1 What's new in Samba 2.2.8pre1 - 3rd February 2003
2 =================================================
4 This is a non-production, preview release of the upcoming Samba
5 2.2.8 distribution. This preview release is for testing purposes
6 only and should not be installed in production environments.
8 The purpose of this preview release to make numerous bugs fixes
9 for Samba 2.2.7a available to the Samba community. Please report
10 testing results of this release to the Samba mailing list
17 See the cvs log for SAMBA_2_2 for more details
19 1) Fix seg fault in smbpasswd when specifying the new password
20 as a command line argument
21 2) Correct 64-but file sizes issues with smbtar and smbclient
22 3) Add batch mode option to pdbedit
23 4) Add protection in nmbd against malformed reply packets
24 5) Fix bug with sendfile profiling support in smbstatus output
25 6) Correct bug in "hide unreadable" smb.conf parameter that
26 resulted in incorrect directory listings
27 7) Fix bug in group enumeration in winbindd
28 8) Correct build issues with libsmbclient on Solaris
29 9) Fix memory leak and bad pointer dereference in password
31 10) Fix for changing attributes on a file truncate
32 11) Ensure smbd process count never gets to -1 if limiting number
34 12) Ensure we return disk full by default on short writes
35 13) Don't delete jobs submitted after the lpq time
36 14) Fix reference count bug where smbds would not terminate
37 with no open resources
38 15) Performance fix when using quota support on HP-UX
39 16) Fixes for --with-ldapsam
40 * Default to port 389 when "ldap ssl != on"
41 * add support for rebinding to the master directory server
42 for password changes when "ldap server" points to a read-only
44 17) Add -W and -X command line flags to smbpasswd for extracting and
45 setting the machine/domain SID in secrets.tdb. See the
46 smbpasswd(8) man page for details.
47 18) Added (c) Luke Howard to winbind_nss_solaris.c for coded
48 obtained from PADL's nss_ldap library.
49 19) Fix bug in samr_dispinfo query in winbindd
50 20) Fix segfault in NTLMSSP password changing code for
52 21) Correct pstring/fstring mismatches
53 22) Send level II oplock break requests synchronously to prevent
54 condition where one smbd would continually lock a share entry
56 23) Miscellaneous cleanups for tdb error conditions and appending
58 24) Implement correct open file truncate semantics with DOS
60 25) Enforce wide links = no on files as well as directories
61 26) Include shared library checks for Stratus VOS
62 27) Include support for CUPS printer classes and logging the remote
65 Changes since 2.2.8pre1
66 -----------------------
67 28) smbumount lazy patch from Mandrake
68 29) Check for too many processes *before* the fork.
69 30) make sure we don't run over the end of 'name' in unix_convert()
70 31) set umask to 0 before creating socket directory.
71 32) Fix the LARGE_SMB_OFF_T problems and allow smbd to do the right thing in
72 interactive mode when a log file dir is also specified.
73 33) Fix delete on close semantics to match W2K.
74 34) Correctly return access denied on share mode deny when we can't open the
76 35) Always use safe_strcpy not pstrcpy for malloced strings
77 36) Fixes for HPUX only having limited POSIX lock range from Michael Steffens
78 <michael.steffens@hp.com>
79 37) Added code based on Michael Steffens <michael.steffens@hp.com> uid/gid
80 caching code. Reduces load on winbindd.
81 38) Removed extra copy of server name in the printername field (it was
82 mangling the the name to be \\server\\\server\printer
83 39) Fix dumb perror used without errno beeing set.
84 thanks to RedHat developers for the report
85 40) Do retries correctly if the connection to the DC has failed. Based on
86 work by Michael Steffens.
87 41) Correctly check for inet_addr fail. Patch from gregor.7@osu.edu.
88 42) Ensure we use getgrnam() unless BROKEN_GETGRNAM is defined.
89 43) Fix from Corny.Bondad@hp.com for missing if (setting_acls) on default
91 44) Fix inspired by Stefan (metze) Metzmacher - cache the sidtype also.
92 45) fix printer settings on Solaris print servers.
93 ASCII -> UNICODE conversion bug.
94 46) Small fix from Tom Jansen <tom@ninja.nl> to check correct error return.
95 47) Ensure space_avail is unsigned. Patch from R.Nieuwenhuizen@cpb.nl.
96 48) patch from Hal Roberts check for a valid [f]chmod_acl function pointer
97 before calling it. Fixes seg fault in audit VFS module
98 49) When checking is_locked() new WRITE locks conflict with existing READ locks even
99 if the context is the same.
100 50) Merge off-by-one crash fixes found and fixed in HEAD by Andrew Bartlett.
101 51) Move off-by-one buggy malloc()/safe_strcpy() combination to strdup() instead.
102 52) Merge from HEAD. Use pstrcpy not safe_strcpy.
103 53) Fix to allow blocking lock notification to be done rapidly (no wait
104 for smb -> smb lock release). Adds new PENDING_LOCK type to lockdb
105 (does not interfere with existing locks).
111 See the cvs log for SAMBA_2_2 for more details
113 1) Fix for smbclient reporting negative file sizes on dir command
114 and negative statistics being reported when using put or get
116 2) Fix bug in determination of allocation size
117 3) Fix 64bit size problems which prevented copying of files larger
119 4) Fix for xcopy /s problem with old DOS clients not sending correct
120 attributes on subsequent SMBsearch calls.
121 5) Fix bug in call to standard_sub_advanced giving a 0 length. This
122 fixes the string overflow in string_sub errors.
123 6) Correctly handle querygroup rpcclient command
124 7) fix broken incremental tar in smbtar command
126 =========================================
128 Older releases notes for 2.2.x distributions follow
130 -----------------------------------------------------------------------------
131 The release notes for 2.2.7 follow :
133 IMPORTANT: Security bugfix for Samba
134 ------------------------------------
139 A security hole has been discovered in versions 2.2.2 through 2.2.6
140 of Samba that could potentially allow an attacker to gain root access
141 on the target machine. The word "potentially" is used because there
142 is no known exploit of this bug, and the Samba Team has not been able to
143 craft one ourselves. However, the seriousness of the problem warrants
144 this immediate 2.2.7 release.
146 In addition to addressing this security issue, Samba 2.2.7 also includes
147 thirteen unrelated improvements. These improvements result from our
148 process of continuous quality assurance and code review, and are part of
149 the Samba team's committment to excellence.
154 There was a bug in the length checking for encrypted password change
155 requests from clients. A client could potentially send an encrypted
156 password, which, when decrypted with the old hashed password could be
157 used as a buffer overrun attack on the stack of smbd. The attach would
158 have to be crafted such that converting a DOS codepage string to little
159 endian UCS2 unicode would translate into an executable block of code.
161 All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable
162 to this problem. This version of Samba 2.2.7 contains a fix for this
165 Earlier versions of Samba are not vulnerable.
167 There is no known exploit or exploit code for this vulnerability,
168 it was discovered by a code audit by Debian Samba maintainers.
173 Thanks to Steve Langasek <vorlon@debian.org> and Eloy Paris
174 <peloy@debian.org> for bringing this vulnerability to our notice.
176 Patch for Samba versions 2.2.2 to 2.2.6
177 ---------------------------------------
179 The following patch applies cleanly to the above Samba versions
180 and will fix the vulnerability for sites that do not wish to upgrade
181 to 2.2.7 at this time.
184 -------------------------------cut here---------------------------------
185 --- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002
186 +++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
190 /* Password must be converted to NT unicode - null terminated. */
191 - dos_struni2((char *)wpwd, (const char *)passwd, 256);
192 + dos_struni2((char *)wpwd, (const char *)passwd, len);
193 /* Calculate length in bytes */
194 len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
195 -------------------------------cut here---------------------------------
202 See the cvs log for SAMBA_2_2 for more details
204 1) ensure we send the notify message in the same way it is expected
205 to be received by srv_spoolss_receive_message().
206 2) attribute matching on truncate only matters when opening truncate
207 with current SYSTEM|HIDDEN -> NONE. It's fine to truncate on open
208 with current NONE -> SYSTEM | HIDDEN.
209 3) Fix bug in rpcclient's deldriver command
210 4) Don't set global_machine_password_needs_changing if
211 lp_machine_password_timeout() is set to zero
212 5) don't parse the BUFFER5 if the buffer length is zero
213 6) fix core dump if pdbedit is run as non-root or smbpasswd file does
215 7) Ensure can_delete() returns correct error code
216 8) correctly return NT_STATUS_DELETE_PENDING from open code
217 9) fix bug that assumed dos_unistr2 length was in ucs2 units, not bytes
218 10) check the long_archi name is not null when deleting a printer driver.
219 fixes core dump in smbd when using rpcclient's deldriver
220 11) fix fd leak with kernel change notify on Linux 2.4 kernels
221 12) must add one to the extra_data size to transfer the 0 string
222 terminator. This was causing "wbinfo --sequence" to access past the
223 end of malloced memory
224 13) fix for large systems allowing more than 65536 files open in
226 14) Fix bug in %U expansion
230 -----------------------------------------------------------------------------
231 The release notes for 2.2.6 follow :
233 There have been several fixes and internal enhancements which include:
235 * Fixes for MS-RPC printing issues affecting Windows 2000 clients
236 * New support for smb.conf generation in SWAT
237 * Inclusion of several performance enhancements (See --with-sendfile
238 & and the modified smb.conf(5) parameters in these Release Notes)
239 * Fixes for several file locking bugs and returned status codes
245 Refer to the smb.conf(5) man page for complete descriptions of new parameters.
247 * profile acls (S) workaround for issue with WinXP SP1
248 and roaming user profiles
259 * max xmit (G) new default value
260 * large readwrite (G) new default value
262 New ./configure Options
263 -----------------------
265 --with-sendfile Enable experimental sendfile support
266 --with-winbind-ldap-hack Enable winbindd_ldap_hack() functionality
267 for Windows 2000 native mode domains
273 See the cvs log for SAMBA_2_2 for more details
275 1) Fixed several compiler warnings caused by the use of const parameters
276 2) Fixed a hang in the main smbd process caused by an EINTR in the
278 3) Fixed string substitutions to accept a length for sanity checks
279 4) Fixed 17-bit length field in nmb header
280 5) Removed non-portable inline declaration for functions
281 6) Performance fix for including files with an smb.conf variable in the
283 7) Fix for parsing LPRng lpq output
284 8) Parsing fix for PRINTER_INFO_2 structure which was causing viewing
285 printer properties to fail
286 9) Fix for printer change notification and Windows NT clients which caused
287 the client to go into an infinite loop of refreshing the local printers
289 10) Allow trans2 and nttrans messages to be processed in oplock break state
290 which fixes a problem with oplock break requests and Win2k clients
291 11) Don't crash on setfileinfo on printer fsp
292 12) Memory fixes caught by Valgrind
293 13) Updates to stop spurious error message in tdb
294 14) Fix silly logic bug in 'make smbd processes' and 'status = no' check
295 15) Fix compilation of pam_smbpass and --with-ldap
296 16) Fix compilation of smbwrapper on Solaris hosts
297 17) fix logic error in a check for enabling the winbind_pam_auth_crap() code
298 & fix formatting typo in --with-winbind-auth-challenge
299 18) Correcting check for ldap_start_tls()
300 19) Fixed a problem with getgroups() where it could include our current
302 20) fix incorrect semantics in the DeletePrinterDriver() spoolss rpc
303 to only attempt to delete the architecture specified by the client
304 21) Don't allow TEMP attribute on directory open
305 22) Restore VxFS quotas to the 2.2 branch
306 23) Added basic "Wizard" functionality to SWAT
307 24) Fix initial "allocation size" in NTcreate&X call
308 25) Fix for open fid, "nametoolong"
309 26) Exit server on receipt of a non-SMB packet. Ensure we have
310 at least smb_size bytes before processing a packet
311 27) Replace inet_aton with inet_addr() to correct compile problems on Solaris
312 28) Include the "account" objectclass when adding a new account to --with-ldapsam
313 in order to comply with the data model implemented by OpenLDAP 2.1.x
314 29) Various fixes for POSIX compliance
315 30) Correct alignment & offset bug in EnumPrinterDataEx()
316 31) Fix access checks when modifying forms using a print server handle
317 (not just a printer handle)
318 32) Account for case data_len == 0 in EnumPrinterDataEx()
319 33) Fix logic error in blocking lock code
320 34) Fixed various incorrect return codes to clients
321 35) Add RESOLVE_DFSPATH to mkdir operations
322 36) Fix longstanding bug in Win2k clients by clearing the shortname
323 buffer before returning ASCII short name
324 37) added -t option to smbpasswd for explicitly changing a trust
325 account password when operating in security = domain
326 38) installed -x option to testparm to eXclude printing all parameter
327 values that are at default settings.
328 39) Fix shares/printers view in SWAT so that only Basic options are exposed
330 40) Added 1125 & KOI8-U to codepage list in Makefile.in
331 41) Include separate configure checks for *openbsd* & *freebsd* when
332 determining flags used to compile shared libraries.
333 42) Merge in free list unlock on error fix
334 43) Correctly fail opens with mismatching SYSTEM or HIDDEN attributes
335 if we are mapping system or hidden
336 44) Fix bug with stat mode open being done on read-only open with truncate
337 45) Fix crash bug discovered where cli struct was being deallocated in a
339 46) Ensure we open UNIX fifo's non-blocking
340 47) Fix DeletePrinterDriver() (hopefully for the last time...yeah right....)
341 48) only lowercase global_myname in the %L substitution, not the whole string
342 49) Merged Steve French's fix for OS/2 EA return error being removed
343 50) Patch from Steve French to fix difference in responses to smbclient
344 //server/share ls / on Samba and Windows 2000
345 51) Print error and exit if smb.conf doesn't have security=domain and
346 encrypt passwords=yes when joining domain
347 52) Added final Steve French patch for "required" attributes with old dir
349 53) Initialize user_rid value in WINBIND_USERINFO structure returned by
350 the rpc version of query_user()
351 54) Ensure we've failed a lock with a lock denied message before automatically
352 pushing it onto the blocking queue
353 55) Add experimental --with-sendfile code
354 56) alignment fix in printing code merged from HEAD
355 57) Merge fix for other sids in token from HEAD
356 58) Merge winbindd with current (more advanced) state of play in APPLIANCE_HEAD
357 59) fix smbclient / Win98 off by one bug
358 60) Never, *ever* hold a mutex lock in the message database where there may be
359 traversals being attempted
360 61) Add LDAP hack for retrieving the SAM sequence number when a member of a
361 Windows 2000 native mode domain
362 62) Fix race condition when changing a machine account password as we were
363 no longer locking the secrets entry
364 63) Allow '@' as a valid character in domain names
365 64) remove jobs from the spool directory when using cups
366 65) removed -lresolv for --enable-ldapsam
367 66) Memory leak fix and correct use of negative caching in winbindd
368 67) Updated spoolss parsing code with known good state of APPLIANCE_HEAD
369 68) Delete printer security check was reversed
370 69) Windows allows delete printer on a handle opened by an admin user, then
371 used on a pipe handle created by an anonymous user...We do to now...
372 70) Make explicit the difference between a tdb key with no data attached, and
374 71) Ensure we register the 1c name on the unicast subnet.
375 72) Fix inheritance problem when recursively setting ACLs on directories
376 73) prevent ACL set on read-only share
377 74) Ensure we never have more than MAX_PRINT_JOBS in a queue
378 75) Added timeout to tdb_lock_bystring()
379 76) Ensure we set FIRST+LAST flags on a bind request
380 77) Add version strings to the usage message for smbcacls and smbpasswd
381 78) Fix bug in the write cache code
382 79) make the default printed values for boolean the same for all parameters
383 80) Default all LDAP connections to v3 with compiling with --with-ldapsam
384 81) Fix memory leak in smbspool
385 82) Fix bug in mangling code that resulted in Win9x clients not being
386 able to execute batch files in deep, non 8.3 directory paths
387 83) Fix infinite looping bug in winbindd_getgrent()
388 84) Fix crash bug on 64-bit systems (merge from HEAD)
389 85) Fix extended character bug when setting LanMan/NT password
390 86) Negotiate same SMB read size as a Windows 2000 file server
391 to fix performance bug with NT4 clients
395 -----------------------------------------------------------------------------
396 The release notes for 2.2.5 follow :
398 There have been several fixes and internal enhancements which include:
400 * Several compile fixes for Solaris and HP-UX
401 * More printing fixes for Windows NT/2k/XP clients
402 * New options for the VFS recycle bin library
403 * New internal signal handling semantics relating to directory change
404 notification and oplocks
406 New/Changed parameters in 2.2.5
407 --------------------------------
409 For more information on these parameters, see the man pages for
412 Added/changed parameters
413 ------------------------
415 * block size = <INTEGER>
416 * force unknown acl user = <boolean>
417 * mangling method = [hash|hash2]
420 Deprecated Parameters
421 ---------------------
423 The following parameters have been marked as deprecated and will be removed
439 See the cvs log for SAMBA_2_2 for more details
441 1) Removal of several compiler warnings, incorrect Makefile dependencies,
442 and wrong autoconf tests on various platforms--Solaris & HP-UX 10.20
443 being the predominantly reported platforms
444 2) Fixed winbindd crash bug on the IBM s390 running Linux
445 3) Inclusion of enhanced Linux quota support
446 4) Correctly link against Sun LDAP libraries on Solaris 8 (even through
447 there is no apparent SSL support there)
448 5) POSIX conformance patches
449 6) Include new configure --enable-cups option (can also be disabled even
450 if CUPS libraries are installed on the system)
451 7) Set reasonable default for the "passwd program" parameter using an
453 8) Added --with-winbind-auth for enabling winbindd_pam_auth_crap() code
454 9) fixed bug to prevent root account from being deleted by the
456 10) Inclusion of autoconf script for building VFS modules
457 11) Add new run time options to the VFS recycle bin library (see
458 examples/VFS/recycle/README for details)
459 12) Include findsmb perl script as part of the "make install" process
460 13) Return correct error code for EnumPrinters(PRINTER_ENUM_REMOTE, InfoLevel1)
461 to fix a bug where printers appear at the workgroup level in the Windows
462 NT/2k APW browse list
463 14) Added support to nmblookup to return NMB flags (See nmblookup(8) for
465 15) Fix length bug that caused password changes from Windows NT/2k clients to
467 16) Correct false password expiration when using --with-ldapsam caused by
468 missing attributes in the directory
469 17) added -S option to smbpasswd for storing the SID of a domain controller
470 as the local machine SID in secrets.tdb. See the smbpasswd(8) man page
472 18) Various fixes for UNIX CIFS extensions commands
473 19) Fixed CIDR notation in "hosts allow/deny"
474 20) Change semantics of an idle connection to mean "no open files and no
475 open handles". We cannot idle a connection if there are open named
476 pipe handles. This fixes scalability problem on Samba print servers
477 and NT/2k clients introduced in 2.2.4
478 21) Fix germam umlaut problem when returning ACL entries
479 22) Return NT_STATUS_OBJECT_NAME_NOT_FOUND for ENOENT. This fixes the bug
480 of running the Microsoft Access executable (msaccess.exe) and database
481 files from a Samba share documented in the 2.2.4 release
482 23) Corrected signal handling relating to directory change notification and
484 24) Fix bug in unix_to_nt_time() that appeared on files dated close to Daylight
486 25) Corrected alignment bug in spoolss parsing code which caused Win2k/XP
487 clients not to be able to view printer properties from a Samba host
488 26) Fixed spoolss parsing bug causing printing from ACT! 2000 running on
489 Windows 2k/XP clients to fail
490 27) Fixed incorrect error check in mod_share_entry()
491 28) Allow %S variable in MS-DFS root paths
492 29) Correct a bug regarding the use of 'wbinfo -A'
493 30) Fixed libnss_wins.so to correctly work on RedHat 7.3 systems
494 31) Store the key for a name-to-sid cache entry in upper case rather than
495 whatever case the request was made in. This gets rid of duplicate
497 32) Fix bug causing the pid stored in winbindd's pid file to be the wrong id
498 33) Enhanced error reporting messages of wbinfo
499 34) Parameterize block size on disk size return
500 35) Added new parameter to allow incoming ACLs to have owner and group forced
501 to the currently logged in user. This fixes the XCOPY /O problem
502 36) Fixed bug in local_change_password() caused by reusing a struct
504 37) Change default value for "ldap port" to 389 if "ldap ssl = no"
505 38) Updated HOWTO's, manpages, and general documentation....
506 39) Allow root as well as domain admins to open an LDAP connection
507 40) Fixed veto files bug with ".*"
508 41) Fixed uninitialized variable bug in smbpasswd that was causing a random
509 IP address to be used in the connection when joining a domain
510 42) Fix for joining a domain with a netbios name of 15 characters and
511 pre-creating the account on the DC
512 43) Added links to new documentation on SWAT welcome page
516 -----------------------------------------------------------------------------
517 The release notes for 2.2.4 follow :
519 There have been several fixes and internal enhancements which include:
521 * More/better SPOOLSS printing functionality for Windows
523 * Several fixes relating to serving PC database files such
524 as (Access and FoxPro) from a Samba file share.
525 * Several improves in Samba's VFS layer which can be seen
526 in the inclusion of a "Recycle Bin" vfs module. See
527 examples/VFS/README for more details on this.
528 * Addition of a tool (tdbbackup) for backup/restore of Samba's
530 * Continued improvements to winbind for greater scalability
532 * Several fixes related to Samba's MS-DFS support
533 * Rpcclient's various printer commands now work (again)
536 New/Changed parameters in 2.2.4
537 --------------------------------
539 For more information on these parameters, see the man pages for
542 Added/changed parameters
543 ------------------------
551 * winbind use default domain
554 Deprecated parameters
555 ---------------------
557 The following parameters have been marked as deprecated
558 and will be removed in Samba 3.0
562 * printer driver file
563 * printer driver location
575 See the cvs log for SAMBA_2_2 for more details
577 1) added -c option to smbpasswd
578 2) reworked smbpasswd internal command line option parsing
579 3) small various bug fixes to experimental pdb_tdb.c
580 4) Enforce spoolss RPCs based on the access granted at PrinterOpen()
581 5) Added missing access checks to [add/delete/set]form
582 6) Compile fixes for pam_smbpass
583 7) fix smbd crash when netbios session request fails from
584 spoolss_connect_to_client().
585 8) fixed logic bug that prevent SetPrinter() from storing devmode
586 9) Removed extra get_printer_snum() calls from set_printer_hnd_name()
587 10) fix joining domain on big endian machine when using -U to smbpasswd
588 11) allow command line arg to override smb.conf log level
589 12) continue to retry to register 1b name with wins server if there is an old IP there
590 13) fix smbclient print crash bug
591 14) 9x pnp fix when the config file and driver file are different
592 15) force testparm to print the correct value for log level
593 16) fix swat to show full log level info
594 17) fix server GetPrinterData() fields to be more sensible
595 18) fix logic error in SetPrinterDataEx()
596 19) Only set smb_read_error if not already set
597 20) Fix string returns that require unicode
598 21) Merge of printing performance fixes from appliance
599 22) lpq parsing fixes
600 23) Back port tridge's xcopy /o fix from HEAD
601 24) Fix the printer change notify code (unfinished)
602 25) Patch for Domain users not showing up
603 26) Fixed SetPrinterData(magic key) to support zero length DEVMODE
604 27) Ensure that all methods of looking up and connecting to DC's work
605 using identical logic.
606 28) Merge in the mutex code to stop multiple domain logon failure
608 30) Fix winbindd to respect command line debuglevel as nmbd/smbd
609 31) Update with tdbbackup from HEAD
610 32) Fix for typo on solaris nss
611 33) Merge in the locking changes from HEAD
612 34) Added POSIX ACL layer into the vfs
613 35) Fix the returning of domain enum
614 36) Fix the generation of the MACHINE.SID file into the secrets.tdb.
615 37) Enable test for -rdynamic when building binaries
616 38) Remove the "stat open" code - make it inline
617 39) Fix the mp3 rename bug
618 40) Fix for Explorer DFS problems on older Windows 9X machines
619 41) implement OpenPrinter() opnum == 0x01
620 42) Matched W2K *insane* open semantics....
621 43) small fix that will prevent the "failed to marshall
622 R_NET_SAMLOGON" message in the logs
623 42) don't do checking of local passdb in smbpasswd if using -r option
624 43) fix "smbpasswd -j DOMAIN -r * -U Admin%XXXX" so that it doesn't
625 try to connect to a server named '*'
626 44) merge rpcclient code from HEAD
627 45) Ensure MACHINE.SID update done before child spawns
628 46) Fix the bad path errors for mkdir so mkdir \a\b\c\d works
629 47) Removed --with-vfs - always built if available
630 48) Fixed psec for 2.2
631 49) Fixed the handle leak in the connection management code
632 50) fix disable spoolss after the switch to nt status codes
633 51) Added Shirish's client side caching policy change
634 52) Honor the specversion when parsing the the DEVICEMODE
635 53) fix parsing bug when DEVICEMODE's private data does not end
637 54) do not idle an smbd when there is an open pipe
638 55) when a new driver is added to a Samba server, cycle through
639 all printers and bump the change_id for each one bound to the driver
640 56) allow smbclient to work with a FIFO as well (needed for KDE
642 57) various updates to pdb_nisplus.c
643 58) many small documentation updates
644 59) removed many compiler warnings
647 -----------------------------------------------------------------------------
648 The release notes for 2.2.3a follow :
650 This is a minor bugfix release for the 2.2.3 release. The 2.2.3
651 release had a problem that was visible to Windows 2000 Explorer
652 users in that copying files into a share that already existed
653 failed with "Access Denied" rather than asking the user if an
654 overwrite was required. This was due to an incorrect error mapping
655 between the UNIX EXIST error code and the NT status error.
657 As Windows Explorer is a highly visible end user application a quick
658 bugfix release was required, hence 2.2.3a.
660 Compilation on HPUX versions earlier than HPUX 11 has also been
663 The cvs.log file is no longer included with this release, as it adds
664 13Mb to the size of the release, and is easily available on the Web.
666 -----------------------------------------------------------------------------
667 The release notes for 2.2.3 follow :
669 There are several important scaling bugs that have been fixed in this release
670 for large server systems so an upgrade is recommended.
675 Much work has been done on the LDAP backend code. The configure
676 option --with-ldapsam is now considered to be stable. The schema
677 used has changed, see the file examples/LDAP/samba.schema for the
680 New documentation explaining how to set up a Samba only PDC/BDC
681 setup has been added in the files Samba-LDAP-HOWTO and Samba-BDC-HOWTO
682 in the documentation tree.
684 winbindd daemon extended
685 ------------------------
687 Samba 2.2.2 was the first release to include the winbind daemon.
688 This code allows UNIX systems that implement the name service
689 switch (nss) to be entered into a Windows NT/2000 domain and
690 use the Domain controller for all user and group enumeration.
692 Samba 2.2.3 fixes the known memory leaks in winbindd and has
693 been extended to work with SGI IRIX and HPUX (11.x) in addition
694 to the earlier targets of Linux and Solaris.
696 For more information on using winbind, see the man pages for
699 Note that winbindd is not installed by default.
701 New/Changed parameters in 2.2.3
702 --------------------------------
704 For more information on these parameters, see the man pages for
707 Added/changed parameters.
708 -------------------------
712 Enables the experimental UNIX CIFS extensions in smbd. See the manpage
717 Some printer drivers will crash the Windows NT/2000 spooler service
718 if they are given a default devmode, some require it. This parameter
719 allows the administrator a choice of whether smbd returns such a
720 default devmode for a driver.
724 This parameter has been restored to allow people who wish smbd to ignore
725 client share modes. This is *very dangerous* and should not be set without
726 full knowledge of what this is designed for.
731 1). Fixed shared library compile for Solaris with native compiler.
732 2). UNIX CIFS extensions code added (donated by HP).
733 3). Changed to using NT status codes on the wire if the client can support
735 4). altname command to show 8.3 name added to smbclient.
736 5). const-safe endian macros now used.
737 6). client code now uses UNICODE on the wire.
738 7). Correctly return fault PDU's on bad handle.
739 8). Improved NT error code mapping table.
740 9). Many new point and print RPC calls added.
741 10). Win9x clients can now see full user list.
742 11). field added to identify simultaneous open files (no longer
743 use dev/inode/time as unique value).
744 12). HPUX ACL code added (donated by HP).
745 13). vfs interfaces updated (again !).
746 14). MSDOS Code Page 866 -> 1251 mapping added.
747 15). winbindd now processes quit/hup signals correctly.
748 16). No tdb traversal done on startup/shutdown - ensures scalability.
749 17). Fix bug with paths for homes share.
750 18). Fixed copyfile for OS/2.
751 19). Fix group membership when groups are on more than one line.
752 20). Fixed core dumps in posix ACL mapping code.
753 21). Tidyup of UNICODE functions (put/get).
754 22). Move rpcclient to the new libsmb code.
755 23). Add missing Windows 2000 passthough trans2 calls.
756 24). Return check all tdb calls.
757 25). Make local name lookup work even if wins server is down.
758 26). pam session code added to winbind.
759 27). Added winbindd cache to all lookups.
760 28). Fix allocate bugs that caused file sizes to be incorrect.
761 29). Fixed write cache code - now safe to use.
762 30). Fixed winbindd memory leaks.
763 31). winbindd will now do name lookups (to allow non Open Source
764 systems to do the nsswitch WINS lookup). Fixed by SGI.
765 32). passdb memory leaks fixed.
766 33). LDAP code updates and now properly maintained.
767 34). Finally figured out how changeid is meant to work.
768 35). Downlevel printing now looks as NT does in print monitor window.
769 36). Many fixups in spoolss printing RPC parsing.
770 37). Speed up password enumeration as a PDC.
771 38). Fix printer changed notify messages (work from HP).
772 39). Fix modify timestamp on close code.
773 40). Fix long standing mangled names bug.
774 41). Fix delete on close semantics.
775 42). Stop opening all files with O_NONBLOCK !
776 43). Use O_NOFOLLOW for systems that have it and don't want symlinks.
777 44). Ensure NT supplementary groups get added to user token.
778 45). Try and mitigate effects of DNS timeout (do less lookups).
779 46). Added current user connection context stack.
780 47). Fixes to utmp code.
781 48). smbw code tidyups.
782 49). Added tdb open log code. Several tdb fixes.
784 -----------------------------------------------------------------------------
785 The release notes for 2.2.2 follow :
787 New daemon included - winbindd
788 ------------------------------
790 Samba 2.2.2 is the first release to include the winbind daemon.
791 This code allows UNIX systems that implement the name service
792 switch (nss) to be entered into a Windows NT/2000 domain and
793 use the Domain controller for all user and group enumeration.
795 This allows a Samba server added to a Windows domain to serve
796 file and print services with *NO* local users needed in /etc/passwd
797 and /etc/group - all users and groups are read directly from the
798 Windows domain controller. In addition with pam_winbind which allows
799 a PAM enabled UNIX system to use a Windows domain for authentication
800 service this allows single sign on and account control across
801 UNIX and Windows systems.
803 The current version of winbindd shipped in 2.2.2 does have some
804 memory leaks, which will be addressed for the next Samba release,
805 so it is advisable to monitor the winbind process. This code is
806 being used in production by several vendors, so the leaks are
807 manageable. In addition, this version of winbind does not work
808 correctly against a Samba PDC, due to some missing calls on the
809 PDC side. These problems are being addressed for the next Samba
810 release, but it was thought better to release the code now rather
811 than delay the main Samba code to match the winbind release schedule.
813 For more information on using winbind, see the man pages for
816 Note that winbindd is not installed by default.
818 New/Changed parameters in 2.2.2
819 -------------------------------
821 For more information on these parameters, see the man pages for
824 Added/changed parameters.
825 -------------------------
829 Causes Samba not to create UNIX 'sparse' files, but to follow the
830 Windows behavior of always allocating on-disk space.
834 Set to 'on' by default, only set to 'off' on HPUX 11.x or below or other
835 UNIX systems that don't have coherent mmap/read-write internal caches.
836 You should not need to set this parameter.
840 This parameter has been changed to a per-share option, and is very
841 useful in enabling Windows 2000 SP2 to load/save profiles from a
844 New printing parameters.
845 ------------------------
849 Setting this parameter causes Samba to go back to the old 2.0.x
850 LANMAN printing behavior, for people who wish to disable the
855 Causes Windows NT/2000 clients to need have a local printer driver
856 installed and to treat the printer as local.
861 Samba 2.2.2 contains new code to maintain a Samba SAM database
862 on a remote LDAP server. These parameters have been added as
863 part of this code. These parameters are only available when Samba
864 has been compiled with the --with-ldapsam option.
872 The SSL support in Samba has been fixed. These new parameters
873 are part of the changes added. These parameters are only available
874 when Samba has been compiled with the --with-ssl option.
875 Please see the smb.conf man page for details.
881 New winbindd parameters.
882 ------------------------
884 These parameters are used by winbindd. See the man page for
885 winbindd for details.
906 Some new README's have been added in the docs/ directory. These cover
907 using roving profiles with Windows 2000 SP2 (docs/README.Win2kSP2),
908 and how to use Samba to help prevent Windows virus spread
909 (docs/README.Win32-Viruses).
911 Quota problems on a Linux 2.4 kernel.
912 -------------------------------------
914 Currently the quota interfaces have diverged between the Linus
915 2.4.x kernels and the Alan Cox 2.4.x kernels (the Alan Cox variants
916 are shipped with RedHat). Running quota-enabled Samba compiled on
917 an Alan Cox kernel works correctly on an Alan Cox kernel (the one
918 shipped by default with RedHat 7.x) but fails on a Linus kernel.
920 This is a mess, and hopefully Alan and Linus will sort it out soon.
921 In the meantime we need to ship.....
926 1). mmap tdb code disabled on HPUX. This should prevent the reports of
927 tdb corruption on HUPX.
928 2). Large file support set to off in Solaris 5.5 and below.
929 3). Better CUPS detection.
930 4). New SAM (password database) backends - smbpasswd (traditional),
931 LDAP, NIS+ and Samba TDB.
932 5). Quota fixups on Linux.
933 6). libsmbclient stand-alone code added. Can be built as a shared library
935 7). Tru64 ACL support added.
936 8). winbindd option added.
937 9). Realloc fail tidyup fixes all over the code.
938 10). Large improvement in hash table code efficiency - would be found with
940 11). Error code consistency improved (still needs more work).
941 12). Profile shared memory support added to nmbd.
942 13). New Windows 2000/NT passthrough info levels added.
943 14). readraw/writeraw code rewritten - many bugs fixed.
944 15). UNIX password sync (non pam) code fixed, use correct wildcard matcher.
945 16). Reverse DNS lookup avoided on socket open.
946 17). Bug preventing nmbd re-registering names on WINS server timeout fixed.
947 18). Zero length byte range lock code added. Much closer to Windows semantics.
948 19). Alignment fault fixes for Linux/Alpha.
949 20). Error checking on tdb returns vastly improved.
950 21). Handling of delete on close fixed. No longer possible to leave 'dead'
952 22). Handling of oplock break failure cleanups improved. Should not be
953 able to leave 'dead' entries.
954 23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts.
955 24). Misc. MS-DFS code fixes.
956 25). Ignore logon packets if not a PDC (needed for PDC/BDC failover).
957 26). winbind pam module added.
958 27). Order N^^2 enumeration of printers problem fixed.
959 28). Password backend database code re-ordered to allow different password
960 backends (at compile time currently).
961 29). Improved print driver version detection for Windows 2000.
962 30). Driver DEVMODE initialization fixes.
963 31). Improved SYSV print parse code.
964 32). Fixed enumeration of large numbers of users/groups from Windows clients.
966 33). Fix for buggy NetApp RPC pipe clients.
967 34). Fix for NT sending multiple SetPrinterDataEx calls.
968 35). Fix for logic bug where smbd could delay oplock break request messages
969 from other smbd daemons whilst client kept us busy.
970 36). Fix deadlock problem with connections tdb on enumeration.
971 37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways.
972 38). Removed unused readbmpx/writebmpx code.
973 39). Attempt to fix Linux 2.4.x quota mess.
974 40). Improved ctemp code for Windows 2000 compatibility.
975 41). Finally understood difference between set EOF and set allocation requests.
976 Added strict allocate parameter to help.
977 42). Correctly return name types on name to SID lookups.
978 43). tdb spinlock code update.
979 44). Use pread/pwrite on systems that have it to fix race condition in tdb code.
981 -----------------------------------------------------------------------------
982 The release notes for 2.2.1a follow :
984 This is a minor bugfix release for 2.2.1, *NOT* security related.
986 1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or
987 Windows2000 machine into a Samba hosted PDC would fail due to our
988 stricter user name checking. We were disallowing user names
989 containing '$', which is needed when using smbpasswd to add a
990 machine into a domain. Automatically adding machines (using the
991 native Windows tools) into a Samba domain worked correctly.
993 2.2.1a fixes this single problem.
995 -----------------------------------------------------------------------------
996 The release notes for 2.2.1 follow :
998 New/Changed parameters in 2.2.1
999 -------------------------------
1004 obey pam restrictions
1006 When Samba is configured to use PAM, turns on or off Samba checking
1007 the PAM account restrictions. Defaults to off.
1011 When Samba is configured to use PAM, turns on or off Samba passing
1012 the password changes to PAM. Defaults to off.
1016 New option to allow new Windows 2000 large file (64k) streaming
1017 read/write options. Needs a 64 bit underlying operating system
1018 (for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance
1019 by 10% with Windows 2000 clients. Defaults to off. Not as tested
1020 as some other Samba code paths.
1024 Prevents clients from seeing the existence of files that cannot
1025 be read. Off by default.
1029 Turn on/off the enhanced Samba browsing functionality (*1B names).
1030 Default is "on". Can prevent eternal machines in workgroups when
1031 WINS servers are not synchronized.
1043 1). "find" command removed for smbclient. Internal code now used.
1044 2). smbspool updates to retry connections from Michael Sweet.
1045 3). Fix for mapping 8859-15 characters to UNICODE.
1046 4). Changed "security=server" to try with invalid username to prevent
1048 5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC.
1049 6). Support for Windows 9x Nexus tools to allow security changes from Win9x.
1050 7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network
1051 lock tester tool for distributed databases.
1052 8). Preliminary support added for Windows 2000 large file read/write SMBs.
1053 9). Changed random number generator in Samba to prevent guess attacks.
1054 10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb.
1055 smbd's clean the tdb files on startup and shutdown.
1056 11). Fixes for default ACLs on Solaris.
1057 12). Tidyup of password entry caching code.
1058 13). Correct shutdowns added for send fails. Helps tdb cleanup code.
1059 14). Prevent invalid '/' characters in workgroup names.
1060 15). Removed more static arrays in SAMR code.
1061 16). Client code is now UNICODE on the wire.
1062 17). Fix 2 second timestamp resolution everywhere if dos timestamp set to yes.
1063 18). All tdb opens now going through logging function.
1064 19). Add pam password changing and pam restrictions code.
1065 20). Printer driver management improvements (delete driver).
1066 21). Fix difference between NULL security descriptors and empty
1067 security descriptors.
1068 22). Fix SID returns for server roles.
1069 23). Allow Windows 2000 mmc to view and set Samba share security descriptors.
1070 24). Allow smbcontrol to forcibly disconnect a share.
1071 25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent
1072 mmap/file read/write cache.
1073 26). Fix race condition in returning create disposition for file create/open.
1074 27). Fix NT rewriting of security descriptors to their canonical form for
1076 28). Fix for Samba running on top of Linux VFAT ftruncate bug.
1077 29). Swat fixes for being run with xinetd that doesn't set the umask.
1078 30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft
1079 TCP stack early ack specification error.
1080 31). Changed lock & persistent tdb directory to /var/cache/samba by default on
1081 RedHat and Mandrake as they clear the /var/lock/samba directory on reboot.
1083 -----------------------------------------------------------------------------
1084 The release notes for 2.2.0a follow :
1089 This is a security bugfix release for Samba 2.2.0. This release provides the
1090 following two changes *ONLY* from the 2.2.0 release.
1092 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
1093 and described in the security advisory below.
1094 2). Fix for the hosts allow/hosts deny parameters not being honoured.
1096 No other changes are being made for this release to ensure a security fix only.
1097 For new functionality (including these security fixes) download Samba 2.2.1
1098 when it is available.
1100 The security advisory follows :
1103 IMPORTANT: Security bugfix for Samba
1104 ------------------------------------
1112 A serious security hole has been discovered in all versions of Samba
1113 that allows an attacker to gain root access on the target machine for
1114 certain types of common Samba configuration.
1116 The immediate fix is to edit your smb.conf configuration file and
1117 remove all occurances of the macro "%m". Replacing occurances of %m
1118 with %I is probably the best solution for most sites.
1123 A remote attacker can use a netbios name containing unix path
1124 characters which will then be substituted into the %m macro wherever
1125 it occurs in smb.conf. This can be used to cause Samba to create a log
1126 file on top of an important system file, which in turn can be used to
1127 compromise security on the server.
1129 The most commonly used configuration option that can be vulnerable to
1130 this attack is the "log file" option. The default value for this
1131 option is VARDIR/log.smbd. If the default is used then Samba is not
1132 vulnerable to this attack.
1134 The security hole occurs when a log file option like the following is
1137 log file = /var/log/samba/%m.log
1139 In that case the attacker can use a locally created symbolic link to
1140 overwrite any file on the system. This requires local access to the
1143 If your Samba configuration has something like the following:
1145 log file = /var/log/samba/%m
1147 Then the attacker could successfully compromise your server remotely
1148 as no symbolic link is required. This type of configuration is very
1151 The most commonly used log file configuration containing %m is the
1152 distributed in the sample configuration file that comes with Samba:
1154 log file = /var/log/samba/log.%m
1156 in that case your machine is not vulnerable to this attack unless you
1157 happen to have a subdirectory in /var/log/samba/ which starts with the
1163 Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
1170 While we recommend that vulnerable sites immediately change their
1171 smb.conf configuration file to prevent the attack we will also be
1172 making new releases of Samba within the next 24 hours to properly fix
1173 the problem. Please see http://www.samba.org/ for the new releases.
1175 Please report any attacks to the appropriate authority.
1180 ---------------------------------------------------------------------------
1182 The release notes for 2.2.0 follow :
1184 This is the official Samba 2.2.0 release. This version of Samba provides
1185 the following new features and enhancements.
1187 Integration between Windows oplocks and NFS file opens (IRIX and Linux
1188 2.4 kernel only). This gives complete data and locking integrity between
1189 Windows and UNIX file access to the same data files.
1191 Ability to act as an authentication source for Windows 2000 clients as
1192 well as for NT4.x clients.
1194 Integration with the winbind daemon that provides a single
1195 sign on facility for UNIX servers in Windows 2000/NT4 networks
1196 driven by a Windows 2000/NT4 PDC. winbind is not included in
1197 this release, it currently must be obtained separately. We are
1198 committed to including winbind in a future Samba 2.2.x release.
1200 Support for native Windows 2000/NT4 printing RPCs. This includes
1201 support for automatic printer driver download.
1203 Support for server supported Access Control Lists (ACLs).
1204 This release contains support for the following filesystems:
1208 Linux Kernel with ACL patch from http://acl.bestbits.at
1209 Linux Kernel with XFS ACL support.
1210 Caldera/SCO UnixWare
1212 FreeBSD (with external patch)
1214 Other platforms will be supported as resources are
1215 available to test and implement the necessary modules. If
1216 you are interested in writing the support for a particular
1217 ACL filesystem, please join the samba-technical mailing
1218 list and coordinate your efforts.
1220 On PAM (Pluggable Authentication Module) based systems - better debugging
1221 messages and encrypted password users now have access control verified via
1222 PAM - Note: Authentication still uses the encrypted password database.
1224 Rewritten internal locking semantics for more robustness.
1225 This release supports full 64 bit locking semantics on all
1226 (even 32 bit) platforms. SMB locks are mapped onto POSIX
1227 locks (32 bit or 64 bit) as the underlying system allows.
1229 Conversion of various internal flat data structures to use
1230 database records for increased performance and
1233 Support for acting as a MS-DFS (Distributed File System) server.
1235 Support for manipulating Samba shares using Windows client tools
1236 (server manager). Per share security can be set using these tools
1237 and Samba will obey the access restrictions applied.
1239 Samba profiling support (see below).
1241 Compile time option for enabling a (Virtual file system) VFS layer
1242 to allow non-disk resources to be exported as Windows filesystems
1243 (such as databases etc.).
1245 The documentation in this release has been updated and converted
1246 from Yodl to DocBook 4.1. There are many new parameters since 2.0.7
1247 and some defaults have changed.
1251 Support for collection of profile information. A shared
1252 memory area has been created which contains counters for
1253 the number of calls to and the amount of time spent in
1254 various system calls, smb transactions and nmbd activity. See
1255 the file profile.h for a complete listing of the information
1256 collected. Sample code for a samba pmda (collection agent
1257 for Performance Co-Pilot) has been included in the pcp
1260 To enable the profile data collection code in samba, you must
1261 compile samba with profile data support (run configure with
1262 the --with-profiling-data option). On startup, collection of
1263 data is disabled. To begin collecting data use the smbcontrol
1264 program to turn on profiling (see the smbcontrol man page).
1265 Profile information collection can be enabled for nmbd, all smbd
1266 processes or one or more selected processes. The profiling
1267 data collected is the aggregate for all processes that have
1270 With samba compiled for profile data collection, you may see
1271 a very slight degradation in performance even with profiling
1272 collection turned off. On initial tests with NetBench on an
1273 SGI Origin 200 server, this degradation was not measurable
1274 with profile collection off compared to no profile collection
1275 compiled into samba.
1277 With count profile collection enabled on all clients, the
1278 degradation was less than 2%. With full profile collection
1279 enabled on all clients, the degradation was about 8.5%.
1281 =====================================================================
1283 If you think you have found a bug please email a report to :
1287 As always, all bugs are our responsibility.