The branch, v4-6-stable has been updated
       via  c4d44b9 VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.
       via  46be020 WHATSNEW: Add release notes for Samba 4.6.15.
       via  c90accf torture: Test compound request request counters
       via  fb602bd s3:smb2_server: correctly maintain request counters for 
compound requests
       via  e1c58ec s3: smbd: Unix extensions attempts to change wrong field in 
fchown call.
       via  b11b0e0 s3:smbd: map nterror on smb2_flush errorpath
       via  24354b0 vfs_glusterfs: Fix the wrong pointer being sent in 
glfs_fsync_async
       via  94d91c9 s3: smbd: Fix possible directory fd leak if the underlying 
OS doesn't support fdopendir()
       via  8f4202e s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed 
on error, we don't own it here.
       via  0afb85c tests/bind.py: Add a bind test with NTLMSSP with no domain
       via  96d9297 s3:cliconnect.c: remove useless ';'
       via  bb14cec s3:libsmb: allow -U"\administrator" to work
       via  d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test
       via  2d2fb95 VERSION: Bump version up to 4.6.15...
       via  85fc0d5 build: fix libceph-common detection
       via  903cccc VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
       via  5cabac8 WHATSNEW: Add release notes for Samba 4.6.14.
       via  58c2418 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only 
allowed with a control
       via  03b1513 CVE-2018-1057: s4:dsdb: use 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
       via  96261a0 CVE-2018-1057: s4:dsdb/samdb: define 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
       via  9e03a09 CVE-2018-1057: s4:dsdb/acl: run password checking only once
       via  43863fc CVE-2018-1057: s4/dsdb: correctly detect password resets
       via  0c2ef5f CVE-2018-1057: s4:dsdb/acl: add a NULL check for 
talloc_new() in acl_check_password_rights()
       via  2cce162 CVE-2018-1057: s4:dsdb/acl: add check for 
DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
       via  a0e418a CVE-2018-1057: s4:dsdb/acl: check for internal controls 
before other checks
       via  4a8b22c CVE-2018-1057: s4:dsdb/acl: remove unused else branches in 
acl_check_password_rights()
       via  ed471f3 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if 
we checked the acl in acl_check_password_rights()
       via  a976076 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for passwordAttr->num_values
       via  4b93237 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for LDB_FLAG_MOD_TYPE
       via  1610632 CVE-2018-1057: s4:dsdb/tests: add a test for password 
change with empty delete
       via  5365141 CVE-2018-1050: s3: RPC: spoolss server. Protect against 
null pointer derefs.
       via  ae55cfe s3:smbd: Do not crash if we fail to init the session table
       via  8fe0589 libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
       via  3dadbb3 torture: Add test for channel sequence number handling
       via  597aba1 smbXcli: Add "force_channel_sequence"
       via  082c08e smbd: Fix channel sequence number checks for long-running 
requests
       via  c3bce29 smbd: Remove a "!" from an if-condition for easier 
readability
       via  65992c6 torture4: Fix typos
       via  dc5dbc6 smbd: Fix a typo
       via  b726719 s3:smb2_server: allow logoff, close, unlock, cancel and 
echo on expired sessions
       via  7118165 s3:smbd: return the correct error for cancelled SMB2 
notifies on expired sessions
       via  f0e7a7c s4:torture: add smb2.session.expire2 test
       via  d0c6802 Revert "HEIMDAL:kdc: fix memory leak when decryption 
AuthorizationData"
       via  c190c37 Revert "HEIMDAL:kdc: decrypt b->enc_authorization_data in 
tgs_build_reply()"
       via  e1a5f80 Revert "HEIMDAL:kdc: if we don't have an authenticator 
subkey for S4U2Proxy we need to use the additional tickets key"
       via  542382a Revert "s4:kdc: fix the principal names in 
samba_kdc_update_delegation_info_blob"
       via  fb65808 Revert "HEIMDAL:kdc: let _kdc_encode_reply() use the 
encryption type based on the server key"
       via  4afb9bd Revert "HEIMDAL:hdb: export a hdb_enctype_supported() 
helper function"
       via  cb60d1c Revert "s4:kdc: use the strongest possible tgs session key"
       via  0cd6906 Revert "TODO s4:kdc: msDS-SupportedEncryptionTypes only on 
computers"
       via  89f27fa Revert "TODO s4:kdc: indicate support for new encryption 
types by adding empty keys"
       via  3a54a04 Revert "HEIMDAL:kdc: use the correct authtime from 
addtitional ticket for S4U2Proxy tickets"
       via  56a40ab samba: Only use async signal-safe functions in signal 
handler
       via  670af37 subnet: Avoid a segfault when renaming subnet objects
       via  f2e21e6 HEIMDAL:kdc: use the correct authtime from addtitional 
ticket for S4U2Proxy tickets
       via  ffda28e TODO s4:kdc: indicate support for new encryption types by 
adding empty keys
       via  075f061 TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers
       via  7d0559e s4:kdc: use the strongest possible tgs session key
       via  2a7392d HEIMDAL:hdb: export a hdb_enctype_supported() helper 
function
       via  8ac00b0 HEIMDAL:kdc: let _kdc_encode_reply() use the encryption 
type based on the server key
       via  9f3571a s4:kdc: fix the principal names in 
samba_kdc_update_delegation_info_blob
       via  312bf1c HEIMDAL:kdc: if we don't have an authenticator subkey for 
S4U2Proxy we need to use the additional tickets key
       via  3dd52dd HEIMDAL:kdc: decrypt b->enc_authorization_data in 
tgs_build_reply()
       via  9ec1a52 HEIMDAL:kdc: fix memory leak when decryption 
AuthorizationData
       via  2ed8741 VERSION: Bump version up to 4.6.14...
      from  d64e68a VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                 |   2 +-
 WHATSNEW.txt                            |  81 ++++++-
 auth/credentials/tests/bind.py          |  26 ++-
 libcli/smb/smbXcli_base.c               |  15 +-
 libcli/smb/smbXcli_base.h               |   4 +
 python/samba/subnets.py                 |  33 +++
 source3/libads/ldap_utils.c             |   9 +
 source3/librpc/idl/smbXsrv.idl          |   3 +-
 source3/libsmb/cliconnect.c             |   9 +-
 source3/libsmb/clientgen.c              |   2 +-
 source3/modules/vfs_glusterfs.c         |   2 +-
 source3/smbd/globals.h                  |   1 +
 source3/smbd/negprot.c                  |  23 +-
 source3/smbd/notify.c                   |  17 +-
 source3/smbd/smb2_flush.c               |   2 +-
 source3/smbd/smb2_lock.c                |  17 ++
 source3/smbd/smb2_query_directory.c     |   9 +-
 source3/smbd/smb2_server.c              |  52 ++++-
 source3/smbd/trans2.c                   |   4 +-
 source3/wscript                         |   6 +-
 source4/dsdb/samdb/ldb_modules/samldb.c |   8 +-
 source4/dsdb/tests/python/sites.py      |  45 ++++
 source4/libcli/smb2/keepalive.c         |   7 +-
 source4/smbd/server.c                   |   4 +-
 source4/torture/smb2/compound.c         |  77 +++++++
 source4/torture/smb2/replay.c           | 117 ++++++++++-
 source4/torture/smb2/session.c          | 362 ++++++++++++++++++++++++++++++++
 27 files changed, 884 insertions(+), 53 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index c516eb7..e657759 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ca1e471..fa673c3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,79 @@
                    ==============================
+                   Release Notes for Samba 4.6.15
+                           April 13, 2018
+                   ==============================
+
+
+This is the latest stable release of the Samba 4.6 release series.
+
+
+Changes since 4.6.14:
+---------------------
+
+o  Jeremy Allison <j...@samba.org>
+   * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed
+     on error, we don't own it here.
+   * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
+     OS doesn't support fdopendir().
+   * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
+     in fchown call.
+
+o  G√ľnther Deschner <g...@samba.org>
+   * BUG 13277: build: fix libceph-common detection.
+
+o  Poornima G <pguru...@redhat.com>
+   * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+     glfs_fsync_async.
+
+o  Volker Lendecke <v...@samba.org>
+   * BUG 13215: Fix smbd panic if the client-supplied channel sequence number
+     wraps.
+   * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o  Stefan Metzmacher <me...@samba.org>
+   * BUG 13197: SMB2 close/lock/logoff can generate
+     NT_STATUS_NETWORK_SESSION_EXPIRED.
+   * BUG 13206: Fix authentication with an empty string domain ''.
+   * BUG 13215: s3:smb2_server: correctly maintain request counters for
+     compound requests.
+
+o  Anton Nefedov
+   * BUG 13338: s3:smbd: Map nterror on smb2_flush errorpath.
+
+o  Dan Robertson <drobert...@tripwire.com>
+   * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
+
+o  Garming Sam <garm...@catalyst.net.nz>
+   * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+
+o  Andreas Schneider <a...@samba.org>
+   * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   ==============================
                    Release Notes for Samba 4.6.14
                            March 13, 2018
                    =============================
@@ -36,7 +111,7 @@ o  CVE-2018-1057:
    https://wiki.samba.org/index.php/CVE-2018-1057
 
 
-Changes since 4.6.12:
+Changes since 4.6.13:
 ---------------------
 
 o  Jeremy Allison <j...@samba.org>
@@ -71,8 +146,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    ==============================
                    Release Notes for Samba 4.6.13
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
 creds_user1 = copy.deepcopy(creds)
 creds_user2 = copy.deepcopy(creds)
 creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
 
 class BindTests(samba.tests.TestCase):
 
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
         self.config_dn = self.info_dc["configurationNamingContext"][0]
         self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
         self.password = "P@ssw0rd"
-        self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+        self.username = "BindTestUser"
 
     def tearDown(self):
         super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ + 
base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
                                       expression="(samAccountName=%s)" % 
self.username)
         self.assertEquals(len(ldb_res), 1)
         user_dn = ldb_res[0]["dn"]
+        self.addCleanup(delete_force, self.ldb, user_dn)
 
         # do a simple bind and search with the user account in format 
user@realm
         creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ + 
base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
                                               lp=lp, ldap_only=True)
         res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, 
attrs=["*"])
 
+    def test_user_account_bind_no_domain(self):
+        # create user
+        self.ldb.newuser(username=self.username, password=self.password)
+        ldb_res = self.ldb.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % 
self.username)
+        self.assertEquals(len(ldb_res), 1)
+        user_dn = ldb_res[0]["dn"]
+        self.addCleanup(delete_force, self.ldb, user_dn)
+
+        creds_user4.set_username(self.username)
+        creds_user4.set_password(self.password)
+        creds_user4.set_domain('')
+        creds_user4.set_workstation('')
+        print "BindTest (no domain) with: " + self.username
+        try:
+            ldb_user4 = samba.tests.connect_samdb(host, 
credentials=creds_user4,
+                                              lp=lp, ldap_only=True)
+        except:
+            self.fail("Failed to connect without the domain set")
+
+        res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, 
attrs=["*"])
 
 TestProgram(module=__name__, opts=subunitopts)
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 239e5eb..d1e532d 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -138,6 +138,8 @@ struct smbXcli_conn {
 
                uint8_t io_priority;
 
+               bool force_channel_sequence;
+
                uint8_t preauth_sha512[64];
        } smb2;
 
@@ -532,6 +534,17 @@ const struct GUID *smbXcli_conn_server_guid(struct 
smbXcli_conn *conn)
        return &conn->smb1.server.guid;
 }
 
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn)
+{
+       return conn->smb2.force_channel_sequence;
+}
+
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+                                            bool v)
+{
+       conn->smb2.force_channel_sequence = v;
+}
+
 struct smbXcli_conn_samba_suicide_state {
        struct smbXcli_conn *conn;
        struct iovec iov;
@@ -2896,7 +2909,7 @@ struct tevent_req *smb2cli_req_create(TALLOC_CTX *mem_ctx,
        uint32_t flags = 0;
        uint32_t tid = 0;
        uint64_t uid = 0;
-       bool use_channel_sequence = false;
+       bool use_channel_sequence = conn->smb2.force_channel_sequence;
        uint16_t channel_sequence = 0;
        bool use_replay_flag = false;
 
diff --git a/libcli/smb/smbXcli_base.h b/libcli/smb/smbXcli_base.h
index 2594f07..336b1cb 100644
--- a/libcli/smb/smbXcli_base.h
+++ b/libcli/smb/smbXcli_base.h
@@ -58,6 +58,10 @@ uint16_t smbXcli_conn_max_requests(struct smbXcli_conn 
*conn);
 NTTIME smbXcli_conn_server_system_time(struct smbXcli_conn *conn);
 const DATA_BLOB *smbXcli_conn_server_gss_blob(struct smbXcli_conn *conn);
 const struct GUID *smbXcli_conn_server_guid(struct smbXcli_conn *conn);
+bool smbXcli_conn_get_force_channel_sequence(struct smbXcli_conn *conn);
+void smbXcli_conn_set_force_channel_sequence(struct smbXcli_conn *conn,
+                                            bool v);
+
 
 struct tevent_req *smbXcli_conn_samba_suicide_send(TALLOC_CTX *mem_ctx,
                                                   struct tevent_context *ev,
diff --git a/python/samba/subnets.py b/python/samba/subnets.py
index e859f06..72eeb0f 100644
--- a/python/samba/subnets.py
+++ b/python/samba/subnets.py
@@ -127,6 +127,39 @@ def delete_subnet(samdb, configDn, subnet_name):
 
     samdb.delete(dnsubnet)
 
+def rename_subnet(samdb, configDn, subnet_name, new_name):
+    """Rename a subnet.
+
+    :param samdb: A samdb connection
+    :param configDn: The DN of the configuration partition
+    :param subnet_name: Name of the subnet to rename
+    :param new_name: New name for the subnet
+    :return: None
+    :raise SubnetNotFound: if the subnet to be renamed does not exist.
+    :raise SubnetExists: if the subnet to be created already exists.
+    """
+    dnsubnet = ldb.Dn(samdb, "CN=Subnets,CN=Sites")
+    if dnsubnet.add_base(configDn) == False:
+        raise SubnetException("dnsubnet.add_base() failed")
+    if dnsubnet.add_child("CN=X") == False:
+        raise SubnetException("dnsubnet.add_child() failed")
+    dnsubnet.set_component(0, "CN", subnet_name)
+
+    newdnsubnet = ldb.Dn(samdb, str(dnsubnet))
+    newdnsubnet.set_component(0, "CN", new_name)
+    try:
+        samdb.rename(dnsubnet, newdnsubnet)
+    except LdbError as (enum, estr):
+        if enum == ldb.ERR_NO_SUCH_OBJECT:
+            raise SubnetNotFound('Subnet %s does not exist' % subnet)
+        elif enum == ldb.ERR_ENTRY_ALREADY_EXISTS:
+            raise SubnetAlreadyExists('A subnet with the CIDR %s already 
exists'
+                                      % new_name)
+        elif enum == ldb.ERR_INVALID_DN_SYNTAX:
+            raise SubnetInvalid("%s is not a valid subnet: %s" % (new_name,
+                                                                  estr))
+        else:
+            raise
 
 def set_subnet_site(samdb, configDn, subnet_name, site_name):
     """Assign a subnet to a site.
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index a4adbc0..0c37b06 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -105,9 +105,18 @@ static ADS_STATUS ads_do_search_retry_internal(ADS_STRUCT 
*ads, const char *bind
                status = ads_connect(ads);
 
                if (!ADS_ERR_OK(status)) {
+                       bool orig_is_mine = ads->is_mine;
+
                        DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n",
                                 ads_errstr(status)));
+                       /*
+                        * We need to keep the ads pointer
+                        * from being freed here as we don't own it and
+                        * callers depend on it being around.
+                        */
+                       ads->is_mine = false;
                        ads_destroy(&ads);
+                       ads->is_mine = orig_is_mine;
                        SAFE_FREE(bp);
                        return status;
                }
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index 1bfa51e..d3f8d30 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -430,7 +430,8 @@ interface smbXsrv
                uint32                                  durable_timeout_msec;
                boolean8                                durable;
                DATA_BLOB                               backend_cookie;
-               hyper                                   channel_sequence;
+               uint16                                  channel_sequence;
+               hyper                                   channel_generation;
        } smbXsrv_open_global0;
 
        typedef union {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 75bcae4..7f03e8b 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -283,8 +283,9 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state 
*cli,
 
        auth_requested = cli_credentials_authentication_requested(creds);
        if (auth_requested) {
+               errno = 0;
                user_principal = cli_credentials_get_principal(creds, frame);
-               if (user_principal == NULL) {
+               if (errno != 0) {
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
                }
@@ -299,6 +300,10 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state 
*cli,
                try_kerberos = true;
        }
 
+       if (user_principal == NULL) {
+               try_kerberos = false;
+       }
+
        if (target_hostname == NULL) {
                try_kerberos = false;
        } else if (is_ipaddress(target_hostname)) {
@@ -1281,7 +1286,7 @@ static struct tevent_req *cli_session_setup_spnego_send(
 
        status = cli_session_creds_prepare_krb5(cli, creds);
        if (tevent_req_nterror(req, status)) {
-               return tevent_req_post(req, ev);;
+               return tevent_req_post(req, ev);
        }
 
        subreq = cli_session_setup_gensec_send(state, ev, cli, creds,
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index e675f95..305f567 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -384,7 +384,7 @@ uint32_t cli_state_set_tid(struct cli_state *cli, uint32_t 
tid)
        uint32_t ret;
        if (smbXcli_conn_protocol(cli->conn) >= PROTOCOL_SMB2_02) {
                ret = smb2cli_tcon_current_id(cli->smb2.tcon);
-               smb2cli_tcon_set_id(cli->smb1.tcon, tid);
+               smb2cli_tcon_set_id(cli->smb2.tcon, tid);
        } else {
                ret = smb1cli_tcon_current_id(cli->smb1.tcon);
                smb1cli_tcon_set_id(cli->smb1.tcon, tid);
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 09e74eb..6200333 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -961,7 +961,7 @@ static struct tevent_req *vfs_gluster_fsync_send(struct 
vfs_handle_struct
 
        PROFILE_TIMESTAMP(&state->start);
        ret = glfs_fsync_async(*(glfs_fd_t **)VFS_FETCH_FSP_EXTENSION(handle,
-                               fsp), aio_glusterfs_done, req);
+                               fsp), aio_glusterfs_done, state);
        if (ret < 0) {
                tevent_req_error(req, -ret);
                return tevent_req_post(req, ev);
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index d3b9800..efcf3e9 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -733,6 +733,7 @@ struct smbd_smb2_request {
         * adapted again in reply.
         */
        bool request_counters_updated;
+       uint64_t channel_generation;
 
        /*
         * The sub request for async backend calls.
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 838ff45..96199d3 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -65,6 +65,8 @@ static void reply_lanman1(struct smb_request *req, uint16_t 
choice)
        time_t t = time(NULL);
        struct smbXsrv_connection *xconn = req->xconn;
        uint16_t raw;
+       NTSTATUS status;
+
        if (lp_async_smb_echo_handler()) {
                raw = 0;
        } else {
@@ -88,7 +90,11 @@ static void reply_lanman1(struct smb_request *req, uint16_t 
choice)
                SSVAL(req->outbuf,smb_vwv11, 8);
        }
 
-       smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+       status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN1);
+       if (!NT_STATUS_IS_OK(status)) {
+               reply_nterror(req, status);
+               return;
+       }
 
        /* Reply, SMBlockread, SMBwritelock supported. */
        SCVAL(req->outbuf,smb_flg, FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -115,6 +121,8 @@ static void reply_lanman2(struct smb_request *req, uint16_t 
choice)
        time_t t = time(NULL);
        struct smbXsrv_connection *xconn = req->xconn;
        uint16_t raw;
+       NTSTATUS status;
+
        if (lp_async_smb_echo_handler()) {
                raw = 0;
        } else {
@@ -140,7 +148,11 @@ static void reply_lanman2(struct smb_request *req, 
uint16_t choice)
                SSVAL(req->outbuf,smb_vwv11, 8);
        }
 
-       smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+       status = smbXsrv_connection_init_tables(xconn, PROTOCOL_LANMAN2);
+       if (!NT_STATUS_IS_OK(status)) {
+               reply_nterror(req, status);
+               return;
+       }
 
        /* Reply, SMBlockread, SMBwritelock supported. */
        SCVAL(req->outbuf,smb_flg,FLAG_REPLY|FLAG_SUPPORT_LOCKREAD);
@@ -251,6 +263,7 @@ static void reply_nt1(struct smb_request *req, uint16_t 
choice)
        struct smbXsrv_connection *xconn = req->xconn;
        bool signing_desired = false;
        bool signing_required = false;
+       NTSTATUS status;
 
        xconn->smb1.negprot.encrypted_passwords = lp_encrypt_passwords();
 
@@ -328,7 +341,11 @@ static void reply_nt1(struct smb_request *req, uint16_t 
choice)
        SSVAL(req->outbuf,smb_vwv0,choice);
        SCVAL(req->outbuf,smb_vwv1,secword);
 
-       smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+       status = smbXsrv_connection_init_tables(xconn, PROTOCOL_NT1);
+       if (!NT_STATUS_IS_OK(status)) {
+               reply_nterror(req, status);
+               return;
+       }
 
        SSVAL(req->outbuf,smb_vwv1+1, lp_max_mux()); /* maxmpx */
        SSVAL(req->outbuf,smb_vwv2+1, 1); /* num vcs */
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index f64185d..add5908 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -391,12 +391,21 @@ static void smbd_notify_cancel_by_map(struct 
notify_mid_map *map)
        NTSTATUS notify_status = NT_STATUS_CANCELLED;
 
        if (smb2req != NULL) {
+               NTSTATUS sstatus;
+
                if (smb2req->session == NULL) {
-                       notify_status = STATUS_NOTIFY_CLEANUP;
-               } else if (!NT_STATUS_IS_OK(smb2req->session->status)) {
-                       notify_status = STATUS_NOTIFY_CLEANUP;
+                       sstatus = NT_STATUS_USER_SESSION_DELETED;
+               } else {
+                       sstatus = smb2req->session->status;
                }
-               if (smb2req->tcon == NULL) {
+
+               if (NT_STATUS_EQUAL(sstatus, 
NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+                       sstatus = NT_STATUS_OK;
+               }
+
+               if (!NT_STATUS_IS_OK(sstatus)) {
+                       notify_status = STATUS_NOTIFY_CLEANUP;
+               } else if (smb2req->tcon == NULL) {
                        notify_status = STATUS_NOTIFY_CLEANUP;
                } else if (!NT_STATUS_IS_OK(smb2req->tcon->status)) {
                        notify_status = STATUS_NOTIFY_CLEANUP;
diff --git a/source3/smbd/smb2_flush.c b/source3/smbd/smb2_flush.c
index d077c62..51584ca 100644
--- a/source3/smbd/smb2_flush.c
+++ b/source3/smbd/smb2_flush.c
@@ -198,7 +198,7 @@ static void smbd_smb2_flush_done(struct tevent_req *subreq)
        ret = SMB_VFS_FSYNC_RECV(subreq, &vfs_aio_state);
        TALLOC_FREE(subreq);
        if (ret == -1) {
-               tevent_req_error(req, vfs_aio_state.error);
+               tevent_req_nterror(req, 
map_nt_error_from_unix(vfs_aio_state.error));
                return;
        }
        tevent_req_done(req);
diff --git a/source3/smbd/smb2_lock.c b/source3/smbd/smb2_lock.c
index 2fcd359..45b833c 100644
--- a/source3/smbd/smb2_lock.c
+++ b/source3/smbd/smb2_lock.c
@@ -98,6 +98,23 @@ NTSTATUS smbd_smb2_request_process_lock(struct 
smbd_smb2_request *req)


-- 
Samba Shared Repository

Reply via email to