From 850d0c066bfc00b09233d5ea404f26fea530374b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 4 Jan 2005 20:26:50 +0000 Subject: [PATCH] r4516: current with 3.0 as of r4514. Updated release notes --- WHATSNEW.txt | 285 ++++++++++++++++++++++++++++++++++++-- source/include/smb.h | 2 +- source/libads/ldap.c | 2 +- source/rpc_server/srv_samr_util.c | 8 +- source/utils/net_rpc_samsync.c | 26 +++- source/web/swat.c | 24 +++- 6 files changed, 322 insertions(+), 25 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d86a85de9f9..0b03148e1ba 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,17 +1,26 @@ - ============================== - Release Notes for Samba 3.0.10 - Dec 16, 2004 - ============================== + ================================== + Release Notes for Samba 3.0.11pre1 + Jan 4, 2005 + =================================== -This is the latest stable release of Samba. This is the version -that production Samba servers should be running for all current -bug-fixes. This is primarily a security release to address -CAN-2004-1154. See the "Changes" section for details on exact -updates. +This is a preview release of the Samba 3.0.2 code base and +is provided for testing only. This release is *not* intended +for production servers. However, there have been several bug +fixes since 3.0.10 that we feel are important to make available +to the Samba community for wider testing. -Common bugs fixed in 3.0.10 include: +Common bugs fixed in 3.0.11pre1 include: - o Fix for security issues described in CAN-2004-1154. + o Numerous printing bugs bugs including memory + bloating on large/busy print servers. + o Compatibility issues with Exchange 5.5 SP4. + o sendfile fixes. + +Additional features introduced in Samba 3.0.11pre1: + + o Winbindd performance improvements. + o More 'net rpc campire' functionality. + @@ -19,6 +28,258 @@ Common bugs fixed in 3.0.10 include: Changes ####### +Changes since 3.0.10 +-------------------- + +smb.conf changes +---------------- + Parameter Name Action + -------------- ------ + afs token lifetime New + min password length Deprecated + + +commits +------- + +o Jeremy Allison + * Extend vfs to add seekdir/telldir/rewinddir. + * Fix dirent return. + * Fix bugs when handling secondary trans2 requests. + * Implementation of get posix acls in UNIX extensions. + * Added set posix acl functionality into the UNIX extensions code. + * Updated config.guess/config.sub . + * Fix error reply when 'follow symlinks = no'. + * BUG 1061, 2045: Only set mtime from pending_modtime if it's + not already zero. + * Fixes for LARGE_READX support. + * Fix the problem we get on Linux where sendfile fails, but we've + already sent the header using send(). + * BUG 2081: Ensure SE_DESC_DACL_PROTECTED is set if 'map acl + inherit = no'. + * BUG 2088: Ensure inherit permissions is only applied on a new + file, not an existing one. + * Don't go fishing for the krb5 authorisation data unless we know + it's there. + * BUG 2110: Ensure we convert to ucs2 correctly after the + CAN-2004-0930 patch. + * Make strict locking an enum. Auto means use oplock optimization. + * Fix client & server to allow 127k READX calls. + * More *alloc fixes (includes additional fixes by Albert Chin. + * Catch sendfile errors correctly and return the correct values + we want the caller to return. + + +o Timur Bakeyev + * BUG 2100: change the way we check for errors after a dlopen(). + + +o Andrew Bartlett + * Clarify error message when 'lanman auth = no'. + * Remove the unnecessary UTF-8 conversion calls in the calls to + auth_winbind from smbd. + + +o Gerald (Jerry) Carter + * BUG 2073: fall back to smb_name if current_user_info is not + available in lp_file_list_changed(). + * Fixes the spurious 'register_message_flags: tdb fetch failed' + errors. + * Don't run the backgroup LPQ daemon when we are running in + interactive mode. + * prevent the background LPQ daemon from updating the print queue + cache just because multiple smbd processes sent a message that + it was out of date. + * consolidate printer searches to use find_service rather than + for(...) loops. + * BUG 2091: don't remove statically defined printers in + remove_stale_printers(). + * Fix logic error in add_a_form() that only compared N characters + instead of the entire form name. + * BUG 2107: fix memory bloating caused by large numbers of + print_queue_updates() requests sent via messages.tdb. + * Check the setprinter(3) based on the access permissions on + the handle and avoid the call to print_access_chaeck(). + + +o Nadav Danieli + * Short circuit some is_locked() tests if we are oplocked. + + +o Guenther Deschner + * Allow 'localhost' as a valid server name in the smbd for the + spoolss calls. + * Fix KRB5_SETPW-defines, no change in behaviour (Thanks to Luke + Mewburn for the input). + * BUG 2059: Add additional checks needed after logic change to the + HAVE_WRFILE_KEYTAB detection test. + * BUG 1076: Fix interaction with Exchange 5.5. SP4 and a + Samba DC. Allow us to lookup at least our own SID. + * More fixes to have proper german in swat (Thanks to Reiner + Klaproth and Björn Jacke. + * BUG 404, 2076: Allow to set OWNER- and GROUP-entries while + setting security descriptors with smbcacls and using with + the -S or -M switch. + * Include the munged_dial, bad_password_count, lopgon_count, and + logon_hours attributes when running 'net rpc vampire'. + * Fix segfault in idmap_rid. + * When winbindd is operating in the multi-mapping mode of + idmap_rid, allow BUILTIN domain-mapping. + * Display infolevel 12 in query_dom_info in rpcclient. + * Fix bug in winbindd's lowercasing of usernames. + * Allow -v or -l for displaying verbose groupmap-listing + as well as "verbose". + * Backport Samba4 SAM_DELTA_DOMAIN_INFO for use in 'net rpc + vampire'. + * Close LDAP-Connection before retrying to open a new connection + in the retry-loop. + * Marking "min password length" as depreciated. + * Implement SAMR query_dom_info-call info-level 8 server- and + client-side, based on samba4-idl. + + + +o Jay Fenlason + * Fix crash in 'net join' due to calling free on + static buffers. + + +o Rob Foehl . + * Compiler warnings. + * Try modifying printer published attributes before adding it a + new entry in AD. + * Solaris packaging fixes. + * Don't force the cups printer-make-and-model tag as the comment + for autoloaded printers. + + +o Johann Hanne + * BUG 2038: Only fail winbindd_getgroups() if all lookups fail. + + +o David Hu + * Copy structure from print_queue_update() message rather than + referencing it. Fixes seg fault on HP-UX. + + +o Buck Huppmann + * BUG 2186: Don't free uninitialized credentials. + * BUG 2189: Add the HOST/fqdn servicePrincipalName even when + dnsDomainName != realm. + + +o Björn Jacke + * BUG 2040: Ensure the locale is reset to C to get ASCII- + compatible toupper/lower functions. + + +o William Jojo + * Fix HPUX sendfile and add configure.in tests and code for + sendfile on AIX. + + +o Volker Lendecke + * Optimize anonymous session setups by workstations in a + Samba domain. + * Reimplment the QueryUserAliases() server RPC reply. + * Re-add the getpwnam-cache for performance. + * Cache the result of a pdb_getsampwnam for later SID lookup + queries. + * Unify the means of localtaing a user's global groups on a + Samba DC. + * Fix bug when serving the 'Start Menu' in a roaming user profile.. + * Map more pre-defined NT security descriptors to AFS acls. + * Add timeout to AD searche requests. + * If a connection to a DC is requested (in winbindd), open + connections simultaeneously to all DCs found. + * Memleak fixes. + * Fix logic error in handling of 'printcap name' parameter. + * Prevent winbindd from SPAM'ing the log files with 'user root + does not exist'. + * Baclkport samr_DomInfo2 IDL specification from Samba 4. + * Implement smbstatus -n, don't lookup users and groups. + * Implement a stupid mapping that maps the space to another + character choosable by afsacl:space. + * Add support for 'net idmap delete '. + * Add new parameter 'afs token lifetime' tells the AFS client + when to throw away a token (patch from kllin@it.su.se). + + +o Jim McDonough + * BUG 1952: Try INITSHUTDOWN pipe first, used by newer + clients. If it fails, fall back to WINREG. + * BUG 1770: Remove READ_ATTRIBUTES from GENERIC_EXECUTE. + + +o Luke Mewburn + * BUG 2150: shmget() - Use POSIX definitions instead of non- + standard SHM_. + + +o Buchan Milne + * Mandrake packaging fixes. + + +o Lars Mueller + * Fix build of libsmbclient on x86_64. + * BUG 2013: Fix testsuite build issues when libsmbclient.so + is installed in a non-default location. + * BUG 2050: Calculate max_fd for select correctly. + * Fix inverted logic heck for HAVE_WRFILE_KEYTAB in autoconf + script. + + +o Jason Mader + * BUG 2069: Remove unused variables. + * BUG 2075: Remove dead code paths. + * BUG 2083: Fix compiler warnings caused by bad type casts. + + +o Gavrie Philipson + * BUG 1838: Remove stale printers imeeddiately when + processing a SIGHUP and during smb.conf reload. + + +o Tim Potter + * BUG 2080: Fix duplicate call to pdb_get_acct_desc(). + * BUG 2168: Fix cast in SMB_XMALLOC_ARRAY. + * Change the license for the winbindd external interface + more liberal. + * HP-UX compile fixes. + + +o Simo Sorce + * Backport pdbedit changes from trunk. + + +o Andrew Tridgell + * Bring Samba3 into line with the Samba4 password change code. + + +o Jelmer Vernooij + * Bug fixes for pdb_{xml,pqsql,xml} + + +o Shiro Yamada + * BUG 2190: Force SWAT to display parameters in unix charset and + not UTF-8. + + + +Changes for older versions follow below: + + -------------------------------------------------- + ============================== + Release Notes for Samba 3.0.10 + Dec 16, 2004 + ============================== + +Common bugs fixed in 3.0.10 include: + + o Fix for security issues described in CAN-2004-1154. + + + Changes since 3.0.9 ------------------- @@ -45,8 +306,6 @@ o Luke Mewburn -Changes for older versions follow below: - -------------------------------------------------- ============================= diff --git a/source/include/smb.h b/source/include/smb.h index 49d3d29ac03..a7db0c0a868 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -1066,7 +1066,7 @@ struct bitmap { #define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\ FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS) -#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|FILE_READ_ATTRIBUTES|\ +#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|\ FILE_EXECUTE|SYNCHRONIZE_ACCESS) /* Mapping of access rights to UNIX perms. */ diff --git a/source/libads/ldap.c b/source/libads/ldap.c index c18e253f7b2..8c37a90e732 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -1454,7 +1454,7 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *machine_name psp4 = talloc_asprintf(ctx, "HOST/%s", my_fqdn); strlower_m(&psp4[5]); for (i = 0; i < next_spn; i++) { - if (strequal(servicePrincipalName[i], psp3)) + if (strequal(servicePrincipalName[i], psp4)) break; } if (i == next_spn) { diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c index 8cc44074abe..dd12a438cae 100644 --- a/source/rpc_server/srv_samr_util.c +++ b/source/rpc_server/srv_samr_util.c @@ -251,6 +251,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) } if (from->fields_present & ACCT_LOGON_HOURS) { + pstring old, new; DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs)); if (from->logon_divs != pdb_get_logon_divs(to)) { pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED); @@ -262,8 +263,11 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) } DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours)); - /* Fix me: only update if it changes --metze */ - pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED); + pdb_sethexhours(old, pdb_get_hours(to)); + pdb_sethexhours(new, (const char *)from->logon_hrs.hours); + if (!strequal(old, new)) { + pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED); + } /* This is max logon hours */ DEBUG(10,("INFO_21 UNKNOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6)); diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c index e8a110d083e..fccdc5f5ba5 100644 --- a/source/utils/net_rpc_samsync.c +++ b/source/utils/net_rpc_samsync.c @@ -380,8 +380,11 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) } if (delta->hdr_parameters.buffer) { + DATA_BLOB mung; old_string = pdb_get_munged_dial(account); - new_string = unistr2_static(&delta->uni_parameters); + mung.length = delta->hdr_parameters.uni_str_len; + mung.data = (uint8 *) delta->uni_parameters.buffer; + new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); if (STRING_CHANGED) pdb_set_munged_dial(account, new_string, PDB_CHANGED); @@ -408,10 +411,29 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) pdb_set_logoff_time(account, unix_time,PDB_CHANGED); } + /* Logon Divs */ if (pdb_get_logon_divs(account) != delta->logon_divs) pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); - /* TODO: logon hours */ + /* Max Logon Hours */ + if (delta->unknown1 != pdb_get_unknown_6(account)) { + pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED); + } + + /* Logon Hours Len */ + if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) { + pdb_set_hours_len(account, delta->buf_logon_hrs.buf_len, PDB_CHANGED); + } + + /* Logon Hours */ + if (delta->buf_logon_hrs.buffer) { + pstring old, new; + pdb_sethexhours(old, pdb_get_hours(account)); + pdb_sethexhours(new, (const char *)delta->buf_logon_hrs.buffer); + if (!strequal(old, new)) + pdb_set_hours(account, (const char *)delta->buf_logon_hrs.buffer, PDB_CHANGED); + } + if (pdb_get_bad_password_count(account) != delta->bad_pwd_count) pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED); diff --git a/source/web/swat.c b/source/web/swat.c index 48537d1d049..7bd9837c371 100644 --- a/source/web/swat.c +++ b/source/web/swat.c @@ -193,6 +193,7 @@ static void show_parameter(int snum, struct parm_struct *parm) { int i; void *ptr = parm->ptr; + char *utf8_s1, *utf8_s2; if (parm->class == P_LOCAL && snum >= 0) { ptr = lp_local_ptr(snum, ptr); @@ -214,10 +215,17 @@ static void show_parameter(int snum, struct parm_struct *parm) char **list = *(char ***)ptr; for (;*list;list++) { /* enclose in quotes if the string contains a space */ - if ( strchr_m(*list, ' ') ) - printf("\'%s\'%s", *list, ((*(list+1))?", ":"")); - else - printf("%s%s", *list, ((*(list+1))?", ":"")); + if ( strchr_m(*list, ' ') ) { + push_utf8_allocate(&utf8_s1, *list); + push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":"")); + printf("\'%s\'%s", utf8_s1, utf8_s2); + } else { + push_utf8_allocate(&utf8_s1, *list); + push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":"")); + printf("%s%s", utf8_s1, utf8_s2); + } + SAFE_FREE(utf8_s1); + SAFE_FREE(utf8_s2); } } printf("\">"); @@ -238,16 +246,20 @@ static void show_parameter(int snum, struct parm_struct *parm) case P_STRING: case P_USTRING: + push_utf8_allocate(&utf8_s1, *(char **)ptr); printf("", - make_parm_name(parm->label), *(char **)ptr); + make_parm_name(parm->label), utf8_s1); + SAFE_FREE(utf8_s1); printf("", _("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue))); break; case P_GSTRING: case P_UGSTRING: + push_utf8_allocate(&utf8_s1, (char *)ptr); printf("", - make_parm_name(parm->label), (char *)ptr); + make_parm_name(parm->label), utf8_s1); + SAFE_FREE(utf8_s1); printf("", _("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue))); break; -- 2.11.4.GIT