID mapping in the database.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--set-uid-mapping <replaceable>UID,SID</replaceable></term>
++ <listitem><para>Create a UID to SID mapping in the database.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-S|--sid-to-uid <replaceable>sid</replaceable></term>
+ <listitem><para>Convert a SID to a UNIX user id. If the SID
+ does not correspond to a UNIX user mapped by <citerefentry>
+--
+1.8.3.1
+
+
+From 87e6b5b7fb22c8cf26ae00a315b3e73987f49d55 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:13:38 +0100
+Subject: [PATCH 20/83] docs: mention --sequence in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index 3dbcfc1..1a871c2 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -61,6 +61,7 @@
+ <arg choice="opt">--remove-uid-mapping uid,sid</arg>
+ <arg choice="opt">-s sid</arg>
+ <arg choice="opt">--separator</arg>
++ <arg choice="opt">--sequence</arg>
+ <arg choice="opt">--set-auth-user user%password</arg>
+ <arg choice="opt">--set-gid-mapping gid,sid</arg>
+ <arg choice="opt">--set-uid-mapping uid,sid</arg>
+@@ -414,6 +415,13 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--sequence</term>
++ <listitem><para>This command has been deprecated. Please use
++ the --online-status option instead.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>--set-auth-user <replaceable>username%password</replaceable></term>
+ <listitem><para>Store username and password used by <citerefentry>
+ <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum>
+--
+1.8.3.1
+
+
+From c55315a3a26ced194e553b5aa8e97f3a41a308ca Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:18:40 +0100
+Subject: [PATCH 21/83] docs: mention --sids-to-unix-ids in wbinfo manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/wbinfo.1.xml | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/docs-xml/manpages/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml
+index 1a871c2..9907dc6 100644
+--- a/docs-xml/manpages/wbinfo.1.xml
++++ b/docs-xml/manpages/wbinfo.1.xml
+@@ -68,6 +68,7 @@
+ <arg choice="opt">-S sid</arg>
+ <arg choice="opt">--sid-aliases sid</arg>
+ <arg choice="opt">--sid-to-fullname sid</arg>
++ <arg choice="opt">--sids-to-unix-ids sidlist</arg>
+ <arg choice="opt">-t</arg>
+ <arg choice="opt">-u</arg>
+ <arg choice="opt">--uid-info uid</arg>
+@@ -466,6 +467,14 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--sids-to-unix-ids <replaceable>sid1,sid2,sid3...</replaceable></term>
++ <listitem><para>Resolve SIDs to Unix IDs.
++ SIDs must be specified as ASCII strings
++ in the traditional Microsoft format. For example,
++ S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-t|--check-secret</term>
+ <listitem><para>Verify that the workstation trust account
+ created when the Samba server is added to the Windows NT
+--
+1.8.3.1
+
+
+From dac78176f3e28a1cbc513bb77a3454570f7de4e1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:23:23 +0100
+Subject: [PATCH 22/83] docs: remove unsupported options from nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index f1ab3e3..7aabfa6 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -23,10 +23,7 @@
+ <arg choice="opt">-D</arg>
+ <arg choice="opt">-F</arg>
+ <arg choice="opt">-S</arg>
+- <arg choice="opt">-a</arg>
+ <arg choice="opt">-i</arg>
+- <arg choice="opt">-o</arg>
+- <arg choice="opt">-h</arg>
+ <arg choice="opt">-V</arg>
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-H <lmhosts file></arg>
+--
+1.8.3.1
+
+
+From 77eae60bd9a6b7e1d5248b5b0984d38a54de9c3e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:25:04 +0100
+Subject: [PATCH 23/83] docs: mention --daemon in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index 7aabfa6..cc5f83d 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -20,7 +20,7 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>nmbd</command>
+- <arg choice="opt">-D</arg>
++ <arg choice="opt">-D|--daemon</arg>
+ <arg choice="opt">-F</arg>
+ <arg choice="opt">-S</arg>
+ <arg choice="opt">-i</arg>
+@@ -78,7 +78,7 @@
+
+ <variablelist>
+ <varlistentry>
+- <term>-D</term>
++ <term>-D|--daemon</term>
+ <listitem><para>If specified, this parameter causes
+ <command>nmbd</command> to operate as a daemon. That is,
+ it detaches itself and runs in the background, fielding
+--
+1.8.3.1
+
+
+From 28758deda94f28bd0bd188f8277807b8d2ccf829 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:25:52 +0100
+Subject: [PATCH 24/83] docs: mention --foreground in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index cc5f83d..9f607ab 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -21,7 +21,7 @@
+ <cmdsynopsis>
+ <command>nmbd</command>
+ <arg choice="opt">-D|--daemon</arg>
+- <arg choice="opt">-F</arg>
++ <arg choice="opt">-F|--foreground</arg>
+ <arg choice="opt">-S</arg>
+ <arg choice="opt">-i</arg>
+ <arg choice="opt">-V</arg>
+@@ -90,7 +90,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-F</term>
++ <term>-F|--foreground</term>
+ <listitem><para>If specified, this parameter causes
+ the main <command>nmbd</command> process to not daemonize,
+ i.e. double-fork and disassociate with the terminal.
+--
+1.8.3.1
+
+
+From fd8d8b95f8b5b21b4e46836dc6becef480737dc2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:27:28 +0100
+Subject: [PATCH 25/83] docs: mention --hosts in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index 9f607ab..283ebc2 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -26,7 +26,7 @@
+ <arg choice="opt">-i</arg>
+ <arg choice="opt">-V</arg>
+ <arg choice="opt">-d <debug level></arg>
+- <arg choice="opt">-H <lmhosts file></arg>
++ <arg choice="opt">-H|--hosts <lmhosts file></arg>
+ <arg choice="opt">-l <log directory></arg>
+ <arg choice="opt">-p <port number></arg>
+ <arg choice="opt">-s <configuration file></arg>
+@@ -125,7 +125,7 @@
+ &stdarg.help;
+
+ <varlistentry>
+- <term>-H <filename></term>
++ <term>-H|--hosts <filename></term>
+ <listitem><para>NetBIOS lmhosts file. The lmhosts
+ file is a list of NetBIOS names to IP addresses that
+ is loaded by the nmbd server and used via the name
+--
+1.8.3.1
+
+
+From ea99d8a256df7faaedc5b8903fe183f4dcbde296 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:28:15 +0100
+Subject: [PATCH 26/83] docs: mention --interactive in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index 283ebc2..62f3380 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -23,7 +23,7 @@
+ <arg choice="opt">-D|--daemon</arg>
+ <arg choice="opt">-F|--foreground</arg>
+ <arg choice="opt">-S</arg>
+- <arg choice="opt">-i</arg>
++ <arg choice="opt">-i|--interactive</arg>
+ <arg choice="opt">-V</arg>
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-H|--hosts <lmhosts file></arg>
+@@ -112,7 +112,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-i</term>
++ <term>-i|--interactive</term>
+ <listitem><para>If this parameter is specified it causes the
+ server to run "interactively", not as a daemon, even if the
+ server is executed on the command line of a shell. Setting this
+--
+1.8.3.1
+
+
+From a624426d86cf2da69ba2e03506b5f252d32adb11 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:29:37 +0100
+Subject: [PATCH 27/83] docs: mention --log-stdout in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index 62f3380..715796d 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -22,7 +22,7 @@
+ <command>nmbd</command>
+ <arg choice="opt">-D|--daemon</arg>
+ <arg choice="opt">-F|--foreground</arg>
+- <arg choice="opt">-S</arg>
++ <arg choice="opt">-S|--log-stdout</arg>
+ <arg choice="opt">-i|--interactive</arg>
+ <arg choice="opt">-V</arg>
+ <arg choice="opt">-d <debug level></arg>
+@@ -105,7 +105,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-S</term>
++ <term>-S|--log-stdout</term>
+ <listitem><para>If specified, this parameter causes
+ <command>nmbd</command> to log to standard output rather
+ than a file.</para></listitem>
+--
+1.8.3.1
+
+
+From 548d9daeffc83191ea1e6ea51ce63aacffe98c41 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:31:10 +0100
+Subject: [PATCH 28/83] docs: mention --no-process-group in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index 715796d..8540a09 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -30,6 +30,7 @@
+ <arg choice="opt">-l <log directory></arg>
+ <arg choice="opt">-p <port number></arg>
+ <arg choice="opt">-s <configuration file></arg>
++ <arg choice="opt">--no-process-group</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -157,6 +158,12 @@
+ won't need help!</para></listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term>--no-process-group</term>
++ <listitem><para>Do not create a new process group for nmbd.
++ </para></listitem>
++ </varlistentry>
++
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From d6a07717a7f2febdd4591fc0c3c1fe8b719963e9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:31:50 +0100
+Subject: [PATCH 29/83] docs: mention --port in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index 8540a09..b7ead70 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -28,7 +28,7 @@
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-H|--hosts <lmhosts file></arg>
+ <arg choice="opt">-l <log directory></arg>
+- <arg choice="opt">-p <port number></arg>
++ <arg choice="opt">-p|--port <port number></arg>
+ <arg choice="opt">-s <configuration file></arg>
+ <arg choice="opt">--no-process-group</arg>
+ </cmdsynopsis>
+@@ -150,7 +150,7 @@
+ &popt.common.samba;
+
+ <varlistentry>
+- <term>-p <UDP port number></term>
++ <term>-p|--port <UDP port number></term>
+ <listitem><para>UDP port number is a positive integer value.
+ This option changes the default UDP port number (normally 137)
+ that <command>nmbd</command> responds to name queries on. Don't
+--
+1.8.3.1
+
+
+From 792ff0029c790fe8b225134b19d320e8392c5895 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:37:05 +0100
+Subject: [PATCH 30/83] docs: remove unsupported options from smbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbd.8.xml | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/docs-xml/manpages/smbd.8.xml b/docs-xml/manpages/smbd.8.xml
+index 0d0c387..cc6e400 100644
+--- a/docs-xml/manpages/smbd.8.xml
++++ b/docs-xml/manpages/smbd.8.xml
+@@ -23,14 +23,12 @@
+ <arg choice="opt">-F</arg>
+ <arg choice="opt">-S</arg>
+ <arg choice="opt">-i</arg>
+- <arg choice="opt">-h</arg>
+ <arg choice="opt">-V</arg>
+ <arg choice="opt">-b</arg>
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-l <log directory></arg>
+ <arg choice="opt">-p <port number(s)></arg>
+ <arg choice="opt">-P <profiling level></arg>
+- <arg choice="opt">-O <socket option></arg>
+ <arg choice="opt">-s <configuration file></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+--
+1.8.3.1
+
+
+From ad46b6689d999651732894968e5e49d045591203 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Thu, 14 Nov 2013 17:49:58 +0100
+Subject: [PATCH 31/83] docs: mention many more options in smbd options.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbd.8.xml | 29 ++++++++++++++++++-----------
+ 1 file changed, 18 insertions(+), 11 deletions(-)
+
+diff --git a/docs-xml/manpages/smbd.8.xml b/docs-xml/manpages/smbd.8.xml
+index cc6e400..d73f1db 100644
+--- a/docs-xml/manpages/smbd.8.xml
++++ b/docs-xml/manpages/smbd.8.xml
+@@ -19,17 +19,18 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>smbd</command>
+- <arg choice="opt">-D</arg>
+- <arg choice="opt">-F</arg>
+- <arg choice="opt">-S</arg>
+- <arg choice="opt">-i</arg>
++ <arg choice="opt">-D|--daemon</arg>
++ <arg choice="opt">-F|--foreground</arg>
++ <arg choice="opt">-S|--log-stdout</arg>
++ <arg choice="opt">-i|--interactive</arg>
+ <arg choice="opt">-V</arg>
+- <arg choice="opt">-b</arg>
++ <arg choice="opt">-b|--build-options</arg>
+ <arg choice="opt">-d <debug level></arg>
+- <arg choice="opt">-l <log directory></arg>
++ <arg choice="opt">-l|--log-basename <log directory></arg>
+ <arg choice="opt">-p <port number(s)></arg>
+ <arg choice="opt">-P <profiling level></arg>
+ <arg choice="opt">-s <configuration file></arg>
++ <arg choice="opt">--no-process-group</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -79,7 +80,7 @@
+
+ <variablelist>
+ <varlistentry>
+- <term>-D</term>
++ <term>-D|--daemon</term>
+ <listitem><para>If specified, this parameter causes
+ the server to operate as a daemon. That is, it detaches
+ itself and runs in the background, fielding requests
+@@ -92,7 +93,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-F</term>
++ <term>-F|--foreground</term>
+ <listitem><para>If specified, this parameter causes
+ the main <command>smbd</command> process to not daemonize,
+ i.e. double-fork and disassociate with the terminal.
+@@ -107,14 +108,14 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-S</term>
++ <term>-S|--log-stdout</term>
+ <listitem><para>If specified, this parameter causes
+ <command>smbd</command> to log to standard output rather
+ than a file.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+- <term>-i</term>
++ <term>-i|--interactive</term>
+ <listitem><para>If this parameter is specified it causes the
+ server to run "interactively", not as a daemon, even if the
+ server is executed on the command line of a shell. Setting this
+@@ -130,7 +131,13 @@
+ &stdarg.help;
+
+ <varlistentry>
+- <term>-b</term>
++ <term>--no-process-group</term>
++ <listitem><para>Do not create a new process group for smbd.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-b|--build-options</term>
+ <listitem><para>Prints information about how
+ Samba was built.</para></listitem>
+ </varlistentry>
+--
+1.8.3.1
+
+
+From 7c473ac293a44896181d9d2619b922815433c77d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 12:07:48 +0100
+Subject: [PATCH 32/83] docs: mention --numeric in smbstatus manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbstatus.1.xml | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/docs-xml/manpages/smbstatus.1.xml b/docs-xml/manpages/smbstatus.1.xml
+index b0d07d2..126d0b2 100644
+--- a/docs-xml/manpages/smbstatus.1.xml
++++ b/docs-xml/manpages/smbstatus.1.xml
+@@ -31,6 +31,7 @@
+ <arg choice="opt">-f</arg>
+ <arg choice="opt">-s <configuration file></arg>
+ <arg choice="opt">-u <username></arg>
++ <arg choice="opt">-n|--numeric</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -121,6 +122,13 @@
+ </listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term>-n|--numeric</term>
++ <listitem><para>causes smbstatus to display numeric UIDs and GIDs instead of
++ resolving them to names.</para>
++ </listitem>
++ </varlistentry>
++
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 5f606e7e9ccd11949ae78a0a44f47be578116f89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 12:11:21 +0100
+Subject: [PATCH 33/83] docs: mention -R|--profile-rates in smbstatus manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbstatus.1.xml | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/smbstatus.1.xml b/docs-xml/manpages/smbstatus.1.xml
+index 126d0b2..d4213b6 100644
+--- a/docs-xml/manpages/smbstatus.1.xml
++++ b/docs-xml/manpages/smbstatus.1.xml
+@@ -32,6 +32,7 @@
+ <arg choice="opt">-s <configuration file></arg>
+ <arg choice="opt">-u <username></arg>
+ <arg choice="opt">-n|--numeric</arg>
++ <arg choice="opt">-R|--profile-rates</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -51,12 +52,19 @@
+ <variablelist>
+ <varlistentry>
+ <term>-P|--profile</term>
+- <listitem><para>If samba has been compiled with the
+- profiling option, print only the contents of the profiling
++ <listitem><para>If samba has been compiled with the
++ profiling option, print only the contents of the profiling
+ shared memory area.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
++ <term>-R|--profile-rates</term>
++ <listitem><para>If samba has been compiled with the
++ profiling option, print the contents of the profiling
++ shared memory area and the call rates.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>-b|--brief</term>
+ <listitem><para>gives brief output.</para></listitem>
+ </varlistentry>
+--
+1.8.3.1
+
+
+From 9dcbc77f5a79d148a7346c361ad2790ab8a40555 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 12:57:06 +0100
+Subject: [PATCH 34/83] docs: mention -S|--setsddl in sharesec manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/sharesec.1.xml | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml
+index e83e6b3..8f29cba 100644
+--- a/docs-xml/manpages/sharesec.1.xml
++++ b/docs-xml/manpages/sharesec.1.xml
+@@ -35,6 +35,7 @@
+ <arg choice="opt">-V, --version</arg>
+ <arg choice="opt">-?, --help</arg>
+ <arg choice="opt">--usage</arg>
++ <arg choice="opt">-S, --setsddl=STRING</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -113,6 +114,13 @@
+ </para></listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term>-S|--setsddl=STRING</term>
++ <listitem><para>
++ Set security descriptor by providing ACL in SDDL format.
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.help;
+ &stdarg.server.debug;
+ &popt.common.samba;
+--
+1.8.3.1
+
+
+From d692389ea57724bd71caadb62e0231993188d34f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 12:59:49 +0100
+Subject: [PATCH 35/83] docs: mention -V|--viewsddl in sharesec manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/sharesec.1.xml | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml
+index 8f29cba..f73fba2 100644
+--- a/docs-xml/manpages/sharesec.1.xml
++++ b/docs-xml/manpages/sharesec.1.xml
+@@ -32,10 +32,11 @@
+ <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg>
+ <arg choice="opt">-s, --configfile=CONFIGFILE</arg>
+ <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg>
+- <arg choice="opt">-V, --version</arg>
++ <arg choice="opt">--version</arg>
+ <arg choice="opt">-?, --help</arg>
+ <arg choice="opt">--usage</arg>
+ <arg choice="opt">-S, --setsddl=STRING</arg>
++ <arg choice="opt">-V, --viewsddl</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -121,6 +122,13 @@
+ </para></listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term>-V|--viewsddl</term>
++ <listitem><para>
++ List a share acl in SDDL format.
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.help;
+ &stdarg.server.debug;
+ &popt.common.samba;
+--
+1.8.3.1
+
+
+From ffe94e363375aa47cd72d715309f6568067482fe Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 13:03:20 +0100
+Subject: [PATCH 36/83] docs: mention -p in dbwrap-tool manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/dbwrap_tool.1.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml
+index 07d42be..b8280ac 100644
+--- a/docs-xml/manpages/dbwrap_tool.1.xml
++++ b/docs-xml/manpages/dbwrap_tool.1.xml
+@@ -19,7 +19,7 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>dbwrap_tool</command>
+- <arg choice="opt">--persistent</arg>
++ <arg choice="opt">-p|--persistent</arg>
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-s <config file></arg>
+ <arg choice="opt">-l <log file base></arg>
+@@ -70,7 +70,7 @@
+
+ <variablelist>
+ <varlistentry>
+- <term>--persistent</term>
++ <term>-p|--persistent</term>
+ <listitem><para>Open the database as a persistent database.
+ If this option is not specified, the database is opened as
+ non-persistent.
+--
+1.8.3.1
+
+
+From 22fcc536a568283b0d2c8b1772399fef7bc63406 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 15:15:41 +0100
+Subject: [PATCH 37/83] docs: bring samba entity popt.common.credentials in
+ line with popt_common_credentials.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This adds documentation of the following parameters to all manpages of binaries that
+actually use popt_common_credentials:
+
+-S|--signing
+-e|--encrypt
+-P|--machinepass
+--pw-nt-hash
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/build/DTD/samba.entities | 35 +++++++++++++++++++++++++++++++++++
+ 1 file changed, 35 insertions(+)
+
+diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities
+index c9c6744..8ddae70 100644
+--- a/docs-xml/build/DTD/samba.entities
++++ b/docs-xml/build/DTD/samba.entities
+@@ -464,6 +464,37 @@ Try to use the credentials cached by winbind.
+ </varlistentry>
+ '>
+
++<!ENTITY stdarg.signing '
++<varlistentry>
++<term>-S|--signing on|off|required</term>
++<listitem><para>Set the client signing state.
++</para></listitem>
++</varlistentry>
++'>
++
++<!ENTITY stdarg.machinepass '
++<varlistentry>
++<term>-P|--machine-pass</term>
++<listitem><para>Use stored machine account password.
++</para></listitem>
++</varlistentry>
++'>
++
++<!ENTITY stdarg.encrypt '
++<varlistentry>
++<term>-e|--encrypt</term>
++<listitem><para>Encrypt SMB transport (UNIX extended servers only).
++</para></listitem>
++</varlistentry>
++'>
++
++<!ENTITY stdarg.pwnthash '
++<varlistentry>
++<term>--pw-nt-hash</term>
++<listitem><para>The supplied password is the NT hash.
++</para></listitem>
++</varlistentry>
++'>
+
+ <!ENTITY stdarg.help '
+ <varlistentry>
+@@ -478,6 +509,10 @@ Try to use the credentials cached by winbind.
+ &stdarg.useccache;
+ &stdarg.authfile;
+ &stdarg.username;
++&stdarg.signing;
++&stdarg.machinepass;
++&stdarg.encrypt;
++&stdarg.pwnthash;
+ '>
+
+ <!-- Entities for the various programs -->
+--
+1.8.3.1
+
+
+From 7173604e9e20ee4826622f8f1dd3e3194ee3588f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 16:06:36 +0100
+Subject: [PATCH 38/83] docs: remove now duplicate mention for 4 credential
+ options in samba-regedit manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/samba-regedit.8.xml | 18 ------------------
+ 1 file changed, 18 deletions(-)
+
+diff --git a/docs-xml/manpages/samba-regedit.8.xml b/docs-xml/manpages/samba-regedit.8.xml
+index e7ec761..c40b2ec 100644
+--- a/docs-xml/manpages/samba-regedit.8.xml
++++ b/docs-xml/manpages/samba-regedit.8.xml
+@@ -70,25 +70,7 @@
+ <listitem><para>Set smb.conf option from command line.</para></listitem>
+ </varlistentry>
+ &popt.common.connection;
+- <varlistentry>
+- <term>-S|--signing</term>
+- <listitem><para>Set the client signing state.</para></listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>-P|--machine-pass</term>
+- <listitem><para>Use stored machine account password.</para></listitem>
+- </varlistentry>
+ &popt.common.credentials;
+- <varlistentry>
+- <term>-e|--encrypt</term>
+- <listitem><para>Encrypt SMB transport (UNIX extended servers only).</para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>--pw-nt-hash</term>
+- <listitem><para>The supplied password is the NT hash.</para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 8a4d846f1dca6ecbc7d9411f3e26d79a8622e5c4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 16:07:41 +0100
+Subject: [PATCH 39/83] docs: add missing &popt.common.samba entity to
+ smbcontrol manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcontrol.1.xml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/docs-xml/manpages/smbcontrol.1.xml b/docs-xml/manpages/smbcontrol.1.xml
+index e2c7939..be8dd0f 100644
+--- a/docs-xml/manpages/smbcontrol.1.xml
++++ b/docs-xml/manpages/smbcontrol.1.xml
+@@ -51,6 +51,7 @@
+ <variablelist>
+ &stdarg.help;
+ &stdarg.configfile;
++ &popt.common.samba;
+ <varlistentry>
+ <term>-i</term>
+ <listitem><para>Run interactively. Individual commands
+--
+1.8.3.1
+
+
+From 23516cfbdde6d38fc710fd3a47fdc155e657dc47 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 16:08:10 +0100
+Subject: [PATCH 40/83] docs: add missing &popt.common.connection entity to
+ smbcacls manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcacls.1.xml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
+index 7770fa2..e504dd7 100644
+--- a/docs-xml/manpages/smbcacls.1.xml
++++ b/docs-xml/manpages/smbcacls.1.xml
+@@ -178,6 +178,7 @@
+ &stdarg.server.debug;
+ &popt.common.samba;
+ &popt.common.credentials;
++ &popt.common.connection;
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 743e9a847e1014e2722c650f94d99fa277d7fa9a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 16:40:36 +0100
+Subject: [PATCH 41/83] docs: remove more duplicate options from samba-regedit
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/samba-regedit.8.xml | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+diff --git a/docs-xml/manpages/samba-regedit.8.xml b/docs-xml/manpages/samba-regedit.8.xml
+index c40b2ec..acf8c53 100644
+--- a/docs-xml/manpages/samba-regedit.8.xml
++++ b/docs-xml/manpages/samba-regedit.8.xml
+@@ -56,19 +56,12 @@
+ <title>OPTIONS</title>
+ <variablelist>
+ &stdarg.help;
++ &stdarg.client.debug;
+ <varlistentry>
+ <term>--usage</term>
+ <listitem><para>Display brief usage message.</para></listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>-d|--debuglevel=<debuglevel></term>
+- <listitem><para>Set debug level.</para></listitem>
+- </varlistentry>
+ &popt.common.samba;
+- <varlistentry>
+- <term>--option=<parameter>=<value></term>
+- <listitem><para>Set smb.conf option from command line.</para></listitem>
+- </varlistentry>
+ &popt.common.connection;
+ &popt.common.credentials;
+ </variablelist>
+--
+1.8.3.1
+
+
+From deacd68cce662d0780eaa255fd51fc4f5f5ee629 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 15 Nov 2013 16:57:52 +0100
+Subject: [PATCH 42/83] docs: add new popt.autohelp entity.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/build/DTD/samba.entities | 28 +++++++++++++++++++++-------
+ 1 file changed, 21 insertions(+), 7 deletions(-)
+
+diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities
+index 8ddae70..cb683d1 100644
+--- a/docs-xml/build/DTD/samba.entities
++++ b/docs-xml/build/DTD/samba.entities
+@@ -496,13 +496,6 @@ Try to use the credentials cached by winbind.
+ </varlistentry>
+ '>
+
+-<!ENTITY stdarg.help '
+-<varlistentry>
+-<term>-?|--help</term>
+-<listitem><para>Print a summary of command line options.
+-</para></listitem>
+-</varlistentry>'>
+-
+ <!ENTITY popt.common.credentials '
+ &stdarg.nopass;
+ &stdarg.kerberos;
+@@ -515,6 +508,27 @@ Try to use the credentials cached by winbind.
+ &stdarg.pwnthash;
+ '>
+
++<!ENTITY stdarg.help '
++<varlistentry>
++<term>-?|--help</term>
++<listitem><para>Print a summary of command line options.
++</para></listitem>
++</varlistentry>
++'>
++
++<!ENTITY stdarg.usage '
++<varlistentry>
++<term>--usage</term>
++<listitem><para>Display brief usage message.
++</para></listitem>
++</varlistentry>
++'>
++
++<!ENTITY popt.autohelp '
++&stdarg.help;
++&stdarg.usage;
++'>
++
+ <!-- Entities for the various programs -->
+ <!ENTITY OL '<application>OpenLDAP</application>'>
+ <!ENTITY smbd '<application>smbd</application>'>
+--
+1.8.3.1
+
+
+From c71fd4a9f49bf5cf2cef7874789e95b0603bbaa4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 11:40:35 +0100
+Subject: [PATCH 43/83] docs: mention --change-sid|--new-sid in profiles
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/profiles.1.xml | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/profiles.1.xml b/docs-xml/manpages/profiles.1.xml
+index 311c8ff..83358a8 100644
+--- a/docs-xml/manpages/profiles.1.xml
++++ b/docs-xml/manpages/profiles.1.xml
+@@ -21,8 +21,8 @@
+ <cmdsynopsis>
+ <command>profiles</command>
+ <arg choice="opt">-v</arg>
+- <arg choice="opt">-c SID</arg>
+- <arg choice="opt">-n SID</arg>
++ <arg choice="opt">-c|--change-sid SID</arg>
++ <arg choice="opt">-n|--new-sid SID</arg>
+ <arg choice="req">file</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+@@ -58,6 +58,7 @@
+
+ <varlistentry>
+ <term>-c SID1 -n SID2</term>
++ <term>--change-sid SID1 --new-sid SID2</term>
+ <listitem><para>Change all occurrences of SID1 in <filename>file</filename> by SID2.
+ </para></listitem>
+ </varlistentry>
+--
+1.8.3.1
+
+
+From ca6776d341a5e98b30a9c544c91e89ad062291b3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 11:41:00 +0100
+Subject: [PATCH 44/83] docs: use popt.samba.common entity in profiles manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/profiles.1.xml | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/profiles.1.xml b/docs-xml/manpages/profiles.1.xml
+index 83358a8..c448eb5 100644
+--- a/docs-xml/manpages/profiles.1.xml
++++ b/docs-xml/manpages/profiles.1.xml
+@@ -63,8 +63,9 @@
+ </para></listitem>
+ </varlistentry>
+
+- &stdarg.help;
+-
++ &popt.common.samba.client;
++ &popt.autohelp;
++
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 1e4fb44c97eddb28aad903ddbfe0f05229f5802e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 11:44:28 +0100
+Subject: [PATCH 45/83] docs: use popt.autohelp in smbtree manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbtree.1.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/smbtree.1.xml b/docs-xml/manpages/smbtree.1.xml
+index b99c4b1..5e9b639 100644
+--- a/docs-xml/manpages/smbtree.1.xml
++++ b/docs-xml/manpages/smbtree.1.xml
+@@ -70,7 +70,7 @@
+ &stdarg.server.debug;
+ &popt.common.samba;
+ &popt.common.credentials;
+- &stdarg.help;
++ &popt.autohelp;
+
+ </variablelist>
+ </refsect1>
+--
+1.8.3.1
+
+
+From def43ad250168790fe3db868c0f688ff04f0fefa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 11:51:55 +0100
+Subject: [PATCH 46/83] docs: mention --update and --encrypt in smbget manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbget.1.xml | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/docs-xml/manpages/smbget.1.xml b/docs-xml/manpages/smbget.1.xml
+index b805b4c..a277712 100644
+--- a/docs-xml/manpages/smbget.1.xml
++++ b/docs-xml/manpages/smbget.1.xml
+@@ -35,6 +35,7 @@
+ <arg choice="opt">-v, --verbose</arg>
+ <arg choice="opt">-b, --blocksize</arg>
+ <arg choice="opt">-O, --stdout</arg>
++ <arg choice="opt">-U, --update</arg>
+ <arg choice="opt">-?, --help</arg>
+ <arg choice="opt">--usage</arg>
+ <arg choice="req">smb://host/share/path/to/file</arg>
+@@ -150,6 +151,14 @@
+ <term>--usage</term>
+ <listitem><para>Display brief usage message</para></listitem>
+ </varlistentry>
++
++ <varlistentry>
++ <term>-U, --update</term>
++ <listitem><para>Download only when remote file is newer than local file or local file is missing.</para></listitem>
++ </varlistentry>
++
++ &stdarg.encrypt;
++
+ </refsect1>
+
+ <refsect1>
+--
+1.8.3.1
+
+
+From 51fa7800d3b9f84b962d396270391a8cfd4d5a84 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 11:59:54 +0100
+Subject: [PATCH 47/83] docs: mention more long option names in smbcquotas
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcquotas.1.xml | 32 +++++++++++++++++---------------
+ 1 file changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/docs-xml/manpages/smbcquotas.1.xml b/docs-xml/manpages/smbcquotas.1.xml
+index 23328b4..8c76939 100644
+--- a/docs-xml/manpages/smbcquotas.1.xml
++++ b/docs-xml/manpages/smbcquotas.1.xml
+@@ -20,13 +20,13 @@
+ <cmdsynopsis>
+ <command>smbcquotas</command>
+ <arg choice="req">//server/share</arg>
+- <arg choice="opt">-u user</arg>
+- <arg choice="opt">-L</arg>
+- <arg choice="opt">-F</arg>
+- <arg choice="opt">-S QUOTA_SET_COMMAND</arg>
+- <arg choice="opt">-n</arg>
+- <arg choice="opt">-t</arg>
+- <arg choice="opt">-v</arg>
++ <arg choice="opt">-u|--user user</arg>
++ <arg choice="opt">-L|--list</arg>
++ <arg choice="opt">-F|--fs</arg>
++ <arg choice="opt">-S|--set QUOTA_SET_COMMAND</arg>
++ <arg choice="opt">-n|--numeric</arg>
++ <arg choice="opt">-t|--test-args</arg>
++ <arg choice="opt">-v|--verbose</arg>
+
+ <arg choice="opt">-d debuglevel</arg>
+ <arg choice="opt">-s configfile</arg>
+@@ -60,7 +60,7 @@
+
+ <variablelist>
+ <varlistentry>
+- <term>-u user</term>
++ <term>-u|--user user</term>
+ <listitem><para> Specifies the user of whom the quotas are get or set.
+ By default the current user's username will be used.</para></listitem>
+ </varlistentry>
+@@ -68,51 +68,53 @@
+
+
+ <varlistentry>
+- <term>-L</term>
++ <term>-L|--list</term>
+ <listitem><para>Lists all quota records of the share.</para></listitem>
+ </varlistentry>
+
+
+
+ <varlistentry>
+- <term>-F</term>
++ <term>-F|--fs</term>
+ <listitem><para>Show the share quota status and default limits.</para></listitem>
+ </varlistentry>
+
+
+
+ <varlistentry>
+- <term>-S QUOTA_SET_COMMAND</term>
++ <term>-S|--set QUOTA_SET_COMMAND</term>
+ <listitem><para>This command sets/modifies quotas for a user or on the share,
+ depending on the QUOTA_SET_COMMAND parameter which is described later.</para></listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+- <term>-n</term>
++ <term>-n|--numeric</term>
+ <listitem><para>This option displays all QUOTA information in numeric
+ format. The default is to convert SIDs to names and QUOTA limits
+ to a readable string format.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+- <term>-t</term>
++ <term>-t|--test-args</term>
+ <listitem><para>
+ Don't actually do anything, only validate the correctness of the arguments.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+- <term>-v</term>
++ <term>-v|--verbose</term>
+ <listitem><para>
+ Be verbose.
+ </para></listitem>
+ </varlistentry>
+
+- &stdarg.help;
++
+ &stdarg.server.debug;
+ &popt.common.samba;
+ &popt.common.credentials;
++ &popt.autohelp;
++
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 0a7eff9cd77516368a1b1b7578bed64c3768b0da Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:10:29 +0100
+Subject: [PATCH 48/83] docs: mention -B|--browse to smbclient manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbclient.1.xml | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml
+index b9e55e9..d5a7068 100644
+--- a/docs-xml/manpages/smbclient.1.xml
++++ b/docs-xml/manpages/smbclient.1.xml
+@@ -343,7 +343,13 @@
+ cannot be negotiated.
+ </para></listitem>
+ </varlistentry>
+-
++
++ <varlistentry>
++ <term>-B|--browse</term>
++ <listitem><para>Browse SMB servers using DNS.</para>
++ </listitem>
++ </varlistentry>
++
+ &stdarg.client.debug;
+ &popt.common.samba;
+ &popt.common.credentials;
+--
+1.8.3.1
+
+
+From 5cab201a16663e9d91e4501124d6aeeaaa71e189 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:12:23 +0100
+Subject: [PATCH 49/83] docs: better document -e|--encrypt option globally.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is taken from smbclient manpage.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/build/DTD/samba.entities | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/docs-xml/build/DTD/samba.entities b/docs-xml/build/DTD/samba.entities
+index cb683d1..1e852ec 100644
+--- a/docs-xml/build/DTD/samba.entities
++++ b/docs-xml/build/DTD/samba.entities
+@@ -483,7 +483,14 @@ Try to use the credentials cached by winbind.
+ <!ENTITY stdarg.encrypt '
+ <varlistentry>
+ <term>-e|--encrypt</term>
+-<listitem><para>Encrypt SMB transport (UNIX extended servers only).
++<listitem><para>
++This command line parameter requires the remote
++server support the UNIX extensions or that the SMB3 protocol has been selected.
++Requests that the connection be encrypted. Negotiates SMB encryption using either
++SMB3 or POSIX extensions via GSSAPI. Uses the given credentials for
++the encryption negotiation (either kerberos or NTLMv1/v2 if given
++domain/username/password triple. Fails the connection if encryption
++cannot be negotiated.
+ </para></listitem>
+ </varlistentry>
+ '>
+--
+1.8.3.1
+
+
+From a2899b157f6096fd48e0c9a16a8cb7c848736ea4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:16:00 +0100
+Subject: [PATCH 50/83] docs: use popt.autohelp and remove duplicate -e option
+ from smbclient manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbclient.1.xml | 16 +---------------
+ 1 file changed, 1 insertion(+), 15 deletions(-)
+
+diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml
+index d5a7068..b4f7896 100644
+--- a/docs-xml/manpages/smbclient.1.xml
++++ b/docs-xml/manpages/smbclient.1.xml
+@@ -276,8 +276,6 @@
+ </para></listitem>
+ </varlistentry>
+
+- &stdarg.help;
+-
+ <varlistentry>
+ <term>-I|--ip-address IP-address</term>
+ <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
+@@ -332,19 +330,6 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-e|--encrypt</term>
+- <listitem><para>
+- This command line parameter requires the remote
+- server support the UNIX extensions or that the SMB3 protocol has been selected.
+- Requests that the connection be encrypted. Negotiates SMB encryption using either
+- SMB3 or POSIX extensions via GSSAPI. Uses the given credentials for
+- the encryption negotiation (either kerberos or NTLMv1/v2 if given
+- domain/username/password triple. Fails the connection if encryption
+- cannot be negotiated.
+- </para></listitem>
+- </varlistentry>
+-
+- <varlistentry>
+ <term>-B|--browse</term>
+ <listitem><para>Browse SMB servers using DNS.</para>
+ </listitem>
+@@ -354,6 +339,7 @@
+ &popt.common.samba;
+ &popt.common.credentials;
+ &popt.common.connection;
++ &popt.autohelp;
+
+ <varlistentry>
+ <term>-t|--timeout <timeout-seconds></term>
+--
+1.8.3.1
+
+
+From 26da51a94ea329aa78e2d69fc8190954e61e0b26 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:17:36 +0100
+Subject: [PATCH 51/83] docs: remove unsupported -h option from smbcacls
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcacls.1.xml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
+index e504dd7..71e3f50 100644
+--- a/docs-xml/manpages/smbcacls.1.xml
++++ b/docs-xml/manpages/smbcacls.1.xml
+@@ -31,7 +31,6 @@
+ <arg choice="opt">--numeric</arg>
+ <arg choice="opt">-t</arg>
+ <arg choice="opt">-U username</arg>
+- <arg choice="opt">-h</arg>
+ <arg choice="opt">-d</arg>
+ <arg choice="opt">-e</arg>
+ <arg choice="opt">-m|--max-protocol LEVEL</arg>
+--
+1.8.3.1
+
+
+From 559073e711cad5f895707385cc355440e21513d5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:18:34 +0100
+Subject: [PATCH 52/83] docs: use popt.autohelp entity in smbcacls manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcacls.1.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
+index 71e3f50..3c00363 100644
+--- a/docs-xml/manpages/smbcacls.1.xml
++++ b/docs-xml/manpages/smbcacls.1.xml
+@@ -173,11 +173,11 @@
+ </para></listitem>
+ </varlistentry>
+
+- &stdarg.help;
+ &stdarg.server.debug;
+ &popt.common.samba;
+ &popt.common.credentials;
+ &popt.common.connection;
++ &popt.autohelp;
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 019deb1e1acedb6ec522baad85592c17f2f78268 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:21:24 +0100
+Subject: [PATCH 53/83] docs: remove duplicate -e option from smbcacls manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcacls.1.xml | 12 ------------
+ 1 file changed, 12 deletions(-)
+
+diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
+index 3c00363..0b8fe94 100644
+--- a/docs-xml/manpages/smbcacls.1.xml
++++ b/docs-xml/manpages/smbcacls.1.xml
+@@ -141,18 +141,6 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-e</term>
+- <listitem><para>This command line parameter requires the remote
+- server support the UNIX extensions or that the SMB3 protocol has been selected.
+- Requests that the connection be encrypted. Negotiates SMB encryption using either
+- SMB3 or POSIX extensions via GSSAPI. Uses the given credentials for
+- the encryption negotiation (either kerberos or NTLMv1/v2 if given
+- domain/username/password triple. Fails the connection if encryption
+- cannot be negotiated.
+- </para></listitem>
+- </varlistentry>
+-
+- <varlistentry>
+ <term>-m|--max-protocol PROTOCOL_NAME</term>
+ <listitem><para>This allows the user to select the
+ highest SMB protocol level that smbcacls will use to
+--
+1.8.3.1
+
+
+From c7a4feaaf1236dce8de546b5019058efba047e31 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:25:12 +0100
+Subject: [PATCH 54/83] docs: mention --query-security-info|--set-security-info
+ in smbcacls manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcacls.1.xml | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
+index 0b8fe94..33b8dbd 100644
+--- a/docs-xml/manpages/smbcacls.1.xml
++++ b/docs-xml/manpages/smbcacls.1.xml
+@@ -34,6 +34,8 @@
+ <arg choice="opt">-d</arg>
+ <arg choice="opt">-e</arg>
+ <arg choice="opt">-m|--max-protocol LEVEL</arg>
++ <arg choice="opt">--query-security-info FLAGS</arg>
++ <arg choice="opt">--set-security-info FLAGS</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -160,7 +162,19 @@
+ the arguments.
+ </para></listitem>
+ </varlistentry>
+-
++
++ <varlistentry>
++ <term>--query-security-info FLAGS</term>
++ <listitem><para>The security-info flags for queries.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--set-security-info FLAGS</term>
++ <listitem><para>The security-info flags for queries.
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.server.debug;
+ &popt.common.samba;
+ &popt.common.credentials;
+--
+1.8.3.1
+
+
+From 94b26e6d7b22396ad220ddd1ed359376fc151458 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:35:16 +0100
+Subject: [PATCH 55/83] docs: mention --sddl and --domain-sid in smbcacls
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcacls.1.xml | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/docs-xml/manpages/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml
+index 33b8dbd..1f7aaf2 100644
+--- a/docs-xml/manpages/smbcacls.1.xml
++++ b/docs-xml/manpages/smbcacls.1.xml
+@@ -36,6 +36,8 @@
+ <arg choice="opt">-m|--max-protocol LEVEL</arg>
+ <arg choice="opt">--query-security-info FLAGS</arg>
+ <arg choice="opt">--set-security-info FLAGS</arg>
++ <arg choice="opt">--sddl</arg>
++ <arg choice="opt">--domain-sid SID</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -175,6 +177,18 @@
+ </para></listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term>--sddl</term>
++ <listitem><para>Output and input acls in sddl format.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--domain-sid SID</term>
++ <listitem><para>SID used for sddl processing.
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.server.debug;
+ &popt.common.samba;
+ &popt.common.credentials;
+--
+1.8.3.1
+
+
+From fb051ee29a55c6d72739bc895f05add50f2054d5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:39:00 +0100
+Subject: [PATCH 56/83] docs: remove unsupported -h option and use
+ popt.autohelp entity in rpcclient manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/rpcclient.1.xml | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/docs-xml/manpages/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml
+index 7193a90..76bcbc2 100644
+--- a/docs-xml/manpages/rpcclient.1.xml
++++ b/docs-xml/manpages/rpcclient.1.xml
+@@ -23,7 +23,6 @@
+ <arg choice="opt">-A authfile</arg>
+ <arg choice="opt">-c <command string></arg>
+ <arg choice="opt">-d debuglevel</arg>
+- <arg choice="opt">-h</arg>
+ <arg choice="opt">-l logdir</arg>
+ <arg choice="opt">-N</arg>
+ <arg choice="opt">-s <smb config file></arg>
+@@ -98,7 +97,7 @@
+ &popt.common.samba;
+ &popt.common.credentials;
+ &popt.common.connection;
+- &stdarg.help;
++ &popt.autohelp;
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From db62a5841a4892dc2d45ff027cac346c0e67c5aa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:51:42 +0100
+Subject: [PATCH 57/83] docs: document all long option names in nmblookup
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmblookup.1.xml | 41 +++++++++++++++++++--------------------
+ 1 file changed, 20 insertions(+), 21 deletions(-)
+
+diff --git a/docs-xml/manpages/nmblookup.1.xml b/docs-xml/manpages/nmblookup.1.xml
+index 12c707f..b110b28 100644
+--- a/docs-xml/manpages/nmblookup.1.xml
++++ b/docs-xml/manpages/nmblookup.1.xml
+@@ -20,19 +20,18 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>nmblookup</command>
+- <arg choice="opt">-M</arg>
+- <arg choice="opt">-R</arg>
+- <arg choice="opt">-S</arg>
+- <arg choice="opt">-r</arg>
+- <arg choice="opt">-A</arg>
+- <arg choice="opt">-h</arg>
+- <arg choice="opt">-B <broadcast address></arg>
+- <arg choice="opt">-U <unicast address></arg>
++ <arg choice="opt">-M|--master-browser</arg>
++ <arg choice="opt">-R|--recursion</arg>
++ <arg choice="opt">-S|--status</arg>
++ <arg choice="opt">-r|--root-port</arg>
++ <arg choice="opt">-A|--lookup-by-ip</arg>
++ <arg choice="opt">-B|--broadcast <broadcast address></arg>
++ <arg choice="opt">-U|--unicast <unicast address></arg>
+ <arg choice="opt">-d <debug level></arg>
+ <arg choice="opt">-s <smb config file></arg>
+ <arg choice="opt">-i <NetBIOS scope></arg>
+- <arg choice="opt">-T</arg>
+- <arg choice="opt">-f</arg>
++ <arg choice="opt">-T|--translate</arg>
++ <arg choice="opt">-f|--flags</arg>
+ <arg choice="req">name</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+@@ -55,8 +54,8 @@
+
+ <variablelist>
+ <varlistentry>
+- <term>-M</term>
+- <listitem><para>Searches for a master browser by looking
++ <term>-M|--master-browser</term>
++ <listitem><para>Searches for a master browser by looking
+ up the NetBIOS <replaceable>name</replaceable> with a
+ type of <constant>0x1d</constant>. If <replaceable>
+ name</replaceable> is "-" then it does a lookup on the special name
+@@ -67,7 +66,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-R</term>
++ <term>-R|--recursion</term>
+ <listitem><para>Set the recursion desired bit in the packet
+ to do a recursive lookup. This is used when sending a name
+ query to a machine running a WINS server and the user wishes
+@@ -78,7 +77,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-S</term>
++ <term>-S|--status</term>
+ <listitem><para>Once the name query has returned an IP
+ address then do a node status query as well. A node status
+ query returns the NetBIOS names registered by a host.
+@@ -87,7 +86,7 @@
+
+
+ <varlistentry>
+- <term>-r</term>
++ <term>-r|--root-port</term>
+ <listitem><para>Try and bind to UDP port 137 to send and receive UDP
+ datagrams. The reason for this option is a bug in Windows 95
+ where it ignores the source port of the requesting packet
+@@ -100,7 +99,7 @@
+
+
+ <varlistentry>
+- <term>-A</term>
++ <term>-A|--lookup-by-ip</term>
+ <listitem><para>Interpret <replaceable>name</replaceable> as
+ an IP Address and do a node status query on this address.</para>
+ </listitem>
+@@ -109,10 +108,10 @@
+
+
+ &popt.common.connection;
+- &stdarg.help;
++ &popt.autohelp;
+
+ <varlistentry>
+- <term>-B <broadcast address></term>
++ <term>-B|--broadcast <broadcast address></term>
+ <listitem><para>Send the query to the given broadcast address. Without
+ this option the default behavior of nmblookup is to send the
+ query to the broadcast address of the network interfaces as
+@@ -126,7 +125,7 @@
+
+
+ <varlistentry>
+- <term>-U <unicast address></term>
++ <term>-U|--unicast <unicast address></term>
+ <listitem><para>Do a unicast query to the specified address or
+ host <replaceable>unicast address</replaceable>. This option
+ (along with the <parameter>-R</parameter> option) is needed to
+@@ -137,7 +136,7 @@
+ &popt.common.samba;
+
+ <varlistentry>
+- <term>-T</term>
++ <term>-T|--translate</term>
+ <listitem><para>This causes any IP addresses found in the
+ lookup to be looked up via a reverse DNS lookup into a
+ DNS name, and printed out before each</para>
+@@ -148,7 +147,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-f</term>
++ <term>-f|--flags</term>
+ <listitem><para>
+ Show which flags apply to the name that has been looked up. Possible
+ answers are zero or more of: Response, Authoritative,
+--
+1.8.3.1
+
+
+From f9cdbfb27325d4e84d866fdee2a7bc729c25e24e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 12:55:02 +0100
+Subject: [PATCH 58/83] docs: use popt.autohelp entity in dbwrap-tools manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/dbwrap_tool.1.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml
+index b8280ac..8e979f6 100644
+--- a/docs-xml/manpages/dbwrap_tool.1.xml
++++ b/docs-xml/manpages/dbwrap_tool.1.xml
+@@ -77,7 +77,7 @@
+ </para></listitem>
+ </varlistentry>
+ &popt.common.samba.client;
+- &stdarg.help;
++ &popt.autohelp;
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 0674ef7c5b3551564894ee7b8810ee3c18857922 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 13:45:38 +0100
+Subject: [PATCH 59/83] docs: fix testparm manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/testparm.1.xml | 38 +++++++++++++++++++++++---------------
+ 1 file changed, 23 insertions(+), 15 deletions(-)
+
+diff --git a/docs-xml/manpages/testparm.1.xml b/docs-xml/manpages/testparm.1.xml
+index b258c20..ce69dc7 100644
+--- a/docs-xml/manpages/testparm.1.xml
++++ b/docs-xml/manpages/testparm.1.xml
+@@ -20,10 +20,9 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>testparm</command>
+- <arg choice="opt">-s</arg>
+- <arg choice="opt">-h</arg>
+- <arg choice="opt">-v</arg>
+- <arg choice="opt">-t <encoding></arg>
++ <arg choice="opt">-s|--suppress-prompt</arg>
++ <arg choice="opt">--help</arg>
++ <arg choice="opt">-v|--verbose</arg>
+ <arg choice="req">config filename</arg>
+ <arg choice="opt">hostname hostIP</arg>
+ </cmdsynopsis>
+@@ -63,17 +62,19 @@
+
+ <variablelist>
+ <varlistentry>
+- <term>-s</term>
++ <term>-s|--suppress-prompt</term>
+ <listitem><para>Without this option, <command>testparm</command>
+ will prompt for a carriage return after printing the service
+ names and before dumping the service definitions.</para></listitem>
+ </varlistentry>
+
+- &stdarg.help;
+ &stdarg.version;
+-
++ &stdarg.option;
++ &popt.autohelp;
++ &stdarg.client.debug;
++
+ <varlistentry>
+- <term>-v</term>
++ <term>-v|--verbose</term>
+ <listitem><para>If this option is specified, testparm
+ will also output all options that were not used in <citerefentry>
+ <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
+@@ -81,13 +82,6 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-t encoding</term>
+- <listitem><para>
+- Output data in specified encoding.
+- </para></listitem>
+- </varlistentry>
+-
+- <varlistentry>
+ <term>--parameter-name parametername</term>
+ <listitem><para>
+ Dumps the named parameter. If no section-name is set the view
+@@ -107,6 +101,20 @@
+ </varlistentry>
+
+ <varlistentry>
++ <term>--show-all-parameters</term>
++ <listitem><para>
++ Show the parameters, type, possible values.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-l|--skip-logic-checks</term>
++ <listitem><para>
++ Skip the global checks.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
+ <term>configfilename</term>
+ <listitem><para>This is the name of the configuration file
+ to check. If this parameter is not present then the
+--
+1.8.3.1
+
+
+From a0d8cb8f536620a6dbf1fab0093c715c9efaba65 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 13:46:06 +0100
+Subject: [PATCH 60/83] docs: use &popt.autohelp entity in pdbedit manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/pdbedit.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml
+index 5bb12c4..c59a1cf6 100644
+--- a/docs-xml/manpages/pdbedit.8.xml
++++ b/docs-xml/manpages/pdbedit.8.xml
+@@ -503,7 +503,7 @@ account policy value for bad lockout attempt is now 3
+ </listitem>
+ </varlistentry>
+
+- &stdarg.help;
++ &popt.autohelp;
+ &stdarg.server.debug;
+ &popt.common.samba;
+
+--
+1.8.3.1
+
+
+From 91d25302b92e01fdba3fa4bc22fea9a8381ae19e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 13:52:59 +0100
+Subject: [PATCH 61/83] docs: fix smbcontrol manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbcontrol.1.xml | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/docs-xml/manpages/smbcontrol.1.xml b/docs-xml/manpages/smbcontrol.1.xml
+index be8dd0f..234e02d 100644
+--- a/docs-xml/manpages/smbcontrol.1.xml
++++ b/docs-xml/manpages/smbcontrol.1.xml
+@@ -19,8 +19,8 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>smbcontrol</command>
+- <arg>-i</arg>
+ <arg>-s</arg>
++ <arg>-t|--timeout</arg>
+ </cmdsynopsis>
+
+ <cmdsynopsis>
+@@ -49,15 +49,14 @@
+ <title>OPTIONS</title>
+
+ <variablelist>
+- &stdarg.help;
++ &popt.autohelp;
+ &stdarg.configfile;
+- &popt.common.samba;
++ &popt.common.samba.client;
+ <varlistentry>
+- <term>-i</term>
+- <listitem><para>Run interactively. Individual commands
+- of the form destination message-type parameters can be entered
+- on STDIN. An empty command line or a "q" will quit the
+- program.</para></listitem>
++ <term>-t|--timeout</term>
++ <listitem><para>
++ Set timeout to seconds.
++ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+--
+1.8.3.1
+
+
+From 177c2c9c0ffe1ee434afc9d22d4bba12ae55d312 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 14:45:51 +0100
+Subject: [PATCH 62/83] docs: fix ntlm_auth manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/ntlm_auth.1.xml | 42 ++++++++++++++++++++++++++++++++-------
+ 1 file changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/docs-xml/manpages/ntlm_auth.1.xml b/docs-xml/manpages/ntlm_auth.1.xml
+index 4ada951..4ce57a2 100644
+--- a/docs-xml/manpages/ntlm_auth.1.xml
++++ b/docs-xml/manpages/ntlm_auth.1.xml
+@@ -19,9 +19,6 @@
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>ntlm_auth</command>
+- <arg choice="opt">-d debuglevel</arg>
+- <arg choice="opt">-l logdir</arg>
+- <arg choice="opt">-s <smb config file></arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -363,10 +360,41 @@
+ </listitem>
+ </varlistentry>
+
+- &stdarg.server.debug;
+- &popt.common.samba;
+- &stdarg.help;
+-
++ <varlistentry>
++ <term>--pam-winbind-conf=FILENAME</term>
++ <listitem><para>Define the path to the pam_winbind.conf file.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--target-hostname=HOSTNAME</term>
++ <listitem><para>Define the target hostname.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--target-service=SERVICE</term>
++ <listitem><para>Define the target service.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--use-cached-creds</term>
++ <listitem><para>Whether to use credentials cached by winbindd.</para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--configfile=<configuration file></term>
++ <listitem><para>The file specified contains the
++ configuration details required by the server. The
++ information in this file includes server-specific
++ information such as what printcap file to use, as well
++ as descriptions of all the services that the server is
++ to provide. See &smb.conf; for more information.
++ The default configuration file name is determined at
++ compile time.</para></listitem>
++ </varlistentry>
++
++ &stdarg.version;
++ &popt.autohelp;
++
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From b04375e725edfd419fa65c96d524b9fb351d5efc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 15:52:35 +0100
+Subject: [PATCH 63/83] docs: use popt.autohelp entity in nmbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/nmbd.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml
+index b7ead70..d83fb8f 100644
+--- a/docs-xml/manpages/nmbd.8.xml
++++ b/docs-xml/manpages/nmbd.8.xml
+@@ -123,7 +123,7 @@
+ given. </para></listitem>
+ </varlistentry>
+
+- &stdarg.help;
++ &popt.autohelp;
+
+ <varlistentry>
+ <term>-H|--hosts <filename></term>
+--
+1.8.3.1
+
+
+From 25eace39266edcac85c7d65a68dfbb632453b6f6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 15:53:08 +0100
+Subject: [PATCH 64/83] docs: use popt.autohelp entity in winbindd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/winbindd.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml
+index fd644c3..c16c998 100644
+--- a/docs-xml/manpages/winbindd.8.xml
++++ b/docs-xml/manpages/winbindd.8.xml
+@@ -169,7 +169,7 @@ hosts: files wins
+
+ &stdarg.server.debug;
+ &popt.common.samba;
+- &stdarg.help;
++ &popt.autohelp;
+
+ <varlistentry>
+ <term>-i|--interactive</term>
+--
+1.8.3.1
+
+
+From b649d631793bdd83ff1f3935a45f1617c1a4c3e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 15:53:29 +0100
+Subject: [PATCH 65/83] docs: use popt.autohelp entity in smbd manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/smbd.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/smbd.8.xml b/docs-xml/manpages/smbd.8.xml
+index d73f1db..00e65b3 100644
+--- a/docs-xml/manpages/smbd.8.xml
++++ b/docs-xml/manpages/smbd.8.xml
+@@ -128,7 +128,7 @@
+
+ &stdarg.server.debug;
+ &popt.common.samba;
+- &stdarg.help;
++ &popt.autohelp;
+
+ <varlistentry>
+ <term>--no-process-group</term>
+--
+1.8.3.1
+
+
+From 0815f114fbe99144061dc1c8c326fb0ee71f4a76 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 15:53:49 +0100
+Subject: [PATCH 66/83] docs: use popt.autohelp entity in samba.8 manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/samba.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/samba.8.xml b/docs-xml/manpages/samba.8.xml
+index 2b53944..da426bb 100644
+--- a/docs-xml/manpages/samba.8.xml
++++ b/docs-xml/manpages/samba.8.xml
+@@ -148,7 +148,7 @@
+ </varlistentry>
+
+ &popt.common.samba.server;
+- &stdarg.help;
++ &popt.autohelp;
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 0b24a4236c2b865a0cf318fcabb3ce64b93d9409 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 16:00:39 +0100
+Subject: [PATCH 67/83] docs: mention more options in net manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 86 +++++++++++++++++++++++++++++++++++----------
+ 1 file changed, 68 insertions(+), 18 deletions(-)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index 5fa042e..ccc993b 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -22,20 +22,25 @@
+ <cmdsynopsis>
+ <command>net</command>
+ <arg choice="req"><ads|rap|rpc></arg>
+- <arg choice="opt">-h</arg>
+- <arg choice="opt">-w workgroup</arg>
+- <arg choice="opt">-W myworkgroup</arg>
+- <arg choice="opt">-U user</arg>
+- <arg choice="opt">-I ip-address</arg>
+- <arg choice="opt">-p port</arg>
++ <arg choice="opt">-h|--help</arg>
++ <arg choice="opt">-w|--workgroup workgroup</arg>
++ <arg choice="opt">-W|--myworkgroup myworkgroup</arg>
++ <arg choice="opt">-U|--user user</arg>
++ <arg choice="opt">-I|--ipaddress ip-address</arg>
++ <arg choice="opt">-p|--port port</arg>
+ <arg choice="opt">-n myname</arg>
+ <arg choice="opt">-s conffile</arg>
+- <arg choice="opt">-S server</arg>
+- <arg choice="opt">-l</arg>
+- <arg choice="opt">-P</arg>
++ <arg choice="opt">-S|--server server</arg>
++ <arg choice="opt">-l|--long</arg>
++ <arg choice="opt">-v|--verbose</arg>
++ <arg choice="opt">-f|--force</arg>
++ <arg choice="opt">-P|--machine-pass</arg>
+ <arg choice="opt">-d debuglevel</arg>
+ <arg choice="opt">-V</arg>
+ <arg choice="opt">--request-timeout seconds</arg>
++ <arg choice="opt">-t|--timeout seconds</arg>
++ <arg choice="opt">-i|--stdin</arg>
++ <arg choice="opt">--tallocreport</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+@@ -64,7 +69,7 @@
+ &stdarg.kerberos;
+
+ <varlistentry>
+- <term>-w target-workgroup</term>
++ <term>-w|--workgroup target-workgroup</term>
+ <listitem><para>
+ Sets target workgroup or domain. You have to specify
+ either this option or the IP address or the name of a server.
+@@ -72,21 +77,21 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-W workgroup</term>
++ <term>-W|--myworkgroup workgroup</term>
+ <listitem><para>
+ Sets client workgroup or domain
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+- <term>-U user</term>
++ <term>-U|--user user</term>
+ <listitem><para>
+ User name to use
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+- <term>-I ip-address</term>
++ <term>-I|--ipaddress ip-address</term>
+ <listitem><para>
+ IP address of target server to use. You have to
+ specify either this option or a target workgroup or
+@@ -95,7 +100,7 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-p port</term>
++ <term>-p|--port port</term>
+ <listitem><para>
+ Port on the target server to connect to (usually 139 or 445).
+ Defaults to trying 445 first, then 139.
+@@ -106,7 +111,7 @@
+ &stdarg.configfile;
+
+ <varlistentry>
+- <term>-S server</term>
++ <term>-S|--server server</term>
+ <listitem><para>
+ Name of target server. You should specify either
+ this option or a target workgroup or a target IP address.
+@@ -114,14 +119,28 @@
+ </varlistentry>
+
+ <varlistentry>
+- <term>-l</term>
++ <term>-l|--long</term>
+ <listitem><para>
+ When listing data, give more information on each item.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+- <term>-P</term>
++ <term>-v|--verbose</term>
++ <listitem><para>
++ When listing data, give more verbose information on each item.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-f|--force</term>
++ <listitem><para>
++ Enforcing a net command.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-P|--machine-pass</term>
+ <listitem><para>
+ Make queries to the external server using the machine account of the local server.
+ </para></listitem>
+@@ -135,7 +154,38 @@
+ </para></listitem>
+ </varlistentry>
+
+- &stdarg.server.debug;
++ <varlistentry>
++ <term>-t|--timeout 30</term>
++ <listitem><para>
++ Set timeout for client operations to 30 seconds.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--use-ccache</term>
++ <listitem><para>
++ Try to use the credentials cached by winbind.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-i|--stdin</term>
++ <listitem><para>
++ Take input for net commands from standard input.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--tallocreport</term>
++ <listitem><para>
++ Generate a talloc report while processing a net
++ command.
++ </para></listitem>
++ </varlistentry>
++
++ &stdarg.encrypt;
++ &popt.common.samba.client;
++
+ </variablelist>
+ </refsect1>
+
+--
+1.8.3.1
+
+
+From 7c8dcc5e0f61577becf1954b6abfb72e4689eab2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 16:08:19 +0100
+Subject: [PATCH 68/83] docs: add net rpc vampire specific options in net
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index ccc993b..c9802f8 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -183,6 +183,32 @@
+ </para></listitem>
+ </varlistentry>
+
++ <!-- Options for net rpc vampire -->
++
++ <varlistentry>
++ <term>--force-full-repl</term>
++ <listitem><para>
++ When calling "net rpc vampire keytab" this option
++ enforces a full re-creation of the generated keytab file.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--single-obj-repl</term>
++ <listitem><para>
++ When calling "net rpc vampire keytab" this option
++ allows to replicate just a single object to the generated keytab file.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--clean-old-entries</term>
++ <listitem><para>
++ When calling "net rpc vampire keytab" this option
++ allows to cleanup old entries from the generated keytab file.
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.encrypt;
+ &popt.common.samba.client;
+
+--
+1.8.3.1
+
+
+From f1e03c2bc1bb34d1918b232035c25cc9e0e6811d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 16:17:32 +0100
+Subject: [PATCH 69/83] docs: add net idmap specific options in net manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index c9802f8..5cc623f9 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -209,6 +209,32 @@
+ </para></listitem>
+ </varlistentry>
+
++ <!-- Options for net idmap -->
++
++ <varlistentry>
++ <term>--db</term>
++ <listitem><para>Define dbfile for "net idmap" commands.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--lock</term>
++ <listitem><para>Activates locking of the dbfile for "net idmap check" command.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-a|--auto</term>
++ <listitem><para>Activates noninteractive mode in "net idmap check".
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--repair</term>
++ <listitem><para>Activates repair mode in "net idmap check".
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.encrypt;
+ &popt.common.samba.client;
+
+--
+1.8.3.1
+
+
+From e73493c64af9f76fa41b56c154ea973619e97cb0 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 16:22:52 +0100
+Subject: [PATCH 70/83] docs: add net rpc share migrate specific options in net
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index 5cc623f9..6fba00b 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -235,6 +235,38 @@
+ </para></listitem>
+ </varlistentry>
+
++ <!-- Options for net rpc share migrate -->
++
++ <varlistentry>
++ <term>--acls</term>
++ <listitem><para>Includes ACLs to be copied in "net rpc share migrate".
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--attrs</term>
++ <listitem><para>Includes file attributes to be copied in "net rpc share migrate".
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--timestamps</term>
++ <listitem><para>Includes timestamps to be copied in "net rpc share migrate".
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-X|--exclude DIRECTORY</term>
++ <listitem><para>Allows to exclude directories when copying with "net rpc share migrate".
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--destination SERVERNAME</term>
++ <listitem><para>Defines the target servername of migration process (defaults to localhost).
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.encrypt;
+ &popt.common.samba.client;
+
+--
+1.8.3.1
+
+
+From cb90d1eb8f1ea0fd23f7af4aa1a21447d4772a1e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 16:28:10 +0100
+Subject: [PATCH 71/83] docs: add net groupmap set specific options in net
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 30 ++++++++++++++++++++++++++++++
+ 1 file changed, 30 insertions(+)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index 6fba00b..fd13f43 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -267,6 +267,36 @@
+ </para></listitem>
+ </varlistentry>
+
++ <!-- Options for net groupmap set -->
++
++ <varlistentry>
++ <term>-L|--local</term>
++ <listitem><para>Sets the type of group mapping to local
++ (used in "net groupmap set").
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-D|--domain</term>
++ <listitem><para>Sets the type of group mapping to domain
++ (used in "net groupmap set").
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-N|--ntname NTNAME</term>
++ <listitem><para>Sets the ntname of a group mapping
++ (used in "net groupmap set").
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-R|--rid RID</term>
++ <listitem><para>Sets the rid of a group mapping
++ (used in "net groupmap set").
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.encrypt;
+ &popt.common.samba.client;
+
+--
+1.8.3.1
+
+
+From 57269672d1b52c5a1318619f5b6ccdfb757c161f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 17:11:31 +0100
+Subject: [PATCH 72/83] docs: add net rpc registry check specific options in
+ net manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index fd13f43..4d43625 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -297,6 +297,29 @@
+ </para></listitem>
+ </varlistentry>
+
++ <!-- Options for net registry check -->
++
++ <varlistentry>
++ <term>--reg-version REG_VERSION</term>
++ <listitem><para>Assume database version {n|1,2,3}
++ (used in "net registry check").
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-o|--output FILENAME</term>
++ <listitem><para>Output database file
++ (used in "net registry check").
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>--wipe</term>
++ <listitem><para>Createa a new database from scratch
++ (used in "net registry check").
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.encrypt;
+ &popt.common.samba.client;
+
+--
+1.8.3.1
+
+
+From 49ab592097a235d31355bf4e58d2957ee56c5a3c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 17:15:57 +0100
+Subject: [PATCH 73/83] docs: add net registry import specific options in net
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/net.8.xml | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index 4d43625..ce976b4 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -320,6 +320,15 @@
+ </para></listitem>
+ </varlistentry>
+
++ <!-- Options for net registry import -->
++
++ <varlistentry>
++ <term>--precheck PRECHECK_DB_FILENAME</term>
++ <listitem><para>Defines filename for database prechecking
++ (used in "net registry import").
++ </para></listitem>
++ </varlistentry>
++
+ &stdarg.encrypt;
+ &popt.common.samba.client;
+
+--
+1.8.3.1
+
+
+From 19d1a7abcf5ceaf2577952b90ca77eb776bc95d2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 18 Nov 2013 17:26:28 +0100
+Subject: [PATCH 74/83] docs: document remaining undocumented options in net
+ manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Tue Nov 19 12:05:56 CET 2013 on sn-devel-104
+---
+ docs-xml/manpages/net.8.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 42 insertions(+)
+
+diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
+index ce976b4..49cab42 100644
+--- a/docs-xml/manpages/net.8.xml
++++ b/docs-xml/manpages/net.8.xml
+@@ -183,6 +183,48 @@
+ </para></listitem>
+ </varlistentry>
+
++ <varlistentry>
++ <term>-T|--test</term>
++ <listitem><para>Only test command sequence, dry-run.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-F|--flags FLAGS</term>
++ <listitem><para>Pass down integer flags to a net subcommand.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-C|--comment COMMENT</term>
++ <listitem><para>Pass down a comment string to a net subcommand.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-n|--myname MYNAME</term>
++ <listitem><para>Use MYNAME as a requester name for a net subcommand.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-c|--container CONTAINER</term>
++ <listitem><para>Use a specific AD container for net ads operations.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-M|--maxusers MAXUSERS</term>
++ <listitem><para>Fill in the maxusers field in net rpc share operations.
++ </para></listitem>
++ </varlistentry>
++
++ <varlistentry>
++ <term>-r|--reboot</term>
++ <listitem><para>Reboot a remote machine after a command has been successfully executed (e.g. in remote join operations).
++ </para></listitem>
++ </varlistentry>
++
+ <!-- Options for net rpc vampire -->
+
+ <varlistentry>
+--
+1.8.3.1
+
+
+From 7a587e715ae413ce0f44be4c6f63a9e30fe697e5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:14:45 +0100
+Subject: [PATCH 75/83] docs: remove duplicate "a" from vfs_cacheprime manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/manpages/vfs_cacheprime.8.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/manpages/vfs_cacheprime.8.xml b/docs-xml/manpages/vfs_cacheprime.8.xml
+index b490ba6..b92a6c1 100644
+--- a/docs-xml/manpages/vfs_cacheprime.8.xml
++++ b/docs-xml/manpages/vfs_cacheprime.8.xml
+@@ -84,7 +84,7 @@
+
+ <refsect1>
+ <title>CAVEATS</title>
+- <para><command>cacheprime</command> is not a a substitute for
++ <para><command>cacheprime</command> is not a substitute for
+ a general-purpose readahead mechanism. It is intended for use
+ only in very specific environments where disk operations must
+ be aligned and sized to known values (as much as that is possible).
+--
+1.8.3.1
+
+
+From b55b56351d71bb4a4517d857959c7c9d9d2b768c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:17:19 +0100
+Subject: [PATCH 76/83] docs: remove duplicate "the" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/smbdotconf/misc/directorynamecachesize.xml | 2 +-
+ docs-xml/smbdotconf/protocol/ntaclsupport.xml | 2 +-
+ docs-xml/smbdotconf/winbind/idmapconfig.xml | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/docs-xml/smbdotconf/misc/directorynamecachesize.xml b/docs-xml/smbdotconf/misc/directorynamecachesize.xml
+index 1064b7e..d02c4f5 100644
+--- a/docs-xml/smbdotconf/misc/directorynamecachesize.xml
++++ b/docs-xml/smbdotconf/misc/directorynamecachesize.xml
+@@ -5,7 +5,7 @@
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+ <description>
+ <para>
+- This parameter specifies the the size of the directory name cache.
++ This parameter specifies the size of the directory name cache.
+ It will be needed to turn this off for *BSD systems.
+ </para>
+
+diff --git a/docs-xml/smbdotconf/protocol/ntaclsupport.xml b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
+index 1e9cedf..451d5d8 100644
+--- a/docs-xml/smbdotconf/protocol/ntaclsupport.xml
++++ b/docs-xml/smbdotconf/protocol/ntaclsupport.xml
+@@ -7,7 +7,7 @@
+ <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will attempt to map
+ UNIX permissions into Windows NT access control lists. The UNIX
+- permissions considered are the the traditional UNIX owner and
++ permissions considered are the traditional UNIX owner and
+ group permissions, as well as POSIX ACLs set on any files or
+ directories. This parameter was formally a global parameter in
+ releases prior to 2.2.2.</para>
+diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml b/docs-xml/smbdotconf/winbind/idmapconfig.xml
+index 5d3605a..30925a2 100644
+--- a/docs-xml/smbdotconf/winbind/idmapconfig.xml
++++ b/docs-xml/smbdotconf/winbind/idmapconfig.xml
+@@ -17,7 +17,7 @@
+
+ <para>
+ The idmap configuration is hence divided into groups, one group
+- for each domain to be configured, and one group with the the
++ for each domain to be configured, and one group with the
+ asterisk instead of a proper domain name, which specifies the
+ default configuration that is used to catch all domains that do
+ not have an explicit idmap configuration of their own.
+--
+1.8.3.1
+
+
+From 25577278211f82a353477c48ea1381cdd16b3b63 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:18:57 +0100
+Subject: [PATCH 77/83] docs: remove duplicate "to" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/smbdotconf/misc/rpcserver.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/smbdotconf/misc/rpcserver.xml b/docs-xml/smbdotconf/misc/rpcserver.xml
+index 4372eea..9a22939 100644
+--- a/docs-xml/smbdotconf/misc/rpcserver.xml
++++ b/docs-xml/smbdotconf/misc/rpcserver.xml
+@@ -59,7 +59,7 @@
+ Currently in Samba3 we support three daemons, spoolssd, epmd and
+ lsasd. These daemons can be enabled using the
+ <emphasis>rpc_daemon</emphasis> option. For spoolssd you have
+- to to enable the daemon and proxy the named pipe with:
++ to enable the daemon and proxy the named pipe with:
+ </para>
+
+ <para>
+--
+1.8.3.1
+
+
+From ced12107e0af429af088cd63b86c8b8b21e83a1a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:20:12 +0100
+Subject: [PATCH 78/83] docs: remove duplicate "not" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/smbdotconf/protocol/aclallowexecutealways.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml
+index 49d2c48..0c9588e 100644
+--- a/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml
++++ b/docs-xml/smbdotconf/protocol/aclallowexecutealways.xml
+@@ -17,7 +17,7 @@
+ If this parameter is set to "True", Samba does not check execute permissions on
+ "open for execution", thus re-establishing the behaviour of Samba 3.6.
+ This can be useful to smoothen upgrades from older Samba versions to 4.0 and newer.
+- This setting is not not meant to be used as a permanent setting, but as a temporary relief:
++ This setting is not meant to be used as a permanent setting, but as a temporary relief:
+ It is recommended to fix the permissions in the ACLs and reset this parameter to the
+ default after a certain transition period.
+ </para>
+--
+1.8.3.1
+
+
+From 59a240513c7d48afb337b102466c539af3f880f3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:33:33 +0100
+Subject: [PATCH 79/83] docs: remove duplicate "or" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/smbdotconf/misc/fakedirectorycreatetimes.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/smbdotconf/misc/fakedirectorycreatetimes.xml b/docs-xml/smbdotconf/misc/fakedirectorycreatetimes.xml
+index 974b6f0..54e7b87 100644
+--- a/docs-xml/smbdotconf/misc/fakedirectorycreatetimes.xml
++++ b/docs-xml/smbdotconf/misc/fakedirectorycreatetimes.xml
+@@ -20,7 +20,7 @@
+ timestamp than the object files it contains.</para>
+
+ <para>However, Unix time semantics mean that the create time
+- reported by Samba will be updated whenever a file is created or
++ reported by Samba will be updated whenever a file is created
+ or deleted in the directory. NMAKE finds all object files in
+ the object directory. The timestamp of the last one built is then
+ compared to the timestamp of the object directory. If the
+--
+1.8.3.1
+
+
+From 0cf92d476feabb870f67061d38d1027ebc59a852 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:34:05 +0100
+Subject: [PATCH 80/83] docs: remove duplicate "on" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/smbdotconf/security/aclgroupcontrol.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/smbdotconf/security/aclgroupcontrol.xml b/docs-xml/smbdotconf/security/aclgroupcontrol.xml
+index e62216a..279a57b 100644
+--- a/docs-xml/smbdotconf/security/aclgroupcontrol.xml
++++ b/docs-xml/smbdotconf/security/aclgroupcontrol.xml
+@@ -24,7 +24,7 @@
+
+ <para>
+ This parameter is best used with the <smbconfoption name="inherit owner"/> option and also
+- on on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> set
++ on a share containing directories with the UNIX <emphasis>setgid bit</emphasis> set
+ on them, which causes new files and directories created within it to inherit the group
+ ownership from the containing directory.
+ </para>
+--
+1.8.3.1
+
+
+From 8d1ff1d73f43d0fd4c2290496389c006afb2de93 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:34:33 +0100
+Subject: [PATCH 81/83] docs: remove duplicate "must" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/smbdotconf/security/smbencrypt.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/smbdotconf/security/smbencrypt.xml b/docs-xml/smbdotconf/security/smbencrypt.xml
+index d556166..51079ae 100644
+--- a/docs-xml/smbdotconf/security/smbencrypt.xml
++++ b/docs-xml/smbdotconf/security/smbencrypt.xml
+@@ -21,7 +21,7 @@
+ and <emphasis>disabled</emphasis>. This may be set on a per-share
+ basis, but clients may chose to encrypt the entire session, not
+ just traffic to a specific share. If this is set to mandatory
+- then all traffic to a share <emphasis>must</emphasis> must
++ then all traffic to a share <emphasis>must</emphasis>
+ be encrypted once the connection has been made to the share.
+ The server would return "access denied" to all non-encrypted
+ requests on such a share. Selecting encrypted traffic reduces
+--
+1.8.3.1
+
+
+From 344c59f99996d4e6a23c2cc914377536ea7e9eee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:34:54 +0100
+Subject: [PATCH 82/83] docs: remove duplicate "line" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ docs-xml/smbdotconf/security/usernamemapscript.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/smbdotconf/security/usernamemapscript.xml b/docs-xml/smbdotconf/security/usernamemapscript.xml
+index 6df134c..9e2e1a5 100644
+--- a/docs-xml/smbdotconf/security/usernamemapscript.xml
++++ b/docs-xml/smbdotconf/security/usernamemapscript.xml
+@@ -8,7 +8,7 @@
+ <smbconfoption name="username map"/> parameter. This parameter
+ specifies and external program or script that must accept a single
+ command line option (the username transmitted in the authentication
+- request) and return a line line on standard output (the name to which
++ request) and return a line on standard output (the name to which
+ the account should mapped). In this way, it is possible to store
+ username map tables in an LDAP or NIS directory services.
+ </para>
+--
+1.8.3.1
+
+
+From c0bdd8011cc14a03bbddb7ad894219c649a609d9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 19 Nov 2013 12:36:53 +0100
+Subject: [PATCH 83/83] docs: remove duplicate "used" from smb.conf manpage.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Tue Nov 19 14:40:40 CET 2013 on sn-devel-104
+---
+ docs-xml/smbdotconf/filename/manglingmethod.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs-xml/smbdotconf/filename/manglingmethod.xml b/docs-xml/smbdotconf/filename/manglingmethod.xml
+index f6e2eda..347dc56 100644
+--- a/docs-xml/smbdotconf/filename/manglingmethod.xml
++++ b/docs-xml/smbdotconf/filename/manglingmethod.xml
+@@ -6,7 +6,7 @@
+ <description>
+ <para> controls the algorithm used for the generating
+ the mangled names. Can take two different values, "hash" and
+- "hash2". "hash" is the algorithm that was used
++ "hash2". "hash" is the algorithm that was
+ used in Samba for many years and was the default in Samba 2.2.x "hash2" is
+ now the default and is newer and considered a better algorithm (generates less collisions) in
+ the names. Many Win32 applications store the mangled names and so
+--
+1.8.3.1
+
diff --git a/SOURCES/samba-4.1.2-fix_strict_aliasing.patch b/SOURCES/samba-4.1.2-fix_strict_aliasing.patch
new file mode 100644
index 0000000..7a60239
--- /dev/null
+++ b/SOURCES/samba-4.1.2-fix_strict_aliasing.patch
@@ -0,0 +1,109 @@
+From d31a18bcaaa3f3dd5f0bf8db705089c42c7ab0b3 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 14 Nov 2013 18:36:41 +0100
+Subject: [PATCH] util: Remove 32bit macros breaking strict aliasing.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10269
+
+These macros might have worked but they break strict aliasing in the
+meantime and so the compiler is not able to optimize the relevant code.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+
+Autobuild-User(master): Volker Lendecke <vl@samba.org>
+Autobuild-Date(master): Thu Nov 14 23:16:45 CET 2013 on sn-devel-104
+
+(cherry picked from commit af69cb2a78810e608ccff115b433801a58a749e4)
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ lib/util/byteorder.h | 52 ++--------------------------------------------------
+ 1 file changed, 2 insertions(+), 50 deletions(-)
+
+diff --git a/lib/util/byteorder.h b/lib/util/byteorder.h
+index 6bcf71e..58cd68a 100644
+--- a/lib/util/byteorder.h
++++ b/lib/util/byteorder.h
+@@ -35,15 +35,6 @@ Here is a description of this file that I emailed to the samba list once:
+
+ sure.
+
+-The distinction between 386 and other architectures is only there as
+-an optimisation. You can take it out completely and it will make no
+-difference. The routines (macros) in byteorder.h are totally byteorder
+-independent. The 386 optimsation just takes advantage of the fact that
+-the x86 processors don't care about alignment, so we don't have to
+-align ints on int boundaries etc. If there are other processors out
+-there that aren't alignment sensitive then you could also define
+-CAREFUL_ALIGNMENT=0 on those processors as well.
+-
+ Ok, now to the macros themselves. I'll take a simple example, say we
+ want to extract a 2 byte integer from a SMB packet and put it into a
+ type called uint16_t that is in the local machines byte order, and you
+@@ -130,20 +121,6 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
+ #define HAVE_ASM_BYTEORDER 0
+ #endif
+
+-
+-
+-#undef CAREFUL_ALIGNMENT
+-
+-/* we know that the 386 can handle misalignment and has the "right"
+- byteorder */
+-#if defined(__i386__)
+-#define CAREFUL_ALIGNMENT 0
+-#endif
+-
+-#ifndef CAREFUL_ALIGNMENT
+-#define CAREFUL_ALIGNMENT 1
+-#endif
+-
+ #define CVAL(buf,pos) ((unsigned int)(((const uint8_t *)(buf))[pos]))
+ #define CVAL_NC(buf,pos) (((uint8_t *)(buf))[pos]) /* Non-const version of CVAL */
+ #define PVAL(buf,pos) (CVAL(buf,pos))
+@@ -161,7 +138,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
+ #define SSVALS(buf,pos,val) SSVAL((buf),(pos),((int16_t)(val)))
+ #define SIVALS(buf,pos,val) SIVAL((buf),(pos),((int32_t)(val)))
+
+-#elif CAREFUL_ALIGNMENT
++#else /* not HAVE_ASM_BYTEORDER */
+
+ #define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8)
+ #define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16)
+@@ -174,32 +151,7 @@ static __inline__ void st_le32(uint32_t *addr, const uint32_t val)
+ #define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16_t)(val)))
+ #define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32_t)(val)))
+
+-#else /* not CAREFUL_ALIGNMENT */
+-
+-/* this handles things for architectures like the 386 that can handle
+- alignment errors */
+-/*
+- WARNING: This section is dependent on the length of int16_t and int32_t
+- being correct
+-*/
+-
+-/* get single value from an SMB buffer */
+-#define SVAL(buf,pos) (*(const uint16_t *)((const char *)(buf) + (pos)))
+-#define SVAL_NC(buf,pos) (*(uint16_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
+-#define IVAL(buf,pos) (*(const uint32_t *)((const char *)(buf) + (pos)))
+-#define IVAL_NC(buf,pos) (*(uint32_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
+-#define SVALS(buf,pos) (*(const int16_t *)((const char *)(buf) + (pos)))
+-#define SVALS_NC(buf,pos) (*(int16_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
+-#define IVALS(buf,pos) (*(const int32_t *)((const char *)(buf) + (pos)))
+-#define IVALS_NC(buf,pos) (*(int32_t *)((void *)((char *)(buf) + (pos)))) /* Non const version of above. */
+-
+-/* store single value in an SMB buffer */
+-#define SSVAL(buf,pos,val) SVAL_NC(buf,pos)=((uint16_t)(val))
+-#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((uint32_t)(val))
+-#define SSVALS(buf,pos,val) SVALS_NC(buf,pos)=((int16_t)(val))
+-#define SIVALS(buf,pos,val) IVALS_NC(buf,pos)=((int32_t)(val))
+-
+-#endif /* not CAREFUL_ALIGNMENT */
++#endif /* not HAVE_ASM_BYTEORDER */
+
+ /* 64 bit macros */
+ #define BVAL(p, ofs) (IVAL(p,ofs) | (((uint64_t)IVAL(p,(ofs)+4)) << 32))
+--
+1.8.4
+
diff --git a/SOURCES/samba-4.1.2-winbind_cache_keysize.patch b/SOURCES/samba-4.1.2-winbind_cache_keysize.patch
new file mode 100644
index 0000000..fd4b505
--- /dev/null
+++ b/SOURCES/samba-4.1.2-winbind_cache_keysize.patch
@@ -0,0 +1,41 @@
+From 944e9fbc20f125b52e047484dca1792d75561ed9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Wed, 13 Nov 2013 15:10:33 +0100
+Subject: [PATCH] s3-winbindd: Fix #10264, cache_traverse_validate_fn failure
+ for NDR cache entries.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We need to increase the keysize limit for NDR queries. A wbint_LookupSids query
+for just 20 sids already hits the older limit.
+
+Guenther
+
+https://bugzilla.samba.org/show_bug.cgi?id=10264
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Michael Adam <obnox@samba.org>
+
+Autobuild-User(master): Michael Adam <obnox@samba.org>
+Autobuild-Date(master): Wed Nov 13 19:33:46 CET 2013 on sn-devel-104
+---
+ source3/winbindd/winbindd_cache.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
+index 91c19fa..267cefc 100644
+--- a/source3/winbindd/winbindd_cache.c
++++ b/source3/winbindd/winbindd_cache.c
+@@ -4065,7 +4065,8 @@ static int cache_traverse_validate_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_D
+ struct tdb_validation_status *v_state = (struct tdb_validation_status *)state;
+
+ /* Paranoia check. */
+- if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0) {
++ if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0 ||
++ strncmp("NDR/", (const char *)kbuf.dptr, 4) == 0) {
+ max_key_len = 1024 * 1024;
+ }
+ if (kbuf.dsize > max_key_len) {
+--
+1.8.3.1
+
diff --git a/SOURCES/samba-4.1.3-CVE-2012-6150.patch b/SOURCES/samba-4.1.3-CVE-2012-6150.patch
new file mode 100644
index 0000000..b4bd091
--- /dev/null
+++ b/SOURCES/samba-4.1.3-CVE-2012-6150.patch
@@ -0,0 +1,38 @@
+From f62683956a3b182f6a61cc7a2b4ada2e74cde243 Mon Sep 17 00:00:00 2001
+From: Noel Power <noel.power@suse.com>
+Date: Wed, 16 Oct 2013 16:30:55 +0100
+Subject: [PATCH] fail authentication for single group name which cannot be
+ converted to sid
+
+furthermore if more than one name is supplied and no sid is converted
+then also fail.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300
+
+Signed-off-by: Noel Power <noel.power@suse.com>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: David Disseldorp <ddiss@samba.org>
+[ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
+---
+ nsswitch/pam_winbind.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
+index 9322971..cd5e7ba 100644
+--- a/nsswitch/pam_winbind.c
++++ b/nsswitch/pam_winbind.c
+@@ -1172,6 +1172,12 @@ static bool winbind_name_list_to_sid_string_list(struct pwb_context *ctx,
+ _make_remark_format(ctx, PAM_TEXT_INFO, _("Cannot convert group %s "
+ "to sid, please contact your administrator to see "
+ "if group %s is valid."), search_location, search_location);
++
++ /* If no valid groups were converted we should fail outright */
++ if (name_list != NULL && strlen(sid_list_buffer) == 0) {
++ result = false;
++ goto out;
++ }
+ /*
+ * The lookup of the last name failed..
+ * It results in require_member_of_sid ends with ','
+--
+1.8.1.4
diff --git a/SOURCES/samba-4.1.3-CVE-2013-4408.patch b/SOURCES/samba-4.1.3-CVE-2013-4408.patch
new file mode 100644
index 0000000..7624ff1
--- /dev/null
+++ b/SOURCES/samba-4.1.3-CVE-2013-4408.patch
@@ -0,0 +1,1974 @@
+From ea6e3de5ae7c79b3badf9cfa8fcbaebf76ec5bae Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Tue, 24 Sep 2013 05:03:40 +0200
+Subject: [PATCH 01/16] CVE-2013-4408:librpc: check for invalid frag_len
+ within dcerpc_read_ncacn_packet_done()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ librpc/rpc/dcerpc_util.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
+index de292c8..458ecc5 100644
+--- a/librpc/rpc/dcerpc_util.c
++++ b/librpc/rpc/dcerpc_util.c
+@@ -292,6 +292,11 @@ static void dcerpc_read_ncacn_packet_done(struct tevent_req *subreq)
+ return;
+ }
+
++ if (state->pkt->frag_length != state->buffer.length) {
++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
++ return;
++ }
++
+ tevent_req_done(req);
+ }
+
+--
+1.7.9.5
+
+
+From d405a5afc175c5a936511f861a35cffd3be43fd9 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Tue, 24 Sep 2013 05:03:40 +0200
+Subject: [PATCH 02/16] CVE-2013-4408:librpc: check for invalid frag_len
+ within dcerpc_read_ncacn_packet_next_vector()
+
+We should do this explicit instead of relying on
+tstream_readv_pdu_ask_for_next_vector() to catch the overflow.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ librpc/rpc/dcerpc_util.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/librpc/rpc/dcerpc_util.c b/librpc/rpc/dcerpc_util.c
+index 458ecc5..0b9cca3 100644
+--- a/librpc/rpc/dcerpc_util.c
++++ b/librpc/rpc/dcerpc_util.c
+@@ -223,6 +223,15 @@ static int dcerpc_read_ncacn_packet_next_vector(struct tstream_context *stream,
+
+ ofs = state->buffer.length;
+
++ if (frag_len < ofs) {
++ /*
++ * something is wrong, let the caller deal with it
++ */
++ *_vector = NULL;
++ *_count = 0;
++ return 0;
++ }
++
+ state->buffer.data = talloc_realloc(state,
+ state->buffer.data,
+ uint8_t, frag_len);
+--
+1.7.9.5
+
+
+From db3a2292a096d95ce672950e738c35e902077604 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Sep 2013 23:25:12 +0200
+Subject: [PATCH 03/16] CVE-2013-4408:s3:rpc_client: check for invalid
+ frag_len in dcerpc_pull_ncacn_packet()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source3/librpc/rpc/dcerpc_helpers.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/source3/librpc/rpc/dcerpc_helpers.c b/source3/librpc/rpc/dcerpc_helpers.c
+index d36c2da..a55e419 100644
+--- a/source3/librpc/rpc/dcerpc_helpers.c
++++ b/source3/librpc/rpc/dcerpc_helpers.c
+@@ -127,6 +127,10 @@ NTSTATUS dcerpc_pull_ncacn_packet(TALLOC_CTX *mem_ctx,
+ NDR_PRINT_DEBUG(ncacn_packet, r);
+ }
+
++ if (r->frag_length != blob->length) {
++ return NT_STATUS_RPC_PROTOCOL_ERROR;
++ }
++
+ return NT_STATUS_OK;
+ }
+
+--
+1.7.9.5
+
+
+From 1e1b1d587a056d898f0f5bb99235e488a06079f1 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Sep 2013 23:25:12 +0200
+Subject: [PATCH 04/16] CVE-2013-4408:s3:rpc_client: verify frag_len at least
+ contains the header size
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source3/rpc_client/cli_pipe.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index 2e978ef..fd854c4 100644
+--- a/source3/rpc_client/cli_pipe.c
++++ b/source3/rpc_client/cli_pipe.c
+@@ -284,6 +284,10 @@ static struct tevent_req *get_complete_frag_send(TALLOC_CTX *mem_ctx,
+ }
+
+ state->frag_len = dcerpc_get_frag_length(pdu);
++ if (state->frag_len < RPC_HEADER_LEN) {
++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
++ return tevent_req_post(req, ev);
++ }
+
+ /*
+ * Ensure we have frag_len bytes of data.
+@@ -332,6 +336,10 @@ static void get_complete_frag_got_header(struct tevent_req *subreq)
+ }
+
+ state->frag_len = dcerpc_get_frag_length(state->pdu);
++ if (state->frag_len < RPC_HEADER_LEN) {
++ tevent_req_nterror(req, NT_STATUS_RPC_PROTOCOL_ERROR);
++ return;
++ }
+
+ if (!data_blob_realloc(NULL, state->pdu, state->frag_len)) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+--
+1.7.9.5
+
+
+From 33d4dc2f0512d845cc6e00174b870833dd055862 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Sep 2013 23:25:12 +0200
+Subject: [PATCH 05/16] CVE-2013-4408:s4:dcerpc: check for invalid frag_len in
+ ncacn_pull()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source4/librpc/rpc/dcerpc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
+index e653cba..2826160 100644
+--- a/source4/librpc/rpc/dcerpc.c
++++ b/source4/librpc/rpc/dcerpc.c
+@@ -693,6 +693,10 @@ static NTSTATUS ncacn_pull(struct dcecli_connection *c, DATA_BLOB *blob, TALLOC_
+ return ndr_map_error2ntstatus(ndr_err);
+ }
+
++ if (pkt->frag_length != blob->length) {
++ return NT_STATUS_RPC_PROTOCOL_ERROR;
++ }
++
+ return NT_STATUS_OK;
+ }
+
+--
+1.7.9.5
+
+
+From 7ff27a03ddcb2aaa6b130266a9262dca79a324c5 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Sep 2013 23:25:12 +0200
+Subject: [PATCH 06/16] CVE-2013-4408:s4:dcerpc_smb: check for invalid
+ frag_len in send_read_request_continue()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source4/librpc/rpc/dcerpc_smb.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
+index e02631e..efb76cf 100644
+--- a/source4/librpc/rpc/dcerpc_smb.c
++++ b/source4/librpc/rpc/dcerpc_smb.c
+@@ -163,6 +163,12 @@ static NTSTATUS send_read_request_continue(struct dcecli_connection *c, DATA_BLO
+ } else {
+ uint32_t frag_length = blob->length>=16?
+ dcerpc_get_frag_length(blob):0x2000;
++
++ if (frag_length < state->data.length) {
++ talloc_free(state);
++ return NT_STATUS_RPC_PROTOCOL_ERROR;
++ }
++
+ state->received = blob->length;
+ state->data = data_blob_talloc(state, NULL, frag_length);
+ if (!state->data.data) {
+--
+1.7.9.5
+
+
+From 2e01567db620407a9bfdee28efa61ddccc1357f8 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 25 Sep 2013 23:25:12 +0200
+Subject: [PATCH 07/16] CVE-2013-4408:s4:dcerpc_smb2: check for invalid
+ frag_len in send_read_request_continue()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source4/librpc/rpc/dcerpc_smb2.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/source4/librpc/rpc/dcerpc_smb2.c b/source4/librpc/rpc/dcerpc_smb2.c
+index 473ca78..2b1c66e 100644
+--- a/source4/librpc/rpc/dcerpc_smb2.c
++++ b/source4/librpc/rpc/dcerpc_smb2.c
+@@ -173,6 +173,12 @@ static NTSTATUS send_read_request_continue(struct dcecli_connection *c, DATA_BLO
+
+ if (state->data.length >= 16) {
+ uint16_t frag_length = dcerpc_get_frag_length(&state->data);
++
++ if (frag_length < state->data.length) {
++ talloc_free(state);
++ return NT_STATUS_RPC_PROTOCOL_ERROR;
++ }
++
+ io.in.length = frag_length - state->data.length;
+ } else {
+ io.in.length = 0x2000;
+--
+1.7.9.5
+
+
+From 2a94a9db0086582119bbcb7b4c82e86e8a3f8137 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Tue, 24 Sep 2013 05:03:40 +0200
+Subject: [PATCH 08/16] CVE-2013-4408:s4:dcerpc_sock: check for invalid
+ frag_len within sock_complete_packet()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source4/librpc/rpc/dcerpc_sock.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
+index 58fca4c..d36af11 100644
+--- a/source4/librpc/rpc/dcerpc_sock.c
++++ b/source4/librpc/rpc/dcerpc_sock.c
+@@ -102,6 +102,12 @@ static NTSTATUS sock_complete_packet(void *private_data, DATA_BLOB blob, size_t
+ return STATUS_MORE_ENTRIES;
+ }
+ *size = dcerpc_get_frag_length(&blob);
++ if (*size < blob.length) {
++ /*
++ * something is wrong, let the caller deal with it
++ */
++ *size = blob.length;
++ }
+ if (*size > blob.length) {
+ return STATUS_MORE_ENTRIES;
+ }
+--
+1.7.9.5
+
+
+From 79c3d6df2fc63e188ae6091d6f0bd0a55f3fe548 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 16 Oct 2013 14:17:49 +0200
+Subject: [PATCH 09/16] CVE-2013-4408:async_sock: add some overflow detection
+ to read_packet_handler()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ lib/async_req/async_sock.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
+index 59dde88..74b2cb7 100644
+--- a/lib/async_req/async_sock.c
++++ b/lib/async_req/async_sock.c
+@@ -667,6 +667,11 @@ static void read_packet_handler(struct tevent_context *ev,
+ return;
+ }
+
++ if (total + more < total) {
++ tevent_req_error(req, EMSGSIZE);
++ return;
++ }
++
+ tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+--
+1.7.9.5
+
+
+From ebfad1eadb3fc492f31c35a9d2585fe27ed00ad5 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 16 Oct 2013 14:17:49 +0200
+Subject: [PATCH 10/16] CVE-2013-4408:s3:util_tsock: add some overflow
+ detection to tstream_read_packet_done()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/util_tsock.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/source3/lib/util_tsock.c b/source3/lib/util_tsock.c
+index 35a97f5..03380ef 100644
+--- a/source3/lib/util_tsock.c
++++ b/source3/lib/util_tsock.c
+@@ -110,6 +110,11 @@ static void tstream_read_packet_done(struct tevent_req *subreq)
+ return;
+ }
+
++ if (total + more < total) {
++ tevent_req_error(req, EMSGSIZE);
++ return;
++ }
++
+ tmp = talloc_realloc(state, state->buf, uint8_t, total+more);
+ if (tevent_req_nomem(tmp, req)) {
+ return;
+--
+1.7.9.5
+
+
+From 1108ce2b996cde47a653cdfca27e059e3986da5f Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 16 Oct 2013 14:17:49 +0200
+Subject: [PATCH 11/16] CVE-2013-4408:libcli/util: add some size verification
+ to tstream_read_pdu_blob_done()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ libcli/util/tstream.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libcli/util/tstream.c b/libcli/util/tstream.c
+index 12cef9b..dd830e2 100644
+--- a/libcli/util/tstream.c
++++ b/libcli/util/tstream.c
+@@ -129,6 +129,11 @@ static void tstream_read_pdu_blob_done(struct tevent_req *subreq)
+ return;
+ }
+
++ if (new_buf_size <= old_buf_size) {
++ tevent_req_nterror(req, NT_STATUS_INVALID_BUFFER_SIZE);
++ return;
++ }
++
+ buf = talloc_realloc(state, state->pdu_blob.data, uint8_t, new_buf_size);
+ if (tevent_req_nomem(buf, req)) {
+ return;
+--
+1.7.9.5
+
+
+From 72d5d302c5ed46f3ca465653f6c595ea500b3063 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Wed, 16 Oct 2013 16:26:58 +0200
+Subject: [PATCH 12/16] CVE-2013-4408:s3:ctdb_conn: add some length
+ verification to ctdb_packet_more()
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/ctdb_conn.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/source3/lib/ctdb_conn.c b/source3/lib/ctdb_conn.c
+index 90930eb..40071d4 100644
+--- a/source3/lib/ctdb_conn.c
++++ b/source3/lib/ctdb_conn.c
+@@ -233,6 +233,11 @@ static ssize_t ctdb_packet_more(uint8_t *buf, size_t buflen, void *p)
+ return 0;
+ }
+ memcpy(&len, buf, sizeof(len));
++
++ if (len < sizeof(uint32_t)) {
++ return -1;
++ }
++
+ return (len - sizeof(uint32_t));
+ }
+
+--
+1.7.9.5
+
+
+From 5335358922eb2d86f00c73bb9e11940cc0cec7ce Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Thu, 17 Oct 2013 14:44:35 -0700
+Subject: [PATCH 13/16] CVE-2013-4408:s3:Ensure we always check call_id when
+ validating an RPC reply.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_client/cli_pipe.c | 33 +++++++++++++++++++++++++--------
+ 1 file changed, 25 insertions(+), 8 deletions(-)
+
+diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
+index fd854c4..385ae25 100644
+--- a/source3/rpc_client/cli_pipe.c
++++ b/source3/rpc_client/cli_pipe.c
+@@ -389,6 +389,7 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
+ struct ncacn_packet *pkt,
+ DATA_BLOB *pdu,
+ uint8_t expected_pkt_type,
++ uint32_t call_id,
+ DATA_BLOB *rdata,
+ DATA_BLOB *reply_pdu)
+ {
+@@ -487,7 +488,7 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
+ "from %s!\n",
+ (unsigned int)pkt->ptype,
+ rpccli_pipe_txt(talloc_tos(), cli)));
+- return NT_STATUS_INVALID_INFO_CLASS;
++ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ if (pkt->ptype != expected_pkt_type) {
+@@ -495,7 +496,15 @@ static NTSTATUS cli_pipe_validate_current_pdu(TALLOC_CTX *mem_ctx,
+ "RPC packet type - %u, not %u\n",
+ rpccli_pipe_txt(talloc_tos(), cli),
+ pkt->ptype, expected_pkt_type));
+- return NT_STATUS_INVALID_INFO_CLASS;
++ return NT_STATUS_RPC_PROTOCOL_ERROR;
++ }
++
++ if (pkt->call_id != call_id) {
++ DEBUG(3, (__location__ ": Connection to %s got an unexpected "
++ "RPC call_id - %u, not %u\n",
++ rpccli_pipe_txt(talloc_tos(), cli),
++ pkt->call_id, call_id));
++ return NT_STATUS_RPC_PROTOCOL_ERROR;
+ }
+
+ /* Do this just before return - we don't want to modify any rpc header
+@@ -701,6 +710,7 @@ struct rpc_api_pipe_state {
+ struct tevent_context *ev;
+ struct rpc_pipe_client *cli;
+ uint8_t expected_pkt_type;
++ uint32_t call_id;
+
+ DATA_BLOB incoming_frag;
+ struct ncacn_packet *pkt;
+@@ -719,7 +729,8 @@ static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct rpc_pipe_client *cli,
+ DATA_BLOB *data, /* Outgoing PDU */
+- uint8_t expected_pkt_type)
++ uint8_t expected_pkt_type,
++ uint32_t call_id)
+ {
+ struct tevent_req *req, *subreq;
+ struct rpc_api_pipe_state *state;
+@@ -733,6 +744,7 @@ static struct tevent_req *rpc_api_pipe_send(TALLOC_CTX *mem_ctx,
+ state->ev = ev;
+ state->cli = cli;
+ state->expected_pkt_type = expected_pkt_type;
++ state->call_id = call_id;
+ state->incoming_frag = data_blob_null;
+ state->reply_pdu = data_blob_null;
+ state->reply_pdu_offset = 0;
+@@ -884,6 +896,7 @@ static void rpc_api_pipe_got_pdu(struct tevent_req *subreq)
+ state->cli, state->pkt,
+ &state->incoming_frag,
+ state->expected_pkt_type,
++ state->call_id,
+ &rdata,
+ &state->reply_pdu);
+
+@@ -1226,7 +1239,8 @@ struct tevent_req *rpc_api_pipe_req_send(TALLOC_CTX *mem_ctx,
+ if (is_last_frag) {
+ subreq = rpc_api_pipe_send(state, ev, state->cli,
+ &state->rpc_out,
+- DCERPC_PKT_RESPONSE);
++ DCERPC_PKT_RESPONSE,
++ state->call_id);
+ if (subreq == NULL) {
+ goto fail;
+ }
+@@ -1362,7 +1376,8 @@ static void rpc_api_pipe_req_write_done(struct tevent_req *subreq)
+ if (is_last_frag) {
+ subreq = rpc_api_pipe_send(state, state->ev, state->cli,
+ &state->rpc_out,
+- DCERPC_PKT_RESPONSE);
++ DCERPC_PKT_RESPONSE,
++ state->call_id);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+@@ -1608,7 +1623,7 @@ struct tevent_req *rpc_pipe_bind_send(TALLOC_CTX *mem_ctx,
+ }
+
+ subreq = rpc_api_pipe_send(state, ev, cli, &state->rpc_out,
+- DCERPC_PKT_BIND_ACK);
++ DCERPC_PKT_BIND_ACK, state->rpc_call_id);
+ if (subreq == NULL) {
+ goto fail;
+ }
+@@ -1916,7 +1931,8 @@ static NTSTATUS rpc_bind_next_send(struct tevent_req *req,
+ }
+
+ subreq = rpc_api_pipe_send(state, state->ev, state->cli,
+- &state->rpc_out, DCERPC_PKT_ALTER_RESP);
++ &state->rpc_out, DCERPC_PKT_ALTER_RESP,
++ state->rpc_call_id);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+@@ -1948,7 +1964,8 @@ static NTSTATUS rpc_bind_finish_send(struct tevent_req *req,
+ }
+
+ subreq = rpc_api_pipe_send(state, state->ev, state->cli,
+- &state->rpc_out, DCERPC_PKT_AUTH3);
++ &state->rpc_out, DCERPC_PKT_AUTH3,
++ state->rpc_call_id);
+ if (subreq == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+--
+1.7.9.5
+
+
+From 7d60c72841e8b2e4315e506fb1033508b43425f6 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Thu, 7 Nov 2013 20:38:01 -0800
+Subject: [PATCH 14/16] CVE-2013-4408:s3:Ensure LookupSids replies arrays are
+ range checked.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ nsswitch/libwbclient/wbc_sid.c | 7 +++++++
+ nsswitch/wbinfo.c | 23 ++++++++++++++++++++---
+ source3/rpc_client/cli_lsarpc.c | 17 ++++++++++++++++-
+ source3/rpcclient/cmd_lsarpc.c | 7 +++++--
+ source3/winbindd/wb_lookupsids.c | 3 +++
+ source3/winbindd/winbindd_rpc.c | 32 ++++++++++++++++++++++++++++++++
+ source4/libcli/util/clilsa.c | 16 +++++++++++++++-
+ source4/winbind/wb_async_helpers.c | 13 ++++++++++++-
+ 8 files changed, 110 insertions(+), 8 deletions(-)
+
+diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
+index bab6933..82ac339 100644
+--- a/nsswitch/libwbclient/wbc_sid.c
++++ b/nsswitch/libwbclient/wbc_sid.c
+@@ -421,6 +421,13 @@ wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
+ for (i=0; i<num_names; i++) {
+
+ names[i].domain_index = strtoul(p, &q, 10);
++ if (names[i].domain_index < 0) {
++ goto wbc_err_invalid;
++ }
++ if (names[i].domain_index >= num_domains) {
++ goto wbc_err_invalid;
++ }
++
+ if (*q != ' ') {
+ goto wbc_err_invalid;
+ }
+diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
+index 17977ed..3f0310a 100644
+--- a/nsswitch/wbinfo.c
++++ b/nsswitch/wbinfo.c
+@@ -1391,11 +1391,28 @@ static bool wbinfo_lookup_sids(const char *arg)
+ }
+
+ for (i=0; i<num_sids; i++) {
++ const char *domain = NULL;
++
+ wbcSidToStringBuf(&sids[i], sidstr, sizeof(sidstr));
+
+- d_printf("%s -> %s\\%s %d\n", sidstr,
+- domains[names[i].domain_index].short_name,
+- names[i].name, names[i].type);
++ if (names[i].domain_index >= num_domains) {
++ domain = "<none>";
++ } else if (names[i].domain_index < 0) {
++ domain = "<none>";
++ } else {
++ domain = domains[names[i].domain_index].short_name;
++ }
++
++ if (names[i].type == WBC_SID_NAME_DOMAIN) {
++ d_printf("%s -> %s %d\n", sidstr,
++ domain,
++ names[i].type);
++ } else {
++ d_printf("%s -> %s%c%s %d\n", sidstr,
++ domain,
++ winbind_separator(),
++ names[i].name, names[i].type);
++ }
+ }
+ wbcFreeMemory(names);
+ wbcFreeMemory(domains);
+diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
+index 126f370..7cadd6e 100644
+--- a/source3/rpc_client/cli_lsarpc.c
++++ b/source3/rpc_client/cli_lsarpc.c
+@@ -279,11 +279,26 @@ static NTSTATUS dcerpc_lsa_lookup_sids_noalloc(struct dcerpc_binding_handle *h,
+
+ for (i = 0; i < num_sids; i++) {
+ const char *name, *dom_name;
+- uint32_t dom_idx = lsa_names.names[i].sid_index;
++ uint32_t dom_idx;
++
++ if (i >= lsa_names.count) {
++ *presult = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ return status;
++ }
++
++ dom_idx = lsa_names.names[i].sid_index;
+
+ /* Translate optimised name through domain index array */
+
+ if (dom_idx != 0xffffffff) {
++ if (ref_domains == NULL) {
++ *presult = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ return status;
++ }
++ if (dom_idx >= ref_domains->count) {
++ *presult = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ return status;
++ }
+
+ dom_name = ref_domains->domains[dom_idx].name.string;
+ name = lsa_names.names[i].name.string;
+diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
+index cbc089f..a7ee4e4 100644
+--- a/source3/rpcclient/cmd_lsarpc.c
++++ b/source3/rpcclient/cmd_lsarpc.c
+@@ -450,7 +450,7 @@ static NTSTATUS cmd_lsa_lookup_sids3(struct rpc_pipe_client *cli,
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL, result;
+ int i;
+ struct lsa_SidArray sids;
+- struct lsa_RefDomainList *domains;
++ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransNameArray2 names;
+ uint32_t count = 0;
+ struct dcerpc_binding_handle *b = cli->binding_handle;
+@@ -506,9 +506,12 @@ static NTSTATUS cmd_lsa_lookup_sids3(struct rpc_pipe_client *cli,
+
+ /* Print results */
+
+- for (i = 0; i < count; i++) {
++ for (i = 0; i < names.count; i++) {
+ fstring sid_str;
+
++ if (i >= sids.num_sids) {
++ break;
++ }
+ sid_to_fstring(sid_str, sids.sids[i].sid);
+ printf("%s %s (%d)\n", sid_str,
+ names.names[i].name.string,
+diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
+index 2c4ebda..e10d511 100644
+--- a/source3/winbindd/wb_lookupsids.c
++++ b/source3/winbindd/wb_lookupsids.c
+@@ -402,6 +402,9 @@ static bool wb_lookupsids_move_name(struct lsa_RefDomainList *src_domains,
+ uint32_t src_domain_index, dst_domain_index;
+
+ src_domain_index = src_name->sid_index;
++ if (src_domain_index >= src_domains->count) {
++ return false;
++ }
+ src_domain = &src_domains->domains[src_domain_index];
+
+ if (!wb_lookupsids_find_dom_idx(
+diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
+index 44deeb0..7345ea7 100644
+--- a/source3/winbindd/winbindd_rpc.c
++++ b/source3/winbindd/winbindd_rpc.c
+@@ -1084,6 +1084,10 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
+ if (NT_STATUS_IS_ERR(result)) {
+ return result;
+ }
++ if (sids->num_sids != lsa_names2.count) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++
+ names = talloc_zero(mem_ctx, struct lsa_TransNameArray);
+ if (names == NULL) {
+ return NT_STATUS_NO_MEMORY;
+@@ -1099,6 +1103,16 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
+ names->names[i].name.string = talloc_move(
+ names->names, &lsa_names2.names[i].name.string);
+ names->names[i].sid_index = lsa_names2.names[i].sid_index;
++
++ if (names->names[i].sid_index == UINT32_MAX) {
++ continue;
++ }
++ if ((*pdomains) == NULL) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (names->names[i].sid_index >= (*pdomains)->count) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
+ }
+ *pnames = names;
+ return result;
+@@ -1114,6 +1128,7 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ struct rpc_pipe_client *cli = NULL;
+ struct policy_handle lsa_policy;
+ uint32_t count;
++ uint32_t i;
+ NTSTATUS status, result;
+
+ status = cm_connect_lsat(domain, mem_ctx, &cli, &lsa_policy);
+@@ -1140,6 +1155,23 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ if (NT_STATUS_IS_ERR(result)) {
+ return result;
+ }
++
++ if (sids->num_sids != names->count) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++
++ for (i=0; i < names->count; i++) {
++ if (names->names[i].sid_index == UINT32_MAX) {
++ continue;
++ }
++ if ((*pdomains) == NULL) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (names->names[i].sid_index >= (*pdomains)->count) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ }
++
+ *pnames = names;
+ return result;
+ }
+diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
+index 812f953..cc0dae5 100644
+--- a/source4/libcli/util/clilsa.c
++++ b/source4/libcli/util/clilsa.c
+@@ -260,7 +260,21 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
+ }
+ if (names.count != 1) {
+ talloc_free(mem_ctx2);
+- return NT_STATUS_UNSUCCESSFUL;
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (domains == NULL) {
++ talloc_free(mem_ctx2);
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (domains->count != 1) {
++ talloc_free(mem_ctx2);
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (names.names[0].sid_index != UINT32_MAX &&
++ names.names[0].sid_index >= domains->count)
++ {
++ talloc_free(mem_ctx2);
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ (*name) = talloc_asprintf(mem_ctx, "%s\\%s",
+diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c
+index 2af8567..e3de2eb 100644
+--- a/source4/winbind/wb_async_helpers.c
++++ b/source4/winbind/wb_async_helpers.c
+@@ -122,6 +122,12 @@ static void lsa_lookupsids_recv_names(struct tevent_req *subreq)
+ return;
+ }
+
++ if (state->names.count != state->num_sids) {
++ composite_error(state->ctx,
++ NT_STATUS_INVALID_NETWORK_RESPONSE);
++ return;
++ }
++
+ state->result = talloc_array(state, struct wb_sid_object *,
+ state->num_sids);
+ if (composite_nomem(state->result, state->ctx)) return;
+@@ -142,9 +148,14 @@ static void lsa_lookupsids_recv_names(struct tevent_req *subreq)
+ continue;
+ }
+
++ if (domains == NULL) {
++ composite_error(state->ctx,
++ NT_STATUS_INVALID_NETWORK_RESPONSE);
++ return;
++ }
+ if (name->sid_index >= domains->count) {
+ composite_error(state->ctx,
+- NT_STATUS_INVALID_PARAMETER);
++ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+--
+1.7.9.5
+
+
+From e89cb29f386adf364fb953686eb34d0db7d62202 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Thu, 7 Nov 2013 21:40:55 -0800
+Subject: [PATCH 15/16] CVE-2013-4408:s3:Ensure LookupNames replies arrays are
+ range checked.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/lib/netapi/group.c | 82 +++++++++++++++++++++++++++
+ source3/lib/netapi/localgroup.c | 8 ++-
+ source3/lib/netapi/user.c | 56 ++++++++++++++++++
+ source3/libnet/libnet_join.c | 16 ++++++
+ source3/rpc_client/cli_lsarpc.c | 18 ++++++
+ source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +-
+ source3/rpcclient/cmd_lsarpc.c | 6 +-
+ source3/rpcclient/cmd_samr.c | 58 ++++++++++++++++++-
+ source3/smbd/lanman.c | 8 +++
+ source3/utils/net_rpc.c | 40 ++++++++++++-
+ source3/utils/net_rpc_join.c | 9 +++
+ source3/winbindd/winbindd_rpc.c | 14 +----
+ source4/libcli/util/clilsa.c | 6 +-
+ source4/libnet/groupinfo.c | 9 ++-
+ source4/libnet/groupman.c | 10 ++--
+ source4/libnet/libnet_join.c | 12 +++-
+ source4/libnet/libnet_lookup.c | 5 ++
+ source4/libnet/libnet_passwd.c | 10 +++-
+ source4/libnet/userinfo.c | 8 ++-
+ source4/libnet/userman.c | 24 ++++----
+ source4/winbind/wb_async_helpers.c | 13 ++++-
+ 21 files changed, 368 insertions(+), 46 deletions(-)
+
+diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
+index 9813f7e..69c7af4 100644
+--- a/source3/lib/netapi/group.c
++++ b/source3/lib/netapi/group.c
+@@ -309,6 +309,15 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
+ goto done;
+ }
+
++ if (rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_INVALID_DATATYPE;
+ goto done;
+@@ -511,6 +520,14 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_INVALID_DATATYPE;
+@@ -781,6 +798,14 @@ WERROR NetGroupGetInfo_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_INVALID_DATATYPE;
+@@ -921,6 +946,14 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
+ werr = WERR_GROUPNOTFOUND;
+ goto done;
+ }
++ if (rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_GROUPNOTFOUND;
+@@ -959,6 +992,14 @@ WERROR NetGroupAddUser_r(struct libnetapi_ctx *ctx,
+ werr = WERR_USER_NOT_FOUND;
+ goto done;
+ }
++ if (rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ if (types.ids[0] != SID_NAME_USER) {
+ werr = WERR_USER_NOT_FOUND;
+@@ -1065,6 +1106,14 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
+ werr = WERR_GROUPNOTFOUND;
+ goto done;
+ }
++ if (rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ if (types.ids[0] != SID_NAME_DOM_GRP) {
+ werr = WERR_GROUPNOTFOUND;
+@@ -1104,6 +1153,14 @@ WERROR NetGroupDelUser_r(struct libnetapi_ctx *ctx,
+ werr = WERR_USER_NOT_FOUND;
+ goto done;
+ }
++ if (rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ if (types.ids[0] != SID_NAME_USER) {
+ werr = WERR_USER_NOT_FOUND;
+@@ -1515,6 +1572,14 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (group_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+@@ -1691,6 +1756,14 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (group_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (group_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenGroup(b, talloc_tos(),
+ &domain_handle,
+@@ -1769,6 +1842,15 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
+ goto done;
+ }
+
++ if (r->in.num_entries != user_rids.count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (r->in.num_entries != name_types.count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++
+ member_rids = user_rids.ids;
+
+ status = dcerpc_samr_QueryGroupMember(b, talloc_tos(),
+diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
+index 1a544ad..17cab68 100644
+--- a/source3/lib/netapi/localgroup.c
++++ b/source3/lib/netapi/localgroup.c
+@@ -58,6 +58,12 @@ static NTSTATUS libnetapi_samr_lookup_and_open_alias(TALLOC_CTX *mem_ctx,
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
++ if (user_rids.count != 1) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (name_types.count != 1) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
+
+ switch (name_types.ids[0]) {
+ case SID_NAME_ALIAS:
+@@ -1041,7 +1047,7 @@ static NTSTATUS libnetapi_lsa_lookup_names3(TALLOC_CTX *mem_ctx,
+ NT_STATUS_NOT_OK_RETURN(result);
+
+ if (count != 1 || sids.count != 1) {
+- return NT_STATUS_NONE_MAPPED;
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ sid_copy(sid, sids.sids[0].sid);
+diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
+index df3914c..e699ad3 100644
+--- a/source3/lib/netapi/user.c
++++ b/source3/lib/netapi/user.c
+@@ -604,6 +604,14 @@ WERROR NetUserDel_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+@@ -1803,6 +1811,14 @@ WERROR NetUserGetInfo_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = libnetapi_samr_lookup_user_map_USER_INFO(ctx, pipe_cli,
+ domain_sid,
+@@ -1968,6 +1984,14 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+@@ -3027,6 +3051,14 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+@@ -3202,6 +3234,14 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+@@ -3262,6 +3302,14 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (group_rids.count != r->in.num_entries) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != r->in.num_entries) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ member_rids = group_rids.ids;
+
+@@ -3539,6 +3587,14 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, talloc_tos(),
+ &domain_handle,
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index dfe7283..29d1944 100644
+--- a/source3/libnet/libnet_join.c
++++ b/source3/libnet/libnet_join.c
+@@ -1023,6 +1023,14 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx,
+ status = result;
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ if (name_types.ids[0] != SID_NAME_USER) {
+ DEBUG(0,("%s is not a user account (type=%d)\n",
+@@ -1416,6 +1424,14 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx,
+ status = result;
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ if (name_types.ids[0] != SID_NAME_USER) {
+ DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name,
+diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
+index 7cadd6e..974538b 100644
+--- a/source3/rpc_client/cli_lsarpc.c
++++ b/source3/rpc_client/cli_lsarpc.c
+@@ -662,9 +662,19 @@ NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h,
+ struct dom_sid *sid = &(*sids)[i];
+
+ if (use_lookupnames4) {
++ if (i >= sid_array3.count) {
++ *presult = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++
+ dom_idx = sid_array3.sids[i].sid_index;
+ (*types)[i] = sid_array3.sids[i].sid_type;
+ } else {
++ if (i >= sid_array.count) {
++ *presult = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++
+ dom_idx = sid_array.sids[i].sid_index;
+ (*types)[i] = sid_array.sids[i].sid_type;
+ }
+@@ -677,6 +687,14 @@ NTSTATUS dcerpc_lsa_lookup_names_generic(struct dcerpc_binding_handle *h,
+ (*types)[i] = SID_NAME_UNKNOWN;
+ continue;
+ }
++ if (domains == NULL) {
++ *presult = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (dom_idx >= domains->count) {
++ *presult = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ if (use_lookupnames4) {
+ sid_copy(sid, sid_array3.sids[i].sid);
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index 6a6c125..e5ca474 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -580,7 +580,7 @@ static NTSTATUS samr_find_machine_account(TALLOC_CTX *mem_ctx,
+ status = NT_STATUS_NO_SUCH_USER;
+ goto out;
+ }
+- if (rids.count != types.count) {
++ if (types.count != 1) {
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c
+index a7ee4e4..5c28b1c 100644
+--- a/source3/rpcclient/cmd_lsarpc.c
++++ b/source3/rpcclient/cmd_lsarpc.c
+@@ -323,7 +323,7 @@ static NTSTATUS cmd_lsa_lookup_names4(struct rpc_pipe_client *cli,
+
+ uint32_t num_names;
+ struct lsa_String *names;
+- struct lsa_RefDomainList *domains;
++ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransSidArray3 sids;
+ uint32_t count = 0;
+ int i;
+@@ -361,6 +361,10 @@ static NTSTATUS cmd_lsa_lookup_names4(struct rpc_pipe_client *cli,
+ return result;
+ }
+
++ if (sids.count != num_names) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++
+ for (i = 0; i < sids.count; i++) {
+ fstring sid_str;
+ sid_to_fstring(sid_str, sids.sids[i].sid);
+diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
+index 022230b..5bc8c0b 100644
+--- a/source3/rpcclient/cmd_samr.c
++++ b/source3/rpcclient/cmd_samr.c
+@@ -385,7 +385,17 @@ static NTSTATUS cmd_samr_query_user(struct rpc_pipe_client *cli,
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
++
+ if (NT_STATUS_IS_OK(result)) {
++ if (rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ &domain_pol,
+ access_mask,
+@@ -1453,6 +1463,15 @@ static NTSTATUS cmd_samr_delete_alias(struct rpc_pipe_client *cli,
+ goto done;
+ }
+ if (NT_STATUS_IS_OK(result)) {
++ if (rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++
+ status = dcerpc_samr_OpenAlias(b, mem_ctx,
+ &domain_pol,
+ access_mask,
+@@ -2115,6 +2134,14 @@ static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli,
+ status = result;
+ goto done;
+ }
++ if (rids.count != num_names) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != num_names) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ /* Display results */
+
+@@ -2272,6 +2299,14 @@ static NTSTATUS cmd_samr_delete_dom_group(struct rpc_pipe_client *cli,
+ status = result;
+ goto done;
+ }
++ if (group_rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenGroup(b, mem_ctx,
+ &domain_pol,
+@@ -2375,6 +2410,14 @@ static NTSTATUS cmd_samr_delete_dom_user(struct rpc_pipe_client *cli,
+ status = result;
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ &domain_pol,
+@@ -2763,6 +2806,14 @@ static NTSTATUS cmd_samr_chgpasswd(struct rpc_pipe_client *cli,
+ status = result;
+ goto done;
+ }
++ if (rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ &domain_pol,
+@@ -3166,7 +3217,12 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli,
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+-
++ if (rids.count != 1) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (types.count != 1) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
+
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ &domain_pol,
+diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
+index b5598a4..e6b9530 100644
+--- a/source3/smbd/lanman.c
++++ b/source3/smbd/lanman.c
+@@ -2629,6 +2629,14 @@ static bool api_NetUserGetGroups(struct smbd_server_connection *sconn,
+ nt_errstr(result)));
+ goto close_domain;
+ }
++ if (rid.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto close_domain;
++ }
++ if (type.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto close_domain;
++ }
+
+ if (type.ids[0] != SID_NAME_USER) {
+ DEBUG(10, ("%s is a %s, not a user\n", UserName,
+diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
+index 870ad22..e0c8eea 100644
+--- a/source3/utils/net_rpc.c
++++ b/source3/utils/net_rpc.c
+@@ -1667,6 +1667,14 @@ static NTSTATUS rpc_group_delete_internals(struct net_context *c,
+ d_fprintf(stderr, _("Lookup of '%s' failed\n"),argv[0]);
+ goto done;
+ }
++ if (group_rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ switch (name_types.ids[0])
+ {
+@@ -2074,6 +2082,14 @@ static NTSTATUS rpc_add_groupmem(struct rpc_pipe_client *pipe_hnd,
+ member);
+ goto done;
+ }
++ if (rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (rid_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenGroup(b, mem_ctx,
+ &domain_pol,
+@@ -2329,6 +2345,14 @@ static NTSTATUS rpc_del_groupmem(struct net_context *c,
+ member);
+ goto done;
+ }
++ if (rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (rid_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenGroup(b, mem_ctx,
+ &domain_pol,
+@@ -3112,9 +3136,15 @@ static NTSTATUS rpc_group_members_internals(struct net_context *c,
+ if (rids.count != 1) {
+ d_fprintf(stderr, _("Couldn't find group %s\n"),
+ argv[0]);
+- return result;
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (rid_types.count != 1) {
++ d_fprintf(stderr, _("Couldn't find group %s\n"),
++ argv[0]);
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
++
+ if (rid_types.ids[0] == SID_NAME_DOM_GRP) {
+ return rpc_list_group_members(c, pipe_hnd, mem_ctx, domain_name,
+ domain_sid, &domain_pol,
+@@ -6064,6 +6094,14 @@ static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
+ acct_name, nt_errstr(result) );
+ goto done;
+ }
++ if (user_rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ status = dcerpc_samr_OpenUser(b, mem_ctx,
+ &domain_pol,
+diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
+index 7167cf9..56799cd 100644
+--- a/source3/utils/net_rpc_join.c
++++ b/source3/utils/net_rpc_join.c
+@@ -380,6 +380,15 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv)
+ ("error looking up rid for user %s: %s/%s\n",
+ acct_name, nt_errstr(status), nt_errstr(result)));
+
++ if (user_rids.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (name_types.count != 1) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++
+ if (name_types.ids[0] != SID_NAME_USER) {
+ DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, name_types.ids[0]));
+ goto done;
+diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
+index 7345ea7..6b88c84 100644
+--- a/source3/winbindd/winbindd_rpc.c
++++ b/source3/winbindd/winbindd_rpc.c
+@@ -1063,7 +1063,7 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
+ struct lsa_TransNameArray **pnames)
+ {
+ struct lsa_TransNameArray2 lsa_names2;
+- struct lsa_TransNameArray *names;
++ struct lsa_TransNameArray *names = *pnames;
+ uint32_t i, count;
+ NTSTATUS status, result;
+
+@@ -1088,10 +1088,6 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+- names = talloc_zero(mem_ctx, struct lsa_TransNameArray);
+- if (names == NULL) {
+- return NT_STATUS_NO_MEMORY;
+- }
+ names->count = lsa_names2.count;
+ names->names = talloc_array(names, struct lsa_TranslatedName,
+ names->count);
+@@ -1114,7 +1110,6 @@ static NTSTATUS rpc_try_lookup_sids3(TALLOC_CTX *mem_ctx,
+ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+ }
+- *pnames = names;
+ return result;
+ }
+
+@@ -1124,7 +1119,7 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ struct lsa_RefDomainList **pdomains,
+ struct lsa_TransNameArray **pnames)
+ {
+- struct lsa_TransNameArray *names;
++ struct lsa_TransNameArray *names = *pnames;
+ struct rpc_pipe_client *cli = NULL;
+ struct policy_handle lsa_policy;
+ uint32_t count;
+@@ -1141,10 +1136,6 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ pdomains, pnames);
+ }
+
+- names = talloc_zero(mem_ctx, struct lsa_TransNameArray);
+- if (names == NULL) {
+- return NT_STATUS_NO_MEMORY;
+- }
+ status = dcerpc_lsa_LookupSids(cli->binding_handle, mem_ctx,
+ &lsa_policy, sids, pdomains,
+ names, LSA_LOOKUP_NAMES_ALL,
+@@ -1172,6 +1163,5 @@ NTSTATUS rpc_lookup_sids(TALLOC_CTX *mem_ctx,
+ }
+ }
+
+- *pnames = names;
+ return result;
+ }
+diff --git a/source4/libcli/util/clilsa.c b/source4/libcli/util/clilsa.c
+index cc0dae5..0437352 100644
+--- a/source4/libcli/util/clilsa.c
++++ b/source4/libcli/util/clilsa.c
+@@ -335,7 +335,11 @@ NTSTATUS smblsa_lookup_name(struct smbcli_state *cli,
+ }
+ if (sids.count != 1) {
+ talloc_free(mem_ctx2);
+- return NT_STATUS_UNSUCCESSFUL;
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (domains->count != 1) {
++ talloc_free(mem_ctx2);
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ sid = domains->domains[0].sid;
+diff --git a/source4/libnet/groupinfo.c b/source4/libnet/groupinfo.c
+index 9060973..5c8b0f7 100644
+--- a/source4/libnet/groupinfo.c
++++ b/source4/libnet/groupinfo.c
+@@ -88,11 +88,14 @@ static void continue_groupinfo_lookup(struct tevent_req *subreq)
+ s->monitor_fn(&msg);
+ }
+
+-
+ /* have we actually got name resolved
+ - we're looking for only one at the moment */
+- if (s->lookup.out.rids->count == 0) {
+- composite_error(c, NT_STATUS_NO_SUCH_USER);
++ if (s->lookup.out.rids->count != s->lookup.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
++ return;
++ }
++ if (s->lookup.out.types->count != s->lookup.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+diff --git a/source4/libnet/groupman.c b/source4/libnet/groupman.c
+index 9771ea5..59a3f35 100644
+--- a/source4/libnet/groupman.c
++++ b/source4/libnet/groupman.c
+@@ -219,13 +219,13 @@ static void continue_groupdel_name_found(struct tevent_req *subreq)
+
+ /* what to do when there's no group account to delete
+ and what if there's more than one rid resolved */
+- if (!s->lookupname.out.rids->count) {
+- c->status = NT_STATUS_NO_SUCH_GROUP;
++ if (s->lookupname.out.rids->count != s->lookupname.in.num_names) {
++ c->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ composite_error(c, c->status);
+ return;
+-
+- } else if (!s->lookupname.out.rids->count > 1) {
+- c->status = NT_STATUS_INVALID_ACCOUNT_NAME;
++ }
++ if (s->lookupname.out.types->count != s->lookupname.in.num_names) {
++ c->status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ composite_error(c, c->status);
+ return;
+ }
+diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
+index 0977403..8c1b57d 100644
+--- a/source4/libnet/libnet_join.c
++++ b/source4/libnet/libnet_join.c
+@@ -656,9 +656,17 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru
+ "samr_LookupNames for [%s] returns %d RIDs",
+ r->in.account_name, ln.out.rids->count);
+ talloc_free(tmp_ctx);
+- return NT_STATUS_INVALID_PARAMETER;
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+-
++
++ if (ln.out.types->count != 1) {
++ r->out.error_string = talloc_asprintf(mem_ctx,
++ "samr_LookupNames for [%s] returns %d RID TYPEs",
++ r->in.account_name, ln.out.types->count);
++ talloc_free(tmp_ctx);
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++
+ /* prepare samr_OpenUser */
+ ZERO_STRUCTP(u_handle);
+ ou.in.domain_handle = &d_handle;
+diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c
+index cf2d70c..77072b7 100644
+--- a/source4/libnet/libnet_lookup.c
++++ b/source4/libnet/libnet_lookup.c
+@@ -365,6 +365,11 @@ static void continue_name_found(struct tevent_req *subreq)
+ c->status = s->lookup.out.result;
+ if (!composite_is_ok(c)) return;
+
++ if (s->lookup.out.sids->count != s->lookup.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
++ return;
++ }
++
+ composite_done(c);
+ }
+
+diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c
+index 861d746..77176bc 100644
+--- a/source4/libnet/libnet_passwd.c
++++ b/source4/libnet/libnet_passwd.c
+@@ -627,10 +627,18 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX *
+ r->samr.out.error_string = talloc_asprintf(mem_ctx,
+ "samr_LookupNames for [%s] returns %d RIDs",
+ r->samr.in.account_name, ln.out.rids->count);
+- status = NT_STATUS_INVALID_PARAMETER;
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto disconnect;
+ }
+
++ if (ln.out.types->count != 1) {
++ r->samr.out.error_string = talloc_asprintf(mem_ctx,
++ "samr_LookupNames for [%s] returns %d RID TYPEs",
++ r->samr.in.account_name, ln.out.types->count);
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto disconnect;
++ }
++
+ /* prepare samr_OpenUser */
+ ZERO_STRUCT(u_handle);
+ ou.in.domain_handle = &d_handle;
+diff --git a/source4/libnet/userinfo.c b/source4/libnet/userinfo.c
+index 75c46e4..9530f9e 100644
+--- a/source4/libnet/userinfo.c
++++ b/source4/libnet/userinfo.c
+@@ -90,8 +90,12 @@ static void continue_userinfo_lookup(struct tevent_req *subreq)
+
+ /* have we actually got name resolved
+ - we're looking for only one at the moment */
+- if (s->lookup.out.rids->count == 0) {
+- composite_error(c, NT_STATUS_NO_SUCH_USER);
++ if (s->lookup.out.rids->count != s->lookup.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
++ return;
++ }
++ if (s->lookup.out.types->count != s->lookup.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+diff --git a/source4/libnet/userman.c b/source4/libnet/userman.c
+index c1ee017..a7301ea 100644
+--- a/source4/libnet/userman.c
++++ b/source4/libnet/userman.c
+@@ -237,14 +237,12 @@ static void continue_userdel_name_found(struct tevent_req *subreq)
+
+ /* what to do when there's no user account to delete
+ and what if there's more than one rid resolved */
+- if (!s->lookupname.out.rids->count) {
+- c->status = NT_STATUS_NO_SUCH_USER;
+- composite_error(c, c->status);
++ if (s->lookupname.out.rids->count != s->lookupname.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+-
+- } else if (!s->lookupname.out.rids->count > 1) {
+- c->status = NT_STATUS_INVALID_ACCOUNT_NAME;
+- composite_error(c, c->status);
++ }
++ if (s->lookupname.out.types->count != s->lookupname.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+@@ -513,14 +511,12 @@ static void continue_usermod_name_found(struct tevent_req *subreq)
+
+ /* what to do when there's no user account to delete
+ and what if there's more than one rid resolved */
+- if (!s->lookupname.out.rids->count) {
+- c->status = NT_STATUS_NO_SUCH_USER;
+- composite_error(c, c->status);
++ if (s->lookupname.out.rids->count != s->lookupname.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+-
+- } else if (!s->lookupname.out.rids->count > 1) {
+- c->status = NT_STATUS_INVALID_ACCOUNT_NAME;
+- composite_error(c, c->status);
++ }
++ if (s->lookupname.out.types->count != s->lookupname.in.num_names) {
++ composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c
+index e3de2eb..2a05f12 100644
+--- a/source4/winbind/wb_async_helpers.c
++++ b/source4/winbind/wb_async_helpers.c
+@@ -285,6 +285,12 @@ static void lsa_lookupnames_recv_sids(struct tevent_req *subreq)
+ return;
+ }
+
++ if (state->sids.count != state->num_names) {
++ composite_error(state->ctx,
++ NT_STATUS_INVALID_NETWORK_RESPONSE);
++ return;
++ }
++
+ state->result = talloc_array(state, struct wb_sid_object *,
+ state->num_names);
+ if (composite_nomem(state->result, state->ctx)) return;
+@@ -303,9 +309,14 @@ static void lsa_lookupnames_recv_sids(struct tevent_req *subreq)
+ continue;
+ }
+
++ if (domains == NULL) {
++ composite_error(state->ctx,
++ NT_STATUS_INVALID_NETWORK_RESPONSE);
++ return;
++ }
+ if (sid->sid_index >= domains->count) {
+ composite_error(state->ctx,
+- NT_STATUS_INVALID_PARAMETER);
++ NT_STATUS_INVALID_NETWORK_RESPONSE);
+ return;
+ }
+
+--
+1.7.9.5
+
+
+From 4e96ec86265ec504555f8542b735782589f73b17 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Thu, 7 Nov 2013 22:41:22 -0800
+Subject: [PATCH 16/16] CVE-2013-4408:s3:Ensure LookupRids() replies arrays
+ are range checked.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/lib/netapi/group.c | 16 ++++++++++++++++
+ source3/lib/netapi/user.c | 16 ++++++++++++++++
+ source3/rpcclient/cmd_samr.c | 8 ++++++++
+ source3/utils/net_rpc.c | 7 ++++++-
+ source3/winbindd/winbindd_msrpc.c | 10 ++++++++--
+ source3/winbindd/winbindd_rpc.c | 10 ++++++++--
+ 6 files changed, 62 insertions(+), 5 deletions(-)
+
+diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
+index 69c7af4..b806fc4 100644
+--- a/source3/lib/netapi/group.c
++++ b/source3/lib/netapi/group.c
+@@ -395,6 +395,14 @@ WERROR NetGroupDel_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (names.count != rid_array->count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (member_types.count != rid_array->count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+ }
+
+ for (i=0; i < rid_array->count; i++) {
+@@ -1624,6 +1632,14 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (names.count != rid_array->count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (member_types.count != rid_array->count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ for (i=0; i < names.count; i++) {
+
+diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
+index e699ad3..a971e2d 100644
+--- a/source3/lib/netapi/user.c
++++ b/source3/lib/netapi/user.c
+@@ -3114,6 +3114,14 @@ WERROR NetUserGetGroups_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (names.count != rid_array->count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != rid_array->count) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ for (i=0; i < names.count; i++) {
+ status = add_GROUP_USERS_INFO_X_buffer(ctx,
+@@ -3716,6 +3724,14 @@ WERROR NetUserGetLocalGroups_r(struct libnetapi_ctx *ctx,
+ werr = ntstatus_to_werror(result);
+ goto done;
+ }
++ if (names.count != num_rids) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
++ if (types.count != num_rids) {
++ werr = WERR_BAD_NET_RESP;
++ goto done;
++ }
+
+ for (i=0; i < names.count; i++) {
+ status = add_LOCALGROUP_USERS_INFO_X_buffer(ctx,
+diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
+index 5bc8c0b..87882c3 100644
+--- a/source3/rpcclient/cmd_samr.c
++++ b/source3/rpcclient/cmd_samr.c
+@@ -2223,6 +2223,14 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli,
+ goto done;
+
+ /* Display results */
++ if (num_rids != names.count) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
++ if (num_rids != types.count) {
++ status = NT_STATUS_INVALID_NETWORK_RESPONSE;
++ goto done;
++ }
+
+ for (i = 0; i < num_rids; i++) {
+ printf("rid 0x%x: %s (%d)\n",
+diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
+index e0c8eea..92964b5 100644
+--- a/source3/utils/net_rpc.c
++++ b/source3/utils/net_rpc.c
+@@ -2900,7 +2900,12 @@ static NTSTATUS rpc_list_group_members(struct net_context *c,
+ if (!NT_STATUS_IS_OK(result)) {
+ return result;
+ }
+-
++ if (names.count != this_time) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (types.count != this_time) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
+ /* We only have users as members, but make the output
+ the same as the output of alias members */
+
+diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c
+index e86838c..0dc69c7 100644
+--- a/source3/winbindd/winbindd_msrpc.c
++++ b/source3/winbindd/winbindd_msrpc.c
+@@ -744,14 +744,20 @@ static NTSTATUS msrpc_lookup_groupmem(struct winbindd_domain *domain,
+ /* Copy result into array. The talloc system will take
+ care of freeing the temporary arrays later on. */
+
+- if (tmp_names.count != tmp_types.count) {
+- return NT_STATUS_UNSUCCESSFUL;
++ if (tmp_names.count != num_lookup_rids) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (tmp_types.count != num_lookup_rids) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ for (r=0; r<tmp_names.count; r++) {
+ if (tmp_types.ids[r] == SID_NAME_UNKNOWN) {
+ continue;
+ }
++ if (total_names >= *num_names) {
++ break;
++ }
+ (*names)[total_names] = fill_domain_username_talloc(
+ mem_ctx, domain->name,
+ tmp_names.names[r].string, true);
+diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
+index 6b88c84..0986d82 100644
+--- a/source3/winbindd/winbindd_rpc.c
++++ b/source3/winbindd/winbindd_rpc.c
+@@ -871,14 +871,20 @@ NTSTATUS rpc_lookup_groupmem(TALLOC_CTX *mem_ctx,
+
+ /* Copy result into array. The talloc system will take
+ care of freeing the temporary arrays later on. */
+- if (tmp_names.count != tmp_types.count) {
+- return NT_STATUS_UNSUCCESSFUL;
++ if (tmp_names.count != num_names) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
++ }
++ if (tmp_types.count != num_names) {
++ return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ }
+
+ for (r = 0; r < tmp_names.count; r++) {
+ if (tmp_types.ids[r] == SID_NAME_UNKNOWN) {
+ continue;
+ }
++ if (total_names >= num_names) {
++ break;
++ }
+ names[total_names] = fill_domain_username_talloc(names,
+ domain_name,
+ tmp_names.names[r].string,
+--
+1.7.9.5
+
diff --git a/SOURCES/samba-4.1.3-fix_build_warnings.patch b/SOURCES/samba-4.1.3-fix_build_warnings.patch
new file mode 100644
index 0000000..8626a93
--- /dev/null
+++ b/SOURCES/samba-4.1.3-fix_build_warnings.patch
@@ -0,0 +1,331 @@
+From 09692988bc382c3fd01e51e88818b29d5265cc57 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:12 +0100
+Subject: [PATCH 02/10] s3-libsmb: Use the right macro to set uint16_t attr.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit f8ab594d0253920cefc441587a55fddb688be550)
+---
+ source3/libsmb/cli_smb2_fnum.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
+index 202000f..c3feef6 100644
+--- a/source3/libsmb/cli_smb2_fnum.c
++++ b/source3/libsmb/cli_smb2_fnum.c
+@@ -1290,7 +1290,7 @@ NTSTATUS cli_smb2_setatr(struct cli_state *cli,
+ inbuf.length = sizeof(inbuf_store);
+ data_blob_clear(&inbuf);
+
+- SIVAL(inbuf.data,32,attr);
++ SSVAL(inbuf.data, 32, attr);
+ if (mtime != 0) {
+ put_long_date((char *)inbuf.data + 16,mtime);
+ }
+--
+1.8.4.3
+
+
+From a4732fa9ab8414e79a73bcac7d69147da75ae8c5 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:13 +0100
+Subject: [PATCH 03/10] testsuit: Fix fprintf format.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 69b3a0cb3f2736e98c20dabb43c201af0c004f67)
+---
+ testsuite/nsswitch/getgrent_r.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/testsuite/nsswitch/getgrent_r.c b/testsuite/nsswitch/getgrent_r.c
+index 4f1f0ce..883c897 100644
+--- a/testsuite/nsswitch/getgrent_r.c
++++ b/testsuite/nsswitch/getgrent_r.c
+@@ -32,7 +32,7 @@ void dump_grent(char *id)
+ setgrent();
+
+ while((gr = getgrent()) != NULL) {
+- fprintf(fptr,"%s:%s:%d:%d\n", gr->gr_name, gr->gr_passwd,
++ fprintf(fptr,"%s:%s:%d\n", gr->gr_name, gr->gr_passwd,
+ gr->gr_gid);
+ }
+
+--
+1.8.4.3
+
+
+From 1ff739972f7d8feb864a4d3cf595e49d37636082 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:14 +0100
+Subject: [PATCH 04/10] s3-utils: Fix scanf format in smbacls.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 4c98b9ce8f8de5883796aa38f1193e04a0ee4e58)
+---
+ source3/utils/smbcacls.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
+index 3ee7034..bb02aa0 100644
+--- a/source3/utils/smbcacls.c
++++ b/source3/utils/smbcacls.c
+@@ -490,7 +490,7 @@ static bool parse_ace(struct cli_state *cli, struct security_ace *ace,
+ p++;
+ /* Try to parse numeric form */
+
+- if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
++ if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
+ StringToSid(cli, &sid, str)) {
+ goto done;
+ }
+@@ -553,7 +553,7 @@ static bool parse_ace(struct cli_state *cli, struct security_ace *ace,
+ return False;
+ }
+ } else {
+- if (!sscanf(tok, "%i", &aflags)) {
++ if (!sscanf(tok, "%u", &aflags)) {
+ printf("ACE '%s': bad integer flags entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+@@ -571,7 +571,7 @@ static bool parse_ace(struct cli_state *cli, struct security_ace *ace,
+ }
+
+ if (strncmp(tok, "0x", 2) == 0) {
+- if (sscanf(tok, "%i", &amask) != 1) {
++ if (sscanf(tok, "%u", &amask) != 1) {
+ printf("ACE '%s': bad hex number at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+--
+1.8.4.3
+
+
+From b22ff03654cf781a982580a41bcec99b2c25a5f2 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:15 +0100
+Subject: [PATCH 05/10] s3-utils: Fix scanf format in sharesec.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 278899f5a763af7e7603f05f07048b7d8d4e9972)
+---
+ source3/utils/sharesec.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c
+index 38c11e0..2b1e435 100644
+--- a/source3/utils/sharesec.c
++++ b/source3/utils/sharesec.c
+@@ -186,7 +186,7 @@ static bool parse_ace(struct security_ace *ace, const char *orig_str)
+ p++;
+ /* Try to parse numeric form */
+
+- if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
++ if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
+ string_to_sid(&sid, str)) {
+ goto done;
+ }
+@@ -226,7 +226,7 @@ static bool parse_ace(struct security_ace *ace, const char *orig_str)
+ /* no flags on share permissions */
+
+ if (!(next_token_talloc(frame, &cp, &tok, "/") &&
+- sscanf(tok, "%i", &aflags) && aflags == 0)) {
++ sscanf(tok, "%u", &aflags) && aflags == 0)) {
+ fprintf(stderr, "ACE '%s': bad integer flags entry at '%s'\n",
+ orig_str, tok);
+ SAFE_FREE(str);
+@@ -243,7 +243,7 @@ static bool parse_ace(struct security_ace *ace, const char *orig_str)
+ }
+
+ if (strncmp(tok, "0x", 2) == 0) {
+- if (sscanf(tok, "%i", &amask) != 1) {
++ if (sscanf(tok, "%u", &amask) != 1) {
+ fprintf(stderr, "ACE '%s': bad hex number at '%s'\n",
+ orig_str, tok);
+ TALLOC_FREE(frame);
+--
+1.8.4.3
+
+
+From 3f8b5b50e6ed56241ee92f9d26f0c4b6d0166db2 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:16 +0100
+Subject: [PATCH 06/10] s3-libsmb: Fix scanf format in parse_ace().
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 1214e3345c655a4c7dc98c69c4e018e47558f639)
+---
+ source3/libsmb/libsmb_xattr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c
+index 22ffa8f..7d34290 100644
+--- a/source3/libsmb/libsmb_xattr.c
++++ b/source3/libsmb/libsmb_xattr.c
+@@ -303,7 +303,7 @@ parse_ace(struct cli_state *ipc_cli,
+ p++;
+ /* Try to parse numeric form */
+
+- if (sscanf(p, "%i/%i/%i", &atype, &aflags, &amask) == 3 &&
++ if (sscanf(p, "%u/%u/%u", &atype, &aflags, &amask) == 3 &&
+ convert_string_to_sid(ipc_cli, pol, numeric, &sid, str)) {
+ goto done;
+ }
+@@ -333,7 +333,7 @@ parse_ace(struct cli_state *ipc_cli,
+ /* Only numeric form accepted for flags at present */
+
+ if (!(next_token_talloc(frame, &cp, &tok, "/") &&
+- sscanf(tok, "%i", &aflags))) {
++ sscanf(tok, "%u", &aflags))) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+@@ -344,7 +344,7 @@ parse_ace(struct cli_state *ipc_cli,
+ }
+
+ if (strncmp(tok, "0x", 2) == 0) {
+- if (sscanf(tok, "%i", &amask) != 1) {
++ if (sscanf(tok, "%u", &amask) != 1) {
+ TALLOC_FREE(frame);
+ return false;
+ }
+--
+1.8.4.3
+
+
+From 502d63223e4fd77152ea095c7d94774d093c9c4a Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:17 +0100
+Subject: [PATCH 07/10] examples: Fix scanf format in perf_writer_disk.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit f71b5e44e7a705096e4fdd7aa3d0e22df994e363)
+---
+ examples/perfcounter/perf_writer_disk.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/examples/perfcounter/perf_writer_disk.c b/examples/perfcounter/perf_writer_disk.c
+index 15188d2..18a63a4 100644
+--- a/examples/perfcounter/perf_writer_disk.c
++++ b/examples/perfcounter/perf_writer_disk.c
+@@ -132,7 +132,7 @@ void get_diskinfo(PERF_DATA_BLOCK *data)
+ int status, num;
+ char buf[LARGE_BUF], *start;
+ FILE *diskstats;
+- long reads, writes, discard;
++ unsigned long reads, writes, discard;
+
+ diskstats = fopen("/proc/diskstats", "r");
+ rewind(diskstats);
+@@ -147,10 +147,10 @@ void get_diskinfo(PERF_DATA_BLOCK *data)
+ p->freeMegs = (statfsbuf.f_bfree*statfsbuf.f_bsize)/1048576;
+ start = strstr(buf, data->diskInfo.mdata[i].name);
+ start += strlen(data->diskInfo.mdata[i].name) + 1;
+- num = sscanf(start, "%u %u %u %u",
++ num = sscanf(start, "%lu %lu %lu %lu",
+ &reads,
+- &discard,
+- &writes,
++ &discard,
++ &writes,
+ &discard);
+ p->writesPerSec = writes;
+ p->readsPerSec = reads;
+--
+1.8.4.3
+
+
+From f636ca86e3cb4b61960c3db927760b6de3776365 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:18 +0100
+Subject: [PATCH 08/10] s3-vfs: Remove unused variable in vfs_glusterfs.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 9e7e83e9d07e967ac966b1cc17f21cb75c81a774)
+---
+ source3/modules/vfs_glusterfs.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index e5c691e..d792fb3 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -1397,7 +1397,6 @@ static int vfs_gluster_sys_acl_set_fd(struct vfs_handle_struct *handle,
+ SMB_ACL_T theacl)
+ {
+ int ret;
+- char *key;
+ char *buf;
+ ssize_t size;
+
+--
+1.8.4.3
+
+
+From ea3bc968082c8fbb18d9416143c9fe8a56d691fa Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:19 +0100
+Subject: [PATCH 09/10] s3-vfs: Make glfs_set_preopened() static.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 4deb00a60f484824217a9683ec9cc2838deae8e0)
+---
+ source3/modules/vfs_glusterfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
+index d792fb3..ca7d790 100644
+--- a/source3/modules/vfs_glusterfs.c
++++ b/source3/modules/vfs_glusterfs.c
+@@ -145,7 +145,7 @@ static struct glfs_preopened {
+ } *glfs_preopened;
+
+
+-int glfs_set_preopened(const char *volume, glfs_t *fs)
++static int glfs_set_preopened(const char *volume, glfs_t *fs)
+ {
+ struct glfs_preopened *entry = NULL;
+
+--
+1.8.4.3
+
+
+From 22264b8b9578f85e457e99c5b18739ea92854189 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 15 Nov 2013 17:02:20 +0100
+Subject: [PATCH 10/10] s3-libnet: Use a const char for realm.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Fri Nov 15 23:11:54 CET 2013 on sn-devel-104
+
+(cherry picked from commit d02d70251f98ea2e7db4aea36f372cb0f65c04c5)
+---
+ source3/libnet/libnet_join.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index 96f7a98..7edccd1 100644
+--- a/source3/libnet/libnet_join.c
++++ b/source3/libnet/libnet_join.c
+@@ -449,7 +449,7 @@ static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx,
+ }
+
+ if (!r->in.upn) {
+- char *realm = r->out.dns_domain_name;
++ const char *realm = r->out.dns_domain_name;
+
+ /* in case we are about to generate a keytab during the join
+ * make sure the default upn we create is usable with kinit -k.
+--
+1.8.4.3
+
diff --git a/SOURCES/samba-4.1.3-fix_grp_name_sub_in_template_homedir.patch b/SOURCES/samba-4.1.3-fix_grp_name_sub_in_template_homedir.patch
new file mode 100644
index 0000000..2f8cfcd
--- /dev/null
+++ b/SOURCES/samba-4.1.3-fix_grp_name_sub_in_template_homedir.patch
@@ -0,0 +1,370 @@
+From 9346945c4b57ffc937f7800202e5c42504750d3d Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 18 Nov 2013 14:58:04 +0100
+Subject: [PATCH 1/2] s3-lib: Add grpname to talloc_sub_specified().
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+(cherry picked from commit 6366ebb79bb72d9dcb12f8fe8d6e35611fcff150)
+---
+ source3/include/proto.h | 1 +
+ source3/lib/substitute.c | 31 +++++++++++++++++++++++++------
+ source3/passdb/passdb.c | 8 ++++----
+ source3/passdb/pdb_ldap.c | 24 +++++++++++++++++++++---
+ source3/torture/torture.c | 2 +-
+ source3/utils/net_sam.c | 2 ++
+ source3/winbindd/wb_fill_pwent.c | 4 ++--
+ 7 files changed, 56 insertions(+), 16 deletions(-)
+
+diff --git a/source3/include/proto.h b/source3/include/proto.h
+index ddf3fab..a42faf8 100644
+--- a/source3/include/proto.h
++++ b/source3/include/proto.h
+@@ -222,6 +222,7 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx, const char *smb_name,
+ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ const char *input_string,
+ const char *username,
++ const char *grpname,
+ const char *domain,
+ uid_t uid,
+ gid_t gid);
+diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
+index a254bca..ca2ac79 100644
+--- a/source3/lib/substitute.c
++++ b/source3/lib/substitute.c
+@@ -613,6 +613,7 @@ done:
+ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ const char *input_string,
+ const char *username,
++ const char *grpname,
+ const char *domain,
+ uid_t uid,
+ gid_t gid)
+@@ -648,9 +649,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ break;
+ case 'G' :
+ if (gid != -1) {
+- a_string = talloc_string_sub(
+- tmp_ctx, a_string, "%G",
+- gidtoname(gid));
++ const char *name;
++
++ if (grpname != NULL) {
++ name = grpname;
++ } else {
++ name = gidtoname(gid);
++ }
++
++ a_string = talloc_string_sub(tmp_ctx,
++ a_string,
++ "%G",
++ name);
+ } else {
+ a_string = talloc_string_sub(
+ tmp_ctx, a_string,
+@@ -659,9 +669,18 @@ char *talloc_sub_specified(TALLOC_CTX *mem_ctx,
+ break;
+ case 'g' :
+ if (gid != -1) {
+- a_string = talloc_string_sub(
+- tmp_ctx, a_string, "%g",
+- gidtoname(gid));
++ const char *name;
++
++ if (grpname != NULL) {
++ name = grpname;
++ } else {
++ name = gidtoname(gid);
++ }
++
++ a_string = talloc_string_sub(tmp_ctx,
++ a_string,
++ "%g",
++ name);
+ } else {
+ a_string = talloc_string_sub(
+ tmp_ctx, a_string, "%g", "NO_GROUP");
+diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
+index 379d858..5a4620f 100644
+--- a/source3/passdb/passdb.c
++++ b/source3/passdb/passdb.c
+@@ -228,16 +228,16 @@ static NTSTATUS samu_set_unix_internal(struct pdb_methods *methods,
+ /* set some basic attributes */
+
+ pdb_set_profile_path(user, talloc_sub_specified(user,
+- lp_logon_path(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
++ lp_logon_path(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
+ PDB_DEFAULT);
+ pdb_set_homedir(user, talloc_sub_specified(user,
+- lp_logon_home(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
++ lp_logon_home(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
+ PDB_DEFAULT);
+ pdb_set_dir_drive(user, talloc_sub_specified(user,
+- lp_logon_drive(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
++ lp_logon_drive(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
+ PDB_DEFAULT);
+ pdb_set_logon_script(user, talloc_sub_specified(user,
+- lp_logon_script(), pwd->pw_name, domain, pwd->pw_uid, pwd->pw_gid),
++ lp_logon_script(), pwd->pw_name, NULL, domain, pwd->pw_uid, pwd->pw_gid),
+ PDB_DEFAULT);
+ }
+
+diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
+index d7db4d8..bb0d3b3 100644
+--- a/source3/passdb/pdb_ldap.c
++++ b/source3/passdb/pdb_ldap.c
+@@ -5316,11 +5316,29 @@ static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods,
+
+ if (is_machine) {
+ /* TODO: choose a more appropriate default for machines */
+- homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), "SMB_workstations_home", ldap_state->domain_name, uid, gid);
++ homedir = talloc_sub_specified(tmp_ctx,
++ lp_template_homedir(),
++ "SMB_workstations_home",
++ NULL,
++ ldap_state->domain_name,
++ uid,
++ gid);
+ shell = talloc_strdup(tmp_ctx, "/bin/false");
+ } else {
+- homedir = talloc_sub_specified(tmp_ctx, lp_template_homedir(), name, ldap_state->domain_name, uid, gid);
+- shell = talloc_sub_specified(tmp_ctx, lp_template_shell(), name, ldap_state->domain_name, uid, gid);
++ homedir = talloc_sub_specified(tmp_ctx,
++ lp_template_homedir(),
++ name,
++ NULL,
++ ldap_state->domain_name,
++ uid,
++ gid);
++ shell = talloc_sub_specified(tmp_ctx,
++ lp_template_shell(),
++ name,
++ NULL,
++ ldap_state->domain_name,
++ uid,
++ gid);
+ }
+ uidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)uid);
+ gidstr = talloc_asprintf(tmp_ctx, "%u", (unsigned int)gid);
+diff --git a/source3/torture/torture.c b/source3/torture/torture.c
+index ee51a4d..b7badc6 100644
+--- a/source3/torture/torture.c
++++ b/source3/torture/torture.c
+@@ -6553,7 +6553,7 @@ static bool subst_test(const char *str, const char *user, const char *domain,
+ char *subst;
+ bool result = true;
+
+- subst = talloc_sub_specified(talloc_tos(), str, user, domain, uid, gid);
++ subst = talloc_sub_specified(talloc_tos(), str, user, NULL, domain, uid, gid);
+
+ if (strcmp(subst, expected) != 0) {
+ printf("sub_specified(%s, %s, %s, %d, %d) returned [%s], expected "
+diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
+index 3a752ce..b7b76e8 100644
+--- a/source3/utils/net_sam.c
++++ b/source3/utils/net_sam.c
+@@ -1873,10 +1873,12 @@ doma_done:
+ gidstr = talloc_asprintf(tc, "%u", (unsigned int)domadmins_gid);
+ dir = talloc_sub_specified(tc, lp_template_homedir(),
+ "Administrator",
++ NULL,
+ get_global_sam_name(),
+ uid, domadmins_gid);
+ shell = talloc_sub_specified(tc, lp_template_shell(),
+ "Administrator",
++ NULL,
+ get_global_sam_name(),
+ uid, domadmins_gid);
+
+diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
+index 688afc6..3b711bd 100644
+--- a/source3/winbindd/wb_fill_pwent.c
++++ b/source3/winbindd/wb_fill_pwent.c
+@@ -214,11 +214,11 @@ static bool fillup_pw_field(const char *lp_template,
+
+ if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
+ templ = talloc_sub_specified(talloc_tos(), in,
+- username, domname,
++ username, NULL, domname,
+ uid, gid);
+ } else {
+ templ = talloc_sub_specified(talloc_tos(), lp_template,
+- username, domname,
++ username, NULL, domname,
+ uid, gid);
+ }
+
+--
+1.8.4.3
+
+
+From 5ccae02f63d655d476d887660f28ad4dce08e790 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 18 Nov 2013 14:58:14 +0100
+Subject: [PATCH 2/2] s3-winbind: Pass the group name to fillup_pw_field().
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=2191
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Fri Nov 22 02:04:54 CET 2013 on sn-devel-104
+
+(cherry picked from commit 000172a5ab7e4bfac7ef618d0d78ec7fe95d0e2a)
+---
+ source3/winbindd/wb_fill_pwent.c | 73 +++++++++++++++++++++++-----------------
+ 1 file changed, 43 insertions(+), 30 deletions(-)
+
+diff --git a/source3/winbindd/wb_fill_pwent.c b/source3/winbindd/wb_fill_pwent.c
+index 3b711bd..9d0abbd 100644
+--- a/source3/winbindd/wb_fill_pwent.c
++++ b/source3/winbindd/wb_fill_pwent.c
+@@ -29,6 +29,7 @@ struct wb_fill_pwent_state {
+
+ static bool fillup_pw_field(const char *lp_template,
+ const char *username,
++ const char *grpname,
+ const char *domname,
+ uid_t uid,
+ gid_t gid,
+@@ -36,7 +37,7 @@ static bool fillup_pw_field(const char *lp_template,
+ fstring out);
+
+ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq);
+-static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq);
++static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq);
+
+ struct tevent_req *wb_fill_pwent_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+@@ -90,47 +91,45 @@ static void wb_fill_pwent_sid2uid_done(struct tevent_req *subreq)
+
+ state->pw->pw_uid = (uid_t)xid.id;
+
+- subreq = wb_sids2xids_send(state, state->ev, &state->info->group_sid, 1);
++ subreq = wb_getgrsid_send(state, state->ev, &state->info->group_sid, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+- tevent_req_set_callback(subreq, wb_fill_pwent_sid2gid_done, req);
++ tevent_req_set_callback(subreq, wb_fill_pwent_getgrsid_done, req);
+ }
+
+-static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
++static void wb_fill_pwent_getgrsid_done(struct tevent_req *subreq)
+ {
+ struct tevent_req *req = tevent_req_callback_data(
+ subreq, struct tevent_req);
+ struct wb_fill_pwent_state *state = tevent_req_data(
+ req, struct wb_fill_pwent_state);
+ struct winbindd_domain *domain;
+- char *dom_name;
++ const char *dom_name;
++ const char *grp_name;
+ fstring user_name, output_username;
+ char *mapped_name = NULL;
++ struct talloc_dict *members;
++ TALLOC_CTX *tmp_ctx = talloc_stackframe();
+ NTSTATUS status;
+- struct unixid xid;
+-
+- status = wb_sids2xids_recv(subreq, &xid);
++ bool ok;
++
++ /* xid handling is done in getgrsid() */
++ status = wb_getgrsid_recv(subreq,
++ tmp_ctx,
++ &dom_name,
++ &grp_name,
++ &state->pw->pw_gid,
++ &members);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
++ talloc_free(tmp_ctx);
+ return;
+ }
+
+- /*
+- * We are filtering further down in sids2xids, but that filtering
+- * depends on the actual type of the sid handed in (as determined
+- * by lookupsids). Here we need to filter for the type of object
+- * actually requested, in this case gid.
+- */
+- if (!(xid.type == ID_TYPE_GID || xid.type == ID_TYPE_BOTH)) {
+- tevent_req_nterror(req, NT_STATUS_NONE_MAPPED);
+- return;
+- }
+-
+- state->pw->pw_gid = (gid_t)xid.id;
+-
+ domain = find_domain_from_sid_noinit(&state->info->user_sid);
+ if (domain == NULL) {
++ talloc_free(tmp_ctx);
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
+ return;
+ }
+@@ -166,17 +165,30 @@ static void wb_fill_pwent_sid2gid_done(struct tevent_req *subreq)
+ fstrcpy(state->pw->pw_gecos, state->info->full_name);
+
+ /* Home directory and shell */
+-
+- if (!fillup_pw_field(lp_template_homedir(), user_name, dom_name,
+- state->pw->pw_uid, state->pw->pw_gid,
+- state->info->homedir, state->pw->pw_dir)) {
++ ok = fillup_pw_field(lp_template_homedir(),
++ user_name,
++ grp_name,
++ dom_name,
++ state->pw->pw_uid,
++ state->pw->pw_gid,
++ state->info->homedir,
++ state->pw->pw_dir);
++ if (!ok) {
++ talloc_free(tmp_ctx);
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
+ return;
+ }
+
+- if (!fillup_pw_field(lp_template_shell(), user_name, dom_name,
+- state->pw->pw_uid, state->pw->pw_gid,
+- state->info->shell, state->pw->pw_shell)) {
++ ok = fillup_pw_field(lp_template_shell(),
++ user_name,
++ grp_name,
++ dom_name,
++ state->pw->pw_uid,
++ state->pw->pw_gid,
++ state->info->shell,
++ state->pw->pw_shell);
++ talloc_free(tmp_ctx);
++ if (!ok) {
+ tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
+ return;
+ }
+@@ -195,6 +207,7 @@ NTSTATUS wb_fill_pwent_recv(struct tevent_req *req)
+
+ static bool fillup_pw_field(const char *lp_template,
+ const char *username,
++ const char *grpname,
+ const char *domname,
+ uid_t uid,
+ gid_t gid,
+@@ -214,11 +227,11 @@ static bool fillup_pw_field(const char *lp_template,
+
+ if ((in != NULL) && (in[0] != '\0') && (lp_security() == SEC_ADS)) {
+ templ = talloc_sub_specified(talloc_tos(), in,
+- username, NULL, domname,
++ username, grpname, domname,
+ uid, gid);
+ } else {
+ templ = talloc_sub_specified(talloc_tos(), lp_template,
+- username, NULL, domname,
++ username, grpname, domname,
+ uid, gid);
+ }
+
+--
+1.8.4.3
+
diff --git a/SOURCES/samba-4.1.3-winbind_debug.patch b/SOURCES/samba-4.1.3-winbind_debug.patch
new file mode 100644
index 0000000..714be1b
--- /dev/null
+++ b/SOURCES/samba-4.1.3-winbind_debug.patch
@@ -0,0 +1,37 @@
+From 967f9bd1f8a147c4b89ada3b6c7e1ce064c511bc Mon Sep 17 00:00:00 2001
+From: Jan Brummer <jan.brummer@tabos.org>
+Date: Mon, 9 Dec 2013 15:22:29 +0100
+Subject: [PATCH] s3-winbindd: Fix DEBUG statement in winbind_msg_offline().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10285
+
+Reviewed-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Mon Dec 9 17:28:37 CET 2013 on sn-devel-104
+---
+ source3/winbindd/winbindd_dual.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
+index 972924c..64af571 100644
+--- a/source3/winbindd/winbindd_dual.c
++++ b/source3/winbindd/winbindd_dual.c
+@@ -626,7 +626,7 @@ void winbind_msg_offline(struct messaging_context *msg_ctx,
+ we only set it online / offline for that domain. */
+
+ DEBUG(10,("winbind_msg_offline: sending message to pid %u for domain %s.\n",
+- (unsigned int)child->pid, domain->name ));
++ (unsigned int)child->pid, child->domain->name ));
+
+ messaging_send_buf(msg_ctx, pid_to_procid(child->pid),
+ MSG_WINBIND_OFFLINE,
+--
+1.8.3.1
+
diff --git a/SOURCES/samba-4.1.4-Fix-segfault-in-smbd.patch b/SOURCES/samba-4.1.4-Fix-segfault-in-smbd.patch
new file mode 100644
index 0000000..b403ae9
--- /dev/null
+++ b/SOURCES/samba-4.1.4-Fix-segfault-in-smbd.patch
@@ -0,0 +1,210 @@
+From 770d684ee974efde80186fe579ff85bc4c038b83 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Thu, 21 Nov 2013 21:05:29 +0100
+Subject: [PATCH] smbd: Fix bug 10284
+
+If we msg_read_send on a nonempty channel, we create one
+tevent_immediate. If we directly receive another message and from
+within the msg_read_send's tevent_req callback we immediately do
+another msg_read_send, we end up with two tevent_immediate events for
+msg_channel_trigger with just one incoming message. Test to follow.
+
+This patch simplifies msg_channel.c by removing the explicit immediate
+events. Instead, it relies on the implicit immediate event available
+via tevent_req_defer_callback. For messages received from tdb with
+a msg_read_send req pending, we directly finish that request without
+putting the message on the queue.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10284
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+(cherry picked from commit 6b6920b02905661ae661a894e3bd8d2c744d7003)
+---
+ source3/lib/msg_channel.c | 100 ++++++++++++++--------------------------------
+ 1 file changed, 31 insertions(+), 69 deletions(-)
+
+diff --git a/source3/lib/msg_channel.c b/source3/lib/msg_channel.c
+index 625d07c..8e23fd4 100644
+--- a/source3/lib/msg_channel.c
++++ b/source3/lib/msg_channel.c
+@@ -41,9 +41,6 @@ static void msg_channel_init_got_ctdb(struct tevent_req *subreq);
+ static void msg_channel_init_got_msg(struct messaging_context *msg,
+ void *priv, uint32_t msg_type,
+ struct server_id server_id, DATA_BLOB *data);
+-static void msg_channel_trigger(struct tevent_context *ev,
+- struct tevent_immediate *im,
+- void *priv);
+ static int msg_channel_destructor(struct msg_channel *s);
+
+ struct tevent_req *msg_channel_init_send(TALLOC_CTX *mem_ctx,
+@@ -157,6 +154,12 @@ fail:
+ return err;
+ }
+
++struct msg_read_state {
++ struct tevent_context *ev;
++ struct msg_channel *channel;
++ struct messaging_rec *rec;
++};
++
+ static void msg_channel_init_got_msg(struct messaging_context *msg,
+ void *priv, uint32_t msg_type,
+ struct server_id server_id,
+@@ -167,7 +170,6 @@ static void msg_channel_init_got_msg(struct messaging_context *msg,
+ struct messaging_rec *rec;
+ struct messaging_rec **msgs;
+ size_t num_msgs;
+- struct tevent_immediate *im;
+
+ rec = talloc(s, struct messaging_rec);
+ if (rec == NULL) {
+@@ -184,6 +186,19 @@ static void msg_channel_init_got_msg(struct messaging_context *msg,
+ }
+ rec->buf.length = data->length;
+
++ if (s->pending_req != NULL) {
++ struct tevent_req *req = s->pending_req;
++ struct msg_read_state *state = tevent_req_data(
++ req, struct msg_read_state);
++
++ s->pending_req = NULL;
++
++ state->rec = talloc_move(state, &rec);
++ tevent_req_defer_callback(req, s->ev);
++ tevent_req_done(req);
++ return;
++ }
++
+ num_msgs = talloc_array_length(s->msgs);
+ msgs = talloc_realloc(s, s->msgs, struct messaging_rec *, num_msgs+1);
+ if (msgs == NULL) {
+@@ -192,28 +207,11 @@ static void msg_channel_init_got_msg(struct messaging_context *msg,
+ s->msgs = msgs;
+ s->msgs[num_msgs] = talloc_move(s->msgs, &rec);
+
+- if (s->pending_req == NULL) {
+- return;
+- }
+-
+- im = tevent_create_immediate(s);
+- if (im == NULL) {
+- goto fail;
+- }
+- tevent_schedule_immediate(im, s->ev, msg_channel_trigger, s);
+ return;
+ fail:
+ TALLOC_FREE(rec);
+ }
+
+-struct msg_read_state {
+- struct tevent_context *ev;
+- struct tevent_req *req;
+- struct msg_channel *channel;
+- struct messaging_rec *rec;
+-};
+-
+-static int msg_read_state_destructor(struct msg_read_state *s);
+ static void msg_read_got_ctdb(struct tevent_req *subreq);
+
+ struct tevent_req *msg_read_send(TALLOC_CTX *mem_ctx,
+@@ -221,7 +219,6 @@ struct tevent_req *msg_read_send(TALLOC_CTX *mem_ctx,
+ struct msg_channel *channel)
+ {
+ struct tevent_req *req;
+- struct tevent_immediate *im;
+ struct msg_read_state *state;
+ void *msg_tdb_event;
+ size_t num_msgs;
+@@ -231,28 +228,28 @@ struct tevent_req *msg_read_send(TALLOC_CTX *mem_ctx,
+ return NULL;
+ }
+ state->ev = ev;
+- state->req = req;
+ state->channel = channel;
+
+ if (channel->pending_req != NULL) {
+ tevent_req_error(req, EBUSY);
+ return tevent_req_post(req, ev);
+ }
+- channel->pending_req = req;
+- channel->ev = ev;
+- talloc_set_destructor(state, msg_read_state_destructor);
+
+ num_msgs = talloc_array_length(channel->msgs);
+ if (num_msgs != 0) {
+- im = tevent_create_immediate(channel->ev);
+- if (tevent_req_nomem(im, req)) {
+- return tevent_req_post(req, ev);
+- }
+- tevent_schedule_immediate(im, channel->ev, msg_channel_trigger,
+- channel);
+- return req;
++ state->rec = talloc_move(state, &channel->msgs[0]);
++ memmove(channel->msgs, channel->msgs+1,
++ sizeof(struct messaging_rec *) * (num_msgs-1));
++ channel->msgs = talloc_realloc(
++ channel, channel->msgs, struct messaging_rec *,
++ num_msgs - 1);
++ tevent_req_done(req);
++ return tevent_req_post(req, ev);
+ }
+
++ channel->pending_req = req;
++ channel->ev = ev;
++
+ msg_tdb_event = messaging_tdb_event(state, channel->msg, ev);
+ if (tevent_req_nomem(msg_tdb_event, req)) {
+ return tevent_req_post(req, ev);
+@@ -271,42 +268,6 @@ struct tevent_req *msg_read_send(TALLOC_CTX *mem_ctx,
+ return req;
+ }
+
+-static int msg_read_state_destructor(struct msg_read_state *s)
+-{
+- assert(s->channel->pending_req == s->req);
+- s->channel->pending_req = NULL;
+- return 0;
+-}
+-
+-static void msg_channel_trigger(struct tevent_context *ev,
+- struct tevent_immediate *im,
+- void *priv)
+-{
+- struct msg_channel *channel;
+- struct tevent_req *req;
+- struct msg_read_state *state;
+- size_t num_msgs;
+-
+- channel = talloc_get_type_abort(priv, struct msg_channel);
+- req = channel->pending_req;
+- state = tevent_req_data(req, struct msg_read_state);
+-
+- talloc_set_destructor(state, NULL);
+- msg_read_state_destructor(state);
+-
+- num_msgs = talloc_array_length(channel->msgs);
+- assert(num_msgs > 0);
+-
+- state->rec = talloc_move(state, &channel->msgs[0]);
+-
+- memmove(channel->msgs, channel->msgs+1,
+- sizeof(struct messaging_rec *) * (num_msgs-1));
+- channel->msgs = talloc_realloc(
+- channel, channel->msgs, struct messaging_rec *, num_msgs - 1);
+-
+- tevent_req_done(req);
+-}
+-
+ static void msg_read_got_ctdb(struct tevent_req *subreq)
+ {
+ struct tevent_req *req = tevent_req_callback_data(
+@@ -368,5 +329,6 @@ int msg_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
+ return err;
+ }
+ *prec = talloc_move(mem_ctx, &state->rec);
++ tevent_req_received(req);
+ return 0;
+ }
+--
+1.8.1.2
+
diff --git a/SOURCES/samba-4.1.4-fix_G_substitution_in_service_path.patch b/SOURCES/samba-4.1.4-fix_G_substitution_in_service_path.patch
new file mode 100644
index 0000000..250798b
--- /dev/null
+++ b/SOURCES/samba-4.1.4-fix_G_substitution_in_service_path.patch
@@ -0,0 +1,46 @@
+From b73750c2d2f65a0b4597fa0a11cc22272ba47524 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 27 Nov 2013 17:21:01 +0100
+Subject: [PATCH] s3-lib: Fix %G substitution for domain users in smbd
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10286
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Christian Ambach <ambi@samba.org>
+
+Autobuild-User(master): Christian Ambach <ambi@samba.org>
+Autobuild-Date(master): Tue Dec 10 16:39:43 CET 2013 on sn-devel-104
+
+(cherry picked from commit 8eef4ab79ec5fb7e96ad2f2ad6c9bf30db13a50d)
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ source3/lib/substitute.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
+index ca2ac79..937f02c 100644
+--- a/source3/lib/substitute.c
++++ b/source3/lib/substitute.c
+@@ -499,10 +499,20 @@ char *talloc_sub_basic(TALLOC_CTX *mem_ctx,
+ break;
+ case 'G' : {
+ struct passwd *pass;
+- r = talloc_strdup(tmp_ctx, smb_name);
++
++ if (domain_name != NULL && domain_name[0] != '\0') {
++ r = talloc_asprintf(tmp_ctx,
++ "%s%c%s",
++ domain_name,
++ *lp_winbind_separator(),
++ smb_name);
++ } else {
++ r = talloc_strdup(tmp_ctx, smb_name);
++ }
+ if (r == NULL) {
+ goto error;
+ }
++
+ pass = Get_Pwnam_alloc(tmp_ctx, r);
+ if (pass != NULL) {
+ a_string = realloc_string_sub(
+--
+1.8.5
diff --git a/SOURCES/samba-4.1.4-fix_dropbox_regression.patch b/SOURCES/samba-4.1.4-fix_dropbox_regression.patch
new file mode 100644
index 0000000..db6abc0
--- /dev/null
+++ b/SOURCES/samba-4.1.4-fix_dropbox_regression.patch
@@ -0,0 +1,269 @@
+From 22b7400498af7cecbdf608adb7f622b803b50471 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Tue, 3 Dec 2013 13:20:17 +0100
+Subject: [PATCH 1/3] smbd: Fix regression for the dropbox case.
+
+We need to allow to save a file to a directory with perm -wx.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit 5b49fe24c906cbae12beff7a1b45de6809258cab)
+---
+ source3/smbd/filename.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
+index fc96550..16d0df1 100644
+--- a/source3/smbd/filename.c
++++ b/source3/smbd/filename.c
+@@ -722,7 +722,10 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
+ */
+
+ if (errno == EACCES) {
+- if (ucf_flags & UCF_CREATING_FILE) {
++ if ((ucf_flags & UCF_CREATING_FILE) == 0) {
++ status = NT_STATUS_ACCESS_DENIED;
++ goto fail;
++ } else {
+ /*
+ * This is the dropbox
+ * behaviour. A dropbox is a
+@@ -734,11 +737,8 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
+ * nevertheless want to allow
+ * users creating a file.
+ */
+- status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
+- } else {
+- status = NT_STATUS_ACCESS_DENIED;
++ errno = 0;
+ }
+- goto fail;
+ }
+
+ if ((errno != 0) && (errno != ENOENT)) {
+--
+1.8.5.1
+
+
+From e02e1bca121fa8dec84afa01132d450b6b2355b6 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Tue, 3 Dec 2013 10:19:09 -0800
+Subject: [PATCH 2/3] smbd: change flag name from UCF_CREATING_FILE to
+ UCF_PREP_CREATEFILE
+
+In preparation to using it for all open calls.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit 874318a97868e08837a1febb1be8e8a167b5ae0f)
+---
+ source3/smbd/filename.c | 2 +-
+ source3/smbd/nttrans.c | 4 ++--
+ source3/smbd/reply.c | 10 +++++-----
+ source3/smbd/smb2_create.c | 2 +-
+ source3/smbd/smbd.h | 2 +-
+ 5 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
+index 16d0df1..ba41986 100644
+--- a/source3/smbd/filename.c
++++ b/source3/smbd/filename.c
+@@ -722,7 +722,7 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
+ */
+
+ if (errno == EACCES) {
+- if ((ucf_flags & UCF_CREATING_FILE) == 0) {
++ if ((ucf_flags & UCF_PREP_CREATEFILE) == 0) {
+ status = NT_STATUS_ACCESS_DENIED;
+ goto fail;
+ } else {
+diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
+index b7dfa8c..15fa4b6 100644
+--- a/source3/smbd/nttrans.c
++++ b/source3/smbd/nttrans.c
+@@ -539,7 +539,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ (create_disposition == FILE_CREATE)
+- ? UCF_CREATING_FILE : 0,
++ ? UCF_PREP_CREATEFILE : 0,
+ NULL,
+ &smb_fname);
+
+@@ -1119,7 +1119,7 @@ static void call_nt_transact_create(connection_struct *conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ (create_disposition == FILE_CREATE)
+- ? UCF_CREATING_FILE : 0,
++ ? UCF_PREP_CREATEFILE : 0,
+ NULL,
+ &smb_fname);
+
+diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
+index 2d729ec..2c9749e 100644
+--- a/source3/smbd/reply.c
++++ b/source3/smbd/reply.c
+@@ -1918,7 +1918,7 @@ void reply_open(struct smb_request *req)
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ (create_disposition == FILE_CREATE)
+- ? UCF_CREATING_FILE : 0,
++ ? UCF_PREP_CREATEFILE : 0,
+ NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+@@ -2096,7 +2096,7 @@ void reply_open_and_X(struct smb_request *req)
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ (create_disposition == FILE_CREATE)
+- ? UCF_CREATING_FILE : 0,
++ ? UCF_PREP_CREATEFILE : 0,
+ NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+@@ -2329,7 +2329,7 @@ void reply_mknew(struct smb_request *req)
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+- UCF_CREATING_FILE,
++ UCF_PREP_CREATEFILE,
+ NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+@@ -2470,7 +2470,7 @@ void reply_ctemp(struct smb_request *req)
+ status = filename_convert(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+- UCF_CREATING_FILE,
++ UCF_PREP_CREATEFILE,
+ NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+@@ -5829,7 +5829,7 @@ void reply_mkdir(struct smb_request *req)
+ status = filename_convert(ctx, conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ directory,
+- UCF_CREATING_FILE,
++ UCF_PREP_CREATEFILE,
+ NULL,
+ &smb_dname);
+ if (!NT_STATUS_IS_OK(status)) {
+diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
+index c4d4991..f637dac 100644
+--- a/source3/smbd/smb2_create.c
++++ b/source3/smbd/smb2_create.c
+@@ -872,7 +872,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
+ smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+ (in_create_disposition == FILE_CREATE) ?
+- UCF_CREATING_FILE : 0,
++ UCF_PREP_CREATEFILE : 0,
+ NULL, /* ppath_contains_wcards */
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+diff --git a/source3/smbd/smbd.h b/source3/smbd/smbd.h
+index e769157..5cf88bf 100644
+--- a/source3/smbd/smbd.h
++++ b/source3/smbd/smbd.h
+@@ -73,6 +73,6 @@ struct trans_state {
+ #define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004
+ #define UCF_POSIX_PATHNAMES 0x00000008
+ #define UCF_UNIX_NAME_LOOKUP 0x00000010
+-#define UCF_CREATING_FILE 0x00000020
++#define UCF_PREP_CREATEFILE 0x00000020
+
+ #endif /* _SMBD_SMBD_H */
+--
+1.8.5.1
+
+
+From e7abcfae4fbbf4d6fe56e5a1a4d76ffe4e9677d9 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Tue, 3 Dec 2013 10:21:16 -0800
+Subject: [PATCH 3/3] smbd: Always use UCF_PREP_CREATEFILE for filename_convert
+ calls to resolve a path for open.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Mon Dec 9 21:02:21 CET 2013 on sn-devel-104
+
+(cherry picked from commit f98d10af2a05f0261611f4cabdfe274cd9fe91c0)
+---
+ source3/smbd/nttrans.c | 6 ++----
+ source3/smbd/reply.c | 6 ++----
+ source3/smbd/smb2_create.c | 3 +--
+ 3 files changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
+index 15fa4b6..0d3cd07 100644
+--- a/source3/smbd/nttrans.c
++++ b/source3/smbd/nttrans.c
+@@ -538,8 +538,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+- (create_disposition == FILE_CREATE)
+- ? UCF_PREP_CREATEFILE : 0,
++ UCF_PREP_CREATEFILE,
+ NULL,
+ &smb_fname);
+
+@@ -1118,8 +1117,7 @@ static void call_nt_transact_create(connection_struct *conn,
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+- (create_disposition == FILE_CREATE)
+- ? UCF_PREP_CREATEFILE : 0,
++ UCF_PREP_CREATEFILE,
+ NULL,
+ &smb_fname);
+
+diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
+index 2c9749e..f293b69 100644
+--- a/source3/smbd/reply.c
++++ b/source3/smbd/reply.c
+@@ -1917,8 +1917,7 @@ void reply_open(struct smb_request *req)
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+- (create_disposition == FILE_CREATE)
+- ? UCF_PREP_CREATEFILE : 0,
++ UCF_PREP_CREATEFILE,
+ NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+@@ -2095,8 +2094,7 @@ void reply_open_and_X(struct smb_request *req)
+ conn,
+ req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+- (create_disposition == FILE_CREATE)
+- ? UCF_PREP_CREATEFILE : 0,
++ UCF_PREP_CREATEFILE,
+ NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
+index f637dac..6730ad6 100644
+--- a/source3/smbd/smb2_create.c
++++ b/source3/smbd/smb2_create.c
+@@ -871,8 +871,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
+ smb1req->conn,
+ smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
+ fname,
+- (in_create_disposition == FILE_CREATE) ?
+- UCF_PREP_CREATEFILE : 0,
++ UCF_PREP_CREATEFILE,
+ NULL, /* ppath_contains_wcards */
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+--
+1.8.5.1
diff --git a/SOURCES/samba-4.1.4-fix_panic_when_smb2_brlock_times_out.patch b/SOURCES/samba-4.1.4-fix_panic_when_smb2_brlock_times_out.patch
new file mode 100644
index 0000000..f60d6e2
--- /dev/null
+++ b/SOURCES/samba-4.1.4-fix_panic_when_smb2_brlock_times_out.patch
@@ -0,0 +1,32 @@
+From c1b7cf5481f20e7503e736ac2edd4c6d47dfea1c Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Thu, 5 Dec 2013 15:50:58 +0100
+Subject: [PATCH] smbd: Fix a panic when a smb2 brlock times out
+
+Found by Peter Somogyi.
+
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Thu Dec 5 21:21:35 CET 2013 on sn-devel-104
+---
+ source3/smbd/smb2_lock.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c
+index e2ea251..671cd6f 100644
+--- a/source3/smbd/smb2_lock.c
++++ b/source3/smbd/smb2_lock.c
+@@ -511,7 +511,7 @@ static bool recalc_smb2_brl_timeout(struct smbd_server_connection *sconn)
+ NULL,
+ next_timeout,
+ brl_timeout_fn,
+- NULL);
++ sconn);
+ if (!sconn->smb2.locks.brl_timeout) {
+ return false;
+ }
+--
+1.8.5.1
+
diff --git a/SOURCES/samba-4.1.4-fix_winbind_100_percent_childs.patch b/SOURCES/samba-4.1.4-fix_winbind_100_percent_childs.patch
new file mode 100644
index 0000000..f67d136
--- /dev/null
+++ b/SOURCES/samba-4.1.4-fix_winbind_100_percent_childs.patch
@@ -0,0 +1,233 @@
+From ac40cbf90f78cf25d7cc2b5182a11c6706b73bf4 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Mon, 6 Jan 2014 15:15:37 -0800
+Subject: [PATCH 1/2] s3: winbindd: Move the logic of whether to set
+ 'domain->primary' into add_trusted_domain().
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+(cherry picked from commit cfa6a36467f5679a88e49419e8af32b724c242bd)
+---
+ source3/winbindd/winbindd_util.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
+index 85b014d..10ca132 100644
+--- a/source3/winbindd/winbindd_util.c
++++ b/source3/winbindd/winbindd_util.c
+@@ -99,6 +99,7 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
+ char *idmap_config_option;
+ const char *param;
+ const char **ignored_domains, **dom;
++ int role = lp_server_role();
+
+ ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL);
+ for (dom=ignored_domains; dom && *dom; dom++) {
+@@ -196,6 +197,15 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
+ sid_copy(&domain->sid, sid);
+ }
+
++ /* Is this our primary domain ? */
++ if (strequal(domain_name, get_global_sam_name()) &&
++ (role != ROLE_DOMAIN_MEMBER)) {
++ domain->primary = true;
++ } else if (strequal(domain_name, lp_workgroup()) &&
++ (role == ROLE_DOMAIN_MEMBER)) {
++ domain->primary = true;
++ }
++
+ /* Link to domain list */
+ DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
+
+@@ -628,9 +638,6 @@ bool init_domain_list(void)
+ domain = add_trusted_domain(get_global_sam_name(), NULL,
+ &cache_methods, get_global_sam_sid());
+ if (domain) {
+- if ( role != ROLE_DOMAIN_MEMBER ) {
+- domain->primary = True;
+- }
+ setup_domain_child(domain);
+ }
+
+@@ -647,7 +654,6 @@ bool init_domain_list(void)
+ domain = add_trusted_domain( lp_workgroup(), lp_realm(),
+ &cache_methods, &our_sid);
+ if (domain) {
+- domain->primary = True;
+ setup_domain_child(domain);
+
+ /* Even in the parent winbindd we'll need to
+--
+1.8.5.1
+
+
+From 607019cef6f730c91af9d9825cd0c1d82e494859 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Mon, 6 Jan 2014 15:22:59 -0800
+Subject: [PATCH 2/2] s3: winbindd: Move calling setup_domain_child() into
+ add_trusted_domain().
+
+Ensure it only gets called when a new domain is allocated
+and added to the list.
+
+This should fix problems with the previous logic where
+setup_domain_child() was called in places where an existing
+domain was returned.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Volker Lendecke <vl@samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra@samba.org>
+Autobuild-Date(master): Wed Jan 8 20:46:55 CET 2014 on sn-devel-104
+
+(cherry picked from commit ca931e460460ffe46735f98b31db47220772d566)
+---
+ source3/winbindd/winbindd_util.c | 46 ++++++++++++----------------------------
+ 1 file changed, 14 insertions(+), 32 deletions(-)
+
+diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
+index 10ca132..a00fe14 100644
+--- a/source3/winbindd/winbindd_util.c
++++ b/source3/winbindd/winbindd_util.c
+@@ -89,7 +89,10 @@ static bool is_in_internal_domain(const struct dom_sid *sid)
+ }
+
+
+-/* Add a trusted domain to our list of domains */
++/* Add a trusted domain to our list of domains.
++ If the domain already exists in the list,
++ return it and don't re-initialize. */
++
+ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name,
+ struct winbindd_methods *methods,
+ const struct dom_sid *sid)
+@@ -147,7 +150,10 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
+
+ if (domain != NULL) {
+ /*
+- * We found a match. Possibly update the SID
++ * We found a match on domain->name or
++ * domain->alt_name. Possibly update the SID
++ * if the stored SID was the NULL SID
++ * and return the matching entry.
+ */
+ if ((sid != NULL)
+ && dom_sid_equal(&domain->sid, &global_sid_NULL)) {
+@@ -242,6 +248,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
+
+ done:
+
++ setup_domain_child(domain);
++
+ DEBUG(2,("Added domain %s %s %s\n",
+ domain->name, domain->alt_name,
+ &domain->sid?sid_string_dbg(&domain->sid):""));
+@@ -315,9 +323,7 @@ static void trustdom_list_done(struct tevent_req *req)
+ while ((p != NULL) && (*p != '\0')) {
+ char *q, *sidstr, *alt_name;
+ struct dom_sid sid;
+- struct winbindd_domain *domain;
+ char *alternate_name = NULL;
+- bool domain_exists;
+
+ alt_name = strchr(p, '\\');
+ if (alt_name == NULL) {
+@@ -351,26 +357,16 @@ static void trustdom_list_done(struct tevent_req *req)
+ if ( !strequal( alt_name, "(null)" ) )
+ alternate_name = alt_name;
+
+- /* Check if we already have a child for the domain */
+- domain_exists = (find_domain_from_name_noinit(p) != NULL);
+-
+ /*
+ * We always call add_trusted_domain() cause on an existing
+ * domain structure, it will update the SID if necessary.
+ * This is important because we need the SID for sibling
+ * domains.
+ */
+- domain = add_trusted_domain(p, alternate_name,
++ (void)add_trusted_domain(p, alternate_name,
+ &cache_methods,
+ &sid);
+
+- /*
+- * If the domain doesn't exist yet and got correctly added,
+- * setup a new domain child.
+- */
+- if (!domain_exists && domain != NULL) {
+- setup_domain_child(domain);
+- }
+ p=q;
+ if (p != NULL)
+ p += 1;
+@@ -444,9 +440,6 @@ static void rescan_forest_root_trusts( void )
+ dom_list[i].dns_name,
+ &cache_methods,
+ &dom_list[i].sid );
+- if (d != NULL) {
+- setup_domain_child(d);
+- }
+ }
+
+ if (d == NULL) {
+@@ -516,9 +509,6 @@ static void rescan_forest_trusts( void )
+ dom_list[i].dns_name,
+ &cache_methods,
+ &dom_list[i].sid );
+- if (d != NULL) {
+- setup_domain_child(d);
+- }
+ }
+
+ if (d == NULL) {
+@@ -619,7 +609,6 @@ enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domai
+ /* Look up global info for the winbind daemon */
+ bool init_domain_list(void)
+ {
+- struct winbindd_domain *domain;
+ int role = lp_server_role();
+
+ /* Free existing list */
+@@ -627,23 +616,18 @@ bool init_domain_list(void)
+
+ /* BUILTIN domain */
+
+- domain = add_trusted_domain("BUILTIN", NULL, &cache_methods,
++ (void)add_trusted_domain("BUILTIN", NULL, &cache_methods,
+ &global_sid_Builtin);
+- if (domain) {
+- setup_domain_child(domain);
+- }
+
+ /* Local SAM */
+
+- domain = add_trusted_domain(get_global_sam_name(), NULL,
++ (void)add_trusted_domain(get_global_sam_name(), NULL,
+ &cache_methods, get_global_sam_sid());
+- if (domain) {
+- setup_domain_child(domain);
+- }
+
+ /* Add ourselves as the first entry. */
+
+ if ( role == ROLE_DOMAIN_MEMBER ) {
++ struct winbindd_domain *domain;
+ struct dom_sid our_sid;
+
+ if (!secrets_fetch_domain_sid(lp_workgroup(), &our_sid)) {
+@@ -654,8 +638,6 @@ bool init_domain_list(void)
+ domain = add_trusted_domain( lp_workgroup(), lp_realm(),
+ &cache_methods, &our_sid);
+ if (domain) {
+- setup_domain_child(domain);
+-
+ /* Even in the parent winbindd we'll need to
+ talk to the DC, so try and see if we can
+ contact it. Theoretically this isn't neccessary
+--
+1.8.5.1
+
diff --git a/SOURCES/samba-4.1.5-fix_force_user_sec_ads.patch b/SOURCES/samba-4.1.5-fix_force_user_sec_ads.patch
new file mode 100644
index 0000000..6c08ccc
--- /dev/null
+++ b/SOURCES/samba-4.1.5-fix_force_user_sec_ads.patch
@@ -0,0 +1,1448 @@
+From 80f3551d4f594438dcc93dd82a7953c4a913badd Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 16 Dec 2013 12:57:20 +0100
+Subject: [PATCH 1/7] s3-lib: Add winbind_lookup_usersids().
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+(cherry picked from commit 241e98d8ee099f9cc5feb835085b4abd2b1ee663)
+---
+ source3/lib/winbind_util.c | 34 +++++
+ source3/lib/winbind_util.h | 4 +
+ source3/passdb/ABI/pdb-0.1.0.sigs | 311 ++++++++++++++++++++++++++++++++++++++
+ source3/wscript_build | 2 +-
+ 4 files changed, 350 insertions(+), 1 deletion(-)
+ create mode 100644 source3/passdb/ABI/pdb-0.1.0.sigs
+
+diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
+index b458ebe..f62682b 100644
+--- a/source3/lib/winbind_util.c
++++ b/source3/lib/winbind_util.c
+@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
+ return true;
+ }
+
++bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
++ const struct dom_sid *user_sid,
++ uint32_t *p_num_sids,
++ struct dom_sid **p_sids)
++{
++ wbcErr ret;
++ struct wbcDomainSid dom_sid;
++ struct wbcDomainSid *sid_list = NULL;
++ uint32_t num_sids;
++
++ memcpy(&dom_sid, user_sid, sizeof(dom_sid));
++
++ ret = wbcLookupUserSids(&dom_sid,
++ false,
++ &num_sids,
++ &sid_list);
++ if (ret != WBC_ERR_SUCCESS) {
++ return false;
++ }
++
++ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
++ if (*p_sids == NULL) {
++ wbcFreeMemory(sid_list);
++ return false;
++ }
++
++ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids);
++
++ *p_num_sids = num_sids;
++ wbcFreeMemory(sid_list);
++
++ return true;
++}
++
+ #else /* WITH_WINBIND */
+
+ struct passwd * winbind_getpwnam(const char * name)
+diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
+index 541bb95..abbc5a9 100644
+--- a/source3/lib/winbind_util.h
++++ b/source3/lib/winbind_util.h
+@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
+ size_t num_members,
+ uint32_t **pp_alias_rids,
+ size_t *p_num_alias_rids);
++bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
++ const struct dom_sid *user_sid,
++ uint32_t *p_num_sids,
++ struct dom_sid **p_sids);
+
+ #endif /* __LIB__WINBIND_UTIL_H__ */
+diff --git a/source3/passdb/ABI/pdb-0.1.0.sigs b/source3/passdb/ABI/pdb-0.1.0.sigs
+new file mode 100644
+index 0000000..f4de9c4
+--- /dev/null
++++ b/source3/passdb/ABI/pdb-0.1.0.sigs
+@@ -0,0 +1,311 @@
++PDB_secrets_clear_domain_protection: bool (const char *)
++PDB_secrets_fetch_domain_guid: bool (const char *, struct GUID *)
++PDB_secrets_fetch_domain_sid: bool (const char *, struct dom_sid *)
++PDB_secrets_mark_domain_protected: bool (const char *)
++PDB_secrets_store_domain_guid: bool (const char *, struct GUID *)
++PDB_secrets_store_domain_sid: bool (const char *, const struct dom_sid *)
++account_policy_get: bool (enum pdb_policy_type, uint32_t *)
++account_policy_get_default: bool (enum pdb_policy_type, uint32_t *)
++account_policy_get_desc: const char *(enum pdb_policy_type)
++account_policy_name_to_typenum: enum pdb_policy_type (const char *)
++account_policy_names_list: void (TALLOC_CTX *, const char ***, int *)
++account_policy_set: bool (enum pdb_policy_type, uint32_t)
++add_initial_entry: NTSTATUS (gid_t, const char *, enum lsa_SidType, const char *, const char *)
++algorithmic_pdb_gid_to_group_rid: uint32_t (gid_t)
++algorithmic_pdb_rid_is_user: bool (uint32_t)
++algorithmic_pdb_uid_to_user_rid: uint32_t (uid_t)
++algorithmic_pdb_user_rid_to_uid: uid_t (uint32_t)
++algorithmic_rid_base: int (void)
++builtin_domain_name: const char *(void)
++cache_account_policy_get: bool (enum pdb_policy_type, uint32_t *)
++cache_account_policy_set: bool (enum pdb_policy_type, uint32_t)
++create_builtin_administrators: NTSTATUS (const struct dom_sid *)
++create_builtin_users: NTSTATUS (const struct dom_sid *)
++decode_account_policy_name: const char *(enum pdb_policy_type)
++get_account_pol_db: struct db_context *(void)
++get_account_policy_attr: const char *(enum pdb_policy_type)
++get_domain_group_from_sid: bool (struct dom_sid, GROUP_MAP *)
++get_primary_group_sid: NTSTATUS (TALLOC_CTX *, const char *, struct passwd **, struct dom_sid **)
++get_privileges_for_sid_as_set: NTSTATUS (TALLOC_CTX *, PRIVILEGE_SET **, struct dom_sid *)
++get_privileges_for_sids: bool (uint64_t *, struct dom_sid *, int)
++get_trust_pw_clear: bool (const char *, char **, const char **, enum netr_SchannelType *)
++get_trust_pw_hash: bool (const char *, uint8_t *, const char **, enum netr_SchannelType *)
++gid_to_sid: void (struct dom_sid *, gid_t)
++gid_to_unix_groups_sid: void (gid_t, struct dom_sid *)
++grab_named_mutex: struct named_mutex *(TALLOC_CTX *, const char *, int)
++grant_all_privileges: bool (const struct dom_sid *)
++grant_privilege_by_name: bool (const struct dom_sid *, const char *)
++grant_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
++groupdb_tdb_init: const struct mapping_backend *(void)
++init_account_policy: bool (void)
++init_buffer_from_samu: uint32_t (uint8_t **, struct samu *, bool)
++init_samu_from_buffer: bool (struct samu *, uint32_t, uint8_t *, uint32_t)
++initialize_password_db: bool (bool, struct tevent_context *)
++is_dc_trusted_domain_situation: bool (const char *)
++is_privileged_sid: bool (const struct dom_sid *)
++local_password_change: NTSTATUS (const char *, int, const char *, char **, char **)
++login_cache_delentry: bool (const struct samu *)
++login_cache_init: bool (void)
++login_cache_read: bool (struct samu *, struct login_cache *)
++login_cache_shutdown: bool (void)
++login_cache_write: bool (const struct samu *, const struct login_cache *)
++lookup_builtin_name: bool (const char *, uint32_t *)
++lookup_builtin_rid: bool (TALLOC_CTX *, uint32_t, const char **)
++lookup_global_sam_name: bool (const char *, int, uint32_t *, enum lsa_SidType *)
++lookup_name: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
++lookup_name_smbconf: bool (TALLOC_CTX *, const char *, int, const char **, const char **, struct dom_sid *, enum lsa_SidType *)
++lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
++lookup_sids: NTSTATUS (TALLOC_CTX *, int, const struct dom_sid **, int, struct lsa_dom_info **, struct lsa_name_info **)
++lookup_unix_group_name: bool (const char *, struct dom_sid *)
++lookup_unix_user_name: bool (const char *, struct dom_sid *)
++lookup_wellknown_name: bool (TALLOC_CTX *, const char *, struct dom_sid *, const char **)
++lookup_wellknown_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **)
++make_pdb_method: NTSTATUS (struct pdb_methods **)
++make_pdb_method_name: NTSTATUS (struct pdb_methods **, const char *)
++max_algorithmic_gid: gid_t (void)
++max_algorithmic_uid: uid_t (void)
++my_sam_name: const char *(void)
++pdb_add_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
++pdb_add_group_mapping_entry: NTSTATUS (GROUP_MAP *)
++pdb_add_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
++pdb_add_sam_account: NTSTATUS (struct samu *)
++pdb_build_fields_present: uint32_t (struct samu *)
++pdb_capabilities: uint32_t (void)
++pdb_copy_sam_account: bool (struct samu *, struct samu *)
++pdb_create_alias: NTSTATUS (const char *, uint32_t *)
++pdb_create_builtin: NTSTATUS (uint32_t)
++pdb_create_builtin_alias: NTSTATUS (uint32_t, gid_t)
++pdb_create_dom_group: NTSTATUS (TALLOC_CTX *, const char *, uint32_t *)
++pdb_create_user: NTSTATUS (TALLOC_CTX *, const char *, uint32_t, uint32_t *)
++pdb_decode_acct_ctrl: uint32_t (const char *)
++pdb_default_add_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
++pdb_default_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
++pdb_default_alias_memberships: NTSTATUS (struct pdb_methods *, TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
++pdb_default_create_alias: NTSTATUS (struct pdb_methods *, const char *, uint32_t *)
++pdb_default_del_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, const struct dom_sid *)
++pdb_default_delete_alias: NTSTATUS (struct pdb_methods *, const struct dom_sid *)
++pdb_default_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
++pdb_default_enum_aliasmem: NTSTATUS (struct pdb_methods *, const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
++pdb_default_enum_group_mapping: NTSTATUS (struct pdb_methods *, const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
++pdb_default_get_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
++pdb_default_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
++pdb_default_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
++pdb_default_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
++pdb_default_set_aliasinfo: NTSTATUS (struct pdb_methods *, const struct dom_sid *, struct acct_info *)
++pdb_default_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
++pdb_del_aliasmem: NTSTATUS (const struct dom_sid *, const struct dom_sid *)
++pdb_del_groupmem: NTSTATUS (TALLOC_CTX *, uint32_t, uint32_t)
++pdb_del_trusted_domain: NTSTATUS (const char *)
++pdb_del_trusteddom_pw: bool (const char *)
++pdb_delete_alias: NTSTATUS (const struct dom_sid *)
++pdb_delete_dom_group: NTSTATUS (TALLOC_CTX *, uint32_t)
++pdb_delete_group_mapping_entry: NTSTATUS (struct dom_sid)
++pdb_delete_sam_account: NTSTATUS (struct samu *)
++pdb_delete_secret: NTSTATUS (const char *)
++pdb_delete_user: NTSTATUS (TALLOC_CTX *, struct samu *)
++pdb_element_is_changed: bool (const struct samu *, enum pdb_elements)
++pdb_element_is_set_or_changed: bool (const struct samu *, enum pdb_elements)
++pdb_encode_acct_ctrl: char *(uint32_t, size_t)
++pdb_enum_alias_memberships: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
++pdb_enum_aliasmem: NTSTATUS (const struct dom_sid *, TALLOC_CTX *, struct dom_sid **, size_t *)
++pdb_enum_group_mapping: bool (const struct dom_sid *, enum lsa_SidType, GROUP_MAP ***, size_t *, bool)
++pdb_enum_group_members: NTSTATUS (TALLOC_CTX *, const struct dom_sid *, uint32_t **, size_t *)
++pdb_enum_group_memberships: NTSTATUS (TALLOC_CTX *, struct samu *, struct dom_sid **, gid_t **, uint32_t *)
++pdb_enum_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct pdb_trusted_domain ***)
++pdb_enum_trusteddoms: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
++pdb_enum_upn_suffixes: NTSTATUS (TALLOC_CTX *, uint32_t *, char ***)
++pdb_find_backend_entry: struct pdb_init_function_entry *(const char *)
++pdb_get_account_policy: bool (enum pdb_policy_type, uint32_t *)
++pdb_get_acct_ctrl: uint32_t (const struct samu *)
++pdb_get_acct_desc: const char *(const struct samu *)
++pdb_get_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
++pdb_get_backend_private_data: void *(const struct samu *, const struct pdb_methods *)
++pdb_get_backends: const struct pdb_init_function_entry *(void)
++pdb_get_bad_password_count: uint16_t (const struct samu *)
++pdb_get_bad_password_time: time_t (const struct samu *)
++pdb_get_code_page: uint16_t (const struct samu *)
++pdb_get_comment: const char *(const struct samu *)
++pdb_get_country_code: uint16_t (const struct samu *)
++pdb_get_dir_drive: const char *(const struct samu *)
++pdb_get_domain: const char *(const struct samu *)
++pdb_get_domain_info: struct pdb_domain_info *(TALLOC_CTX *)
++pdb_get_fullname: const char *(const struct samu *)
++pdb_get_group_rid: uint32_t (struct samu *)
++pdb_get_group_sid: const struct dom_sid *(struct samu *)
++pdb_get_homedir: const char *(const struct samu *)
++pdb_get_hours: const uint8_t *(const struct samu *)
++pdb_get_hours_len: uint32_t (const struct samu *)
++pdb_get_init_flags: enum pdb_value_state (const struct samu *, enum pdb_elements)
++pdb_get_kickoff_time: time_t (const struct samu *)
++pdb_get_lanman_passwd: const uint8_t *(const struct samu *)
++pdb_get_logoff_time: time_t (const struct samu *)
++pdb_get_logon_count: uint16_t (const struct samu *)
++pdb_get_logon_divs: uint16_t (const struct samu *)
++pdb_get_logon_script: const char *(const struct samu *)
++pdb_get_logon_time: time_t (const struct samu *)
++pdb_get_munged_dial: const char *(const struct samu *)
++pdb_get_nt_passwd: const uint8_t *(const struct samu *)
++pdb_get_nt_username: const char *(const struct samu *)
++pdb_get_pass_can_change: bool (const struct samu *)
++pdb_get_pass_can_change_time: time_t (const struct samu *)
++pdb_get_pass_can_change_time_noncalc: time_t (const struct samu *)
++pdb_get_pass_last_set_time: time_t (const struct samu *)
++pdb_get_pass_must_change_time: time_t (const struct samu *)
++pdb_get_plaintext_passwd: const char *(const struct samu *)
++pdb_get_profile_path: const char *(const struct samu *)
++pdb_get_pw_history: const uint8_t *(const struct samu *, uint32_t *)
++pdb_get_secret: NTSTATUS (TALLOC_CTX *, const char *, DATA_BLOB *, NTTIME *, DATA_BLOB *, NTTIME *, struct security_descriptor **)
++pdb_get_seq_num: bool (time_t *)
++pdb_get_tevent_context: struct tevent_context *(void)
++pdb_get_trusted_domain: NTSTATUS (TALLOC_CTX *, const char *, struct pdb_trusted_domain **)
++pdb_get_trusted_domain_by_sid: NTSTATUS (TALLOC_CTX *, struct dom_sid *, struct pdb_trusted_domain **)
++pdb_get_trusteddom_pw: bool (const char *, char **, struct dom_sid *, time_t *)
++pdb_get_unknown_6: uint32_t (const struct samu *)
++pdb_get_user_rid: uint32_t (const struct samu *)
++pdb_get_user_sid: const struct dom_sid *(const struct samu *)
++pdb_get_username: const char *(const struct samu *)
++pdb_get_workstations: const char *(const struct samu *)
++pdb_getgrgid: bool (GROUP_MAP *, gid_t)
++pdb_getgrnam: bool (GROUP_MAP *, const char *)
++pdb_getgrsid: bool (GROUP_MAP *, struct dom_sid)
++pdb_gethexhours: bool (const char *, unsigned char *)
++pdb_gethexpwd: bool (const char *, unsigned char *)
++pdb_getsampwnam: bool (struct samu *, const char *)
++pdb_getsampwsid: bool (struct samu *, const struct dom_sid *)
++pdb_gid_to_sid: bool (gid_t, struct dom_sid *)
++pdb_group_rid_to_gid: gid_t (uint32_t)
++pdb_increment_bad_password_count: bool (struct samu *)
++pdb_is_password_change_time_max: bool (time_t)
++pdb_is_responsible_for_builtin: bool (void)
++pdb_is_responsible_for_our_sam: bool (void)
++pdb_is_responsible_for_unix_groups: bool (void)
++pdb_is_responsible_for_unix_users: bool (void)
++pdb_is_responsible_for_wellknown: bool (void)
++pdb_lookup_rids: NTSTATUS (const struct dom_sid *, int, uint32_t *, const char **, enum lsa_SidType *)
++pdb_new_rid: bool (uint32_t *)
++pdb_nop_add_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
++pdb_nop_delete_group_mapping_entry: NTSTATUS (struct pdb_methods *, struct dom_sid)
++pdb_nop_enum_group_mapping: NTSTATUS (struct pdb_methods *, enum lsa_SidType, GROUP_MAP **, size_t *, bool)
++pdb_nop_getgrgid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, gid_t)
++pdb_nop_getgrnam: NTSTATUS (struct pdb_methods *, GROUP_MAP *, const char *)
++pdb_nop_getgrsid: NTSTATUS (struct pdb_methods *, GROUP_MAP *, struct dom_sid)
++pdb_nop_update_group_mapping_entry: NTSTATUS (struct pdb_methods *, GROUP_MAP *)
++pdb_rename_sam_account: NTSTATUS (struct samu *, const char *)
++pdb_search_aliases: struct pdb_search *(TALLOC_CTX *, const struct dom_sid *)
++pdb_search_entries: uint32_t (struct pdb_search *, uint32_t, uint32_t, struct samr_displayentry **)
++pdb_search_groups: struct pdb_search *(TALLOC_CTX *)
++pdb_search_init: struct pdb_search *(TALLOC_CTX *, enum pdb_search_type)
++pdb_search_users: struct pdb_search *(TALLOC_CTX *, uint32_t)
++pdb_set_account_policy: bool (enum pdb_policy_type, uint32_t)
++pdb_set_acct_ctrl: bool (struct samu *, uint32_t, enum pdb_value_state)
++pdb_set_acct_desc: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_aliasinfo: NTSTATUS (const struct dom_sid *, struct acct_info *)
++pdb_set_backend_private_data: bool (struct samu *, void *, void (*)(void **), const struct pdb_methods *, enum pdb_value_state)
++pdb_set_bad_password_count: bool (struct samu *, uint16_t, enum pdb_value_state)
++pdb_set_bad_password_time: bool (struct samu *, time_t, enum pdb_value_state)
++pdb_set_code_page: bool (struct samu *, uint16_t, enum pdb_value_state)
++pdb_set_comment: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_country_code: bool (struct samu *, uint16_t, enum pdb_value_state)
++pdb_set_dir_drive: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_domain: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_fullname: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_group_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
++pdb_set_group_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
++pdb_set_homedir: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_hours: bool (struct samu *, const uint8_t *, int, enum pdb_value_state)
++pdb_set_hours_len: bool (struct samu *, uint32_t, enum pdb_value_state)
++pdb_set_init_flags: bool (struct samu *, enum pdb_elements, enum pdb_value_state)
++pdb_set_kickoff_time: bool (struct samu *, time_t, enum pdb_value_state)
++pdb_set_lanman_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
++pdb_set_logoff_time: bool (struct samu *, time_t, enum pdb_value_state)
++pdb_set_logon_count: bool (struct samu *, uint16_t, enum pdb_value_state)
++pdb_set_logon_divs: bool (struct samu *, uint16_t, enum pdb_value_state)
++pdb_set_logon_script: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_logon_time: bool (struct samu *, time_t, enum pdb_value_state)
++pdb_set_munged_dial: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_nt_passwd: bool (struct samu *, const uint8_t *, enum pdb_value_state)
++pdb_set_nt_username: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_pass_can_change: bool (struct samu *, bool)
++pdb_set_pass_can_change_time: bool (struct samu *, time_t, enum pdb_value_state)
++pdb_set_pass_last_set_time: bool (struct samu *, time_t, enum pdb_value_state)
++pdb_set_plaintext_passwd: bool (struct samu *, const char *)
++pdb_set_plaintext_pw_only: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_profile_path: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_pw_history: bool (struct samu *, const uint8_t *, uint32_t, enum pdb_value_state)
++pdb_set_secret: NTSTATUS (const char *, DATA_BLOB *, DATA_BLOB *, struct security_descriptor *)
++pdb_set_trusted_domain: NTSTATUS (const char *, const struct pdb_trusted_domain *)
++pdb_set_trusteddom_pw: bool (const char *, const char *, const struct dom_sid *)
++pdb_set_unix_primary_group: NTSTATUS (TALLOC_CTX *, struct samu *)
++pdb_set_unknown_6: bool (struct samu *, uint32_t, enum pdb_value_state)
++pdb_set_upn_suffixes: NTSTATUS (uint32_t, const char **)
++pdb_set_user_sid: bool (struct samu *, const struct dom_sid *, enum pdb_value_state)
++pdb_set_user_sid_from_rid: bool (struct samu *, uint32_t, enum pdb_value_state)
++pdb_set_user_sid_from_string: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_username: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_set_workstations: bool (struct samu *, const char *, enum pdb_value_state)
++pdb_sethexhours: void (char *, const unsigned char *)
++pdb_sethexpwd: void (char *, const unsigned char *, uint32_t)
++pdb_sid_to_id: bool (const struct dom_sid *, struct unixid *)
++pdb_sid_to_id_unix_users_and_groups: bool (const struct dom_sid *, struct unixid *)
++pdb_uid_to_sid: bool (uid_t, struct dom_sid *)
++pdb_update_autolock_flag: bool (struct samu *, bool *)
++pdb_update_bad_password_count: bool (struct samu *, bool *)
++pdb_update_group_mapping_entry: NTSTATUS (GROUP_MAP *)
++pdb_update_login_attempts: NTSTATUS (struct samu *, bool)
++pdb_update_sam_account: NTSTATUS (struct samu *)
++privilege_create_account: NTSTATUS (const struct dom_sid *)
++privilege_delete_account: NTSTATUS (const struct dom_sid *)
++privilege_enum_sids: NTSTATUS (enum sec_privilege, TALLOC_CTX *, struct dom_sid **, int *)
++privilege_enumerate_accounts: NTSTATUS (struct dom_sid **, int *)
++revoke_all_privileges: bool (const struct dom_sid *)
++revoke_privilege_by_name: bool (const struct dom_sid *, const char *)
++revoke_privilege_set: bool (const struct dom_sid *, struct lsa_PrivilegeSet *)
++samu_alloc_rid_unix: NTSTATUS (struct pdb_methods *, struct samu *, const struct passwd *)
++samu_new: struct samu *(TALLOC_CTX *)
++samu_set_unix: NTSTATUS (struct samu *, const struct passwd *)
++secrets_trusted_domains: NTSTATUS (TALLOC_CTX *, uint32_t *, struct trustdom_info ***)
++sid_check_is_builtin: bool (const struct dom_sid *)
++sid_check_is_for_passdb: bool (const struct dom_sid *)
++sid_check_is_in_builtin: bool (const struct dom_sid *)
++sid_check_is_in_unix_groups: bool (const struct dom_sid *)
++sid_check_is_in_unix_users: bool (const struct dom_sid *)
++sid_check_is_in_wellknown_domain: bool (const struct dom_sid *)
++sid_check_is_unix_groups: bool (const struct dom_sid *)
++sid_check_is_unix_users: bool (const struct dom_sid *)
++sid_check_is_wellknown_builtin: bool (const struct dom_sid *)
++sid_check_is_wellknown_domain: bool (const struct dom_sid *, const char **)
++sid_check_object_is_for_passdb: bool (const struct dom_sid *)
++sid_to_gid: bool (const struct dom_sid *, gid_t *)
++sid_to_uid: bool (const struct dom_sid *, uid_t *)
++sids_to_unixids: bool (const struct dom_sid *, uint32_t, struct unixid *)
++smb_add_user_group: int (const char *, const char *)
++smb_create_group: int (const char *, gid_t *)
++smb_delete_group: int (const char *)
++smb_delete_user_group: int (const char *, const char *)
++smb_nscd_flush_group_cache: void (void)
++smb_nscd_flush_user_cache: void (void)
++smb_register_passdb: NTSTATUS (int, const char *, pdb_init_function)
++smb_set_primary_group: int (const char *, const char *)
++uid_to_sid: void (struct dom_sid *, uid_t)
++uid_to_unix_users_sid: void (uid_t, struct dom_sid *)
++unix_groups_domain_name: const char *(void)
++unix_users_domain_name: const char *(void)
++unixid_from_both: void (struct unixid *, uint32_t)
++unixid_from_gid: void (struct unixid *, uint32_t)
++unixid_from_uid: void (struct unixid *, uint32_t)
++wb_is_trusted_domain: wbcErr (const char *)
++winbind_allocate_gid: bool (gid_t *)
++winbind_allocate_uid: bool (uid_t *)
++winbind_get_groups: bool (TALLOC_CTX *, const char *, uint32_t *, gid_t **)
++winbind_get_sid_aliases: bool (TALLOC_CTX *, const struct dom_sid *, const struct dom_sid *, size_t, uint32_t **, size_t *)
++winbind_getpwnam: struct passwd *(const char *)
++winbind_getpwsid: struct passwd *(const struct dom_sid *)
++winbind_gid_to_sid: bool (struct dom_sid *, gid_t)
++winbind_lookup_name: bool (const char *, const char *, struct dom_sid *, enum lsa_SidType *)
++winbind_lookup_rids: bool (TALLOC_CTX *, const struct dom_sid *, int, uint32_t *, const char **, const char ***, enum lsa_SidType **)
++winbind_lookup_sid: bool (TALLOC_CTX *, const struct dom_sid *, const char **, const char **, enum lsa_SidType *)
++winbind_lookup_usersids: bool (TALLOC_CTX *, const struct dom_sid *, uint32_t *, struct dom_sid **)
++winbind_ping: bool (void)
++winbind_sid_to_gid: bool (gid_t *, const struct dom_sid *)
++winbind_sid_to_uid: bool (uid_t *, const struct dom_sid *)
++winbind_uid_to_sid: bool (struct dom_sid *, uid_t)
+diff --git a/source3/wscript_build b/source3/wscript_build
+index e0432bf..6d6b6aa 100755
+--- a/source3/wscript_build
++++ b/source3/wscript_build
+@@ -736,7 +736,7 @@ bld.SAMBA3_LIBRARY('pdb',
+ passdb/lookup_sid.h''',
+ abi_match=private_pdb_match,
+ abi_directory='passdb/ABI',
+- vnum='0',
++ vnum='0.1.0',
+ vars=locals())
+
+ bld.SAMBA3_LIBRARY('smbldaphelper',
+--
+1.8.5.2
+
+
+From 91debcafd196a9e821efddce0a9d75c48f8e168d Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 13 Dec 2013 19:08:34 +0100
+Subject: [PATCH 2/7] s3-auth: Add passwd_to_SamInfo3().
+
+First this function tries to contacts winbind if the user is a domain
+user to get valid information about it. If winbind isn't running it will
+try to create everything from the passwd struct. This is not always
+reliable but works in most cases. It improves the current situation
+which doesn't talk to winbind at all.
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 1bb11c7744df6928cb8a096373ab920366b38770)
+---
+ source3/auth/proto.h | 4 ++
+ source3/auth/server_info.c | 116 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 120 insertions(+)
+
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index 76661fc..8385e66 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -286,6 +286,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
+ const char *login_server,
+ struct netr_SamInfo3 **_info3,
+ struct extra_auth_info *extra);
++NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct netr_SamInfo3 **pinfo3);
+ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+ struct netr_SamInfo3 *orig);
+ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
+index d2b7d6e..46d8178 100644
+--- a/source3/auth/server_info.c
++++ b/source3/auth/server_info.c
+@@ -24,6 +24,7 @@
+ #include "../libcli/security/security.h"
+ #include "rpc_client/util_netlogon.h"
+ #include "nsswitch/libwbclient/wbclient.h"
++#include "lib/winbind_util.h"
+ #include "passdb.h"
+
+ #undef DBGC_CLASS
+@@ -436,6 +437,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
+ return NT_STATUS_OK;
+ }
+
++NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct netr_SamInfo3 **pinfo3)
++{
++ struct netr_SamInfo3 *info3;
++ NTSTATUS status;
++ TALLOC_CTX *tmp_ctx;
++ const char *domain_name = NULL;
++ const char *user_name = NULL;
++ struct dom_sid domain_sid;
++ struct dom_sid user_sid;
++ struct dom_sid group_sid;
++ enum lsa_SidType type;
++ uint32_t num_sids = 0;
++ struct dom_sid *user_sids = NULL;
++ bool ok;
++
++ tmp_ctx = talloc_stackframe();
++
++ ok = lookup_name_smbconf(tmp_ctx,
++ unix_username,
++ LOOKUP_NAME_ALL,
++ &domain_name,
++ &user_name,
++ &user_sid,
++ &type);
++ if (!ok) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
++
++ if (type != SID_NAME_USER) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
++
++ ok = winbind_lookup_usersids(tmp_ctx,
++ &user_sid,
++ &num_sids,
++ &user_sids);
++ /* Check if winbind is running */
++ if (ok) {
++ /*
++ * Winbind is running and the first element of the user_sids
++ * is the primary group.
++ */
++ if (num_sids > 0) {
++ group_sid = user_sids[0];
++ }
++ } else {
++ /*
++ * Winbind is not running, create the group_sid from the
++ * group id.
++ */
++ gid_to_sid(&group_sid, pwd->pw_gid);
++ }
++
++ /* Make sure we have a valid group sid */
++ ok = !is_null_sid(&group_sid);
++ if (!ok) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
++
++ /* Construct a netr_SamInfo3 from the information we have */
++ info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3);
++ if (!info3) {
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
++ }
++
++ info3->base.account_name.string = talloc_strdup(info3, unix_username);
++ if (info3->base.account_name.string == NULL) {
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
++ }
++
++ ZERO_STRUCT(domain_sid);
++
++ sid_copy(&domain_sid, &user_sid);
++ sid_split_rid(&domain_sid, &info3->base.rid);
++ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
++
++ ok = sid_peek_check_rid(&domain_sid, &group_sid,
++ &info3->base.primary_gid);
++ if (!ok) {
++ DEBUG(1, ("The primary group domain sid(%s) does not "
++ "match the domain sid(%s) for %s(%s)\n",
++ sid_string_dbg(&group_sid),
++ sid_string_dbg(&domain_sid),
++ unix_username,
++ sid_string_dbg(&user_sid)));
++ status = NT_STATUS_INVALID_SID;
++ goto done;
++ }
++
++ info3->base.acct_flags = ACB_NORMAL;
++
++ if (num_sids) {
++ status = group_sids_to_info3(info3, user_sids, num_sids);
++ if (!NT_STATUS_IS_OK(status)) {
++ goto done;
++ }
++ }
++
++ *pinfo3 = talloc_steal(mem_ctx, info3);
++
++ status = NT_STATUS_OK;
++done:
++ talloc_free(tmp_ctx);
++
++ return status;
++}
++
+ #undef RET_NOMEM
+
+ #define RET_NOMEM(ptr) do { \
+--
+1.8.5.2
+
+
+From c7b7670dc5cd8dbf727258666b6417d67afafb33 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 13 Dec 2013 19:11:01 +0100
+Subject: [PATCH 3/7] s3-auth: Pass talloc context to make_server_info_pw().
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 1b59c9743cf3fbd66b0b8b52162b2cc8d922e5cf)
+---
+ source3/auth/auth_unix.c | 7 +++++--
+ source3/auth/auth_util.c | 52 +++++++++++++++++++++++++++++-------------------
+ source3/auth/proto.h | 7 ++++---
+ source3/auth/user_krb5.c | 5 +----
+ 4 files changed, 42 insertions(+), 29 deletions(-)
+
+diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
+index c8b5435..7b483a2 100644
+--- a/source3/auth/auth_unix.c
++++ b/source3/auth/auth_unix.c
+@@ -67,8 +67,11 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
+ unbecome_root();
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+- if (pass) {
+- make_server_info_pw(server_info, pass->pw_name, pass);
++ if (pass != NULL) {
++ nt_status = make_server_info_pw(mem_ctx,
++ pass->pw_name,
++ pass,
++ server_info);
+ } else {
+ /* we need to do somthing more useful here */
+ nt_status = NT_STATUS_NO_SUCH_USER;
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index ceaa706..b225b0d 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -639,14 +639,15 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
+ to a struct samu
+ ***************************************************************************/
+
+-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+- char *unix_username,
+- struct passwd *pwd)
++NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct auth_serversupplied_info **server_info)
+ {
+ NTSTATUS status;
+ struct samu *sampass = NULL;
+ char *qualified_name = NULL;
+- TALLOC_CTX *mem_ctx = NULL;
++ TALLOC_CTX *tmp_ctx;
+ struct dom_sid u_sid;
+ enum lsa_SidType type;
+ struct auth_serversupplied_info *result;
+@@ -664,27 +665,27 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+ * plaintext passwords were used with no SAM backend.
+ */
+
+- mem_ctx = talloc_init("make_server_info_pw_tmp");
+- if (!mem_ctx) {
++ tmp_ctx = talloc_stackframe();
++ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
++ qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
+ unix_users_domain_name(),
+ unix_username );
+ if (!qualified_name) {
+- TALLOC_FREE(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
++ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
+ NULL, NULL,
+ &u_sid, &type)) {
+- TALLOC_FREE(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+- TALLOC_FREE(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+
+ if (type != SID_NAME_USER) {
+ return NT_STATUS_NO_SUCH_USER;
+@@ -707,7 +708,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+ /* set the user sid to be the calculated u_sid */
+ pdb_set_user_sid(sampass, &u_sid, PDB_SET);
+
+- result = make_server_info(NULL);
++ result = make_server_info(mem_ctx);
+ if (result == NULL) {
+ TALLOC_FREE(sampass);
+ return NT_STATUS_NO_MEMORY;
+@@ -992,25 +993,36 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
+ struct passwd *pwd;
+ NTSTATUS status;
+ struct auth_serversupplied_info *result;
++ TALLOC_CTX *tmp_ctx;
+
+- pwd = Get_Pwnam_alloc(talloc_tos(), username);
+- if (pwd == NULL) {
+- return NT_STATUS_NO_SUCH_USER;
++ tmp_ctx = talloc_stackframe();
++ if (tmp_ctx == NULL) {
++ return NT_STATUS_NO_MEMORY;
+ }
+
+- status = make_server_info_pw(&result, pwd->pw_name, pwd);
++ pwd = Get_Pwnam_alloc(tmp_ctx, username);
++ if (pwd == NULL) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
+
++ status = make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+- return status;
++ goto done;
+ }
+
+ result->nss_token = true;
+ result->guest = is_guest;
+
+ /* Now turn the server_info into a session_info with the full token etc */
+- status = create_local_token(mem_ctx, result, NULL, pwd->pw_name, session_info);
+- TALLOC_FREE(result);
+- TALLOC_FREE(pwd);
++ status = create_local_token(mem_ctx,
++ result,
++ NULL,
++ pwd->pw_name,
++ session_info);
++
++done:
++ talloc_free(tmp_ctx);
+
+ return status;
+ }
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index 8385e66..7abca07 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -206,9 +206,10 @@ bool user_in_group_sid(const char *username, const struct dom_sid *group_sid);
+ bool user_sid_in_group_sid(const struct dom_sid *sid, const struct dom_sid *group_sid);
+ bool user_in_group(const char *username, const char *groupname);
+ struct passwd;
+-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+- char *unix_username,
+- struct passwd *pwd);
++NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct auth_serversupplied_info **server_info);
+ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
+ const char *username,
+ bool is_guest,
+diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
+index 974a8aa..7d44285 100644
+--- a/source3/auth/user_krb5.c
++++ b/source3/auth/user_krb5.c
+@@ -242,7 +242,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
+ */
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", username));
+- status = make_server_info_pw(&tmp, username, pw);
++ status = make_server_info_pw(mem_ctx, username, pw, &tmp);
+ }
+
+ TALLOC_FREE(sampass);
+@@ -253,9 +253,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
+ return status;
+ }
+
+- /* Steal tmp server info into the server_info pointer. */
+- server_info = talloc_move(mem_ctx, &tmp);
+-
+ /* make_server_info_pw does not set the domain. Without this
+ * we end up with the local netbios name in substitutions for
+ * %D. */
+--
+1.8.5.2
+
+
+From 4fbd13598e8bdc6acf41329f71de806de4265f36 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 13 Dec 2013 19:19:02 +0100
+Subject: [PATCH 4/7] s3-auth: Add passwd_to_SamInfo3().
+
+Correctly lookup users which come from smb.conf. passwd_to_SamInfo3()
+tries to contact winbind if the user is a domain user to get
+valid information about it. If winbind isn't running it will try to
+create everything from the passwd struct. This is not always reliable
+but works in most cases. It improves the current situation which doesn't
+talk to winbind at all.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
+Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104
+
+(cherry picked from commit 40e6456b5896e934fcd581c2cac2389984256e09)
+---
+ source3/auth/auth_util.c | 87 +++++++++-------------------------------------
+ source3/auth/server_info.c | 22 ++++++++++--
+ 2 files changed, 36 insertions(+), 73 deletions(-)
+
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index b225b0d..24190af 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -645,98 +645,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
+ struct auth_serversupplied_info **server_info)
+ {
+ NTSTATUS status;
+- struct samu *sampass = NULL;
+- char *qualified_name = NULL;
+- TALLOC_CTX *tmp_ctx;
+- struct dom_sid u_sid;
+- enum lsa_SidType type;
++ TALLOC_CTX *tmp_ctx = NULL;
+ struct auth_serversupplied_info *result;
+
+- /*
+- * The SID returned in server_info->sam_account is based
+- * on our SAM sid even though for a pure UNIX account this should
+- * not be the case as it doesn't really exist in the SAM db.
+- * This causes lookups on "[in]valid users" to fail as they
+- * will lookup this name as a "Unix User" SID to check against
+- * the user token. Fix this by adding the "Unix User"\unix_username
+- * SID to the sid array. The correct fix should probably be
+- * changing the server_info->sam_account user SID to be a
+- * S-1-22 Unix SID, but this might break old configs where
+- * plaintext passwords were used with no SAM backend.
+- */
+-
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
+- unix_users_domain_name(),
+- unix_username );
+- if (!qualified_name) {
+- TALLOC_FREE(tmp_ctx);
+- return NT_STATUS_NO_MEMORY;
+- }
+-
+- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
+- NULL, NULL,
+- &u_sid, &type)) {
+- TALLOC_FREE(tmp_ctx);
+- return NT_STATUS_NO_SUCH_USER;
+- }
+-
+- TALLOC_FREE(tmp_ctx);
+-
+- if (type != SID_NAME_USER) {
+- return NT_STATUS_NO_SUCH_USER;
+- }
+-
+- if ( !(sampass = samu_new( NULL )) ) {
+- return NT_STATUS_NO_MEMORY;
+- }
+-
+- status = samu_set_unix( sampass, pwd );
+- if (!NT_STATUS_IS_OK(status)) {
+- return status;
+- }
+-
+- /* In pathological cases the above call can set the account
+- * name to the DOMAIN\username form. Reset the account name
+- * using unix_username */
+- pdb_set_username(sampass, unix_username, PDB_SET);
+-
+- /* set the user sid to be the calculated u_sid */
+- pdb_set_user_sid(sampass, &u_sid, PDB_SET);
+-
+- result = make_server_info(mem_ctx);
++ result = make_server_info(tmp_ctx);
+ if (result == NULL) {
+- TALLOC_FREE(sampass);
+- return NT_STATUS_NO_MEMORY;
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
+ }
+
+- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(),
+- &result->info3, &result->extra);
+- TALLOC_FREE(sampass);
++ status = passwd_to_SamInfo3(result,
++ unix_username,
++ pwd,
++ &result->info3);
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(10, ("Failed to convert samu to info3: %s\n",
+- nt_errstr(status)));
+- TALLOC_FREE(result);
+- return status;
++ goto done;
+ }
+
+ result->unix_name = talloc_strdup(result, unix_username);
+-
+ if (result->unix_name == NULL) {
+- TALLOC_FREE(result);
+- return NT_STATUS_NO_MEMORY;
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
+ }
+
+ result->utok.uid = pwd->pw_uid;
+ result->utok.gid = pwd->pw_gid;
+
+- *server_info = result;
++ *server_info = talloc_steal(mem_ctx, result);
++ status = NT_STATUS_OK;
++done:
++ talloc_free(tmp_ctx);
+
+- return NT_STATUS_OK;
++ return status;
+ }
+
+ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
+diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
+index 46d8178..43711d5 100644
+--- a/source3/auth/server_info.c
++++ b/source3/auth/server_info.c
+@@ -489,10 +489,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
+ }
+ } else {
+ /*
+- * Winbind is not running, create the group_sid from the
+- * group id.
++ * Winbind is not running, try to create the group_sid from the
++ * passwd group id.
++ */
++
++ /*
++ * This can lead to a primary group of S-1-22-2-XX which
++ * will be rejected by other Samba code.
+ */
+ gid_to_sid(&group_sid, pwd->pw_gid);
++
++ ZERO_STRUCT(domain_sid);
++
++ /*
++ * If we are a unix group, set the group_sid to the
++ * 'Domain Users' RID of 513 which will always resolve to a
++ * name.
++ */
++ if (sid_check_is_in_unix_groups(&group_sid)) {
++ sid_compose(&group_sid,
++ get_global_sam_sid(),
++ DOMAIN_RID_USERS);
++ }
+ }
+
+ /* Make sure we have a valid group sid */
+--
+1.8.5.2
+
+
+From 76bb5e0888f4131ab773d90160051a51c401c90d Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 18 Feb 2014 10:02:57 +0100
+Subject: [PATCH 5/7] s3-auth: Pass mem_ctx to make_server_info_sam().
+
+Coverity-Id: 1168009
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+
+Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 3dc72266005e87a291f5bf9847257e8c54314d39)
+---
+ source3/auth/check_samsec.c | 2 +-
+ source3/auth/proto.h | 5 ++--
+ source3/auth/server_info_sam.c | 56 +++++++++++++++++++++++++++---------------
+ source3/auth/user_krb5.c | 12 +++++----
+ 4 files changed, 47 insertions(+), 28 deletions(-)
+
+diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
+index 7ed8cc2..b6cac60 100644
+--- a/source3/auth/check_samsec.c
++++ b/source3/auth/check_samsec.c
+@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
+ }
+
+ become_root();
+- nt_status = make_server_info_sam(server_info, sampass);
++ nt_status = make_server_info_sam(mem_ctx, sampass, server_info);
+ unbecome_root();
+
+ TALLOC_FREE(sampass);
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index 7abca07..eac3e54 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -190,8 +190,9 @@ bool make_user_info_guest(const struct tsocket_address *remote_address,
+ struct auth_usersupplied_info **user_info);
+
+ struct samu;
+-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
+- struct samu *sampass);
++NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
++ struct samu *sampass,
++ struct auth_serversupplied_info **pserver_info);
+ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
+ const struct auth_serversupplied_info *server_info,
+ DATA_BLOB *session_key,
+diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
+index 5d657f9..47087b1 100644
+--- a/source3/auth/server_info_sam.c
++++ b/source3/auth/server_info_sam.c
+@@ -58,39 +58,51 @@ static bool is_our_machine_account(const char *username)
+ Make (and fill) a user_info struct from a struct samu
+ ***************************************************************************/
+
+-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
+- struct samu *sampass)
++NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
++ struct samu *sampass,
++ struct auth_serversupplied_info **pserver_info)
+ {
+ struct passwd *pwd;
+- struct auth_serversupplied_info *result;
++ struct auth_serversupplied_info *server_info;
+ const char *username = pdb_get_username(sampass);
++ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+
+- if ( !(result = make_server_info(NULL)) ) {
++ tmp_ctx = talloc_stackframe();
++ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- if ( !(pwd = Get_Pwnam_alloc(result, username)) ) {
++ server_info = make_server_info(tmp_ctx);
++ if (server_info == NULL) {
++ return NT_STATUS_NO_MEMORY;
++ }
++
++ pwd = Get_Pwnam_alloc(tmp_ctx, username);
++ if (pwd == NULL) {
+ DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
+ pdb_get_username(sampass)));
+- TALLOC_FREE(result);
+- return NT_STATUS_NO_SUCH_USER;
++ status = NT_STATUS_NO_SUCH_USER;
++ goto out;
+ }
+
+- status = samu_to_SamInfo3(result, sampass, lp_netbios_name(),
+- &result->info3, &result->extra);
++ status = samu_to_SamInfo3(server_info,
++ sampass,
++ lp_netbios_name(),
++ &server_info->info3,
++ &server_info->extra);
+ if (!NT_STATUS_IS_OK(status)) {
+- TALLOC_FREE(result);
+- return status;
++ goto out;
+ }
+
+- result->unix_name = pwd->pw_name;
+- /* Ensure that we keep pwd->pw_name, because we will free pwd below */
+- talloc_steal(result, pwd->pw_name);
+- result->utok.gid = pwd->pw_gid;
+- result->utok.uid = pwd->pw_uid;
++ server_info->unix_name = talloc_strdup(server_info, pwd->pw_name);
++ if (server_info->unix_name == NULL) {
++ status = NT_STATUS_NO_MEMORY;
++ goto out;
++ }
+
+- TALLOC_FREE(pwd);
++ server_info->utok.gid = pwd->pw_gid;
++ server_info->utok.uid = pwd->pw_uid;
+
+ if (IS_DC && is_our_machine_account(username)) {
+ /*
+@@ -110,9 +122,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
+ }
+
+ DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
+- pdb_get_username(sampass), result->unix_name));
++ pdb_get_username(sampass), server_info->unix_name));
++
++ *pserver_info = talloc_steal(mem_ctx, server_info);
+
+- *server_info = result;
++ status = NT_STATUS_OK;
++out:
++ talloc_free(tmp_ctx);
+
+- return NT_STATUS_OK;
++ return status;
+ }
+diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
+index 7d44285..e40c8ac 100644
+--- a/source3/auth/user_krb5.c
++++ b/source3/auth/user_krb5.c
+@@ -223,9 +223,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
+ * SID consistency with ntlmssp session setup
+ */
+ struct samu *sampass;
+- /* The stupid make_server_info_XX functions here
+- don't take a talloc context. */
+- struct auth_serversupplied_info *tmp = NULL;
+
+ sampass = samu_new(talloc_tos());
+ if (sampass == NULL) {
+@@ -235,14 +232,19 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
+ if (pdb_getsampwnam(sampass, username)) {
+ DEBUG(10, ("found user %s in passdb, calling "
+ "make_server_info_sam\n", username));
+- status = make_server_info_sam(&tmp, sampass);
++ status = make_server_info_sam(mem_ctx,
++ sampass,
++ &server_info);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+ */
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", username));
+- status = make_server_info_pw(mem_ctx, username, pw, &tmp);
++ status = make_server_info_pw(mem_ctx,
++ username,
++ pw,
++ &server_info);
+ }
+
+ TALLOC_FREE(sampass);
+--
+1.8.5.2
+
+
+From f9c0adb6237c6e60c33ee6af21f55c0cdefa132c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 18 Feb 2014 10:19:57 +0100
+Subject: [PATCH 6/7] s3-auth: Pass mem_ctx to auth_check_ntlm_password().
+
+Coverity-Id: 1168009
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+
+Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+(cherry picked from commit 4d792db03f18aa164b565c7fdc7b446c174fba28)
+---
+ source3/auth/auth.c | 50 ++++++++++++++++++-----------
+ source3/auth/auth_ntlmssp.c | 6 ++--
+ source3/auth/proto.h | 8 +++--
+ source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++--
+ source3/torture/pdbtest.c | 5 ++-
+ 5 files changed, 48 insertions(+), 27 deletions(-)
+
+diff --git a/source3/auth/auth.c b/source3/auth/auth.c
+index c3797cf..dc9af02 100644
+--- a/source3/auth/auth.c
++++ b/source3/auth/auth.c
+@@ -160,18 +160,19 @@ static bool check_domain_match(const char *user, const char *domain)
+ *
+ **/
+
+-NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+- const struct auth_usersupplied_info *user_info,
+- struct auth_serversupplied_info **server_info)
++NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
++ const struct auth_context *auth_context,
++ const struct auth_usersupplied_info *user_info,
++ struct auth_serversupplied_info **pserver_info)
+ {
+ /* if all the modules say 'not for me' this is reasonable */
+ NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
+ const char *unix_username;
+ auth_methods *auth_method;
+- TALLOC_CTX *mem_ctx;
+
+- if (!user_info || !auth_context || !server_info)
++ if (user_info == NULL || auth_context == NULL || pserver_info == NULL) {
+ return NT_STATUS_LOGON_FAILURE;
++ }
+
+ DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
+ user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
+@@ -205,17 +206,27 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ return NT_STATUS_LOGON_FAILURE;
+
+ for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
++ struct auth_serversupplied_info *server_info;
++ TALLOC_CTX *tmp_ctx;
+ NTSTATUS result;
+
+- mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
+- user_info->mapped.domain_name, user_info->client.account_name);
++ tmp_ctx = talloc_named(mem_ctx,
++ 0,
++ "%s authentication for user %s\\%s",
++ auth_method->name,
++ user_info->mapped.domain_name,
++ user_info->client.account_name);
+
+- result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
++ result = auth_method->auth(auth_context,
++ auth_method->private_data,
++ tmp_ctx,
++ user_info,
++ &server_info);
+
+ /* check if the module did anything */
+ if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) {
+ DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name));
+- talloc_destroy(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+ continue;
+ }
+
+@@ -229,19 +240,20 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
+ }
+
+- talloc_destroy(mem_ctx);
+-
+- if ( NT_STATUS_IS_OK(nt_status))
+- {
+- break;
++ if (NT_STATUS_IS_OK(nt_status)) {
++ *pserver_info = talloc_steal(mem_ctx, server_info);
++ TALLOC_FREE(tmp_ctx);
++ break;
+ }
++
++ TALLOC_FREE(tmp_ctx);
+ }
+
+ /* successful authentication */
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+- unix_username = (*server_info)->unix_name;
+- if (!(*server_info)->guest) {
++ unix_username = (*pserver_info)->unix_name;
++ if (!(*pserver_info)->guest) {
+ const char *rhost;
+
+ if (tsocket_address_is_inet(user_info->remote_host, "ip")) {
+@@ -270,9 +282,9 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ }
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+- DEBUG((*server_info)->guest ? 5 : 2,
++ DEBUG((*pserver_info)->guest ? 5 : 2,
+ ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
+- (*server_info)->guest ? "guest " : "",
++ (*pserver_info)->guest ? "guest " : "",
+ user_info->client.account_name,
+ user_info->mapped.account_name,
+ unix_username));
+@@ -286,7 +298,7 @@ NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
+ user_info->client.account_name, user_info->mapped.account_name,
+ nt_errstr(nt_status)));
+- ZERO_STRUCTP(server_info);
++ ZERO_STRUCTP(pserver_info);
+
+ return nt_status;
+ }
+diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
+index f99bd44..cb7726c 100644
+--- a/source3/auth/auth_ntlmssp.c
++++ b/source3/auth/auth_ntlmssp.c
+@@ -134,8 +134,10 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
+
+ mapped_user_info->flags = user_info->flags;
+
+- nt_status = auth_check_ntlm_password(auth_context,
+- mapped_user_info, &server_info);
++ nt_status = auth_check_ntlm_password(mem_ctx,
++ auth_context,
++ mapped_user_info,
++ &server_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index eac3e54..15b1ba0 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -65,6 +65,8 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
+ * struct. When the return is other than NT_STATUS_OK the contents
+ * of that structure is undefined.
+ *
++ * @param mem_ctx The memory context to use to allocate server_info
++ *
+ * @param user_info Contains the user supplied components, including the passwords.
+ * Must be created with make_user_info() or one of its wrappers.
+ *
+@@ -79,9 +81,9 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+-
+-NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+- const struct auth_usersupplied_info *user_info,
++NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
++ const struct auth_context *auth_context,
++ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info);
+
+ /* The following definitions come from auth/auth_builtin.c */
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index e5ca474..0c8c9a5 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -1650,8 +1650,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
+ } /* end switch */
+
+ if ( NT_STATUS_IS_OK(status) ) {
+- status = auth_check_ntlm_password(auth_context,
+- user_info, &server_info);
++ status = auth_check_ntlm_password(p->mem_ctx,
++ auth_context,
++ user_info,
++ &server_info);
+ }
+
+ TALLOC_FREE(auth_context);
+diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c
+index 17da455..14d58b9 100644
+--- a/source3/torture/pdbtest.c
++++ b/source3/torture/pdbtest.c
+@@ -304,7 +304,10 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry)
+ return False;
+ }
+
+- status = auth_check_ntlm_password(auth_context, user_info, &server_info);
++ status = auth_check_ntlm_password(mem_ctx,
++ auth_context,
++ user_info,
++ &server_info);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("Failed to test authentication with auth module: %s\n", nt_errstr(status)));
+--
+1.8.5.2
+
+
+From a48bcd84c59b5b2cb8c3e0f5d68b35065bed81d7 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 18 Feb 2014 13:52:49 +0100
+Subject: [PATCH 7/7] s3-auth: Pass mem_ctx to do_map_to_guest_server_info().
+
+Change-Id: If53117023e3ab37c810193edd00a81d247fdde7a
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
+Autobuild-Date(master): Wed Feb 19 01:28:14 CET 2014 on sn-devel-104
+
+(cherry picked from commit 79e2725f339e7c5336b4053348c4266268de6ca3)
+---
+ source3/auth/auth_ntlmssp.c | 7 ++++---
+ source3/auth/auth_util.c | 12 +++++++-----
+ source3/auth/proto.h | 8 +++++---
+ 3 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
+index cb7726c..d4fe901 100644
+--- a/source3/auth/auth_ntlmssp.c
++++ b/source3/auth/auth_ntlmssp.c
+@@ -151,10 +151,11 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
+ free_user_info(&mapped_user_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+- nt_status = do_map_to_guest_server_info(nt_status,
+- &server_info,
++ nt_status = do_map_to_guest_server_info(mem_ctx,
++ nt_status,
+ user_info->client.account_name,
+- user_info->client.domain_name);
++ user_info->client.domain_name,
++ &server_info);
+ *server_returned_info = talloc_steal(mem_ctx, server_info);
+ return nt_status;
+ }
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index 24190af..8cf5cb7 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -1536,9 +1536,11 @@ bool is_trusted_domain(const char* dom_name)
+ on a logon error possibly map the error to success if "map to guest"
+ is set approriately
+ */
+-NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
+- struct auth_serversupplied_info **server_info,
+- const char *user, const char *domain)
++NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
++ NTSTATUS status,
++ const char *user,
++ const char *domain,
++ struct auth_serversupplied_info **server_info)
+ {
+ user = user ? user : "";
+ domain = domain ? domain : "";
+@@ -1548,13 +1550,13 @@ NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
+ (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+ DEBUG(3,("No such user %s [%s] - using guest account\n",
+ user, domain));
+- return make_server_info_guest(NULL, server_info);
++ return make_server_info_guest(mem_ctx, server_info);
+ }
+ } else if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+ if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
+ DEBUG(3,("Registered username %s for guest access\n",
+ user));
+- return make_server_info_guest(NULL, server_info);
++ return make_server_info_guest(mem_ctx, server_info);
+ }
+ }
+
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index 15b1ba0..7b8959f 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -264,9 +264,11 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
+ enum auth_password_state password_state);
+ void free_user_info(struct auth_usersupplied_info **user_info);
+
+-NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
+- struct auth_serversupplied_info **server_info,
+- const char *user, const char *domain);
++NTSTATUS do_map_to_guest_server_info(TALLOC_CTX *mem_ctx,
++ NTSTATUS status,
++ const char *user,
++ const char *domain,
++ struct auth_serversupplied_info **server_info);
+
+ /* The following definitions come from auth/auth_winbind.c */
+
+--
+1.8.5.2
+
diff --git a/SOURCES/samba-4.1.5-fix_resource_leaks.patch b/SOURCES/samba-4.1.5-fix_resource_leaks.patch
new file mode 100644
index 0000000..b2c6e05
--- /dev/null
+++ b/SOURCES/samba-4.1.5-fix_resource_leaks.patch
@@ -0,0 +1,158 @@
+From d790112e74b684a516152e301d5a46c178bf437c Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 9 Jan 2014 14:50:18 +0100
+Subject: [PATCH 1/4] lib: Fix strict-aliasing warning in md5 code.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the compiler detects strict aliasing problems it isn't able to
+optimize the code.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Günther Deschner <gd@samba.org>
+(cherry picked from commit 615efa4ae84373ae8aefb36fcf7583338665429a)
+---
+ lib/crypto/md5.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/lib/crypto/md5.c b/lib/crypto/md5.c
+index b834c91..352f80f 100644
+--- a/lib/crypto/md5.c
++++ b/lib/crypto/md5.c
+@@ -137,9 +137,12 @@ _PUBLIC_ void MD5Final(uint8_t digest[16], MD5_CTX *ctx)
+ }
+ byteReverse(ctx->in, 14);
+
+- /* Append length in bits and transform */
+- ((uint32_t *) ctx->in)[14] = ctx->bits[0];
+- ((uint32_t *) ctx->in)[15] = ctx->bits[1];
++ /* Append length in bits and transform.
++ * Use memcpy to avoid strict-aliasing problems.
++ * This way it can be optimized.
++ */
++ memcpy(&ctx->in[14 * sizeof(uint32_t)], &ctx->bits[0], sizeof(uint32_t));
++ memcpy(&ctx->in[15 * sizeof(uint32_t)], &ctx->bits[1], sizeof(uint32_t));
+
+ MD5Transform(ctx->buf, (uint32_t *) ctx->in);
+ byteReverse((uint8_t *) ctx->buf, 4);
+--
+1.8.5.2
+
+
+From 38bae403ce6a8efaee5704328b47ec5b8300b5ed Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 9 Jan 2014 15:06:14 +0100
+Subject: [PATCH 2/4] s3-libads: Fix memory leaks in ads_build_path().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Günther Deschner <gd@samba.org>
+(cherry picked from commit c8371b4ec12f2dea6ce18724de59a23e04826c1d)
+---
+ source3/libads/ads_struct.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
+index fd7e417..30d433e 100644
+--- a/source3/libads/ads_struct.c
++++ b/source3/libads/ads_struct.c
+@@ -55,12 +55,14 @@ char *ads_build_path(const char *realm, const char *sep, const char *field, int
+ if (strlcpy(ret,field, len) >= len) {
+ /* Truncate ! */
+ free(r);
++ free(ret);
+ return NULL;
+ }
+ p=strtok_r(r, sep, &saveptr);
+ if (p) {
+ if (strlcat(ret, p, len) >= len) {
+ free(r);
++ free(ret);
+ return NULL;
+ }
+
+--
+1.8.5.2
+
+
+From 37eb6566dd18958cbe2f216aa9880e9455939426 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 9 Jan 2014 15:12:24 +0100
+Subject: [PATCH 3/4] wbinfo: Fix a memory leak in wbinfo_ping_dc().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Günther Deschner <gd@samba.org>
+(cherry picked from commit 541164d47a86bab90ef96a9be40b8c0997abdd61)
+---
+ nsswitch/wbinfo.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
+index 3f0310a..0a5ec40 100644
+--- a/nsswitch/wbinfo.c
++++ b/nsswitch/wbinfo.c
+@@ -838,6 +838,7 @@ static bool wbinfo_ping_dc(void)
+ dcname ? dcname : "",
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
++ wbcFreeMemory(dcname);
+ if (wbc_status == WBC_ERR_AUTH_ERROR) {
+ d_fprintf(stderr, "error code was %s (0x%x)\n",
+ error->nt_string, error->nt_status);
+--
+1.8.5.2
+
+
+From f203bfbd91a695f582a6c7ea2fae2c8f3c6825c9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 9 Jan 2014 15:20:21 +0100
+Subject: [PATCH 4/4] s3-passdb: Fix string duplication to pointers.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Günther Deschner <gd@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Thu Jan 9 22:35:25 CET 2014 on sn-devel-104
+
+(cherry picked from commit bff3ac250e9d4e7d91820eb53c28257aa38fff88)
+---
+ source3/passdb/py_passdb.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/source3/passdb/py_passdb.c b/source3/passdb/py_passdb.c
+index 3fd14cd..e1df75b 100644
+--- a/source3/passdb/py_passdb.c
++++ b/source3/passdb/py_passdb.c
+@@ -2269,8 +2269,18 @@ static PyObject *py_pdb_set_aliasinfo(pytalloc_Object *self, PyObject *args)
+
+ alias_sid = pytalloc_get_ptr(py_alias_sid);
+
+- fstrcpy(alias_info.acct_name, PyString_AsString(PyDict_GetItemString(py_alias_info, "acct_name")));
+- fstrcpy(alias_info.acct_desc, PyString_AsString(PyDict_GetItemString(py_alias_info, "acct_desc")));
++ alias_info.acct_name = talloc_strdup(frame, PyString_AsString(PyDict_GetItemString(py_alias_info, "acct_name")));
++ if (alias_info.acct_name == NULL) {
++ PyErr_Format(py_pdb_error, "Unable to allocate memory");
++ talloc_free(frame);
++ return NULL;
++ }
++ alias_info.acct_desc = talloc_strdup(frame, PyString_AsString(PyDict_GetItemString(py_alias_info, "acct_desc")));
++ if (alias_info.acct_desc == NULL) {
++ PyErr_Format(py_pdb_error, "Unable to allocate memory");
++ talloc_free(frame);
++ return NULL;
++ }
+
+ status = methods->set_aliasinfo(methods, alias_sid, &alias_info);
+ if (!NT_STATUS_IS_OK(status)) {
+--
+1.8.5.2
+
diff --git a/SOURCES/samba-4.1.6-fix_fragmented_rpc_handling.patch b/SOURCES/samba-4.1.6-fix_fragmented_rpc_handling.patch
new file mode 100644
index 0000000..467d37a
--- /dev/null
+++ b/SOURCES/samba-4.1.6-fix_fragmented_rpc_handling.patch
@@ -0,0 +1,162 @@
+From 44cf46b0bbb0abf5aebfbf2f2da713da65573175 Mon Sep 17 00:00:00 2001
+From: Gregor Beck <gbeck@sernet.de>
+Date: Thu, 9 Jan 2014 10:15:31 +0100
+Subject: [PATCH 1/2] s3:rpc_server: minor refactoring of process_request_pdu()
+
+Signed-off-by: Gregor Beck <gbeck@sernet.de>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Guenther Deschner <gd@samba.org>
+(cherry picked from commit b5f30205931a4b9d0b3b257d5855869e606f8b63)
+---
+ source3/rpc_server/srv_pipe.c | 25 ++++++++++---------------
+ 1 file changed, 10 insertions(+), 15 deletions(-)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index 894f12c..a5b74ed 100644
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -1561,24 +1561,19 @@ static bool process_request_pdu(struct pipes_struct *p, struct ncacn_packet *pkt
+ }
+ }
+
+- if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
+- bool ret = False;
+- /*
+- * Ok - we finally have a complete RPC stream.
+- * Call the rpc command to process it.
+- */
+-
+- /*
+- * Process the complete data stream here.
+- */
+- if (pipe_init_outgoing_data(p)) {
+- ret = api_pipe_request(p, pkt);
+- }
++ if (!(pkt->pfc_flags & DCERPC_PFC_FLAG_LAST)) {
++ return true;
++ }
+
+- return ret;
++ /*
++ * Ok - we finally have a complete RPC stream.
++ * Call the rpc command to process it.
++ */
++ if (!pipe_init_outgoing_data(p)) {
++ return false;
+ }
+
+- return True;
++ return api_pipe_request(p, pkt);
+ }
+
+ /****************************************************************************
+--
+1.9.0
+
+
+From 436aa053561b9b6ff4b991bf6a2f5196ed39dd38 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Thu, 20 Mar 2014 14:45:01 +0100
+Subject: [PATCH 2/2] s3-rpc_server: Fix handling of fragmented rpc requests.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We need to call pipe_init_outgoing_data() as the first thing in
+process_complete_pdu(). Otherwise the caller may use uninitialized
+memory and tries to write a response into the socket.
+
+The problem happens only if a real socket is used, which means
+in all cases for master and only with external rpc daemons in v4-0
+and v4-1.
+
+The problem looks like this in the logs.
+
+ [2014/03/20 14:49:35.531663, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1627(process_complete_pdu)
+ Processing packet type 0
+ [2014/03/20 14:49:35.531695, 10, pid=7309, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/srv_pipe.c:1472(dcesrv_auth_request)
+ Checking request auth.
+ [2014/03/20 14:49:35.531738, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:521(named_pipe_packet_process)
+ Sending 1 fragments in a total of 0 bytes
+ [2014/03/20 14:49:35.531769, 10, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:526(named_pipe_packet_process)
+ Sending PDU number: 0, PDU Length: 4294967228
+ [2014/03/20 14:49:35.531801, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:565(named_pipe_packet_done)
+ Writev failed!
+ [2014/03/20 14:49:35.531845, 2, pid=7309, effective(0, 0), real(0, 0)] ../source3/rpc_server/rpc_server.c:595(named_pipe_packet_done)
+ Fatal error(Message too long). Terminating client(127.0.0.1) connection!
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10481
+
+Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+Reviewed-by: Guenther Deschner <gd@samba.org
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Thu Mar 20 18:30:17 CET 2014 on sn-devel-104
+
+(cherry picked from commit 5277fc4d0393ffe2e415ad26610b36d2986c62d7)
+---
+ source3/rpc_server/srv_pipe.c | 19 +++++++------------
+ 1 file changed, 7 insertions(+), 12 deletions(-)
+
+diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
+index a5b74ed..7daff04 100644
+--- a/source3/rpc_server/srv_pipe.c
++++ b/source3/rpc_server/srv_pipe.c
+@@ -1569,9 +1569,6 @@ static bool process_request_pdu(struct pipes_struct *p, struct ncacn_packet *pkt
+ * Ok - we finally have a complete RPC stream.
+ * Call the rpc command to process it.
+ */
+- if (!pipe_init_outgoing_data(p)) {
+- return false;
+- }
+
+ return api_pipe_request(p, pkt);
+ }
+@@ -1621,6 +1618,10 @@ void process_complete_pdu(struct pipes_struct *p)
+
+ DEBUG(10, ("Processing packet type %u\n", (unsigned int)pkt->ptype));
+
++ if (!pipe_init_outgoing_data(p)) {
++ goto done;
++ }
++
+ switch (pkt->ptype) {
+ case DCERPC_PKT_REQUEST:
+ reply = process_request_pdu(p, pkt);
+@@ -1653,9 +1654,7 @@ void process_complete_pdu(struct pipes_struct *p)
+ /*
+ * We assume that a pipe bind is only in one pdu.
+ */
+- if (pipe_init_outgoing_data(p)) {
+- reply = api_pipe_bind_req(p, pkt);
+- }
++ reply = api_pipe_bind_req(p, pkt);
+ break;
+
+ case DCERPC_PKT_BIND_ACK:
+@@ -1670,9 +1669,7 @@ void process_complete_pdu(struct pipes_struct *p)
+ /*
+ * We assume that a pipe bind is only in one pdu.
+ */
+- if (pipe_init_outgoing_data(p)) {
+- reply = api_pipe_alter_context(p, pkt);
+- }
++ reply = api_pipe_alter_context(p, pkt);
+ break;
+
+ case DCERPC_PKT_ALTER_RESP:
+@@ -1684,9 +1681,7 @@ void process_complete_pdu(struct pipes_struct *p)
+ /*
+ * The third packet in an auth exchange.
+ */
+- if (pipe_init_outgoing_data(p)) {
+- reply = api_pipe_bind_auth3(p, pkt);
+- }
++ reply = api_pipe_bind_auth3(p, pkt);
+ break;
+
+ case DCERPC_PKT_SHUTDOWN:
+--
+1.9.0
+
diff --git a/SOURCES/samba-4.1.6-fix_ipv6_join.patch b/SOURCES/samba-4.1.6-fix_ipv6_join.patch
new file mode 100755
index 0000000..daa283e
--- /dev/null
+++ b/SOURCES/samba-4.1.6-fix_ipv6_join.patch
@@ -0,0 +1,266 @@
+From 168627e1877317db86471a4b0360dccd9f469aaa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 13 Jan 2014 15:59:26 +0100
+Subject: [PATCH 1/2] s3-kerberos: remove print_kdc_line() completely.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Just calling print_canonical_sockaddr() is sufficient, as it already deals with
+ipv6 as well. The port handling, which was only done for IPv6 (not IPv4), is
+removed as well. It was pointless because it always derived the port number from
+the provided address which was either a SMB (usually port 445) or LDAP
+connection. No KDC will ever run on port 389 or 445 on a Windows/Samba DC.
+Finally, the kerberos libraries that we support and build with, can deal with
+ipv6 addresses in krb5.conf, so we no longer put the (unnecessary) burden of
+resolving the DC name on the kerberos library anymore.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libads/kerberos.c | 73 ++++-------------------------------------------
+ 1 file changed, 5 insertions(+), 68 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index b026e09..ea14350 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -592,70 +592,6 @@ int kerberos_kinit_password(const char *principal,
+ /************************************************************************
+ ************************************************************************/
+
+-static char *print_kdc_line(char *mem_ctx,
+- const char *prev_line,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name)
+-{
+- char addr[INET6_ADDRSTRLEN];
+- uint16_t port = get_sockaddr_port(pss);
+-
+- if (pss->ss_family == AF_INET) {
+- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+- prev_line,
+- print_canonical_sockaddr(mem_ctx, pss));
+- }
+-
+- /*
+- * IPv6 starts here
+- */
+-
+- DEBUG(10, ("print_kdc_line: IPv6 case for kdc_name: %s, port: %d\n",
+- kdc_name, port));
+-
+- if (port != 0 && port != DEFAULT_KRB5_PORT) {
+- /* Currently for IPv6 we can't specify a non-default
+- krb5 port with an address, as this requires a ':'.
+- Resolve to a name. */
+- char hostname[MAX_DNS_NAME_LENGTH];
+- int ret = sys_getnameinfo((const struct sockaddr *)pss,
+- sizeof(*pss),
+- hostname, sizeof(hostname),
+- NULL, 0,
+- NI_NAMEREQD);
+- if (ret) {
+- DEBUG(0,("print_kdc_line: can't resolve name "
+- "for kdc with non-default port %s. "
+- "Error %s\n.",
+- print_canonical_sockaddr(mem_ctx, pss),
+- gai_strerror(ret)));
+- return NULL;
+- }
+- /* Success, use host:port */
+- return talloc_asprintf(mem_ctx,
+- "%s\tkdc = %s:%u\n",
+- prev_line,
+- hostname,
+- (unsigned int)port);
+- }
+-
+- /* no krb5 lib currently supports "kdc = ipv6 address"
+- * at all, so just fill in just the kdc_name if we have
+- * it and let the krb5 lib figure out the appropriate
+- * ipv6 address - gd */
+-
+- if (kdc_name) {
+- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+- prev_line, kdc_name);
+- }
+-
+- return talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+- prev_line,
+- print_sockaddr(addr,
+- sizeof(addr),
+- pss));
+-}
+-
+ /************************************************************************
+ Create a string list of available kdc's, possibly searching by sitename.
+ Does DNS queries.
+@@ -698,7 +634,8 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ char *result = NULL;
+ struct netlogon_samlogon_response **responses = NULL;
+ NTSTATUS status;
+- char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name);
++ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
++ print_canonical_sockaddr(mem_ctx, pss));
+
+ if (kdc_str == NULL) {
+ TALLOC_FREE(frame);
+@@ -788,9 +725,9 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ }
+
+ /* Append to the string - inefficient but not done often. */
+- new_kdc_str = print_kdc_line(mem_ctx, kdc_str,
+- &dc_addrs[i],
+- kdc_name);
++ new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
++ kdc_str,
++ print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
+ if (new_kdc_str == NULL) {
+ goto fail;
+ }
+--
+1.8.5.3
+
+
+From 3edb3d4084548960f03356cf4c44a6892e6efb84 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 7 Mar 2014 14:47:31 +0100
+Subject: [PATCH 2/2] s3-kerberos: remove unused kdc_name from
+ create_local_private_krb5_conf_for_domain().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libads/kerberos.c | 10 ++++------
+ source3/libads/kerberos_proto.h | 3 +--
+ source3/libnet/libnet_join.c | 3 +--
+ source3/libsmb/namequery_dc.c | 6 ++----
+ source3/winbindd/winbindd_cm.c | 6 ++----
+ 5 files changed, 10 insertions(+), 18 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index ea14350..649e568 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -618,8 +618,7 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
+ static char *get_kdc_ip_string(char *mem_ctx,
+ const char *realm,
+ const char *sitename,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name)
++ const struct sockaddr_storage *pss)
+ {
+ TALLOC_CTX *frame = talloc_stackframe();
+ int i;
+@@ -756,8 +755,7 @@ fail:
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name)
++ const struct sockaddr_storage *pss)
+ {
+ char *dname;
+ char *tmpname = NULL;
+@@ -782,7 +780,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ return false;
+ }
+
+- if (domain == NULL || pss == NULL || kdc_name == NULL) {
++ if (domain == NULL || pss == NULL) {
+ return false;
+ }
+
+@@ -815,7 +813,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ goto done;
+ }
+
+- kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss, kdc_name);
++ kdc_ip_string = get_kdc_ip_string(dname, realm, sitename, pss);
+ if (!kdc_ip_string) {
+ goto done;
+ }
+diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
+index f7470d2..2559634 100644
+--- a/source3/libads/kerberos_proto.h
++++ b/source3/libads/kerberos_proto.h
+@@ -62,8 +62,7 @@ int kerberos_kinit_password(const char *principal,
+ bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+- const struct sockaddr_storage *pss,
+- const char *kdc_name);
++ const struct sockaddr_storage *pss);
+
+ /* The following definitions come from libads/authdata.c */
+
+diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
+index a87eb38..68884cd 100644
+--- a/source3/libnet/libnet_join.c
++++ b/source3/libnet/libnet_join.c
+@@ -2152,8 +2152,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
+
+ create_local_private_krb5_conf_for_domain(
+ r->out.dns_domain_name, r->out.netbios_domain_name,
+- NULL, smbXcli_conn_remote_sockaddr(cli->conn),
+- smbXcli_conn_remote_name(cli->conn));
++ NULL, smbXcli_conn_remote_sockaddr(cli->conn));
+
+ if (r->out.domain_is_ad && r->in.account_ou &&
+ !(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE)) {
+diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
+index 3cfae79..eb34741 100644
+--- a/source3/libsmb/namequery_dc.c
++++ b/source3/libsmb/namequery_dc.c
+@@ -112,14 +112,12 @@ static bool ads_dc_name(const char *domain,
+ create_local_private_krb5_conf_for_domain(realm,
+ domain,
+ sitename,
+- &ads->ldap.ss,
+- ads->config.ldap_server_name);
++ &ads->ldap.ss);
+ } else {
+ create_local_private_krb5_conf_for_domain(realm,
+ domain,
+ NULL,
+- &ads->ldap.ss,
+- ads->config.ldap_server_name);
++ &ads->ldap.ss);
+ }
+ }
+ #endif
+diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
+index 669a43e..be13a57 100644
+--- a/source3/winbindd/winbindd_cm.c
++++ b/source3/winbindd/winbindd_cm.c
+@@ -1233,8 +1233,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+ create_local_private_krb5_conf_for_domain(domain->alt_name,
+ domain->name,
+ sitename,
+- pss,
+- *name);
++ pss);
+
+ SAFE_FREE(sitename);
+ } else {
+@@ -1242,8 +1241,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
+ create_local_private_krb5_conf_for_domain(domain->alt_name,
+ domain->name,
+ NULL,
+- pss,
+- *name);
++ pss);
+ }
+ winbindd_set_locator_kdc_envs(domain);
+
+--
+1.8.5.3
+
diff --git a/SOURCES/samba-4.1.6-fix_nbt_with_more_than_9_components.patch b/SOURCES/samba-4.1.6-fix_nbt_with_more_than_9_components.patch
new file mode 100644
index 0000000..2ed6596
--- /dev/null
+++ b/SOURCES/samba-4.1.6-fix_nbt_with_more_than_9_components.patch
@@ -0,0 +1,42 @@
+From 1545864a58c11e4b37f3950cdae457d3d2f5fd4e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 4 Feb 2014 16:38:46 +0100
+Subject: [PATCH] librpc/nbt: increase MAX_COMPONENTS limit for nbt_names.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+domains with more then 10 subdomains are not so uncommon.
+
+https://bugzilla.samba.org/show_bug.cgi?id=10439
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Günther Deschner <gd@samba.org>
+Autobuild-Date(master): Thu Feb 13 16:30:50 CET 2014 on sn-devel-104
+
+(cherry picked from commit 4e05bad0d18e351cb2a2db74860e77adea727c79)
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ librpc/ndr/ndr_nbt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c
+index f2a1ca3..842e972 100644
+--- a/librpc/ndr/ndr_nbt.c
++++ b/librpc/ndr/ndr_nbt.c
+@@ -27,7 +27,7 @@
+ #include "../libcli/netlogon/netlogon.h"
+
+ /* don't allow an unlimited number of name components */
+-#define MAX_COMPONENTS 10
++#define MAX_COMPONENTS 128
+
+ /**
+ print a nbt string
+--
+1.8.5.2
+
diff --git a/SOURCES/samba-4.1.6-fix_one_way_trusts.patch b/SOURCES/samba-4.1.6-fix_one_way_trusts.patch
new file mode 100644
index 0000000..7819bc8
--- /dev/null
+++ b/SOURCES/samba-4.1.6-fix_one_way_trusts.patch
@@ -0,0 +1,132 @@
+From 2b8174819ac31e662f1cd7092b3d122ad6ebb609 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Thu, 26 Sep 2013 01:20:10 +0200
+Subject: [PATCH 1/3] pidl:NDR/Client: fix dcerpc_function() with [out,ref]
+ pointers
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit f50b561336c7b6c08300e6e477859d1f9fab62c2)
+---
+ pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm
+index c796b46..fed94cd 100644
+--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm
++++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm
+@@ -693,6 +693,20 @@ sub ParseFunction_Sync($$$$)
+ }
+ $self->pidl("");
+
++ $self->pidl("/* Out parameters */");
++ foreach my $e (@{$fn->{ELEMENTS}}) {
++ next unless grep(/out/, @{$e->{DIRECTION}});
++
++ $self->ParseCopyArgument($fn, $e, "r.out.", "_");
++ }
++ $self->pidl("");
++
++ if (defined($fn->{RETURN_TYPE})) {
++ $self->pidl("/* Result */");
++ $self->pidl("ZERO_STRUCT(r.out.result);");
++ $self->pidl("");
++ }
++
+ $self->pidl("status = dcerpc_$name\_r(h, mem_ctx, &r);");
+ $self->pidl("if (!NT_STATUS_IS_OK(status)) {");
+ $self->indent;
+--
+1.7.9.5
+
+
+From a211a1dd984b6b55a7222987e5acda1c9b2a5e8b Mon Sep 17 00:00:00 2001
+From: Gregor Beck <gbeck@sernet.de>
+Date: Thu, 20 Feb 2014 13:14:31 +0100
+Subject: [PATCH 2/3] s3:winbindd: fix _wbint_LookupSids() on error
+
+We need to make sure that r->out.domains remains valid,
+otherwise we're not able to marshall the response.
+
+Note that wbint_LookupSids() has [out,ref] lsa_RefDomainList *domains,
+while lsa_LookupSids() has [out,ref] lsa_RefDomainList **domains.
+
+Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458
+Signed-off-by: Gregor Beck <gbeck@sernet.de>
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit 3413e64149702136429d7b5acaa7a52c49abf564)
+---
+ source3/winbindd/winbindd_dual_srv.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
+index e23d048..b873655 100644
+--- a/source3/winbindd/winbindd_dual_srv.c
++++ b/source3/winbindd/winbindd_dual_srv.c
+@@ -74,6 +74,7 @@ NTSTATUS _wbint_LookupSid(struct pipes_struct *p, struct wbint_LookupSid *r)
+ NTSTATUS _wbint_LookupSids(struct pipes_struct *p, struct wbint_LookupSids *r)
+ {
+ struct winbindd_domain *domain = wb_child_domain();
++ struct lsa_RefDomainList *domains = r->out.domains;
+ NTSTATUS status;
+
+ if (domain == NULL) {
+@@ -87,7 +88,12 @@ NTSTATUS _wbint_LookupSids(struct pipes_struct *p, struct wbint_LookupSids *r)
+ * done at the wbint RPC layer.
+ */
+ status = rpc_lookup_sids(p->mem_ctx, domain, r->in.sids,
+- &r->out.domains, &r->out.names);
++ &domains, &r->out.names);
++
++ if (domains != NULL) {
++ r->out.domains = domains;
++ }
++
+ reset_cm_connection_on_error(domain, status);
+ return status;
+ }
+--
+1.7.9.5
+
+
+From a1f5fd46627a9cff9bae645eeccff209978fa2ee Mon Sep 17 00:00:00 2001
+From: Gregor Beck <gbeck@sernet.de>
+Date: Thu, 20 Feb 2014 11:25:53 +0100
+Subject: [PATCH 3/3] s3:winbindd: avoid directly asking a trusted domain in
+ wb_lookupsids*()
+
+As a domain member we should always use a DC of our own domain.
+
+It would be possible to pass all sids in one single dcerpc_wbint_LookupSids()
+call. For now we just fix bug.
+
+Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10458
+Signed-off-by: Gregor Beck <gbeck@sernet.de>
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit 66fb0ce9557553a4c01607b517e65ac4c93841d0)
+---
+ source3/winbindd/wb_lookupsids.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
+index e10d511..b474220 100644
+--- a/source3/winbindd/wb_lookupsids.c
++++ b/source3/winbindd/wb_lookupsids.c
+@@ -320,7 +320,7 @@ static struct wb_lookupsids_domain *wb_lookupsids_get_domain(
+ }
+ }
+
+- wb_domain = find_domain_from_sid_noinit(sid);
++ wb_domain = find_lookup_domain_from_sid(sid);
+ if (wb_domain == NULL) {
+ return NULL;
+ }
+--
+1.7.9.5
+
diff --git a/SOURCES/samba-4.1.6-fix_pidl_install.patch b/SOURCES/samba-4.1.6-fix_pidl_install.patch
new file mode 100644
index 0000000..d1df233
--- /dev/null
+++ b/SOURCES/samba-4.1.6-fix_pidl_install.patch
@@ -0,0 +1,229 @@
+From 1124387625c3e24a4e8a100d2db83dec502bfa13 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 25 Feb 2014 16:04:24 +0100
+Subject: [PATCH 1/3] pidl: Install pidl files corrently.
+
+Globbing is a really bad idea in installtion system. One of them is if
+you use patch -b to create a backup, you will end up installing the
+backup file too!
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Kai Blin <kai@samba.org>
+(cherry picked from commit cee11cfa4544425099268cd32393169afb4bb107)
+---
+ pidl/lib/wscript_build | 31 ++++++++++++++++++++++++++++++-
+ pidl/wscript | 3 ---
+ 2 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/pidl/lib/wscript_build b/pidl/lib/wscript_build
+index eb5f1e0..9bddf3f 100644
+--- a/pidl/lib/wscript_build
++++ b/pidl/lib/wscript_build
+@@ -1,4 +1,33 @@
+ #!/usr/bin/env python
+
+ # install the pidl modules
+-bld.INSTALL_WILDCARD('${DATAROOTDIR}/perl5', '**/*.pm', flat=False)
++bld.INSTALL_FILES('${DATAROOTDIR}/perl5',
++ '''
++ Parse/Pidl.pm
++ Parse/Pidl/Samba4.pm
++ Parse/Pidl/CUtil.pm
++ Parse/Pidl/Expr.pm
++ Parse/Pidl/Wireshark/Conformance.pm
++ Parse/Pidl/Wireshark/NDR.pm
++ Parse/Pidl/ODL.pm
++ Parse/Pidl/Dump.pm
++ Parse/Pidl/Util.pm
++ Parse/Pidl/Samba4/Header.pm
++ Parse/Pidl/Samba4/COM/Header.pm
++ Parse/Pidl/Samba4/COM/Proxy.pm
++ Parse/Pidl/Samba4/COM/Stub.pm
++ Parse/Pidl/Samba4/TDR.pm
++ Parse/Pidl/Samba4/NDR/Server.pm
++ Parse/Pidl/Samba4/NDR/Client.pm
++ Parse/Pidl/Samba4/NDR/Parser.pm
++ Parse/Pidl/Samba4/Python.pm
++ Parse/Pidl/Samba4/Template.pm
++ Parse/Pidl/IDL.pm
++ Parse/Pidl/Typelist.pm
++ Parse/Pidl/Samba3/ClientNDR.pm
++ Parse/Pidl/Samba3/ServerNDR.pm
++ Parse/Pidl/Compat.pm
++ Parse/Pidl/NDR.pm
++ Parse/Yapp/Driver.pm
++ ''',
++ flat=False)
+diff --git a/pidl/wscript b/pidl/wscript
+index 7a25734..05d9982 100644
+--- a/pidl/wscript
++++ b/pidl/wscript
+@@ -26,9 +26,6 @@ def build(bld):
+ if not bld.CONFIG_SET('HAVE_PERL_MAKEMAKER'):
+ return
+
+- pidl_src = ['pidl']
+- pidl_src.extend(bld.path.ant_glob('lib/**/*.pm').split())
+-
+ pidl_manpages = {
+ 'pidl': 'man1/pidl.${PERLMAN1EXT}',
+ 'lib/Parse/Pidl/NDR.pm': 'man3/Parse::Pidl::NDR.${PERLMAN3EXT}',
+--
+1.8.5.2
+
+
+From b929788024a2d051f0ef5d94b566346147151062 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 25 Feb 2014 17:16:37 +0100
+Subject: [PATCH 2/3] waf: Add option to specify perl vendor dir.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Kai Blin <kai@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Thu Feb 27 11:48:54 CET 2014 on sn-devel-104
+
+(cherry picked from commit 9b200555fec2e33da9521db388d1839375aa8d83)
+---
+ buildtools/wafadmin/Tools/perl.py | 7 +++++++
+ pidl/lib/wscript_build | 2 +-
+ pidl/wscript | 2 ++
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/buildtools/wafadmin/Tools/perl.py b/buildtools/wafadmin/Tools/perl.py
+index a6787a8..90be8d8 100644
+--- a/buildtools/wafadmin/Tools/perl.py
++++ b/buildtools/wafadmin/Tools/perl.py
+@@ -103,7 +103,14 @@ def check_perl_ext_devel(conf):
+ else:
+ conf.env.ARCHDIR_PERL = read_out('print $Config{sitearch}')[0]
+
++ conf.env.VENDORDIR_PERL = Options.options.perlvendordir
++
+ def set_options(opt):
+ opt.add_option("--with-perl-binary", type="string", dest="perlbinary", help = 'Specify alternate perl binary', default=None)
+ opt.add_option("--with-perl-archdir", type="string", dest="perlarchdir", help = 'Specify directory where to install arch specific files', default=None)
+
++ opt.add_option("--with-perl-vendordir",
++ type="string",
++ dest="perlvendordir",
++ help="Specify directory where to install perl vendor files",
++ default='${DATAROOTDIR}/perl5/vendor_perl')
+diff --git a/pidl/lib/wscript_build b/pidl/lib/wscript_build
+index 9bddf3f..29632d4 100644
+--- a/pidl/lib/wscript_build
++++ b/pidl/lib/wscript_build
+@@ -1,7 +1,7 @@
+ #!/usr/bin/env python
+
+ # install the pidl modules
+-bld.INSTALL_FILES('${DATAROOTDIR}/perl5',
++bld.INSTALL_FILES(bld.env.VENDORDIR_PERL,
+ '''
+ Parse/Pidl.pm
+ Parse/Pidl/Samba4.pm
+diff --git a/pidl/wscript b/pidl/wscript
+index 05d9982..77abb01 100644
+--- a/pidl/wscript
++++ b/pidl/wscript
+@@ -8,6 +8,8 @@ def set_options(opt):
+
+ def configure(conf):
+ conf.check_tool('perl')
++ conf.check_perl_ext_devel()
++
+ # we need a recent version of MakeMaker to get the right man page names
+ if conf.CHECK_PERL_MANPAGE():
+ conf.env.PERLMAN1EXT = conf.CHECK_PERL_MANPAGE(section='1')
+--
+1.8.5.2
+
+
+From bbf583db46d258e9f406b4f4c3d73fe94bf3bfab Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Thu, 27 Feb 2014 13:14:56 +0100
+Subject: [PATCH 3/3] pidl: Make perl(Parse:Yapp:Driver) installation optional.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10472
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Thu Feb 27 18:47:03 CET 2014 on sn-devel-104
+
+(cherry picked from commit f0030c619bcf22dbe9eed54b2c0dc9c61f564838)
+---
+ pidl/lib/wscript_build | 6 +++++-
+ pidl/wscript | 25 ++++++++++++++++++++++++-
+ 2 files changed, 29 insertions(+), 2 deletions(-)
+
+diff --git a/pidl/lib/wscript_build b/pidl/lib/wscript_build
+index 29632d4..09d26eb 100644
+--- a/pidl/lib/wscript_build
++++ b/pidl/lib/wscript_build
+@@ -28,6 +28,10 @@ bld.INSTALL_FILES(bld.env.VENDORDIR_PERL,
+ Parse/Pidl/Samba3/ServerNDR.pm
+ Parse/Pidl/Compat.pm
+ Parse/Pidl/NDR.pm
+- Parse/Yapp/Driver.pm
+ ''',
+ flat=False)
++
++if not bld.CONFIG_SET('USING_SYSTEM_PARSE_YAPP_DRIVER'):
++ bld.INSTALL_FILES(bld.env.VENDORDIR_PERL,
++ 'Parse/Yapp/Driver.pm',
++ flat=False)
+diff --git a/pidl/wscript b/pidl/wscript
+index 77abb01..c7b72c4 100644
+--- a/pidl/wscript
++++ b/pidl/wscript
+@@ -1,6 +1,6 @@
+ #!/usr/bin/env python
+
+-import os, sys, Logs
++import os, sys, Logs, Options
+ from samba_utils import MODE_755
+
+ def set_options(opt):
+@@ -20,6 +20,9 @@ def configure(conf):
+ conf.find_program('yapp', var='YAPP')
+ conf.find_program('pod2man', var='POD2MAN')
+
++ # Check for perl(Parse::Yapp::Driver)
++ check_system_perl_module(conf, "Parse::Yapp::Driver", 1.05)
++
+ def build(bld):
+ bld.INSTALL_FILES('${BINDIR}', 'pidl', chmod=MODE_755)
+
+@@ -82,3 +85,23 @@ try this to avoid this message:
+ $ touch ../pidl/lib/Parse/Pidl/IDL.pm ../pidl/lib/Parse/Pidl/Expr.pm
+ ''')
+
++def check_system_perl_module(conf, module, version=None):
++ bundle_name = module.replace('::', '_')
++ module_check = module
++ found = False
++
++ # Create module string with version
++ if version:
++ module_check = module + ' ' + str(version)
++
++ # Check if we have to bundle it.
++ if conf.LIB_MUST_BE_BUNDLED(bundle_name.lower()):
++ return False
++
++ # Check for system perl module
++ if not conf.check_perl_module(module_check):
++ return False
++
++ conf.define('USING_SYSTEM_%s' % bundle_name.upper(), 1)
++
++ return True
+--
+1.8.5.2
+
diff --git a/SOURCES/samba-4.1.6-fix_printer_list_memleadk.patch b/SOURCES/samba-4.1.6-fix_printer_list_memleadk.patch
new file mode 100644
index 0000000..be7f64b
--- /dev/null
+++ b/SOURCES/samba-4.1.6-fix_printer_list_memleadk.patch
@@ -0,0 +1,35 @@
+From bfd3125066cfc722e244c9f651a3e5dafb8d005d Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Mon, 24 Feb 2014 16:18:31 -0800
+Subject: [PATCH] s3-printing: Fix obvious memory leak in
+ printer_list_get_printer().
+
+https://bugzilla.samba.org/show_bug.cgi?id=9993
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Ira Cooper <ira@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
+Autobuild-Date(master): Tue Feb 25 13:19:37 CET 2014 on sn-devel-104
+
+(cherry picked from commit 148bbdd8d04400b5d873f636671dd443952ca04f)
+---
+ source3/printing/printer_list.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c
+index 6e02ee5..7e89ec4 100644
+--- a/source3/printing/printer_list.c
++++ b/source3/printing/printer_list.c
+@@ -133,6 +133,7 @@ NTSTATUS printer_list_get_printer(TALLOC_CTX *mem_ctx,
+ done:
+ SAFE_FREE(nstr);
+ SAFE_FREE(cstr);
++ SAFE_FREE(lstr);
+ TALLOC_FREE(key);
+ return status;
+ }
+--
+1.8.5.2
+
diff --git a/SOURCES/samba-4.1.6-fix_service_with_force_user.patch b/SOURCES/samba-4.1.6-fix_service_with_force_user.patch
new file mode 100644
index 0000000..8754ae1
--- /dev/null
+++ b/SOURCES/samba-4.1.6-fix_service_with_force_user.patch
@@ -0,0 +1,69 @@
+From 34d4e883146bccda53422fa50a35ab25ca880d2e Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Mon, 17 Mar 2014 14:35:00 -0700
+Subject: [PATCH] s3: smbd: Fileserving share access checks.
+
+Git commit 86d1e1db8e2747e30c89627cda123fde1e84f579
+fixed share_access not being reset between users,
+by changing make_connection_snum() to call a common
+function check_user_share_access() in the same way
+that change_to_user() (which can be called on any
+incoming packet) does.
+
+Unfortunately that bugfix was incorrect and
+broke "force user" and "force group" as it
+called check_user_share_access() inside
+make_connection_snum() using the conn->session_info
+pointer instead of the vuser->session_info pointer.
+
+conn->session_info represents the token to use
+when actually accessing the file system, and so
+is modified by force user and force group.
+
+vuser->session_info represents the "pristine"
+token of the user logging in, and is never modified
+by force user and force group.
+
+Samba 3.6.x checked the share access based on
+the "pristine" token of the user logging in,
+not the token modified by force user and force group.
+This change restores the expected behavior.
+
+Fixes bug #9878 - force user does not work as expected
+
+https://bugzilla.samba.org/show_bug.cgi?id=9878
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+---
+ source3/smbd/service.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/source3/smbd/service.c b/source3/smbd/service.c
+index a7464f0..7d06551 100644
+--- a/source3/smbd/service.c
++++ b/source3/smbd/service.c
+@@ -614,11 +614,19 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn,
+ }
+
+ /*
+- * Set up the share security descriptor
++ * Set up the share security descriptor.
++ * NOTE - we use the *INCOMING USER* session_info
++ * here, as does (indirectly) change_to_user(),
++ * which can be called on any incoming packet.
++ * This way we set up the share access based
++ * on the authenticated user, not the forced
++ * user. See bug:
++ *
++ * https://bugzilla.samba.org/show_bug.cgi?id=9878
+ */
+
+ status = check_user_share_access(conn,
+- conn->session_info,
++ vuser->session_info,
+ &conn->share_access,
+ &conn->read_only);
+ if (!NT_STATUS_IS_OK(status)) {
+--
+1.9.0.279.gdc9e3eb
+
diff --git a/SOURCES/samba-4.1.6-ipv6_workaround.patch b/SOURCES/samba-4.1.6-ipv6_workaround.patch
new file mode 100644
index 0000000..b327812
--- /dev/null
+++ b/SOURCES/samba-4.1.6-ipv6_workaround.patch
@@ -0,0 +1,76 @@
+From 942dedb71437cd89932a7f39ca73d65c09aa59be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Wed, 2 Apr 2014 19:37:34 +0200
+Subject: [PATCH] s3-kerberos: make ipv6 support for generated krb5 config
+ files more robust.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Older MIT Kerberos libraries will add any secondary ipv6 address as
+ipv4 address, defining the (default) krb5 port 88 circumvents that.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+---
+ source3/libads/kerberos.c | 29 +++++++++++++++++++++++++++--
+ 1 file changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
+index 649e568..f3c23ea 100644
+--- a/source3/libads/kerberos.c
++++ b/source3/libads/kerberos.c
+@@ -615,6 +615,31 @@ static void add_sockaddr_unique(struct sockaddr_storage *addrs, int *num_addrs,
+ *num_addrs += 1;
+ }
+
++/* print_canonical_sockaddr prints an ipv6 addr in the form of
++* [ipv6.addr]. This string, when put in a generated krb5.conf file is not
++* always properly dealt with by some older krb5 libraries. Adding the hard-coded
++* portnumber workarounds the issue. - gd */
++
++static char *print_canonical_sockaddr_with_port(TALLOC_CTX *mem_ctx,
++ const struct sockaddr_storage *pss)
++{
++ char *str = NULL;
++
++ str = print_canonical_sockaddr(mem_ctx, pss);
++ if (str == NULL) {
++ return NULL;
++ }
++
++ if (pss->ss_family != AF_INET6) {
++ return str;
++ }
++
++#if defined(HAVE_IPV6)
++ str = talloc_asprintf_append(str, ":88");
++#endif
++ return str;
++}
++
+ static char *get_kdc_ip_string(char *mem_ctx,
+ const char *realm,
+ const char *sitename,
+@@ -634,7 +659,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ struct netlogon_samlogon_response **responses = NULL;
+ NTSTATUS status;
+ char *kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", "",
+- print_canonical_sockaddr(mem_ctx, pss));
++ print_canonical_sockaddr_with_port(mem_ctx, pss));
+
+ if (kdc_str == NULL) {
+ TALLOC_FREE(frame);
+@@ -726,7 +751,7 @@ static char *get_kdc_ip_string(char *mem_ctx,
+ /* Append to the string - inefficient but not done often. */
+ new_kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
+ kdc_str,
+- print_canonical_sockaddr(mem_ctx, &dc_addrs[i]));
++ print_canonical_sockaddr_with_port(mem_ctx, &dc_addrs[i]));
+ if (new_kdc_str == NULL) {
+ goto fail;
+ }
+--
+1.9.0
+
diff --git a/SOURCES/samba-4.1.6-net_ads_kerberos_pac.patch b/SOURCES/samba-4.1.6-net_ads_kerberos_pac.patch
new file mode 100644
index 0000000..26a4caf
--- /dev/null
+++ b/SOURCES/samba-4.1.6-net_ads_kerberos_pac.patch
@@ -0,0 +1,962 @@
+From 932490ae08578c37523e00e537017603ee00ce7c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 17 Jan 2014 14:29:03 +0100
+Subject: [PATCH 1/8] s3-libads: pass down local_service to
+ kerberos_return_pac().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libads/authdata.c | 6 +-----
+ source3/libads/kerberos_proto.h | 1 +
+ source3/utils/net_ads.c | 8 ++++++++
+ source3/winbindd/winbindd_pam.c | 9 +++++++++
+ 4 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
+index 801e551..dd80dc2 100644
+--- a/source3/libads/authdata.c
++++ b/source3/libads/authdata.c
+@@ -101,13 +101,13 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
++ const char *local_service,
+ struct PAC_LOGON_INFO **_logon_info)
+ {
+ krb5_error_code ret;
+ NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
+ DATA_BLOB tkt, tkt_wrapped, ap_rep, sesskey1;
+ const char *auth_princ = NULL;
+- const char *local_service = NULL;
+ const char *cc = "MEMORY:kerberos_return_pac";
+ struct auth_session_info *session_info;
+ struct gensec_security *gensec_server_context;
+@@ -141,10 +141,6 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ }
+ NT_STATUS_HAVE_NO_MEMORY(auth_princ);
+
+- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+- lp_netbios_name(), lp_realm());
+- NT_STATUS_HAVE_NO_MEMORY(local_service);
+-
+ ret = kerberos_kinit_password_ext(auth_princ,
+ pass,
+ time_offset,
+diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
+index 2559634..1151d66 100644
+--- a/source3/libads/kerberos_proto.h
++++ b/source3/libads/kerberos_proto.h
+@@ -77,6 +77,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
++ const char *local_service,
+ struct PAC_LOGON_INFO **logon_info);
+
+ /* The following definitions come from libads/krb5_setpw.c */
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index 89eebf3..5a073b1 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -2604,6 +2604,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ NTSTATUS status;
+ int ret = -1;
+ const char *impersonate_princ_s = NULL;
++ const char *local_service = NULL;
+
+ if (c->display_usage) {
+ d_printf( "%s\n"
+@@ -2623,6 +2624,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ impersonate_princ_s = argv[0];
+ }
+
++ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
++ lp_netbios_name(), lp_realm());
++ if (local_service == NULL) {
++ goto out;
++ }
++
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
+
+ status = kerberos_return_pac(mem_ctx,
+@@ -2636,6 +2643,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ true,
+ 2592000, /* one month */
+ impersonate_princ_s,
++ local_service,
+ &info);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf(_("failed to query kerberos PAC: %s\n"),
+diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
+index 3f3ec70..61e2cef 100644
+--- a/source3/winbindd/winbindd_pam.c
++++ b/source3/winbindd/winbindd_pam.c
+@@ -576,6 +576,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ time_t time_offset = 0;
+ const char *user_ccache_file;
+ struct PAC_LOGON_INFO *logon_info = NULL;
++ const char *local_service;
+
+ *info3 = NULL;
+
+@@ -632,6 +633,13 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ return NT_STATUS_NO_MEMORY;
+ }
+
++ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
++ lp_netbios_name(), lp_realm());
++ if (local_service == NULL) {
++ return NT_STATUS_NO_MEMORY;
++ }
++
++
+ /* if this is a user ccache, we need to act as the user to let the krb5
+ * library handle the chown, etc. */
+
+@@ -653,6 +661,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ true,
+ WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
+ NULL,
++ local_service,
+ &logon_info);
+ if (user_ccache_file != NULL) {
+ gain_root_privilege();
+--
+1.8.5.3
+
+
+From baed403983a5bb2e728249443fdfc9167a87f526 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 3 Mar 2014 12:14:51 +0100
+Subject: [PATCH 2/8] auth/kerberos: fix a typo.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ auth/kerberos/kerberos_pac.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
+index 81f7f21..8f55c8f 100644
+--- a/auth/kerberos/kerberos_pac.c
++++ b/auth/kerberos/kerberos_pac.c
+@@ -79,7 +79,7 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
+ }
+
+ /**
+-* @brief Decode a blob containing a NDR envoded PAC structure
++* @brief Decode a blob containing a NDR encoded PAC structure
+ *
+ * @param mem_ctx - The memory context
+ * @param pac_data_blob - The data blob containing the NDR encoded data
+--
+1.8.5.3
+
+
+From 9725a86e60bb6ef6e912621e81acc955ae2f70a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Mon, 10 Mar 2014 15:11:18 +0100
+Subject: [PATCH 3/8] s3-net: change the way impersonation principals are used
+ in "net ads kerberos pac".
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/utils/net_ads.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index 5a073b1..ac6346f 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -2605,6 +2605,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ int ret = -1;
+ const char *impersonate_princ_s = NULL;
+ const char *local_service = NULL;
++ int i;
+
+ if (c->display_usage) {
+ d_printf( "%s\n"
+@@ -2615,15 +2616,20 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ return 0;
+ }
+
++ for (i=0; i<argc; i++) {
++ if (strnequal(argv[i], "impersonate", strlen("impersonate"))) {
++ impersonate_princ_s = get_string_param(argv[i]);
++ if (impersonate_princ_s == NULL) {
++ return -1;
++ }
++ }
++ }
++
+ mem_ctx = talloc_init("net_ads_kerberos_pac");
+ if (!mem_ctx) {
+ goto out;
+ }
+
+- if (argc > 0) {
+- impersonate_princ_s = argv[0];
+- }
+-
+ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+ lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+--
+1.8.5.3
+
+
+From 35a1ed22f65473fabb2f4846f6d2b50da1847f6a Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 11 Mar 2014 16:34:36 +0100
+Subject: [PATCH 4/8] s3-net: allow to provide custom local_service in "net ads
+ kerberos pac".
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/utils/net_ads.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index ac6346f..c53c8c6 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -2623,6 +2623,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ return -1;
+ }
+ }
++ if (strnequal(argv[i], "local_service", strlen("local_service"))) {
++ local_service = get_string_param(argv[i]);
++ if (local_service == NULL) {
++ return -1;
++ }
++ }
+ }
+
+ mem_ctx = talloc_init("net_ads_kerberos_pac");
+@@ -2630,10 +2636,12 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ goto out;
+ }
+
+- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
+- lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+- goto out;
++ local_service = talloc_asprintf(mem_ctx, "%s$@%s",
++ lp_netbios_name(), lp_realm());
++ if (local_service == NULL) {
++ goto out;
++ }
+ }
+
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
+--
+1.8.5.3
+
+
+From 1270e35ba70a4e4881512d375c767023512f67bd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Fri, 21 Feb 2014 18:56:04 +0100
+Subject: [PATCH 5/8] s3-kerberos: return a full PAC in kerberos_return_pac().
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libads/authdata.c | 28 +++++++++++++++++-----------
+ source3/libads/kerberos_proto.h | 4 ++--
+ source3/utils/net_ads.c | 17 ++++++++++++++++-
+ source3/winbindd/winbindd_pam.c | 22 +++++++++++++++++++++-
+ 4 files changed, 56 insertions(+), 15 deletions(-)
+
+diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
+index dd80dc2..53e40ef 100644
+--- a/source3/libads/authdata.c
++++ b/source3/libads/authdata.c
+@@ -52,7 +52,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
+ struct auth_session_info **session_info)
+ {
+ TALLOC_CTX *tmp_ctx;
+- struct PAC_LOGON_INFO *logon_info = NULL;
++ struct PAC_DATA *pac_data = NULL;
+ NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
+
+ tmp_ctx = talloc_new(mem_ctx);
+@@ -61,16 +61,22 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
+ }
+
+ if (pac_blob) {
+- status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
+- NULL, NULL, 0, &logon_info);
++ status = kerberos_decode_pac(tmp_ctx,
++ *pac_blob,
++ NULL,
++ NULL,
++ NULL,
++ NULL,
++ 0,
++ &pac_data);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+ }
+
+- talloc_set_name_const(logon_info, "struct PAC_LOGON_INFO");
++ talloc_set_name_const(pac_data, "struct PAC_DATA");
+
+- auth_ctx->private_data = talloc_steal(auth_ctx, logon_info);
++ auth_ctx->private_data = talloc_steal(auth_ctx, pac_data);
+ *session_info = talloc_zero(mem_ctx, struct auth_session_info);
+ if (!*session_info) {
+ status = NT_STATUS_NO_MEMORY;
+@@ -102,7 +108,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ const char *local_service,
+- struct PAC_LOGON_INFO **_logon_info)
++ struct PAC_DATA **_pac_data)
+ {
+ krb5_error_code ret;
+ NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
+@@ -116,7 +122,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ size_t idx = 0;
+ struct auth4_context *auth_context;
+ struct loadparm_context *lp_ctx;
+- struct PAC_LOGON_INFO *logon_info = NULL;
++ struct PAC_DATA *pac_data = NULL;
+
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+@@ -272,15 +278,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ goto out;
+ }
+
+- logon_info = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
+- struct PAC_LOGON_INFO);
+- if (logon_info == NULL) {
++ pac_data = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
++ struct PAC_DATA);
++ if (pac_data == NULL) {
+ DEBUG(1,("no PAC\n"));
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+- *_logon_info = talloc_move(mem_ctx, &logon_info);
++ *_pac_data = talloc_move(mem_ctx, &pac_data);
+
+ out:
+ talloc_free(tmp_ctx);
+diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
+index 1151d66..b2f7486 100644
+--- a/source3/libads/kerberos_proto.h
++++ b/source3/libads/kerberos_proto.h
+@@ -32,7 +32,7 @@
+
+ #include "system/kerberos.h"
+
+-struct PAC_LOGON_INFO;
++struct PAC_DATA;
+
+ #include "libads/ads_status.h"
+
+@@ -78,7 +78,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ const char *local_service,
+- struct PAC_LOGON_INFO **logon_info);
++ struct PAC_DATA **pac_data);
+
+ /* The following definitions come from libads/krb5_setpw.c */
+
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index c53c8c6..19da6da 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -2600,6 +2600,7 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **
+ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
+ {
+ struct PAC_LOGON_INFO *info = NULL;
++ struct PAC_DATA *pac_data = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ NTSTATUS status;
+ int ret = -1;
+@@ -2658,13 +2659,27 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ 2592000, /* one month */
+ impersonate_princ_s,
+ local_service,
+- &info);
++ &pac_data);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf(_("failed to query kerberos PAC: %s\n"),
+ nt_errstr(status));
+ goto out;
+ }
+
++ for (i=0; i < pac_data->num_buffers; i++) {
++
++ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
++ continue;
++ }
++
++ info = pac_data->buffers[i].info->logon_info.info;
++ if (!info) {
++ goto out;
++ }
++
++ break;
++ }
++
+ if (info) {
+ const char *s;
+ s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
+diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
+index 61e2cef..a8daae51 100644
+--- a/source3/winbindd/winbindd_pam.c
++++ b/source3/winbindd/winbindd_pam.c
+@@ -576,7 +576,9 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ time_t time_offset = 0;
+ const char *user_ccache_file;
+ struct PAC_LOGON_INFO *logon_info = NULL;
++ struct PAC_DATA *pac_data = NULL;
+ const char *local_service;
++ int i;
+
+ *info3 = NULL;
+
+@@ -662,7 +664,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
+ NULL,
+ local_service,
+- &logon_info);
++ &pac_data);
+ if (user_ccache_file != NULL) {
+ gain_root_privilege();
+ }
+@@ -673,6 +675,24 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ goto failed;
+ }
+
++ if (pac_data == NULL) {
++ goto failed;
++ }
++
++ for (i=0; i < pac_data->num_buffers; i++) {
++
++ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
++ continue;
++ }
++
++ logon_info = pac_data->buffers[i].info->logon_info.info;
++ if (!logon_info) {
++ return NT_STATUS_INVALID_PARAMETER;
++ }
++
++ break;
++ }
++
+ *info3 = &logon_info->info3;
+
+ DEBUG(10,("winbindd_raw_kerberos_login: winbindd validated ticket of %s\n",
+--
+1.8.5.3
+
+
+From a8c2807a26d2f1ff094ed7ea5724c0394f79b888 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 11 Mar 2014 18:07:11 +0100
+Subject: [PATCH 6/8] s3-kerberos: let kerberos_return_pac() return a PAC
+ container.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/libads/authdata.c | 29 +++++++++++++++++++++--------
+ source3/libads/kerberos_proto.h | 7 ++++++-
+ source3/utils/net_ads.c | 5 ++++-
+ source3/winbindd/winbindd_pam.c | 8 +++++++-
+ 4 files changed, 38 insertions(+), 11 deletions(-)
+
+diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
+index 53e40ef..276408d 100644
+--- a/source3/libads/authdata.c
++++ b/source3/libads/authdata.c
+@@ -53,6 +53,7 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
+ {
+ TALLOC_CTX *tmp_ctx;
+ struct PAC_DATA *pac_data = NULL;
++ struct PAC_DATA_CTR *pac_data_ctr = NULL;
+ NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
+
+ tmp_ctx = talloc_new(mem_ctx);
+@@ -74,9 +75,21 @@ static NTSTATUS kerberos_fetch_pac(struct auth4_context *auth_ctx,
+ }
+ }
+
+- talloc_set_name_const(pac_data, "struct PAC_DATA");
++ pac_data_ctr = talloc(mem_ctx, struct PAC_DATA_CTR);
++ if (pac_data_ctr == NULL) {
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
++ }
++
++ talloc_set_name_const(pac_data_ctr, "struct PAC_DATA_CTR");
++
++ pac_data_ctr->pac_data = talloc_steal(pac_data_ctr, pac_data);
++ pac_data_ctr->pac_blob = data_blob_talloc(pac_data_ctr,
++ pac_blob->data,
++ pac_blob->length);
++
++ auth_ctx->private_data = talloc_steal(auth_ctx, pac_data_ctr);
+
+- auth_ctx->private_data = talloc_steal(auth_ctx, pac_data);
+ *session_info = talloc_zero(mem_ctx, struct auth_session_info);
+ if (!*session_info) {
+ status = NT_STATUS_NO_MEMORY;
+@@ -108,7 +121,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ const char *local_service,
+- struct PAC_DATA **_pac_data)
++ struct PAC_DATA_CTR **_pac_data_ctr)
+ {
+ krb5_error_code ret;
+ NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
+@@ -122,7 +135,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ size_t idx = 0;
+ struct auth4_context *auth_context;
+ struct loadparm_context *lp_ctx;
+- struct PAC_DATA *pac_data = NULL;
++ struct PAC_DATA_CTR *pac_data_ctr = NULL;
+
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
+@@ -278,15 +291,15 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ goto out;
+ }
+
+- pac_data = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
+- struct PAC_DATA);
+- if (pac_data == NULL) {
++ pac_data_ctr = talloc_get_type_abort(gensec_server_context->auth_context->private_data,
++ struct PAC_DATA_CTR);
++ if (pac_data_ctr == NULL) {
+ DEBUG(1,("no PAC\n"));
+ status = NT_STATUS_INVALID_PARAMETER;
+ goto out;
+ }
+
+- *_pac_data = talloc_move(mem_ctx, &pac_data);
++ *_pac_data_ctr = talloc_move(mem_ctx, &pac_data_ctr);
+
+ out:
+ talloc_free(tmp_ctx);
+diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
+index b2f7486..3d0ad4b 100644
+--- a/source3/libads/kerberos_proto.h
++++ b/source3/libads/kerberos_proto.h
+@@ -34,6 +34,11 @@
+
+ struct PAC_DATA;
+
++struct PAC_DATA_CTR {
++ DATA_BLOB pac_blob;
++ struct PAC_DATA *pac_data;
++};
++
+ #include "libads/ads_status.h"
+
+ /* The following definitions come from libads/kerberos.c */
+@@ -78,7 +83,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ const char *local_service,
+- struct PAC_DATA **pac_data);
++ struct PAC_DATA_CTR **pac_data_ctr);
+
+ /* The following definitions come from libads/krb5_setpw.c */
+
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index 19da6da..19c28b1 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -2601,6 +2601,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ {
+ struct PAC_LOGON_INFO *info = NULL;
+ struct PAC_DATA *pac_data = NULL;
++ struct PAC_DATA_CTR *pac_data_ctr = NULL;
+ TALLOC_CTX *mem_ctx = NULL;
+ NTSTATUS status;
+ int ret = -1;
+@@ -2659,13 +2660,15 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ 2592000, /* one month */
+ impersonate_princ_s,
+ local_service,
+- &pac_data);
++ &pac_data_ctr);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf(_("failed to query kerberos PAC: %s\n"),
+ nt_errstr(status));
+ goto out;
+ }
+
++ pac_data = pac_data_ctr->pac_data;
++
+ for (i=0; i < pac_data->num_buffers; i++) {
+
+ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
+diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
+index a8daae51..b41291e 100644
+--- a/source3/winbindd/winbindd_pam.c
++++ b/source3/winbindd/winbindd_pam.c
+@@ -577,6 +577,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ const char *user_ccache_file;
+ struct PAC_LOGON_INFO *logon_info = NULL;
+ struct PAC_DATA *pac_data = NULL;
++ struct PAC_DATA_CTR *pac_data_ctr = NULL;
+ const char *local_service;
+ int i;
+
+@@ -664,7 +665,7 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
+ NULL,
+ local_service,
+- &pac_data);
++ &pac_data_ctr);
+ if (user_ccache_file != NULL) {
+ gain_root_privilege();
+ }
+@@ -675,6 +676,11 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx,
+ goto failed;
+ }
+
++ if (pac_data_ctr == NULL) {
++ goto failed;
++ }
++
++ pac_data = pac_data_ctr->pac_data;
+ if (pac_data == NULL) {
+ goto failed;
+ }
+--
+1.8.5.3
+
+
+From 9e01f3cbc4752539128e5452f567ff2e73c3ec9d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 11 Mar 2014 18:14:39 +0100
+Subject: [PATCH 7/8] s3-net: modify the current "net ads kerberos pac"
+ command.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Rename it to "net ads kerberos pac dump" and add a "type=num" option to allow
+dumping of individial pac buffer types. Ommitting type= or using type=0 will
+dump the whole PAC structure on stdout.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/utils/net_ads.c | 115 ++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 77 insertions(+), 38 deletions(-)
+
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index 19c28b1..f54cf23 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -2597,27 +2597,15 @@ static int net_ads_kerberos_renew(struct net_context *c, int argc, const char **
+ return ret;
+ }
+
+-static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
++static int net_ads_kerberos_pac_common(struct net_context *c, int argc, const char **argv,
++ struct PAC_DATA_CTR **pac_data_ctr)
+ {
+- struct PAC_LOGON_INFO *info = NULL;
+- struct PAC_DATA *pac_data = NULL;
+- struct PAC_DATA_CTR *pac_data_ctr = NULL;
+- TALLOC_CTX *mem_ctx = NULL;
+ NTSTATUS status;
+ int ret = -1;
+ const char *impersonate_princ_s = NULL;
+ const char *local_service = NULL;
+ int i;
+
+- if (c->display_usage) {
+- d_printf( "%s\n"
+- "net ads kerberos pac [impersonation_principal]\n"
+- " %s\n",
+- _("Usage:"),
+- _("Dump the Kerberos PAC"));
+- return 0;
+- }
+-
+ for (i=0; i<argc; i++) {
+ if (strnequal(argv[i], "impersonate", strlen("impersonate"))) {
+ impersonate_princ_s = get_string_param(argv[i]);
+@@ -2633,13 +2621,8 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ }
+ }
+
+- mem_ctx = talloc_init("net_ads_kerberos_pac");
+- if (!mem_ctx) {
+- goto out;
+- }
+-
+ if (local_service == NULL) {
+- local_service = talloc_asprintf(mem_ctx, "%s$@%s",
++ local_service = talloc_asprintf(c, "%s$@%s",
+ lp_netbios_name(), lp_realm());
+ if (local_service == NULL) {
+ goto out;
+@@ -2648,7 +2631,7 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+
+ c->opt_password = net_prompt_pass(c, c->opt_user_name);
+
+- status = kerberos_return_pac(mem_ctx,
++ status = kerberos_return_pac(c,
+ c->opt_user_name,
+ c->opt_password,
+ 0,
+@@ -2660,39 +2643,95 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ 2592000, /* one month */
+ impersonate_princ_s,
+ local_service,
+- &pac_data_ctr);
++ pac_data_ctr);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_printf(_("failed to query kerberos PAC: %s\n"),
+ nt_errstr(status));
+ goto out;
+ }
+
+- pac_data = pac_data_ctr->pac_data;
++ ret = 0;
++ out:
++ return ret;
++}
+
+- for (i=0; i < pac_data->num_buffers; i++) {
++static int net_ads_kerberos_pac_dump(struct net_context *c, int argc, const char **argv)
++{
++ struct PAC_DATA_CTR *pac_data_ctr = NULL;
++ int i;
++ int ret = -1;
++ enum PAC_TYPE type = 0;
+
+- if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
+- continue;
++ if (c->display_usage) {
++ d_printf( "%s\n"
++ "net ads kerberos pac dump [impersonate=string] [local_service=string] [pac_buffer_type=int]\n"
++ " %s\n",
++ _("Usage:"),
++ _("Dump the Kerberos PAC"));
++ return -1;
++ }
++
++ for (i=0; i<argc; i++) {
++ if (strnequal(argv[i], "pac_buffer_type", strlen("pac_buffer_type"))) {
++ type = get_int_param(argv[i]);
+ }
++ }
+
+- info = pac_data->buffers[i].info->logon_info.info;
+- if (!info) {
+- goto out;
++ ret = net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr);
++ if (ret) {
++ return ret;
++ }
++
++ if (type == 0) {
++
++ char *s = NULL;
++
++ s = NDR_PRINT_STRUCT_STRING(c, PAC_DATA,
++ pac_data_ctr->pac_data);
++ if (s != NULL) {
++ d_printf(_("The Pac: %s\n"), s);
++ talloc_free(s);
+ }
+
+- break;
++ return 0;
+ }
+
+- if (info) {
+- const char *s;
+- s = NDR_PRINT_STRUCT_STRING(mem_ctx, PAC_LOGON_INFO, info);
+- d_printf(_("The Pac: %s\n"), s);
++ for (i=0; i < pac_data_ctr->pac_data->num_buffers; i++) {
++
++ char *s = NULL;
++
++ if (pac_data_ctr->pac_data->buffers[i].type != type) {
++ continue;
++ }
++
++ s = NDR_PRINT_UNION_STRING(c, PAC_INFO, type,
++ pac_data_ctr->pac_data->buffers[i].info);
++ if (s != NULL) {
++ d_printf(_("The Pac: %s\n"), s);
++ talloc_free(s);
++ }
++ break;
+ }
+
+- ret = 0;
+- out:
+- TALLOC_FREE(mem_ctx);
+- return ret;
++ return 0;
++}
++
++static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
++{
++ struct functable func[] = {
++ {
++ "dump",
++ net_ads_kerberos_pac_dump,
++ NET_TRANSPORT_ADS,
++ N_("Dump Kerberos PAC"),
++ N_("net ads kerberos pac dump\n"
++ " Dump a Kerberos PAC to stdout")
++ },
++
++ {NULL, NULL, 0, NULL, NULL}
++ };
++
++ return net_run_function(c, argc, argv, "net ads kerberos pac", func);
+ }
+
+ static int net_ads_kerberos_kinit(struct net_context *c, int argc, const char **argv)
+--
+1.8.5.3
+
+
+From 91ceace4ee8fd141cac5dbe5282bed141c38bee7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
+Date: Tue, 11 Mar 2014 18:16:40 +0100
+Subject: [PATCH 8/8] s3-net: add a new "net ads kerberos pac save" tool.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Use "filename=string" to define a file where to save the unencrypted PAC to.
+
+Guenther
+
+Signed-off-by: Günther Deschner <gd@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/utils/net_ads.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 52 insertions(+)
+
+diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
+index f54cf23..8b8e719 100644
+--- a/source3/utils/net_ads.c
++++ b/source3/utils/net_ads.c
+@@ -2716,6 +2716,50 @@ static int net_ads_kerberos_pac_dump(struct net_context *c, int argc, const char
+ return 0;
+ }
+
++static int net_ads_kerberos_pac_save(struct net_context *c, int argc, const char **argv)
++{
++ struct PAC_DATA_CTR *pac_data_ctr = NULL;
++ char *filename = NULL;
++ int ret = -1;
++ int i;
++
++ if (c->display_usage) {
++ d_printf( "%s\n"
++ "net ads kerberos pac save [impersonate=string] [local_service=string] [filename=string]\n"
++ " %s\n",
++ _("Usage:"),
++ _("Save the Kerberos PAC"));
++ return -1;
++ }
++
++ for (i=0; i<argc; i++) {
++ if (strnequal(argv[i], "filename", strlen("filename"))) {
++ filename = get_string_param(argv[i]);
++ if (filename == NULL) {
++ return -1;
++ }
++ }
++ }
++
++ ret = net_ads_kerberos_pac_common(c, argc, argv, &pac_data_ctr);
++ if (ret) {
++ return ret;
++ }
++
++ if (filename == NULL) {
++ d_printf(_("please define \"filename=<filename>\" to save the PAC\n"));
++ return -1;
++ }
++
++ /* save the raw format */
++ if (!file_save(filename, pac_data_ctr->pac_blob.data, pac_data_ctr->pac_blob.length)) {
++ d_printf(_("failed to save PAC in %s\n"), filename);
++ return -1;
++ }
++
++ return 0;
++}
++
+ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **argv)
+ {
+ struct functable func[] = {
+@@ -2727,6 +2771,14 @@ static int net_ads_kerberos_pac(struct net_context *c, int argc, const char **ar
+ N_("net ads kerberos pac dump\n"
+ " Dump a Kerberos PAC to stdout")
+ },
++ {
++ "save",
++ net_ads_kerberos_pac_save,
++ NET_TRANSPORT_ADS,
++ N_("Save Kerberos PAC"),
++ N_("net ads kerberos pac save\n"
++ " Save a Kerberos PAC in a file")
++ },
+
+ {NULL, NULL, 0, NULL, NULL}
+ };
+--
+1.8.5.3
+
diff --git a/SOURCES/samba-4.1.7-Make_daemons_systemd_aware.patch b/SOURCES/samba-4.1.7-Make_daemons_systemd_aware.patch
new file mode 100644
index 0000000..dea0af3
--- /dev/null
+++ b/SOURCES/samba-4.1.7-Make_daemons_systemd_aware.patch
@@ -0,0 +1,748 @@
+From 4be15cc68a49b353f1f2f4f198b968098bee4d83 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Tue, 25 Mar 2014 12:53:04 +0200
+Subject: [PATCH 1/5] add systemd integration
+
+Add --with-systemd / --without-systemd options to check whether
+libsystemd-daemon library is available and use it to report service
+startup status to systemd for smbd/winbindd/nmbd and AD DC.
+
+The problem it solves is correct reporting of the Samba services
+at the point when they are ready to serve clients, important for
+high availability software integration.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+(cherry picked from commit 54b5d9a7384ae27b2a26586ff909128427c05abe)
+---
+ lib/util/become_daemon.c | 37 ++++++++++++++++++++++++++++++++++++-
+ lib/util/samba_util.h | 12 ++++++++++++
+ lib/util/wscript_build | 2 +-
+ packaging/systemd/nmb.service | 3 ++-
+ packaging/systemd/samba.service | 3 ++-
+ packaging/systemd/smb.service | 3 ++-
+ packaging/systemd/winbind.service | 3 ++-
+ source3/nmbd/nmbd.c | 4 ++++
+ source3/smbd/server.c | 4 ++++
+ source3/winbindd/winbindd.c | 5 +++++
+ source4/smbd/server.c | 4 ++++
+ wscript | 27 +++++++++++++++++++++++----
+ 12 files changed, 97 insertions(+), 10 deletions(-)
+
+diff --git a/lib/util/become_daemon.c b/lib/util/become_daemon.c
+index 2ca0478..35c8b32 100644
+--- a/lib/util/become_daemon.c
++++ b/lib/util/become_daemon.c
+@@ -24,6 +24,9 @@
+ #include "includes.h"
+ #include "system/filesys.h"
+ #include "system/locale.h"
++#if HAVE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
+
+ /*******************************************************************
+ Close the low 3 fd's and open dev/null in their place.
+@@ -75,8 +78,13 @@ _PUBLIC_ void close_low_fds(bool stdin_too, bool stdout_too, bool stderr_too)
+
+ _PUBLIC_ void become_daemon(bool do_fork, bool no_process_group, bool log_stdout)
+ {
++ pid_t newpid;
+ if (do_fork) {
+- if (fork()) {
++ newpid = fork();
++ if (newpid) {
++#if HAVE_SYSTEMD
++ sd_notifyf(0, "READY=0\nSTATUS=Starting process...\nMAINPID=%lu", (unsigned long) newpid);
++#endif /* HAVE_SYSTEMD */
+ _exit(0);
+ }
+ }
+@@ -100,3 +108,30 @@ _PUBLIC_ void become_daemon(bool do_fork, bool no_process_group, bool log_stdout
+ * never close stderr (but debug might dup it onto a log file) */
+ close_low_fds(do_fork, !log_stdout, false);
+ }
++
++_PUBLIC_ void exit_daemon(const char *msg, int error)
++{
++#ifdef HAVE_SYSTEMD
++ if (msg == NULL) {
++ msg = strerror(error);
++ }
++
++ sd_notifyf(0, "STATUS=daemon failed to start: %s\n"
++ "ERRNO=%i",
++ msg,
++ error);
++#endif
++ DEBUG(0, ("STATUS=daemon failed to start: %s, error code %d\n", msg, error));
++ exit(1);
++}
++
++_PUBLIC_ void daemon_ready(const char *daemon)
++{
++ if (daemon == NULL) {
++ daemon = "Samba";
++ }
++#ifdef HAVE_SYSTEMD
++ sd_notifyf(0, "READY=1\nSTATUS=%s: ready to serve connections...", daemon);
++#endif
++ DEBUG(0, ("STATUS=daemon '%s' finished starting up and ready to serve connections", daemon));
++}
+diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
+index f52347e..2996710 100644
+--- a/lib/util/samba_util.h
++++ b/lib/util/samba_util.h
+@@ -842,6 +842,18 @@ _PUBLIC_ void close_low_fds(bool stdin_too, bool stdout_too, bool stderr_too);
+ _PUBLIC_ void become_daemon(bool do_fork, bool no_process_group, bool log_stdout);
+
+ /**
++ Exit daemon and print error message to the log at level 0
++ Optionally report failure to systemd if systemd integration is enabled
++**/
++_PUBLIC_ void exit_daemon(const char *msg, int error);
++
++/**
++ Report that the daemon is ready to serve connections to the log at level 0
++ Optionally report status to systemd if systemd integration is enabled
++**/
++_PUBLIC_ void daemon_ready(const char *daemon);
++
++/**
+ * @brief Get a password from the console.
+ *
+ * You should make sure that the buffer is an empty string!
+diff --git a/lib/util/wscript_build b/lib/util/wscript_build
+index 39a1613..5087116 100755
+--- a/lib/util/wscript_build
++++ b/lib/util/wscript_build
+@@ -10,7 +10,7 @@ bld.SAMBA_LIBRARY('samba-util',
+ server_id.c dprintf.c parmlist.c bitmap.c pidfile.c
+ tevent_debug.c util_process.c''',
+ deps='DYNCONFIG',
+- public_deps='talloc tevent execinfo uid_wrapper pthread LIBCRYPTO charset util_setid',
++ public_deps='talloc tevent execinfo uid_wrapper pthread LIBCRYPTO charset util_setid systemd-daemon',
+ public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h samba_util.h string_wrappers.h',
+ header_path= [ ('dlinklist.h samba_util.h', '.'), ('*', 'util') ],
+ local_include=False,
+diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service
+index e5e81a1..3d71a7d 100644
+--- a/packaging/systemd/nmb.service
++++ b/packaging/systemd/nmb.service
+@@ -3,7 +3,8 @@ Description=Samba NMB Daemon
+ After=syslog.target network.target
+
+ [Service]
+-Type=forking
++Type=notify
++NotifyAccess=all
+ PIDFile=/run/nmbd.pid
+ EnvironmentFile=-/etc/sysconfig/samba
+ ExecStart=/usr/sbin/nmbd $NMBDOPTIONS
+diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service
+index e2878d1..824f89c 100644
+--- a/packaging/systemd/samba.service
++++ b/packaging/systemd/samba.service
+@@ -3,7 +3,8 @@ Description=Samba AD Daemon
+ After=syslog.target network.target
+
+ [Service]
+-Type=forking
++Type=notify
++NotifyAccess=all
+ PIDFile=/run/samba.pid
+ LimitNOFILE=16384
+ EnvironmentFile=-/etc/sysconfig/samba
+diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service
+index d0d945a..9810891 100644
+--- a/packaging/systemd/smb.service
++++ b/packaging/systemd/smb.service
+@@ -3,7 +3,8 @@ Description=Samba SMB Daemon
+ After=syslog.target network.target nmb.service winbind.service
+
+ [Service]
+-Type=forking
++Type=notify
++NotifyAccess=all
+ PIDFile=/run/smbd.pid
+ LimitNOFILE=16384
+ EnvironmentFile=-/etc/sysconfig/samba
+diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service
+index eff266f..f711a17 100644
+--- a/packaging/systemd/winbind.service
++++ b/packaging/systemd/winbind.service
+@@ -3,7 +3,8 @@ Description=Samba Winbind Daemon
+ After=syslog.target network.target nmb.service
+
+ [Service]
+-Type=forking
++Type=notify
++NotifyAccess=all
+ PIDFile=/run/winbindd.pid
+ EnvironmentFile=-/etc/sysconfig/samba
+ ExecStart=/usr/sbin/winbindd "$WINBINDOPTIONS"
+diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
+index ec0e7d0..aced774 100644
+--- a/source3/nmbd/nmbd.c
++++ b/source3/nmbd/nmbd.c
+@@ -1088,6 +1088,10 @@ static bool open_sockets(bool isdaemon, int port)
+ exit(1);
+ }
+
++ if (is_daemon && !opt_interactive) {
++ daemon_ready("nmbd");
++ }
++
+ TALLOC_FREE(frame);
+ process(msg);
+
+diff --git a/source3/smbd/server.c b/source3/smbd/server.c
+index d3cd33e..b2a9d8f 100644
+--- a/source3/smbd/server.c
++++ b/source3/smbd/server.c
+@@ -1489,6 +1489,10 @@ extern void build_options(bool screen);
+ exit(1);
+ }
+
++ if (is_daemon && !interactive) {
++ daemon_ready("smbd");
++ }
++
+ /* only start other daemons if we are running as a daemon
+ * -- bad things will happen if smbd is launched via inetd
+ * and we fork a copy of ourselves here */
+diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
+index 50573ac..61c1dbc 100644
+--- a/source3/winbindd/winbindd.c
++++ b/source3/winbindd/winbindd.c
+@@ -1581,6 +1581,11 @@ int main(int argc, char **argv, char **envp)
+ }
+
+ TALLOC_FREE(frame);
++
++ if (!interactive) {
++ daemon_ready("winbindd");
++ }
++
+ /* Loop waiting for requests */
+ while (1) {
+ frame = talloc_stackframe();
+diff --git a/source4/smbd/server.c b/source4/smbd/server.c
+index 37aac62..3a23190 100644
+--- a/source4/smbd/server.c
++++ b/source4/smbd/server.c
+@@ -498,6 +498,10 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
+ return 1;
+ }
+
++ if (opt_daemon) {
++ daemon_ready("samba");
++ }
++
+ /* wait for events - this is where smbd sits for most of its
+ life */
+ tevent_loop_wait(event_ctx);
+diff --git a/wscript b/wscript
+index 83c82e3..2f02c6e 100644
+--- a/wscript
++++ b/wscript
+@@ -64,8 +64,15 @@ def set_options(opt):
+ help=("Disable Position Independent Executable builds"),
+ action="store_false", dest='enable_pie')
+
+- gr = opt.option_group('developer options')
++ opt.add_option('--with-systemd',
++ help=("Enable systemd integration"),
++ action='store_true', dest='enable_systemd')
++
++ opt.add_option('--without-systemd',
++ help=("Disable systemd integration"),
++ action='store_false', dest='enable_systemd')
+
++ gr = opt.option_group('developer options')
+
+ opt.tool_options('python') # options for disabling pyc or pyo compilation
+ # enable options related to building python extensions
+@@ -162,11 +169,8 @@ def configure(conf):
+ if not conf.CHECK_CODE('#include "tests/summary.c"',
+ define='SUMMARY_PASSES',
+ addmain=False,
+- execute=True,
+ msg='Checking configure summary'):
+ raise Utils.WafError('configure summary failed')
+-
+- conf.SAMBA_CONFIG_H('include/config.h')
+
+ if Options.options.enable_pie != False:
+ if Options.options.enable_pie == True:
+@@ -178,6 +182,21 @@ def configure(conf):
+ msg="Checking compiler for PIE support"):
+ conf.env['ENABLE_PIE'] = True
+
++ if Options.options.enable_systemd != False:
++ conf.check_cfg(package='libsystemd-daemon', args='--cflags --libs',
++ msg='Checking for libsystemd-daemon', uselib_store="SYSTEMD-DAEMON")
++ conf.CHECK_HEADERS('systemd/sd-daemon.h', lib='systemd-daemon')
++ conf.CHECK_LIB('systemd-daemon', shlib=True)
++
++ if conf.CONFIG_SET('HAVE_SYSTEMD_SD_DAEMON_H'):
++ conf.DEFINE('HAVE_SYSTEMD', '1')
++ conf.env['ENABLE_SYSTEMD'] = True
++ else:
++ conf.SET_TARGET_TYPE('systemd-daemon', 'EMPTY')
++ conf.undefine('HAVE_SYSTEMD')
++
++ conf.SAMBA_CONFIG_H('include/config.h')
++
+ def etags(ctx):
+ '''build TAGS file using etags'''
+ import Utils
+--
+1.8.5.3
+
+
+From a6250f706655bd8fda81fe15ccc9441f7d4e1c84 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Wed, 26 Mar 2014 10:56:12 +0200
+Subject: [PATCH 2/5] smbd: use exit_daemon() to support reporting to systemd
+ from smbd
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/smbd/server.c | 44 +++++++++++++++++++-------------------------
+ 1 file changed, 19 insertions(+), 25 deletions(-)
+
+diff --git a/source3/smbd/server.c b/source3/smbd/server.c
+index b2a9d8f..34c949d 100644
+--- a/source3/smbd/server.c
++++ b/source3/smbd/server.c
+@@ -1314,8 +1314,7 @@ extern void build_options(bool screen);
+ ev_ctx,
+ false);
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0,("reinit_after_fork() failed\n"));
+- exit(1);
++ exit_daemon("reinit_after_fork() failed", map_errno_from_nt_status(status));
+ }
+
+ if (!interactive) {
+@@ -1326,8 +1325,7 @@ extern void build_options(bool screen);
+ */
+ status = init_before_fork();
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0, ("init_before_fork failed: %s\n", nt_errstr(status)));
+- exit(1);
++ exit_daemon(nt_errstr(status), map_errno_from_nt_status(status));
+ }
+ }
+
+@@ -1360,7 +1358,7 @@ extern void build_options(bool screen);
+ /* Setup all the TDB's - including CLEAR_IF_FIRST tdb's. */
+
+ if (smbd_memcache() == NULL) {
+- exit(1);
++ exit_daemon("no memcache available", EACCES);
+ }
+
+ memcache_set_global(smbd_memcache());
+@@ -1372,69 +1370,65 @@ extern void build_options(bool screen);
+ exit(1);
+
+ if (!secrets_init()) {
+- DEBUG(0, ("ERROR: smbd can not open secrets.tdb\n"));
+- exit(1);
++ exit_daemon("smbd can not open secrets.tdb", EACCES);
+ }
+
+ if (lp_server_role() == ROLE_DOMAIN_BDC || lp_server_role() == ROLE_DOMAIN_PDC) {
+ struct loadparm_context *lp_ctx = loadparm_init_s3(NULL, loadparm_s3_helpers());
+ if (!open_schannel_session_store(NULL, lp_ctx)) {
+- DEBUG(0,("ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n"));
+- exit(1);
++ exit_daemon("ERROR: Samba cannot open schannel store for secured NETLOGON operations.", EACCES);
+ }
+ TALLOC_FREE(lp_ctx);
+ }
+
+ if(!get_global_sam_sid()) {
+- DEBUG(0,("ERROR: Samba cannot create a SAM SID.\n"));
+- exit(1);
++ exit_daemon("Samba cannot create a SAM SID", EACCES);
+ }
+
+ server_id = messaging_server_id(msg_ctx);
+ status = smbXsrv_version_global_init(&server_id);
+ if (!NT_STATUS_IS_OK(status)) {
+- exit(1);
++ exit_daemon("Samba cannot init server context", EACCES);
+ }
+
+ status = smbXsrv_session_global_init();
+ if (!NT_STATUS_IS_OK(status)) {
+- exit(1);
++ exit_daemon("Samba cannot init session context", EACCES);
+ }
+
+ status = smbXsrv_tcon_global_init();
+ if (!NT_STATUS_IS_OK(status)) {
+- exit(1);
++ exit_daemon("Samba cannot init tcon context", EACCES);
+ }
+
+ if (!locking_init())
+- exit(1);
++ exit_daemon("Samba cannot init locking", EACCES);
+
+ if (!messaging_tdb_parent_init(ev_ctx)) {
+- exit(1);
++ exit_daemon("Samba cannot init TDB messaging", EACCES);
+ }
+
+ if (!smbd_parent_notify_init(NULL, msg_ctx, ev_ctx)) {
+- exit(1);
++ exit_daemon("Samba cannot init notification", EACCES);
+ }
+
+ if (!smbd_scavenger_init(NULL, msg_ctx, ev_ctx)) {
+- exit(1);
++ exit_daemon("Samba cannot init scavenging", EACCES);
+ }
+
+ if (!serverid_parent_init(ev_ctx)) {
+- exit(1);
++ exit_daemon("Samba cannot init server id", EACCES);
+ }
+
+ if (!W_ERROR_IS_OK(registry_init_full()))
+- exit(1);
++ exit_daemon("Samba cannot init registry", EACCES);
+
+ /* Open the share_info.tdb here, so we don't have to open
+ after the fork on every single connection. This is a small
+ performance improvment and reduces the total number of system
+ fds used. */
+ if (!share_info_db_init()) {
+- DEBUG(0,("ERROR: failed to load share info db.\n"));
+- exit(1);
++ exit_daemon("ERROR: failed to load share info db.", EACCES);
+ }
+
+ status = init_system_session_info();
+@@ -1455,7 +1449,7 @@ extern void build_options(bool screen);
+ }
+ status = smbXsrv_open_global_init();
+ if (!NT_STATUS_IS_OK(status)) {
+- exit(1);
++ exit_daemon("Samba cannot init global open", map_errno_from_nt_status(status));
+ }
+
+ /* This MUST be done before start_epmd() because otherwise
+@@ -1486,7 +1480,7 @@ extern void build_options(bool screen);
+ }
+
+ if (!dcesrv_ep_setup(ev_ctx, msg_ctx)) {
+- exit(1);
++ exit_daemon("Samba cannot setup ep pipe", EACCES);
+ }
+
+ if (is_daemon && !interactive) {
+@@ -1507,7 +1501,7 @@ extern void build_options(bool screen);
+ bool bgq = lp_parm_bool(-1, "smbd", "backgroundqueue", true);
+
+ if (!printing_subsystem_init(ev_ctx, msg_ctx, true, bgq)) {
+- exit(1);
++ exit_daemon("Samba failed to init printing subsystem", EACCES);
+ }
+ }
+ } else if (!lp__disable_spoolss() &&
+--
+1.8.5.3
+
+
+From 580933198c1da02ad668b32f68bfeac833d97980 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Wed, 26 Mar 2014 11:34:56 +0200
+Subject: [PATCH 3/5] nmbd: use exit_daemon() to report status to systemd
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+
+(cherry picked from commit a54e94559b5ebabbb8c5c938fdf159efceff39e6)
+---
+ source3/nmbd/nmbd.c | 39 ++++++++++++++-------------------------
+ 1 file changed, 14 insertions(+), 25 deletions(-)
+
+diff --git a/source3/nmbd/nmbd.c b/source3/nmbd/nmbd.c
+index aced774..dc2d4c7 100644
+--- a/source3/nmbd/nmbd.c
++++ b/source3/nmbd/nmbd.c
+@@ -966,16 +966,12 @@ static bool open_sockets(bool isdaemon, int port)
+
+ ok = directory_create_or_exist(lp_lockdir(), geteuid(), 0755);
+ if (!ok) {
+- DEBUG(0, ("Failed to create directory %s for lock files - %s\n",
+- lp_lockdir(), strerror(errno)));
+- exit(1);
++ exit_daemon("Failed to create directory for lock files, check 'lock directory'", errno);
+ }
+
+ ok = directory_create_or_exist(lp_piddir(), geteuid(), 0755);
+ if (!ok) {
+- DEBUG(0, ("Failed to create directory %s for pid files - %s\n",
+- lp_piddir(), strerror(errno)));
+- exit(1);
++ exit_daemon("Failed to create directory for pid files, check 'pid directory'", errno);
+ }
+
+ pidfile_create(lp_piddir(), "nmbd");
+@@ -984,8 +980,7 @@ static bool open_sockets(bool isdaemon, int port)
+ false);
+
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0,("reinit_after_fork() failed\n"));
+- exit(1);
++ exit_daemon("reinit_after_fork() failed", map_errno_from_nt_status(status));
+ }
+
+ /*
+@@ -995,16 +990,15 @@ static bool open_sockets(bool isdaemon, int port)
+ */
+ status = init_before_fork();
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0, ("init_before_fork failed: %s\n", nt_errstr(status)));
+- exit(1);
++ exit_daemon(nt_errstr(status), map_errno_from_nt_status(status));
+ }
+
+ if (!nmbd_setup_sig_term_handler(msg))
+- exit(1);
++ exit_daemon("NMBD failed to setup signal handler", EINVAL);
+ if (!nmbd_setup_stdin_handler(msg, !Fork))
+- exit(1);
++ exit_daemon("NMBD failed to setup stdin handler", EINVAL);
+ if (!nmbd_setup_sig_hup_handler(msg))
+- exit(1);
++ exit_daemon("NMBD failed to setup SIGHUP handler", EINVAL);
+
+ /* get broadcast messages */
+
+@@ -1012,8 +1006,7 @@ static bool open_sockets(bool isdaemon, int port)
+ FLAG_MSG_GENERAL |
+ FLAG_MSG_NMBD |
+ FLAG_MSG_DBWRAP)) {
+- DEBUG(1, ("Could not register myself in serverid.tdb\n"));
+- exit(1);
++ exit_daemon("Could not register NMBD process in serverid.tdb", EACCES);
+ }
+
+ messaging_register(msg, NULL, MSG_FORCE_ELECTION,
+@@ -1044,9 +1037,8 @@ static bool open_sockets(bool isdaemon, int port)
+
+ /* Create an nmbd subnet record for each of the above. */
+ if( False == create_subnets() ) {
+- DEBUG(0,("ERROR: Failed when creating subnet lists. Exiting.\n"));
+ kill_async_dns_child();
+- exit(1);
++ exit_daemon("NMBD failed when creating subnet lists", EACCES);
+ }
+
+ /* Load in any static local names. */
+@@ -1058,9 +1050,8 @@ static bool open_sockets(bool isdaemon, int port)
+
+ /* If we are acting as a WINS server, initialise data structures. */
+ if( !initialise_wins() ) {
+- DEBUG( 0, ( "nmbd: Failed when initialising WINS server.\n" ) );
+ kill_async_dns_child();
+- exit(1);
++ exit_daemon( "NMBD failed when initialising WINS server.", EACCES);
+ }
+
+ /*
+@@ -1072,21 +1063,19 @@ static bool open_sockets(bool isdaemon, int port)
+ */
+
+ if( False == register_my_workgroup_and_names() ) {
+- DEBUG(0,("ERROR: Failed when creating my my workgroup. Exiting.\n"));
+ kill_async_dns_child();
+- exit(1);
++ exit_daemon( "NMBD failed when creating my workgroup.", EACCES);
+ }
+
+ if (!initialize_nmbd_proxy_logon()) {
+- DEBUG(0,("ERROR: Failed setup nmbd_proxy_logon.\n"));
+ kill_async_dns_child();
+- exit(1);
++ exit_daemon( "NMBD failed to setup nmbd_proxy_logon.", EACCES);
+ }
+
+ if (!nmbd_init_packet_server()) {
+ kill_async_dns_child();
+- exit(1);
+- }
++ exit_daemon( "NMBD failed to setup packet server.", EACCES);
++ }
+
+ if (is_daemon && !opt_interactive) {
+ daemon_ready("nmbd");
+--
+1.8.5.3
+
+
+From 1067bdd3e590d5ab880044456c667e3663d99c95 Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Wed, 26 Mar 2014 11:45:21 +0200
+Subject: [PATCH 4/5] winbindd: use exit_daemon() to pass startup status to
+ systemd
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit 91013315c9fa946bf85c85df0ccd40a803f3dc6f)
+---
+ source3/winbindd/winbindd.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
+index 61c1dbc..68ffd7e 100644
+--- a/source3/winbindd/winbindd.c
++++ b/source3/winbindd/winbindd.c
+@@ -1543,8 +1543,7 @@ int main(int argc, char **argv, char **envp)
+ winbind_event_context(),
+ false);
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0,("reinit_after_fork() failed\n"));
+- exit(1);
++ exit_daemon("Winbindd reinit_after_fork() failed", map_errno_from_nt_status(status));
+ }
+
+ /*
+@@ -1554,17 +1553,14 @@ int main(int argc, char **argv, char **envp)
+ */
+ status = init_before_fork();
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0, ("init_before_fork failed: %s\n", nt_errstr(status)));
+- exit(1);
++ exit_daemon(nt_errstr(status), map_errno_from_nt_status(status));
+ }
+
+ winbindd_register_handlers(winbind_messaging_context(), !Fork);
+
+ status = init_system_session_info();
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(1, ("ERROR: failed to setup system user info: %s.\n",
+- nt_errstr(status)));
+- exit(1);
++ exit_daemon("Winbindd failed to setup system user info", map_errno_from_nt_status(status));
+ }
+
+ rpc_lsarpc_init(NULL);
+@@ -1576,8 +1572,7 @@ int main(int argc, char **argv, char **envp)
+ /* setup listen sockets */
+
+ if (!winbindd_setup_listeners()) {
+- DEBUG(0,("winbindd_setup_listeners() failed\n"));
+- exit(1);
++ exit_daemon("Winbindd failed to setup listeners", EPIPE);
+ }
+
+ TALLOC_FREE(frame);
+--
+1.8.5.3
+
+
+From 037b9fd66e777571e2c963945e41535371b4683e Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Wed, 26 Mar 2014 12:30:30 +0200
+Subject: [PATCH 5/5] ad-dc: use exit_daemon() to communicate status of startup
+ to systemd
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=10517
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+(cherry picked from commit a343303cbcd5af303455843ebf202e2f30daf3a6)
+---
+ source4/smbd/server.c | 19 +++++++------------
+ 1 file changed, 7 insertions(+), 12 deletions(-)
+
+diff --git a/source4/smbd/server.c b/source4/smbd/server.c
+index 3a23190..d5d9d9c 100644
+--- a/source4/smbd/server.c
++++ b/source4/smbd/server.c
+@@ -398,15 +398,13 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
+
+ if (lpcfg_server_role(cmdline_lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC) {
+ if (!open_schannel_session_store(talloc_autofree_context(), cmdline_lp_ctx)) {
+- DEBUG(0,("ERROR: Samba cannot open schannel store for secured NETLOGON operations.\n"));
+- exit(1);
++ exit_daemon("Samba cannot open schannel store for secured NETLOGON operations.", EACCES);
+ }
+ }
+
+ /* make sure we won't go through nss_winbind */
+ if (!winbind_off()) {
+- DEBUG(0,("Failed to disable recusive winbindd calls. Exiting.\n"));
+- exit(1);
++ exit_daemon("Samba failed to disable recusive winbindd calls.", EACCES);
+ }
+
+ gensec_init(); /* FIXME: */
+@@ -431,8 +429,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
+ event_ctx = s4_event_context_init(talloc_autofree_context());
+
+ if (event_ctx == NULL) {
+- DEBUG(0,("Initializing event context failed\n"));
+- return 1;
++ exit_daemon("Initializing event context failed", EACCES);
+ }
+
+ if (opt_interactive) {
+@@ -449,7 +446,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
+ #endif
+
+ if (fstat(0, &st) != 0) {
+- exit(1);
++ exit_daemon("Samba failed to set standard input handler", ENOTTY);
+ }
+
+ if (S_ISFIFO(st.st_mode) || S_ISSOCK(st.st_mode)) {
+@@ -478,15 +475,14 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
+ DEBUG(0, ("At this time the 'samba' binary should only be used for either:\n"));
+ DEBUGADD(0, ("'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +smb' or the rpc proxy with 'dcerpc endpoint servers = remote'\n"));
+ DEBUGADD(0, ("You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks\n"));
+- exit(1);
++ exit_daemon("Samba detected misconfigured 'server role' and exited. Check logs for details", EINVAL);
+ };
+
+ prime_ldb_databases(event_ctx);
+
+ status = setup_parent_messaging(event_ctx, cmdline_lp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0,("Failed to setup parent messaging - %s\n", nt_errstr(status)));
+- return 1;
++ exit_daemon("Samba failed to setup parent messaging", NT_STATUS_V(status));
+ }
+
+ DEBUG(0,("%s: using '%s' process model\n", binary_name, model));
+@@ -494,8 +490,7 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
+ status = server_service_startup(event_ctx, cmdline_lp_ctx, model,
+ lpcfg_server_services(cmdline_lp_ctx));
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0,("Starting Services failed - %s\n", nt_errstr(status)));
+- return 1;
++ exit_daemon("Samba failed to start services", NT_STATUS_V(status));
+ }
+
+ if (opt_daemon) {
+--
+1.8.5.3
+
diff --git a/SOURCES/samba-4.1.7-make_pidl_lsa_struct_public.patch b/SOURCES/samba-4.1.7-make_pidl_lsa_struct_public.patch
new file mode 100644
index 0000000..ec602da
--- /dev/null
+++ b/SOURCES/samba-4.1.7-make_pidl_lsa_struct_public.patch
@@ -0,0 +1,52 @@
+From 101c93f1e54095f8e115e33a66ec1127ead207da Mon Sep 17 00:00:00 2001
+From: Alexander Bokovoy <ab@samba.org>
+Date: Tue, 18 Mar 2014 19:41:38 +0200
+Subject: [PATCH] lsa.idl: define lsa.ForestTrustCollisionInfo and
+ ForestTrustCollisionRecord as public structs
+
+For Python bindings PIDL wants the struct to be defined as public if we
+want to use __ndr_print/pack/unpack.
+
+Define the [public] attribute to ForestTrustCollisionInfo/Record to
+allow easier debugging when there is collision in establishing a trust.
+
+This change does not affect C code as NDR functions are always
+generated, only not exposed in Python bindings.
+
+https://bugzilla.samba.org/show_bug.cgi?id=10504
+
+Signed-off-by: Alexander Bokovoy <ab@samba.org>
+Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
+
+Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
+Autobuild-Date(master): Mon Mar 24 12:44:50 CET 2014 on sn-devel-104
+
+(cherry picked from commit 59767911bded48388c27d5f9cd2ff1346a1c01a6)
+---
+ librpc/idl/lsa.idl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/librpc/idl/lsa.idl b/librpc/idl/lsa.idl
+index d8f2649..80efbd5 100644
+--- a/librpc/idl/lsa.idl
++++ b/librpc/idl/lsa.idl
+@@ -1328,14 +1328,14 @@ import "misc.idl", "security.idl";
+ [default] uint32 flags;
+ } lsa_ForestTrustCollisionFlags;
+
+- typedef struct {
++ typedef [public] struct {
+ uint32 index;
+ lsa_ForestTrustCollisionRecordType type;
+ [switch_is(type)] lsa_ForestTrustCollisionFlags flags;
+ lsa_String name;
+ } lsa_ForestTrustCollisionRecord;
+
+- typedef struct {
++ typedef [public] struct {
+ uint32 count;
+ [size_is(count)] lsa_ForestTrustCollisionRecord **entries;
+ } lsa_ForestTrustCollisionInfo;
+--
+1.8.5.3
+
diff --git a/SOURCES/samba-4.1.x-CVE-2013-4496.patch b/SOURCES/samba-4.1.x-CVE-2013-4496.patch
new file mode 100644
index 0000000..7529025
--- /dev/null
+++ b/SOURCES/samba-4.1.x-CVE-2013-4496.patch
@@ -0,0 +1,1118 @@
+From c129261c506c6b941630fd7f4bc72820eb272761 Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Fri, 1 Nov 2013 14:55:44 +1300
+Subject: [PATCH 1/4] CVE-2013-4496:s3-samr: Block attempts to crack passwords
+ via repeated password changes
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/rpc_server/samr/srv_samr_chgpasswd.c | 55 ++++++++++++++++
+ source3/rpc_server/samr/srv_samr_nt.c | 90 +++++++++++++++++++++-----
+ 2 files changed, 129 insertions(+), 16 deletions(-)
+
+diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
+index db1f459..1c9c33a 100644
+--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
++++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
+@@ -1106,6 +1106,8 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
+ struct samu *sampass = NULL;
+ NTSTATUS nt_status;
+ bool ret = false;
++ bool updated_badpw = false;
++ NTSTATUS update_login_attempts_status;
+
+ if (!(sampass = samu_new(NULL))) {
+ return NT_STATUS_NO_MEMORY;
+@@ -1121,6 +1123,13 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
++ /* Quit if the account was locked out. */
++ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
++ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", user));
++ TALLOC_FREE(sampass);
++ return NT_STATUS_ACCOUNT_LOCKED_OUT;
++ }
++
+ nt_status = check_oem_password(user,
+ password_encrypted_with_lm_hash,
+ old_lm_hash_encrypted,
+@@ -1129,6 +1138,52 @@ NTSTATUS pass_oem_change(char *user, const char *rhost,
+ sampass,
+ &new_passwd);
+
++ /*
++ * Notify passdb backend of login success/failure. If not
++ * NT_STATUS_OK the backend doesn't like the login
++ */
++ update_login_attempts_status = pdb_update_login_attempts(sampass,
++ NT_STATUS_IS_OK(nt_status));
++
++ if (!NT_STATUS_IS_OK(nt_status)) {
++ bool increment_bad_pw_count = false;
++
++ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) &&
++ (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
++ NT_STATUS_IS_OK(update_login_attempts_status))
++ {
++ increment_bad_pw_count = true;
++ }
++
++ if (increment_bad_pw_count) {
++ pdb_increment_bad_password_count(sampass);
++ updated_badpw = true;
++ } else {
++ pdb_update_bad_password_count(sampass,
++ &updated_badpw);
++ }
++ } else {
++
++ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
++ (pdb_get_bad_password_count(sampass) > 0)){
++ pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
++ pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
++ updated_badpw = true;
++ }
++ }
++
++ if (updated_badpw) {
++ NTSTATUS update_status;
++ become_root();
++ update_status = pdb_update_sam_account(sampass);
++ unbecome_root();
++
++ if (!NT_STATUS_IS_OK(update_status)) {
++ DEBUG(1, ("Failed to modify entry: %s\n",
++ nt_errstr(update_status)));
++ }
++ }
++
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ TALLOC_FREE(sampass);
+ return nt_status;
+diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
+index b366eda..98e8bea 100644
+--- a/source3/rpc_server/samr/srv_samr_nt.c
++++ b/source3/rpc_server/samr/srv_samr_nt.c
+@@ -1722,9 +1722,11 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ NTSTATUS status;
+ bool ret = false;
+ struct samr_user_info *uinfo;
+- struct samu *pwd;
++ struct samu *pwd = NULL;
+ struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
+ struct samr_Password lm_pwd, nt_pwd;
++ bool updated_badpw = false;
++ NTSTATUS update_login_attempts_status;
+
+ uinfo = policy_handle_find(p, r->in.user_handle,
+ SAMR_USER_ACCESS_SET_PASSWORD, NULL,
+@@ -1736,6 +1738,15 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",
+ sid_string_dbg(&uinfo->sid)));
+
++ /* basic sanity checking on parameters. Do this before any database ops */
++ if (!r->in.lm_present || !r->in.nt_present ||
++ !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
++ !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
++ /* we should really handle a change with lm not
++ present */
++ return NT_STATUS_INVALID_PARAMETER_MIX;
++ }
++
+ if (!(pwd = samu_new(NULL))) {
+ return NT_STATUS_NO_MEMORY;
+ }
+@@ -1749,6 +1760,14 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ return NT_STATUS_WRONG_PASSWORD;
+ }
+
++ /* Quit if the account was locked out. */
++ if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {
++ DEBUG(3, ("Account for user %s was locked out.\n",
++ pdb_get_username(pwd)));
++ status = NT_STATUS_ACCOUNT_LOCKED_OUT;
++ goto out;
++ }
++
+ {
+ const uint8_t *lm_pass, *nt_pass;
+
+@@ -1757,29 +1776,19 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+
+ if (!lm_pass || !nt_pass) {
+ status = NT_STATUS_WRONG_PASSWORD;
+- goto out;
++ goto update_login;
+ }
+
+ memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));
+ memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));
+ }
+
+- /* basic sanity checking on parameters. Do this before any database ops */
+- if (!r->in.lm_present || !r->in.nt_present ||
+- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
+- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
+- /* we should really handle a change with lm not
+- present */
+- status = NT_STATUS_INVALID_PARAMETER_MIX;
+- goto out;
+- }
+-
+ /* decrypt and check the new lm hash */
+ D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
+ D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
+ if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {
+ status = NT_STATUS_WRONG_PASSWORD;
+- goto out;
++ goto update_login;
+ }
+
+ /* decrypt and check the new nt hash */
+@@ -1787,7 +1796,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
+ if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {
+ status = NT_STATUS_WRONG_PASSWORD;
+- goto out;
++ goto update_login;
+ }
+
+ /* The NT Cross is not required by Win2k3 R2, but if present
+@@ -1796,7 +1805,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);
+ if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
+ status = NT_STATUS_WRONG_PASSWORD;
+- goto out;
++ goto update_login;
+ }
+ }
+
+@@ -1806,7 +1815,7 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);
+ if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
+ status = NT_STATUS_WRONG_PASSWORD;
+- goto out;
++ goto update_login;
+ }
+ }
+
+@@ -1817,6 +1826,55 @@ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ }
+
+ status = pdb_update_sam_account(pwd);
++
++update_login:
++
++ /*
++ * Notify passdb backend of login success/failure. If not
++ * NT_STATUS_OK the backend doesn't like the login
++ */
++ update_login_attempts_status = pdb_update_login_attempts(pwd,
++ NT_STATUS_IS_OK(status));
++
++ if (!NT_STATUS_IS_OK(status)) {
++ bool increment_bad_pw_count = false;
++
++ if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&
++ (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
++ NT_STATUS_IS_OK(update_login_attempts_status))
++ {
++ increment_bad_pw_count = true;
++ }
++
++ if (increment_bad_pw_count) {
++ pdb_increment_bad_password_count(pwd);
++ updated_badpw = true;
++ } else {
++ pdb_update_bad_password_count(pwd,
++ &updated_badpw);
++ }
++ } else {
++
++ if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
++ (pdb_get_bad_password_count(pwd) > 0)){
++ pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);
++ pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);
++ updated_badpw = true;
++ }
++ }
++
++ if (updated_badpw) {
++ NTSTATUS update_status;
++ become_root();
++ update_status = pdb_update_sam_account(pwd);
++ unbecome_root();
++
++ if (!NT_STATUS_IS_OK(update_status)) {
++ DEBUG(1, ("Failed to modify entry: %s\n",
++ nt_errstr(update_status)));
++ }
++ }
++
+ out:
+ TALLOC_FREE(pwd);
+
+--
+1.7.9.5
+
+
+From fab5ee090e2e4765441b82e17a6cbb98523f6943 Mon Sep 17 00:00:00 2001
+From: Stefan Metzmacher <metze@samba.org>
+Date: Tue, 5 Nov 2013 14:04:20 +0100
+Subject: [PATCH 2/4] CVE-2013-4496:s3:auth: fix memory leak in the
+ ACCOUNT_LOCKED_OUT case.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
+
+Signed-off-by: Stefan Metzmacher <metze@samba.org>
+Reviewed-by: Jeremy Allison <jra@samba.org>
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+---
+ source3/auth/check_samsec.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
+index 7ed8cc2..94f30b1 100644
+--- a/source3/auth/check_samsec.c
++++ b/source3/auth/check_samsec.c
+@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
+ /* Quit if the account was locked out. */
+ if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
+ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
++ TALLOC_FREE(sampass);
+ return NT_STATUS_ACCOUNT_LOCKED_OUT;
+ }
+
+--
+1.7.9.5
+
+
+From bf3443c12f2a67481eb2e45ca41b906c438d06da Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Tue, 5 Nov 2013 16:16:46 +1300
+Subject: [PATCH 3/4] CVE-2013-4496:samr: Remove ChangePasswordUser
+
+This old password change mechanism does not provide the plaintext to
+validate against password complexity, and it is not used by modern
+clients.
+
+The missing features in both implementations (by design) were:
+
+ - the password complexity checks (no plaintext)
+ - the minimum password length (no plaintext)
+
+Additionally, the source3 version did not check:
+
+ - the minimum password age
+ - pdb_get_pass_can_change() which checks the security
+ descriptor for the 'user cannot change password' setting.
+ - the password history
+ - the output of the 'passwd program' if 'unix passwd sync = yes'.
+
+Finally, the mechanism was almost useless, as it was incorrectly
+only made available to administrative users with permission
+to reset the password. It is removed here so that it is not
+mistakenly reinstated in the future.
+
+Andrew Bartlett
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/rpc_server/samr/srv_samr_nt.c | 169 +-------------------
+ source3/smbd/lanman.c | 254 -------------------------------
+ source4/rpc_server/samr/samr_password.c | 145 +-----------------
+ source4/torture/rpc/samr.c | 6 +
+ 4 files changed, 20 insertions(+), 554 deletions(-)
+
+diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
+index 98e8bea..99f03ec 100644
+--- a/source3/rpc_server/samr/srv_samr_nt.c
++++ b/source3/rpc_server/samr/srv_samr_nt.c
+@@ -1713,172 +1713,19 @@ NTSTATUS _samr_LookupNames(struct pipes_struct *p,
+ }
+
+ /****************************************************************
+- _samr_ChangePasswordUser
++ _samr_ChangePasswordUser.
++
++ So old it is just not worth implementing
++ because it does not supply a plaintext and so we can't do password
++ complexity checking and cannot update other services that use a
++ plaintext password via passwd chat/pam password change/ldap password
++ sync.
+ ****************************************************************/
+
+ NTSTATUS _samr_ChangePasswordUser(struct pipes_struct *p,
+ struct samr_ChangePasswordUser *r)
+ {
+- NTSTATUS status;
+- bool ret = false;
+- struct samr_user_info *uinfo;
+- struct samu *pwd = NULL;
+- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
+- struct samr_Password lm_pwd, nt_pwd;
+- bool updated_badpw = false;
+- NTSTATUS update_login_attempts_status;
+-
+- uinfo = policy_handle_find(p, r->in.user_handle,
+- SAMR_USER_ACCESS_SET_PASSWORD, NULL,
+- struct samr_user_info, &status);
+- if (!NT_STATUS_IS_OK(status)) {
+- return status;
+- }
+-
+- DEBUG(5,("_samr_ChangePasswordUser: sid:%s\n",
+- sid_string_dbg(&uinfo->sid)));
+-
+- /* basic sanity checking on parameters. Do this before any database ops */
+- if (!r->in.lm_present || !r->in.nt_present ||
+- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
+- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
+- /* we should really handle a change with lm not
+- present */
+- return NT_STATUS_INVALID_PARAMETER_MIX;
+- }
+-
+- if (!(pwd = samu_new(NULL))) {
+- return NT_STATUS_NO_MEMORY;
+- }
+-
+- become_root();
+- ret = pdb_getsampwsid(pwd, &uinfo->sid);
+- unbecome_root();
+-
+- if (!ret) {
+- TALLOC_FREE(pwd);
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+-
+- /* Quit if the account was locked out. */
+- if (pdb_get_acct_ctrl(pwd) & ACB_AUTOLOCK) {
+- DEBUG(3, ("Account for user %s was locked out.\n",
+- pdb_get_username(pwd)));
+- status = NT_STATUS_ACCOUNT_LOCKED_OUT;
+- goto out;
+- }
+-
+- {
+- const uint8_t *lm_pass, *nt_pass;
+-
+- lm_pass = pdb_get_lanman_passwd(pwd);
+- nt_pass = pdb_get_nt_passwd(pwd);
+-
+- if (!lm_pass || !nt_pass) {
+- status = NT_STATUS_WRONG_PASSWORD;
+- goto update_login;
+- }
+-
+- memcpy(&lm_pwd.hash, lm_pass, sizeof(lm_pwd.hash));
+- memcpy(&nt_pwd.hash, nt_pass, sizeof(nt_pwd.hash));
+- }
+-
+- /* decrypt and check the new lm hash */
+- D_P16(lm_pwd.hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
+- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
+- if (memcmp(checkHash.hash, lm_pwd.hash, 16) != 0) {
+- status = NT_STATUS_WRONG_PASSWORD;
+- goto update_login;
+- }
+-
+- /* decrypt and check the new nt hash */
+- D_P16(nt_pwd.hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash);
+- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
+- if (memcmp(checkHash.hash, nt_pwd.hash, 16) != 0) {
+- status = NT_STATUS_WRONG_PASSWORD;
+- goto update_login;
+- }
+-
+- /* The NT Cross is not required by Win2k3 R2, but if present
+- check the nt cross hash */
+- if (r->in.cross1_present && r->in.nt_cross) {
+- D_P16(lm_pwd.hash, r->in.nt_cross->hash, checkHash.hash);
+- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
+- status = NT_STATUS_WRONG_PASSWORD;
+- goto update_login;
+- }
+- }
+-
+- /* The LM Cross is not required by Win2k3 R2, but if present
+- check the lm cross hash */
+- if (r->in.cross2_present && r->in.lm_cross) {
+- D_P16(nt_pwd.hash, r->in.lm_cross->hash, checkHash.hash);
+- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
+- status = NT_STATUS_WRONG_PASSWORD;
+- goto update_login;
+- }
+- }
+-
+- if (!pdb_set_nt_passwd(pwd, new_ntPwdHash.hash, PDB_CHANGED) ||
+- !pdb_set_lanman_passwd(pwd, new_lmPwdHash.hash, PDB_CHANGED)) {
+- status = NT_STATUS_ACCESS_DENIED;
+- goto out;
+- }
+-
+- status = pdb_update_sam_account(pwd);
+-
+-update_login:
+-
+- /*
+- * Notify passdb backend of login success/failure. If not
+- * NT_STATUS_OK the backend doesn't like the login
+- */
+- update_login_attempts_status = pdb_update_login_attempts(pwd,
+- NT_STATUS_IS_OK(status));
+-
+- if (!NT_STATUS_IS_OK(status)) {
+- bool increment_bad_pw_count = false;
+-
+- if (NT_STATUS_EQUAL(status,NT_STATUS_WRONG_PASSWORD) &&
+- (pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
+- NT_STATUS_IS_OK(update_login_attempts_status))
+- {
+- increment_bad_pw_count = true;
+- }
+-
+- if (increment_bad_pw_count) {
+- pdb_increment_bad_password_count(pwd);
+- updated_badpw = true;
+- } else {
+- pdb_update_bad_password_count(pwd,
+- &updated_badpw);
+- }
+- } else {
+-
+- if ((pdb_get_acct_ctrl(pwd) & ACB_NORMAL) &&
+- (pdb_get_bad_password_count(pwd) > 0)){
+- pdb_set_bad_password_count(pwd, 0, PDB_CHANGED);
+- pdb_set_bad_password_time(pwd, 0, PDB_CHANGED);
+- updated_badpw = true;
+- }
+- }
+-
+- if (updated_badpw) {
+- NTSTATUS update_status;
+- become_root();
+- update_status = pdb_update_sam_account(pwd);
+- unbecome_root();
+-
+- if (!NT_STATUS_IS_OK(update_status)) {
+- DEBUG(1, ("Failed to modify entry: %s\n",
+- nt_errstr(update_status)));
+- }
+- }
+-
+- out:
+- TALLOC_FREE(pwd);
+-
+- return status;
++ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ /*******************************************************************
+diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
+index e6b9530..1b734a7 100644
+--- a/source3/smbd/lanman.c
++++ b/source3/smbd/lanman.c
+@@ -2948,259 +2948,6 @@ static bool api_NetRemoteTOD(struct smbd_server_connection *sconn,
+ }
+
+ /****************************************************************************
+- Set the user password.
+-*****************************************************************************/
+-
+-static bool api_SetUserPassword(struct smbd_server_connection *sconn,
+- connection_struct *conn,uint64_t vuid,
+- char *param, int tpscnt,
+- char *data, int tdscnt,
+- int mdrcnt,int mprcnt,
+- char **rdata,char **rparam,
+- int *rdata_len,int *rparam_len)
+-{
+- char *np = get_safe_str_ptr(param,tpscnt,param,2);
+- char *p = NULL;
+- fstring user;
+- fstring pass1,pass2;
+- TALLOC_CTX *mem_ctx = talloc_tos();
+- NTSTATUS status, result;
+- struct rpc_pipe_client *cli = NULL;
+- struct policy_handle connect_handle, domain_handle, user_handle;
+- struct lsa_String domain_name;
+- struct dom_sid2 *domain_sid;
+- struct lsa_String names;
+- struct samr_Ids rids;
+- struct samr_Ids types;
+- struct samr_Password old_lm_hash;
+- struct samr_Password new_lm_hash;
+- int errcode = NERR_badpass;
+- uint32_t rid;
+- int encrypted;
+- int min_pwd_length;
+- struct dcerpc_binding_handle *b = NULL;
+-
+- /* Skip 2 strings. */
+- p = skip_string(param,tpscnt,np);
+- p = skip_string(param,tpscnt,p);
+-
+- if (!np || !p) {
+- return False;
+- }
+-
+- /* Do we have a string ? */
+- if (skip_string(param,tpscnt,p) == NULL) {
+- return False;
+- }
+- pull_ascii_fstring(user,p);
+-
+- p = skip_string(param,tpscnt,p);
+- if (!p) {
+- return False;
+- }
+-
+- memset(pass1,'\0',sizeof(pass1));
+- memset(pass2,'\0',sizeof(pass2));
+- /*
+- * We use 31 here not 32 as we're checking
+- * the last byte we want to access is safe.
+- */
+- if (!is_offset_safe(param,tpscnt,p,31)) {
+- return False;
+- }
+- memcpy(pass1,p,16);
+- memcpy(pass2,p+16,16);
+-
+- encrypted = get_safe_SVAL(param,tpscnt,p+32,0,-1);
+- if (encrypted == -1) {
+- errcode = W_ERROR_V(WERR_INVALID_PARAM);
+- goto out;
+- }
+-
+- min_pwd_length = get_safe_SVAL(param,tpscnt,p+34,0,-1);
+- if (min_pwd_length == -1) {
+- errcode = W_ERROR_V(WERR_INVALID_PARAM);
+- goto out;
+- }
+-
+- *rparam_len = 4;
+- *rparam = smb_realloc_limit(*rparam,*rparam_len);
+- if (!*rparam) {
+- return False;
+- }
+-
+- *rdata_len = 0;
+-
+- DEBUG(3,("Set password for <%s> (encrypted: %d, min_pwd_length: %d)\n",
+- user, encrypted, min_pwd_length));
+-
+- ZERO_STRUCT(connect_handle);
+- ZERO_STRUCT(domain_handle);
+- ZERO_STRUCT(user_handle);
+-
+- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr.syntax_id,
+- conn->session_info,
+- conn->sconn->remote_address,
+- conn->sconn->msg_ctx,
+- &cli);
+- if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(0,("api_SetUserPassword: could not connect to samr: %s\n",
+- nt_errstr(status)));
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+-
+- b = cli->binding_handle;
+-
+- status = dcerpc_samr_Connect2(b, mem_ctx,
+- lp_netbios_name(),
+- SAMR_ACCESS_CONNECT_TO_SERVER |
+- SAMR_ACCESS_ENUM_DOMAINS |
+- SAMR_ACCESS_LOOKUP_DOMAIN,
+- &connect_handle,
+- &result);
+- if (!NT_STATUS_IS_OK(status)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+- if (!NT_STATUS_IS_OK(result)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(result));
+- goto out;
+- }
+-
+- init_lsa_String(&domain_name, get_global_sam_name());
+-
+- status = dcerpc_samr_LookupDomain(b, mem_ctx,
+- &connect_handle,
+- &domain_name,
+- &domain_sid,
+- &result);
+- if (!NT_STATUS_IS_OK(status)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+- if (!NT_STATUS_IS_OK(result)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(result));
+- goto out;
+- }
+-
+- status = dcerpc_samr_OpenDomain(b, mem_ctx,
+- &connect_handle,
+- SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT,
+- domain_sid,
+- &domain_handle,
+- &result);
+- if (!NT_STATUS_IS_OK(status)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+- if (!NT_STATUS_IS_OK(result)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(result));
+- goto out;
+- }
+-
+- init_lsa_String(&names, user);
+-
+- status = dcerpc_samr_LookupNames(b, mem_ctx,
+- &domain_handle,
+- 1,
+- &names,
+- &rids,
+- &types,
+- &result);
+- if (!NT_STATUS_IS_OK(status)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+- if (!NT_STATUS_IS_OK(result)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(result));
+- goto out;
+- }
+-
+- if (rids.count != 1) {
+- errcode = W_ERROR_V(WERR_NO_SUCH_USER);
+- goto out;
+- }
+- if (rids.count != types.count) {
+- errcode = W_ERROR_V(WERR_INVALID_PARAM);
+- goto out;
+- }
+- if (types.ids[0] != SID_NAME_USER) {
+- errcode = W_ERROR_V(WERR_INVALID_PARAM);
+- goto out;
+- }
+-
+- rid = rids.ids[0];
+-
+- status = dcerpc_samr_OpenUser(b, mem_ctx,
+- &domain_handle,
+- SAMR_USER_ACCESS_CHANGE_PASSWORD,
+- rid,
+- &user_handle,
+- &result);
+- if (!NT_STATUS_IS_OK(status)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+- if (!NT_STATUS_IS_OK(result)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(result));
+- goto out;
+- }
+-
+- if (encrypted == 0) {
+- E_deshash(pass1, old_lm_hash.hash);
+- E_deshash(pass2, new_lm_hash.hash);
+- } else {
+- ZERO_STRUCT(old_lm_hash);
+- ZERO_STRUCT(new_lm_hash);
+- memcpy(old_lm_hash.hash, pass1, MIN(strlen(pass1), 16));
+- memcpy(new_lm_hash.hash, pass2, MIN(strlen(pass2), 16));
+- }
+-
+- status = dcerpc_samr_ChangePasswordUser(b, mem_ctx,
+- &user_handle,
+- true, /* lm_present */
+- &old_lm_hash,
+- &new_lm_hash,
+- false, /* nt_present */
+- NULL, /* old_nt_crypted */
+- NULL, /* new_nt_crypted */
+- false, /* cross1_present */
+- NULL, /* nt_cross */
+- false, /* cross2_present */
+- NULL, /* lm_cross */
+- &result);
+- if (!NT_STATUS_IS_OK(status)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(status));
+- goto out;
+- }
+- if (!NT_STATUS_IS_OK(result)) {
+- errcode = W_ERROR_V(ntstatus_to_werror(result));
+- goto out;
+- }
+-
+- errcode = NERR_Success;
+- out:
+-
+- if (b && is_valid_policy_hnd(&user_handle)) {
+- dcerpc_samr_Close(b, mem_ctx, &user_handle, &result);
+- }
+- if (b && is_valid_policy_hnd(&domain_handle)) {
+- dcerpc_samr_Close(b, mem_ctx, &domain_handle, &result);
+- }
+- if (b && is_valid_policy_hnd(&connect_handle)) {
+- dcerpc_samr_Close(b, mem_ctx, &connect_handle, &result);
+- }
+-
+- memset((char *)pass1,'\0',sizeof(fstring));
+- memset((char *)pass2,'\0',sizeof(fstring));
+-
+- SSVAL(*rparam,0,errcode);
+- SSVAL(*rparam,2,0); /* converter word */
+- return(True);
+-}
+-
+-/****************************************************************************
+ Set the user password (SamOEM version - gets plaintext).
+ ****************************************************************************/
+
+@@ -5797,7 +5544,6 @@ static const struct {
+ {"NetServerEnum2", RAP_NetServerEnum2, api_RNetServerEnum2}, /* anon OK */
+ {"NetServerEnum3", RAP_NetServerEnum3, api_RNetServerEnum3}, /* anon OK */
+ {"WAccessGetUserPerms",RAP_WAccessGetUserPerms,api_WAccessGetUserPerms},
+- {"SetUserPassword", RAP_WUserPasswordSet2, api_SetUserPassword},
+ {"WWkstaUserLogon", RAP_WWkstaUserLogon, api_WWkstaUserLogon},
+ {"PrintJobInfo", RAP_WPrintJobSetInfo, api_PrintJobInfo},
+ {"WPrintDriverEnum", RAP_WPrintDriverEnum, api_WPrintDriverEnum},
+diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
+index 2d9c48a..9d6c921 100644
+--- a/source4/rpc_server/samr/samr_password.c
++++ b/source4/rpc_server/samr/samr_password.c
+@@ -33,150 +33,17 @@
+
+ /*
+ samr_ChangePasswordUser
++
++ So old it is just not worth implementing
++ because it does not supply a plaintext and so we can't do password
++ complexity checking and cannot update all the other password hashes.
++
+ */
+ NTSTATUS dcesrv_samr_ChangePasswordUser(struct dcesrv_call_state *dce_call,
+ TALLOC_CTX *mem_ctx,
+ struct samr_ChangePasswordUser *r)
+ {
+- struct dcesrv_handle *h;
+- struct samr_account_state *a_state;
+- struct ldb_context *sam_ctx;
+- struct ldb_message **res;
+- int ret;
+- struct samr_Password new_lmPwdHash, new_ntPwdHash, checkHash;
+- struct samr_Password *lm_pwd, *nt_pwd;
+- NTSTATUS status = NT_STATUS_OK;
+- const char * const attrs[] = { "dBCSPwd", "unicodePwd" , NULL };
+-
+- DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER);
+-
+- a_state = h->data;
+-
+- /* basic sanity checking on parameters. Do this before any database ops */
+- if (!r->in.lm_present || !r->in.nt_present ||
+- !r->in.old_lm_crypted || !r->in.new_lm_crypted ||
+- !r->in.old_nt_crypted || !r->in.new_nt_crypted) {
+- /* we should really handle a change with lm not
+- present */
+- return NT_STATUS_INVALID_PARAMETER_MIX;
+- }
+-
+- /* Connect to a SAMDB with system privileges for fetching the old pw
+- * hashes. */
+- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
+- dce_call->conn->dce_ctx->lp_ctx,
+- system_session(dce_call->conn->dce_ctx->lp_ctx), 0);
+- if (sam_ctx == NULL) {
+- return NT_STATUS_INVALID_SYSTEM_SERVICE;
+- }
+-
+- /* fetch the old hashes */
+- ret = gendb_search_dn(sam_ctx, mem_ctx,
+- a_state->account_dn, &res, attrs);
+- if (ret != 1) {
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+-
+- status = samdb_result_passwords(mem_ctx,
+- dce_call->conn->dce_ctx->lp_ctx,
+- res[0], &lm_pwd, &nt_pwd);
+- if (!NT_STATUS_IS_OK(status) || !nt_pwd) {
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+-
+- /* decrypt and check the new lm hash */
+- if (lm_pwd) {
+- D_P16(lm_pwd->hash, r->in.new_lm_crypted->hash, new_lmPwdHash.hash);
+- D_P16(new_lmPwdHash.hash, r->in.old_lm_crypted->hash, checkHash.hash);
+- }
+-
+- /* decrypt and check the new nt hash */
+- D_P16(nt_pwd->hash, r->in.new_nt_crypted->hash, new_ntPwdHash.hash);
+- D_P16(new_ntPwdHash.hash, r->in.old_nt_crypted->hash, checkHash.hash);
+-
+- /* The NT Cross is not required by Win2k3 R2, but if present
+- check the nt cross hash */
+- if (r->in.cross1_present && r->in.nt_cross && lm_pwd) {
+- D_P16(lm_pwd->hash, r->in.nt_cross->hash, checkHash.hash);
+- }
+-
+- /* The LM Cross is not required by Win2k3 R2, but if present
+- check the lm cross hash */
+- if (r->in.cross2_present && r->in.lm_cross && lm_pwd) {
+- D_P16(nt_pwd->hash, r->in.lm_cross->hash, checkHash.hash);
+- }
+-
+- /* Start a SAM with user privileges for the password change */
+- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
+- dce_call->conn->dce_ctx->lp_ctx,
+- dce_call->conn->auth_state.session_info, 0);
+- if (sam_ctx == NULL) {
+- return NT_STATUS_INVALID_SYSTEM_SERVICE;
+- }
+-
+- /* Start transaction */
+- ret = ldb_transaction_start(sam_ctx);
+- if (ret != LDB_SUCCESS) {
+- DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(sam_ctx)));
+- return NT_STATUS_TRANSACTION_ABORTED;
+- }
+-
+- /* Performs the password modification. We pass the old hashes read out
+- * from the database since they were already checked against the user-
+- * provided ones. */
+- status = samdb_set_password(sam_ctx, mem_ctx,
+- a_state->account_dn,
+- a_state->domain_state->domain_dn,
+- NULL, &new_lmPwdHash, &new_ntPwdHash,
+- lm_pwd, nt_pwd, /* this is a user password change */
+- NULL,
+- NULL);
+- if (!NT_STATUS_IS_OK(status)) {
+- ldb_transaction_cancel(sam_ctx);
+- return status;
+- }
+-
+- /* decrypt and check the new lm hash */
+- if (lm_pwd) {
+- if (memcmp(checkHash.hash, lm_pwd, 16) != 0) {
+- ldb_transaction_cancel(sam_ctx);
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+- }
+-
+- if (memcmp(checkHash.hash, nt_pwd, 16) != 0) {
+- ldb_transaction_cancel(sam_ctx);
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+-
+- /* The NT Cross is not required by Win2k3 R2, but if present
+- check the nt cross hash */
+- if (r->in.cross1_present && r->in.nt_cross && lm_pwd) {
+- if (memcmp(checkHash.hash, new_ntPwdHash.hash, 16) != 0) {
+- ldb_transaction_cancel(sam_ctx);
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+- }
+-
+- /* The LM Cross is not required by Win2k3 R2, but if present
+- check the lm cross hash */
+- if (r->in.cross2_present && r->in.lm_cross && lm_pwd) {
+- if (memcmp(checkHash.hash, new_lmPwdHash.hash, 16) != 0) {
+- ldb_transaction_cancel(sam_ctx);
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+- }
+-
+- /* And this confirms it in a transaction commit */
+- ret = ldb_transaction_commit(sam_ctx);
+- if (ret != LDB_SUCCESS) {
+- DEBUG(1,("Failed to commit transaction to change password on %s: %s\n",
+- ldb_dn_get_linearized(a_state->account_dn),
+- ldb_errstring(sam_ctx)));
+- return NT_STATUS_TRANSACTION_ABORTED;
+- }
+-
+- return NT_STATUS_OK;
++ return NT_STATUS_NOT_IMPLEMENTED;
+ }
+
+ /*
+diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
+index a0a5f1a..cdfa2b8 100644
+--- a/source4/torture/rpc/samr.c
++++ b/source4/torture/rpc/samr.c
+@@ -1759,6 +1759,12 @@ static bool test_ChangePasswordUser(struct dcerpc_binding_handle *b,
+ torture_comment(tctx, "(%s:%s) old_password[%s] new_password[%s] status[%s]\n",
+ __location__, __FUNCTION__,
+ oldpass, newpass, nt_errstr(r.out.result));
++
++ /* Do not proceed if this call has been removed */
++ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NOT_IMPLEMENTED)) {
++ return true;
++ }
++
+ if (!NT_STATUS_EQUAL(r.out.result, NT_STATUS_PASSWORD_RESTRICTION)) {
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_WRONG_PASSWORD,
+ "ChangePasswordUser failed: expected NT_STATUS_WRONG_PASSWORD because we broke the LM hash");
+--
+1.7.9.5
+
+
+From b0281ad59d3ba8b32787ce112fb4a83d935c60d1 Mon Sep 17 00:00:00 2001
+From: Andrew Bartlett <abartlet@samba.org>
+Date: Thu, 28 Nov 2013 06:50:01 +1300
+Subject: [PATCH 4/4] CVE-2013-4496:Revert remainder of
+ ce895609b04380bfc41e4f8fddc84bd2f9324340
+
+Part of this was removed when ChangePasswordUser was unimplemented,
+but remove the remainder of this flawed commit. Fully check the
+password first, as extract_pw_from_buffer() already does a partial
+check of the password because it needs a correct old password to
+correctly decrypt the length.
+
+Andrew Bartlett
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245
+
+Signed-off-by: Andrew Bartlett <abartlet@samba.org>
+Reviewed-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source4/rpc_server/samr/samr_password.c | 69 ++++++++++++++++---------------
+ 1 file changed, 35 insertions(+), 34 deletions(-)
+
+diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
+index 9d6c921..685a8e7 100644
+--- a/source4/rpc_server/samr/samr_password.c
++++ b/source4/rpc_server/samr/samr_password.c
+@@ -142,6 +142,9 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
+
+ E_deshash(new_pass, new_lm_hash);
+ E_old_pw_hash(new_lm_hash, lm_pwd->hash, lm_verifier.hash);
++ if (memcmp(lm_verifier.hash, r->in.hash->hash, 16) != 0) {
++ return NT_STATUS_WRONG_PASSWORD;
++ }
+
+ /* Connect to a SAMDB with user privileges for the password change */
+ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
+@@ -173,11 +176,6 @@ NTSTATUS dcesrv_samr_OemChangePasswordUser2(struct dcesrv_call_state *dce_call,
+ return status;
+ }
+
+- if (memcmp(lm_verifier.hash, r->in.hash->hash, 16) != 0) {
+- ldb_transaction_cancel(sam_ctx);
+- return NT_STATUS_WRONG_PASSWORD;
+- }
+-
+ /* And this confirms it in a transaction commit */
+ ret = ldb_transaction_commit(sam_ctx);
+ if (ret != LDB_SUCCESS) {
+@@ -267,33 +265,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
+ goto failed;
+ }
+
+- /* Connect to a SAMDB with user privileges for the password change */
+- sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
+- dce_call->conn->dce_ctx->lp_ctx,
+- dce_call->conn->auth_state.session_info, 0);
+- if (sam_ctx == NULL) {
+- return NT_STATUS_INVALID_SYSTEM_SERVICE;
+- }
+-
+- ret = ldb_transaction_start(sam_ctx);
+- if (ret != LDB_SUCCESS) {
+- DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(sam_ctx)));
+- return NT_STATUS_TRANSACTION_ABORTED;
+- }
+-
+- /* Performs the password modification. We pass the old hashes read out
+- * from the database since they were already checked against the user-
+- * provided ones. */
+- status = samdb_set_password(sam_ctx, mem_ctx,
+- user_dn, NULL,
+- &new_password,
+- NULL, NULL,
+- lm_pwd, nt_pwd, /* this is a user password change */
+- &reason,
+- &dominfo);
+-
+- if (!NT_STATUS_IS_OK(status)) {
+- ldb_transaction_cancel(sam_ctx);
++ if (r->in.nt_verifier == NULL) {
++ status = NT_STATUS_WRONG_PASSWORD;
+ goto failed;
+ }
+
+@@ -302,7 +275,6 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
+
+ E_old_pw_hash(new_nt_hash, nt_pwd->hash, nt_verifier.hash);
+ if (memcmp(nt_verifier.hash, r->in.nt_verifier->hash, 16) != 0) {
+- ldb_transaction_cancel(sam_ctx);
+ status = NT_STATUS_WRONG_PASSWORD;
+ goto failed;
+ }
+@@ -322,13 +294,42 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
+ E_deshash(new_pass, new_lm_hash);
+ E_old_pw_hash(new_nt_hash, lm_pwd->hash, lm_verifier.hash);
+ if (memcmp(lm_verifier.hash, r->in.lm_verifier->hash, 16) != 0) {
+- ldb_transaction_cancel(sam_ctx);
+ status = NT_STATUS_WRONG_PASSWORD;
+ goto failed;
+ }
+ }
+ }
+
++ /* Connect to a SAMDB with user privileges for the password change */
++ sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx,
++ dce_call->conn->dce_ctx->lp_ctx,
++ dce_call->conn->auth_state.session_info, 0);
++ if (sam_ctx == NULL) {
++ return NT_STATUS_INVALID_SYSTEM_SERVICE;
++ }
++
++ ret = ldb_transaction_start(sam_ctx);
++ if (ret != LDB_SUCCESS) {
++ DEBUG(1, ("Failed to start transaction: %s\n", ldb_errstring(sam_ctx)));
++ return NT_STATUS_TRANSACTION_ABORTED;
++ }
++
++ /* Performs the password modification. We pass the old hashes read out
++ * from the database since they were already checked against the user-
++ * provided ones. */
++ status = samdb_set_password(sam_ctx, mem_ctx,
++ user_dn, NULL,
++ &new_password,
++ NULL, NULL,
++ lm_pwd, nt_pwd, /* this is a user password change */
++ &reason,
++ &dominfo);
++
++ if (!NT_STATUS_IS_OK(status)) {
++ ldb_transaction_cancel(sam_ctx);
++ goto failed;
++ }
++
+ /* And this confirms it in a transaction commit */
+ ret = ldb_transaction_commit(sam_ctx);
+ if (ret != LDB_SUCCESS) {
+--
+1.7.9.5
+
diff --git a/SOURCES/samba-4.1.x-CVE-2013-6442.patch b/SOURCES/samba-4.1.x-CVE-2013-6442.patch
new file mode 100644
index 0000000..39f53bf
--- /dev/null
+++ b/SOURCES/samba-4.1.x-CVE-2013-6442.patch
@@ -0,0 +1,31 @@
+From 82b1dafad17904bc224b0632486006fe88301b57 Mon Sep 17 00:00:00 2001
+From: Jeremy Allison <jra@samba.org>
+Date: Wed, 18 Dec 2013 13:56:18 -0800
+Subject: [PATCH] CVE-2013-6442: s3:smbcacls - ensure we don't lose an existing
+ ACL when setting owner or group owner.
+
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=10327
+Bug 10327 - CVE-2013-6442: smbcacls --chown | --chgrp dacl regression
+
+Signed-off-by: Jeremy Allison <jra@samba.org>
+Reviewed-by: Stefan Metzmacher <metze@samba.org>
+---
+ source3/utils/smbcacls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
+index 11b7388..e3b7099 100644
+--- a/source3/utils/smbcacls.c
++++ b/source3/utils/smbcacls.c
+@@ -990,7 +990,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
+ return EXIT_FAILED;
+ }
+
+- sd = make_sec_desc(talloc_tos(),old->revision, old->type,
++ sd = make_sec_desc(talloc_tos(),old->revision, SEC_DESC_SELF_RELATIVE,
+ (change_mode == REQUEST_CHOWN) ? &sid : NULL,
+ (change_mode == REQUEST_CHGRP) ? &sid : NULL,
+ NULL, NULL, &sd_size);
+--
+1.8.5.1
+
diff --git a/SPECS/samba.spec b/SPECS/samba.spec
index b48a704..e653b3d 100644
--- a/SPECS/samba.spec
+++ b/SPECS/samba.spec
@@ -1,9 +1,9 @@
# Set --with testsuite or %bcond_without to run the Samba torture testsuite.
%bcond_with testsuite
-%define main_release 3
+%define main_release 31
-%define samba_version 4.1.0
+%define samba_version 4.1.1
%define talloc_version 2.0.8
%define ntdb_version 0.9
%define tdb_version 1.2.12
@@ -85,6 +85,37 @@ Source6: samba.pamd
Source200: README.dc
Source201: README.downgrade
+Patch0: samba-4.1.1-Fix-memset-in-ntdb.patch
+Patch1: samba-4.1.0-upn.patch
+Patch2: samba-4.1.2-fix_strict_aliasing.patch
+Patch3: samba-4.1.2-doc.patch
+Patch4: samba-4.1.3-fix_grp_name_sub_in_template_homedir.patch
+Patch5: samba-4.1.3-CVE-2013-4408.patch
+Patch6: samba-4.1.3-fix_build_warnings.patch
+Patch7: samba-4.1.2-winbind_cache_keysize.patch
+Patch8: samba-4.1.3-CVE-2012-6150.patch
+Patch9: samba-4.1.3-winbind_debug.patch
+Patch10: samba-4.1.4-fix_dropbox_regression.patch
+Patch11: samba-4.1.4-fix_G_substitution_in_service_path.patch
+Patch12: samba-4.1.4-fix_winbind_100_percent_childs.patch
+Patch13: samba-4.1.4-Fix-segfault-in-smbd.patch
+Patch14: samba-4.1.4-fix_panic_when_smb2_brlock_times_out.patch
+Patch15: samba-4.1.5-fix_resource_leaks.patch
+Patch16: samba-4.1.5-fix_force_user_sec_ads.patch
+Patch17: samba-4.1.6-fix_one_way_trusts.patch
+Patch18: samba-4.1.6-fix_printer_list_memleadk.patch
+Patch19: samba-4.1.6-fix_pidl_install.patch
+Patch20: samba-4.1.6-fix_nbt_with_more_than_9_components.patch
+Patch21: samba-4.1.6-fix_ipv6_join.patch
+Patch22: samba-4.1.x-CVE-2013-4496.patch
+Patch23: samba-4.1.x-CVE-2013-6442.patch
+Patch24: samba-4.1.6-net_ads_kerberos_pac.patch
+Patch25: samba-4.1.6-fix_service_with_force_user.patch
+Patch26: samba-4.1.6-fix_fragmented_rpc_handling.patch
+Patch27: samba-4.1.7-make_pidl_lsa_struct_public.patch
+Patch28: samba-4.1.7-Make_daemons_systemd_aware.patch
+Patch29: samba-4.1.6-ipv6_workaround.patch
+
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires(pre): /usr/sbin/groupadd
@@ -101,6 +132,14 @@ Requires: libwbclient = %{samba_depver}
Provides: samba4 = %{samba_depver}
Obsoletes: samba4 < %{samba_depver}
+# We don't build it outdated docs anymore
+Obsoletes: samba-doc
+# Is not supported yet
+Obsoletes: samba-domainjoin-gui
+# SWAT been deprecated and removed from samba
+Obsoletes: samba-swat
+Obsoletes: samba4-swat
+
%if %with_clustering_support
BuildRequires: ctdb-devel
%endif
@@ -126,14 +165,17 @@ BuildRequires: python-devel
BuildRequires: python-tevent
BuildRequires: quota-devel
BuildRequires: readline-devel
+BuildRequires: systemd-devel
BuildRequires: sed
BuildRequires: zlib-devel >= 1.2.3
-BuildRequires: libbsd-devel
%if %{with_vfs_glusterfs}
BuildRequires: glusterfs-api-devel >= 3.4.0.16
BuildRequires: glusterfs-devel >= 3.4.0.16
%endif
+# pidl requirements
+BuildRequires: perl(Parse::Yapp)
+
%if ! %with_internal_talloc
%global libtalloc_version 2.0.7
@@ -266,7 +308,8 @@ Summary: Samba VFS module for GlusterFS
Group: Applications/System
Requires: glusterfs-api >= 3.4.0.16
Requires: glusterfs >= 3.4.0.16
-Requires: samba = %{epoch}:%{samba_version}-%{release}
+Requires: %{name} = %{epoch}:%{samba_version}-%{release}
+Requires: %{name}-libs = %{epoch}:%{samba_version}-%{release}
Obsoletes: samba-glusterfs
Provides: samba-glusterfs
@@ -325,6 +368,8 @@ The libwbclient package contains the winbind client library from the Samba suite
Summary: Developer tools for the winbind library
Group: Development/Libraries
Requires: libwbclient = %{samba_depver}
+Obsoletes: samba-winbind-devel
+Provides: samba-winbind-devel
%description -n libwbclient-devel
The libwbclient-devel package provides developer tools for the wbclient library.
@@ -359,7 +404,7 @@ Provides: samba4-pidl = %{samba_depver}
Obsoletes: samba4-pidl < %{samba_depver}
%description pidl
-The samba4-pidl package contains the Perl IDL compiler used by Samba
+The %{name}-pidl package contains the Perl IDL compiler used by Samba
and Wireshark to parse IDL and similar protocols
### TEST
@@ -475,6 +520,37 @@ module necessary to communicate to the Winbind Daemon
%prep
%setup -q -n samba-%{version}%{pre_release}
+%patch0 -p1 -b .samba-4.1.1-Fix-memset-in-ntdb.patch
+%patch1 -p1 -b .samba-4.1.0-upn.patch
+%patch2 -p1 -b .samba-4.1.2-fix_strict_aliasing.patch
+%patch3 -p1 -b .samba-4.1.2-doc.patch
+%patch4 -p1 -b .samba-4.1.3-fix_grp_name_sub_in_template_homedir.patch
+%patch5 -p1 -b .samba-4.1.3-CVE-2013-4408.patch
+%patch6 -p1 -b .samba-4.1.3-fix_build_warnings.patch
+%patch7 -p1 -b .samba-4.1.2-winbind_cache_keysize.patch
+%patch8 -p1 -b .samba-4.1.3-CVE-2012-6150.patch
+%patch9 -p1 -b .samba-4.1.3-winbind_debug.patch
+%patch10 -p1 -b .samba-4.1.4-fix_dropbox_regression.patch
+%patch11 -p1 -b .samba-4.1.4-fix_G_substitution_in_service_path.patch
+%patch12 -p1 -b .samba-4.1.4-fix_winbind_100_percent_childs.patch
+%patch13 -p1 -b .samba-4.1.4-Fix-segfault-in-smbd.patch
+%patch14 -p1 -b .samba-4.1.4-fix_panic_when_smb2_brlock_times_out.patch
+%patch15 -p1 -b .samba-4.1.5-fix_resource_leaks.patch
+%patch16 -p1 -b .samba-4.1.5-fix_force_user_sec_ads.patch
+%patch17 -p1 -b .samba-4.1.6-fix_one_way_trusts.patch
+%patch18 -p1 -b .samba-4.1.6-fix_printer_list_memleadk.patch
+%patch19 -p1 -b .samba-4.1.6-fix_pidl_install.patch
+%patch20 -p1 -b .samba-4.1.6-fix_nbt_with_more_than_9_components.patch
+%patch21 -p1 -b .samba-4.1.6-fix_ipv6_join.patch
+%patch22 -p1 -b .samba-4.1.x-CVE-2013-4496.patch
+%patch23 -p1 -b .samba-4.1.x-CVE-2013-6442.patch
+%patch24 -p1 -b .samba-4.1.6-net_ads_kerberos_pac.patch
+%patch25 -p1 -b .samba-4.1.6-fix_service_with_force_user.patch
+%patch26 -p1 -b .samba-4.1.6-fix_fragmented_rpc_handling.patch
+%patch27 -p1 -b .samba-4.1.7-make_pidl_lsa_struct_public.patch
+%patch28 -p1 -b .samba-4.1.7-Make_daemons_systemd_aware.patch
+%patch29 -p1 -b .samba-4.1.6-ipv6_workaround.patch
+
%build
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
%global _tevent_lib ,tevent,pytevent
@@ -527,11 +603,13 @@ LDFLAGS="-Wl,-z,relro,-z,now" \
--with-pammodulesdir=%{_libdir}/security \
--with-lockdir=/var/lib/samba \
--with-cachedir=/var/lib/samba \
+ --with-perl-vendordir=%{perl_vendorlib} \
--disable-gnutls \
--disable-rpath-install \
--with-shared-modules=%{_samba4_modules} \
--bundled-libraries=%{_samba4_libraries} \
--with-pam \
+ --without-fam \
%if (! %with_libsmbclient) || (! %with_libwbclient)
--private-libraries=%{_samba4_private_libraries} \
%endif
@@ -552,15 +630,12 @@ LDFLAGS="-Wl,-z,relro,-z,now" \
--enable-selftest \
%endif
%if ! %with_pam_smbpass
- --without-pam_smbpass
+ --without-pam_smbpass \
%endif
+ --with-systemd
make %{?_smp_mflags}
-# Build PIDL for installation into vendor directories before
-# 'make proto' gets to it.
-(cd pidl && %{__perl} Makefile.PL INSTALLDIRS=vendor )
-
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot}
@@ -579,13 +654,6 @@ install -d -m 0755 %{buildroot}/var/run/winbindd
install -d -m 0755 %{buildroot}/%{_libdir}/samba
install -d -m 0755 %{buildroot}/%{_libdir}/pkgconfig
-# Undo the PIDL install, we want to try again with the right options.
-rm -rf %{buildroot}/%{_libdir}/perl5
-rm -rf %{buildroot}/%{_datadir}/perl5
-
-# Install PIDL.
-( cd pidl && make install PERL_INSTALL_ROOT=%{buildroot} )
-
# Install other stuff
install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/samba
@@ -620,7 +688,7 @@ install -m 0644 %{SOURCE200} packaging/README.dc-libs
install -d -m 0755 %{buildroot}%{_unitdir}
for i in nmb smb winbind ; do
- cat packaging/systemd/$i.service | sed -e 's@Type=forking@Type=forking\nEnvironment=KRB5CCNAME=/run/samba/krb5cc_samba@g' >tmp$i.service
+ cat packaging/systemd/$i.service | sed -e 's@\[Service\]@[Service]\nEnvironment=KRB5CCNAME=/run/samba/krb5cc_samba@g' >tmp$i.service
install -m 0644 tmp$i.service %{buildroot}%{_unitdir}/$i.service
done
@@ -633,18 +701,10 @@ install -m 0755 packaging/NetworkManager/30-winbind-systemd \
install -d -m 0755 %{buildroot}%{_libdir}/krb5/plugins/libkrb5
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
-# Clean out crap left behind by the PIDL install.
-find %{buildroot} -type f -name .packlist -exec rm -f {} \;
-rm -f %{buildroot}%{perl_vendorlib}/wscript_build
-rm -rf %{buildroot}%{perl_vendorlib}/Parse/Yapp
-
# This makes the right links, as rpmlint requires that
# the ldconfig-created links be recorded in the RPM.
/sbin/ldconfig -N -n %{buildroot}%{_libdir}
-# Fix up permission on perl install.
-%{_fixperms} %{buildroot}%{perl_vendorlib}
-
%if %{with testsuite}
%check
TDB_NO_FSYNC=1 make %{?_smp_mflags} test
@@ -1435,10 +1495,41 @@ rm -rf %{buildroot}
### PIDL
%files pidl
%defattr(-,root,root,-)
-%{perl_vendorlib}/Parse/Pidl*
+%attr(755,root,root) %{_bindir}/pidl
+%dir %{perl_vendorlib}/Parse
+%{perl_vendorlib}/Parse/Pidl.pm
+%dir %{perl_vendorlib}/Parse/Pidl
+%{perl_vendorlib}/Parse/Pidl/CUtil.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4.pm
+%{perl_vendorlib}/Parse/Pidl/Expr.pm
+%{perl_vendorlib}/Parse/Pidl/ODL.pm
+%{perl_vendorlib}/Parse/Pidl/Typelist.pm
+%{perl_vendorlib}/Parse/Pidl/IDL.pm
+%{perl_vendorlib}/Parse/Pidl/Compat.pm
+%dir %{perl_vendorlib}/Parse/Pidl/Wireshark
+%{perl_vendorlib}/Parse/Pidl/Wireshark/Conformance.pm
+%{perl_vendorlib}/Parse/Pidl/Wireshark/NDR.pm
+%{perl_vendorlib}/Parse/Pidl/Dump.pm
+%dir %{perl_vendorlib}/Parse/Pidl/Samba3
+%{perl_vendorlib}/Parse/Pidl/Samba3/ServerNDR.pm
+%{perl_vendorlib}/Parse/Pidl/Samba3/ClientNDR.pm
+%dir %{perl_vendorlib}/Parse/Pidl/Samba4
+%{perl_vendorlib}/Parse/Pidl/Samba4/Header.pm
+%dir %{perl_vendorlib}/Parse/Pidl/Samba4/COM
+%{perl_vendorlib}/Parse/Pidl/Samba4/COM/Header.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4/COM/Proxy.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4/COM/Stub.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4/Python.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4/Template.pm
+%dir %{perl_vendorlib}/Parse/Pidl/Samba4/NDR
+%{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Server.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Client.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4/NDR/Parser.pm
+%{perl_vendorlib}/Parse/Pidl/Samba4/TDR.pm
+%{perl_vendorlib}/Parse/Pidl/NDR.pm
+%{perl_vendorlib}/Parse/Pidl/Util.pm
%{_mandir}/man1/pidl*
%{_mandir}/man3/Parse::Pidl*
-%attr(755,root,root) %{_bindir}/pidl
### PYTHON
%files python
@@ -1522,6 +1613,117 @@ rm -rf %{buildroot}
%{_mandir}/man8/pam_winbind.8*
%changelog
+* Thu Apr 03 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-31
+- resolves: #1082653 - Add IPv6 workaround for MIT kerberos.
+
+* Thu Apr 03 2014 - Alexander Bokovoy <abokovoy@redhat.com> - 4.1.1-30
+- resolves: #1083859 - Force KRB5CCNAME in Samba systemd units.
+- related: #1082598 - Fully enables systemd integration.
+
+* Tue Apr 01 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-29
+- resolves: #1082598 - Add missing BuildRequires for systemd-devel.
+
+* Wed Mar 26 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-28
+- resolves: #1077918 - Make daemons systemd aware.
+
+* Mon Mar 24 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-27
+- resolves: #1077857 - Fix internal error received while adding trust.
+
+* Fri Mar 21 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-26
+- resolves: #1079008 - Fix fragmented rpc handling.
+
+* Tue Mar 18 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-25
+- resolves: #1077651 - Fix 'force user' option for shares.
+
+* Wed Mar 12 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-24
+- resolves: #1053748 - Enhance "net ads kerberos pac" tool.
+
+* Mon Mar 10 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-23
+- resolves: #1072804 - Fix CVE-2013-4496.
+- resolves: #1072804 - Fix CVE-2013-6442.
+
+* Fri Mar 07 2014 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-22
+- resolves: #1024788 - Fix joining over IPv6.
+
+* Tue Mar 04 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-21
+- resolves: #1066536 - Fix NBT queries with more than 9 or more components.
+
+* Thu Feb 27 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-20
+- resolves: #1070692 - Don't package perl(Parse::Yapp::Driver)
+
+* Tue Feb 25 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-19
+- related: #1067606 - Add missing directories.
+
+* Tue Feb 25 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-18
+- related: #1067606 - Fix installation of pidl files.
+
+* Tue Feb 25 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-17
+- resolves: #1067606 - Fix wbinfo with one-way trust.
+- resolves: #1069569 - Fix memory leak reading the printer list.
+
+* Thu Feb 20 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-16
+- resolves: #1063186 - Fix force_user with security=ads.
+
+* Wed Feb 05 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-15
+- resolves: #1029001 - Fix force_user with security=ads.
+
+* Tue Jan 28 2014 Daniel Mach <dmach@redhat.com> - 4.1.1-14
+- Mass rebuild 2014-01-24
+
+* Mon Jan 13 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-13
+- resolves: #1051582 - Fix warnings an resource leaks reported by rpmdiff.
+
+* Fri Jan 10 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-12
+- resolves: #1050886 - Fix full CPU utilization in winbindd.
+- resolves: #1051400 - Fix segfault in smbd.
+- resolves: #1051402 - Fix SMB2 server panic when a smb2 brlock times out.
+
+* Thu Jan 09 2014 - Andreas Schneider <asn@redhat.com> - 4.1.1-11
+- resolves: #1042845 - Do not build with libbsd.
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 4.1.1-10
+- Mass rebuild 2013-12-27
+
+* Wed Dec 11 2013 - Andreas Schneider <asn@redhat.com> - 4.1.1-9
+- resolves: #1033122 - Fix dropbox regression.
+- resolves: #1040464 - Fix %G substituion for config parameters.
+
+* Wed Dec 11 2013 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-8
+- resolves: #1040052 - Fix winbind debug message NULL pointer derreference.
+
+* Mon Dec 09 2013 - Andreas Schneider <asn@redhat.com> - 4.1.1-7
+- resolves: #1039499 - Fix CVE-2012-6150.
+
+* Fri Nov 29 2013 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-6
+- resolves: #1033109 - Fix winbind cache keysize limitations.
+
+* Wed Nov 27 2013 - Andreas Schneider <asn@redhat.com> - 4.1.1-5
+- resolves: #1034160 - Make sure we don't build the fam notify module.
+
+* Mon Nov 25 2013 - Andreas Schneider <asn@redhat.com> - 4.1.1-4
+- resolves: #1034048 - Fix group name substitution in template homedir.
+- resolves: #1018041 - Fix CVE-2013-4408.
+- related: #884169 - Fix several covscan warnings.
+
+* Mon Nov 18 2013 - Guenther Deschner <gdeschner@redhat.com> - 4.1.1-3
+- resolves: #948509 - Fix manpage correctness.
+
+* Fri Nov 15 2013 - Andreas Schneider <asn@redhat.com> - 4.1.1-2
+- related: #884169 - Fix strict aliasing warnings.
+
+* Mon Nov 11 2013 - Andreas Schneider <asn@redhat.com> - 4.1.1-1
+- resolves: #1024543 - Fix CVE-2013-4475.
+- Update to Samba 4.1.1.
+
+* Mon Nov 11 2013 - Andreas Schneider <asn@redhat.com> - 4.1.0-5
+- related: #884169 - Fix the upgrade path.
+
+* Wed Oct 30 2013 - Andreas Schneider <asn@redhat.com> - 4.1.0-4
+- related: #884169 - Add direct dependency to samba-libs in the
+ glusterfs package.
+- resolves: #996567 - Fix userPrincipalName composition.
+- related: #884169 - Fix memset call with zero length in in ntdb.
+
* Fri Oct 18 2013 - Andreas Schneider <asn@redhat.com> - 4.1.0-3
- resolves: #1019384 - Build glusterfs VFS plguin.