autobuild[sn-devel-144]: intermittent test failure detected

[autobuild]

The autobuild test system (on sn-devel-144) has detected an intermittent 
failing test in 
the current master tree.

The autobuild log of the failure is available here:

   
https://git.samba.org/autobuild.flakey.sn-devel-144/2018-04-14-0636/flakey.log

The failure seems to be in the "samba-ad-dc" suite, whose build logs are 
available here:

   
https://git.samba.org/autobuild.flakey.sn-devel-144/2018-04-14-0636/samba-ad-dc.stderr
   
https://git.samba.org/autobuild.flakey.sn-devel-144/2018-04-14-0636/samba-ad-dc.stdout
  
The top commit at the time of the failure was:

commit b8f71674742a45c296b6ef6a69be3870c4ddf61c
Author: Volker Lendecke 
Date:   Sun Feb 25 13:00:39 2018 +0100

libdgram: Fix an error path memleak

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Fri Apr 13 21:04:28 CEST 2018 on sn-devel-144

and the last 50 lines of the stdout log were:

[450(2951)/525 at 19m51s] 
samba.wbinfo_simple.domain-info=$DOMAIN(ad_member:local)
[451(2952)/525 at 19m51s] samba.wbinfo_simple.online-status(ad_member:local)
[452(2953)/525 at 19m51s] 
samba.wbinfo_simple.online-status.domain=BUILTIN(ad_member:local)
[453(2954)/525 at 19m51s] 
samba.wbinfo_simple.online-status.domain=$DOMAIN(ad_member:local)
[454(2955)/525 at 19m51s] 
samba.wbinfo_simple.check-secret.domain=$DOMAIN(ad_member:local)
[455(2956)/525 at 19m52s] 
samba.wbinfo_simple.change-secret.domain=$DOMAIN(ad_member:local)
[456(2957)/525 at 19m52s] 
samba.wbinfo_simple.check-secret.domain=$DOMAIN(ad_member:local)
[457(2958)/525 at 19m53s] 
samba.wbinfo_simple.online-status.domain=$DOMAIN(ad_member:local)
[458(2959)/525 at 19m53s] samba.wbinfo_simple.domain-users(ad_member:local)
[459(2960)/525 at 19m53s] samba.wbinfo_simple.domain-groups(ad_member:local)
[460(2961)/525 at 19m53s] 
samba.wbinfo_simple.name-to-sid=$DC_USERNAME(ad_member:local)
[461(2962)/525 at 19m53s] 
samba.wbinfo_simple.name-to-sid=$DOMAIN/$DC_USERNAME(ad_member:local)
[462(2963)/525 at 19m53s] 
samba.wbinfo_simple.user-info=$DOMAIN/$DC_USERNAME(ad_member:local)
[463(2964)/525 at 19m53s] 
samba.wbinfo_simple.user-groups=$DOMAIN/$DC_USERNAME(ad_member:local)
[464(2965)/525 at 19m53s] 
samba.wbinfo_simple.authenticate=$DOMAIN/$DC_USERNAME%$DC_PASSWORD(ad_member:local)
[465(2966)/525 at 19m53s] samba.wbinfo_simple.allocate-uid(ad_member:local)
[466(2967)/525 at 19m54s] samba.wbinfo_simple.allocate-gid(ad_member:local)
[467(2968)/525 at 19m54s] 
samba.wbinfo_sids2xids.(ad_member:local)(ad_member:local)
UNEXPECTED(failure): 
samba.wbinfo_sids2xids.(ad_member:local).sids2xids(ad_member:local)
REASON: Exception: Exception: failed to call wbcLookupName: WBC_ERR_INVALID_SID
Could not lookup name ADDOMAIN/
Couldn't delete specified entry
Entry deleted.
Couldn't delete specified entry
Entry deleted.
Couldn't delete specified entry
Couldn't delete specified entry
wbcSidToString(-512) failed: WBC_ERR_INVALID_PARAM
wbinfo_sids_to_unix_ids failed
Traceback (most recent call last):
  File 
"/memdisk/autobuild/fl/b3088179/samba-ad-dc/source3/script/tests/test_wbinfo_sids2xids_int.py",
 line 51, in 
idtypes.append(result[0])
IndexError: list index out of range

FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)

A summary with detailed information can be found in:
  ./bin/ab/summary
TOP 10 slowest tests
samba3.local.nss(ad_dc:local) -> 77
samba3.raw.session krb5(ad_dc) -> 52
samba3.rpc.samr.passwords.pwdlastset(ad_dc) -> 52
samba3.smb2.session krb5(ad_dc) -> 35
samba4.blackbox.net_ads(ad_dc:client)(ad_dc:client) -> 33
samba3.rpc.schannel(ad_dc) -> 21
samba3.smb2.dir(ad_dc) -> 20
samba3.base.delete(ad_dc) -> 20
samba4.blackbox.trust_utils(fl2008r2dc:local)(fl2008r2dc:local) -> 18
samba3.rpc.spoolss.printer(ad_dc) -> 18
ERROR: test failed with exit code 1

[SCM] Samba Shared Repository - branch v4-7-test updated

[Stefan Metzmacher]

The branch, v4-7-test has been updated
   via  5a2066f torture: Test compound request request counters
   via  bb15458 s3:smb2_server: correctly maintain request counters for 
compound requests
  from  686b2ba winbindd: Do not ignore domain in the LOOKUPNAME request

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 5a2066f5ca52d8f1421139f27112183952070a05
Author: Volker Lendecke 
Date:   Wed Apr 11 15:11:10 2018 +0200

torture: Test compound request request counters

This will send an unfixed smbd into the

SMB_ASSERT(op->request_count > 0);

in smbd_smb2_request_reply_update_counts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144

(cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Fri Apr 13 22:48:05 CEST 2018 on sn-devel-144

commit bb15458485e48ce173e54186f1b54aef2e852544
Author: Stefan Metzmacher 
Date:   Wed Apr 11 12:14:59 2018 +0200

s3:smb2_server: correctly maintain request counters for compound requests

If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().

As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0)

---

Summary of changes:
 source3/smbd/smb2_server.c  |  6 +++-
 source4/torture/smb2/compound.c | 77 +
 2 files changed, 82 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index ee03a8e..177e5ff 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2180,7 +2180,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts(
bool update_open = false;
NTSTATUS status = NT_STATUS_OK;
 
-   req->request_counters_updated = false;
+   SMB_ASSERT(!req->request_counters_updated);
 
if (xconn->protocol < PROTOCOL_SMB2_22) {
return NT_STATUS_OK;
@@ -2315,6 +2315,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct 
smbd_smb2_request *req)
 
DO_PROFILE_INC(request);
 
+   SMB_ASSERT(!req->request_counters_updated);
+
/* TODO: verify more things */
 
flags = IVAL(inhdr, SMB2_HDR_FLAGS);
@@ -2755,6 +2757,8 @@ static void smbd_smb2_request_reply_update_counts(struct 
smbd_smb2_request *req)
return;
}
 
+   req->request_counters_updated = false;
+
if (xconn->protocol < PROTOCOL_SMB2_22) {
return;
}
diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
index c592308..d2d4d7e 100644
--- a/source4/torture/smb2/compound.c
+++ b/source4/torture/smb2/compound.c
@@ -1030,6 +1030,81 @@ done:
return ret;
 }
 
+static bool test_compound_invalid4(struct torture_context *tctx,
+  struct smb2_tree *tree)
+{
+   struct smb2_create cr;
+   struct smb2_read rd;
+   NTSTATUS status;
+   const char *fname = "compound_invalid4.dat";
+   struct smb2_close cl;
+   bool ret = true;
+   bool ok;
+   struct smb2_request *req[2];
+
+   smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+   smb2_util_unlink(tree, fname);
+
+   ZERO_STRUCT(cr);
+   cr.in.security_flags  = 0x00;
+   cr.in.oplock_level= 0;
+   cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+   cr.in.create_flags= 0x;
+   cr.in.reserved= 0x;
+   cr.in.desired_access  = SEC_RIGHTS_FILE_ALL;
+   cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+   cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ |
+   NTCREATEX_SHARE_ACCESS_WRITE |
+   NTCREATEX_SHARE_ACCESS_DELETE;
+   cr.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+   cr.in.create_options  = 

[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
   via  b8f7167 libdgram: Fix an error path memleak
   via  8b770e6 libnbt: Align data types
   via  5fea3e3 libnbt: Add an explicit "mem_ctx" to name_request_send
  from  ce63db2 traffic_relay: bulk port print to modern py3 style

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b8f71674742a45c296b6ef6a69be3870c4ddf61c
Author: Volker Lendecke 
Date:   Sun Feb 25 13:00:39 2018 +0100

libdgram: Fix an error path memleak

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Fri Apr 13 21:04:28 CEST 2018 on sn-devel-144

commit 8b770e646aa28e6ef36647f42b97a8330203bbd0
Author: Volker Lendecke 
Date:   Thu Apr 12 20:40:32 2018 +0200

libnbt: Align data types

ARRAY_SIZE returns size_t

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

commit 5fea3e3f23cf75e111b9043ddad8a93aad6c06bf
Author: Volker Lendecke 
Date:   Sun Feb 4 12:16:14 2018 +

libnbt: Add an explicit "mem_ctx" to name_request_send

Implicitly hanging requests off nbtsock is too inflexible for future use

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 libcli/nbt/namequery.c  | 4 ++--
 libcli/nbt/namerefresh.c| 2 +-
 libcli/nbt/nameregister.c   | 2 +-
 libcli/nbt/namerelease.c| 2 +-
 libcli/nbt/nbt_proto.h  | 3 ++-
 libcli/nbt/nbtsocket.c  | 7 ---
 source4/libcli/dgram/mailslot.c | 1 +
 7 files changed, 12 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/nbt/namequery.c b/libcli/nbt/namequery.c
index e344235..49ab10c 100644
--- a/libcli/nbt/namequery.c
+++ b/libcli/nbt/namequery.c
@@ -56,7 +56,7 @@ _PUBLIC_ struct nbt_name_request *nbt_name_query_send(struct 
nbt_name_socket *nb
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
   io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
-   req = nbt_name_request_send(nbtsock, dest, packet,
+   req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
 
@@ -160,7 +160,7 @@ _PUBLIC_ struct nbt_name_request 
*nbt_name_status_send(struct nbt_name_socket *n
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
   io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
-   req = nbt_name_request_send(nbtsock, dest, packet,
+   req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
 
diff --git a/libcli/nbt/namerefresh.c b/libcli/nbt/namerefresh.c
index b525356..b3aef76 100644
--- a/libcli/nbt/namerefresh.c
+++ b/libcli/nbt/namerefresh.c
@@ -72,7 +72,7 @@ struct nbt_name_request *nbt_name_refresh_send(struct 
nbt_name_socket *nbtsock,
   nbtsock->sock->backend_name,
   io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
-   req = nbt_name_request_send(nbtsock, dest, packet,
+   req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
 
diff --git a/libcli/nbt/nameregister.c b/libcli/nbt/nameregister.c
index ff5418c..8e8271d 100644
--- a/libcli/nbt/nameregister.c
+++ b/libcli/nbt/nameregister.c
@@ -80,7 +80,7 @@ struct nbt_name_request *nbt_name_register_send(struct 
nbt_name_socket *nbtsock,
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
   io->in.dest_addr, io->in.dest_port);
if (dest == NULL) goto failed;
-   req = nbt_name_request_send(nbtsock, dest, packet,
+   req = nbt_name_request_send(nbtsock, nbtsock, dest, packet,
io->in.timeout, io->in.retries, false);
if (req == NULL) goto failed;
 
diff --git a/libcli/nbt/namerelease.c b/libcli/nbt/namerelease.c
index 8f46981..68c8252 100644
--- a/libcli/nbt/namerelease.c
+++ b/libcli/nbt/namerelease.c
@@ -69,7 +69,7 @@ _PUBLIC_ struct nbt_name_request 
*nbt_name_release_send(struct nbt_name_socket *
dest = socket_address_from_strings(packet, nbtsock->sock->backend_name,
   

[SCM] Samba Shared Repository - branch master updated

[Douglas Bagnall]

The branch, master has been updated
   via  ce63db2 traffic_relay: bulk port print to modern py3 style
   via  c034caa s4/webserver: initialise optional parameter
   via  30fb803 s4/lib/py-registry: initialize optional parameters for 
open_* functions
   via  2a30501 s3/py_passdb: initialize optional parameters earlier
   via  399c22a nbt/pynbt: initialize optional parameter in nbt_name_refresh
   via  e62d2bd nbt/pynbt: initialize optional parameter in 
nbt_name_register
   via  0d56edb ldb/pyldb: initialize optional parameter in ldb_connect()
   via  6eb3391 kcc/graph: add __hash__ to InternalEdge for py3
   via  c7f3c91 kcc: fix sort for py3
   via  9491094 kcc/kcc_utils: fix divide for py3
   via  09081ea kcc/kcc_utils: convert dict.keys to list
   via  767f6e5 kcc/graph_utils: port string.translate for py3
   via  16a228c selftest/graph: enable py3 for samba.tests.graph
   via  d1312c8 python/tests/graph: actually test graphs, don't print
   via  6d696d6 graph: fix sort for py3
   via  fadd2ce graph: fix divide for py3
   via  470499f selftest: enable py3 for samba.tests.krb5_credentials
   via  a9f5913 selftest: enable py3 for samba.tests.docs
   via  c070680 selftest: enable py3 for samba.tests.source
   via  eec07f2 selftest: enable py3 for samba.tests.lsa_string
   via  fb97281 selftest: enable py3 for samba.tests.dcerpc.registry
   via  9b8b40f selftest: enable py3 for samba.tests.dcerpc.rpcecho
   via  e209cc2 selftest: enable py3 for samba.tests.dcerpc.bare
   via  01ace23 selftest: enable py3 for samba.tests.dcerpc.sam
   via  aeb6e07 python: fix unicode escape in doc string
   via  5258add python: bulk convert zip to list
   via  8432ca2 python: bulk replace file to open for py3
   via  9d79329 python: bulk replace dict.itervalues to values for py3
   via  2892293 python: bulk port tdb iterkeys for py3
   via  f3b5287 python: bulk replace dict.iteritems to items for py3
   via  6716971c python/wscript: build grouping library for py2/py3 
(--extra-python)
   via  6210510 s3/lib/policy/wscript_build: build samba_policy lib for 
extra-python/py3
   via  84f7ead s3/libnet/wscript: build samba-net lib for extra-python/py3
   via  f24f0e1 s3/param/wscript: build PROVISION subsytem for 
extra-python/py3
   via  4a58393 wscript_build: make sure we link extra-python versions of 
libraries
   via  e48e6b0 python: create test for pysmb module.
   via  5c7e7ca s4/libcli: python3 port for smb module
  from  23d8410 dbwrap: Fix "use mmap = no"

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ce63db26a1d9fd2272e7d708965557d0461a4eac
Author: Joe Guo 
Date:   Fri Apr 13 15:00:01 2018 +1200

traffic_relay: bulk port print to modern py3 style

Change print to function and avoid the ugly `print >>sys.stderr`.

Signed-off-by: Joe Guo 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Garming Sam 

Autobuild-User(master): Douglas Bagnall 
Autobuild-Date(master): Fri Apr 13 10:36:32 CEST 2018 on sn-devel-144

commit c034caaf956dd7bf151ca86fe028928befe88f7b
Author: Douglas Bagnall 
Date:   Thu Apr 12 17:19:20 2018 +1200

s4/webserver: initialise optional parameter

OK, this is unused and unimplemented.

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 

commit 30fb803ec07eb865c4c31c54320cef08e1cafff0
Author: Douglas Bagnall 
Date:   Thu Apr 12 17:15:19 2018 +1200

s4/lib/py-registry: initialize optional parameters for open_* functions

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 

commit 2a305014b530145563a581e880a14af17fc3fc04
Author: Douglas Bagnall 
Date:   Thu Apr 12 17:13:05 2018 +1200

s3/py_passdb: initialize optional parameters earlier

It is just a bit easier to see what is happening.

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 

commit 399c22a86f0b8614137f783d957547ade219e431
Author: Douglas Bagnall 
Date:   Thu Apr 12 17:10:10 2018 +1200

nbt/pynbt: initialize optional parameter in nbt_name_refresh

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 

[SCM] Samba Shared Repository - branch v4-6-stable updated

[Karolin Seeger]

The branch, v4-6-stable has been updated
   via  c4d44b9 VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.
   via  46be020 WHATSNEW: Add release notes for Samba 4.6.15.
   via  c90accf torture: Test compound request request counters
   via  fb602bd s3:smb2_server: correctly maintain request counters for 
compound requests
   via  e1c58ec s3: smbd: Unix extensions attempts to change wrong field in 
fchown call.
   via  b11b0e0 s3:smbd: map nterror on smb2_flush errorpath
   via  24354b0 vfs_glusterfs: Fix the wrong pointer being sent in 
glfs_fsync_async
   via  94d91c9 s3: smbd: Fix possible directory fd leak if the underlying 
OS doesn't support fdopendir()
   via  8f4202e s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed 
on error, we don't own it here.
   via  0afb85c tests/bind.py: Add a bind test with NTLMSSP with no domain
   via  96d9297 s3:cliconnect.c: remove useless ';'
   via  bb14cec s3:libsmb: allow -U"\administrator" to work
   via  d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test
   via  2d2fb95 VERSION: Bump version up to 4.6.15...
   via  85fc0d5 build: fix libceph-common detection
   via  903 VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
   via  5cabac8 WHATSNEW: Add release notes for Samba 4.6.14.
   via  58c2418 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only 
allowed with a control
   via  03b1513 CVE-2018-1057: s4:dsdb: use 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
   via  96261a0 CVE-2018-1057: s4:dsdb/samdb: define 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
   via  9e03a09 CVE-2018-1057: s4:dsdb/acl: run password checking only once
   via  43863fc CVE-2018-1057: s4/dsdb: correctly detect password resets
   via  0c2ef5f CVE-2018-1057: s4:dsdb/acl: add a NULL check for 
talloc_new() in acl_check_password_rights()
   via  2cce162 CVE-2018-1057: s4:dsdb/acl: add check for 
DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
   via  a0e418a CVE-2018-1057: s4:dsdb/acl: check for internal controls 
before other checks
   via  4a8b22c CVE-2018-1057: s4:dsdb/acl: remove unused else branches in 
acl_check_password_rights()
   via  ed471f3 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if 
we checked the acl in acl_check_password_rights()
   via  a976076 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for passwordAttr->num_values
   via  4b93237 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for LDB_FLAG_MOD_TYPE
   via  1610632 CVE-2018-1057: s4:dsdb/tests: add a test for password 
change with empty delete
   via  5365141 CVE-2018-1050: s3: RPC: spoolss server. Protect against 
null pointer derefs.
   via  ae55cfe s3:smbd: Do not crash if we fail to init the session table
   via  8fe0589 libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
   via  3dadbb3 torture: Add test for channel sequence number handling
   via  597aba1 smbXcli: Add "force_channel_sequence"
   via  082c08e smbd: Fix channel sequence number checks for long-running 
requests
   via  c3bce29 smbd: Remove a "!" from an if-condition for easier 
readability
   via  65992c6 torture4: Fix typos
   via  dc5dbc6 smbd: Fix a typo
   via  b726719 s3:smb2_server: allow logoff, close, unlock, cancel and 
echo on expired sessions
   via  7118165 s3:smbd: return the correct error for cancelled SMB2 
notifies on expired sessions
   via  f0e7a7c s4:torture: add smb2.session.expire2 test
   via  d0c6802 Revert "HEIMDAL:kdc: fix memory leak when decryption 
AuthorizationData"
   via  c190c37 Revert "HEIMDAL:kdc: decrypt b->enc_authorization_data in 
tgs_build_reply()"
   via  e1a5f80 Revert "HEIMDAL:kdc: if we don't have an authenticator 
subkey for S4U2Proxy we need to use the additional tickets key"
   via  542382a Revert "s4:kdc: fix the principal names in 
samba_kdc_update_delegation_info_blob"
   via  fb65808 Revert "HEIMDAL:kdc: let _kdc_encode_reply() use the 
encryption type based on the server key"
   via  4afb9bd Revert "HEIMDAL:hdb: export a hdb_enctype_supported() 
helper function"
   via  cb60d1c Revert "s4:kdc: use the strongest possible tgs session key"
   via  0cd6906 Revert "TODO s4:kdc: msDS-SupportedEncryptionTypes only on 
computers"
   via  89f27fa Revert "TODO s4:kdc: indicate support for new encryption 
types by adding empty keys"
   via  3a54a04 Revert "HEIMDAL:kdc: use the correct authtime from 
addtitional ticket for S4U2Proxy tickets"
   via  56a40ab samba: Only use async signal-safe functions in signal 
handler
   via  670af37 subnet: Avoid a segfault when renaming subnet objects
   via  f2e21e6 HEIMDAL:kdc: use the correct authtime from addtitional 
ticket for S4U2Proxy tickets
   via  ffda28e TODO s4:kdc: indicate support for new encryption types by 
adding empty keys
   via  075f061 TODO s4:kdc: msDS-SupportedEncryptionTypes 

[SCM] Samba Website Repository - branch master updated

[Karolin Seeger]

The branch, master has been updated
   via  84f273d NEWS[4.6.15]: Samba 4.6.15 Available for Download
  from  73e8fbc team: fix Gary Lockyer's details (typo)

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 84f273dca9848bad9811634ad882b8ec2bb63c70
Author: Karolin Seeger <ksee...@samba.org>
Date:   Fri Apr 13 09:47:19 2018 +0200

NEWS[4.6.15]: Samba 4.6.15 Available for Download

Signed-off-by: Karolin Seeger <ksee...@samba.org>

---

Summary of changes:
 history/samba-4.6.15.html| 74 
 posted_news/20180413-075519.4.6.15.body.html | 13 +
 posted_news/20180413-075519.4.6.15.headline.html |  3 +
 3 files changed, 90 insertions(+)
 create mode 100644 history/samba-4.6.15.html
 create mode 100644 posted_news/20180413-075519.4.6.15.body.html
 create mode 100644 posted_news/20180413-075519.4.6.15.headline.html


Changeset truncated at 500 lines:

diff --git a/history/samba-4.6.15.html b/history/samba-4.6.15.html
new file mode 100644
index 000..2adcbe2
--- /dev/null
+++ b/history/samba-4.6.15.html
@@ -0,0 +1,74 @@
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;>
+http://www.w3.org/1999/xhtml;>
+
+Samba 4.6.15 - Release Notes
+
+
+Samba 4.6.15 Available for Download
+
+https://download.samba.org/pub/samba/stable/samba-4.6.15.tar.gz;>Samba 
4.6.15 (gzipped)
+https://download.samba.org/pub/samba/stable/samba-4.6.15.tar.asc;>Signature
+
+
+https://download.samba.org/pub/samba/patches/samba-4.6.14-4.6.15.diffs.gz;>Patch
 (gzipped) against Samba 4.6.14
+https://download.samba.org/pub/samba/patches/samba-4.6.14-4.6.15.diffs.asc;>Signature
+
+
+
+   ==
+   Release Notes for Samba 4.6.15
+   April 13, 2018
+   ==
+
+
+This is the latest stable release of the Samba 4.6 release series.
+
+
+Changes since 4.6.14:
+-
+
+o  Jeremy Allison j...@samba.org
+   * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesnt get freed
+ on error, we dont own it here.
+   * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
+ OS doesnt support fdopendir().
+   * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
+ in fchown call.
+
+o  Gnther Deschner g...@samba.org
+   * BUG 13277: build: fix libceph-common detection.
+
+o  Poornima G pguru...@redhat.com
+   * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+ glfs_fsync_async.
+
+o  Volker Lendecke v...@samba.org
+   * BUG 13215: Fix smbd panic if the client-supplied channel sequence number
+ wraps.
+   * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o  Stefan Metzmacher me...@samba.org
+   * BUG 13197: SMB2 close/lock/logoff can generate
+ NT_STATUS_NETWORK_SESSION_EXPIRED.
+   * BUG 13206: Fix authentication with an empty string domain .
+   * BUG 13215: s3:smb2_server: correctly maintain request counters for
+ compound requests.
+
+o  Anton Nefedov
+   * BUG 13338: s3:smbd: Map nterror on smb2_flush errorpath.
+
+o  Dan Robertson drobert...@tripwire.com
+   * BUG 13310: libsmb: Use smb2 tcon if conn_protocol = SMB2_02.
+
+o  Garming Sam garm...@catalyst.net.nz
+   * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+
+o  Andreas Schneider a...@samba.org
+   * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
+
+
+
+
+
+
diff --git a/posted_news/20180413-075519.4.6.15.body.html 
b/posted_news/20180413-075519.4.6.15.body.html
new file mode 100644
index 000..34875f1
--- /dev/null
+++ b/posted_news/20180413-075519.4.6.15.body.html
@@ -0,0 +1,13 @@
+
+13 April 2018
+Samba 4.6.15 Available for Download
+
+This is the latest stable release of the Samba 4.6 release series.
+
+
+The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA).
+The source code can be https://download.samba.org/pub/samba/stable/samba-4.6.15.tar.gz;>downloaded
 now.
+A https://download.samba.org/pub/samba/patches/samba-4.6.14-4.6.15.diffs.gz;>patch
 against Samba 4.6.14 is also available.
+See https://www.samba.org/samba/history/samba-4.6.15.html;>the 
release notes for more info.
+
+
diff --git a/posted_news/20180413-075519.4.6.15.headline.html 
b/posted_news/20180413-075519.4.6.15.headline.html
new file mode 100644
index 000..71403b1
--- /dev/null
+++ b/posted_news/20180413-075519.4.6.15.headline.html
@@ -0,0 +1,3 @@
+
+ 13 April 2018 Samba 4.6.15 Available for 
Download
+


-- 
Samba Website Repository

[SCM] Samba Shared Repository - annotated tag samba-4.6.15 created

[Karolin Seeger]

The annotated tag, samba-4.6.15 has been created
at  ea132b05d3b6a2543922c8c8395646e3174a78fa (tag)
   tagging  c4d44b9a78f65a27803ee7005a077292b45690f7 (commit)
  replaces  samba-4.6.14
 tagged by  Karolin Seeger
on  Fri Apr 13 09:46:43 2018 +0200

- Log -
samba: tag release samba-4.6.15
-BEGIN PGP SIGNATURE-

iEYEABECAAYFAlrQYGQACgkQbzORW2Vot+qI4gCghayfrXCSXvxapnCBVATwjnpE
y+QAoIycikSkkpvqAPLgrAGd/iTMqsHm
=A2qV
-END PGP SIGNATURE-

Andreas Schneider (1):
  s3:smbd: Do not crash if we fail to init the session table

Anton Nefedov via samba-technical (1):
  s3:smbd: map nterror on smb2_flush errorpath

Dan Robertson (1):
  libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

Garming Sam (2):
  subnet: Avoid a segfault when renaming subnet objects
  tests/bind.py: Add a bind test with NTLMSSP with no domain

Günther Deschner (1):
  build: fix libceph-common detection

Jeremy Allison (4):
  CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer 
derefs.
  s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we 
don't own it here.
  s3: smbd: Fix possible directory fd leak if the underlying OS doesn't 
support fdopendir()
  s3: smbd: Unix extensions attempts to change wrong field in fchown call.

Karolin Seeger (16):
  VERSION: Bump version up to 4.6.14...
  Revert "HEIMDAL:kdc: use the correct authtime from addtitional ticket for 
S4U2Proxy tickets"
  Revert "TODO s4:kdc: indicate support for new encryption types by adding 
empty keys"
  Revert "TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers"
  Revert "s4:kdc: use the strongest possible tgs session key"
  Revert "HEIMDAL:hdb: export a hdb_enctype_supported() helper function"
  Revert "HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type 
based on the server key"
  Revert "s4:kdc: fix the principal names in 
samba_kdc_update_delegation_info_blob"
  Revert "HEIMDAL:kdc: if we don't have an authenticator subkey for 
S4U2Proxy we need to use the additional tickets key"
  Revert "HEIMDAL:kdc: decrypt b->enc_authorization_data in 
tgs_build_reply()"
  Revert "HEIMDAL:kdc: fix memory leak when decryption AuthorizationData"
  WHATSNEW: Add release notes for Samba 4.6.14.
  VERSION: Disable GIT_SNAPSHOT for the 4.6.14 release.
  VERSION: Bump version up to 4.6.15...
  WHATSNEW: Add release notes for Samba 4.6.15.
  VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.

Poornima G (1):
  vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async

Ralph Boehme (13):
  CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty 
delete
  CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for 
LDB_FLAG_MOD_TYPE
  CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for 
passwordAttr->num_values
  CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the 
acl in acl_check_password_rights()
  CVE-2018-1057: s4:dsdb/acl: remove unused else branches in 
acl_check_password_rights()
  CVE-2018-1057: s4:dsdb/acl: check for internal controls before other 
checks
  CVE-2018-1057: s4:dsdb/acl: add check for 
DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
  CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in 
acl_check_password_rights()
  CVE-2018-1057: s4/dsdb: correctly detect password resets
  CVE-2018-1057: s4:dsdb/acl: run password checking only once
  CVE-2018-1057: s4:dsdb/samdb: define 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
  CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
  CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a 
control

Stefan Metzmacher (17):
  HEIMDAL:kdc: fix memory leak when decryption AuthorizationData
  HEIMDAL:kdc: decrypt b->enc_authorization_data in tgs_build_reply()
  HEIMDAL:kdc: if we don't have an authenticator subkey for S4U2Proxy we 
need to use the additional tickets key
  s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob
  HEIMDAL:kdc: let _kdc_encode_reply() use the encryption type based on the 
server key
  HEIMDAL:hdb: export a hdb_enctype_supported() helper function
  s4:kdc: use the strongest possible tgs session key
  TODO s4:kdc: msDS-SupportedEncryptionTypes only on computers
  TODO s4:kdc: indicate support for new encryption types by adding empty 
keys
  HEIMDAL:kdc: use the correct authtime from addtitional ticket for 
S4U2Proxy tickets
  s4:torture: add smb2.session.expire2 test
  s3:smbd: return the correct error for cancelled SMB2 notifies on expired 
sessions
  s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired 
sessions
  Merge tag 'samba-4.6.14' into v4-6-test
  s3:libsmb: allow -U"\\administrator" to work
  

[SCM] Samba Shared Repository - branch v4-6-test updated

[Karolin Seeger]

The branch, v4-6-test has been updated
   via  7705a4d VERSION: Bump version up to 4.6.16...
   via  c4d44b9 VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.
   via  46be020 WHATSNEW: Add release notes for Samba 4.6.15.
  from  c90accf torture: Test compound request request counters

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test


- Log -
commit 7705a4d471a427041616a9897158474d8a5ff457
Author: Karolin Seeger 
Date:   Tue Apr 10 21:22:32 2018 +0200

VERSION: Bump version up to 4.6.16...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit c4d44b9a78f65a27803ee7005a077292b45690f7
Author: Karolin Seeger 
Date:   Tue Apr 10 21:21:39 2018 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.6.15 release.

Signed-off-by: Karolin Seeger 

commit 46be02065ab90c160911e0671c2b4f8c80a0a032
Author: Karolin Seeger 
Date:   Tue Apr 10 21:21:09 2018 +0200

WHATSNEW: Add release notes for Samba 4.6.15.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 81 +---
 2 files changed, 79 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index f746dee..466bd23 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=6
-SAMBA_VERSION_RELEASE=15
+SAMBA_VERSION_RELEASE=16
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ca1e471..fa673c3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,79 @@
==
+   Release Notes for Samba 4.6.15
+   April 13, 2018
+   ==
+
+
+This is the latest stable release of the Samba 4.6 release series.
+
+
+Changes since 4.6.14:
+-
+
+o  Jeremy Allison 
+   * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed
+ on error, we don't own it here.
+   * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
+ OS doesn't support fdopendir().
+   * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
+ in fchown call.
+
+o  Günther Deschner 
+   * BUG 13277: build: fix libceph-common detection.
+
+o  Poornima G 
+   * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+ glfs_fsync_async.
+
+o  Volker Lendecke 
+   * BUG 13215: Fix smbd panic if the client-supplied channel sequence number
+ wraps.
+   * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o  Stefan Metzmacher 
+   * BUG 13197: SMB2 close/lock/logoff can generate
+ NT_STATUS_NETWORK_SESSION_EXPIRED.
+   * BUG 13206: Fix authentication with an empty string domain ''.
+   * BUG 13215: s3:smb2_server: correctly maintain request counters for
+ compound requests.
+
+o  Anton Nefedov
+   * BUG 13338: s3:smbd: Map nterror on smb2_flush errorpath.
+
+o  Dan Robertson 
+   * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
+
+o  Garming Sam 
+   * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+
+o  Andreas Schneider 
+   * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   ==
Release Notes for Samba 4.6.14
March 13, 2018
=
@@ -36,7 +111,7 @@ o  CVE-2018-1057: