--- /dev/null
+From 77942b3569d379a097b2f7c58203d0379fd80ddc Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Mon, 16 Dec 2013 12:57:20 +0100
+Subject: [PATCH 1/6] s3-lib: Add winbind_lookup_usersids().
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+---
+ source3/lib/winbind_util.c | 34 ++++++++++++++++++++++++++++++++++
+ source3/lib/winbind_util.h | 4 ++++
+ 2 files changed, 38 insertions(+)
+
+diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
+index f30bcfc..758fe73 100644
+--- a/source3/lib/winbind_util.c
++++ b/source3/lib/winbind_util.c
+@@ -342,6 +342,40 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
+ return true;
+ }
+
++bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
++ const struct dom_sid *user_sid,
++ uint32_t *p_num_sids,
++ struct dom_sid **p_sids)
++{
++ wbcErr ret;
++ struct wbcDomainSid dom_sid;
++ struct wbcDomainSid *sid_list = NULL;
++ uint32_t num_sids;
++
++ memcpy(&dom_sid, user_sid, sizeof(dom_sid));
++
++ ret = wbcLookupUserSids(&dom_sid,
++ false,
++ &num_sids,
++ &sid_list);
++ if (ret != WBC_ERR_SUCCESS) {
++ return false;
++ }
++
++ *p_sids = talloc_array(mem_ctx, struct dom_sid, num_sids);
++ if (*p_sids == NULL) {
++ wbcFreeMemory(sid_list);
++ return false;
++ }
++
++ memcpy(*p_sids, sid_list, sizeof(dom_sid) * num_sids);
++
++ *p_num_sids = num_sids;
++ wbcFreeMemory(sid_list);
++
++ return true;
++}
++
+ #else /* WITH_WINBIND */
+
+ struct passwd * winbind_getpwnam(const char * name)
+diff --git a/source3/lib/winbind_util.h b/source3/lib/winbind_util.h
+index 541bb95..abbc5a9 100644
+--- a/source3/lib/winbind_util.h
++++ b/source3/lib/winbind_util.h
+@@ -58,5 +58,9 @@ bool winbind_get_sid_aliases(TALLOC_CTX *mem_ctx,
+ size_t num_members,
+ uint32_t **pp_alias_rids,
+ size_t *p_num_alias_rids);
++bool winbind_lookup_usersids(TALLOC_CTX *mem_ctx,
++ const struct dom_sid *user_sid,
++ uint32_t *p_num_sids,
++ struct dom_sid **p_sids);
+
+ #endif /* __LIB__WINBIND_UTIL_H__ */
+--
+1.8.5.3
+
+
+From a776571e344110b89340f5008bed869763aa4dff Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 13 Dec 2013 19:08:34 +0100
+Subject: [PATCH 2/6] s3-auth: Add passwd_to_SamInfo3().
+
+First this function tries to contacts winbind if the user is a domain
+user to get valid information about it. If winbind isn't running it will
+try to create everything from the passwd struct. This is not always
+reliable but works in most cases. It improves the current situation
+which doesn't talk to winbind at all.
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+---
+ source3/auth/proto.h | 4 ++
+ source3/auth/server_info.c | 116 +++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 120 insertions(+)
+
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index 3d1fa06..c5a9647 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -225,6 +225,10 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
+ const char *login_server,
+ struct netr_SamInfo3 **_info3,
+ struct extra_auth_info *extra);
++NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct netr_SamInfo3 **pinfo3);
+ struct netr_SamInfo3 *copy_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+ struct netr_SamInfo3 *orig);
+ struct netr_SamInfo3 *wbcAuthUserInfo_to_netr_SamInfo3(TALLOC_CTX *mem_ctx,
+diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
+index 90b3ed6..32ffd3a 100644
+--- a/source3/auth/server_info.c
++++ b/source3/auth/server_info.c
+@@ -24,6 +24,7 @@
+ #include "../libcli/security/security.h"
+ #include "rpc_client/util_netlogon.h"
+ #include "nsswitch/libwbclient/wbclient.h"
++#include "lib/winbind_util.h"
+ #include "passdb.h"
+
+ #undef DBGC_CLASS
+@@ -476,6 +477,121 @@ NTSTATUS samu_to_SamInfo3(TALLOC_CTX *mem_ctx,
+ return NT_STATUS_OK;
+ }
+
++NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct netr_SamInfo3 **pinfo3)
++{
++ struct netr_SamInfo3 *info3;
++ NTSTATUS status;
++ TALLOC_CTX *tmp_ctx;
++ const char *domain_name = NULL;
++ const char *user_name = NULL;
++ struct dom_sid domain_sid;
++ struct dom_sid user_sid;
++ struct dom_sid group_sid;
++ enum lsa_SidType type;
++ uint32_t num_sids = 0;
++ struct dom_sid *user_sids = NULL;
++ bool ok;
++
++ tmp_ctx = talloc_stackframe();
++
++ ok = lookup_name_smbconf(tmp_ctx,
++ unix_username,
++ LOOKUP_NAME_ALL,
++ &domain_name,
++ &user_name,
++ &user_sid,
++ &type);
++ if (!ok) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
++
++ if (type != SID_NAME_USER) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
++
++ ok = winbind_lookup_usersids(tmp_ctx,
++ &user_sid,
++ &num_sids,
++ &user_sids);
++ /* Check if winbind is running */
++ if (ok) {
++ /*
++ * Winbind is running and the first element of the user_sids
++ * is the primary group.
++ */
++ if (num_sids > 0) {
++ group_sid = user_sids[0];
++ }
++ } else {
++ /*
++ * Winbind is not running, create the group_sid from the
++ * group id.
++ */
++ gid_to_sid(&group_sid, pwd->pw_gid);
++ }
++
++ /* Make sure we have a valid group sid */
++ ok = !is_null_sid(&group_sid);
++ if (!ok) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
++
++ /* Construct a netr_SamInfo3 from the information we have */
++ info3 = talloc_zero(tmp_ctx, struct netr_SamInfo3);
++ if (!info3) {
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
++ }
++
++ info3->base.account_name.string = talloc_strdup(info3, unix_username);
++ if (info3->base.account_name.string == NULL) {
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
++ }
++
++ ZERO_STRUCT(domain_sid);
++
++ sid_copy(&domain_sid, &user_sid);
++ sid_split_rid(&domain_sid, &info3->base.rid);
++ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
++
++ ok = sid_peek_check_rid(&domain_sid, &group_sid,
++ &info3->base.primary_gid);
++ if (!ok) {
++ DEBUG(1, ("The primary group domain sid(%s) does not "
++ "match the domain sid(%s) for %s(%s)\n",
++ sid_string_dbg(&group_sid),
++ sid_string_dbg(&domain_sid),
++ unix_username,
++ sid_string_dbg(&user_sid)));
++ status = NT_STATUS_INVALID_SID;
++ goto done;
++ }
++
++ info3->base.acct_flags = ACB_NORMAL;
++
++ if (num_sids) {
++ status = group_sids_to_info3(info3, user_sids, num_sids);
++ if (!NT_STATUS_IS_OK(status)) {
++ goto done;
++ }
++ }
++
++ *pinfo3 = talloc_steal(mem_ctx, info3);
++
++ status = NT_STATUS_OK;
++done:
++ talloc_free(tmp_ctx);
++
++ return status;
++}
++
+ #undef RET_NOMEM
+
+ #define RET_NOMEM(ptr) do { \
+--
+1.8.5.3
+
+
+From de5914820e7e8665036411061911a9a5ed06a673 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 13 Dec 2013 19:11:01 +0100
+Subject: [PATCH 3/6] s3-auth: Pass talloc context to make_server_info_pw().
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+---
+ source3/auth/auth_server.c | 5 ++++-
+ source3/auth/auth_unix.c | 7 +++++--
+ source3/auth/auth_util.c | 51 ++++++++++++++++++++++++++--------------------
+ source3/auth/proto.h | 9 ++++----
+ source3/auth/user_krb5.c | 2 +-
+ 5 files changed, 44 insertions(+), 30 deletions(-)
+
+diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
+index fdd7671..969caad 100644
+--- a/source3/auth/auth_server.c
++++ b/source3/auth/auth_server.c
+@@ -448,7 +448,10 @@ use this machine as the password server.\n"));
+ if ( (pass = smb_getpwnam(talloc_tos(), user_info->mapped.account_name,
+ &real_username, True )) != NULL )
+ {
+- nt_status = make_server_info_pw(server_info, pass->pw_name, pass);
++ nt_status = make_server_info_pw(mem_ctx,
++ pass->pw_name,
++ pass,
++ server_info);
+ TALLOC_FREE(pass);
+ TALLOC_FREE(real_username);
+ }
+diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
+index 086c39e..d6ef547 100644
+--- a/source3/auth/auth_unix.c
++++ b/source3/auth/auth_unix.c
+@@ -56,8 +56,11 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
+ unbecome_root();
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+- if (pass) {
+- make_server_info_pw(server_info, pass->pw_name, pass);
++ if (pass != NULL) {
++ nt_status = make_server_info_pw(mem_ctx,
++ pass->pw_name,
++ pass,
++ server_info);
+ } else {
+ /* we need to do somthing more useful here */
+ nt_status = NT_STATUS_NO_SUCH_USER;
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index 288f461..3aa229d 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -555,14 +555,15 @@ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
+ to a struct samu
+ ***************************************************************************/
+
+-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+- char *unix_username,
+- struct passwd *pwd)
++NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct auth_serversupplied_info **server_info)
+ {
+ NTSTATUS status;
+ struct samu *sampass = NULL;
+ char *qualified_name = NULL;
+- TALLOC_CTX *mem_ctx = NULL;
++ TALLOC_CTX *tmp_ctx;
+ struct dom_sid u_sid;
+ enum lsa_SidType type;
+ struct auth_serversupplied_info *result;
+@@ -580,27 +581,27 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+ * plaintext passwords were used with no SAM backend.
+ */
+
+- mem_ctx = talloc_init("make_server_info_pw_tmp");
+- if (!mem_ctx) {
++ tmp_ctx = talloc_stackframe();
++ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- qualified_name = talloc_asprintf(mem_ctx, "%s\\%s",
++ qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
+ unix_users_domain_name(),
+ unix_username );
+ if (!qualified_name) {
+- TALLOC_FREE(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- if (!lookup_name(mem_ctx, qualified_name, LOOKUP_NAME_ALL,
++ if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
+ NULL, NULL,
+ &u_sid, &type)) {
+- TALLOC_FREE(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+- TALLOC_FREE(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+
+ if (type != SID_NAME_USER) {
+ return NT_STATUS_NO_SUCH_USER;
+@@ -623,7 +624,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+ /* set the user sid to be the calculated u_sid */
+ pdb_set_user_sid(sampass, &u_sid, PDB_SET);
+
+- result = make_server_info(NULL);
++ result = make_server_info(mem_ctx);
+ if (result == NULL) {
+ TALLOC_FREE(sampass);
+ return NT_STATUS_NO_MEMORY;
+@@ -908,37 +909,43 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
+ {
+ struct auth_serversupplied_info *result;
+ struct passwd *pwd;
++ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+
+- pwd = Get_Pwnam_alloc(talloc_tos(), username);
+- if (pwd == NULL) {
+- return NT_STATUS_NO_SUCH_USER;
++ tmp_ctx = talloc_stackframe();
++ if (tmp_ctx == NULL) {
++ return NT_STATUS_NO_MEMORY;
+ }
+
+- status = make_server_info_pw(&result, pwd->pw_name, pwd);
+-
+- TALLOC_FREE(pwd);
++ pwd = Get_Pwnam_alloc(tmp_ctx, username);
++ if (pwd == NULL) {
++ status = NT_STATUS_NO_SUCH_USER;
++ goto done;
++ }
+
++ status = make_server_info_pw(tmp_ctx, pwd->pw_name, pwd, &result);
+ if (!NT_STATUS_IS_OK(status)) {
+- return status;
++ goto done;
+ }
+
+ result->nss_token = true;
+ result->guest = is_guest;
+
+ if (use_guest_token) {
+- status = make_server_info_guest(mem_ctx, &result);
++ status = make_server_info_guest(tmp_ctx, &result);
+ } else {
+ status = create_local_token(result);
+ }
+
++ *presult = talloc_steal(mem_ctx, result);
++done:
++ talloc_free(tmp_ctx);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(result);
+ return status;
+ }
+
+- *presult = talloc_steal(mem_ctx, result);
+- return NT_STATUS_OK;
++ return status;
+ }
+
+
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index c5a9647..50a27cf 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -144,14 +144,15 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
+ bool user_in_group_sid(const char *username, const struct dom_sid *group_sid);
+ bool user_in_group(const char *username, const char *groupname);
+ struct passwd;
+-NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
+- char *unix_username,
+- struct passwd *pwd);
++NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
++ const char *unix_username,
++ const struct passwd *pwd,
++ struct auth_serversupplied_info **server_info);
+ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
+ const char *username,
+ bool use_guest_token,
+ bool is_guest,
+- struct auth_serversupplied_info **presult);
++ struct auth_serversupplied_info **session_info);
+ struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
+ const struct auth_serversupplied_info *src);
+ bool init_guest_info(void);
+diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
+index e52149a..1214b45 100644
+--- a/source3/auth/user_krb5.c
++++ b/source3/auth/user_krb5.c
+@@ -238,7 +238,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ */
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", username));
+- status = make_server_info_pw(&tmp, username, pw);
++ status = make_server_info_pw(mem_ctx, username, pw, &tmp);
+ }
+ TALLOC_FREE(sampass);
+
+--
+1.8.5.3
+
+
+From 840b5b996a719922a1fdaa5ee2188a4d4c60f345 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Fri, 13 Dec 2013 19:19:02 +0100
+Subject: [PATCH 4/6] s3-auth: Use passwd_to_SamInfo3().
+
+Correctly lookup users which come from smb.conf. passwd_to_SamInfo3()
+tries to contact winbind if the user is a domain user to get
+valid information about it. If winbind isn't running it will try to
+create everything from the passwd struct. This is not always reliable
+but works in most cases. It improves the current situation which doesn't
+talk to winbind at all.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
+
+Pair-Programmed-With: Guenther Deschner <gd@samba.org>
+Signed-off-by: Andreas Schneider <asn@samba.org>
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
+Autobuild-Date(master): Wed Feb 5 01:40:38 CET 2014 on sn-devel-104
+---
+ source3/auth/auth_util.c | 91 +++++++++-------------------------------------
+ source3/auth/server_info.c | 22 ++++++++++-
+ 2 files changed, 37 insertions(+), 76 deletions(-)
+
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index 3aa229d..5ffdb25f 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -561,100 +561,43 @@ NTSTATUS make_server_info_pw(TALLOC_CTX *mem_ctx,
+ struct auth_serversupplied_info **server_info)
+ {
+ NTSTATUS status;
+- struct samu *sampass = NULL;
+- char *qualified_name = NULL;
+- TALLOC_CTX *tmp_ctx;
+- struct dom_sid u_sid;
+- enum lsa_SidType type;
++ TALLOC_CTX *tmp_ctx = NULL;
+ struct auth_serversupplied_info *result;
+
+- /*
+- * The SID returned in server_info->sam_account is based
+- * on our SAM sid even though for a pure UNIX account this should
+- * not be the case as it doesn't really exist in the SAM db.
+- * This causes lookups on "[in]valid users" to fail as they
+- * will lookup this name as a "Unix User" SID to check against
+- * the user token. Fix this by adding the "Unix User"\unix_username
+- * SID to the sid array. The correct fix should probably be
+- * changing the server_info->sam_account user SID to be a
+- * S-1-22 Unix SID, but this might break old configs where
+- * plaintext passwords were used with no SAM backend.
+- */
+-
+ tmp_ctx = talloc_stackframe();
+ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- qualified_name = talloc_asprintf(tmp_ctx, "%s\\%s",
+- unix_users_domain_name(),
+- unix_username );
+- if (!qualified_name) {
+- TALLOC_FREE(tmp_ctx);
+- return NT_STATUS_NO_MEMORY;
+- }
+-
+- if (!lookup_name(tmp_ctx, qualified_name, LOOKUP_NAME_ALL,
+- NULL, NULL,
+- &u_sid, &type)) {
+- TALLOC_FREE(tmp_ctx);
+- return NT_STATUS_NO_SUCH_USER;
+- }
+-
+- TALLOC_FREE(tmp_ctx);
+-
+- if (type != SID_NAME_USER) {
+- return NT_STATUS_NO_SUCH_USER;
+- }
+-
+- if ( !(sampass = samu_new( NULL )) ) {
+- return NT_STATUS_NO_MEMORY;
+- }
+-
+- status = samu_set_unix( sampass, pwd );
+- if (!NT_STATUS_IS_OK(status)) {
+- return status;
+- }
+-
+- /* In pathological cases the above call can set the account
+- * name to the DOMAIN\username form. Reset the account name
+- * using unix_username */
+- pdb_set_username(sampass, unix_username, PDB_SET);
+-
+- /* set the user sid to be the calculated u_sid */
+- pdb_set_user_sid(sampass, &u_sid, PDB_SET);
+-
+- result = make_server_info(mem_ctx);
++ result = make_server_info(tmp_ctx);
+ if (result == NULL) {
+- TALLOC_FREE(sampass);
+- return NT_STATUS_NO_MEMORY;
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
+ }
+
+- status = samu_to_SamInfo3(result, sampass, global_myname(),
+- &result->info3, &result->extra);
+- TALLOC_FREE(sampass);
++ status = passwd_to_SamInfo3(result,
++ unix_username,
++ pwd,
++ &result->info3);
+ if (!NT_STATUS_IS_OK(status)) {
+- DEBUG(10, ("Failed to convert samu to info3: %s\n",
+- nt_errstr(status)));
+- TALLOC_FREE(result);
+- return status;
++ goto done;
+ }
+
+ result->unix_name = talloc_strdup(result, unix_username);
+- result->sanitized_username = sanitize_username(result, unix_username);
+-
+- if ((result->unix_name == NULL)
+- || (result->sanitized_username == NULL)) {
+- TALLOC_FREE(result);
+- return NT_STATUS_NO_MEMORY;
++ if (result->unix_name == NULL) {
++ status = NT_STATUS_NO_MEMORY;
++ goto done;
+ }
+
+ result->utok.uid = pwd->pw_uid;
+ result->utok.gid = pwd->pw_gid;
+
+- *server_info = result;
++ *server_info = talloc_steal(mem_ctx, result);
++ status = NT_STATUS_OK;
++done:
++ talloc_free(tmp_ctx);
+
+- return NT_STATUS_OK;
++ return status;
+ }
+
+ static NTSTATUS get_system_info3(TALLOC_CTX *mem_ctx,
+diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
+index 32ffd3a..077bb6b 100644
+--- a/source3/auth/server_info.c
++++ b/source3/auth/server_info.c
+@@ -529,10 +529,28 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
+ }
+ } else {
+ /*
+- * Winbind is not running, create the group_sid from the
+- * group id.
++ * Winbind is not running, try to create the group_sid from the
++ * passwd group id.
++ */
++
++ /*
++ * This can lead to a primary group of S-1-22-2-XX which
++ * will be rejected by other Samba code.
+ */
+ gid_to_sid(&group_sid, pwd->pw_gid);
++
++ ZERO_STRUCT(domain_sid);
++
++ /*
++ * If we are a unix group, set the group_sid to the
++ * 'Domain Users' RID of 513 which will always resolve to a
++ * name.
++ */
++ if (sid_check_is_in_unix_groups(&group_sid)) {
++ sid_compose(&group_sid,
++ get_global_sam_sid(),
++ DOMAIN_RID_USERS);
++ }
+ }
+
+ /* Make sure we have a valid group sid */
+--
+1.8.5.3
+
+
+From 7d8da06b8966cfb45ede48ce2be0754fd592ff62 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 18 Feb 2014 10:02:57 +0100
+Subject: [PATCH 5/6] s3-auth: Pass mem_ctx to make_server_info_sam().
+
+Coverity-Id: 1168009
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+
+Change-Id: Ie614b0654c3a7eec1ebb10dbb9763696eec795bd
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+(cherry picked from commit 3dc72266005e87a291f5bf9847257e8c54314d39)
+---
+ source3/auth/check_samsec.c | 2 +-
+ source3/auth/proto.h | 5 ++--
+ source3/auth/server_info_sam.c | 63 +++++++++++++++++++++++++-----------------
+ source3/auth/user_krb5.c | 12 ++++----
+ 4 files changed, 49 insertions(+), 33 deletions(-)
+
+diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
+index f918dc0..ed30e0d 100644
+--- a/source3/auth/check_samsec.c
++++ b/source3/auth/check_samsec.c
+@@ -482,7 +482,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
+ }
+
+ become_root();
+- nt_status = make_server_info_sam(server_info, sampass);
++ nt_status = make_server_info_sam(mem_ctx, sampass, server_info);
+ unbecome_root();
+
+ TALLOC_FREE(sampass);
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index 50a27cf..e6830aa 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -133,8 +133,9 @@ NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
+ DATA_BLOB lm_resp, DATA_BLOB nt_resp);
+ bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+ struct samu;
+-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
+- struct samu *sampass);
++NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
++ struct samu *sampass,
++ struct auth_serversupplied_info **pserver_info);
+ NTSTATUS create_local_token(struct auth_serversupplied_info *server_info);
+ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
+ bool is_guest,
+diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c
+index 31fd9f9..aed70fa 100644
+--- a/source3/auth/server_info_sam.c
++++ b/source3/auth/server_info_sam.c
+@@ -58,45 +58,54 @@ static bool is_our_machine_account(const char *username)
+ Make (and fill) a user_info struct from a struct samu
+ ***************************************************************************/
+
+-NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
+- struct samu *sampass)
++NTSTATUS make_server_info_sam(TALLOC_CTX *mem_ctx,
++ struct samu *sampass,
++ struct auth_serversupplied_info **pserver_info)
+ {
+ struct passwd *pwd;
+- struct auth_serversupplied_info *result;
++ struct auth_serversupplied_info *server_info;
+ const char *username = pdb_get_username(sampass);
++ TALLOC_CTX *tmp_ctx;
+ NTSTATUS status;
+
+- if ( !(result = make_server_info(NULL)) ) {
++ tmp_ctx = talloc_stackframe();
++ if (tmp_ctx == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- if ( !(pwd = Get_Pwnam_alloc(result, username)) ) {
++ server_info = make_server_info(tmp_ctx);
++ if (server_info == NULL) {
++ status = NT_STATUS_NO_MEMORY;
++ goto out;
++ }
++
++ pwd = Get_Pwnam_alloc(tmp_ctx, username);
++ if (pwd == NULL) {
+ DEBUG(1, ("User %s in passdb, but getpwnam() fails!\n",
+ pdb_get_username(sampass)));
+- TALLOC_FREE(result);
+- return NT_STATUS_NO_SUCH_USER;
++ status = NT_STATUS_NO_SUCH_USER;
++ goto out;
+ }
+
+- status = samu_to_SamInfo3(result, sampass, global_myname(),
+- &result->info3, &result->extra);
++ status = samu_to_SamInfo3(server_info,
++ sampass,
++ global_myname(),
++ &server_info->info3,
++ &server_info->extra);
+ if (!NT_STATUS_IS_OK(status)) {
+- TALLOC_FREE(result);
+- return status;
++ goto out;
+ }
+
+- result->unix_name = pwd->pw_name;
+- /* Ensure that we keep pwd->pw_name, because we will free pwd below */
+- talloc_steal(result, pwd->pw_name);
+- result->utok.gid = pwd->pw_gid;
+- result->utok.uid = pwd->pw_uid;
++ server_info->unix_name = talloc_steal(server_info, pwd->pw_name);
+
+- TALLOC_FREE(pwd);
++ server_info->utok.gid = pwd->pw_gid;
++ server_info->utok.uid = pwd->pw_uid;
+
+- result->sanitized_username = sanitize_username(result,
+- result->unix_name);
+- if (result->sanitized_username == NULL) {
+- TALLOC_FREE(result);
+- return NT_STATUS_NO_MEMORY;
++ server_info->sanitized_username = sanitize_username(server_info,
++ server_info->unix_name);
++ if (server_info->sanitized_username == NULL) {
++ status = NT_STATUS_NO_MEMORY;
++ goto out;
+ }
+
+ if (IS_DC && is_our_machine_account(username)) {
+@@ -117,9 +126,13 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
+ }
+
+ DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
+- pdb_get_username(sampass), result->unix_name));
++ pdb_get_username(sampass), server_info->unix_name));
++
++ *pserver_info = talloc_steal(mem_ctx, server_info);
+
+- *server_info = result;
++ status = NT_STATUS_OK;
++out:
++ talloc_free(tmp_ctx);
+
+- return NT_STATUS_OK;
++ return status;
+ }
+diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
+index 1214b45..1441f88 100644
+--- a/source3/auth/user_krb5.c
++++ b/source3/auth/user_krb5.c
+@@ -219,9 +219,6 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ * SID consistency with ntlmssp session setup
+ */
+ struct samu *sampass;
+- /* The stupid make_server_info_XX functions here
+- don't take a talloc context. */
+- struct auth_serversupplied_info *tmp = NULL;
+
+ sampass = samu_new(talloc_tos());
+ if (sampass == NULL) {
+@@ -231,14 +228,19 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ if (pdb_getsampwnam(sampass, username)) {
+ DEBUG(10, ("found user %s in passdb, calling "
+ "make_server_info_sam\n", username));
+- status = make_server_info_sam(&tmp, sampass);
++ status = make_server_info_sam(mem_ctx,
++ sampass,
++ &server_info);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+ */
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", username));
+- status = make_server_info_pw(mem_ctx, username, pw, &tmp);
++ status = make_server_info_pw(mem_ctx,
++ username,
++ pw,
++ &server_info);
+ }
+ TALLOC_FREE(sampass);
+
+--
+1.8.5.3
+
+
+From 77c2d6c08ab3f3894a225a306dbc87f5575a1902 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Tue, 18 Feb 2014 10:19:57 +0100
+Subject: [PATCH 6/6] s3-auth: Pass mem_ctx to auth_check_ntlm_password().
+
+Coverity-Id: 1168009
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=8598
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+
+Change-Id: Ie01674561a6a75239a13918d3190c2f21c3efc7a
+Reviewed-by: Andrew Bartlett <abartlet@samba.org>
+
+(cherry picked from commit 4d792db03f18aa164b565c7fdc7b446c174fba28)
+---
+ source3/auth/auth.c | 51 ++++++++++++++++++-----------
+ source3/auth/auth_compat.c | 19 ++++++++---
+ source3/auth/auth_ntlmssp.c | 6 ++--
+ source3/auth/proto.h | 3 +-
+ source3/auth/user_krb5.c | 7 ++--
+ source3/include/auth.h | 3 +-
+ source3/rpc_server/netlogon/srv_netlog_nt.c | 6 ++--
+ source3/smbd/sesssetup.c | 16 +++++----
+ 8 files changed, 69 insertions(+), 42 deletions(-)
+
+diff --git a/source3/auth/auth.c b/source3/auth/auth.c
+index dbe337f..17431b8 100644
+--- a/source3/auth/auth.c
++++ b/source3/auth/auth.c
+@@ -201,19 +201,19 @@ static bool check_domain_match(const char *user, const char *domain)
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+-
+-static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
+- const struct auth_usersupplied_info *user_info,
+- struct auth_serversupplied_info **server_info)
++static NTSTATUS check_ntlm_password(TALLOC_CTX *mem_ctx,
++ const struct auth_context *auth_context,
++ const struct auth_usersupplied_info *user_info,
++ struct auth_serversupplied_info **pserver_info)
+ {
+ /* if all the modules say 'not for me' this is reasonable */
+ NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
+ const char *unix_username;
+ auth_methods *auth_method;
+- TALLOC_CTX *mem_ctx;
+
+- if (!user_info || !auth_context || !server_info)
++ if (user_info == NULL || auth_context == NULL || pserver_info == NULL) {
+ return NT_STATUS_LOGON_FAILURE;
++ }
+
+ DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
+ user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
+@@ -247,17 +247,27 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
+ return NT_STATUS_LOGON_FAILURE;
+
+ for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
++ struct auth_serversupplied_info *server_info;
++ TALLOC_CTX *tmp_ctx;
+ NTSTATUS result;
+
+- mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
+- user_info->mapped.domain_name, user_info->client.account_name);
++ tmp_ctx = talloc_named(mem_ctx,
++ 0,
++ "%s authentication for user %s\\%s",
++ auth_method->name,
++ user_info->mapped.domain_name,
++ user_info->client.account_name);
+
+- result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
++ result = auth_method->auth(auth_context,
++ auth_method->private_data,
++ tmp_ctx,
++ user_info,
++ &server_info);
+
+ /* check if the module did anything */
+ if ( NT_STATUS_V(result) == NT_STATUS_V(NT_STATUS_NOT_IMPLEMENTED) ) {
+ DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name));
+- talloc_destroy(mem_ctx);
++ TALLOC_FREE(tmp_ctx);
+ continue;
+ }
+
+@@ -271,19 +281,20 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
+ auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
+ }
+
+- talloc_destroy(mem_ctx);
+-
+- if ( NT_STATUS_IS_OK(nt_status))
+- {
+- break;
++ if (NT_STATUS_IS_OK(nt_status)) {
++ *pserver_info = talloc_steal(mem_ctx, server_info);
++ TALLOC_FREE(tmp_ctx);
++ break;
+ }
++
++ TALLOC_FREE(tmp_ctx);
+ }
+
+ /* successful authentication */
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+- unix_username = (*server_info)->unix_name;
+- if (!(*server_info)->guest) {
++ unix_username = (*pserver_info)->unix_name;
++ if (!(*pserver_info)->guest) {
+ /* We might not be root if we are an RPC call */
+ become_root();
+ nt_status = smb_pam_accountcheck(
+@@ -301,9 +312,9 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
+ }
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+- DEBUG((*server_info)->guest ? 5 : 2,
++ DEBUG((*pserver_info)->guest ? 5 : 2,
+ ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
+- (*server_info)->guest ? "guest " : "",
++ (*pserver_info)->guest ? "guest " : "",
+ user_info->client.account_name,
+ user_info->mapped.account_name,
+ unix_username));
+@@ -317,7 +328,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
+ DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
+ user_info->client.account_name, user_info->mapped.account_name,
+ nt_errstr(nt_status)));
+- ZERO_STRUCTP(server_info);
++ ZERO_STRUCTP(pserver_info);
+
+ return nt_status;
+ }
+diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
+index 0ae712a..d51c96f 100644
+--- a/source3/auth/auth_compat.c
++++ b/source3/auth/auth_compat.c
+@@ -35,7 +35,8 @@ check if a username/password is OK assuming the password is in plaintext
+ return True if the password is correct, False otherwise
+ ****************************************************************************/
+
+-NTSTATUS check_plaintext_password(const char *smb_name,
++NTSTATUS check_plaintext_password(TALLOC_CTX *mem_ctx,
++ const char *smb_name,
+ DATA_BLOB plaintext_blob,
+ struct auth_serversupplied_info **server_info)
+ {
+@@ -59,8 +60,10 @@ NTSTATUS check_plaintext_password(const char *smb_name,
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context,
+- user_info, server_info);
++ nt_status = plaintext_auth_context->check_ntlm_password(mem_ctx,
++ plaintext_auth_context,
++ user_info,
++ server_info);
+
+ TALLOC_FREE(plaintext_auth_context);
+ free_user_info(&user_info);
+@@ -84,7 +87,10 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
+ domain,
+ lm_pwd,
+ nt_pwd);
+- nt_status = actx->check_ntlm_password(actx, user_info, &server_info);
++ nt_status = actx->check_ntlm_password(talloc_tos(),
++ actx,
++ user_info,
++ &server_info);
+ free_user_info(&user_info);
+ TALLOC_FREE(server_info);
+ return nt_status;
+@@ -127,7 +133,10 @@ bool password_ok(struct auth_context *actx, bool global_encrypted,
+ }
+ } else {
+ struct auth_serversupplied_info *server_info = NULL;
+- NTSTATUS nt_status = check_plaintext_password(smb_name, password_blob, &server_info);
++ NTSTATUS nt_status = check_plaintext_password(talloc_tos(),
++ smb_name,
++ password_blob,
++ &server_info);
+ TALLOC_FREE(server_info);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ return True;
+diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
+index ae29c30..097501c 100644
+--- a/source3/auth/auth_ntlmssp.c
++++ b/source3/auth/auth_ntlmssp.c
+@@ -143,8 +143,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
+
+ user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+
+- nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state->auth_context,
+- user_info, &auth_ntlmssp_state->server_info);
++ nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(mem_ctx,
++ auth_ntlmssp_state->auth_context,
++ user_info,
++ &auth_ntlmssp_state->server_info);
+
+ username_was_mapped = user_info->was_mapped;
+
+diff --git a/source3/auth/proto.h b/source3/auth/proto.h
+index e6830aa..fccabc4 100644
+--- a/source3/auth/proto.h
++++ b/source3/auth/proto.h
+@@ -50,7 +50,8 @@ NTSTATUS auth_builtin_init(void);
+
+ /* The following definitions come from auth/auth_compat.c */
+
+-NTSTATUS check_plaintext_password(const char *smb_name,
++NTSTATUS check_plaintext_password(TALLOC_CTX *mem_ctx,
++ const char *smb_name,
+ DATA_BLOB plaintext_password,
+ struct auth_serversupplied_info **server_info);
+ bool password_ok(struct auth_context *actx, bool global_encrypted,
+diff --git a/source3/auth/user_krb5.c b/source3/auth/user_krb5.c
+index 1441f88..1e5254e 100644
+--- a/source3/auth/user_krb5.c
++++ b/source3/auth/user_krb5.c
+@@ -230,7 +230,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ "make_server_info_sam\n", username));
+ status = make_server_info_sam(mem_ctx,
+ sampass,
+- &server_info);
++ server_info);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+@@ -240,7 +240,7 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ status = make_server_info_pw(mem_ctx,
+ username,
+ pw,
+- &server_info);
++ server_info);
+ }
+ TALLOC_FREE(sampass);
+
+@@ -250,9 +250,6 @@ NTSTATUS make_server_info_krb5(TALLOC_CTX *mem_ctx,
+ return status;
+ }
+
+- /* Steal tmp server info into the server_info pointer. */
+- *server_info = talloc_move(mem_ctx, &tmp);
+-
+ /* make_server_info_pw does not set the domain. Without this
+ * we end up with the local netbios name in substitutions for
+ * %D. */
+diff --git a/source3/include/auth.h b/source3/include/auth.h
+index c017da9..b0ac11a 100644
+--- a/source3/include/auth.h
++++ b/source3/include/auth.h
+@@ -89,7 +89,8 @@ struct auth_context {
+
+ NTSTATUS (*get_ntlm_challenge)(struct auth_context *auth_context,
+ uint8_t chal[8]);
+- NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context,
++ NTSTATUS (*check_ntlm_password)(TALLOC_CTX *mem_ctx,
++ const struct auth_context *auth_context,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info);
+ NTSTATUS (*nt_status_squash)(NTSTATUS nt_status);
+diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
+index 3fd93bc..1cf04df 100644
+--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
++++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
+@@ -1563,8 +1563,10 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
+ } /* end switch */
+
+ if ( NT_STATUS_IS_OK(status) ) {
+- status = auth_context->check_ntlm_password(auth_context,
+- user_info, &server_info);
++ status = auth_context->check_ntlm_password(p->mem_ctx,
++ auth_context,
++ user_info,
++ &server_info);
+ }
+
+ TALLOC_FREE(auth_context);
+diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
+index 75c2a15..2a40e1b 100644
+--- a/source3/smbd/sesssetup.c
++++ b/source3/smbd/sesssetup.c
+@@ -140,7 +140,8 @@ static void reply_sesssetup_blob(struct smb_request *req,
+ Do a 'guest' logon, getting back the
+ ****************************************************************************/
+
+-static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_info)
++static NTSTATUS check_guest_password(TALLOC_CTX *mem_ctx,
++ struct auth_serversupplied_info **server_info)
+ {
+ struct auth_context *auth_context;
+ struct auth_usersupplied_info *user_info = NULL;
+@@ -150,7 +151,7 @@ static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_in
+
+ DEBUG(3,("Got anonymous request\n"));
+
+- nt_status = make_auth_context_fixed(talloc_tos(), &auth_context, chal);
++ nt_status = make_auth_context_fixed(mem_ctx, &auth_context, chal);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+@@ -160,9 +161,10 @@ static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_in
+ return NT_STATUS_NO_MEMORY;
+ }
+
+- nt_status = auth_context->check_ntlm_password(auth_context,
+- user_info,
+- server_info);
++ nt_status = auth_context->check_ntlm_password(mem_ctx,
++ auth_context,
++ user_info,
++ server_info);
+ TALLOC_FREE(auth_context);
+ free_user_info(&user_info);
+ return nt_status;
+@@ -1609,7 +1611,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
+
+ if (!*user) {
+
+- nt_status = check_guest_password(&server_info);
++ nt_status = check_guest_password(talloc_tos(), &server_info);
+
+ } else if (doencrypt) {
+ struct auth_context *negprot_auth_context = NULL;
+@@ -1627,6 +1629,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
+ lm_resp, nt_resp);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ nt_status = negprot_auth_context->check_ntlm_password(
++ talloc_tos(),
+ negprot_auth_context,
+ user_info,
+ &server_info);
+@@ -1651,6 +1654,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
+
+ if (NT_STATUS_IS_OK(nt_status)) {
+ nt_status = plaintext_auth_context->check_ntlm_password(
++ talloc_tos(),
+ plaintext_auth_context,
+ user_info,
+ &server_info);
+--
+1.8.5.3
+
+From f07614228629e650b0e0a27dd4d15b6e5eef5baa Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@samba.org>
+Date: Wed, 28 May 2014 15:12:29 +0200
+Subject: [PATCH 18/20] PATCHSET1: Allocate server_info on the correct memory
+ context.
+
+This fixes a talloc double free PANIC when connecting to share.
+
+Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ source3/auth/auth_ntlmssp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
+index 097501c..3c7e324 100644
+--- a/source3/auth/auth_ntlmssp.c
++++ b/source3/auth/auth_ntlmssp.c
+@@ -143,7 +143,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
+
+ user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT | MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+
+- nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(mem_ctx,
++ nt_status = auth_ntlmssp_state->auth_context->check_ntlm_password(auth_ntlmssp_state,
+ auth_ntlmssp_state->auth_context,
+ user_info,
+ &auth_ntlmssp_state->server_info);
+--
+1.9.0
+
+commit 0c6838663d42a04a80e25a8a3827710926952077
+Author: Andreas Schneider <asn@samba.org>
+AuthorDate: Wed Jul 2 16:39:22 2014 +0200
+Commit: Andreas Schneider <asn@samba.org>
+CommitDate: Wed Jul 2 16:47:43 2014 +0200
+
+ PATCHSET1 s3-auth: Do not double free the result.
+
+ Signed-off-by: Andreas Schneider <asn@samba.org>
+ Reviewed-by: Guenther Deschner <gd@samba.org>
+---
+ source3/auth/auth_util.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
+index 5ffdb25f..1f1fed9 100644
+--- a/source3/auth/auth_util.c
++++ b/source3/auth/auth_util.c
+@@ -883,10 +883,6 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
+ *presult = talloc_steal(mem_ctx, result);
+ done:
+ talloc_free(tmp_ctx);
+- if (!NT_STATUS_IS_OK(status)) {
+- TALLOC_FREE(result);
+- return status;
+- }
+
+ return status;
+ }
+commit 879e576d439fddf33ab2353b4a54ccd162020a03
+Author: Andreas Schneider <asn@samba.org>
+AuthorDate: Tue Jul 8 10:26:51 2014 +0200
+Commit: Andreas Schneider <asn@samba.org>
+CommitDate: Tue Jul 8 17:08:10 2014 +0200
+
+ PATCHSET1 s3-auth: Fix support for 'security = share' in passwd_to_SamInfo3().
+
+ Signed-off-by: Andreas Schneider <asn@samba.org>
+---
+ source3/auth/server_info.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
+index 077bb6b..e627892 100644
+--- a/source3/auth/server_info.c
++++ b/source3/auth/server_info.c
+@@ -575,9 +575,21 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
+
+ ZERO_STRUCT(domain_sid);
+
+- sid_copy(&domain_sid, &user_sid);
+- sid_split_rid(&domain_sid, &info3->base.rid);
+- info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
++ /*
++ * Check if this is a "Unix Users" domain user,
++ * we need to handle it in a special way if that's the case.
++ */
++ if (sid_check_is_in_unix_users(&user_sid)) {
++ /*
++ * In info3 you can only set rids for the user and the
++ * primary group, and the domain sid must be that of
++ * the sam domain.
++ */
++ sid_copy(&domain_sid, get_global_sam_sid());
++ } else {
++ sid_copy(&domain_sid, &user_sid);
++ sid_split_rid(&domain_sid, &info3->base.rid);
++ }
+
+ ok = sid_peek_check_rid(&domain_sid, &group_sid,
+ &info3->base.primary_gid);
+@@ -592,6 +604,7 @@ NTSTATUS passwd_to_SamInfo3(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
++ info3->base.domain_sid = dom_sid_dup(info3, &domain_sid);
+ info3->base.acct_flags = ACB_NORMAL;
+
+ if (num_sids) {