auth/auth_util.c:

- Fill in the 'backup' idea of a domain, if the DC didn't supply one.  This
   doesn't seem to occour in reality, hence why we missed the typo.

lib/charcnv.c:
lib/smbldap.c:
libads/ldap.c:
libsmb/libsmbclient.c:
printing/nt_printing.c:
 - all the callers to pull_utf8_allocate() pass a char ** as the first
   parammeter, so don't make them all cast it to a void **

nsswitch/winbind_util.c:
 - Allow for a more 'correct' view of when usernames should be qualified
   in winbindd.  If we are a PDC, or have 'winbind trusted domains only',
   then for the authentication returns stip the domain portion.
 - Fix valgrind warning about use of free()ed name when looking up our
   local domain.  lp_workgroup() is maniplated inside a procedure that
   uses it's former value.  Instead, use the fact that our local domain is
   always the first in the list.

Andrew Bartlett

source/auth/auth_util.c

@@ -1078,7 +1078,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 
 	if (!(nt_domain = unistr2_tdup(mem_ctx, &(info3->uni_logon_dom)))) {
 		/* If the server didn't give us one, just use the one we sent them */
-		domain = domain;
+		nt_domain = domain;
 	}
 	
 	/* try to fill the SAM account..  If getpwnam() fails, then try the 

source/lib/charcnv.c

@@ -1011,11 +1011,11 @@ size_t pull_utf8_talloc(TALLOC_CTX *ctx, char **dest, const char *src)
  * @returns The number of bytes occupied by the string in the destination
  **/
 
-size_t pull_utf8_allocate(void **dest, const char *src)
+size_t pull_utf8_allocate(char **dest, const char *src)
 {
 	size_t src_len = strlen(src)+1;
 	*dest = NULL;
-	return convert_string_allocate(NULL, CH_UTF8, CH_UNIX, src, src_len, dest);	
+	return convert_string_allocate(NULL, CH_UTF8, CH_UNIX, src, src_len, (void **)dest);	
 }
  
 /**

source/lib/smbldap.c

@@ -1371,7 +1371,7 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry)
 		DEBUG (5, ("smbldap_get_dn: ldap_get_dn failed\n"));
 		return NULL;
 	}
-	if (pull_utf8_allocate((void **) &unix_dn, utf8_dn) == (size_t)-1) {
+	if (pull_utf8_allocate(&unix_dn, utf8_dn) == (size_t)-1) {
 		DEBUG (0, ("smbldap_get_dn: String conversion failure utf8 [%s]\n", utf8_dn));
 		return NULL;
 	}

source/libads/ldap.c

@@ -714,7 +714,7 @@ char *ads_get_dn(ADS_STRUCT *ads, void *msg)
 		return NULL;
 	}
 
-	if (pull_utf8_allocate((void **) &unix_dn, utf8_dn) == (size_t)-1) {
+	if (pull_utf8_allocate(&unix_dn, utf8_dn) == (size_t)-1) {
 		DEBUG(0,("ads_get_dn: string conversion failure utf8 [%s]\n",
 			utf8_dn ));
 		return NULL;

source/libsmb/libsmbclient.c

@@ -144,7 +144,7 @@ decode_urlpart(char *segment, size_t sizeof_segment)
     free(new_usegment);
 
     /* realloc it with unix charset */
-    pull_utf8_allocate((void**)&new_usegment, new_segment);
+    pull_utf8_allocate(&new_usegment, new_segment);
 
     /* this assumes (very safely) that removing %aa sequences
        only shortens the string */

source/nsswitch/winbindd_util.c

@@ -53,8 +53,9 @@ struct winbindd_domain *domain_list(void)
 {
 	/* Initialise list */
 
-	if (!_domain_list)
-		init_domain_list();
+	if (!_domain_list) 
+		if (!init_domain_list()) 
+			return NULL;
 
 	return _domain_list;
 }
@@ -167,9 +168,9 @@ void rescan_trusted_domains( void )
 	if ( (now > last_scan) && ((now-last_scan) < WINBINDD_RESCAN_FREQ) )
 		return;
 		
-	/* get the handle for our domain */
+	/* get the handle for our domain (it is always the first in the list) */
 	
-	if ( (mydomain = find_domain_from_name(lp_workgroup())) == NULL ) {
+	if ( (mydomain = domain_list()) == NULL ) {
 		DEBUG(0,("rescan_trusted_domains: Can't find my own domain!\n"));
 		return;
 	}
@@ -267,7 +268,7 @@ BOOL init_domain_list(void)
 	/* Free existing list */
 	free_domain_list();
 
-	/* Add ourselves as the first entry */
+	/* Add ourselves as the first entry.  It *must* be the first entry */
 	
 	domain = add_trusted_domain( lp_workgroup(), lp_realm(), &cache_methods, NULL);
 	
@@ -292,8 +293,17 @@ BOOL init_domain_list(void)
 	return True;
 }
 
-/* Given a domain name, return the struct winbindd domain info for it 
-   if it is actually working. */
+/** 
+ * Given a domain name, return the struct winbindd domain info for it 
+ *
+ * @note Do *not* pass lp_workgroup() to this function.  domain_list
+ *       may modify it's value, and free that pointer.  Instead, our local
+ *       domain may be found by looking at the first entry in domain_list()
+ *       directly.
+ *
+ *
+ * @return The domain structure for the named domain, if it is working.
+ */
 
 struct winbindd_domain *find_domain_from_name(const char *domain_name)
 {
@@ -303,8 +313,9 @@ struct winbindd_domain *find_domain_from_name(const char *domain_name)
 
 	for (domain = domain_list(); domain != NULL; domain = domain->next) {
 		if (strequal(domain_name, domain->name) ||
-		    (domain->alt_name[0] && strequal(domain_name, domain->alt_name)))
+		    (domain->alt_name[0] && strequal(domain_name, domain->alt_name))) {
 			return domain;
+		}
 	}
 
 	/* Not found */
@@ -472,6 +483,20 @@ BOOL check_domain_env(char *domain_env, char *domain)
 	return False;
 }
 
+/* Is this a domain which we may assume no DOMAIN\ prefix? */
+
+static BOOL assume_domain(const char *domain) {
+	if ((lp_winbind_use_default_domain()  
+		  || lp_winbind_trusted_domains_only()) &&
+	    strequal(lp_workgroup(), domain)) 
+		return True;
+
+	if (strequal(get_global_sam_name(), domain)) 
+		return True;
+	
+	return False;
+}
+
 /* Parse a string of the form DOMAIN/user into a domain and a user */
 
 BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
@@ -481,10 +506,13 @@ BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
 	if ( !p ) {
 		fstrcpy(user, domuser);
 		
-		if ( lp_winbind_use_default_domain() )
+		if ( assume_domain(lp_workgroup())) {
 			fstrcpy(domain, lp_workgroup());
-		else
-			fstrcpy( domain, "" );
+		} else if (assume_domain(get_global_sam_name())) {
+			fstrcpy( domain, get_global_sam_name() ); 
+		} else {
+			fstrcpy( domain, "");
+		}
 	} 
 	else {
 		fstrcpy(user, p+1);
@@ -502,13 +530,17 @@ BOOL parse_domain_user(const char *domuser, fstring domain, fstring user)
     'winbind separator' options.
     This means:
 	- omit DOMAIN when 'winbind use default domain = true' and DOMAIN is
-	lp_workgroup
+	lp_workgroup()
+
+    If we are a PDC or BDC, and this is for our domain, do likewise.
+
+    Also, if omit DOMAIN if 'winbind trusted domains only = true', as the 
+    username is then unqualified in unix
 	 
 */
 void fill_domain_username(fstring name, const char *domain, const char *user)
 {
-	if(lp_winbind_use_default_domain() &&
-	    !strcmp(lp_workgroup(), domain)) {
+	if (assume_domain(domain)) {
 		strlcpy(name, user, sizeof(fstring));
 	} else {
 		slprintf(name, sizeof(fstring) - 1, "%s%s%s",

source/printing/nt_printing.c

@@ -2661,13 +2661,13 @@ static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer)
 		return WERR_SERVER_UNAVAILABLE;
 	}
 	/* Now convert to CH_UNIX. */
-	if (pull_utf8_allocate((void **) &srv_dn, srv_dn_utf8) == (size_t)-1) {
+	if (pull_utf8_allocate(&srv_dn, srv_dn_utf8) == (size_t)-1) {
 		ldap_memfree(srv_dn_utf8);
 		ldap_memfree(srv_cn_utf8);
 		ads_destroy(&ads);
 		return WERR_SERVER_UNAVAILABLE;
 	}
-	if (pull_utf8_allocate((void **) &srv_cn_0, srv_cn_utf8[0]) == (size_t)-1) {
+	if (pull_utf8_allocate(&srv_cn_0, srv_cn_utf8[0]) == (size_t)-1) {
 		ldap_memfree(srv_dn_utf8);
 		ldap_memfree(srv_cn_utf8);
 		ads_destroy(&ads);