[Pkg-samba-maint] r3855 - in branches/samba/lenny: debian debian/patches docs/htmldocs docs/manpages examples/LDAP source source/client source/include source/lib source/libaddns source/libads source/libgpo source/librpc/gen_ndr source/librpc/idl source/libsmb source/m4 source/modules source/nmbd source/nsswitch source/pam_smbpass source/param source/passdb source/po source/printing source/rpc_client source/script source/smbd source/utils source/web source/winbindd

bubulle at alioth.debian.org bubulle at alioth.debian.org
Wed Jul 27 07:08:48 UTC 2011


Author: bubulle
Date: 2011-07-27 07:08:47 +0000 (Wed, 27 Jul 2011)
New Revision: 3855

Added:
   branches/samba/lenny/debian/patches/security-CVE-2011-2694.patch
Modified:
   branches/samba/lenny/debian/changelog
   branches/samba/lenny/debian/patches/series
   branches/samba/lenny/docs/htmldocs/index.html
   branches/samba/lenny/docs/manpages/lmhosts.5
   branches/samba/lenny/docs/manpages/net.8
   branches/samba/lenny/docs/manpages/nmbd.8
   branches/samba/lenny/docs/manpages/ntlm_auth.1
   branches/samba/lenny/docs/manpages/smb.conf.5
   branches/samba/lenny/docs/manpages/smbd.8
   branches/samba/lenny/docs/manpages/swat.8
   branches/samba/lenny/docs/manpages/tdbbackup.8
   branches/samba/lenny/docs/manpages/winbindd.8
   branches/samba/lenny/examples/LDAP/README
   branches/samba/lenny/source/Makefile.in
   branches/samba/lenny/source/VERSION
   branches/samba/lenny/source/client/client.c
   branches/samba/lenny/source/client/dnsbrowse.c
   branches/samba/lenny/source/client/mount.cifs.c
   branches/samba/lenny/source/configure
   branches/samba/lenny/source/configure.in
   branches/samba/lenny/source/include/config.h.in
   branches/samba/lenny/source/include/includes.h
   branches/samba/lenny/source/include/local.h
   branches/samba/lenny/source/include/rpc_dce.h
   branches/samba/lenny/source/include/smb.h
   branches/samba/lenny/source/lib/events.c
   branches/samba/lenny/source/lib/packet.c
   branches/samba/lenny/source/lib/readline.c
   branches/samba/lenny/source/lib/select.c
   branches/samba/lenny/source/lib/system.c
   branches/samba/lenny/source/lib/util.c
   branches/samba/lenny/source/lib/util_sid.c
   branches/samba/lenny/source/lib/util_sock.c
   branches/samba/lenny/source/libaddns/dnssock.c
   branches/samba/lenny/source/libads/ldap.c
   branches/samba/lenny/source/libgpo/gpo_fetch.c
   branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c
   branches/samba/lenny/source/librpc/idl/samr.idl
   branches/samba/lenny/source/libsmb/clidfs.c
   branches/samba/lenny/source/libsmb/clientgen.c
   branches/samba/lenny/source/libsmb/clilist.c
   branches/samba/lenny/source/libsmb/cliquota.c
   branches/samba/lenny/source/libsmb/nmblib.c
   branches/samba/lenny/source/libsmb/samlogon_cache.c
   branches/samba/lenny/source/m4/aclocal.m4
   branches/samba/lenny/source/m4/check_path.m4
   branches/samba/lenny/source/modules/vfs_full_audit.c
   branches/samba/lenny/source/modules/vfs_xattr_tdb.c
   branches/samba/lenny/source/nmbd/nmbd_packets.c
   branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c
   branches/samba/lenny/source/nsswitch/wb_common.c
   branches/samba/lenny/source/nsswitch/wins.c
   branches/samba/lenny/source/pam_smbpass/README
   branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c
   branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c
   branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c
   branches/samba/lenny/source/pam_smbpass/support.c
   branches/samba/lenny/source/pam_smbpass/support.h
   branches/samba/lenny/source/param/loadparm.c
   branches/samba/lenny/source/passdb/login_cache.c
   branches/samba/lenny/source/passdb/pdb_interface.c
   branches/samba/lenny/source/passdb/pdb_ldap.c
   branches/samba/lenny/source/passdb/pdb_tdb.c
   branches/samba/lenny/source/passdb/secrets.c
   branches/samba/lenny/source/po/de.msg
   branches/samba/lenny/source/printing/nt_printing.c
   branches/samba/lenny/source/printing/printing.c
   branches/samba/lenny/source/printing/printing_db.c
   branches/samba/lenny/source/rpc_client/cli_pipe.c
   branches/samba/lenny/source/script/installswat.sh
   branches/samba/lenny/source/script/smbtar
   branches/samba/lenny/source/smbd/dnsregister.c
   branches/samba/lenny/source/smbd/lanman.c
   branches/samba/lenny/source/smbd/mangle_hash.c
   branches/samba/lenny/source/smbd/nttrans.c
   branches/samba/lenny/source/smbd/open.c
   branches/samba/lenny/source/smbd/oplock.c
   branches/samba/lenny/source/smbd/oplock_irix.c
   branches/samba/lenny/source/smbd/posix_acls.c
   branches/samba/lenny/source/smbd/process.c
   branches/samba/lenny/source/smbd/server.c
   branches/samba/lenny/source/smbd/service.c
   branches/samba/lenny/source/utils/smbcontrol.c
   branches/samba/lenny/source/utils/smbfilter.c
   branches/samba/lenny/source/web/swat.c
   branches/samba/lenny/source/winbindd/idmap_cache.c
   branches/samba/lenny/source/winbindd/idmap_tdb2.c
   branches/samba/lenny/source/winbindd/winbindd.c
   branches/samba/lenny/source/winbindd/winbindd_cache.c
   branches/samba/lenny/source/winbindd/winbindd_dual.c
Log:
* Security update, fixing the following issue:
  - CVE-2011-2694: possible XSS attack in SWAT

Modified: branches/samba/lenny/debian/changelog
===================================================================
--- branches/samba/lenny/debian/changelog	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/debian/changelog	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1,3 +1,10 @@
+samba (2:3.2.5-4lenny15) UNRELEASED; urgency=low
+
+  * Security update, fixing the following issue:
+    - CVE-2011-2694: possible XSS attack in SWAT
+
+ -- Christian Perrier <bubulle at debian.org>  Wed, 27 Jul 2011 09:07:40 +0200
+
 samba (2:3.2.5-4lenny14) oldstable-security; urgency=high
 
   * Security update, fixing the following issue:

Added: branches/samba/lenny/debian/patches/security-CVE-2011-2694.patch
===================================================================
--- branches/samba/lenny/debian/patches/security-CVE-2011-2694.patch	                        (rev 0)
+++ branches/samba/lenny/debian/patches/security-CVE-2011-2694.patch	2011-07-27 07:08:47 UTC (rev 3855)
@@ -0,0 +1,41 @@
+Goal: Fix possible XSS attack in SWAT
+
+Fixes: Upstream security fix. CVE-2011-2694
+
+Status wrt upstream: Fixed in 3.5.10
+
+Author: Kai Blin <kai at samba.org>
+
+Index: lenny/source/web/swat.c
+===================================================================
+--- lenny.orig/source/web/swat.c
++++ lenny/source/web/swat.c
+@@ -1116,11 +1116,9 @@
+ 	if(cgi_variable(CHG_S_PASSWD_FLAG)) {
+ 		printf("<p>");
+ 		if (rslt == True) {
+-			printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
+-			printf("\n");
++			printf("%s\n", _(" The passwd has been changed."));
+ 		} else {
+-			printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
+-			printf("\n");
++			printf("%s\n", _(" The passwd has NOT been changed."));
+ 		}
+ 	}
+ 	
+@@ -1134,14 +1132,6 @@
+ {
+ 	const char *new_name = cgi_user_name();
+ 
+-	/* 
+-	 * After the first time through here be nice. If the user
+-	 * changed the User box text to another users name, remember it.
+-	 */
+-	if (cgi_variable(SWAT_USER)) {
+-		new_name = cgi_variable_nonull(SWAT_USER);
+-	} 
+-
+ 	if (!new_name) new_name = "";
+ 
+ 	printf("<H2>%s</H2>\n", _("Server Password Management"));

Modified: branches/samba/lenny/debian/patches/series
===================================================================
--- branches/samba/lenny/debian/patches/series	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/debian/patches/series	2011-07-27 07:08:47 UTC (rev 3855)
@@ -46,3 +46,4 @@
 security-CVE-2010-2063.patch
 security-CVE-2010-3069.patch
 security-CVE-2011-0719.patch
+security-CVE-2011-2694.patch

Modified: branches/samba/lenny/docs/htmldocs/index.html
===================================================================
--- branches/samba/lenny/docs/htmldocs/index.html	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/htmldocs/index.html	2011-07-27 07:08:47 UTC (rev 3855)
@@ -23,19 +23,11 @@
  <td valign="top">This book provides example configurations, it documents key aspects of Microsoft Windows networking, provides in-depth insight into the important configuration of Samba-3, and helps to put all of these into a useful framework.</td>
 </tr>
 <tr>
- <td valign="top"><a href="../using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
+ <td valign="top"><a href="using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
  <td valign="top"><i>Using Samba</i>, Second Edition is a comprehensive guide to Samba administration. It covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0, as well as the SWAT graphical configuration tool. Updated for Windows 2000, ME, and XP, the book also explores Samba's new role as a primary domain controller and domain member server, its support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients.</td>
 </tr>
 <tr>
- <td valign="top"><a href="manpages-3/index.html">Man pages</a></td>
+ <td valign="top"><a href="manpages/index.html">Man pages</a></td>
  <td valign="top">The Samba man pages in HTML.</td>
 </tr>
-<tr>
- <td valign="top"><a href="../../WHATSNEW.txt">WHATSNEW</a></td>
-  <td valign="top">Samba Release Notes.</td>
-</tr>
-<tr>
- <td valign="top"><a href="../../README.VENDOR">README.VENDOR</a></td>
-  <td valign="top">VENDOR specific information.</td>
-</tr>
 </table></body></html>

Modified: branches/samba/lenny/docs/manpages/lmhosts.5
===================================================================
--- branches/samba/lenny/docs/manpages/lmhosts.5	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/lmhosts.5	2011-07-27 07:08:47 UTC (rev 3855)
@@ -83,10 +83,8 @@
 file\.
 .SH "FILES"
 .PP
-lmhosts is loaded from the configuration directory\. This is usually
-\fI/etc/samba\fR
-or
-\fI/usr/local/samba/lib\fR\.
+lmhosts is loaded from the configuration directory. This is
+\fI/etc/samba\fR.
 .SH "VERSION"
 .PP
 This man page is correct for version 3 of the Samba suite\.

Modified: branches/samba/lenny/docs/manpages/net.8
===================================================================
--- branches/samba/lenny/docs/manpages/net.8	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/net.8	2011-07-27 07:08:47 UTC (rev 3855)
@@ -660,9 +660,9 @@
 Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend\. In this case the secret is used as the password for the user DN used to bind to the ldap server\.
 .SS "USERSHARE"
 .PP
-Starting with version 3\.0\.23, a Samba server now supports the ability for non\-root users to add user defined shares to be exported using the "net usershare" commands\.
+Starting with version 3\.0\.23, a Samba server now supports the ability for non\-root users to add user-defined shares to be exported using the "net usershare" commands\.
 .PP
-To set this up, first set up your smb\.conf by adding to the [global] section: usershare path = /usr/local/samba/lib/usershares Next create the directory /usr/local/samba/lib/usershares, change the owner to root and set the group owner to the UNIX group who should have the ability to create usershares, for example a group called "serverops"\. Set the permissions on /usr/local/samba/lib/usershares to 01770\. (Owner and group all access, no access for others, plus the sticky bit, which means that a file in that directory can be renamed or deleted only by the owner of the file)\. Finally, tell smbd how many usershares you will allow by adding to the [global] section of smb\.conf a line such as : usershare max shares = 100\. To allow 100 usershare definitions\. Now, members of the UNIX group "serverops" can create user defined shares on demand using the commands below\.
+Members of the UNIX group "sambashare" can create user-defined shares on demand using the commands below.
 .PP
 The usershare commands are:
 .IP "" 4

Modified: branches/samba/lenny/docs/manpages/nmbd.8
===================================================================
--- branches/samba/lenny/docs/manpages/nmbd.8	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/nmbd.8	2011-07-27 07:08:47 UTC (rev 3855)
@@ -107,11 +107,9 @@
 to answer any name queries\. Adding a line to this file affects name NetBIOS resolution from this host
 \fIONLY\fR\.
 .sp
-The default path to this file is compiled into Samba as part of the build process\. Common defaults are
-\fI/usr/local/samba/lib/lmhosts\fR,
-\fI/usr/samba/lib/lmhosts\fR
-or
-\fI/etc/samba/lmhosts\fR\. See the
+The default path to this file is
+\fI/etc/samba/lmhosts\fR.
+See the
 \fBlmhosts\fR(5)
 man page for details on the contents of this file\.
 .RE
@@ -179,14 +177,11 @@
 inetd, this file must contain a mapping of service name (e\.g\., netbios\-ssn) to service port (e\.g\., 139) and protocol type (e\.g\., tcp)\.
 .RE
 .PP
-\fI/usr/local/samba/lib/smb\.conf\fR
+\fI/etc/samba/smb.conf\fR
 .RS 4
 This is the default location of the
 \fBsmb.conf\fR(5)
-server configuration file\. Other common places that systems install this file are
-\fI/usr/samba/lib/smb\.conf\fR
-and
-\fI/etc/samba/smb\.conf\fR\.
+server configuration file.
 .sp
 When run as a WINS server (see the
 \fIwins support\fR
@@ -230,10 +225,8 @@
 will accept SIGHUP, which will cause it to dump out its namelists into the file
 \fInamelist\.debug \fR
 in the
-\fI/usr/local/samba/var/locks\fR
-directory (or the
-\fIvar/locks\fR
-directory configured under wherever Samba was configured to install itself)\. This will also cause
+\fI/var/run/samba\fR
+directory. This will also cause
 nmbd
 to dump out its server database in the
 \fIlog\.nmb\fR

Modified: branches/samba/lenny/docs/manpages/ntlm_auth.1
===================================================================
--- branches/samba/lenny/docs/manpages/ntlm_auth.1	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/ntlm_auth.1	2011-07-27 07:08:47 UTC (rev 3855)
@@ -35,7 +35,7 @@
 Some of these commands also require access to the directory
 \fIwinbindd_privileged\fR
 in
-\fI$LOCKDIR\fR\. This should be done either by running this command as root or providing group access to the
+\fI/var/run/samba\fR. This should be done either by running this command as root or providing group access to the
 \fIwinbindd_privileged\fR
 directory\. For security reasons, this directory should not be world\-accessable\.
 .SH "OPTIONS"
@@ -61,7 +61,7 @@
 Requires access to the directory
 \fIwinbindd_privileged\fR
 in
-\fI$LOCKDIR\fR\. The protocol used is described here:
+\fI/var/run/samba\fR. The protocol used is described here:
 http://devel\.squid\-cache\.org/ntlm/squid_helper_protocol\.html\. This protocol has been extended to allow the NTLMSSP Negotiate packet to be included as an argument to the
 YR
 command\. (Thus avoiding loss of information in the protocol exchange)\.
@@ -84,7 +84,7 @@
 Requires access to the directory
 \fIwinbindd_privileged\fR
 in
-\fI$LOCKDIR\fR\.
+\fI/var/run/samba\fR.
 .RE
 .PP
 gss\-spnego\-client

Modified: branches/samba/lenny/docs/manpages/smb.conf.5
===================================================================
--- branches/samba/lenny/docs/manpages/smb.conf.5	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/smb.conf.5	2011-07-27 07:08:47 UTC (rev 3855)
@@ -269,7 +269,7 @@
 .PP
 usershare path
 .RS 4
-Points to the directory containing the user defined share definitions\. The filesystem permissions on this directory control who can create user defined shares\.
+Points to the directory containing the user-defined share definitions. The filesystem permissions on this directory control who can create user-defined shares.
 .RE
 .PP
 usershare prefix allow list
@@ -287,32 +287,8 @@
 Names a pre\-existing share used as a template for creating new usershares\. All other share parameters not specified in the user defined share definition are copied from this named share\.
 .RE
 .PP
-To allow members of the UNIX group
-foo
-to create user defined shares, create the directory to contain the share definitions as follows:
+Members of the \fBsambashare\fR group can manipulate the user-defined shares using the following commands:
 .PP
-Become root:
-.sp
-.RS 4
-.nf
-mkdir /usr/local/samba/lib/usershares
-chgrp foo /usr/local/samba/lib/usershares
-chmod 1770 /usr/local/samba/lib/usershares
-.fi
-.RE
-.PP
-Then add the parameters
-.sp
-.RS 4
-.nf
-	\fIusershare path = /usr/local/samba/lib/usershares\fR
-	\fIusershare max shares = 10\fR # (or the desired number of shares)
-.fi
-.RE
-.sp
-to the global section of your
-\fIsmb\.conf\fR\. Members of the group foo may then manipulate the user defined shares using the following commands\.
-.PP
 net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]
 .RS 4
 To create or modify (overwrite) a user defined share\.
@@ -750,8 +726,8 @@
 Default:
 \fI\fIadd machine script\fR\fR\fI = \fR\fI\fR\fI \fR
 .sp
-Example:
-\fI\fIadd machine script\fR\fR\fI = \fR\fI/usr/sbin/adduser \-n \-g machines \-c Machine \-d /var/lib/nobody \-s /bin/false %u\fR\fI \fR
+Example for Debian:
+\fB\fIadd machine script\fR = /usr/sbin/adduser -n -g machines -c Machine -d /var/lib/samba -s /bin/false %u \fR
 .RE
 
 add port command (G)
@@ -8802,25 +8778,25 @@
 usershare path (G)
 .PP
 .RS 4
-This parameter specifies the absolute path of the directory on the filesystem used to store the user defined share definition files\. This directory must be owned by root, and have no access for other, and be writable only by the group owner\. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured)\. Members of the group owner of this directory are the users allowed to create usershares\. If this parameter is undefined then no user defined shares are allowed\.
+This parameter specifies the absolute path of the directory on the filesystem used to store the user-defined share definition files. This directory must be owned by root, and have no access for other, and be writable only by the group owner. In addition the "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create usershares. If this parameter is undefined then no user-defined shares are allowed.
 .sp
-For example, a valid usershare directory might be /usr/local/samba/lib/usershares, set up as follows\.
+For example, on Debian the default usershare directory of /var/lib/samba/usershares is set up as follows.
 .sp
 
 .sp
 .RS 4
 .nf
-	ls \-ld /usr/local/samba/lib/usershares/
-	drwxrwx\-\-T  2 root power_users 4096 2006\-05\-05 12:27 /usr/local/samba/lib/usershares/
+	ls -ld /var/lib/samba/usershares/
+	drwxrwx--T  2 root sambashare 4096 2006-05-05 12:27 /var/lib/samba/usershares/
 	
 .fi
 .RE
 .sp
 .sp
-In this case, only members of the group "power_users" can create user defined shares\.
+In this case, only members of the group "sambashare" can create user defined shares.
 .sp
 Default:
-\fI\fIusershare path\fR\fR\fI = \fR\fINULL\fR\fI \fR
+\fB\fIusershare path\fR = /var/lib/samba/usershares \fR
 .RE
 
 usershare prefix allow list (G)

Modified: branches/samba/lenny/docs/manpages/smbd.8
===================================================================
--- branches/samba/lenny/docs/manpages/smbd.8	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/smbd.8	2011-07-27 07:08:47 UTC (rev 3855)
@@ -161,14 +161,11 @@
 inetd, this file must contain a mapping of service name (e\.g\., netbios\-ssn) to service port (e\.g\., 139) and protocol type (e\.g\., tcp)\.
 .RE
 .PP
-\fI/usr/local/samba/lib/smb\.conf\fR
+\fI/etc/samba/smb.conf\fR
 .RS 4
 This is the default location of the
 \fBsmb.conf\fR(5)
-server configuration file\. Other common places that systems install this file are
-\fI/usr/samba/lib/smb\.conf\fR
-and
-\fI/etc/samba/smb\.conf\fR\.
+server configuration file.
 .sp
 This file describes all the services the server is to make available to clients\. See
 \fBsmb.conf\fR(5)

Modified: branches/samba/lenny/docs/manpages/swat.8
===================================================================
--- branches/samba/lenny/docs/manpages/swat.8	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/swat.8	2011-07-27 07:08:47 UTC (rev 3855)
@@ -103,85 +103,6 @@
 .RS 4
 Print a summary of command line options\.
 .RE
-.SH "INSTALLATION"
-.PP
-Swat is included as binary package with most distributions\. The package manager in this case takes care of the installation and configuration\. This section is only for those who have compiled swat from scratch\.
-.PP
-After you compile SWAT you need to run
-make install
-to install the
-swat
-binary and the various help files and images\. A default install would put these in:
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/sbin/swat
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/swat/images/*
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04'\(bu\h'+03'\c
-.\}
-.el \{\
-.sp -1
-.IP \(bu 2.3
-.\}
-/usr/local/samba/swat/help/*
-.sp
-.RE
-.SS "Inetd Installation"
-.PP
-You need to edit your
-\fI/etc/inetd\.conf \fR
-and
-\fI/etc/services\fR
-to enable SWAT to be launched via
-inetd\.
-.PP
-In
-\fI/etc/services\fR
-you need to add a line like this:
-.PP
-swat 901/tcp
-.PP
-Note for NIS/YP and LDAP users \- you may need to rebuild the NIS service maps rather than alter your local
-\fI /etc/services\fR
-file\.
-.PP
-the choice of port number isn\'t really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your
-inetd
-daemon)\.
-.PP
-In
-\fI/etc/inetd\.conf\fR
-you should add a line like this:
-.PP
-swat stream tcp nowait\.400 root /usr/local/samba/sbin/swat swat
-.PP
-Once you have edited
-\fI/etc/services\fR
-and
-\fI/etc/inetd\.conf\fR
-you need to send a HUP signal to inetd\. To do this use
-kill \-1 PID
-where PID is the process ID of the inetd daemon\.
 .SH "LAUNCHING"
 .PP
 To launch SWAT just run your favorite web browser and point it at "http://localhost:901/"\.
@@ -199,14 +120,11 @@
 This file must contain a mapping of service name (e\.g\., swat) to service port (e\.g\., 901) and protocol type (e\.g\., tcp)\.
 .RE
 .PP
-\fI/usr/local/samba/lib/smb\.conf\fR
+\fI/etc/samba/smb.conf\fR
 .RS 4
 This is the default location of the
 \fBsmb.conf\fR(5)
-server configuration file that swat edits\. Other common places that systems install this file are
-\fI /usr/samba/lib/smb\.conf\fR
-and
-\fI/etc/smb\.conf \fR\. This file describes all the services the server is to make available to clients\.
+server configuration file that swat edits. This file describes all the services the server is to make available to clients.
 .RE
 .SH "WARNINGS"
 .PP

Modified: branches/samba/lenny/docs/manpages/tdbbackup.8
===================================================================
--- branches/samba/lenny/docs/manpages/tdbbackup.8	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/tdbbackup.8	2011-07-27 07:08:47 UTC (rev 3855)
@@ -69,7 +69,7 @@
 .\}
 
 secrets\.tdb
-\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\.
+- usual location is in the /var/lib/samba directory.
 .RE
 .sp
 .RS 4
@@ -82,7 +82,7 @@
 .\}
 
 passdb\.tdb
-\- usual location is in the /usr/local/samba/private directory, or on some systems in /etc/samba\.
+- usual location is in the /var/lib/samba directory.
 .RE
 .sp
 .RS 4
@@ -95,7 +95,7 @@
 .\}
 
 *\.tdb
-located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\.
+located in the /var/lib/samba and /var/run/samba directories.
 .SH "VERSION"
 .PP
 This man page is correct for version 3 of the Samba suite\.

Modified: branches/samba/lenny/docs/manpages/winbindd.8
===================================================================
--- branches/samba/lenny/docs/manpages/winbindd.8	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/docs/manpages/winbindd.8	2011-07-27 07:08:47 UTC (rev 3855)
@@ -521,16 +521,16 @@
 file are owned by root\.
 .RE
 .PP
-$LOCKDIR/winbindd_privileged/pipe
+/var/run/samba/winbindd_privileged/pipe
 .RS 4
 The UNIX pipe over which \'privileged\' clients communicate with the
 winbindd
 program\. For security reasons, access to some winbindd functions \- like those needed by the
 ntlm_auth
-utility \- is restricted\. By default, only users in the \'root\' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like \'squid\' to use ntlm_auth\. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
-\fI$LOCKDIR/winbindd_privileged\fR
+utility - is restricted. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on /var/run/samba/winbindd_privileged to allow programs like 'squid' to use ntlm_auth. Note that the winbind client will only attempt to connect to the winbindd daemon if both the
+\fI/var/run/samba/winbindd_privileged\fR
 directory and
-\fI$LOCKDIR/winbindd_privileged/pipe\fR
+\fI/var/run/samba/winbindd_privileged/pipe\fR
 file are owned by root\.
 .RE
 .PP
@@ -539,15 +539,12 @@
 Implementation of name service switch library\.
 .RE
 .PP
-$LOCKDIR/winbindd_idmap\.tdb
+/var/run/samba/winbindd_idmap.tdb
 .RS 4
-Storage for the Windows NT rid to UNIX user/group id mapping\. The lock directory is specified when Samba is initially compiled using the
-\fI\-\-with\-lockdir\fR
-option\. This directory is by default
-\fI/usr/local/samba/var/locks \fR\.
+Storage for the Windows NT rid to UNIX user/group id mapping.
 .RE
 .PP
-$LOCKDIR/winbindd_cache\.tdb
+/var/run/samba/winbindd_cache.tdb
 .RS 4
 Storage for cached user and group information\.
 .RE

Modified: branches/samba/lenny/examples/LDAP/README
===================================================================
--- branches/samba/lenny/examples/LDAP/README	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/examples/LDAP/README	2011-07-27 07:08:47 UTC (rev 3855)
@@ -69,6 +69,9 @@
 The smbldap-tools package can be downloaded individually from
 https://gna.org/projects/smbldap-tools/
 
+On Debian systems, the smbldap-tools exists as a separate package
+and is not included in LDAP examples.
+
 !==
 !== end of README
 !==

Modified: branches/samba/lenny/source/Makefile.in
===================================================================
--- branches/samba/lenny/source/Makefile.in	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/Makefile.in	2011-07-27 07:08:47 UTC (rev 3855)
@@ -228,7 +228,7 @@
 TDB_OBJ = lib/util_tdb.o \
 	  lib/dbwrap.o lib/dbwrap_tdb.o \
 	  lib/dbwrap_tdb2.o lib/dbwrap_ctdb.o \
-	  lib/dbwrap_rbt.o @LIBTDB_STATIC@
+	  lib/dbwrap_rbt.o
 
 SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@
 
@@ -292,8 +292,7 @@
 SOCKET_WRAPPER_OBJ = @SOCKET_WRAPPER_OBJS@
 NSS_WRAPPER_OBJ = @NSS_WRAPPER_OBJS@
 
-LIBSAMBAUTIL_OBJ = @LIBTALLOC_STATIC@ \
-		$(LIBREPLACE_OBJ) \
+LIBSAMBAUTIL_OBJ = $(LIBREPLACE_OBJ) \
 		$(SOCKET_WRAPPER_OBJ) \
 		$(NSS_WRAPPER_OBJ)
 
@@ -345,7 +344,7 @@
 
 LIBADDNS_OBJ0 = libaddns/dnsrecord.o libaddns/dnsutils.o  libaddns/dnssock.o \
 	       libaddns/dnsgss.o libaddns/dnsmarshall.o
-LIBADDNS_OBJ = $(LIBADDNS_OBJ0) $(SOCKET_WRAPPER_OBJ) @LIBTALLOC_STATIC@
+LIBADDNS_OBJ = $(LIBADDNS_OBJ0) $(SOCKET_WRAPPER_OBJ)
 
 LIBGPO_OBJ0 = libgpo/gpo_ldap.o libgpo/gpo_ini.o libgpo/gpo_util.o \
 	      libgpo/gpo_fetch.o libgpo/gpo_filesync.o libgpo/gpo_sec.o
@@ -1057,15 +1056,15 @@
 		iniparser_build/strlib.o
 
 TDBBACKUP_OBJ = @tdbdir@/tools/tdbbackup.o $(LIBREPLACE_OBJ) \
-	@LIBTDB_STATIC@ $(SOCKET_WRAPPER_OBJ)
+	$(SOCKET_WRAPPER_OBJ)
 
-TDBTOOL_OBJ = @tdbdir@/tools/tdbtool.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
+TDBTOOL_OBJ = @tdbdir@/tools/tdbtool.o $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
-TDBDUMP_OBJ = @tdbdir@/tools/tdbdump.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
+TDBDUMP_OBJ = @tdbdir@/tools/tdbdump.o $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
-TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o @LIBTDB_STATIC@ $(LIBREPLACE_OBJ) \
+TDBTORTURE_OBJ = @tdbdir@/tools/tdbtorture.o $(LIBREPLACE_OBJ) \
 	$(SOCKET_WRAPPER_OBJ)
 
 
@@ -1260,263 +1259,348 @@
 	  dir=bin $(MAKEDIR); fi
 	@: >> $@ || : > $@ # what a fancy emoticon!
 
-bin/smbd at EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @BUILD_POPT@
+bin/smbd at EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@ @BUILD_POPT@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LDAP_LIBS) \
+	@$(AR) -rc $@.a $(SMBD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(LDAP_LIBS) \
 		$(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
 		$(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) \
 		$(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/nmbd at EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/nmbd at EXEEXT@: $(BINARY_PREREQS) $(NMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(NMBD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS)
+	@rm -f $@.a
 
-bin/swat at EXEEXT@: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/swat at EXEEXT@: $(BINARY_PREREQS) $(SWAT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(PRINT_LIBS) \
+	@$(AR) -rc $@.a $(SWAT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(PRINT_LIBS) \
 	  $(AUTH_LIBS) $(LIBS) $(PASSDB_LIBS) $(POPT_LIBS) $(KRB5LIBS) \
 	  $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/rpcclient at EXEEXT@: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/rpcclient at EXEEXT@: $(BINARY_PREREQS) $(RPCCLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(PASSDB_LIBS) $(RPCCLIENT_OBJ) \
+	@$(AR) -rc $@.a $(RPCCLIENT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(PASSDB_LIBS) \
 		$(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbclient at EXEEXT@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbclient at EXEEXT@: $(BINARY_PREREQS) $(CLIENT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(CLIENT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) $(DNSSD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/net at EXEEXT@: $(BINARY_PREREQS) $(NET_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@ @LIBNETAPI_SHARED@
+bin/net at EXEEXT@: $(BINARY_PREREQS) $(NET_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@ @LIBNETAPI_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(POPT_LIBS) $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) \
 		$(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) \
 		@INIPARSERLIBS@ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) $(LIBNETAPI_LIBS)
 
-bin/profiles at EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/profiles at EXEEXT@: $(BINARY_PREREQS) $(PROFILES_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PROFILES_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(PROFILES_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbspool at EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbspool at EXEEXT@: $(BINARY_PREREQS) $(CUPS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(CUPS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
 bin/mount.cifs at EXEEXT@: $(BINARY_PREREQS) $(CIFS_MOUNT_OBJ) @BUILD_POPT@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CIFS_MOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@$(AR) -rc $@.a $(CIFS_MOUNT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@rm -f $@.a
 
 bin/umount.cifs at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UMOUNT_OBJ) @BUILD_POPT@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CIFS_UMOUNT_OBJ) $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@$(AR) -rc $@.a $(CIFS_UMOUNT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(POPT_LIBS)
+	@rm -f $@.a
 
-bin/cifs.upcall at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/cifs.upcall at EXEEXT@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ1) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(CIFS_UPCALL_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		-lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) \
 		$(LIBTDB_LIBS) $(NSCD_LIBS)
+	@rm -f $@.a
 
-bin/testparm at EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/testparm at EXEEXT@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(TESTPARM_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbstatus at EXEEXT@: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbstatus at EXEEXT@: $(BINARY_PREREQS) $(STATUS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(STATUS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbcontrol at EXEEXT@: $(BINARY_PREREQS) $(SMBCONTROL_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbcontrol at EXEEXT@: $(BINARY_PREREQS) $(SMBCONTROL_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) -DUSING_SMBCONTROL $(FLAGS) -o $@ \
-		$(SMBCONTROL_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCONTROL_OBJ)
+	@$(CC) -DUSING_SMBCONTROL $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(LDAP_LIBS) @LIBUNWIND_PTRACE@ $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbtree at EXEEXT@: $(BINARY_PREREQS) $(SMBTREE_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbtree at EXEEXT@: $(BINARY_PREREQS) $(SMBTREE_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(SMBTREE_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbpasswd at EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbpasswd at EXEEXT@: $(BINARY_PREREQS) $(SMBPASSWD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(PASSDB_LIBS) \
+	@$(AR) -rc $@.a $(SMBPASSWD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(PASSDB_LIBS) \
 		$(DYNEXP) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/pdbedit at EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/pdbedit at EXEEXT@: $(BINARY_PREREQS) $(PDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(PDBEDIT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS) $(PASSDB_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) \
 		$(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbget at EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbget at EXEEXT@: $(BINARY_PREREQS) $(SMBGET_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBGET_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(SMBGET_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS)  $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/nmblookup at EXEEXT@: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/nmblookup at EXEEXT@: $(BINARY_PREREQS) $(NMBLOOKUP_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(NMBLOOKUP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbtorture at EXEEXT@: $(BINARY_PREREQS) $(SMBTORTURE_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbtorture at EXEEXT@: $(BINARY_PREREQS) $(SMBTORTURE_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(SMBTORTURE_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) \
 		$(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/talloctort at EXEEXT@: $(BINARY_PREREQS) $(TALLOCTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/talloctort at EXEEXT@: $(BINARY_PREREQS) $(TALLOCTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(TALLOCTORT_OBJ) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(TALLOCTORT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) \
 		$(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/replacetort at EXEEXT@: $(REPLACETORT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@
+bin/replacetort at EXEEXT@: $(REPLACETORT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(REPLACETORT_OBJ) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(REPLACETORT_OBJ)
+	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $@.a $(LDFLAGS) \
 		$(DYNEXP) $(LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS)
+	@rm -f $@.a
 
-bin/smbconftort at EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbconftort at EXEEXT@: $(SMBCONFTORT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(SMBCONFTORT_OBJ) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCONFTORT_OBJ)
+	@$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $@.a $(LDFLAGS) \
 		$(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/masktest at EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/masktest at EXEEXT@: $(BINARY_PREREQS) $(MASKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(MASKTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/msgtest at EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/msgtest at EXEEXT@: $(BINARY_PREREQS) $(MSGTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(MSGTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/smbcacls at EXEEXT@: $(BINARY_PREREQS) $(SMBCACLS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbcacls at EXEEXT@: $(BINARY_PREREQS) $(SMBCACLS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCACLS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbcquotas at EXEEXT@: $(BINARY_PREREQS) $(SMBCQUOTAS_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/smbcquotas at EXEEXT@: $(BINARY_PREREQS) $(SMBCQUOTAS_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBCQUOTAS_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SMBCQUOTAS_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/eventlogadm at EXEEXT@: $(BINARY_PREREQS) $(EVTLOGADM_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/eventlogadm at EXEEXT@: $(BINARY_PREREQS) $(EVTLOGADM_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(EVTLOGADM_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(EVTLOGADM_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/sharesec at EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/sharesec at EXEEXT@: $(BINARY_PREREQS) $(SHARESEC_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SHARESEC_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(SHARESEC_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/locktest at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/locktest at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(LOCKTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/nsstest at EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/nsstest at EXEEXT@: $(BINARY_PREREQS) $(NSSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(NSSTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS)  $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/pdbtest at EXEEXT@: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/pdbtest at EXEEXT@: $(BINARY_PREREQS) $(PDBTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(PDBTEST_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(PDBTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) \
 		$(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/vfstest at EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/vfstest at EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) \
+	@$(AR) -rc $@.a $(VFSTEST_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(TERMLDFLAGS) \
 		$(TERMLIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
 		$(ACL_LIBS) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
 		@SMBD_LIBS@ $(NSCD_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/smbiconv at EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbiconv at EXEEXT@: $(BINARY_PREREQS) $(SMBICONV_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBICONV_OBJ) $(LDFLAGS) $(TERMLDFLAGS) \
+	@$(AR) -rc $@.a $(SMBICONV_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(TERMLDFLAGS) \
 		$(TERMLIBS) $(DYNEXP) $(LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/log2pcap at EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@
+bin/log2pcap at EXEEXT@: $(BINARY_PREREQS) $(LOG2PCAP_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOG2PCAP_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(LOG2PCAP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(POPT_LIBS) $(LIBS) $(LIBTALLOC_LIBS)
+	@rm -f $@.a
 
-bin/locktest2 at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/locktest2 at EXEEXT@: $(BINARY_PREREQS) $(LOCKTEST2_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(LOCKTEST2_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/ndrdump at EXEEXT@: $(BINARY_PREREQS) $(NDRDUMP_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/ndrdump at EXEEXT@: $(BINARY_PREREQS) $(NDRDUMP_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(NDRDUMP_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(NDRDUMP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) $(LIBS) \
 		$(POPT_LIBS) $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/debug2html at EXEEXT@: $(BINARY_PREREQS) $(DEBUG2HTML_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@
+bin/debug2html at EXEEXT@: $(BINARY_PREREQS) $(DEBUG2HTML_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(DEBUG2HTML_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(DEBUG2HTML_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS)
+	@rm -f $@.a
 
-bin/smbfilter at EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/smbfilter at EXEEXT@: $(BINARY_PREREQS) $(SMBFILTER_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) \
+	@$(AR) -rc $@.a $(SMBFILTER_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(POPT_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbedit: $(BINARY_PREREQS) $(LDBEDIT_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBEDIT_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBEDIT_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbsearch: $(BINARY_PREREQS) $(LDBSEARCH_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBSEARCH_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBSEARCH_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbadd: $(BINARY_PREREQS) $(LDBADD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBADD_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBADD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbmodify: $(BINARY_PREREQS) $(LDBMODIFY_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBMODIFY_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBMODIFY_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/ldbdel: $(BINARY_PREREQS) $(LDBDEL_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDBDEL_OBJ) $(DYNEXP) $(LDFLAGS) \
+	@$(AR) -rc $@.a $(LDBDEL_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(DYNEXP) $(LDFLAGS) \
 		$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
 
 #####################################################################
@@ -1676,7 +1760,7 @@
 		  nsswitch/libwbclient/wbc_pam.o
 LIBWBCLIENT_OBJ = $(LIBWBCLIENT_OBJ0) \
 		  $(WBCOMMON_OBJ) \
-		  @LIBTALLOC_STATIC@ $(LIBREPLACE_OBJ)
+		  $(LIBREPLACE_OBJ)
 
 LIBWBCLIENT_SHARED_TARGET=@LIBWBCLIENT_SHARED_TARGET@
 LIBWBCLIENT_SOVER=@LIBWBCLIENT_SOVER@
@@ -1891,7 +1975,7 @@
 
 $(LIBSMBCLIENT_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBSMBCLIENT_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
 	@echo Linking shared library $@
-	@$(SHLD_DSO) $(LIBSMBCLIENT_OBJ) \
+	@$(SHLD_DSO) -Wl,-z,defs $(LIBSMBCLIENT_OBJ) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS) $(LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		@SONAMEFLAG@`basename $@`
@@ -1948,7 +2032,7 @@
 
 LIBSMBSHAREMODES_OBJ0 = libsmb/smb_share_modes.o
 
-LIBSMBSHAREMODES_OBJ = $(LIBSMBSHAREMODES_OBJ0) @LIBTDB_STATIC@
+LIBSMBSHAREMODES_OBJ = $(LIBSMBSHAREMODES_OBJ0)
 
 LIBSMBSHAREMODES_SHARED_TARGET=@LIBSMBSHAREMODES_SHARED_TARGET@
 LIBSMBSHAREMODES_SOVER=@LIBSMBSHAREMODES_SOVER@
@@ -2014,7 +2098,7 @@
 #-------------------------------------------------------------------
 
 # This is probably wrong for anything other than the GNU linker.
-bin/libbigballofmud. at SHLIBEXT@: $(BINARY_PREREQS) $(LIBBIGBALLOFMUD_OBJ) @LIBTALLOC_SHARED@
+bin/libbigballofmud. at SHLIBEXT@: $(BINARY_PREREQS) $(LIBBIGBALLOFMUD_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking shared library $@
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(LIBBIGBALLOFMUD_OBJ) \
 		$(LIBS) $(LIBTALLOC_LIBS) \
@@ -2095,18 +2179,22 @@
 	@echo "Linking $@"
 	@$(SHLD_MODULE) $(RPC_ECHO_OBJ)
 
-bin/winbindd at EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/winbindd at EXEEXT@: $(BINARY_PREREQS) $(WINBINDD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo "Linking $@"
-	@$(CC) $(FLAGS) -o $@ $(WINBINDD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(WINBINDD_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) $(LIBS) \
 		$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
 		$(PASSDB_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
-bin/vlp at EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/vlp at EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo "Linking $@"
-	@$(CC) $(FLAGS) -o $@ $(VLP_OBJ) $(LDFLAGS) $(DYNEXP) \
+	@$(AR) -rc $@.a $(VLP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $@.a $(LDFLAGS) $(DYNEXP) \
 		$(TERMLDFLAGS) $(TERMLIBS) $(LIBS) $(POPT_LIBS) \
 		$(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+	@rm -f $@.a
 
 @WINBIND_NSS@: $(BINARY_PREREQS) $(WINBIND_NSS_OBJ)
 	@echo "Linking $@"
@@ -2114,7 +2202,7 @@
 		$(WINBIND_NSS_EXTRA_LIBS) $(WINBIND_NSS_PTHREAD) \
 		@SONAMEFLAG@`basename $@`@NSSSONAMEVERSIONSUFFIX@
 
- at WINBIND_WINS_NSS@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+ at WINBIND_WINS_NSS@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo "Linking $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_OBJ) \
 		$(LDAP_LIBS) $(KRB5LIBS) $(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
@@ -2351,55 +2439,65 @@
 ## None here right now
 #########################################################
 
-bin/wbinfo at EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+bin/wbinfo at EXEEXT@: $(BINARY_PREREQS) $(WBINFO_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(WBINFO_OBJ) $(DYNEXP) $(LIBS) \
+	@$(AR) -rc $@.a $(WBINFO_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) $(LIBS) \
 		$(LDAP_LIBS) $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
 		$(WINBIND_LIBS)
+	@rm -f $@.a
 
 bin/ntlm_auth at EXEEXT@: $(BINARY_PREREQS) $(NTLM_AUTH_OBJ) $(PARAM_OBJ) \
-	$(LIB_NONSMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+	$(LIB_NONSMBD_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @LIBWBCLIENT_SHARED@
 	@echo Linking $@
 	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(DYNEXP) $(NTLM_AUTH_OBJ) \
 		$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBS) \
 		$(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
 
-bin/pam_smbpass. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@ @LIBTDB_SHARED@
+bin/pam_smbpass. at SHLIBEXT@: $(BINARY_PREREQS) $(PAM_SMBPASS_OBJ) @LIBTALLOC_TARGET@ @LIBWBCLIENT_SHARED@ @LIBTDB_TARGET@
 	@echo "Linking shared library $@"
 	@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_SMBPASS_OBJ) -lpam $(DYNEXP) \
 		$(LIBS) $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \
 		$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
 
-bin/tdbbackup at EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbbackup at EXEEXT@: $(BINARY_PREREQS) $(TDBBACKUP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBBACKUP_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBBACKUP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/tdbtool at EXEEXT@: $(BINARY_PREREQS) $(TDBTOOL_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbtool at EXEEXT@: $(BINARY_PREREQS) $(TDBTOOL_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTOOL_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBTOOL_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/tdbdump at EXEEXT@: $(BINARY_PREREQS) $(TDBDUMP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbdump at EXEEXT@: $(BINARY_PREREQS) $(TDBDUMP_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBDUMP_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBDUMP_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/tdbtorture at EXEEXT@: $(BINARY_PREREQS) $(TDBTORTURE_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@
+bin/tdbtorture at EXEEXT@: $(BINARY_PREREQS) $(TDBTORTURE_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@
 	@echo Linking $@
-	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $(TDBTORTURE_OBJ) $(DYNEXP) \
+	@$(AR) -rc $@.a $(TDBTORTURE_OBJ)
+	@$(CC) $(FLAGS) -o $@ $(LDFLAGS) $@.a $(DYNEXP) \
 		$(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS)
+	@rm -f $@.a
 
-bin/t_strcmp at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_SHARED@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strcmp.o
+bin/t_strcmp at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_TARGET@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strcmp.o
 	$(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) $(LIBTALLOC_LIBS) \
 		torture/t_strcmp.o -L ./bin -lbigballofmud
 
-bin/t_strstr at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_SHARED@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strstr.o
+bin/t_strstr at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_TARGET@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strstr.o
 	$(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) $(LIBTALLOC_LIBS) \
 		torture/t_strstr.o -L ./bin -lbigballofmud
 
-bin/t_strappend at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_SHARED@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strappend.o
+bin/t_strappend at EXEEXT@: $(BINARY_PREREQS) @LIBTALLOC_TARGET@ bin/libbigballofmud. at SHLIBEXT@ torture/t_strappend.o
 	$(CC) $(FLAGS) -o $@ $(DYNEXP) $(LIBS) $(LIBTALLOC_LIBS) \
 		torture/t_strappend.o -L ./bin -lbigballofmud
 

Modified: branches/samba/lenny/source/VERSION
===================================================================
--- branches/samba/lenny/source/VERSION	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/VERSION	2011-07-27 07:08:47 UTC (rev 3855)
@@ -95,5 +95,5 @@
 # e.g. SAMBA_VERSION_VENDOR_SUFFIX=vendor_version()    #
 #  ->  "CVS 3.0.0rc2-VendorVersion"                    #
 ########################################################
-SAMBA_VERSION_VENDOR_SUFFIX=
+SAMBA_VERSION_VENDOR_SUFFIX="Debian"
 SAMBA_VERSION_VENDOR_PATCH=

Modified: branches/samba/lenny/source/client/client.c
===================================================================
--- branches/samba/lenny/source/client/client.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/client/client.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -364,7 +364,7 @@
 
 	/* Ensure cur_dir ends in a DIRSEP */
 	if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
-		new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
+		new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR);
 		if (!new_cd) {
 			goto out;
 		}
@@ -728,11 +728,11 @@
 				return;
 			}
 			p = strrchr_m(mask2,CLI_DIRSEP_CHAR);
-			if (!p) {
-				TALLOC_FREE(dir);
-				return;
+			if (p) {
+				p[1] = 0;
+			} else {
+				mask2[0] = '\0';
 			}
-			p[1] = 0;
 			mask2 = talloc_asprintf_append(mask2,
 					"%s%s*",
 					f->name,
@@ -871,7 +871,7 @@
 		if (*buf == CLI_DIRSEP_CHAR) {
 			mask = talloc_strdup(ctx, buf);
 		} else {
-			mask = talloc_asprintf_append(mask, buf);
+			mask = talloc_asprintf_append(mask, "%s", buf);
 		}
 	} else {
 		mask = talloc_asprintf_append(mask, "*");
@@ -912,7 +912,7 @@
 		return 1;
 	}
 	if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
-		mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
+		mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR);
 		if (!mask) {
 			return 1;
 		}
@@ -923,7 +923,7 @@
 		if (*buf == CLI_DIRSEP_CHAR) {
 			mask = talloc_strdup(ctx, buf);
 		} else {
-			mask = talloc_asprintf_append(mask, buf);
+			mask = talloc_asprintf_append(mask, "%s", buf);
 		}
 	} else {
 		mask = talloc_strdup(ctx, "*");
@@ -1107,7 +1107,7 @@
 		d_printf("get <filename> [localname]\n");
 		return 1;
 	}
-	rname = talloc_asprintf_append(rname, fname);
+	rname = talloc_asprintf_append(rname, "%s", fname);
 	if (!rname) {
 		return 1;
 	}
@@ -1266,7 +1266,7 @@
 		unlink(lname);
 		return 1;
 	}
-	rname = talloc_asprintf_append(rname, fname);
+	rname = talloc_asprintf_append(rname, "%s", fname);
 	if (!rname) {
 		return 1;
 	}
@@ -1318,7 +1318,7 @@
 			mget_mask = talloc_strdup(ctx, buf);
 		} else {
 			mget_mask = talloc_asprintf_append(mget_mask,
-							buf);
+							"%s", buf);
 		}
 		if (!mget_mask) {
 			return 1;
@@ -1414,7 +1414,7 @@
 		}
 		return 1;
 	}
-	mask = talloc_asprintf_append(mask, buf);
+	mask = talloc_asprintf_append(mask, "%s", buf);
 	if (!mask) {
 		return 1;
 	}
@@ -1443,14 +1443,14 @@
 		trim_char(ddir,'.','\0');
 		p = strtok_r(ddir, "/\\", &saveptr);
 		while (p) {
-			ddir2 = talloc_asprintf_append(ddir2, p);
+			ddir2 = talloc_asprintf_append(ddir2, "%s", p);
 			if (!ddir2) {
 				return 1;
 			}
 			if (!cli_chkpath(targetcli, ddir2)) {
 				do_mkdir(ddir2);
 			}
-			ddir2 = talloc_asprintf_append(ddir2, CLI_DIRSEP_STR);
+			ddir2 = talloc_asprintf_append(ddir2, "%s", CLI_DIRSEP_STR);
 			if (!ddir2) {
 				return 1;
 			}
@@ -1482,7 +1482,7 @@
 		d_printf("altname <file>\n");
 		return 1;
 	}
-	name = talloc_asprintf_append(name, buf);
+	name = talloc_asprintf_append(name, "%s", buf);
 	if (!name) {
 		return 1;
 	}
@@ -1566,7 +1566,7 @@
 		d_printf("allinfo <file>\n");
 		return 1;
 	}
-	name = talloc_asprintf_append(name, buf);
+	name = talloc_asprintf_append(name, "%s", buf);
 	if (!name) {
 		return 1;
 	}
@@ -1733,9 +1733,9 @@
 	}
 
 	if (next_token_talloc(ctx, &cmd_ptr,&buf,NULL)) {
-		rname = talloc_asprintf_append(rname, buf);
+		rname = talloc_asprintf_append(rname, "%s", buf);
 	} else {
-		rname = talloc_asprintf_append(rname, lname);
+		rname = talloc_asprintf_append(rname, "%s", lname);
 	}
 	if (!rname) {
 		return 1;
@@ -2132,7 +2132,7 @@
 		d_printf("del <filename>\n");
 		return 1;
 	}
-	mask = talloc_asprintf_append(mask, buf);
+	mask = talloc_asprintf_append(mask, "%s", buf);
 	if (!mask) {
 		return 1;
 	}
@@ -3524,7 +3524,7 @@
 		d_printf("reget <filename>\n");
 		return 1;
 	}
-	remote_name = talloc_asprintf_append(remote_name, fname);
+	remote_name = talloc_asprintf_append(remote_name, "%s", fname);
 	if (!remote_name) {
 		return 1;
 	}
@@ -3571,10 +3571,10 @@
 
 	if (next_token_talloc(ctx, &cmd_ptr, &buf, NULL)) {
 		remote_name = talloc_asprintf_append(remote_name,
-						buf);
+						"%s", buf);
 	} else {
 		remote_name = talloc_asprintf_append(remote_name,
-						local_name);
+						"%s", local_name);
 	}
 	if (!remote_name) {
 		return 1;
@@ -4107,13 +4107,13 @@
 				TALLOC_FREE(ctx);
 				return;
 			}
-			tmp = talloc_asprintf_append(tmp, f->name);
+			tmp = talloc_asprintf_append(tmp, "%s", f->name);
 			if (!tmp) {
 				TALLOC_FREE(ctx);
 				return;
 			}
 			if (f->mode & aDIR) {
-				tmp = talloc_asprintf_append(tmp, CLI_DIRSEP_STR);
+				tmp = talloc_asprintf_append(tmp, "%s", CLI_DIRSEP_STR);
 			}
 			if (!tmp) {
 				TALLOC_FREE(ctx);
@@ -4362,8 +4362,10 @@
 
  again:
 
-	if (cli->fd == -1)
+	if (cli->fd < 0 || cli->fd >= FD_SETSIZE) {
+		errno = EBADF;
 		return;
+	}
 
 	FD_ZERO(&fds);
 	FD_SET(cli->fd,&fds);

Modified: branches/samba/lenny/source/client/dnsbrowse.c
===================================================================
--- branches/samba/lenny/source/client/dnsbrowse.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/client/dnsbrowse.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -81,6 +81,11 @@
 			TALLOC_FREE(fdset);
 		}
 
+		if (mdnsfd < 0 || mdnsfd >= FD_SETSIZE) {
+			errno = EBADF;
+			break;
+		}
+
 		fdsetsz = howmany(mdnsfd + 1, NFDBITS) * sizeof(fd_mask);
 		fdset = TALLOC_ZERO(ctx, fdsetsz);
 		FD_SET(mdnsfd, fdset);
@@ -183,6 +188,13 @@
 
 		fdsetsz = howmany(mdnsfd + 1, NFDBITS) * sizeof(fd_mask);
 		fdset = TALLOC_ZERO(ctx, fdsetsz);
+
+		if (mdnsfd < 0 || mdnsfd >= FD_SETSIZE) {
+			errno = EBADF;
+			TALLOC_FREE(ctx);
+			return 1;
+		}
+
 		FD_SET(mdnsfd, fdset);
 
 		tv.tv_sec = 1;

Modified: branches/samba/lenny/source/client/mount.cifs.c
===================================================================
--- branches/samba/lenny/source/client/mount.cifs.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/client/mount.cifs.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -190,6 +190,11 @@
 	char * temp_val;
 	FILE * fs;
 	int i, length;
+
+	i = access(file_name, R_OK);
+	if (i)
+		return i;
+
 	fs = fopen(file_name,"r");
 	if(fs == NULL)
 		return errno;
@@ -312,6 +317,12 @@
 	}
 
 	if(filename != NULL) {
+		rc = access(filename, R_OK);
+		if (rc) {
+			fprintf(stderr, "mount.cifs failed: access check of %s failed: %s\n",
+					filename, strerror(errno));
+			exit(2);
+		}
 		file_descript = open(filename, O_RDONLY);
 		if(file_descript < 0) {
 			printf("mount.cifs failed. %s attempting to open password file %s\n",
@@ -371,9 +382,6 @@
 		return 1;
 	data = *optionsp;
 
-	if(verboseflag)
-		printf("parsing options: %s\n", data);
-
 	/* BB fixme check for separator override BB */
 
 	if (getuid()) {
@@ -460,17 +468,26 @@
 		} else if (strncmp(data, "pass", 4) == 0) {
 			if (!value || !*value) {
 				if(got_password) {
-					printf("\npassword specified twice, ignoring second\n");
+					fprintf(stderr, "\npassword specified twice, ignoring second\n");
 				} else
 					got_password = 1;
-			} else if (strnlen(value, 17) < 17) {
-				if(got_password)
-					printf("\nmount.cifs warning - password specified twice\n");
-				got_password = 1;
+			} else if (strnlen(value, MOUNT_PASSWD_SIZE) < MOUNT_PASSWD_SIZE) {
+				if (got_password) {
+					fprintf(stderr, "\nmount.cifs warning - password specified twice\n");
+				} else {
+					mountpassword = strndup(value, MOUNT_PASSWD_SIZE);
+					if (!mountpassword) {
+						fprintf(stderr, "mount.cifs error: %s", strerror(ENOMEM));
+						SAFE_FREE(out);
+						return 1;
+					}
+					got_password = 1;
+				}
 			} else {
-				printf("password too long\n");
+				fprintf(stderr, "password too long\n");
 				return 1;
 			}
+			goto nocopy;
 		} else if (strncmp(data, "sec", 3) == 0) {
 			if (value) {
 				if (!strcmp(value, "none"))
@@ -1000,6 +1017,36 @@
 	return 1;
 }
 
+/*
+ * This function borrowed from fuse-utils...
+ *
+ * glibc's addmntent (at least as of 2.10 or so) doesn't properly encode
+ * newlines embedded within the text fields. To make sure no one corrupts
+ * the mtab, fail the mount if there are embedded newlines.
+ */
+static int check_newline(const char *progname, const char *name)
+{
+    char *s;
+    for (s = "\n"; *s; s++) {
+        if (strchr(name, *s)) {
+            fprintf(stderr, "%s: illegal character 0x%02x in mount entry\n",
+                    progname, *s);
+            return -1;
+        }
+    }
+    return 0;
+}
+
+static int check_mtab(const char *progname, const char *devname,
+			const char *dir)
+{
+	if (check_newline(progname, devname) == -1 ||
+	    check_newline(progname, dir) == -1)
+		return -1;
+	return 0;
+}
+
+
 int main(int argc, char ** argv)
 {
 	int c;
@@ -1336,15 +1383,6 @@
 			strlcat(options,domain_name,options_size);
 		}
 	}
-	if(mountpassword) {
-		/* Commas have to be doubled, or else they will
-		look like the parameter separator */
-/*		if(sep is not set)*/
-		if(retry == 0)
-			check_for_comma(&mountpassword);
-		strlcat(options,",pass=",options_size);
-		strlcat(options,mountpassword,options_size);
-	}
 
 	strlcat(options,",ver=",options_size);
 	strlcat(options,MOUNT_CIFS_VERSION_MAJOR,options_size);
@@ -1357,13 +1395,31 @@
 		strlcat(options,",prefixpath=",options_size);
 		strlcat(options,prefixpath,options_size); /* no need to cat the / */
 	}
-	if(verboseflag)
-		printf("\nmount.cifs kernel mount options %s \n",options);
 
 	/* convert all '\\' to '/' in share portion so that /proc/mounts looks pretty */
 	replace_char(dev_name, '\\', '/', strlen(share_name));
 
-	if(mount(dev_name, mountpoint, "cifs", flags, options)) {
+	if(verboseflag)
+		fprintf(stderr, "\nmount.cifs kernel mount options: %s", options);
+
+	if (mountpassword) {
+		/*
+		 * Commas have to be doubled, or else they will
+		 * look like the parameter separator
+		 */
+		if(retry == 0)
+			check_for_comma(&mountpassword);
+		strlcat(options,",pass=",options_size);
+		strlcat(options,mountpassword,options_size);
+		if (verboseflag)
+			fprintf(stderr, ",pass=********");
+	}
+
+	rc = check_mtab(thisprogram, dev_name, mountpoint);
+	if (rc)
+		goto mount_exit;
+
+	if(mount(dev_name, ".", "cifs", flags, options)) {
 	/* remember to kill daemon on error */
 		switch (errno) {
 		case 0:

Modified: branches/samba/lenny/source/configure
===================================================================
--- branches/samba/lenny/source/configure	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/configure	2011-07-27 07:08:47 UTC (rev 3855)
@@ -788,6 +788,7 @@
 LIBTALLOC_SHARED
 LIBTALLOC_STATIC
 LIBTALLOC_LIBS
+LIBTALLOC_TARGET
 INSTALL_LIBTALLOC
 UNINSTALL_LIBTALLOC
 LIBTALLOC_SOVER
@@ -796,6 +797,7 @@
 LIBTDB_SHARED
 LIBTDB_STATIC
 LIBTDB_LIBS
+LIBTDB_TARGET
 INSTALL_LIBTDB
 UNINSTALL_LIBTDB
 LIBTDB_SOVER
@@ -804,6 +806,7 @@
 LIBNETAPI_SHARED
 LIBNETAPI_STATIC
 LIBNETAPI_LIBS
+LIBNETAPI_TARGET
 INSTALL_LIBNETAPI
 UNINSTALL_LIBNETAPI
 LIBNETAPI_SOVER
@@ -812,6 +815,7 @@
 LIBSMBCLIENT_SHARED
 LIBSMBCLIENT_STATIC
 LIBSMBCLIENT_LIBS
+LIBSMBCLIENT_TARGET
 INSTALL_LIBSMBCLIENT
 UNINSTALL_LIBSMBCLIENT
 LIBSMBCLIENT_SOVER
@@ -820,6 +824,7 @@
 LIBSMBSHAREMODES_SHARED
 LIBSMBSHAREMODES_STATIC
 LIBSMBSHAREMODES_LIBS
+LIBSMBSHAREMODES_TARGET
 INSTALL_LIBSMBSHAREMODES
 UNINSTALL_LIBSMBSHAREMODES
 LIBSMBSHAREMODES_SOVER
@@ -828,6 +833,7 @@
 LIBADDNS_SHARED
 LIBADDNS_STATIC
 LIBADDNS_LIBS
+LIBADDNS_TARGET
 INSTALL_LIBADDNS
 UNINSTALL_LIBADDNS
 LIBADDNS_SOVER
@@ -2242,7 +2248,7 @@
 if test "${with_fhs+set}" = set; then
   withval=$with_fhs;  case "$withval" in
   yes)
-    lockdir="\${VARDIR}/lib/samba"
+    lockdir="\${VARDIR}/run/samba"
     piddir="\${VARDIR}/run"
     mandir="\${prefix}/share/man"
     logfilebase="\${VARDIR}/log/samba"
@@ -2250,9 +2256,9 @@
     test "${libdir}" || libdir="\${prefix}/lib/samba"
     configdir="\${sysconfdir}/samba"
     swatdir="\${DATADIR}/samba/swat"
-    codepagedir="\${LIBDIR}"
+    codepagedir="\${DATADIR}/samba"
     statedir="\${VARDIR}/lib/samba"
-    cachedir="\${VARDIR}/lib/samba"
+    cachedir="\${VARDIR}/cache/samba"
 
 cat >>confdefs.h <<\_ACEOF
 #define FHS_COMPATIBLE 1
@@ -13059,6 +13065,27 @@
       fi
     ;;
 
+# Systems with LFS support.
+#
+    gnu* | k*bsd*-gnu)
+	CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+
+cat >>confdefs.h <<\_ACEOF
+#define _LARGEFILE64_SOURCE 1
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _FILE_OFFSET_BITS 64
+_ACEOF
+
+
+cat >>confdefs.h <<\_ACEOF
+#define _GNU_SOURCE 1
+_ACEOF
+
+	;;
+
 # Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support.
 #
     *linux*)
@@ -40774,7 +40801,7 @@
 #
 #
 case "$host_os" in
-    *linux*)
+    linux*-gnu* | gnu* | k*bsd*-gnu)
        # glibc <= 2.3.2 has a broken getgrouplist
        if test "$cross_compiling" = yes; then
   { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
@@ -46010,11 +46037,14 @@
 
   # and these are for particular systems
   case "$host_os" in
-		*linux*)
+		linux*-gnu* | gnu* | k*bsd*-gnu)
+			case "$host_os" in linux*)
+
 cat >>confdefs.h <<\_ACEOF
 #define LINUX 1
 _ACEOF
-
+ ;;
+			esac
 			BLDSHARED="true"
 			if test "${ac_cv_gnu_ld_no_default_allow_shlib_undefined}" = "yes"; then
 				LDSHFLAGS="-shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined"
@@ -67170,7 +67200,8 @@
 LIBTALLOC_STATIC_TARGET=bin/libtalloc.a
 LIBTALLOC_SHARED=
 LIBTALLOC_STATIC=
-LIBTALLOC_LIBS=
+LIBTALLOC_LIBS=-ltalloc
+LIBTALLOC_TARGET=
 INSTALL_LIBTALLOC=
 UNINSTALL_LIBTALLOC=
 
@@ -67185,6 +67216,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libtalloc shared library" >&5
 echo $ECHO_N "checking whether to build the libtalloc shared library... $ECHO_C" >&6; }
 
@@ -67219,15 +67251,17 @@
 	UNINSTALL_LIBTALLOC=uninstalllibtalloc
 	if eval $BLDSHARED = true; then
 		LIBTALLOC_SHARED=$LIBTALLOC_SHARED_TARGET
+		LIBTALLOC_TARGET=$LIBTALLOC_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBTALLOC" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBTALLOC_LIBS=-ltalloc
+			LIBTALLOC_TARGET=$LIBTALLOC_STATIC_TARGET
+			LIBTALLOC_LIBS=$LIBTALLOC_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBTALLOC_TARGET=$LIBTALLOC_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67254,7 +67288,8 @@
 LIBTDB_STATIC_TARGET=bin/libtdb.a
 LIBTDB_SHARED=
 LIBTDB_STATIC=
-LIBTDB_LIBS=
+LIBTDB_LIBS=-ltdb
+LIBTDB_TARGET=
 INSTALL_LIBTDB=
 UNINSTALL_LIBTDB=
 
@@ -67269,6 +67304,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libtdb shared library" >&5
 echo $ECHO_N "checking whether to build the libtdb shared library... $ECHO_C" >&6; }
 
@@ -67303,15 +67339,17 @@
 	UNINSTALL_LIBTDB=uninstalllibtdb
 	if eval $BLDSHARED = true; then
 		LIBTDB_SHARED=$LIBTDB_SHARED_TARGET
+		LIBTDB_TARGET=$LIBTDB_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBTDB" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBTDB_LIBS=-ltdb
+			LIBTDB_TARGET=$LIBTDB_STATIC_TARGET
+			LIBTDB_LIBS=$LIBTDB_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBTDB_TARGET=$LIBTDB_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67338,7 +67376,8 @@
 LIBNETAPI_STATIC_TARGET=bin/libnetapi.a
 LIBNETAPI_SHARED=
 LIBNETAPI_STATIC=
-LIBNETAPI_LIBS=
+LIBNETAPI_LIBS=-lnetapi
+LIBNETAPI_TARGET=
 INSTALL_LIBNETAPI=
 UNINSTALL_LIBNETAPI=
 
@@ -67353,6 +67392,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libnetapi shared library" >&5
 echo $ECHO_N "checking whether to build the libnetapi shared library... $ECHO_C" >&6; }
 
@@ -67387,15 +67427,17 @@
 	UNINSTALL_LIBNETAPI=uninstalllibnetapi
 	if eval $BLDSHARED = true; then
 		LIBNETAPI_SHARED=$LIBNETAPI_SHARED_TARGET
+		LIBNETAPI_TARGET=$LIBNETAPI_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBNETAPI" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBNETAPI_LIBS=-lnetapi
+			LIBNETAPI_TARGET=$LIBNETAPI_STATIC_TARGET
+			LIBNETAPI_LIBS=$LIBNETAPI_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBNETAPI_TARGET=$LIBNETAPI_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67422,7 +67464,8 @@
 LIBSMBCLIENT_STATIC_TARGET=bin/libsmbclient.a
 LIBSMBCLIENT_SHARED=
 LIBSMBCLIENT_STATIC=
-LIBSMBCLIENT_LIBS=
+LIBSMBCLIENT_LIBS=-lsmbclient
+LIBSMBCLIENT_TARGET=
 INSTALL_LIBSMBCLIENT=
 UNINSTALL_LIBSMBCLIENT=
 
@@ -67437,6 +67480,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libsmbclient shared library" >&5
 echo $ECHO_N "checking whether to build the libsmbclient shared library... $ECHO_C" >&6; }
 
@@ -67471,15 +67515,17 @@
 	UNINSTALL_LIBSMBCLIENT=uninstalllibsmbclient
 	if eval $BLDSHARED = true; then
 		LIBSMBCLIENT_SHARED=$LIBSMBCLIENT_SHARED_TARGET
+		LIBSMBCLIENT_TARGET=$LIBSMBCLIENT_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBSMBCLIENT" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBSMBCLIENT_LIBS=-lsmbclient
+			LIBSMBCLIENT_TARGET=$LIBSMBCLIENT_STATIC_TARGET
+			LIBSMBCLIENT_LIBS=$LIBSMBCLIENT_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBSMBCLIENT_TARGET=$LIBSMBCLIENT_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67506,7 +67552,8 @@
 LIBSMBSHAREMODES_STATIC_TARGET=bin/libsmbsharemodes.a
 LIBSMBSHAREMODES_SHARED=
 LIBSMBSHAREMODES_STATIC=
-LIBSMBSHAREMODES_LIBS=
+LIBSMBSHAREMODES_LIBS=-lsmbsharemodes
+LIBSMBSHAREMODES_TARGET=
 INSTALL_LIBSMBSHAREMODES=
 UNINSTALL_LIBSMBSHAREMODES=
 
@@ -67521,6 +67568,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libsmbsharemodes shared library" >&5
 echo $ECHO_N "checking whether to build the libsmbsharemodes shared library... $ECHO_C" >&6; }
 
@@ -67555,15 +67603,17 @@
 	UNINSTALL_LIBSMBSHAREMODES=uninstalllibsmbsharemodes
 	if eval $BLDSHARED = true; then
 		LIBSMBSHAREMODES_SHARED=$LIBSMBSHAREMODES_SHARED_TARGET
+		LIBSMBSHAREMODES_TARGET=$LIBSMBSHAREMODES_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBSMBSHAREMODES" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBSMBSHAREMODES_LIBS=-lsmbsharemodes
+			LIBSMBSHAREMODES_TARGET=$LIBSMBSHAREMODES_STATIC_TARGET
+			LIBSMBSHAREMODES_LIBS=$LIBSMBSHAREMODES_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBSMBSHAREMODES_TARGET=$LIBSMBSHAREMODES_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -67590,7 +67640,8 @@
 LIBADDNS_STATIC_TARGET=bin/libaddns.a
 LIBADDNS_SHARED=
 LIBADDNS_STATIC=
-LIBADDNS_LIBS=
+LIBADDNS_LIBS=-laddns
+LIBADDNS_TARGET=
 INSTALL_LIBADDNS=
 UNINSTALL_LIBADDNS=
 
@@ -67605,6 +67656,7 @@
 
 
 
+
 { echo "$as_me:$LINENO: checking whether to build the libaddns shared library" >&5
 echo $ECHO_N "checking whether to build the libaddns shared library... $ECHO_C" >&6; }
 
@@ -67641,15 +67693,17 @@
 	UNINSTALL_LIBADDNS=uninstalllibaddns
 	if eval $BLDSHARED = true; then
 		LIBADDNS_SHARED=$LIBADDNS_SHARED_TARGET
+		LIBADDNS_TARGET=$LIBADDNS_SHARED_TARGET
 		{ echo "$as_me:$LINENO: result: yes" >&5
 echo "${ECHO_T}yes" >&6; }
 		if test x"$USESHARED" != x"true" -o x"$LINK_LIBADDNS" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBADDNS_LIBS=-laddns
+			LIBADDNS_TARGET=$LIBADDNS_STATIC_TARGET
+			LIBADDNS_LIBS=$LIBADDNS_STATIC_TARGET
 		fi
 	else
 		enable_static=yes
+		LIBADDNS_TARGET=$LIBADDNS_STATIC_TARGET
 		{ echo "$as_me:$LINENO: result: no shared library support -- will supply static library" >&5
 echo "${ECHO_T}no shared library support -- will supply static library" >&6; }
 	fi
@@ -69660,7 +69714,7 @@
 echo "${ECHO_T}yes" >&6; };
 
 	case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		{ echo "$as_me:$LINENO: checking for linux sendfile64 support" >&5
 echo $ECHO_N "checking for linux sendfile64 support... $ECHO_C" >&6; }
 if test "${samba_cv_HAVE_SENDFILE64+set}" = set; then
@@ -70868,11 +70922,11 @@
 WINBIND_NSS_PTHREAD=""
 
 case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		NSSSONAMEVERSIONSUFFIX=".2"
 		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o"
 		;;
-	*freebsd[5-9]*)
+	freebsd5*|*freebsd[6-9]*)
 		# FreeBSD winbind client is implemented as a wrapper around
 		# the Linux version.
 		NSSSONAMEVERSIONSUFFIX=".1"
@@ -76739,6 +76793,7 @@
 LIBTALLOC_SHARED!$LIBTALLOC_SHARED$ac_delim
 LIBTALLOC_STATIC!$LIBTALLOC_STATIC$ac_delim
 LIBTALLOC_LIBS!$LIBTALLOC_LIBS$ac_delim
+LIBTALLOC_TARGET!$LIBTALLOC_TARGET$ac_delim
 INSTALL_LIBTALLOC!$INSTALL_LIBTALLOC$ac_delim
 UNINSTALL_LIBTALLOC!$UNINSTALL_LIBTALLOC$ac_delim
 LIBTALLOC_SOVER!$LIBTALLOC_SOVER$ac_delim
@@ -76747,6 +76802,7 @@
 LIBTDB_SHARED!$LIBTDB_SHARED$ac_delim
 LIBTDB_STATIC!$LIBTDB_STATIC$ac_delim
 LIBTDB_LIBS!$LIBTDB_LIBS$ac_delim
+LIBTDB_TARGET!$LIBTDB_TARGET$ac_delim
 INSTALL_LIBTDB!$INSTALL_LIBTDB$ac_delim
 UNINSTALL_LIBTDB!$UNINSTALL_LIBTDB$ac_delim
 LIBTDB_SOVER!$LIBTDB_SOVER$ac_delim
@@ -76755,12 +76811,10 @@
 LIBNETAPI_SHARED!$LIBNETAPI_SHARED$ac_delim
 LIBNETAPI_STATIC!$LIBNETAPI_STATIC$ac_delim
 LIBNETAPI_LIBS!$LIBNETAPI_LIBS$ac_delim
+LIBNETAPI_TARGET!$LIBNETAPI_TARGET$ac_delim
 INSTALL_LIBNETAPI!$INSTALL_LIBNETAPI$ac_delim
 UNINSTALL_LIBNETAPI!$UNINSTALL_LIBNETAPI$ac_delim
 LIBNETAPI_SOVER!$LIBNETAPI_SOVER$ac_delim
-LIBSMBCLIENT_SHARED_TARGET!$LIBSMBCLIENT_SHARED_TARGET$ac_delim
-LIBSMBCLIENT_STATIC_TARGET!$LIBSMBCLIENT_STATIC_TARGET$ac_delim
-LIBSMBCLIENT_SHARED!$LIBSMBCLIENT_SHARED$ac_delim
 _ACEOF
 
   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -76802,8 +76856,12 @@
 ac_delim='%!_!# '
 for ac_last_try in false false false false false :; do
   cat >conf$$subs.sed <<_ACEOF
+LIBSMBCLIENT_SHARED_TARGET!$LIBSMBCLIENT_SHARED_TARGET$ac_delim
+LIBSMBCLIENT_STATIC_TARGET!$LIBSMBCLIENT_STATIC_TARGET$ac_delim
+LIBSMBCLIENT_SHARED!$LIBSMBCLIENT_SHARED$ac_delim
 LIBSMBCLIENT_STATIC!$LIBSMBCLIENT_STATIC$ac_delim
 LIBSMBCLIENT_LIBS!$LIBSMBCLIENT_LIBS$ac_delim
+LIBSMBCLIENT_TARGET!$LIBSMBCLIENT_TARGET$ac_delim
 INSTALL_LIBSMBCLIENT!$INSTALL_LIBSMBCLIENT$ac_delim
 UNINSTALL_LIBSMBCLIENT!$UNINSTALL_LIBSMBCLIENT$ac_delim
 LIBSMBCLIENT_SOVER!$LIBSMBCLIENT_SOVER$ac_delim
@@ -76812,6 +76870,7 @@
 LIBSMBSHAREMODES_SHARED!$LIBSMBSHAREMODES_SHARED$ac_delim
 LIBSMBSHAREMODES_STATIC!$LIBSMBSHAREMODES_STATIC$ac_delim
 LIBSMBSHAREMODES_LIBS!$LIBSMBSHAREMODES_LIBS$ac_delim
+LIBSMBSHAREMODES_TARGET!$LIBSMBSHAREMODES_TARGET$ac_delim
 INSTALL_LIBSMBSHAREMODES!$INSTALL_LIBSMBSHAREMODES$ac_delim
 UNINSTALL_LIBSMBSHAREMODES!$UNINSTALL_LIBSMBSHAREMODES$ac_delim
 LIBSMBSHAREMODES_SOVER!$LIBSMBSHAREMODES_SOVER$ac_delim
@@ -76820,6 +76879,7 @@
 LIBADDNS_SHARED!$LIBADDNS_SHARED$ac_delim
 LIBADDNS_STATIC!$LIBADDNS_STATIC$ac_delim
 LIBADDNS_LIBS!$LIBADDNS_LIBS$ac_delim
+LIBADDNS_TARGET!$LIBADDNS_TARGET$ac_delim
 INSTALL_LIBADDNS!$INSTALL_LIBADDNS$ac_delim
 UNINSTALL_LIBADDNS!$UNINSTALL_LIBADDNS$ac_delim
 LIBADDNS_SOVER!$LIBADDNS_SOVER$ac_delim
@@ -76857,7 +76917,7 @@
 LTLIBOBJS!$LTLIBOBJS$ac_delim
 _ACEOF
 
-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 53; then
+  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 59; then
     break
   elif $ac_last_try; then
     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5

Modified: branches/samba/lenny/source/configure.in
===================================================================
--- branches/samba/lenny/source/configure.in	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/configure.in	2011-07-27 07:08:47 UTC (rev 3855)
@@ -548,6 +548,15 @@
       fi
     ;;
 
+# Systems with LFS support.
+#
+    gnu* | k*bsd*-gnu)
+	CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS"
+	AC_DEFINE(_LARGEFILE64_SOURCE, 1, [Whether to enable large file support])
+	AC_DEFINE(_FILE_OFFSET_BITS, 64, [File offset bits])
+	AC_DEFINE(_GNU_SOURCE, 1, [Whether to use GNU libc extensions])
+	;;
+
 # Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support.
 #
     *linux*)
@@ -1185,7 +1194,7 @@
 #
 #
 case "$host_os" in
-    *linux*)
+    linux*-gnu* | gnu* | k*bsd*-gnu)
        # glibc <= 2.3.2 has a broken getgrouplist
        AC_TRY_RUN([
 #include <unistd.h>
@@ -1619,7 +1628,10 @@
 
   # and these are for particular systems
   case "$host_os" in
-		*linux*)   AC_DEFINE(LINUX,1,[Whether the host os is linux])
+		linux*-gnu* | gnu* | k*bsd*-gnu)
+			case "$host_os" in linux*)
+				AC_DEFINE(LINUX,1,[Whether the host os is linux]) ;;
+			esac
 			BLDSHARED="true"
 			if test "${ac_cv_gnu_ld_no_default_allow_shlib_undefined}" = "yes"; then
 				LDSHFLAGS="-shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined"
@@ -5304,7 +5316,7 @@
 	AC_MSG_RESULT(yes);
 
 	case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		AC_CACHE_CHECK([for linux sendfile64 support],samba_cv_HAVE_SENDFILE64,[
 		AC_TRY_LINK([#include <sys/sendfile.h>],
 [\
@@ -5630,11 +5642,11 @@
 WINBIND_NSS_PTHREAD=""
 
 case "$host_os" in
-	*linux*)
+	linux*-gnu* | gnu* | k*bsd*-gnu)
 		NSSSONAMEVERSIONSUFFIX=".2"
 		WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_linux.o"
 		;;
-	*freebsd[[5-9]]*)
+	freebsd5*|*freebsd[[6-9]]*)
 		# FreeBSD winbind client is implemented as a wrapper around
 		# the Linux version.
 		NSSSONAMEVERSIONSUFFIX=".1"

Modified: branches/samba/lenny/source/include/config.h.in
===================================================================
--- branches/samba/lenny/source/include/config.h.in	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/include/config.h.in	2011-07-27 07:08:47 UTC (rev 3855)
@@ -66,6 +66,9 @@
 /* Whether to use fully FHS-compatible paths */
 #undef FHS_COMPATIBLE
 
+/* Whether to use fully FHS-compatible paths */
+#undef FHS_COMPATIBLE
+
 /* Whether the host os is FreeBSD */
 #undef FREEBSD
 

Modified: branches/samba/lenny/source/include/includes.h
===================================================================
--- branches/samba/lenny/source/include/includes.h	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/include/includes.h	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1294,4 +1294,8 @@
 				  struct in6_addr ip);
 #endif
 
+#ifndef MAXSUBAUTHS
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
 #endif /* _INCLUDES_H */

Modified: branches/samba/lenny/source/include/local.h
===================================================================
--- branches/samba/lenny/source/include/local.h	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/include/local.h	2011-07-27 07:08:47 UTC (rev 3855)
@@ -109,7 +109,7 @@
 /* the default pager to use for the client "more" command. Users can
    override this with the PAGER environment variable */
 #ifndef PAGER
-#define PAGER "more"
+#define PAGER "/usr/bin/pager"
 #endif
 
 /* the size of the uid cache used to reduce valid user checks */

Modified: branches/samba/lenny/source/include/rpc_dce.h
===================================================================
--- branches/samba/lenny/source/include/rpc_dce.h	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/include/rpc_dce.h	2011-07-27 07:08:47 UTC (rev 3855)
@@ -150,7 +150,7 @@
 };
 
 /* Maximum size of the signing data in a fragment. */
-#define RPC_MAX_SIGN_SIZE 0x20 /* 32 */
+#define RPC_MAX_SIGN_SIZE 0x38 /* 56 */
 
 /* Maximum PDU fragment size. */
 /* #define MAX_PDU_FRAG_LEN 0x1630		this is what wnt sets */

Modified: branches/samba/lenny/source/include/smb.h
===================================================================
--- branches/samba/lenny/source/include/smb.h	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/include/smb.h	2011-07-27 07:08:47 UTC (rev 3855)
@@ -758,6 +758,7 @@
 	struct timeval request_time; /* When was this first issued? */
 	struct timeval end_time; /* When does this time out? */
 	bool encrypted;
+	bool processed;
 	DATA_BLOB buf;
 	DATA_BLOB private_data;
 };

Modified: branches/samba/lenny/source/lib/events.c
===================================================================
--- branches/samba/lenny/source/lib/events.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/events.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -148,6 +148,11 @@
 {
 	struct fd_event *fde;
 
+	if (fd < 0 || fd >= FD_SETSIZE) {
+		errno = EBADF;
+		return NULL;
+	}
+
 	if (!(fde = TALLOC_P(mem_ctx, struct fd_event))) {
 		return NULL;
 	}
@@ -198,6 +203,14 @@
 	bool ret = False;
 
 	for (fde = event_ctx->fd_events; fde; fde = fde->next) {
+		if (fde->fd < 0 || fde->fd >= FD_SETSIZE) {
+			/* We ignore here, as it shouldn't be
+			   possible to add an invalid fde->fd
+			   but we don't want FD_SET to see an
+			   invalid fd. */
+			continue;
+		}
+
 		if (fde->flags & EVENT_FD_READ) {
 			FD_SET(fde->fd, read_fds);
 			ret = True;

Modified: branches/samba/lenny/source/lib/packet.c
===================================================================
--- branches/samba/lenny/source/lib/packet.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/packet.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -106,6 +106,11 @@
 	int res;
 	fd_set r_fds;
 
+	if (ctx->fd < 0 || ctx->fd >= FD_SETSIZE) {
+		errno = EBADF;
+		return map_nt_error_from_unix(errno);
+	}
+
 	FD_ZERO(&r_fds);
 	FD_SET(ctx->fd, &r_fds);
 

Modified: branches/samba/lenny/source/lib/readline.c
===================================================================
--- branches/samba/lenny/source/lib/readline.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/readline.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -73,6 +73,11 @@
 		timeout.tv_sec = 5;
 		timeout.tv_usec = 0;
 
+		if (fd < 0 || fd >= FD_SETSIZE) {
+			errno = EBADF;
+			break;
+		}
+
 		FD_ZERO(&fds);
 		FD_SET(fd,&fds);
 

Modified: branches/samba/lenny/source/lib/select.c
===================================================================
--- branches/samba/lenny/source/lib/select.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/select.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -61,6 +61,11 @@
 		if (pipe(select_pipe) == -1)
 			smb_panic("Could not create select pipe");
 
+		if (select_pipe[0] < 0 || select_pipe[0] >= FD_SETSIZE) {
+			errno = EBADF;
+			return -1;
+		}
+
 		/*
 		 * These next two lines seem to fix a bug with the Linux
 		 * 2.0.x kernel (and probably other UNIXes as well) where

Modified: branches/samba/lenny/source/lib/system.c
===================================================================
--- branches/samba/lenny/source/lib/system.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/system.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -142,6 +142,20 @@
 }
 
 /*******************************************************************
+A writev wrapper that will deal with EINTR.
+********************************************************************/
+
+ssize_t sys_writev(int fd, const struct iovec *iov, int iovcnt)
+{
+	ssize_t ret;
+
+	do {
+		ret = writev(fd, iov, iovcnt);
+	} while (ret == -1 && errno == EINTR);
+	return ret;
+}
+
+/*******************************************************************
 A pread wrapper that will deal with EINTR and 64-bit file offsets.
 ********************************************************************/
 

Modified: branches/samba/lenny/source/lib/util.c
===================================================================
--- branches/samba/lenny/source/lib/util.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/util.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -2621,6 +2621,15 @@
 	return xx_path(name, get_dyn_STATEDIR());
 }
 
+
+/*****************************************************************
+a useful function for returning a path in the Samba cache directory
+ *****************************************************************/
+char *cache_path(char *name)
+{
+	return xx_path(name, get_dyn_CACHEDIR());
+}
+
 /**
  * @brief Returns the platform specific shared library extension.
  *

Modified: branches/samba/lenny/source/lib/util_sid.c
===================================================================
--- branches/samba/lenny/source/lib/util_sid.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/util_sid.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -408,6 +408,9 @@
 
 	sid->sid_rev_num = CVAL(inbuf, 0);
 	sid->num_auths = CVAL(inbuf, 1);
+	if (sid->num_auths > MAXSUBAUTHS) {
+		return false;
+	}
 	memcpy(sid->id_auth, inbuf+2, 6);
 	if (len < 8 + sid->num_auths*4)
 		return False;

Modified: branches/samba/lenny/source/lib/util_sock.c
===================================================================
--- branches/samba/lenny/source/lib/util_sock.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/lib/util_sock.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -960,6 +960,11 @@
 	timeout.tv_usec = (long)(1000 * (time_out % 1000));
 
 	for (nread=0; nread < mincnt; ) {
+		if (fd < 0 || fd >= FD_SETSIZE) {
+			errno = EBADF;
+			return map_nt_error_from_unix(EBADF);
+		}
+
 		FD_ZERO(&fds);
 		FD_SET(fd,&fds);
 
@@ -1037,40 +1042,109 @@
 }
 
 /****************************************************************************
- Write data to a fd.
+ Write all data from an iov array
 ****************************************************************************/
 
-ssize_t write_data(int fd, const char *buffer, size_t N)
+ssize_t write_data_iov(int fd, const struct iovec *orig_iov, int iovcnt)
 {
-	size_t total=0;
-	ssize_t ret;
-	char addr[INET6_ADDRSTRLEN];
+	int i;
+	size_t to_send;
+	ssize_t thistime;
+	size_t sent;
+	struct iovec *iov_copy, *iov;
 
-	while (total < N) {
-		ret = sys_write(fd,buffer + total,N - total);
+	to_send = 0;
+	for (i=0; i<iovcnt; i++) {
+		to_send += orig_iov[i].iov_len;
+	}
 
-		if (ret == -1) {
-			if (fd == get_client_fd()) {
-				/* Try and give an error message saying
-				 * what client failed. */
-				DEBUG(0,("write_data: write failure in "
-					"writing to client %s. Error %s\n",
-					get_peer_addr(fd,addr,sizeof(addr)),
-					strerror(errno) ));
-			} else {
-				DEBUG(0,("write_data: write failure. "
-					"Error = %s\n", strerror(errno) ));
+	thistime = sys_writev(fd, orig_iov, iovcnt);
+	if ((thistime <= 0) || (thistime == to_send)) {
+		return thistime;
+	}
+	sent = thistime;
+
+	/*
+	 * We could not send everything in one call. Make a copy of iov that
+	 * we can mess with. We keep a copy of the array start in iov_copy for
+	 * the TALLOC_FREE, because we're going to modify iov later on,
+	 * discarding elements.
+	 */
+
+	iov_copy = (struct iovec *)TALLOC_MEMDUP(
+		talloc_tos(), orig_iov, sizeof(struct iovec) * iovcnt);
+
+	if (iov_copy == NULL) {
+		errno = ENOMEM;
+		return -1;
+	}
+	iov = iov_copy;
+
+	while (sent < to_send) {
+		/*
+		 * We have to discard "thistime" bytes from the beginning
+		 * iov array, "thistime" contains the number of bytes sent
+		 * via writev last.
+		 */
+		while (thistime > 0) {
+			if (thistime < iov[0].iov_len) {
+				char *new_base =
+					(char *)iov[0].iov_base + thistime;
+				iov[0].iov_base = new_base;
+				iov[0].iov_len -= thistime;
+				break;
 			}
-			return -1;
+			thistime -= iov[0].iov_len;
+			iov += 1;
+			iovcnt -= 1;
 		}
 
-		if (ret == 0) {
-			return total;
+		thistime = sys_writev(fd, iov, iovcnt);
+		if (thistime <= 0) {
+			break;
 		}
+		sent += thistime;
+	}
 
-		total += ret;
+	TALLOC_FREE(iov_copy);
+	return sent;
+}
+
+/****************************************************************************
+ Write data to a fd.
+****************************************************************************/
+
+/****************************************************************************
+ Write data to a fd.
+****************************************************************************/
+
+ssize_t write_data(int fd, const char *buffer, size_t N)
+{
+	ssize_t ret;
+	struct iovec iov;
+
+	iov.iov_base = CONST_DISCARD(char *, buffer);
+	iov.iov_len = N;
+
+	ret = write_data_iov(fd, &iov, 1);
+	if (ret >= 0) {
+		return ret;
 	}
-	return (ssize_t)total;
+
+	if (fd == get_client_fd()) {
+		char addr[INET6_ADDRSTRLEN];
+		/*
+		 * Try and give an error message saying what client failed.
+		 */
+		DEBUG(0, ("write_data: write failure in writing to client %s. "
+			  "Error %s\n", get_peer_addr(fd,addr,sizeof(addr)),
+			  strerror(errno)));
+	} else {
+		DEBUG(0,("write_data: write failure. Error = %s\n",
+			 strerror(errno) ));
+	}
+
+	return -1;
 }
 
 /****************************************************************************
@@ -1423,7 +1497,7 @@
 
 	for (i=0; i<num_addrs; i++) {
 		sockets[i] = socket(addrs[i].ss_family, SOCK_STREAM, 0);
-		if (sockets[i] < 0)
+		if (sockets[i] < 0 || sockets[i] >= FD_SETSIZE)
 			goto done;
 		set_blocking(sockets[i], false);
 	}
@@ -1472,8 +1546,10 @@
 	FD_ZERO(&r_fds);
 
 	for (i=0; i<num_addrs; i++) {
-		if (sockets[i] == -1)
+		if (sockets[i] < 0 || sockets[i] >= FD_SETSIZE) {
+			/* This cannot happen - ignore if so. */
 			continue;
+		}
 		FD_SET(sockets[i], &wr_fds);
 		FD_SET(sockets[i], &r_fds);
 		if (sockets[i]>maxfd)

Modified: branches/samba/lenny/source/libaddns/dnssock.c
===================================================================
--- branches/samba/lenny/source/libaddns/dnssock.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libaddns/dnssock.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -218,7 +218,11 @@
 	while (total < len) {
 		ssize_t ret;
 		int fd_ready;
-		
+
+		if (fd < 0 || fd >= FD_SETSIZE) {
+			return ERROR_DNS_SOCKET_ERROR;
+		}
+
 		FD_ZERO( &rfds );
 		FD_SET( fd, &rfds );
 

Modified: branches/samba/lenny/source/libads/ldap.c
===================================================================
--- branches/samba/lenny/source/libads/ldap.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libads/ldap.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -118,6 +118,10 @@
 	if (gotalarm != 0)
 		return LDAP_TIMELIMIT_EXCEEDED;
 
+	if (*res == NULL) {
+		return LDAP_TIMELIMIT_EXCEEDED;
+	}
+
 	return result;
 }
 
@@ -1895,7 +1899,9 @@
 	for (i=0; values[i]; i++) {
 		DOM_SID sid;
 		fstring tmp;
-		sid_parse(values[i]->bv_val, values[i]->bv_len, &sid);
+		if (!sid_parse(values[i]->bv_val, values[i]->bv_len, &sid)) {
+			continue;
+		}
 		printf("%s: %s\n", field, sid_to_fstring(tmp, &sid));
 	}
 }

Modified: branches/samba/lenny/source/libgpo/gpo_fetch.c
===================================================================
--- branches/samba/lenny/source/libgpo/gpo_fetch.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libgpo/gpo_fetch.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -59,7 +59,7 @@
 
 	if ((path = talloc_asprintf(mem_ctx,
 					"%s/%s",
-					lock_path(GPO_CACHE_DIR),
+					cache_path(GPO_CACHE_DIR),
 					file_sys_path)) == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -82,7 +82,7 @@
 static NTSTATUS gpo_prepare_local_store(TALLOC_CTX *mem_ctx,
 					const char *unix_path)
 {
-	const char *top_dir = lock_path(GPO_CACHE_DIR);
+	const char *top_dir = cache_path(GPO_CACHE_DIR);
 	char *current_dir;
 	char *tok;
 

Modified: branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c
===================================================================
--- branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/librpc/gen_ndr/ndr_samr.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -4430,14 +4430,14 @@
 
 static enum ndr_err_code ndr_push_samr_ConnectVersion(struct ndr_push *ndr, int ndr_flags, enum samr_ConnectVersion r)
 {
-	NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r));
+	NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
 	return NDR_ERR_SUCCESS;
 }
 
 static enum ndr_err_code ndr_pull_samr_ConnectVersion(struct ndr_pull *ndr, int ndr_flags, enum samr_ConnectVersion *r)
 {
-	uint16_t v;
-	NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v));
+	uint32_t v;
+	NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
 	*r = v;
 	return NDR_ERR_SUCCESS;
 }

Modified: branches/samba/lenny/source/librpc/idl/samr.idl
===================================================================
--- branches/samba/lenny/source/librpc/idl/samr.idl	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/librpc/idl/samr.idl	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1246,7 +1246,7 @@
 	/************************/
 	/* Function    0x3e     */
 
-	typedef enum {
+	typedef [v1_enum] enum {
 		SAMR_CONNECT_PRE_W2K	= 1,
 		SAMR_CONNECT_W2K	= 2,
 		SAMR_CONNECT_AFTER_W2K	= 3

Modified: branches/samba/lenny/source/libsmb/clidfs.c
===================================================================
--- branches/samba/lenny/source/libsmb/clidfs.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libsmb/clidfs.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -306,10 +306,11 @@
 	}
 
 	if (p) {
-		char *name = clean_name(NULL, p->mount);
+		char *name = clean_name(NULL, mnt);
 		if (!name) {
 			return;
 		}
+		TALLOC_FREE(p->mount);
 		p->mount = talloc_strdup(p, name);
 		TALLOC_FREE(name);
 	}

Modified: branches/samba/lenny/source/libsmb/clientgen.c
===================================================================
--- branches/samba/lenny/source/libsmb/clientgen.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libsmb/clientgen.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -315,7 +315,7 @@
 	/* First length to send is the offset to the data. */
 	size_t len = SVAL(cli->outbuf,smb_vwv11) + 4;
 	size_t nwritten=0;
-	ssize_t ret;
+	struct iovec iov[2];
 
 	/* fd == -1 causes segfaults -- Tom (tom at ninja.nl) */
 	if (cli->fd == -1) {
@@ -327,33 +327,19 @@
 		return false;
 	}
 
-	while (nwritten < len) {
-		ret = write_socket(cli->fd,cli->outbuf+nwritten,len - nwritten);
-		if (ret <= 0) {
-			close(cli->fd);
-			cli->fd = -1;
-			cli->smb_rw_error = SMB_WRITE_ERROR;
-			DEBUG(0,("Error writing %d bytes to client. %d (%s)\n",
-				(int)len,(int)ret, strerror(errno) ));
-			return false;
-		}
-		nwritten += ret;
-	}
+	iov[0].iov_base = cli->outbuf;
+	iov[0].iov_len = len;
+	iov[1].iov_base = CONST_DISCARD(char *, p);
+	iov[1].iov_len = extradata;
 
-	/* Now write the extra data. */
-	nwritten=0;
-	while (nwritten < extradata) {
-		ret = write_socket(cli->fd,p+nwritten,extradata - nwritten);
-		if (ret <= 0) {
-			close(cli->fd);
-			cli->fd = -1;
-			cli->smb_rw_error = SMB_WRITE_ERROR;
-			DEBUG(0,("Error writing %d extradata "
-				"bytes to client. %d (%s)\n",
-				(int)extradata,(int)ret, strerror(errno) ));
-			return false;
-		}
-		nwritten += ret;
+	nwritten = write_data_iov(cli->fd, iov, 2);
+	if (nwritten < (len + extradata)) {
+		close(cli->fd);
+		cli->fd = -1;
+		cli->smb_rw_error = SMB_WRITE_ERROR;
+		DEBUG(0,("Error writing %d bytes to client. (%s)\n",
+			 (int)(len+extradata), strerror(errno)));
+		return false;
 	}
 
 	/* Increment the mid so we can tell between responses. */

Modified: branches/samba/lenny/source/libsmb/clilist.c
===================================================================
--- branches/samba/lenny/source/libsmb/clilist.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libsmb/clilist.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -79,16 +79,17 @@
 			p += 27;
 			p += clistr_align_in(cli, p, 0);
 
-			/* We can safely use +1 here (which is required by OS/2)
-			 * instead of +2 as the STR_TERMINATE flag below is
+			/* We can safely use len here (which is required by OS/2)
+			 * and the NAS-BASIC server instead of +2 or +1 as the
+			 * STR_TERMINATE flag below is
 			 * actually used as the length calculation.
-			 * The len+2 is merely an upper bound.
+			 * The len is merely an upper bound.
 			 * Due to the explicit 2 byte null termination
 			 * in cli_receive_trans/cli_receive_nt_trans
 			 * we know this is safe. JRA + kukks
 			 */
 
-			if (p + len + 1 > pdata_end) {
+			if (p + len > pdata_end) {
 				return pdata_end - base;
 			}
 

Modified: branches/samba/lenny/source/libsmb/cliquota.c
===================================================================
--- branches/samba/lenny/source/libsmb/cliquota.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libsmb/cliquota.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -117,7 +117,9 @@
 	}
 #endif /* LARGE_SMB_OFF_T */
 	
-	sid_parse(rdata+40,sid_len,&qt.sid);
+	if (!sid_parse(rdata+40,sid_len,&qt.sid)) {
+		return false;
+	}
 
 	qt.qtype = SMB_USER_QUOTA_TYPE;
 

Modified: branches/samba/lenny/source/libsmb/nmblib.c
===================================================================
--- branches/samba/lenny/source/libsmb/nmblib.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libsmb/nmblib.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1097,6 +1097,11 @@
 	struct timeval timeout;
 	int ret;
 
+	if (fd < 0 || fd >= FD_SETSIZE) {
+		errno = EBADF;
+		return NULL;
+	}
+
 	FD_ZERO(&fds);
 	FD_SET(fd,&fds);
 	timeout.tv_sec = t/1000;

Modified: branches/samba/lenny/source/libsmb/samlogon_cache.c
===================================================================
--- branches/samba/lenny/source/libsmb/samlogon_cache.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/libsmb/samlogon_cache.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -34,7 +34,7 @@
 bool netsamlogon_cache_init(void)
 {
 	if (!netsamlogon_tdb) {
-		netsamlogon_tdb = tdb_open_log(lock_path(NETSAMLOGON_TDB), 0,
+		netsamlogon_tdb = tdb_open_log(cache_path(NETSAMLOGON_TDB), 0,
 					       TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
 	}
 

Modified: branches/samba/lenny/source/m4/aclocal.m4
===================================================================
--- branches/samba/lenny/source/m4/aclocal.m4	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/m4/aclocal.m4	2011-07-27 07:08:47 UTC (rev 3855)
@@ -68,7 +68,8 @@
 LIBUC[_STATIC_TARGET]=bin/LIBNAME.a
 LIBUC[_SHARED]=
 LIBUC[_STATIC]=
-LIBUC[_LIBS]=
+LIBUC[_LIBS]=LIBLIBS
+LIBUC[_TARGET]=
 [INSTALL_]LIBUC=
 [UNINSTALL_]LIBUC=
 
@@ -79,6 +80,7 @@
 AC_SUBST(LIBUC[_SHARED])
 AC_SUBST(LIBUC[_STATIC])
 AC_SUBST(LIBUC[_LIBS])
+AC_SUBST(LIBUC[_TARGET])
 AC_SUBST([INSTALL_]LIBUC)
 AC_SUBST([UNINSTALL_]LIBUC)
 AC_SUBST(LIBUC[_SOVER])
@@ -137,14 +139,16 @@
 	[UNINSTALL_]LIBUC=[uninstall]LIBNAME
 	if eval $BLDSHARED = true; then
 		LIBUC[_SHARED]=$LIBUC[_SHARED_TARGET]
+		LIBUC[_TARGET]=$LIBUC[_SHARED_TARGET]
 		AC_MSG_RESULT(yes)
 		if test x"$USESHARED" != x"true" -o x"$[LINK_]LIBUC" = "xSTATIC" ; then
 			enable_static=yes
-		else
-			LIBUC[_LIBS]=LIBLIBS
+			LIBUC[_TARGET]=$LIBUC[_STATIC_TARGET]
+			LIBUC[_LIBS]=$LIBUC[_STATIC_TARGET]
 		fi
 	else
 		enable_static=yes
+		LIBUC[_TARGET]=$LIBUC[_STATIC_TARGET]
 		AC_MSG_RESULT(no shared library support -- will supply static library)
 	fi
 else

Modified: branches/samba/lenny/source/m4/check_path.m4
===================================================================
--- branches/samba/lenny/source/m4/check_path.m4	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/m4/check_path.m4	2011-07-27 07:08:47 UTC (rev 3855)
@@ -33,7 +33,7 @@
 [AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])],
 [ case "$withval" in
   yes)
-    lockdir="\${VARDIR}/lib/samba"
+    lockdir="\${VARDIR}/run/samba"
     piddir="\${VARDIR}/run"
     mandir="\${prefix}/share/man"
     logfilebase="\${VARDIR}/log/samba"
@@ -41,9 +41,9 @@
     test "${libdir}" || libdir="\${prefix}/lib/samba"
     configdir="\${sysconfdir}/samba"
     swatdir="\${DATADIR}/samba/swat"
-    codepagedir="\${LIBDIR}"
+    codepagedir="\${DATADIR}/samba"
     statedir="\${VARDIR}/lib/samba"
-    cachedir="\${VARDIR}/lib/samba"
+    cachedir="\${VARDIR}/cache/samba"
     AC_DEFINE(FHS_COMPATIBLE, 1, [Whether to use fully FHS-compatible paths])
     ;;
   esac])

Modified: branches/samba/lenny/source/modules/vfs_full_audit.c
===================================================================
--- branches/samba/lenny/source/modules/vfs_full_audit.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/modules/vfs_full_audit.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -701,6 +701,7 @@
 static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
 {
 	char *prefix = NULL;
+	char *result;
 
 	prefix = talloc_strdup(ctx,
 			lp_parm_const_string(SNUM(conn), "full_audit",
@@ -708,12 +709,14 @@
 	if (!prefix) {
 		return NULL;
 	}
-	return talloc_sub_advanced(ctx,
+	result = talloc_sub_advanced(ctx,
 			lp_servicename(SNUM(conn)), conn->user,
 			conn->connectpath, conn->gid,
 			get_current_username(),
 			current_user_info.domain,
 			prefix);
+	TALLOC_FREE(prefix);
+	return result;
 }
 
 static bool log_success(vfs_handle_struct *handle, vfs_op_type op)

Modified: branches/samba/lenny/source/modules/vfs_xattr_tdb.c
===================================================================
--- branches/samba/lenny/source/modules/vfs_xattr_tdb.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/modules/vfs_xattr_tdb.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -576,7 +576,7 @@
 	const char *dbname;
 
 	dbname = lp_parm_const_string(snum, "xattr_tdb", "file",
-				      lock_path("xattr.tdb"));
+				      state_path("xattr.tdb"));
 
 	if (dbname == NULL) {
 		errno = ENOSYS;

Modified: branches/samba/lenny/source/nmbd/nmbd_packets.c
===================================================================
--- branches/samba/lenny/source/nmbd/nmbd_packets.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/nmbd/nmbd_packets.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1685,7 +1685,7 @@
 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
 		count++;
 
-	if((count*2) + 2 > FD_SETSIZE) {
+	if((count*2) + 2 >= FD_SETSIZE) {
 		DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
 only use %d.\n", (count*2) + 2, FD_SETSIZE));
 		SAFE_FREE(pset);
@@ -1701,24 +1701,44 @@
 	FD_ZERO(pset);
 
 	/* Add in the broadcast socket on 137. */
+	if (ClientNMB < 0 || ClientNMB >= FD_SETSIZE) {
+		errno = EBADF;
+		SAFE_FREE(pset);
+		return True;
+	}
+
 	FD_SET(ClientNMB,pset);
 	sock_array[num++] = ClientNMB;
 	*maxfd = MAX( *maxfd, ClientNMB);
 
 	/* Add in the 137 sockets on all the interfaces. */
 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
+		if (subrec->nmb_sock < 0 || subrec->nmb_sock >= FD_SETSIZE) {
+			/* We have to ignore sockets outside FD_SETSIZE. */
+			continue;
+		}
 		FD_SET(subrec->nmb_sock,pset);
 		sock_array[num++] = subrec->nmb_sock;
 		*maxfd = MAX( *maxfd, subrec->nmb_sock);
 	}
 
 	/* Add in the broadcast socket on 138. */
+	if (ClientDGRAM < 0 || ClientDGRAM >= FD_SETSIZE) {
+		errno = EBADF;
+		SAFE_FREE(pset);
+		return True;
+	}
+
 	FD_SET(ClientDGRAM,pset);
 	sock_array[num++] = ClientDGRAM;
 	*maxfd = MAX( *maxfd, ClientDGRAM);
 
 	/* Add in the 138 sockets on all the interfaces. */
 	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec)) {
+		if (subrec->dgram_sock < 0 || subrec->dgram_sock >= FD_SETSIZE) {
+			/* We have to ignore sockets outside FD_SETSIZE. */
+			continue;
+		}
 		FD_SET(subrec->dgram_sock,pset);
 		sock_array[num++] = subrec->dgram_sock;
 		*maxfd = MAX( *maxfd, subrec->dgram_sock);
@@ -1769,7 +1789,7 @@
 
 #ifndef SYNC_DNS
 	dns_fd = asyncdns_fd();
-	if (dns_fd != -1) {
+	if (dns_fd >= 0 && dns_fd < FD_SETSIZE) {
 		FD_SET(dns_fd, &r_fds);
 		maxfd = MAX( maxfd, dns_fd);
 	}

Modified: branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c
===================================================================
--- branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/nmbd/nmbd_serverlistdb.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -326,7 +326,7 @@
 
 	updatecount++;
 
-	fname = talloc_strdup(ctx, lp_lockdir());
+	fname = talloc_strdup(ctx, get_dyn_CACHEDIR());
 	if (!fname) {
 		return;
 	}

Modified: branches/samba/lenny/source/nsswitch/wb_common.c
===================================================================
--- branches/samba/lenny/source/nsswitch/wb_common.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/nsswitch/wb_common.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -240,6 +240,12 @@
 
 		switch (errno) {
 			case EINPROGRESS:
+
+				if (fd < 0 || fd >= FD_SETSIZE) {
+					errno = EBADF;
+					goto error_out;
+				}
+
 				FD_ZERO(&w_fds);
 				FD_SET(fd, &w_fds);
 				tv.tv_sec = CONNECT_TIMEOUT - wait_time;
@@ -383,7 +389,13 @@
 	while(nwritten < count) {
 		struct timeval tv;
 		fd_set r_fds;
-		
+
+		if (winbindd_fd < 0 || winbindd_fd >= FD_SETSIZE) {
+			errno = EBADF;
+			winbind_close_sock();
+			return -1;
+		}
+
 		/* Catch pipe close on other end by checking if a read()
 		   call would not block by calling select(). */
 

Modified: branches/samba/lenny/source/nsswitch/wins.c
===================================================================
--- branches/samba/lenny/source/nsswitch/wins.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/nsswitch/wins.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -25,6 +25,14 @@
 #include <ns_daemon.h>
 #endif
 
+#if HAVE_PTHREAD_H
+#include <pthread.h>
+#endif
+
+#if HAVE_PTHREAD
+static pthread_mutex_t wins_nss_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+
 #ifndef INADDRSZ
 #define INADDRSZ 4
 #endif
@@ -321,11 +329,16 @@
 _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he,
 			  char *buffer, size_t buflen, int *h_errnop)
 {
+	NSS_STATUS nss_status = NSS_STATUS_SUCCESS;
 	struct in_addr *ip_list;
 	int i, count;
 	fstring name;
 	size_t namelen;
 		
+#if HAVE_PTHREAD
+	pthread_mutex_lock(&wins_nss_mutex);
+#endif
+
 	memset(he, '\0', sizeof(*he));
 	fstrcpy(name, hostname);
 
@@ -333,8 +346,10 @@
 
 	ip_list = lookup_byname_backend(name, &count);
 
-	if (!ip_list)
-		return NSS_STATUS_NOTFOUND;
+	if (!ip_list) {
+		nss_status = NSS_STATUS_NOTFOUND;
+		goto out;
+	}
 
 	/* Copy h_name */
 
@@ -342,7 +357,8 @@
 
 	if ((he->h_name = get_static(&buffer, &buflen, namelen)) == NULL) {
 		free(ip_list);
-		return NSS_STATUS_TRYAGAIN;
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
 	}
 
 	memcpy(he->h_name, name, namelen);
@@ -354,20 +370,23 @@
 
 	if (get_static(&buffer, &buflen, i) == NULL) {
 		free(ip_list);
-		return NSS_STATUS_TRYAGAIN;
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
 	}
 
 	if ((he->h_addr_list = (char **)get_static(
 		     &buffer, &buflen, (count + 1) * sizeof(char *))) == NULL) {
 		free(ip_list);
-		return NSS_STATUS_TRYAGAIN;
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
 	}
 
 	for (i = 0; i < count; i++) {
 		if ((he->h_addr_list[i] = get_static(&buffer, &buflen,
 						     INADDRSZ)) == NULL) {
 			free(ip_list);
-			return NSS_STATUS_TRYAGAIN;
+			nss_status = NSS_STATUS_TRYAGAIN;
+			goto out;
 		}
 		memcpy(he->h_addr_list[i], &ip_list[i], INADDRSZ);
 	}
@@ -386,16 +405,27 @@
 	if ((i = (unsigned long)(buffer) % sizeof(char*)) != 0)
 		i = sizeof(char*) - i;
 
-	if (get_static(&buffer, &buflen, i) == NULL)
-		return NSS_STATUS_TRYAGAIN;
+	if (get_static(&buffer, &buflen, i) == NULL) {
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
+	}
 
 	if ((he->h_aliases = (char **)get_static(
-		     &buffer, &buflen, sizeof(char *))) == NULL)
-		return NSS_STATUS_TRYAGAIN;
+		     &buffer, &buflen, sizeof(char *))) == NULL) {
+		nss_status = NSS_STATUS_TRYAGAIN;
+		goto out;
+	}
 
 	he->h_aliases[0] = NULL;
 
-	return NSS_STATUS_SUCCESS;
+	nss_status = NSS_STATUS_SUCCESS;
+
+  out:
+
+#if HAVE_PTHREAD
+	pthread_mutex_unlock(&wins_nss_mutex);
+#endif
+	return nss_status;
 }
 
 
@@ -403,12 +433,15 @@
 _nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he,
 			   char *buffer, size_t buflen, int *h_errnop)
 {
+	NSS_STATUS nss_status;
+
 	if(af!=AF_INET) {
 		*h_errnop = NO_DATA;
-		return NSS_STATUS_UNAVAIL;
+		nss_status = NSS_STATUS_UNAVAIL;
+	} else {
+		nss_status = _nss_wins_gethostbyname_r(
+				name, he, buffer, buflen, h_errnop);
 	}
-
-	return _nss_wins_gethostbyname_r(
-		name, he, buffer, buflen, h_errnop);
+	return nss_status;
 }
 #endif

Modified: branches/samba/lenny/source/pam_smbpass/README
===================================================================
--- branches/samba/lenny/source/pam_smbpass/README	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/pam_smbpass/README	2011-07-27 07:08:47 UTC (rev 3855)
@@ -37,7 +37,7 @@
 	smbconf=<file>	-	specify an alternate path to the smb.conf
 				file.
 
-See the samples/ directory for example PAM configurations using this
+See the examples/ directory for example PAM configurations using this
 module.
 
 Thanks go to the following people:

Modified: branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/pam_smbpass/pam_smb_acct.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -58,26 +58,25 @@
 
 	/* Samba initialization. */
 	load_case_tables();
-	setup_logging( "pam_smbpass", False );
         lp_set_in_client(True);
 
-	ctrl = set_ctrl( flags, argc, argv );
+	ctrl = set_ctrl(pamh, flags, argc, argv );
 
 	/* get the username */
 
 	retval = pam_get_user( pamh, &name, "Username: " );
 	if (retval != PAM_SUCCESS) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err( LOG_DEBUG, "acct: could not identify user" );
+			_log_err(pamh, LOG_DEBUG, "acct: could not identify user" );
 		}
 		return retval;
 	}
 	if (on( SMB_DEBUG, ctrl )) {
-		_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
+		_log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name );
 	}
 
 	if (geteuid() != 0) {
-		_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+		_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
 		return PAM_AUTHINFO_UNAVAIL;
 	}
 
@@ -85,7 +84,7 @@
 		from a SIGPIPE it's not expecting */
 	oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
 	if (!initialize_password_db(True, NULL)) {
-		_log_err( LOG_ALERT, "Cannot access samba password database" );
+	  _log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
 		CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
 		return PAM_AUTHINFO_UNAVAIL;
 	}
@@ -99,7 +98,7 @@
 	}
 
 	if (!pdb_getsampwnam(sampass, name )) {
-		_log_err( LOG_DEBUG, "acct: could not identify user" );
+		_log_err(pamh, LOG_DEBUG, "acct: could not identify user");
         	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         	return PAM_USER_UNKNOWN;
 	}
@@ -112,8 +111,8 @@
 
 	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err( LOG_DEBUG
-				, "acct: account %s is administratively disabled", name );
+			_log_err(pamh, LOG_DEBUG,
+				 "acct: account %s is administratively disabled", name);
 		}
 		make_remark( pamh, ctrl, PAM_ERROR_MSG
 			, "Your account has been disabled; "

Modified: branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/pam_smbpass/pam_smb_auth.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -81,10 +81,9 @@
 
 	/* Samba initialization. */
 	load_case_tables();
-	setup_logging("pam_smbpass",False);
         lp_set_in_client(True);
 
-	ctrl = set_ctrl(flags, argc, argv);
+	ctrl = set_ctrl(pamh, flags, argc, argv);
 
 	/* Get a few bytes so we can pass our return value to
 		pam_sm_setcred(). */
@@ -99,29 +98,29 @@
 	retval = pam_get_user( pamh, &name, "Username: " );
 	if ( retval != PAM_SUCCESS ) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err(LOG_DEBUG, "auth: could not identify user");
+			_log_err(pamh, LOG_DEBUG, "auth: could not identify user");
 		}
 		AUTH_RETURN;
 	}
 	if (on( SMB_DEBUG, ctrl )) {
-		_log_err( LOG_DEBUG, "username [%s] obtained", name );
+		_log_err(pamh, LOG_DEBUG, "username [%s] obtained", name );
 	}
 
 	if (geteuid() != 0) {
-		_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+		_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
 		retval = PAM_AUTHINFO_UNAVAIL;
 		AUTH_RETURN;
 	}
 
 	if (!initialize_password_db(True, NULL)) {
-		_log_err( LOG_ALERT, "Cannot access samba password database" );
+		_log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
 		retval = PAM_AUTHINFO_UNAVAIL;
 		AUTH_RETURN;
 	}
 
 	sampass = samu_new( NULL );
     	if (!sampass) {
-		_log_err( LOG_ALERT, "Cannot talloc a samu struct" );
+		_log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct" );
 		retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
 		AUTH_RETURN;
 	}
@@ -135,7 +134,7 @@
 	}
 
 	if (!found) {
-		_log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
+		_log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name);
 		retval = PAM_USER_UNKNOWN;
 		TALLOC_FREE(sampass);
 		sampass = NULL;
@@ -154,7 +153,7 @@
 
 	retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
 	if (retval != PAM_SUCCESS ) {
-		_log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
+		_log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name);
 		TALLOC_FREE(sampass);
 		AUTH_RETURN;
 	}
@@ -202,7 +201,7 @@
 	retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
 
 	if (retval != PAM_SUCCESS) {
-		_log_err( LOG_ALERT
+		_log_err(pamh, LOG_ALERT
 			, "pam_get_item returned error to pam_sm_authenticate" );
 		return PAM_AUTHTOK_RECOVER_ERR;
 	} else if (pass == NULL) {

Modified: branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/pam_smbpass/pam_smb_passwd.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -106,10 +106,9 @@
 
     /* Samba initialization. */
     load_case_tables();
-    setup_logging( "pam_smbpass", False );
     lp_set_in_client(True);
 
-    ctrl = set_ctrl(flags, argc, argv);
+    ctrl = set_ctrl(pamh, flags, argc, argv);
 
     /*
      * First get the name of a user.  No need to do anything if we can't
@@ -119,16 +118,16 @@
     retval = pam_get_user( pamh, &user, "Username: " );
     if (retval != PAM_SUCCESS) {
         if (on( SMB_DEBUG, ctrl )) {
-            _log_err( LOG_DEBUG, "password: could not identify user" );
+            _log_err(pamh, LOG_DEBUG, "password: could not identify user");
         }
         return retval;
     }
     if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "username [%s] obtained", user );
+        _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
     }
 
     if (geteuid() != 0) {
-	_log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+	_log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
 	return PAM_AUTHINFO_UNAVAIL;
     }
 
@@ -137,7 +136,7 @@
     oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
 
     if (!initialize_password_db(False, NULL)) {
-        _log_err( LOG_ALERT, "Cannot access samba password database" );
+      _log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         return PAM_AUTHINFO_UNAVAIL;
     }
@@ -149,12 +148,12 @@
     }
 
     if (!pdb_getsampwnam(sampass,user)) {
-        _log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
+        _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user);
         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         return PAM_USER_UNKNOWN;
     }
     if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "Located account for %s", user );
+        _log_err(pamh, LOG_DEBUG, "Located account for %s", user);
     }
 
     if (flags & PAM_PRELIM_CHECK) {
@@ -180,7 +179,7 @@
 #define greeting "Changing password for "
             Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user));
             if (Announce == NULL) {
-                _log_err(LOG_CRIT, "password: out of memory");
+                _log_err(pamh, LOG_CRIT, "password: out of memory");
                 TALLOC_FREE(sampass);
                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
                 return PAM_BUF_ERR;
@@ -195,8 +194,8 @@
             SAFE_FREE( Announce );
 
             if (retval != PAM_SUCCESS) {
-                _log_err( LOG_NOTICE
-                          , "password - (old) token not obtained" );
+                _log_err(pamh, LOG_NOTICE,
+                         "password - (old) token not obtained");
                 TALLOC_FREE(sampass);
                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
                 return retval;
@@ -241,7 +240,7 @@
         }
 
         if (retval != PAM_SUCCESS) {
-            _log_err( LOG_NOTICE, "password: user not authenticated" );
+            _log_err(pamh, LOG_NOTICE, "password: user not authenticated");
             TALLOC_FREE(sampass);
             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
             return retval;
@@ -266,8 +265,8 @@
 
         if (retval != PAM_SUCCESS) {
             if (on( SMB_DEBUG, ctrl )) {
-                _log_err( LOG_ALERT
-                          , "password: new password not obtained" );
+                _log_err(pamh, LOG_ALERT,
+                         "password: new password not obtained");
             }
             pass_old = NULL;                               /* tidy up */
             TALLOC_FREE(sampass);
@@ -288,7 +287,7 @@
         retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new);
 
         if (retval != PAM_SUCCESS) {
-            _log_err(LOG_NOTICE, "new password not acceptable");
+            _log_err(pamh, LOG_NOTICE, "new password not acceptable");
             pass_new = pass_old = NULL;               /* tidy up */
             TALLOC_FREE(sampass);
             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
@@ -308,16 +307,17 @@
 	    
             /* password updated */
 		if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) {
-			_log_err( LOG_NOTICE, "Unable to get uid for user %s",
+			_log_err(pamh, LOG_NOTICE,
+			         "Unable to get uid for user %s",
 				pdb_get_username(sampass));
-			_log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
+			_log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)",
 				user, uidtoname(getuid()), getuid());
 		} else {
-			_log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
+			_log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
 				user, uid, uidtoname(getuid()), getuid());
 		}
 	} else {
-		_log_err( LOG_ERR, "password change failed for user %s", user);
+		_log_err(pamh, LOG_ERR, "password change failed for user %s", user);
 	}
 
         pass_old = pass_new = NULL;
@@ -328,7 +328,7 @@
 
     } else {            /* something has broken with the library */
 
-        _log_err( LOG_ALERT, "password received unknown request" );
+        _log_err(pamh, LOG_ALERT, "password received unknown request");
         retval = PAM_ABORT;
 
     }

Modified: branches/samba/lenny/source/pam_smbpass/support.c
===================================================================
--- branches/samba/lenny/source/pam_smbpass/support.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/pam_smbpass/support.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -14,6 +14,7 @@
  * this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "config.h"
 #include "includes.h"
 #include "general.h"
 
@@ -62,17 +63,42 @@
 char *_pam_delete(register char *);
 
 /* syslogging function for errors and other information */
-
-void _log_err( int err, const char *format, ... )
+#ifdef HAVE_PAM_VSYSLOG
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
 {
-    va_list args;
+	va_list args;
+  
+	va_start(args, format);
+	pam_vsyslog(pamh, err, format, args);
+	va_end(args);
+}
+#else
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
+{
+	va_list args;
+	const char tag[] = "(pam_smbpass) ";
+	char *mod_format;
 
-    va_start( args, format );
-    openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
-    vsyslog( err, format, args );
-    va_end( args );
-    closelog();
+	mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format));
+	/* try really, really hard to log something, since this may have
+	   been a message about a malloc() failure... */
+	if (mod_format == NULL) {
+		va_start(args, format);
+		vsyslog(err | LOG_AUTH, format, args);
+		va_end(args);
+		return;
+  	}
+  
+	strncpy(mod_format, tag, strlen(tag)+1);
+	strncat(mod_format, format, strlen(format));
+
+	va_start(args, format);
+	vsyslog(err | LOG_AUTH, mod_format, args);
+	va_end(args);
+
+	free(mod_format);
 }
+#endif
 
 /* this is a front-end for module-application conversations */
 
@@ -90,11 +116,11 @@
 							,response, conv->appdata_ptr);
 
 		if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
-			_log_err(LOG_DEBUG, "conversation failure [%s]"
+			_log_err(pamh, LOG_DEBUG, "conversation failure [%s]"
 					 ,pam_strerror(pamh, retval));
 		}
 	} else {
-		_log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
+		_log_err(pamh, LOG_ERR, "couldn't obtain coversation function [%s]"
 				 ,pam_strerror(pamh, retval));
 	}
 
@@ -121,7 +147,7 @@
 
 /* set the control flags for the SMB module. */
 
-int set_ctrl( int flags, int argc, const char **argv )
+int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv )
 {
     int i = 0;
     const char *service_file = NULL;
@@ -163,7 +189,7 @@
     /* Read some options from the Samba config. Can be overridden by
        the PAM config. */
     if(lp_load(service_file,True,False,False,True) == False) {
-	_log_err( LOG_ERR, "Error loading service file %s", service_file );
+	_log_err(pamh, LOG_ERR, "Error loading service file %s", service_file);
     }
 
     secrets_init();
@@ -186,7 +212,7 @@
         }
 
         if (j >= SMB_CTRLS_) {
-            _log_err( LOG_ERR, "unrecognized option [%s]", *argv );
+            _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv);
         } else {
             ctrl &= smb_args[j].mask;	/* for turning things off */
             ctrl |= smb_args[j].flag;	/* for turning things on  */
@@ -225,7 +251,7 @@
  * evidence of old token around for later stack analysis.
  *
  */
-char * smbpXstrDup( const char *x )
+char * smbpXstrDup( pam_handle_t *pamh, const char *x )
 {
     register char *newstr = NULL;
 
@@ -235,7 +261,7 @@
         for (i = 0; x[i]; ++i); /* length of string */
         if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) {
             i = 0;
-            _log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
+            _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup");
         } else {
             while (i-- > 0) {
                 newstr[i] = x[i];
@@ -277,7 +303,7 @@
             /* log the number of authentication failures */
             if (failure->count != 0) {
                 pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
-                _log_err( LOG_NOTICE
+                _log_err(pamh, LOG_NOTICE
                           , "%d authentication %s "
                             "from %s for service %s as %s(%d)"
                           , failure->count
@@ -286,7 +312,7 @@
                           , service == NULL ? "**unknown**" : service 
                           , failure->user, failure->id );
                 if (failure->count > SMB_MAX_RETRIES) {
-                    _log_err( LOG_ALERT
+                    _log_err(pamh, LOG_ALERT
                               , "service(%s) ignoring max retries; %d > %d"
                               , service == NULL ? "**unknown**" : service
                               , failure->count
@@ -322,8 +348,7 @@
 
     if (!pdb_get_nt_passwd(sampass))
     {
-        _log_err( LOG_DEBUG, "user %s has null SMB password"
-                  , name );
+        _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name);
 
         if (off( SMB__NONULL, ctrl )
             && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
@@ -333,7 +358,7 @@
             const char *service;
 
             pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
-            _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
+            _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()), service ? service : "**unknown**", name);
             return PAM_AUTH_ERR;
         }
@@ -341,7 +366,7 @@
 
     data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name ));
     if (data_name == NULL) {
-        _log_err( LOG_CRIT, "no memory for data-name" );
+        _log_err(pamh, LOG_CRIT, "no memory for data-name" );
         return PAM_AUTH_ERR;
     }
     strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
@@ -388,31 +413,31 @@
                         retval = PAM_MAXTRIES;
                     }
                 } else {
-                    _log_err(LOG_NOTICE,
+                    _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
                     newauth->count = 1;
                 }
 		if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) {
-                    _log_err(LOG_NOTICE,
+                    _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
 		}		
-                newauth->user = smbpXstrDup( name );
-                newauth->agent = smbpXstrDup( uidtoname( getuid() ) );
+                newauth->user = smbpXstrDup( pamh, name );
+                newauth->agent = smbpXstrDup( pamh, uidtoname( getuid() ) );
                 pam_set_data( pamh, data_name, newauth, _cleanup_failures );
 
             } else {
-                _log_err( LOG_CRIT, "no memory for failure recorder" );
-                _log_err(LOG_NOTICE,
+                _log_err(pamh, LOG_CRIT, "no memory for failure recorder" );
+                _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s(%d)",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
             }
         }
-        _log_err(LOG_NOTICE,
+        _log_err(pamh, LOG_NOTICE,
                   "failed auth request by %s for service %s as %s(%d)",
                   uidtoname(getuid()),
                   service ? service : "**unknown**", name);
@@ -488,8 +513,8 @@
         retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
         if (retval != PAM_SUCCESS) {
             /* very strange. */
-            _log_err( LOG_ALERT
-                      , "pam_get_item returned error to smb_read_password" );
+            _log_err(pamh, LOG_ALERT,
+                     "pam_get_item returned error to smb_read_password");
             return retval;
         } else if (item != NULL) {	/* we have a password! */
             *pass = item;
@@ -541,7 +566,7 @@
 
         if (retval == PAM_SUCCESS) {	/* a good conversation */
 
-            token = smbpXstrDup(resp[j++].resp);
+            token = smbpXstrDup(pamh, resp[j++].resp);
             if (token != NULL) {
                 if (expect == 2) {
                     /* verify that password entered correctly */
@@ -553,7 +578,8 @@
                     }
                 }
             } else {
-                _log_err(LOG_NOTICE, "could not recover authentication token");
+                _log_err(pamh, LOG_NOTICE,
+		         "could not recover authentication token");
             }
         }
 
@@ -566,7 +592,7 @@
 
     if (retval != PAM_SUCCESS) {
         if (on( SMB_DEBUG, ctrl ))
-            _log_err( LOG_DEBUG, "unable to obtain a password" );
+            _log_err(pamh, LOG_DEBUG, "unable to obtain a password");
         return retval;
     }
     /* 'token' is the entered password */
@@ -581,7 +607,7 @@
             || (retval = pam_get_item( pamh, authtok_flag
                             ,(const void **)&item )) != PAM_SUCCESS)
         {
-            _log_err( LOG_CRIT, "error manipulating password" );
+            _log_err(pamh, LOG_CRIT, "error manipulating password");
             return retval;
         }
     } else {
@@ -595,8 +621,8 @@
             || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
                              != PAM_SUCCESS)
         {
-            _log_err( LOG_CRIT, "error manipulating password data [%s]"
-                      , pam_strerror( pamh, retval ));
+            _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]",
+                     pam_strerror( pamh, retval ));
             _pam_delete( token );
             item = NULL;
             return retval;
@@ -620,8 +646,8 @@
     if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new )))
     {
 	if (on(SMB_DEBUG, ctrl)) {
-	    _log_err( LOG_DEBUG,
-	              "passwd: bad authentication token (null or unchanged)" );
+	    _log_err(pamh, LOG_DEBUG,
+	             "passwd: bad authentication token (null or unchanged)");
 	}
 	make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
 				"No password supplied" : "Password unchanged" );

Modified: branches/samba/lenny/source/pam_smbpass/support.h
===================================================================
--- branches/samba/lenny/source/pam_smbpass/support.h	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/pam_smbpass/support.h	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1,8 +1,8 @@
 /* syslogging function for errors and other information */
-extern void _log_err(int, const char *, ...);
+extern void _log_err(pam_handle_t *, int, const char *, ...);
 
 /* set the control flags for the UNIX module. */
-extern int set_ctrl(int, int, const char **);
+extern int set_ctrl(pam_handle_t *, int, int, const char **);
 
 /* generic function for freeing pam data segments */
 extern void _cleanup(pam_handle_t *, void *, int);
@@ -12,7 +12,7 @@
  * evidence of old token around for later stack analysis.
  */
 
-extern char *smbpXstrDup(const char *);
+extern char *smbpXstrDup(pam_handle_t *,const char *);
 
 /* ************************************************************** *
  * Useful non-trivial functions                                   *

Modified: branches/samba/lenny/source/param/loadparm.c
===================================================================
--- branches/samba/lenny/source/param/loadparm.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/param/loadparm.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -120,6 +120,9 @@
 	char *szAddPrinterCommand;
 	char *szDeletePrinterCommand;
 	char *szOs2DriverMap;
+#ifdef FHS_COMPATIBLE
+	char *szLockDirStub;
+#endif
 	char *szLockDir;
 	char *szPidDir;
 	char *szRootdir;
@@ -3676,10 +3679,30 @@
 		.enum_list	= NULL,
 		.flags		= FLAG_ADVANCED,
 	},
+#ifdef FHS_COMPATIBLE
 	{
 		.label		= "lock directory",
 		.type		= P_STRING,
 		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.szLockDirStub,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= 0,
+	},
+	{
+		.label		= "lock dir",
+		.type		= P_STRING,
+		.p_class	= P_GLOBAL,
+		.ptr		= &Globals.szLockDirStub,
+		.special	= NULL,
+		.enum_list	= NULL,
+		.flags		= 0,
+	},
+#else
+	{
+		.label		= "lock directory",
+		.type		= P_STRING,
+		.p_class	= P_GLOBAL,
 		.ptr		= &Globals.szLockDir,
 		.special	= NULL,
 		.enum_list	= NULL,
@@ -3694,6 +3717,7 @@
 		.enum_list	= NULL,
 		.flags		= FLAG_HIDE,
 	},
+#endif
 	{
 		.label		= "pid directory",
 		.type		= P_STRING,
@@ -4854,7 +4878,7 @@
 	string_set(&Globals.szUsersharePath, s);
 	SAFE_FREE(s);
 	string_set(&Globals.szUsershareTemplateShare, "");
-	Globals.iUsershareMaxShares = 0;
+	Globals.iUsershareMaxShares = 100;
 	/* By default disallow sharing of directories not owned by the sharer. */
 	Globals.bUsershareOwnerOnly = True;
 	/* By default disallow guest access to usershares. */
@@ -5828,6 +5852,11 @@
 {
 	int i;
 
+	if (pszHomename == NULL || user == NULL || pszHomedir == NULL ||
+			pszHomedir[0] == '\0') {
+		return false;
+	}
+
 	i = add_a_service(ServicePtrs[iDefaultService], pszHomename);
 
 	if (i < 0)
@@ -7778,7 +7807,7 @@
 
 		home = get_user_home_dir(talloc_tos(), p);
 
-		if (home && homes >= 0)
+		if (home && home[0] && homes >= 0)
 			lp_add_home(p, homes, p, home);
 
 		TALLOC_FREE(home);

Modified: branches/samba/lenny/source/passdb/login_cache.c
===================================================================
--- branches/samba/lenny/source/passdb/login_cache.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/passdb/login_cache.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -35,7 +35,7 @@
 	/* skip file open if it's already opened */
 	if (cache) return True;
 
-	asprintf(&cache_fname, "%s/%s", lp_lockdir(), LOGIN_CACHE_FILE);
+	asprintf(&cache_fname, "%s/%s", get_dyn_CACHEDIR(), LOGIN_CACHE_FILE);
 	if (cache_fname)
 		DEBUG(5, ("Opening cache file at %s\n", cache_fname));
 	else {

Modified: branches/samba/lenny/source/passdb/pdb_interface.c
===================================================================
--- branches/samba/lenny/source/passdb/pdb_interface.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/passdb/pdb_interface.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1150,7 +1150,9 @@
 
 static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success)
 {
-	return NT_STATUS_NOT_IMPLEMENTED;
+	/* Only the pdb_nds backend implements this, by
+	 * default just return ok. */
+	return NT_STATUS_OK;
 }
 
 static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value)

Modified: branches/samba/lenny/source/passdb/pdb_ldap.c
===================================================================
--- branches/samba/lenny/source/passdb/pdb_ldap.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/passdb/pdb_ldap.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -2010,7 +2010,7 @@
 					newname_lower,
 					true,
 					true);
-	if (rename_script) {
+	if (!rename_script) {
 		return NT_STATUS_NO_MEMORY;
 	}
 	rename_script = realloc_string_sub2(rename_script,
@@ -5758,6 +5758,7 @@
 }
 
 static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+				  TALLOC_CTX *mem_ctx,
 				  const char *domain, LDAPMessage **entry)
 {
 	int rc;
@@ -5780,6 +5781,10 @@
 	rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
 			    filter, attrs, attrsonly, &result);
 
+	if (result != NULL) {
+		talloc_autofree_ldapmsg(mem_ctx, result);
+	}
+
 	if (rc == LDAP_NO_SUCH_OBJECT) {
 		*entry = NULL;
 		return True;
@@ -5822,7 +5827,7 @@
 
 	DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
 
-	if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+	if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry) ||
 	    (entry == NULL))
 	{
 		return False;
@@ -5893,7 +5898,7 @@
 	 * get the current entry (if there is one) in order to put the
 	 * current password into the previous password attribute
 	 */
-	if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+	if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
 		return False;
 	}
 
@@ -5908,6 +5913,9 @@
 			 talloc_asprintf(talloc_tos(), "%li", time(NULL)));
 	smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
 			 "sambaClearTextPassword", pwd);
+
+	talloc_autofree_ldapmod(talloc_tos(), mods);
+
 	if (entry != NULL) {
 		prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
 				entry, "sambaClearTextPassword", talloc_tos());
@@ -5945,7 +5953,7 @@
 	LDAPMessage *entry = NULL;
 	const char *trusted_dn;
 
-	if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+	if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
 		return False;
 	}
 
@@ -5996,6 +6004,10 @@
 			    attrsonly,
 			    &result);
 
+	if (result != NULL) {
+		talloc_autofree_ldapmsg(mem_ctx, result);
+	}
+
 	if (rc != LDAP_SUCCESS) {
 		return NT_STATUS_UNSUCCESSFUL;
 	}

Modified: branches/samba/lenny/source/passdb/pdb_tdb.c
===================================================================
--- branches/samba/lenny/source/passdb/pdb_tdb.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/passdb/pdb_tdb.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1612,7 +1612,7 @@
 	/* save the path for later */
 
 	if (!location) {
-		if (asprintf(&tdbfile, "%s/%s", lp_private_dir(),
+		if (asprintf(&tdbfile, "%s/%s", get_dyn_STATEDIR(),
 			     PASSDB_FILE_NAME) < 0) {
 			return NT_STATUS_NO_MEMORY;
 		}

Modified: branches/samba/lenny/source/passdb/secrets.c
===================================================================
--- branches/samba/lenny/source/passdb/secrets.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/passdb/secrets.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -59,7 +59,7 @@
 		return True;
 
 	fname = talloc_asprintf(talloc_tos(), "%s/secrets.tdb",
-				lp_private_dir());
+				get_dyn_STATEDIR());
 	if (fname == NULL) {
 		return false;
 	}
@@ -1112,7 +1112,7 @@
 	TDB_DATA vers;
 	uint32 ver;
 	TDB_CONTEXT *tdb_sc = NULL;
-	char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", lp_private_dir());
+	char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", get_dyn_STATEDIR());
 
 	if (!fname) {
 		return NULL;

Modified: branches/samba/lenny/source/po/de.msg
===================================================================
--- branches/samba/lenny/source/po/de.msg	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/po/de.msg	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1,5 +1,6 @@
 # German messages for international release of SWAT.
 # Copyright (C) 2001 Andreas Moroder
+# Copyright (C) 2007 Helge Kreutzmann, <debian at helgefjell.de>
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -16,577 +17,600 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: i18n_swat\n"
-"POT-Creation-Date: 2003-10-06 05:30+0900\n"
-"PO-Revision-Date: 2000-02-08 14:45+0100\n"
-"Last-Translator: Andreas Moroder\n"
-"Language-Team: (Samba Team) <samba-technical at samba.org>\n"
+"Project-Id-Version: swat\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2007-06-04 18:15+0200\n"
+"PO-Revision-Date: 2007-06-10 11:52+0200\n"
+"Last-Translator: Helge Kreutzmann <debian at helgefjell.de>\n"
+"Language-Team: German <debian-l10n-german at lists.debian.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: ../web/swat.c:117
+#: ../web/swat.c:139
 #, c-format
 msgid "ERROR: Can't open %s"
-msgstr "ERROR: Kann %s nicht öffnen"
+msgstr "FEHLER: Kann %s nicht öffnen"
 
-#: ../web/swat.c:200
+#: ../web/swat.c:223
 msgid "Help"
 msgstr "Hilfe"
 
-#: ../web/swat.c:206 ../web/swat.c:220 ../web/swat.c:235 ../web/swat.c:243 ../web/swat.c:252 ../web/swat.c:261 ../web/swat.c:267 ../web/swat.c:273 ../web/swat.c:286
+#: ../web/swat.c:229 ../web/swat.c:254 ../web/swat.c:275 ../web/swat.c:285
+#: ../web/swat.c:294 ../web/swat.c:303 ../web/swat.c:309 ../web/swat.c:315
+#: ../web/swat.c:328
 msgid "Set Default"
-msgstr "Standardwert"
+msgstr "Standardwert setzen"
 
-#: ../web/swat.c:408
+#: ../web/swat.c:450
 #, c-format
 msgid "failed to open %s for writing"
-msgstr "konnte %s nicht schreiben"
+msgstr "konnte %s nicht zum Schreiben öffnen"
 
-#: ../web/swat.c:431
+#: ../web/swat.c:473
 #, c-format
 msgid "Can't reload %s"
-msgstr ""
+msgstr "Kann %s nicht erneut laden"
 
-#: ../web/swat.c:501
+#: ../web/swat.c:543
 #, c-format
 msgid "Logged in as <b>%s</b>"
 msgstr "Verbunden als <b>%s</b>"
 
-#: ../web/swat.c:505
+#: ../web/swat.c:547
 msgid "Home"
 msgstr "Home"
 
-#: ../web/swat.c:507
+#: ../web/swat.c:549
 msgid "Globals"
 msgstr "Globals"
 
-#: ../web/swat.c:508
+#: ../web/swat.c:550
 msgid "Shares"
 msgstr "Freigaben"
 
-#: ../web/swat.c:509
+#: ../web/swat.c:551
 msgid "Printers"
 msgstr "Drucker"
 
-#: ../web/swat.c:510
+#: ../web/swat.c:552
 msgid "Wizard"
 msgstr "Assistent"
 
-#: ../web/swat.c:513
+#: ../web/swat.c:556
 msgid "Status"
 msgstr "Status"
 
-#: ../web/swat.c:514
+#: ../web/swat.c:557
 msgid "View Config"
 msgstr "Zeige Konfiguration"
 
-#: ../web/swat.c:516
+#: ../web/swat.c:559
 msgid "Password Management"
 msgstr "Passwortverwaltung"
 
-#: ../web/swat.c:526
+#: ../web/swat.c:569
 msgid "Current View Is"
-msgstr "Aktuelle Konfiguration"
+msgstr "Aktuelle Ansicht lautet"
 
-#: ../web/swat.c:527 ../web/swat.c:530
+#: ../web/swat.c:570 ../web/swat.c:573
 msgid "Basic"
 msgstr "Einfache Ansicht"
 
-#: ../web/swat.c:528 ../web/swat.c:531
+#: ../web/swat.c:571 ../web/swat.c:574
 msgid "Advanced"
 msgstr "Erweiterte Ansicht"
 
-#: ../web/swat.c:529
+#: ../web/swat.c:572
 msgid "Change View To"
-msgstr "Ansicht anpassen"
+msgstr "Ansicht ändern in"
 
-#: ../web/swat.c:554
+#: ../web/swat.c:601
 msgid "Current Config"
 msgstr "Aktuelle Konfiguration"
 
-#: ../web/swat.c:558
+#: ../web/swat.c:605
 msgid "Normal View"
 msgstr "Normale Ansicht"
 
-#: ../web/swat.c:560
+#: ../web/swat.c:607
 msgid "Full View"
 msgstr "Komplette Ansicht"
 
 #. Here we first set and commit all the parameters that were selected
 #. in the previous screen.
-#: ../web/swat.c:579
+#: ../web/swat.c:626
 msgid "Wizard Parameter Edit Page"
-msgstr ""
+msgstr "Bearbeitungsseite der Assistenten-Parameter"
 
-#: ../web/swat.c:608
+#: ../web/swat.c:655
 msgid "Note: smb.conf file has been read and rewritten"
 msgstr "Hinweis: smb.conf wurde gelesen und überschrieben"
 
 #. Here we go ...
-#: ../web/swat.c:716
+#: ../web/swat.c:763
 msgid "Samba Configuration Wizard"
-msgstr "Samba Konfigurations-Assistent"
+msgstr "Samba-Konfigurationsassistent"
 
-#: ../web/swat.c:720
-msgid "The \"Rewrite smb.conf file\" button will clear the smb.conf file of all default values and of comments."
-msgstr "Der Button \"Passe smb.conf an\" wird alle Kommentare und Standardwerte aus der smb.conf löschen."
+#: ../web/swat.c:767
+msgid ""
+"The \"Rewrite smb.conf file\" button will clear the smb.conf file of all "
+"default values and of comments."
+msgstr ""
+"Der Knopf »Schreibe smb.conf neu« wird alle Kommentare und Standardwerte "
+"aus der smb.conf löschen."
 
-#: ../web/swat.c:721
+#: ../web/swat.c:768
 msgid "The same will happen if you press the commit button."
-msgstr "Das gleiche passiert bei \"übernehmen\"."
+msgstr "Das gleiche passiert beim Knopf »übernehmen«."
 
-#: ../web/swat.c:724
+#: ../web/swat.c:771
 msgid "Rewrite smb.conf file"
 msgstr "Schreibe smb.conf neu"
 
-#: ../web/swat.c:725
+#: ../web/swat.c:772
 msgid "Commit"
-msgstr "übernehmen"
+msgstr "Übernehmen"
 
-#: ../web/swat.c:726
+#: ../web/swat.c:773
 msgid "Edit Parameter Values"
-msgstr "Bearbeite Parameter"
+msgstr "Bearbeite Parameterwerte"
 
-#: ../web/swat.c:732
+#: ../web/swat.c:779
 msgid "Server Type"
 msgstr "Server-Typ"
 
-#: ../web/swat.c:733
+#: ../web/swat.c:780
 msgid "Stand Alone"
 msgstr "Einzelserver"
 
-#: ../web/swat.c:734
+#: ../web/swat.c:781
 msgid "Domain Member"
-msgstr "Domänen-Mitglied"
+msgstr "Domänenmitglied"
 
-#: ../web/swat.c:735
+#: ../web/swat.c:782
 msgid "Domain Controller"
-msgstr "Domänen-Controller"
+msgstr "Domänencontroller"
 
-#: ../web/swat.c:738
+#: ../web/swat.c:785
 msgid "Unusual Type in smb.conf - Please Select New Mode"
 msgstr ""
+"Ungewöhnlicher Typ in der smb.conf - Bitte wählen Sie einen neuen Modus"
 
-#: ../web/swat.c:740
+#: ../web/swat.c:787
 msgid "Configure WINS As"
-msgstr "Konfiguriere WINS"
+msgstr "Konfiguriere WINS als"
 
-#: ../web/swat.c:741
+#: ../web/swat.c:788
 msgid "Not Used"
-msgstr "nicht benutzt"
+msgstr "Nicht benutzt"
 
-#: ../web/swat.c:742
+#: ../web/swat.c:789
 msgid "Server for client use"
-msgstr "WINS-Server"
+msgstr "Server für Client-Verwendung"
 
-#: ../web/swat.c:743
+#: ../web/swat.c:790
 msgid "Client of another WINS server"
-msgstr "WINS-Client an anderem Server"
+msgstr "Client eines anderen WINS-Servers"
 
-#: ../web/swat.c:745
+#: ../web/swat.c:792
 msgid "Remote WINS Server"
-msgstr "Zuständiger WINS-Server:"
+msgstr "Entfernter WINS-Server:"
 
-#: ../web/swat.c:756
+#: ../web/swat.c:803
 msgid "Error: WINS Server Mode and WINS Support both set in smb.conf"
-msgstr "Fehler: WINS-Server und WINS-Client zugleich in smb.conf gesetzt"
+msgstr ""
+"Fehler: Sowohl WINS-Server-Modus als auch WINS-Unterstützung in smb.conf "
+"aktiviert"
 
-#: ../web/swat.c:757
+#: ../web/swat.c:804
 msgid "Please Select desired WINS mode above."
-msgstr "Bitte wählen Sie den WINS-Modus."
+msgstr "Bitte wählen Sie den gewünschten WINS-Modus oben aus."
 
-#: ../web/swat.c:759
+#: ../web/swat.c:806
 msgid "Expose Home Directories"
 msgstr "Home-Verzeichnisse freigeben"
 
-#: ../web/swat.c:774
-msgid "The above configuration options will set multiple parameters and will generally assist with rapid Samba deployment."
-msgstr "Diese Konfigurationsoptionen bearbeiten mehrere Parameter und dienen als Hilfe zur schnellen Samba-Einrichtung."
+#: ../web/swat.c:821
+msgid ""
+"The above configuration options will set multiple parameters and will "
+"generally assist with rapid Samba deployment."
+msgstr ""
+"Die obigen Konfigurationsoptionen bearbeiten mehrere Parameter und dienen als "
+"Hilfe zur schnellen Samba-Einrichtung."
 
-#: ../web/swat.c:787
+#: ../web/swat.c:834
 msgid "Global Parameters"
 msgstr "Globale Parameter"
 
-#: ../web/swat.c:815 ../web/swat.c:916 ../web/swat.c:1265
+#: ../web/swat.c:862 ../web/swat.c:966 ../web/swat.c:1318
 msgid "Commit Changes"
 msgstr "Änderungen speichern"
 
-#: ../web/swat.c:819 ../web/swat.c:919 ../web/swat.c:1267
+#: ../web/swat.c:866 ../web/swat.c:969 ../web/swat.c:1320
 msgid "Reset Values"
 msgstr "Werte zurücksetzen"
 
-#: ../web/swat.c:844
+#: ../web/swat.c:891
 msgid "Share Parameters"
 msgstr "Parameter der Freigabe"
 
-#: ../web/swat.c:887
+#: ../web/swat.c:934
 msgid "Choose Share"
 msgstr "Wähle Freigabe"
 
-#: ../web/swat.c:901
+#: ../web/swat.c:951
 msgid "Delete Share"
 msgstr "Lösche Freigabe"
 
-#: ../web/swat.c:908
+#: ../web/swat.c:958
 msgid "Create Share"
 msgstr "Erstelle Freigabe"
 
-#: ../web/swat.c:944
+#: ../web/swat.c:994
 msgid "password change in demo mode rejected"
-msgstr "Änderung des Passworts im Demo modus nicht aktiv"
+msgstr "Änderung des Passworts im Demo-Modus nicht möglich"
 
-#: ../web/swat.c:957
+#: ../web/swat.c:1007
 msgid "Can't setup password database vectors."
-msgstr ""
+msgstr "Kann Passwort-Datenbankvektoren nicht einrichten"
 
-#: ../web/swat.c:983
+#: ../web/swat.c:1033
 msgid " Must specify \"User Name\" "
-msgstr " \"Benutzername\" muss angegeben werden "
+msgstr " »Benutzername« muss angegeben werden "
 
-#: ../web/swat.c:999
+#: ../web/swat.c:1049
 msgid " Must specify \"Old Password\" "
-msgstr " \"Altes Passwort\" muss angegeben werden "
+msgstr " »Altes Passwort« muss angegeben werden "
 
-#: ../web/swat.c:1005
+#: ../web/swat.c:1055
 msgid " Must specify \"Remote Machine\" "
-msgstr " \"Remote-Server\" muss angegeben werden "
+msgstr " »Entfernter Server« muss angegeben werden "
 
-#: ../web/swat.c:1012
+#: ../web/swat.c:1062
 msgid " Must specify \"New, and Re-typed Passwords\" "
-msgstr " \"Neues/wiederholtes Passwort\" müssen angegeben werden "
+msgstr " »Neues/wiederholtes Passwort« muss angegeben werden "
 
-#: ../web/swat.c:1018
+#: ../web/swat.c:1068
 msgid " Re-typed password didn't match new password "
 msgstr " Das wiederholte Passwort stimmt nicht mit dem neuen Passwort überein"
 
-#: ../web/swat.c:1048
+#: ../web/swat.c:1101
 #, c-format
 msgid " The passwd for '%s' has been changed."
 msgstr " Das Passwort für '%s' wurde geändert."
 
-#: ../web/swat.c:1051
+#: ../web/swat.c:1104
 #, c-format
 msgid " The passwd for '%s' has NOT been changed."
 msgstr " Das Passwort für '%s' wurde NICHT geändert."
 
-#: ../web/swat.c:1076
+#: ../web/swat.c:1129
 msgid "Server Password Management"
-msgstr "Verwaltung des Server Passwortes"
+msgstr "Verwaltung des Server-Passwortes"
 
 #.
 #. * Create all the dialog boxes for data collection
 #.
-#: ../web/swat.c:1085 ../web/swat.c:1132
+#: ../web/swat.c:1138 ../web/swat.c:1185
 msgid "User Name"
 msgstr "Benutzername"
 
-#: ../web/swat.c:1088 ../web/swat.c:1134
+#: ../web/swat.c:1141 ../web/swat.c:1187
 msgid "Old Password"
 msgstr "Altes Passwort"
 
-#: ../web/swat.c:1091 ../web/swat.c:1136
+#: ../web/swat.c:1144 ../web/swat.c:1189
 msgid "New Password"
 msgstr "Neues Passwort"
 
-#: ../web/swat.c:1093 ../web/swat.c:1138
+#: ../web/swat.c:1146 ../web/swat.c:1191
 msgid "Re-type New Password"
 msgstr "Wiederhole neues Passwort"
 
-#: ../web/swat.c:1101 ../web/swat.c:1149
+#: ../web/swat.c:1154 ../web/swat.c:1202
 msgid "Change Password"
 msgstr "Ändere Passwort"
 
-#: ../web/swat.c:1104
+#: ../web/swat.c:1157
 msgid "Add New User"
-msgstr "Füge Benutzer hinzu"
+msgstr "Füge neuen Benutzer hinzu"
 
-#: ../web/swat.c:1106
+#: ../web/swat.c:1159
 msgid "Delete User"
 msgstr "Lösche Benutzer"
 
-#: ../web/swat.c:1108
+#: ../web/swat.c:1161
 msgid "Disable User"
 msgstr "Deaktiviere Benutzer"
 
-#: ../web/swat.c:1110
+#: ../web/swat.c:1163
 msgid "Enable User"
 msgstr "Aktiviere Benutzer"
 
-#: ../web/swat.c:1123
+#: ../web/swat.c:1176
 msgid "Client/Server Password Management"
-msgstr "Client/Server Passwort Verwaltung"
+msgstr "Client/Server Passwort-Verwaltung"
 
-#: ../web/swat.c:1140
+#: ../web/swat.c:1193
 msgid "Remote Machine"
-msgstr "Remote-Server"
+msgstr "Entfernte Maschine"
 
-#: ../web/swat.c:1179
+#: ../web/swat.c:1232
 msgid "Printer Parameters"
-msgstr "Drucker Parameter"
+msgstr "Drucker-Parameter"
 
-#: ../web/swat.c:1181
+#: ../web/swat.c:1234
 msgid "Important Note:"
 msgstr "Wichtiger Hinweis:"
 
-#: ../web/swat.c:1182
+#: ../web/swat.c:1235
+#, c-format
 msgid "Printer names marked with [*] in the Choose Printer drop-down box "
-msgstr "Mit [*] gekennzeichnete Drucker in der Druckerauswahlliste"
+msgstr "Mit [*] gekennzeichnete Drucker in der »Wähle Drucker«-Auswahlliste "
 
-#: ../web/swat.c:1183
+#: ../web/swat.c:1236
+#, c-format
 msgid "are autoloaded printers from "
-msgstr "wurden automatisch geladen von :"
+msgstr "sind automatisch geladene Drucker aus "
 
-#: ../web/swat.c:1184
+#: ../web/swat.c:1237
 msgid "Printcap Name"
-msgstr "Printcap Name"
+msgstr "Printcap-Name"
 
-#: ../web/swat.c:1185
+#: ../web/swat.c:1238
 msgid "Attempting to delete these printers from SWAT will have no effect."
-msgstr "Der Versuch diese Drucker von SWAT aus zu löschen wird keine Auswirkung haben."
+msgstr ""
+"Der Versuch, diese Drucker von SWAT aus zu löschen, wird keine Auswirkung "
+"haben."
 
-#: ../web/swat.c:1231
+#: ../web/swat.c:1284
 msgid "Choose Printer"
 msgstr "Wähle Drucker"
 
-#: ../web/swat.c:1250
+#: ../web/swat.c:1303
 msgid "Delete Printer"
 msgstr "Lösche Drucker"
 
-#: ../web/swat.c:1257
+#: ../web/swat.c:1310
 msgid "Create Printer"
-msgstr "Ersteller Drucker"
+msgstr "Erstelle Drucker"
 
-#: ../web/statuspage.c:123
-msgid "RDONLY     "
-msgstr ""
+#: ../web/statuspage.c:139
+msgid "RDWR       "
+msgstr "LESE/SCHREIBE "
 
-#: ../web/statuspage.c:124
+#: ../web/statuspage.c:141
 msgid "WRONLY     "
-msgstr ""
+msgstr "NUR SCHREIBE  "
 
-#: ../web/statuspage.c:125
-msgid "RDWR       "
-msgstr ""
+#: ../web/statuspage.c:143
+msgid "RDONLY     "
+msgstr "NUR LESE      "
 
-#: ../web/statuspage.c:309
+#: ../web/statuspage.c:330
 msgid "Server Status"
 msgstr "Server-Status"
 
-#: ../web/statuspage.c:314
+#: ../web/statuspage.c:335
 msgid "Auto Refresh"
 msgstr "Automatische Aktualisierung"
 
-#: ../web/statuspage.c:315 ../web/statuspage.c:320
+#: ../web/statuspage.c:336 ../web/statuspage.c:341
 msgid "Refresh Interval: "
 msgstr "Aktualisierungsintervall: "
 
-#: ../web/statuspage.c:319
+#: ../web/statuspage.c:340
 msgid "Stop Refreshing"
 msgstr "Stoppe Aktualisierung"
 
-#: ../web/statuspage.c:334
+#: ../web/statuspage.c:355
 msgid "version:"
 msgstr "Version:"
 
-#: ../web/statuspage.c:337
+#: ../web/statuspage.c:358
 msgid "smbd:"
-msgstr ""
+msgstr "smbd:"
 
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: ../web/statuspage.c:358 ../web/statuspage.c:371 ../web/statuspage.c:385
 msgid "running"
 msgstr "aktiv"
 
-#: ../web/statuspage.c:337 ../web/statuspage.c:350 ../web/statuspage.c:364
+#: ../web/statuspage.c:358 ../web/statuspage.c:371 ../web/statuspage.c:385
 msgid "not running"
 msgstr "inaktiv"
 
-#: ../web/statuspage.c:341
+#: ../web/statuspage.c:362
 msgid "Stop smbd"
 msgstr "Stoppe smbd"
 
-#: ../web/statuspage.c:343
+#: ../web/statuspage.c:364
 msgid "Start smbd"
 msgstr "Starte smbd"
 
-#: ../web/statuspage.c:345
+#: ../web/statuspage.c:366
 msgid "Restart smbd"
-msgstr "Neustart smbd"
+msgstr "Starte smbd neu"
 
-#: ../web/statuspage.c:350
+#: ../web/statuspage.c:371
 msgid "nmbd:"
-msgstr ""
+msgstr "nmbd:"
 
-#: ../web/statuspage.c:354
+#: ../web/statuspage.c:375
 msgid "Stop nmbd"
 msgstr "Stoppe nmbd"
 
-#: ../web/statuspage.c:356
+#: ../web/statuspage.c:377
 msgid "Start nmbd"
 msgstr "Starte nmbd"
 
-#: ../web/statuspage.c:358
+#: ../web/statuspage.c:379
 msgid "Restart nmbd"
-msgstr "Neustart nmbd"
+msgstr "Starte nmbd neu"
 
-#: ../web/statuspage.c:364
+#: ../web/statuspage.c:385
 msgid "winbindd:"
-msgstr ""
+msgstr "winbindd:"
 
-#: ../web/statuspage.c:368
+#: ../web/statuspage.c:389
 msgid "Stop winbindd"
 msgstr "Stoppe winbindd"
 
-#: ../web/statuspage.c:370
+#: ../web/statuspage.c:391
 msgid "Start winbindd"
 msgstr "Starte winbindd"
 
-#: ../web/statuspage.c:372
+#: ../web/statuspage.c:393
 msgid "Restart winbindd"
-msgstr "Neustart winbindd"
+msgstr "Starte winbindd neu"
 
 #. stop, restart all
-#: ../web/statuspage.c:381
+#: ../web/statuspage.c:402
 msgid "Stop All"
 msgstr "Alle Stoppen"
 
-#: ../web/statuspage.c:382
+#: ../web/statuspage.c:403
 msgid "Restart All"
 msgstr "Alle neu starten"
 
 #. start all
-#: ../web/statuspage.c:386
+#: ../web/statuspage.c:407
 msgid "Start All"
-msgstr "Alle Starten"
+msgstr "Alle starten"
 
-#: ../web/statuspage.c:393
+#: ../web/statuspage.c:414
 msgid "Active Connections"
 msgstr "Aktive Verbindungen"
 
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: ../web/statuspage.c:416 ../web/statuspage.c:429 ../web/statuspage.c:437
 msgid "PID"
-msgstr ""
+msgstr "PID"
 
-#: ../web/statuspage.c:395 ../web/statuspage.c:408
+#: ../web/statuspage.c:416 ../web/statuspage.c:429
 msgid "Client"
-msgstr ""
+msgstr "Client"
 
-#: ../web/statuspage.c:395
+#: ../web/statuspage.c:416
 msgid "IP address"
 msgstr "IP-Adresse"
 
-#: ../web/statuspage.c:395 ../web/statuspage.c:408 ../web/statuspage.c:416
+#: ../web/statuspage.c:416 ../web/statuspage.c:429 ../web/statuspage.c:437
 msgid "Date"
 msgstr "Datum"
 
-#: ../web/statuspage.c:397
+#: ../web/statuspage.c:418
 msgid "Kill"
-msgstr "Killen"
+msgstr "Töten"
 
-#: ../web/statuspage.c:405
+#: ../web/statuspage.c:426
 msgid "Active Shares"
 msgstr "Aktive Freigaben"
 
-#: ../web/statuspage.c:408
+#: ../web/statuspage.c:429
 msgid "Share"
 msgstr "Freigabe"
 
-#: ../web/statuspage.c:408
+#: ../web/statuspage.c:429
 msgid "User"
 msgstr "Benutzer"
 
-#: ../web/statuspage.c:408
+#: ../web/statuspage.c:429
 msgid "Group"
 msgstr "Gruppe"
 
-#: ../web/statuspage.c:414
+#: ../web/statuspage.c:435
 msgid "Open Files"
 msgstr "Offene Dateien"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "Sharing"
-msgstr ""
+msgstr "Freigeben"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "R/W"
-msgstr ""
+msgstr "Lese/Schreibe"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "Oplock"
-msgstr ""
+msgstr "Opportunistische Sperre (Lock)"
 
-#: ../web/statuspage.c:416
+#: ../web/statuspage.c:437
 msgid "File"
 msgstr "Datei"
 
-#: ../web/statuspage.c:425
+#: ../web/statuspage.c:446
 msgid "Show Client in col 1"
-msgstr ""
+msgstr "Zeige Client in Spalte 1"
 
-#: ../web/statuspage.c:426
+#: ../web/statuspage.c:447
 msgid "Show PID in col 1"
-msgstr ""
+msgstr "Zeige PID in Spalte 1"
 
-#: ../param/loadparm.c:755
+#: ../param/loadparm.c:836
 msgid "Base Options"
 msgstr "Basisoptionen"
 
-#: ../param/loadparm.c:775
+#: ../param/loadparm.c:855
 msgid "Security Options"
 msgstr "Sicherheitsoptionen"
 
-#: ../param/loadparm.c:859
+#: ../param/loadparm.c:945
 msgid "Logging Options"
-msgstr "Log Optionen"
+msgstr "Protokollier-Optionen"
 
-#: ../param/loadparm.c:874
+#: ../param/loadparm.c:962
 msgid "Protocol Options"
-msgstr "Protokoll Optionen"
+msgstr "Protokoll-Optionen"
 
-#: ../param/loadparm.c:911
+#: ../param/loadparm.c:1008
 msgid "Tuning Options"
 msgstr "Optimierungsoptionen"
 
-#: ../param/loadparm.c:940
+#: ../param/loadparm.c:1037
 msgid "Printing Options"
 msgstr "Druckoptionen"
 
-#: ../param/loadparm.c:970
+#: ../param/loadparm.c:1075
 msgid "Filename Handling"
-msgstr "Verwaltung Dateinamen"
+msgstr "Dateinamen-Verwaltung"
 
-#: ../param/loadparm.c:996
+#: ../param/loadparm.c:1105
 msgid "Domain Options"
-msgstr "Domänen Optionen"
+msgstr "Domänen-Optionen"
 
-#: ../param/loadparm.c:1000
+#: ../param/loadparm.c:1109
 msgid "Logon Options"
-msgstr "Login optionen"
+msgstr "Anmelde-Optionen"
 
-#: ../param/loadparm.c:1019
+#: ../param/loadparm.c:1130
 msgid "Browse Options"
-msgstr "Browsing Optionen"
+msgstr "Browsing-Optionen"
 
-#: ../param/loadparm.c:1033
+#: ../param/loadparm.c:1144
 msgid "WINS Options"
-msgstr "WINS Optionen"
+msgstr "WINS-Optionen"
 
-#: ../param/loadparm.c:1043
+#: ../param/loadparm.c:1153
 msgid "Locking Options"
-msgstr "Locking Optionen"
+msgstr "Locking-(Sperr-)Optionen"
 
-#: ../param/loadparm.c:1061
+#: ../param/loadparm.c:1170
 msgid "Ldap Options"
-msgstr "LDAP Optionen"
+msgstr "LDAP-Optionen"
 
-#: ../param/loadparm.c:1078
+#: ../param/loadparm.c:1186
 msgid "Miscellaneous Options"
-msgstr "Verschiedene Optionen"
+msgstr "Sonstige Optionen"
 
-#: ../param/loadparm.c:1138
+#: ../param/loadparm.c:1191
+#| msgid "Logon Options"
+msgid "EventLog Options"
+msgstr "EventLog-Optionen"
+
+#: ../param/loadparm.c:1258
 msgid "VFS module options"
-msgstr "VFS Optionen"
+msgstr "VFS-Modul-Optionen"
 
-#: ../param/loadparm.c:1148
+#: ../param/loadparm.c:1268
 msgid "Winbind options"
-msgstr "Winbind Optionen"
+msgstr "Winbind-Optionen"

Modified: branches/samba/lenny/source/printing/nt_printing.c
===================================================================
--- branches/samba/lenny/source/printing/nt_printing.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/printing/nt_printing.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -2552,7 +2552,7 @@
 
 	if (geteuid() == 0) {
 		if (asprintf(&printdb_path, "%s%s.tdb",
-				lock_path("printing/"),
+				cache_path("printing/"),
 				sharename) < 0) {
 			return (uint32)-1;
 		}

Modified: branches/samba/lenny/source/printing/printing.c
===================================================================
--- branches/samba/lenny/source/printing/printing.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/printing/printing.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -183,8 +183,8 @@
 	int services = lp_numservices();
 	int snum;
 
-	unlink(lock_path("printing.tdb"));
-	mkdir(lock_path("printing"),0755);
+	unlink(cache_path("printing.tdb"));
+	mkdir(cache_path("printing"),0755);
 
 	/* handle a Samba upgrade */
 

Modified: branches/samba/lenny/source/printing/printing_db.c
===================================================================
--- branches/samba/lenny/source/printing/printing_db.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/printing/printing_db.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -91,7 +91,7 @@
 	}
 
 	if (asprintf(&printdb_path, "%s%s.tdb",
-				lock_path("printing/"),
+				cache_path("printing/"),
 				printername) < 0) {
 		DLIST_REMOVE(print_db_head, p);
 		SAFE_FREE(p);

Modified: branches/samba/lenny/source/rpc_client/cli_pipe.c
===================================================================
--- branches/samba/lenny/source/rpc_client/cli_pipe.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/rpc_client/cli_pipe.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -349,7 +349,7 @@
 		return NT_STATUS_OK;
 	}
 
-	if (auth_len != RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
+	if (auth_len < RPC_AUTH_SCHANNEL_SIGN_OR_SEAL_CHK_LEN) {
 		DEBUG(0,("cli_pipe_verify_schannel: auth_len %u.\n", (unsigned int)auth_len ));
 		return NT_STATUS_INVALID_PARAMETER;
 	}

Modified: branches/samba/lenny/source/script/installswat.sh
===================================================================
--- branches/samba/lenny/source/script/installswat.sh	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/script/installswat.sh	2011-07-27 07:08:47 UTC (rev 3855)
@@ -198,7 +198,11 @@
 
 # Install/ remove Using Samba book (but only if it is there)
 
-if [ "x$BOOKDIR" != "x" -a -f $SRCDIR../docs/htmldocs/using_samba/toc.html ]; then
+# Under Debian we don't actually install the book. The book is part of
+# the samba-doc package, so we just provide a symlink that points to
+# where the book is actually installed. The symlink is created in
+# debian/rules.
+if /bin/false; then
 
     # Create directories
 

Modified: branches/samba/lenny/source/script/smbtar
===================================================================
--- branches/samba/lenny/source/script/smbtar	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/script/smbtar	2011-07-27 07:08:47 UTC (rev 3855)
@@ -151,7 +151,7 @@
 if [ -z "$verbose" ]; then
       echo "server    is $server"
 #     echo "share     is $service"
-      echo "share     is $service\\$cdcmd"
+      printf "share     is %s\\%s\n" "$service" "$cdcmd"
       echo "tar args  is $tarargs"
 #     echo "password  is $password"  # passwords should never be sent to screen
       echo "tape      is $tapefile"

Modified: branches/samba/lenny/source/smbd/dnsregister.c
===================================================================
--- branches/samba/lenny/source/smbd/dnsregister.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/dnsregister.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -125,6 +125,9 @@
 	 */
 	if (dns_state->srv_ref != NULL) {
 		mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
+		if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
+			return;
+		}
 		FD_SET(mdnsd_conn_fd, listen_set);
 		return;
 	}
@@ -156,6 +159,9 @@
 	}
 
 	mdnsd_conn_fd = DNSServiceRefSockFD(dns_state->srv_ref);
+	if (mdnsd_conn_fd < 0 || mdnsd_conn_fd >= FD_SETSIZE) {
+		return;
+	}
 	FD_SET(mdnsd_conn_fd, listen_set);
 	*maxfd = MAX(*maxfd, mdnsd_conn_fd);
 	*timeout = timeval_zero();

Modified: branches/samba/lenny/source/smbd/lanman.c
===================================================================
--- branches/samba/lenny/source/smbd/lanman.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/lanman.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1157,9 +1157,9 @@
 	bool local_list_only;
 	int i;
 
-	lines = file_lines_load(lock_path(SERVER_LIST), NULL, 0);
+	lines = file_lines_load(cache_path(SERVER_LIST), NULL, 0);
 	if (!lines) {
-		DEBUG(4,("Can't open %s - %s\n",lock_path(SERVER_LIST),strerror(errno)));
+		DEBUG(4,("Can't open %s - %s\n",cache_path(SERVER_LIST),strerror(errno)));
 		return 0;
 	}
 

Modified: branches/samba/lenny/source/smbd/mangle_hash.c
===================================================================
--- branches/samba/lenny/source/smbd/mangle_hash.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/mangle_hash.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -433,6 +433,13 @@
 		if( !s1[i] && !s2[i] ) {
 			/* Truncate at the '.' */
 			*s1 = '\0';
+			/*
+			 * DANGER WILL ROBINSON - this
+			 * is changing a const string via
+			 * an aliased pointer ! Remember to
+			 * put it back once we've used it.
+			 * JRA
+			 */
 			*s2 = '\0';
 		}
 	}
@@ -444,6 +451,8 @@
 	} else {
 		DEBUG(5,("cache_mangled_name: Stored entry %s -> %s\n", mangled_name_key, raw_name));
 	}
+	/* Restore the change we made to the const string. */
+	*s2 = '.';
 }
 
 /* ************************************************************************** **
@@ -612,7 +621,10 @@
 	}
 	status = is_valid_name(name_ucs2, False, False);
 	SAFE_FREE(name_ucs2);
-	return NT_STATUS_IS_OK(status);
+	/* We return true if we *must* mangle, so if it's
+	 * a valid name (status == OK) then we must return
+	 * false. Bug #6939. */
+	return !NT_STATUS_IS_OK(status);
 }
 
 /*****************************************************************************

Modified: branches/samba/lenny/source/smbd/nttrans.c
===================================================================
--- branches/samba/lenny/source/smbd/nttrans.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/nttrans.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1980,7 +1980,11 @@
 		/* unknown 4 bytes: this is not the length of the sid :-(  */
 		/*unknown = IVAL(pdata,0);*/
 
-		sid_parse(pdata+4,sid_len,&sid);
+		if (!sid_parse(pdata+4,sid_len,&sid)) {
+			reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+			return;
+		}
+
 		DEBUGADD(10, ("for SID: %s\n", sid_string_dbg(&sid)));
 
 		if (!sid_to_uid(&sid, &uid)) {
@@ -2235,7 +2239,10 @@
 				break;
 			}
 
-			sid_parse(pdata+8,sid_len,&sid);
+			if (!sid_parse(pdata+8,sid_len,&sid)) {
+				reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+				return;
+			}
 
 			if (vfs_get_ntquota(fsp, SMB_USER_QUOTA_TYPE, &sid, &qt)!=0) {
 				ZERO_STRUCT(qt);
@@ -2415,7 +2422,11 @@
 	}
 #endif /* LARGE_SMB_OFF_T */
 
-	sid_parse(pdata+40,sid_len,&sid);
+	if (!sid_parse(pdata+40,sid_len,&sid)) {
+		reply_nterror(req, NT_STATUS_INVALID_PARAMETER);
+		return;
+	}
+
 	DEBUGADD(8,("SID: %s\n", sid_string_dbg(&sid)));
 
 	/* 44 unknown bytes left... */

Modified: branches/samba/lenny/source/smbd/open.c
===================================================================
--- branches/samba/lenny/source/smbd/open.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/open.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -2126,6 +2126,14 @@
 		return NT_STATUS_NOT_A_DIRECTORY;
 	}
 
+	/* We need to support SeSecurityPrivilege for this. */
+	if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+		DEBUG(10, ("open_directory: open on %s "
+			"failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
+			fname));
+		return NT_STATUS_PRIVILEGE_NOT_HELD;
+	}
+
 	switch( create_disposition ) {
 		case FILE_OPEN:
 
@@ -2677,6 +2685,20 @@
 		status = NT_STATUS_PRIVILEGE_NOT_HELD;
 		goto fail;
 	}
+#else
+	/* We need to support SeSecurityPrivilege for this. */
+	if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+		status = NT_STATUS_PRIVILEGE_NOT_HELD;
+		goto fail;
+	}
+	/* Don't allow a SACL set from an NTtrans create until we
+	 * support SeSecurityPrivilege. */
+	if (!VALID_STAT(sbuf) &&
+			lp_nt_acl_support(SNUM(conn)) &&
+			sd && (sd->sacl != NULL)) {
+		status = NT_STATUS_PRIVILEGE_NOT_HELD;
+		goto fail;
+	}
 #endif
 
 	if ((conn->fs_capabilities & FILE_NAMED_STREAMS)

Modified: branches/samba/lenny/source/smbd/oplock.c
===================================================================
--- branches/samba/lenny/source/smbd/oplock.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/oplock.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -233,7 +233,10 @@
 int oplock_notify_fd(void)
 {
 	if (koplocks) {
-		return koplocks->notification_fd;
+		int fd = koplocks->notification_fd;
+		if (fd < 0 || fd >= FD_SETSIZE) {
+			return -1;
+		}
 	}
 
 	return -1;

Modified: branches/samba/lenny/source/smbd/oplock_irix.c
===================================================================
--- branches/samba/lenny/source/smbd/oplock_irix.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/oplock_irix.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -284,6 +284,11 @@
 		return False;
 	}
 
+	if (pfd[0] < 0 || pfd[0] >= FD_SETSIZE) {
+		DEBUG(0,("setup_kernel_oplock_pipe: fd out of range.\n"));
+		return False;
+	}
+
 	oplock_pipe_read = pfd[0];
 	oplock_pipe_write = pfd[1];
 

Modified: branches/samba/lenny/source/smbd/posix_acls.c
===================================================================
--- branches/samba/lenny/source/smbd/posix_acls.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/posix_acls.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -2368,24 +2368,22 @@
 ****************************************************************************/
 
 static bool acl_group_override(connection_struct *conn,
-				gid_t prim_gid,
+				SMB_STRUCT_STAT *psbuf,
 				const char *fname)
 {
-	SMB_STRUCT_STAT sbuf;
-
 	if ((errno != EPERM) && (errno != EACCES)) {
 		return false;
 	}
 
 	/* file primary group == user primary or supplementary group */
 	if (lp_acl_group_control(SNUM(conn)) &&
-			current_user_in_group(prim_gid)) {
+			current_user_in_group(psbuf->st_gid)) {
 		return true;
 	}
 
 	/* user has writeable permission */
 	if (lp_dos_filemode(SNUM(conn)) &&
-			can_write_to_file(conn, fname, &sbuf)) {
+			can_write_to_file(conn, fname, psbuf)) {
 		return true;
 	}
 
@@ -2396,7 +2394,7 @@
  Attempt to apply an ACL to a file or directory.
 ****************************************************************************/
 
-static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, gid_t prim_gid, bool *pacl_set_support)
+static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, SMB_STRUCT_STAT *psbuf, bool *pacl_set_support)
 {
 	connection_struct *conn = fsp->conn;
 	bool ret = False;
@@ -2575,7 +2573,7 @@
 				*pacl_set_support = False;
 			}
 
-			if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
+			if (acl_group_override(conn, psbuf, fsp->fsp_name)) {
 				int sret;
 
 				DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
@@ -2606,7 +2604,7 @@
 				*pacl_set_support = False;
 			}
 
-			if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
+			if (acl_group_override(conn, psbuf, fsp->fsp_name)) {
 				int sret;
 
 				DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
@@ -3565,7 +3563,7 @@
 			 */
 
 			if (acl_perms && file_ace_list) {
-				ret = set_canon_ace_list(fsp, file_ace_list, False, sbuf.st_gid, &acl_set_support);
+				ret = set_canon_ace_list(fsp, file_ace_list, False, &sbuf, &acl_set_support);
 				if (acl_set_support && ret == False) {
 					DEBUG(3,("set_nt_acl: failed to set file acl on file %s (%s).\n", fsp->fsp_name, strerror(errno) ));
 					free_canon_ace_list(file_ace_list);
@@ -3576,7 +3574,7 @@
 
 			if (acl_perms && acl_set_support && fsp->is_directory) {
 				if (dir_ace_list) {
-					if (!set_canon_ace_list(fsp, dir_ace_list, True, sbuf.st_gid, &acl_set_support)) {
+					if (!set_canon_ace_list(fsp, dir_ace_list, True, &sbuf, &acl_set_support)) {
 						DEBUG(3,("set_nt_acl: failed to set default acl on directory %s (%s).\n", fsp->fsp_name, strerror(errno) ));
 						free_canon_ace_list(file_ace_list);
 						free_canon_ace_list(dir_ace_list); 
@@ -3591,7 +3589,7 @@
 					if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name) == -1) {
 						int sret = -1;
 
-						if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
+						if (acl_group_override(conn, &sbuf, fsp->fsp_name)) {
 							DEBUG(5,("set_nt_acl: acl group control on and "
 								"current user in file %s primary group. Override delete_def_acl\n",
 								fsp->fsp_name ));
@@ -3638,7 +3636,7 @@
 
 					if(SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms) == -1) {
 						int sret = -1;
-						if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) {
+						if (acl_group_override(conn, &sbuf, fsp->fsp_name)) {
 							DEBUG(5,("set_nt_acl: acl group control on and "
 								"current user in file %s primary group. Override chmod\n",
 								fsp->fsp_name ));

Modified: branches/samba/lenny/source/smbd/process.c
===================================================================
--- branches/samba/lenny/source/smbd/process.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/process.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -434,6 +434,7 @@
 	msg->request_time = request_time;
 	msg->end_time = end_time;
 	msg->encrypted = req->encrypted;
+	msg->processed = false;
 
 	if (private_data) {
 		msg->private_data = data_blob_talloc(msg, private_data,
@@ -489,6 +490,14 @@
 		DEBUG(10,("schedule_deferred_open_smb_message: [%d] msg_mid = %u\n", i++,
 			(unsigned int)msg_mid ));
 		if (mid == msg_mid) {
+			if (pml->processed) {
+				/* A processed message should not be
+				 * rescheduled. */
+				DEBUG(0,("schedule_deferred_open_smb_message: LOGIC ERROR "
+							"message mid %u was already processed\n",
+							(unsigned int)msg_mid ));
+				continue;
+			}
 			DEBUG(10,("schedule_deferred_open_smb_message: scheduling mid %u\n",
 				mid ));
 			pml->end_time.tv_sec = 0;
@@ -503,7 +512,7 @@
 }
 
 /****************************************************************************
- Return true if this mid is on the deferred queue.
+ Return true if this mid is on the deferred queue and was not yet processed.
 ****************************************************************************/
 
 bool open_was_deferred(uint16 mid)
@@ -511,7 +520,7 @@
 	struct pending_message_list *pml;
 
 	for (pml = deferred_open_queue; pml; pml = pml->next) {
-		if (SVAL(pml->buf.data,smb_mid) == mid) {
+		if (SVAL(pml->buf.data,smb_mid) == mid && !pml->processed) {
 			return True;
 		}
 	}
@@ -676,7 +685,7 @@
 
 static int select_on_fd(int fd, int maxfd, fd_set *fds)
 {
-	if (fd != -1) {
+	if (fd != -1 && fd < FD_SETSIZE) {
 		FD_SET(fd, fds);
 		maxfd = MAX(maxfd, fd);
 	}
@@ -778,6 +787,10 @@
 			/* We leave this message on the queue so the open code can
 			   know this is a retry. */
 			DEBUG(5,("receive_message_or_smb: returning deferred open smb message.\n"));
+
+			/* Mark the message as processed so this is not
+			 * re-processed in error. */
+			msg->processed = true;
 			return NT_STATUS_OK;
 		}
 	}
@@ -1469,6 +1482,7 @@
 
 static void construct_reply(char *inbuf, int size, size_t unread_bytes, bool encrypted)
 {
+	struct pending_message_list *pml = NULL;
 	uint8 type = CVAL(inbuf,smb_com);
 	connection_struct *conn;
 	struct smb_request *req;
@@ -1484,6 +1498,13 @@
 
 	conn = switch_message(type, req, size);
 
+	/* If this was a deferred message and it's still there and
+	 * was processed, remove it. */
+	pml = get_open_deferred_message(req->mid);
+	if (pml && pml->processed) {
+		remove_deferred_open_smb_message(req->mid);
+	}
+
 	if (req->unread_bytes) {
 		/* writeX failed. drain socket. */
 		if (drain_socket(smbd_server_fd(), req->unread_bytes) !=
@@ -1618,6 +1639,7 @@
 void chain_reply(struct smb_request *req)
 {
 	static char *orig_inbuf;
+	static int orig_size;
 
 	/*
 	 * Dirty little const_discard: We mess with req->inbuf, which is
@@ -1652,13 +1674,24 @@
 	if (chain_size == 0) {
 		/* this is the first part of the chain */
 		orig_inbuf = inbuf;
+		orig_size = size;
 	}
 
+	/* Validate smb_off2 */
+	if ((smb_off2 < smb_wct - 4) || orig_size < (smb_off2 + 4 - smb_wct)) {
+		exit_server_cleanly("Bad chained packet");
+		return;
+	}
 	/*
 	 * We need to save the output the caller added to the chain so that we
 	 * can splice it into the final output buffer later.
 	 */
 
+	if (outsize <= smb_wct) {
+		exit_server_cleanly("Bad chained packet");
+		return;
+	}
+
 	caller_outputlen = outsize - smb_wct;
 
 	caller_output = (char *)memdup(outbuf + smb_wct, caller_outputlen);

Modified: branches/samba/lenny/source/smbd/server.c
===================================================================
--- branches/samba/lenny/source/smbd/server.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/server.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -203,7 +203,13 @@
 	/* Started from inetd. fd 0 is the socket. */
 	/* We will abort gracefully when the client or remote system 
 	   goes away */
-	smbd_set_server_fd(dup(0));
+	int fd = dup(0);
+
+	if (fd < 0 || fd >= FD_SETSIZE) {
+		return false;
+	}
+
+	smbd_set_server_fd(fd);
 	
 	/* close our standard file descriptors */
 	close_low_fds(False); /* Don't close stderr */
@@ -422,7 +428,7 @@
 							num_sockets == 0 ? 0 : 2,
 							ifss,
 							true);
-				if(s == -1) {
+				if (s < 0 || s >= FD_SETSIZE) {
 					continue;
 				}
 
@@ -503,7 +509,7 @@
 						num_sockets == 0 ? 0 : 2,
 						&ss,
 						true);
-				if (s == -1) {
+				if (s < 0 || s >= FD_SETSIZE) {
 					continue;
 				}
 
@@ -677,6 +683,7 @@
 			struct sockaddr addr;
 			socklen_t in_addrlen = sizeof(addr);
 			pid_t child = 0;
+			int fd;
 
 			s = -1;
 			for(i = 0; i < num_sockets; i++) {
@@ -689,17 +696,22 @@
 				}
 			}
 
-			smbd_set_server_fd(accept(s,&addr,&in_addrlen));
-
-			if (smbd_server_fd() == -1 && errno == EINTR)
+			fd = accept(s,&addr,&in_addrlen);
+			if (fd == -1 && errno == EINTR)
 				continue;
-
-			if (smbd_server_fd() == -1) {
+			if (fd == -1) {
 				DEBUG(2,("open_sockets_smbd: accept: %s\n",
-					 strerror(errno)));
+					strerror(errno)));
 				continue;
 			}
+			if (fd < 0 || fd >= FD_SETSIZE) {
+				DEBUG(2,("open_sockets_smbd: bad fd %d\n",
+					fd ));
+				continue;
+			}
 
+			smbd_set_server_fd(fd);
+
 			/* Ensure child is set to blocking mode */
 			set_blocking(smbd_server_fd(),True);
 
@@ -797,6 +809,10 @@
 	int pnum = lp_servicenumber(PRINTERS_NAME);
 	const char *pname;
 
+	if (!lp_load_printers()
+	    && (lp_auto_services() == NULL || !strcmp(lp_auto_services(),"")))
+		return;
+
 	pcap_cache_reload();
 
 	/* remove stale printers */

Modified: branches/samba/lenny/source/smbd/service.c
===================================================================
--- branches/samba/lenny/source/smbd/service.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/smbd/service.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -55,6 +55,10 @@
 	const char *s = connectpath;
         bool start_of_name_component = true;
 
+	if (connectpath == NULL || connectpath[0] == '\0') {
+		return false;
+	}
+
 	destname = SMB_STRDUP(connectpath);
 	if (!destname) {
 		return false;
@@ -235,6 +239,10 @@
 		return -1;
 	}
 
+	if ((servicename == NULL) || (*servicename == '\0')) {
+		return -1;
+	}
+
 	if (strequal(servicename, GLOBAL_NAME)) {
 		return -2;
 	}
@@ -323,7 +331,7 @@
 {
 	int iHomeService;
 
-	if (!service || !homedir)
+	if (!service || !homedir || homedir[0] == '\0')
 		return -1;
 
 	if ((iHomeService = lp_servicenumber(HOMES_NAME)) < 0) {

Modified: branches/samba/lenny/source/utils/smbcontrol.c
===================================================================
--- branches/samba/lenny/source/utils/smbcontrol.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/utils/smbcontrol.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -875,10 +875,10 @@
 	/* Remove the entry in the winbindd_cache tdb to tell a later
 	   starting winbindd that we're online. */
 
-	tdb = tdb_open_log(lock_path("winbindd_cache.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600);
+	tdb = tdb_open_log(cache_path("winbindd_cache.tdb"), 0, TDB_DEFAULT, O_RDWR, 0600);
 	if (!tdb) {
 		fprintf(stderr, "Cannot open the tdb %s for writing.\n",
-			lock_path("winbindd_cache.tdb"));
+			cache_path("winbindd_cache.tdb"));
 		return False;
 	}
 
@@ -912,13 +912,13 @@
 	   starting winbindd that we're offline. We may actually create
 	   it here... */
 
-	tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
+	tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
 				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
 				TDB_DEFAULT /* TDB_CLEAR_IF_FIRST */, O_RDWR|O_CREAT, 0600);
 
 	if (!tdb) {
 		fprintf(stderr, "Cannot open the tdb %s for writing.\n",
-			lock_path("winbindd_cache.tdb"));
+			cache_path("winbindd_cache.tdb"));
 		return False;
 	}
 

Modified: branches/samba/lenny/source/utils/smbfilter.c
===================================================================
--- branches/samba/lenny/source/utils/smbfilter.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/utils/smbfilter.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -162,8 +162,8 @@
 		int num;
 		
 		FD_ZERO(&fds);
-		if (s != -1) FD_SET(s, &fds);
-		if (c != -1) FD_SET(c, &fds);
+		if (s >= 0 && s < FD_SETSIZE) FD_SET(s, &fds);
+		if (c >= 0 && c < FD_SETSIZE) FD_SET(c, &fds);
 
 		num = sys_select_intr(MAX(s+1, c+1),&fds,NULL,NULL,NULL);
 		if (num <= 0) continue;
@@ -235,6 +235,10 @@
 		struct sockaddr_storage ss;
 		socklen_t in_addrlen = sizeof(ss);
 		
+		if (s < 0 || s >= FD_SETSIZE) {
+			break;
+		}
+
 		FD_ZERO(&fds);
 		FD_SET(s, &fds);
 

Modified: branches/samba/lenny/source/web/swat.c
===================================================================
--- branches/samba/lenny/source/web/swat.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/web/swat.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1116,11 +1116,9 @@
 	if(cgi_variable(CHG_S_PASSWD_FLAG)) {
 		printf("<p>");
 		if (rslt == True) {
-			printf(_(" The passwd for '%s' has been changed."), cgi_variable_nonull(SWAT_USER));
-			printf("\n");
+			printf("%s\n", _(" The passwd has been changed."));
 		} else {
-			printf(_(" The passwd for '%s' has NOT been changed."), cgi_variable_nonull(SWAT_USER));
-			printf("\n");
+			printf("%s\n", _(" The passwd has NOT been changed."));
 		}
 	}
 	
@@ -1134,14 +1132,6 @@
 {
 	const char *new_name = cgi_user_name();
 
-	/* 
-	 * After the first time through here be nice. If the user
-	 * changed the User box text to another users name, remember it.
-	 */
-	if (cgi_variable(SWAT_USER)) {
-		new_name = cgi_variable_nonull(SWAT_USER);
-	} 
-
 	if (!new_name) new_name = "";
 
 	printf("<H2>%s</H2>\n", _("Server Password Management"));

Modified: branches/samba/lenny/source/winbindd/idmap_cache.c
===================================================================
--- branches/samba/lenny/source/winbindd/idmap_cache.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/winbindd/idmap_cache.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -54,7 +54,7 @@
 		return NULL;
 	}
 
-	cache_fname = lock_path("idmap_cache.tdb");
+	cache_fname = cache_path("idmap_cache.tdb");
 
 	DEBUG(10, ("Opening cache file at %s\n", cache_fname));
 

Modified: branches/samba/lenny/source/winbindd/idmap_tdb2.c
===================================================================
--- branches/samba/lenny/source/winbindd/idmap_tdb2.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/winbindd/idmap_tdb2.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -68,7 +68,7 @@
 		return NT_STATUS_OK;
 	}
 
-	db_path = lock_path("idmap2_cache.tdb");
+	db_path = cache_path("idmap2_cache.tdb");
 
 	/* Open idmap repository */
 	if (!(idmap_tdb2_tmp = tdb_open_log(db_path, 0, TDB_CLEAR_IF_FIRST, O_RDWR|O_CREAT, 0644))) {

Modified: branches/samba/lenny/source/winbindd/winbindd.c
===================================================================
--- branches/samba/lenny/source/winbindd/winbindd.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/winbindd/winbindd.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -845,7 +845,8 @@
 	listen_sock = open_winbindd_socket();
 	listen_priv_sock = open_winbindd_priv_socket();
 
-	if (listen_sock == -1 || listen_priv_sock == -1) {
+	if (listen_sock < 0 || listen_sock >= FD_SETSIZE ||
+			listen_priv_sock < 0 || listen_priv_sock >= FD_SETSIZE) {
 		perror("open_winbind_socket");
 		exit(1);
 	}
@@ -866,6 +867,9 @@
 
 	maxfd = MAX(listen_sock, listen_priv_sock);
 
+	/* We check the range for listen_sock and
+	   listen_priv_sock above. */
+
 	FD_ZERO(&r_fds);
 	FD_ZERO(&w_fds);
 	FD_SET(listen_sock, &r_fds);
@@ -897,6 +901,12 @@
 	}
 
 	for (ev = fd_events; ev; ev = ev->next) {
+		if (ev->fd < 0 || ev->fd >= FD_SETSIZE) {
+			/* Ignore here - event_add_to_select_args
+			   should make this impossible. */
+			continue;
+		}
+
 		if (ev->flags & EVENT_FD_READ) {
 			FD_SET(ev->fd, &r_fds);
 			maxfd = MAX(ev->fd, maxfd);

Modified: branches/samba/lenny/source/winbindd/winbindd_cache.c
===================================================================
--- branches/samba/lenny/source/winbindd/winbindd_cache.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/winbindd/winbindd_cache.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -2333,7 +2333,7 @@
 		return true;
 
 	/* when working offline we must not clear the cache on restart */
-	wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
+	wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
 				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, 
 				lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), 
 				O_RDWR|O_CREAT, 0600);
@@ -2376,9 +2376,9 @@
 		tdb_close(wcache->tdb);
 		wcache->tdb = NULL;
 
-		if (unlink(lock_path("winbindd_cache.tdb")) == -1) {
+		if (unlink(cache_path("winbindd_cache.tdb")) == -1) {
 			DEBUG(0,("initialize_winbindd_cache: unlink %s failed %s ",
-				lock_path("winbindd_cache.tdb"),
+				cache_path("winbindd_cache.tdb"),
 				strerror(errno) ));
 			return false;
 		}
@@ -2660,7 +2660,7 @@
 		return;
 
 	/* when working offline we must not clear the cache on restart */
-	wcache->tdb = tdb_open_log(lock_path("winbindd_cache.tdb"),
+	wcache->tdb = tdb_open_log(cache_path("winbindd_cache.tdb"),
 				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, 
 				lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), 
 				O_RDWR|O_CREAT, 0600);
@@ -3445,7 +3445,7 @@
 int winbindd_validate_cache(void)
 {
 	int ret = -1;
-	const char *tdb_path = lock_path("winbindd_cache.tdb");
+	const char *tdb_path = cache_path("winbindd_cache.tdb");
 	TDB_CONTEXT *tdb = NULL;
 
 	DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
@@ -3487,7 +3487,7 @@
 int winbindd_validate_cache_nobackup(void)
 {
 	int ret = -1;
-	const char *tdb_path = lock_path("winbindd_cache.tdb");
+	const char *tdb_path = cache_path("winbindd_cache.tdb");
 
 	DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
 	smb_panic_fn = validate_panic;

Modified: branches/samba/lenny/source/winbindd/winbindd_dual.c
===================================================================
--- branches/samba/lenny/source/winbindd/winbindd_dual.c	2011-07-27 06:29:42 UTC (rev 3854)
+++ branches/samba/lenny/source/winbindd/winbindd_dual.c	2011-07-27 07:08:47 UTC (rev 3855)
@@ -1009,6 +1009,12 @@
 		return False;
 	}
 
+	if (fdpair[0] < 0 || fdpair[0] >= FD_SETSIZE) {
+		DEBUG(0, ("fork_domain_child: bad fd range (%d)\n", fdpair[0]));
+		errno = EBADF;
+		return False;
+	}
+
 	ZERO_STRUCT(state);
 	state.pid = sys_getpid();
 
@@ -1173,6 +1179,7 @@
 		message_dispatch(winbind_messaging_context());
 
 		FD_ZERO(&read_fds);
+		/* We check state.sock against FD_SETSIZE above. */
 		FD_SET(state.sock, &read_fds);
 
 		ret = sys_select(state.sock + 1, &read_fds, NULL, NULL, tp);





More information about the Pkg-samba-maint mailing list