1 ==============================
2 Release Notes for Samba 4.4.11
4 ==============================
7 This is the latest stable release of Samba 4.4. Please note that this will
8 very likely be the last maintenance release of the Samba 4.4 release branch.
14 o Jeremy Allison <jra@samba.org>
15 * BUG 12608: s3: smbd: Restart reading the incoming SMB2 fd when the send
18 o Ralph Boehme <slow@samba.org>
19 * BUG 7537: s3/smbd: Fix deferred open with streams and kernel oplocks.
20 * BUG 12604: vfs_fruit: Enabling AAPL extensions must be a global switch.
21 * BUG 12615: manpages/vfs_fruit: Document global options.
23 o Volker Lendecke <vl@samba.org>
24 * BUG 12610: smbd: Do an early exit on negprot failure.
26 o Stefan Metzmacher <metze@samba.org>
27 * BUG 11830: s3:winbindd: Fix endless forest trust scan.
29 o Andreas Schneider <asn@samba.org>
30 * BUG 12686: Fix build with newer glibc.
33 #######################################
34 Reporting bugs & Development Discussion
35 #######################################
37 Please discuss this release on the samba-technical mailing list or by
38 joining the #samba-technical IRC channel on irc.freenode.net.
40 If you do report problems then please try to send high quality
41 feedback. If you don't provide vital information to help us track down
42 the problem then you will probably be ignored. All bug reports should
43 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
44 database (https://bugzilla.samba.org/).
47 ======================================================================
48 == Our Code, Our Bugs, Our Responsibility.
50 ======================================================================
53 Release notes for older releases follow:
54 ----------------------------------------
56 ==============================
57 Release Notes for Samba 4.4.10
59 ==============================
62 This is the latest stable release of Samba 4.4. Please note that this will
63 likely be the last maintenance release of the Samba 4.4 release branch.
65 Major enhancements in Samba 4.4.10 include:
67 o Domain join broken under certain circumstances after winbindd changed the
68 trust password (bug #12262).
70 A new parameter "include system krb5 conf" has been added (bug #12441). Please
71 see the man page for details.
77 o Jeremy Allison <jra@samba.org>
78 * BUG 12479: s3: libsmb: Add cli_smb2_ftruncate(), plumb into
80 * BUG 12499: s3: vfs: dirsort doesn't handle opendir of "." correctly.
81 * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.
82 * BUG 12531: Make vfs_shadow_copy2 cope with server changing directories.
83 * BUG 12546: s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store
84 the same path as streams_xattr_recheck().
86 o Ralph Boehme <slow@samba.org>
87 * BUG 12536: s3/smbd: Check for invalid access_mask
88 smbd_calculate_access_mask().
89 * BUG 12541: vfs_fruit: checks wrong AAPL config state and so always uses
91 * BUG 12545: s3/rpc_server/mdssvc: Add attribute "kMDItemContentType".
92 * BUG 12591: vfs_streams_xattr: Use fsp, not base_fsp.
94 o David Disseldorp <ddiss@samba.org>
95 * BUG 12144: smbd/ioctl: Match WS2016 ReFS set compression behaviour.
97 o Amitay Isaacs <amitay@gmail.com>
98 * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
100 o Björn Jacke <bj@sernet.de>
101 * BUG 2210: pam: Map more NT password errors to PAM errors.
102 * BUG 12535: vfs_default: Unlock the right file in copy chunk.
104 o Volker Lendecke <vl@samba.org>
105 * BUG 12509: messaging: Fix dead but not cleaned-up-yet destination sockets.
106 * BUG 12551: smbd: Fix "map acl inherit" = yes.
108 o Stefan Metzmacher <metze@samba.org>
109 * BUG 11830: Domain member cannot resolve trusted domains' users.
110 * BUG 12262: Domain join broken under certain circumstances after winbindd
111 changed the trust password.
112 * BUG 12480: 'kinit' succeeded, but ads_sasl_spnego_gensec_bind(KRB5) failed: An
113 internal error occurred (with MIT krb5).
114 * BUG 12540: s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB
116 * BUG 12581: 'smbclient' fails on bad endianess when listing shares from
117 Solaris kernel SMB server on SPARC.
118 * BUG 12585: librpc/rpc: fix regression in
119 NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
120 * BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without
121 netr_LogonSamLogonEx.
122 * BUG 12587: Fix winbindd child segfaults on connect to an NT4 domain.
123 * BUG 12588: cm_prepare_connection may return NT_STATUS_OK without a valid
125 * BUG 12598: winbindd (as member) requires kerberos against trusted ad domain,
128 o Andreas Schneider <asn@samba.org>
129 * BUG 12441: s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos.
130 * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().
132 o Martin Schwenke <martin@meltin.net>
133 * BUG 12589: CTDB statd-callout does not cause grace period when
136 o Uri Simchoni <uri@samba.org>
137 * BUG 12529: waf: Backport finding of pkg-config.
140 #######################################
141 Reporting bugs & Development Discussion
142 #######################################
144 Please discuss this release on the samba-technical mailing list or by
145 joining the #samba-technical IRC channel on irc.freenode.net.
147 If you do report problems then please try to send high quality
148 feedback. If you don't provide vital information to help us track down
149 the problem then you will probably be ignored. All bug reports should
150 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
151 database (https://bugzilla.samba.org/).
154 ======================================================================
155 == Our Code, Our Bugs, Our Responsibility.
157 ======================================================================
160 ----------------------------------------------------------------------
163 =============================
164 Release Notes for Samba 4.4.9
166 =============================
169 This is the latest stable release of Samba 4.4.
175 o Michael Adam <obnox@samba.org>
176 * BUG 12404: vfs:glusterfs: Preallocate result for glfs_realpath.
178 o Jeremy Allison <jra@samba.org>
179 * BUG 12299: Fix unitialized variable warnings in smbd open.c and close.c.
180 * BUG 12387: s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.
181 * BUG 12436: s3/smbd: Fix the last resort check that sets the file type
184 o Andrew Bartlett <abartlet@samba.org>
185 * BUG 12395: build: Fix build with perl on debian sid.
187 o Ralph Boehme <slow@samba.org>
188 * BUG 12412: Fix typo in vfs_fruit: fruit:ressource -> fruit:resource.
190 o Günther Deschner <gd@samba.org>
191 * BUG 11197: spoolss: Use correct values for secdesc and devmode pointers.
193 o Amitay Isaacs <amitay@gmail.com>
194 * BUG 12366: provision: Add support for BIND 9.11.x.
195 * BUG 12392: ctdb-locking: Reset real-time priority in lock helper.
196 * BUG 12434: ctdb-recovery: Avoid NULL dereference in failure case.
198 o Stefan Metzmacher <metze@samba.org>
199 * BUG 10297: s3:smbd: Only pass UCF_PREP_CREATEFILE to filename_convert() if
200 we may create a new file.
201 * BUG 12471: Fix build with MIT Kerberos.
203 o Mathieu Parent <math.parent@gmail.com>
204 * BUG 12371: ctdb-scripts: Fix Debian init in Samba eventscript.
206 o Andreas Schneider <asn@samba.org>
207 * BUG 12183: s3-printing: Correctly encode CUPS printer URIs.
208 * BUG 12195: s3-printing: Allow printer names longer than 16 chars.
209 * BUG 12269: nss_wins: Fix errno values for HOST_NOT_FOUND.
210 * BUG 12405: s3-winbind: Do not return NO_MEMORY if we have an empty user
212 * BUG 12415: s3:spoolss: Add support for COPY_FROM_DIRECTORY in
215 o Martin Schwenke <martin@meltin.net>
216 * BUG 12104: ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/.
218 o Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
219 * BUG 12372: ctdb-conn: Add missing variable initialization.
222 #######################################
223 Reporting bugs & Development Discussion
224 #######################################
226 Please discuss this release on the samba-technical mailing list or by
227 joining the #samba-technical IRC channel on irc.freenode.net.
229 If you do report problems then please try to send high quality
230 feedback. If you don't provide vital information to help us track down
231 the problem then you will probably be ignored. All bug reports should
232 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
233 database (https://bugzilla.samba.org/).
236 ======================================================================
237 == Our Code, Our Bugs, Our Responsibility.
239 ======================================================================
242 ----------------------------------------------------------------------
245 =============================
246 Release Notes for Samba 4.4.8
248 =============================
251 This is a security release in order to address the following defects:
253 o CVE-2016-2123 (Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer
254 Overflow Remote Code Execution Vulnerability).
255 o CVE-2016-2125 (Unconditional privilege delegation to Kerberos servers in
257 o CVE-2016-2126 (Flaws in Kerberos PAC validation can trigger privilege
265 The Samba routine ndr_pull_dnsp_name contains an integer wrap problem,
266 leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name
267 parses data from the Samba Active Directory ldb database. Any user
268 who can write to the dnsRecord attribute over LDAP can trigger this
271 By default, all authenticated LDAP users can write to the dnsRecord
272 attribute on new DNS objects. This makes the defect a remote privilege
276 Samba client code always requests a forwardable ticket
277 when using Kerberos authentication. This means the
278 target server, which must be in the current or trusted
279 domain/realm, is given a valid general purpose Kerberos
280 "Ticket Granting Ticket" (TGT), which can be used to
281 fully impersonate the authenticated user or service.
284 A remote, authenticated, attacker can cause the winbindd process
285 to crash using a legitimate Kerberos ticket due to incorrect
286 handling of the arcfour-hmac-md5 PAC checksum.
288 A local service with access to the winbindd privileged pipe can
289 cause winbindd to cache elevated access permissions.
295 o Volker Lendecke <vl@samba.org>
296 * BUG 12409: CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995.
298 o Stefan Metzmacher <metze@samba.org>
299 * BUG 12445: CVE-2016-2125: Don't send delegated credentials to all servers.
300 * BUG 12446: CVE-2016-2126: auth/kerberos: Only allow known checksum types in
301 check_pac_checksum().
304 #######################################
305 Reporting bugs & Development Discussion
306 #######################################
308 Please discuss this release on the samba-technical mailing list or by
309 joining the #samba-technical IRC channel on irc.freenode.net.
311 If you do report problems then please try to send high quality
312 feedback. If you don't provide vital information to help us track down
313 the problem then you will probably be ignored. All bug reports should
314 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
315 database (https://bugzilla.samba.org/).
318 ======================================================================
319 == Our Code, Our Bugs, Our Responsibility.
321 ======================================================================
324 ----------------------------------------------------------------------
327 =============================
328 Release Notes for Samba 4.4.7
330 =============================
333 This is the latest stable release of Samba 4.4.
335 Major enhancements in Samba 4.4.7 include:
337 o Let winbindd discard expired kerberos tickets when built against
338 (internal) heimdal (BUG #12369).
339 o REGRESSION: smbd segfaults on startup, tevent context being freed
346 o Jeremy Allison <jra@samba.org>
347 * BUG 11259: smbd contacts a domain controller for each session.
348 * BUG 12283: REGRESSION: smbd segfaults on startup, tevent context being
350 * BUG 12291: source3/lib/msghdr: Fix syntax error before or at: ;.
351 * BUG 12381: s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6
354 o Christian Ambach <ambi@samba.org>
355 * BUG 9945: Setting specific logger levels in smb.conf makes 'samba-tool drs
358 o Björn Baumbach <bb@sernet.de>
359 * BUG 8618: s3-printing: Fix migrate printer code.
361 o Ralph Boehme <slow@samba.org>
362 * BUG 12261: s3/smbd: Set FILE_ATTRIBUTE_DIRECTORY as necessary.
364 o Günther Deschner <gd@samba.org>
365 * BUG 12285: "DriverVersion" registry backend parsing incorrect in spoolss.
367 o David Disseldorp <ddiss@samba.org>
368 * BUG 12144: smbd/ioctl: Match WS2016 ReFS get compression behaviour.
370 o Amitay Isaacs <amitay@gmail.com>
371 * BUG 12287: CTDB PID file handling is too weak.
373 o Volker Lendecke <vl@samba.org>
374 * BUG 12045: gencache: Bail out of stabilize if we can not get the allrecord
376 * BUG 12283: glusterfs: Avoid tevent_internal.h.
377 * BUG 12374: spoolss: Fix caching of printername->sharename.
379 o Stefan Metzmacher <metze@samba.org>
380 * BUG 12283: REGRESSION: smbd segfaults on startup, tevent context being
382 * BUG 12369: Let winbindd discard expired kerberos tickets when built against
385 o Noel Power <noel.power@suse.com>
386 * BUG 12298: s3/winbindd: Using default domain with user@domain.com format
389 o Jose A. Rivera <jarrpa@samba.org>
390 * BUG 12362: ctdb-scripts: Avoid dividing by zero in memory calculation.
392 o Anoop C S <anoopcs@redhat.com>
393 * BUG 12377: vfs_glusterfs: Fix a memory leak in connect path.
395 o Andreas Schneider <asn@samba.org>
396 * BUG 12269: nss_wins has incorrect function definitions for gethostbyname*.
397 * BUG 12276: s3-lib: Fix %G substitution in AD member environment.
398 * BUG 12364: s3-utils: Fix loading smb.conf in smbcquotas.
400 o Martin Schwenke <martin@meltin.net>
401 * BUG 12287: CTDB PID file handling is too weak.
402 * BUG 12362: ctdb-scripts: Fix incorrect variable reference.
405 #######################################
406 Reporting bugs & Development Discussion
407 #######################################
409 Please discuss this release on the samba-technical mailing list or by
410 joining the #samba-technical IRC channel on irc.freenode.net.
412 If you do report problems then please try to send high quality
413 feedback. If you don't provide vital information to help us track down
414 the problem then you will probably be ignored. All bug reports should
415 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
416 database (https://bugzilla.samba.org/).
419 ======================================================================
420 == Our Code, Our Bugs, Our Responsibility.
422 ======================================================================
425 ----------------------------------------------------------------------
428 =============================
429 Release Notes for Samba 4.4.6
431 =============================
434 This is the latest stable release of Samba 4.4.
440 o Michael Adam <obnox@samba.org>
441 * BUG 11977: libnet: Ignore realm setting for domain security joins to AD
442 domains if 'winbind rpc only = true'.
443 * BUG 12155: idmap: Centrally check that unix IDs returned by the idmap
444 backends are in range.
446 o Jeremy Allison <jra@samba.org>
447 * BUG 11838: s4: ldb: Ignore case of "range" in sscanf as we've already
448 checked for its presence.
449 * BUG 11845: Incorrect bytecount in ReadAndX smb1 response.
450 * BUG 11955: lib: Fix uninitialized read in msghdr_copy.
451 * BUG 11959: s3: krb5: keytab - The done label can be jumped to with context
453 * BUG 11986: s3: libsmb: Correctly trim a trailing \\ character in
454 cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
455 * BUG 12021: Fix smbd crash (Signal 4) on File Delete.
456 * BUG 12135: libgpo: Correctly use the 'server' parameter after parsing it
458 * BUG 12139: s3: oplock: Fix race condition when closing an oplocked file.
459 * BUG 12272: Fix messaging subsystem crash.
461 o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
462 * BUG 11750: gcc6 fails to build internal heimdal.
464 o Andrew Bartlett <abartlet@samba.org>
465 * BUG 11991: build: Build less of Samba when building
466 '--without-ntvfs-fileserver'.
467 * BUG 12026: build: Always build eventlog6. This is not a duplicate of
469 * BUG 12154: ldb-samba: Add "secret" as a value to hide in LDIF files.
470 * BUG 12178: dbcheck: Abandon dbcheck if we get an error during a
473 o Ralph Boehme <slow@samba.org>
474 * BUG 10008: dbwrap_ctdb: Treat empty records in ltdb as non-existing.
475 * BUG 11520: Fix DNS secure updates.
476 * BUG 11961: idmap_autorid allocates ids for unknown SIDs from other
478 * BUG 11992: s3/smbd: Only use stored dos attributes for
479 open_match_attributes() check.
480 * BUG 12005: smbd: Ignore ctdb tombstone records in
481 fetch_share_mode_unlocked_parser().
482 * BUG 12016: cleanupd terminates main smbd on exit.
483 * BUG 12028: vfs_acl_xattr: Objects without NT ACL xattr.
484 * BUG 12105: async_req: Make async_connect_send() "reentrant".
485 * BUG 12177: vfs_acl_common: Fix unexpected synthesized default ACL from
487 * BUG 12181: vfs_acl_xattr|tdb: Enforced settings when
488 "ignore system acls = yes".
490 o Alexander Bokovoy <ab@samba.org>
491 * BUG 11975: libnet_join: use sitename if it was set by pre-join detection.
493 o Günther Deschner <gd@samba.org>
494 * BUG 11977: s3-libnet: Print error string even on successful completion of
497 o Amitay Isaacs <amitay@gmail.com>
498 * BUG 11940: CTDB fails to recover large database.
499 * BUG 11941: CTDB does not ban misbehaving nodes during recovery.
500 * BUG 11946: Samba and CTDB packages both have tevent-unix-util dependency.
501 * BUG 11956: ctdb-recoverd: Avoid duplicate recoverd event in parallel
503 * BUG 12158: CTDB release IP fixes.
504 * BUG 12259: ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control
506 * BUG 12271: CTDB recovery does not terminate if no node is banned due to
508 * BUG 12275: ctdb-recovery-helper: Add missing initialisation of ban_credits.
510 o Volker Lendecke <vl@samba.org>
511 * BUG 12268: smbd: Reset O_NONBLOCK on open files.
513 o Stefan Metzmacher <metze@samba.org>
514 * BUG 11948: dcerpc.idl: Remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE.
515 * BUG 11982: Invalid auth_pad_length is not ignored for BIND_* and ALTER_*
517 * BUG 11994: gensec/spnego: Work around missing server mechListMIC in SMB
519 * BUG 12007: libads: Ensure the right ccache is used during spnego bind.
520 * BUG 12018: python/remove_dc: Handle dnsNode objects without dnsRecord
522 * BUG 12129: samba-tool/ldapcmp: Ignore differences of whenChanged.
524 o Marc Muehlfeld <mmuehlfeld@samba.org>
525 * BUG 12023: man: Wrong option for parameter ldap ssl in smb.conf man page.
527 o Andreas Schneider <asn@samba.org>
528 * BUG 11936: libutil: Support systemd 230.
529 * BUG 11999: s3-winbind: Fix memory leak with each cached credential login.
530 * BUG 12104: ctdb-waf: Move ctdb tests to libexec directory.
531 * BUG 12175: s3-util: Fix asking for username and password in smbget.
533 o Martin Schwenke <martin@meltin.net>
534 * BUG 12104: ctdb-packaging: Move ctdb tests to libexec directory.
535 * BUG 12110: ctdb-daemon: Fix several Coverity IDs.
536 * BUG 12158: CTDB release IP fixes.
537 * BUG 12161: Fix CTDB cumulative takeover timeout.
538 * BUG 12180: Fix CTDB crashes running eventscripts.
540 o Uri Simchoni <uri@samba.org>
541 * BUG 12006: auth: Fix a memory leak in gssapi_get_session_key().
542 * BUG 12145: smbd: If inherit owner is enabled, the free disk on a folder
543 should take the owner's quota into account.
544 * BUG 12149: smbd: Allow reading files based on FILE_EXECUTE access right.
545 * BUG 12172: Fix access of snapshot folders via SMB1.
547 o Lorinczy Zsigmond <lzsiga@freemail.c3.hu>
548 * BUG 11947: lib: replace: snprintf: Fix length calculation for hex/octal
552 #######################################
553 Reporting bugs & Development Discussion
554 #######################################
556 Please discuss this release on the samba-technical mailing list or by
557 joining the #samba-technical IRC channel on irc.freenode.net.
559 If you do report problems then please try to send high quality
560 feedback. If you don't provide vital information to help us track down
561 the problem then you will probably be ignored. All bug reports should
562 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
563 database (https://bugzilla.samba.org/).
566 ======================================================================
567 == Our Code, Our Bugs, Our Responsibility.
569 ======================================================================
572 ----------------------------------------------------------------------
575 =============================
576 Release Notes for Samba 4.4.5
578 =============================
581 This is a security release in order to address the following defect:
583 o CVE-2016-2119 (Client side SMB2/3 required signing can be downgraded)
590 It's possible for an attacker to downgrade the required signing for
591 an SMB2/3 client connection, by injecting the SMB2_SESSION_FLAG_IS_GUEST
592 or SMB2_SESSION_FLAG_IS_NULL flags.
594 This means that the attacker can impersonate a server being connected to by
595 Samba, and return malicious results.
597 The primary concern is with winbindd, as it uses DCERPC over SMB2 when talking
598 to domain controllers as a member server, and trusted domains as a domain
599 controller. These DCE/RPC connections were intended to protected by the
600 combination of "client ipc signing" and
601 "client ipc max protocol" in their effective default settings
602 ("mandatory" and "SMB3_11").
604 Additionally, management tools like net, samba-tool and rpcclient use DCERPC
605 over SMB2/3 connections.
607 By default, other tools in Samba are unprotected, but rarely they are
608 configured to use smb signing, via the "client signing" parameter (the default
609 is "if_required"). Even more rarely the "client max protocol" is set to SMB2,
610 rather than the NT1 default.
612 If both these conditions are met, then this issue would also apply to these
613 other tools, including command line tools like smbcacls, smbcquota, smbclient,
614 smbget and applications using libsmbclient.
620 o Stefan Metzmacher <metze@samba.org>
621 * BUG 11860: CVE-2016-2119: Fix client side SMB2 signing downgrade.
622 * BUG 11948: Total dcerpc response payload more than 0x400000.
625 #######################################
626 Reporting bugs & Development Discussion
627 #######################################
629 Please discuss this release on the samba-technical mailing list or by
630 joining the #samba-technical IRC channel on irc.freenode.net.
632 If you do report problems then please try to send high quality
633 feedback. If you don't provide vital information to help us track down
634 the problem then you will probably be ignored. All bug reports should
635 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
636 database (https://bugzilla.samba.org/).
639 ======================================================================
640 == Our Code, Our Bugs, Our Responsibility.
642 ======================================================================
645 ----------------------------------------------------------------------
648 =============================
649 Release Notes for Samba 4.4.4
651 =============================
654 This is the latest stable release of Samba 4.4.
660 o Michael Adam <obnox@samba.org>
661 * BUG 11809: SMB3 multichannel: Add implementation of missing channel sequence
663 * BUG 11919: smbd:close: Only remove kernel share modes if they had been
665 * BUG 11930: notifyd: Prevent NULL deref segfault in notifyd_peer_destructor.
667 o Jeremy Allison <jra@samba.org>
668 * BUG 10618: s3: auth: Move the declaration of struct dom_sid tmp_sid to
669 function level scope.
671 o Christian Ambach <ambi@samba.org>
672 * BUG 10796: s3:rpcclient: Make '--pw-nt-hash' option work.
673 * BUG 11354: s3:libsmb/clifile: Use correct value for MaxParameterCount for
675 * BUG 11438: Fix case sensitivity issues over SMB2 or above.
677 o Ralph Boehme <slow@samba.org>
678 * BUG 1703: s3:libnet:libnet_join: Add netbios aliases as SPNs.
679 * BUG 11721: vfs_fruit: Add an option that allows disabling POSIX rename
682 o Alexander Bokovoy <ab@samba.org>
683 * BUG 11936: s3-smbd: Support systemd 230.
685 o Ira Cooper <ira@samba.org>
686 * BUG 11907: source3: Honor the core soft limit of the OS.
688 o Günther Deschner <gd@samba.org>
689 * BUG 11809: SMB3 multichannel: Add implementation of missing channel sequence
691 * BUG 11864: s3:client:smbspool_krb5_wrapper: Fix the non clearenv build.
692 * BUG 11906: s3-kerberos: Avoid entering a password change dialogue also when
695 o Robin Hack <hack.robin@gmail.com>
696 * BUG 11890: ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized
699 o Volker Lendecke <vl@samba.org>
700 * BUG 11844: dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND.
702 o Robin McCorkell <robin@mccorkell.me.uk>
703 * BUG 11276: Correctly set cli->raw_status for libsmbclient in SMB2 code.
705 o Stefan Metzmacher <metze@samba.org>
706 * BUG 11910: s3:smbd: Fix anonymous authentication if signing is mandatory.
707 * BUG 11912: libcli/auth: Let msrpc_parse() return talloc'ed empty strings.
708 * BUG 11914: Fix NTLM Authentication issue with squid.
709 * BUG 11927: s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT.
711 o Luca Olivetti <luca@wetron.es>
712 * BUG 11530: pdb: Fix segfault in pdb_ldap for missing gecos.
714 o Rowland Penny <rpenny@samba.org>
715 * BUG 11613: Allow 'samba-tool fsmo' to cope with empty or missing fsmo
718 o Anoop C S <anoopcs@redhat.com>
719 * BUG 11907: packaging: Set default limit for core file size in service
722 o Andreas Schneider <asn@samba.org>
723 * BUG 11922: s3-net: Convert the key_name to UTF8 during migration.
724 * BUG 11935: s3-smbspool: Log to stderr.
726 o Uri Simchoni <uri@samba.org>
727 * BUG 11900: heimdal: Encode/decode kvno as signed integer.
728 * BUG 11931: s3-quotas: Fix sysquotas_4B quota fetching for BSD.
729 * BUG 11937: smbd: dfree: Ignore quota if not enforced.
731 o Raghavendra Talur <rtalur@redhat.com>
732 * BUG 11907: init: Set core file size to unlimited by default.
734 o Hemanth Thummala <hemanth.thummala@nutanix.com>
735 * BUG 11934: Fix memory leak in share mode locking.
738 #######################################
739 Reporting bugs & Development Discussion
740 #######################################
742 Please discuss this release on the samba-technical mailing list or by
743 joining the #samba-technical IRC channel on irc.freenode.net.
745 If you do report problems then please try to send high quality
746 feedback. If you don't provide vital information to help us track down
747 the problem then you will probably be ignored. All bug reports should
748 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
749 database (https://bugzilla.samba.org/).
752 ======================================================================
753 == Our Code, Our Bugs, Our Responsibility.
755 ======================================================================
758 ----------------------------------------------------------------------
761 =============================
762 Release Notes for Samba 4.4.3
764 =============================
767 This is the latest stable release of Samba 4.4.
769 This release fixes some regressions introduced by the last security fixes.
770 Please see bug https://bugzilla.samba.org/show_bug.cgi?id=11849 for a list of
771 bugs addressing these regressions and more information.
777 o Michael Adam <obnox@samba.org>
778 * BUG 11786: idmap_hash: Only allow the hash module for default idmap config.
780 o Jeremy Allison <jra@samba.org>
781 * BUG 11822: s3: libsmb: Fix error where short name length was read as 2
784 o Andrew Bartlett <abartlet@samba.org>
785 * BUG 11789: Fix returning of ldb.MessageElement.
787 o Ralph Boehme <slow@samba.org>
788 * BUG 11855: cleanupd: Restart as needed.
790 o Günther Deschner <gd@samba.org>
791 * BUG 11786: s3:winbindd:idmap: check loadparm in domain_has_idmap_config()
793 * BUG 11789: libsmb/pysmb: Add pytalloc-util dependency to fix the build.
795 o Volker Lendecke <vl@samba.org>
796 * BUG 11786: winbind: Fix CID 1357100: Unchecked return value.
797 * BUG 11816: nwrap: Fix the build on Solaris.
798 * BUG 11827: vfs_catia: Fix memleak.
799 * BUG 11878: smbd: Avoid large reads beyond EOF.
801 o Stefan Metzmacher <metze@samba.org>
802 * BUG 11789: s3:wscript: pylibsmb depends on pycredentials.
803 * BUG 11841: Fix NT_STATUS_ACCESS_DENIED when accessing Windows public share.
804 * BUG 11847: Only validate MIC if "map to guest" is not being used.
805 * BUG 11849: auth/ntlmssp: Add ntlmssp_{client,server}:force_old_spnego
807 * BUG 11850: NetAPP SMB servers don't negotiate NTLMSSP_SIGN.
808 * BUG 11858: Allow anonymous smb connections.
809 * BUG 11870: Fix ads_sasl_spnego_gensec_bind(KRB5).
810 * BUG 11872: Fix 'wbinfo -u' and 'net ads search'.
812 o Tom Mortensen <tomm@lime-technology.com>
813 * BUG 11875: nss_wins: Fix the hostent setup.
815 o Garming Sam <garming@catalyst.net.nz>
816 * BUG 11789: build: Mark explicit dependencies on pytalloc-util.
818 o Partha Sarathi <partha@exablox.com>
819 * BUG 11819: Fix the smb2_setinfo to handle FS info types and FSQUOTA
822 o Jorge Schrauwen <sjorge@blackdot.be>
823 * BUG 11816: configure: Don't check for inotify on illumos.
825 o Uri Simchoni <uri@samba.org>
826 * BUG 11806: vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
828 * BUG 11815: smbcquotas: print "NO LIMIT" only if returned quota value is 0.
829 * BUG 11852: libads: Record session expiry for spnego sasl binds.
831 o Hemanth Thummala <hemanth.thummala@nutanix.com>
832 * BUG 11840: Mask general purpose signals for notifyd.
835 #######################################
836 Reporting bugs & Development Discussion
837 #######################################
839 Please discuss this release on the samba-technical mailing list or by
840 joining the #samba-technical IRC channel on irc.freenode.net.
842 If you do report problems then please try to send high quality
843 feedback. If you don't provide vital information to help us track down
844 the problem then you will probably be ignored. All bug reports should
845 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
846 database (https://bugzilla.samba.org/).
849 ======================================================================
850 == Our Code, Our Bugs, Our Responsibility.
852 ======================================================================
855 ----------------------------------------------------------------------
858 =============================
859 Release Notes for Samba 4.4.2
861 =============================
863 This is a security release containing one additional
864 regression fix for the security release 4.4.1.
866 This fixes a regression that prevents things like 'net ads join'
867 from working against a Windows 2003 domain.
872 o Stefan Metzmacher <metze@samba.org>
873 * Bug 11804 - prerequisite backports for the security release on
877 -----------------------------------------------------------------------
880 =============================
881 Release Notes for Samba 4.4.1
883 =============================
886 This is a security release in order to address the following CVEs:
888 o CVE-2015-5370 (Multiple errors in DCE-RPC code)
890 o CVE-2016-2110 (Man in the middle attacks possible with NTLMSSP)
892 o CVE-2016-2111 (NETLOGON Spoofing Vulnerability)
894 o CVE-2016-2112 (LDAP client and server don't enforce integrity)
896 o CVE-2016-2113 (Missing TLS certificate validation)
898 o CVE-2016-2114 ("server signing = mandatory" not enforced)
900 o CVE-2016-2115 (SMB IPC traffic is not integrity protected)
902 o CVE-2016-2118 (SAMR and LSA man in the middle attacks possible)
904 The number of changes are rather huge for a security release,
905 compared to typical security releases.
907 Given the number of problems and the fact that they are all related
908 to man in the middle attacks we decided to fix them all at once
909 instead of splitting them.
911 In order to prevent the man in the middle attacks it was required
912 to change the (default) behavior for some protocols. Please see the
913 "New smb.conf options" and "Behavior changes" sections below.
921 Versions of Samba from 3.6.0 to 4.4.0 inclusive are vulnerable to
922 denial of service attacks (crashes and high cpu consumption)
923 in the DCE-RPC client and server implementations. In addition,
924 errors in validation of the DCE-RPC packets can lead to a downgrade
925 of a secure connection to an insecure one.
927 While we think it is unlikely, there's a nonzero chance for
928 a remote code execution attack against the client components,
929 which are used by smbd, winbindd and tools like net, rpcclient and
930 others. This may gain root access to the attacker.
932 The above applies all possible server roles Samba can operate in.
934 Note that versions before 3.6.0 had completely different marshalling
935 functions for the generic DCE-RPC layer. It's quite possible that
936 that code has similar problems!
938 The downgrade of a secure connection to an insecure one may
939 allow an attacker to take control of Active Directory object
940 handles created on a connection created from an Administrator
941 account and re-use them on the now non-privileged connection,
942 compromising the security of the Samba AD-DC.
946 There are several man in the middle attacks possible with
947 NTLMSSP authentication.
949 E.g. NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL
950 can be cleared by a man in the middle.
952 This was by protocol design in earlier Windows versions.
954 Windows Server 2003 RTM and Vista RTM introduced a way
955 to protect against the trivial downgrade.
957 See MsvAvFlags and flag 0x00000002 in
958 https://msdn.microsoft.com/en-us/library/cc236646.aspx
960 This new feature also implies support for a mechlistMIC
961 when used within SPNEGO, which may prevent downgrades
962 from other SPNEGO mechs, e.g. Kerberos, if sign or
963 seal is finally negotiated.
965 The Samba implementation doesn't enforce the existence of
966 required flags, which were requested by the application layer,
967 e.g. LDAP or SMB1 encryption (via the unix extensions).
968 As a result a man in the middle can take over the connection.
969 It is also possible to misguide client and/or
970 server to send unencrypted traffic even if encryption
971 was explicitly requested.
973 LDAP (with NTLMSSP authentication) is used as a client
974 by various admin tools of the Samba project,
975 e.g. "net", "samba-tool", "ldbsearch", "ldbedit", ...
977 As an active directory member server LDAP is also used
978 by the winbindd service when connecting to domain controllers.
980 Samba also offers an LDAP server when running as
981 active directory domain controller.
983 The NTLMSSP authentication used by the SMB1 encryption
984 is protected by smb signing, see CVE-2015-5296.
988 It's basically the same as CVE-2015-0005 for Windows:
990 The NETLOGON service in Microsoft Windows Server 2003 SP2,
991 Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold
992 and R2, when a Domain Controller is configured, allows remote
993 attackers to spoof the computer name of a secure channel's
994 endpoint, and obtain sensitive session information, by running a
995 crafted application and leveraging the ability to sniff network
996 traffic, aka "NETLOGON Spoofing Vulnerability".
998 The vulnerability in Samba is worse as it doesn't require
999 credentials of a computer account in the domain.
1001 This only applies to Samba running as classic primary domain controller,
1002 classic backup domain controller or active directory domain controller.
1004 The security patches introduce a new option called "raw NTLMv2 auth"
1005 ("yes" or "no") for the [global] section in smb.conf.
1006 Samba (the smbd process) will reject client using raw NTLMv2
1007 without using NTLMSSP.
1009 Note that this option also applies to Samba running as
1010 standalone server and member server.
1012 You should also consider using "lanman auth = no" (which is already the default)
1013 and "ntlm auth = no". Have a look at the smb.conf manpage for further details,
1014 as they might impact compatibility with older clients. These also
1015 apply for all server roles.
1019 Samba uses various LDAP client libraries, a builtin one and/or the system
1020 ldap libraries (typically openldap).
1022 As active directory domain controller Samba also provides an LDAP server.
1024 Samba takes care of doing SASL (GSS-SPNEGO) authentication with Kerberos or NTLMSSP
1025 for LDAP connections, including possible integrity (sign) and privacy (seal)
1028 Samba has support for an option called "client ldap sasl wrapping" since version
1029 3.2.0. Its default value has changed from "plain" to "sign" with version 4.2.0.
1031 Tools using the builtin LDAP client library do not obey the
1032 "client ldap sasl wrapping" option. This applies to tools like:
1033 "samba-tool", "ldbsearch", "ldbedit" and more. Some of them have command line
1034 options like "--sign" and "--encrypt". With the security update they will
1035 also obey the "client ldap sasl wrapping" option as default.
1037 In all cases, even if explicitly request via "client ldap sasl wrapping",
1038 "--sign" or "--encrypt", the protection can be downgraded by a man in the
1041 The LDAP server doesn't have an option to enforce strong authentication
1042 yet. The security patches will introduce a new option called
1043 "ldap server require strong auth", possible values are "no",
1044 "allow_sasl_over_tls" and "yes".
1046 As the default behavior was as "no" before, you may
1047 have to explicitly change this option until all clients have
1048 been adjusted to handle LDAP_STRONG_AUTH_REQUIRED errors.
1049 Windows clients and Samba member servers already use
1050 integrity protection.
1054 Samba has support for TLS/SSL for some protocols:
1055 ldap and http, but currently certificates are not
1056 validated at all. While we have a "tls cafile" option,
1057 the configured certificate is not used to validate
1058 the server certificate.
1060 This applies to ldaps:// connections triggered by tools like:
1061 "ldbsearch", "ldbedit" and more. Note that it only applies
1062 to the ldb tools when they are built as part of Samba or with Samba
1063 extensions installed, which means the Samba builtin LDAP client library is
1066 It also applies to dcerpc client connections using ncacn_http (with https://),
1067 which are only used by the openchange project. Support for ncacn_http
1068 was introduced in version 4.2.0.
1070 The security patches will introduce a new option called
1071 "tls verify peer". Possible values are "no_check", "ca_only",
1072 "ca_and_name_if_available", "ca_and_name" and "as_strict_as_possible".
1074 If you use the self-signed certificates which are auto-generated
1075 by Samba, you won't have a crl file and need to explicitly
1076 set "tls verify peer = ca_and_name".
1080 Due to a regression introduced in Samba 4.0.0,
1081 an explicit "server signing = mandatory" in the [global] section
1082 of the smb.conf was not enforced for clients using the SMB1 protocol.
1084 As a result it does not enforce smb signing and allows man in the middle attacks.
1086 This problem applies to all possible server roles:
1087 standalone server, member server, classic primary domain controller,
1088 classic backup domain controller and active directory domain controller.
1090 In addition, when Samba is configured with "server role = active directory domain controller"
1091 the effective default for the "server signing" option should be "mandatory".
1093 During the early development of Samba 4 we had a new experimental
1094 file server located under source4/smb_server. But before
1095 the final 4.0.0 release we switched back to the file server
1098 But the logic for the correct default of "server signing" was not
1099 ported correctly ported.
1101 Note that the default for server roles other than active directory domain
1102 controller, is "off" because of performance reasons.
1106 Samba has an option called "client signing", this is turned off by default
1107 for performance reasons on file transfers.
1109 This option is also used when using DCERPC with ncacn_np.
1111 In order to get integrity protection for ipc related communication
1112 by default the "client ipc signing" option is introduced.
1113 The effective default for this new option is "mandatory".
1115 In order to be compatible with more SMB server implementations,
1116 the following additional options are introduced:
1117 "client ipc min protocol" ("NT1" by default) and
1118 "client ipc max protocol" (the highest support SMB2/3 dialect by default).
1119 These options overwrite the "client min protocol" and "client max protocol"
1120 options, because the default for "client max protocol" is still "NT1".
1121 The reason for this is the fact that all SMB2/3 support SMB signing,
1122 while there are still SMB1 implementations which don't offer SMB signing
1123 by default (this includes Samba versions before 4.0.0).
1125 Note that winbindd (in versions 4.2.0 and higher) enforces SMB signing
1126 against active directory domain controllers despite of the
1127 "client signing" and "client ipc signing" options.
1129 o CVE-2016-2118 (a.k.a. BADLOCK):
1131 The Security Account Manager Remote Protocol [MS-SAMR] and the
1132 Local Security Authority (Domain Policy) Remote Protocol [MS-LSAD]
1133 are both vulnerable to man in the middle attacks. Both are application level
1134 protocols based on the generic DCE 1.1 Remote Procedure Call (DCERPC) protocol.
1136 These protocols are typically available on all Windows installations
1137 as well as every Samba server. They are used to maintain
1138 the Security Account Manager Database. This applies to all
1139 roles, e.g. standalone, domain member, domain controller.
1141 Any authenticated DCERPC connection a client initiates against a server
1142 can be used by a man in the middle to impersonate the authenticated user
1143 against the SAMR or LSAD service on the server.
1145 The client chosen application protocol, auth type (e.g. Kerberos or NTLMSSP)
1146 and auth level (NONE, CONNECT, PKT_INTEGRITY, PKT_PRIVACY) do not matter
1147 in this case. A man in the middle can change auth level to CONNECT
1148 (which means authentication without message protection) and take over
1151 As a result, a man in the middle is able to get read/write access to the
1152 Security Account Manager Database, which reveals all passwords
1153 and any other potential sensitive information.
1155 Samba running as an active directory domain controller is additionally
1156 missing checks to enforce PKT_PRIVACY for the
1157 Directory Replication Service Remote Protocol [MS-DRSR] (drsuapi)
1158 and the BackupKey Remote Protocol [MS-BKRP] (backupkey).
1159 The Domain Name Service Server Management Protocol [MS-DNSP] (dnsserver)
1160 is not enforcing at least PKT_INTEGRITY.
1162 ====================
1163 New smb.conf options
1164 ====================
1166 allow dcerpc auth level connect (G)
1168 This option controls whether DCERPC services are allowed to be used with
1169 DCERPC_AUTH_LEVEL_CONNECT, which provides authentication, but no per
1170 message integrity nor privacy protection.
1172 Some interfaces like samr, lsarpc and netlogon have a hard-coded default
1173 of no and epmapper, mgmt and rpcecho have a hard-coded default of yes.
1175 The behavior can be overwritten per interface name (e.g. lsarpc,
1176 netlogon, samr, srvsvc, winreg, wkssvc ...) by using
1177 'allow dcerpc auth level connect:interface = yes' as option.
1179 This option yields precedence to the implementation specific restrictions.
1180 E.g. the drsuapi and backupkey protocols require DCERPC_AUTH_LEVEL_PRIVACY.
1181 The dnsserver protocol requires DCERPC_AUTH_LEVEL_INTEGRITY.
1183 Default: allow dcerpc auth level connect = no
1185 Example: allow dcerpc auth level connect = yes
1187 client ipc signing (G)
1189 This controls whether the client is allowed or required to use
1190 SMB signing for IPC$ connections as DCERPC transport. Possible
1191 values are auto, mandatory and disabled.
1193 When set to mandatory or default, SMB signing is required.
1195 When set to auto, SMB signing is offered, but not enforced and
1196 if set to disabled, SMB signing is not offered either.
1198 Connections from winbindd to Active Directory Domain Controllers
1199 always enforce signing.
1201 Default: client ipc signing = default
1203 client ipc max protocol (G)
1205 The value of the parameter (a string) is the highest protocol level that will
1206 be supported for IPC$ connections as DCERPC transport.
1208 Normally this option should not be set as the automatic negotiation phase
1209 in the SMB protocol takes care of choosing the appropriate protocol.
1211 The value default refers to the latest supported protocol, currently SMB3_11.
1213 See client max protocol for a full list of available protocols.
1214 The values CORE, COREPLUS, LANMAN1, LANMAN2 are silently upgraded to NT1.
1216 Default: client ipc max protocol = default
1218 Example: client ipc max protocol = SMB2_10
1220 client ipc min protocol (G)
1222 This setting controls the minimum protocol version that the will be
1223 attempted to use for IPC$ connections as DCERPC transport.
1225 Normally this option should not be set as the automatic negotiation phase
1226 in the SMB protocol takes care of choosing the appropriate protocol.
1228 The value default refers to the higher value of NT1 and the
1229 effective value of "client min protocol".
1231 See client max protocol for a full list of available protocols.
1232 The values CORE, COREPLUS, LANMAN1, LANMAN2 are silently upgraded to NT1.
1234 Default: client ipc min protocol = default
1236 Example: client ipc min protocol = SMB3_11
1238 ldap server require strong auth (G)
1240 The ldap server require strong auth defines whether the
1241 ldap server requires ldap traffic to be signed or
1242 signed and encrypted (sealed). Possible values are no,
1243 allow_sasl_over_tls and yes.
1245 A value of no allows simple and sasl binds over all transports.
1247 A value of allow_sasl_over_tls allows simple and sasl binds (without sign or seal)
1248 over TLS encrypted connections. Unencrypted connections only
1249 allow sasl binds with sign or seal.
1251 A value of yes allows only simple binds over TLS encrypted connections.
1252 Unencrypted connections only allow sasl binds with sign or seal.
1254 Default: ldap server require strong auth = yes
1258 This parameter determines whether or not smbd(8) will allow SMB1 clients
1259 without extended security (without SPNEGO) to use NTLMv2 authentication.
1261 If this option, lanman auth and ntlm auth are all disabled, then only
1262 clients with SPNEGO support will be permitted. That means NTLMv2 is only
1263 supported within NTLMSSP.
1265 Default: raw NTLMv2 auth = no
1269 This controls if and how strict the client will verify the peer's
1270 certificate and name. Possible values are (in increasing order): no_check,
1271 ca_only, ca_and_name_if_available, ca_and_name and as_strict_as_possible.
1273 When set to no_check the certificate is not verified at all,
1274 which allows trivial man in the middle attacks.
1276 When set to ca_only the certificate is verified to be signed from a ca
1277 specified in the "tls ca file" option. Setting "tls ca file" to a valid file
1278 is required. The certificate lifetime is also verified. If the "tls crl file"
1279 option is configured, the certificate is also verified against
1282 When set to ca_and_name_if_available all checks from ca_only are performed.
1283 In addition, the peer hostname is verified against the certificate's
1284 name, if it is provided by the application layer and not given as
1285 an ip address string.
1287 When set to ca_and_name all checks from ca_and_name_if_available are performed.
1288 In addition the peer hostname needs to be provided and even an ip
1289 address is checked against the certificate's name.
1291 When set to as_strict_as_possible all checks from ca_and_name are performed.
1292 In addition the "tls crl file" needs to be configured. Future versions
1293 of Samba may implement additional checks.
1295 Default: tls verify peer = as_strict_as_possible
1297 tls priority (G) (backported from Samba 4.3 to Samba 4.2)
1299 This option can be set to a string describing the TLS protocols to be
1300 supported in the parts of Samba that use GnuTLS, specifically the AD DC.
1302 The default turns off SSLv3, as this protocol is no longer considered
1303 secure after CVE-2014-3566 (otherwise known as POODLE) impacted SSLv3 use
1304 in HTTPS applications.
1306 The valid options are described in the GNUTLS Priority-Strings
1307 documentation at http://gnutls.org/manual/html_node/Priority-Strings.html
1309 Default: tls priority = NORMAL:-VERS-SSL3.0
1315 o The default auth level for authenticated binds has changed from
1316 DCERPC_AUTH_LEVEL_CONNECT to DCERPC_AUTH_LEVEL_INTEGRITY.
1317 That means ncacn_ip_tcp:server is now implicitly the same
1318 as ncacn_ip_tcp:server[sign] and offers a similar protection
1319 as ncacn_np:server, which relies on smb signing.
1321 o The following constraints are applied to SMB1 connections:
1323 - "client lanman auth = yes" is now consistently
1324 required for authenticated connections using the
1325 SMB1 LANMAN2 dialect.
1326 - "client ntlmv2 auth = yes" and "client use spnego = yes"
1327 (both the default values), require extended security (SPNEGO)
1328 support from the server. That means NTLMv2 is only used within
1331 o Tools like "samba-tool", "ldbsearch", "ldbedit" and more obey the
1332 default of "client ldap sasl wrapping = sign". Even with
1333 "client ldap sasl wrapping = plain" they will automatically upgrade
1334 to "sign" when getting LDAP_STRONG_AUTH_REQUIRED from the LDAP
1337 Changes since 4.4.0:
1338 ====================
1340 o Jeremy Allison <jra@samba.org>
1341 * Bug 11344 - CVE-2015-5370: Multiple errors in DCE-RPC code.
1343 o Christian Ambach <ambi@samba.org>
1344 * Bug 11804 - prerequisite backports for the security release on
1347 o Ralph Boehme <slow@samba.org>
1348 * Bug 11644 - CVE-2016-2112: The LDAP client and server don't enforce
1349 integrity protection.
1351 o Günther Deschner <gd@samba.org>
1352 * Bug 11749 - CVE-2016-2111: NETLOGON Spoofing Vulnerability.
1354 * Bug 11804 - prerequisite backports for the security release on
1357 o Volker Lendecke <vl@samba.org>
1358 * Bug 11804 - prerequisite backports for the security release on
1361 o Stefan Metzmacher <metze@samba.org>
1362 * Bug 11344 - CVE-2015-5370: Multiple errors in DCE-RPC code.
1364 * Bug 11616 - CVE-2016-2118: SAMR and LSA man in the middle attacks possible.
1366 * Bug 11644 - CVE-2016-2112: The LDAP client and server doesn't enforce
1367 integrity protection.
1369 * Bug 11687 - CVE-2016-2114: "server signing = mandatory" not enforced.
1371 * Bug 11688 - CVE-2016-2110: Man in the middle attacks possible with NTLMSSP.
1373 * Bug 11749 - CVE-2016-2111: NETLOGON Spoofing Vulnerability.
1375 * Bug 11752 - CVE-2016-2113: Missing TLS certificate validation allows man in
1378 * Bug 11756 - CVE-2016-2115: SMB client connections for IPC traffic are not
1379 integrity protected.
1381 * Bug 11804 - prerequisite backports for the security release on
1385 #######################################
1386 Reporting bugs & Development Discussion
1387 #######################################
1389 Please discuss this release on the samba-technical mailing list or by
1390 joining the #samba-technical IRC channel on irc.freenode.net.
1392 If you do report problems then please try to send high quality
1393 feedback. If you don't provide vital information to help us track down
1394 the problem then you will probably be ignored. All bug reports should
1395 be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
1396 database (https://bugzilla.samba.org/).
1399 ======================================================================
1400 == Our Code, Our Bugs, Our Responsibility.
1402 ======================================================================
1405 ----------------------------------------------------------------------
1408 =============================
1409 Release Notes for Samba 4.4.0
1411 =============================
1414 This is the first stable release of the Samba 4.4 release series.
1423 NEW FEATURES/CHANGES
1424 ====================
1426 Asynchronous flush requests
1427 ---------------------------
1429 Flush requests from SMB2/3 clients are handled asynchronously and do
1430 not block the processing of other requests. Note that 'strict sync'
1431 has to be set to 'yes' for Samba to honor flush requests from SMB
1437 Remove '--with-aio-support' configure option. We no longer would ever prefer
1438 POSIX-RT aio, use pthread_aio instead.
1443 The 'samba-tool sites' subcommand can now be run against another server by
1444 specifying an LDB URL using the '-H' option and not against the local database
1445 only (which is still the default when no URL is given).
1447 samba-tool domain demote
1448 ------------------------
1450 Add '--remove-other-dead-server' option to 'samba-tool domain demote'
1451 subcommand. The new version of this tool now can remove another DC that is
1452 itself offline. The '--remove-other-dead-server' removes as many references
1453 to the DC as possible.
1455 samba-tool drs clone-dc-database
1456 --------------------------------
1458 Replicate an initial clone of domain, but do not join it.
1459 This is developed for debugging purposes, but not for setting up another DC.
1464 Add '--set-nt-hash' option to pdbedit to update user password from nt-hash
1465 hexstring. 'pdbedit -vw' shows also password hashes.
1470 'smbstatus' was enhanced to show the state of signing and encryption for
1471 sessions and shares.
1475 The -u and -p options for user and password were replaced by the -U option that
1476 accepts username[%password] as in many other tools of the Samba suite.
1477 Similary, smbgetrc files do not accept username and password options any more,
1478 only a single "user" option which also accepts user%password combinations.
1479 The -P option was removed.
1484 Add a GnuTLS based backupkey implementation.
1489 Using the '--offline-logon' enables ntlm_auth to use cached passwords when the
1492 Allow '--password' force a local password check for ntlm-server-1 mode.
1497 A new VFS module called vfs_offline has been added to mark all files in the
1498 share as offline. It can be useful for shares mounted on top of a remote file
1499 system (either through a samba VFS module or via FUSE).
1504 The Samba KCC has been improved, but is still disabled by default.
1509 There were several improvements concerning the Samba DNS server.
1514 There were some improvements in the Active Directory area.
1516 WINS nsswitch module
1517 --------------------
1519 The WINS nsswitch module has been rewritten to address memory issues and to
1520 simplify the code. The module now uses libwbclient to do WINS queries. This
1521 means that winbind needs to be running in order to resolve WINS names using
1522 the nss_wins module. This does not affect smbd.
1527 * CTDB now uses a newly implemented parallel database recovery scheme
1528 that avoids deadlocks with smbd.
1530 In certain circumstances CTDB and smbd could deadlock. The new
1531 recovery implementation avoid this. It also provides improved
1532 recovery performance.
1534 * All files are now installed into and referred to by the paths
1535 configured at build time. Therefore, CTDB will now work properly
1536 when installed into the default location at /usr/local.
1538 * Public CTDB header files are no longer installed, since Samba and
1539 CTDB are built from within the same source tree.
1541 * CTDB_DBDIR can now be set to tmpfs[:<tmpfs-options>]
1543 This will cause volatile TDBs to be located in a tmpfs. This can
1544 help to avoid performance problems associated with contention on the
1545 disk where volatile TDBs are usually stored. See ctdbd.conf(5) for
1548 * Configuration variable CTDB_NATGW_SLAVE_ONLY is no longer used.
1549 Instead, nodes should be annotated with the "slave-only" option in
1550 the CTDB NAT gateway nodes file. This file must be consistent
1551 across nodes in a NAT gateway group. See ctdbd.conf(5) for more
1554 * New event script 05.system allows various system resources to be
1557 This can be helpful for explaining poor performance or unexpected
1558 behaviour. New configuration variables are
1559 CTDB_MONITOR_FILESYSTEM_USAGE, CTDB_MONITOR_MEMORY_USAGE and
1560 CTDB_MONITOR_SWAP_USAGE. Default values cause warnings to be
1561 logged. See the SYSTEM RESOURCE MONITORING CONFIGURATION in
1562 ctdbd.conf(5) for more information.
1564 The memory, swap and filesystem usage monitoring previously found in
1565 00.ctdb and 40.fs_use is no longer available. Therefore,
1566 configuration variables CTDB_CHECK_FS_USE, CTDB_MONITOR_FREE_MEMORY,
1567 CTDB_MONITOR_FREE_MEMORY_WARN and CTDB_CHECK_SWAP_IS_NOT_USED are
1570 * The 62.cnfs eventscript has been removed. To get a similar effect
1571 just do something like this:
1573 mmaddcallback ctdb-disable-on-quorumLoss \
1574 --command /usr/bin/ctdb \
1575 --event quorumLoss --parms "disable"
1577 mmaddcallback ctdb-enable-on-quorumReached \
1578 --command /usr/bin/ctdb \
1579 --event quorumReached --parms "enable"
1581 * The CTDB tunable parameter EventScriptTimeoutCount has been renamed
1582 to MonitorTimeoutCount
1584 It has only ever been used to limit timed-out monitor events.
1586 Configurations containing CTDB_SET_EventScriptTimeoutCount=<n> will
1587 cause CTDB to fail at startup. Useful messages will be logged.
1589 * The commandline option "-n all" to CTDB tool has been removed.
1591 The option was not uniformly implemented for all the commands.
1592 Instead of command "ctdb ip -n all", use "ctdb ip all".
1594 * All CTDB current manual pages are now correctly installed
1597 EXPERIMENTAL FEATURES
1598 =====================
1603 Samba 4.4.0 adds *experimental* support for SMB3 Multi-Channel.
1604 Multi-Channel is an SMB3 protocol feature that allows the client
1605 to bind multiple transport connections into one authenticated
1606 SMB session. This allows for increased fault tolerance and
1607 throughput. The client chooses transport connections as reported
1608 by the server and also chooses over which of the bound transport
1609 connections to send traffic. I/O operations for a given file
1610 handle can span multiple network connections this way.
1611 An SMB multi-channel session will be valid as long as at least
1612 one of its channels are up.
1614 In Samba, multi-channel can be enabled by setting the new
1615 smb.conf option "server multi channel support" to "yes".
1616 It is disabled by default.
1618 Samba has to report interface speeds and some capabilities to
1619 the client. On Linux, Samba can auto-detect the speed of an
1620 interface. But to support other platforms, and in order to be
1621 able to manually override the detected values, the "interfaces"
1622 smb.conf option has been given an extended syntax, by which an
1623 interface specification can additionally carry speed and
1624 capability information. The extended syntax looks like this
1625 for setting the speed to 1 gigabit per second:
1627 interfaces = 192.168.1.42;speed=1000000000
1629 This extension should be used with care and are mainly intended
1630 for testing. See the smb.conf manual page for details.
1632 CAVEAT: While this should be working without problems mostly,
1633 there are still corner cases in the treatment of channel failures
1634 that may result in DATA CORRUPTION when these race conditions hit.
1637 NOT RECOMMENDED TO USE MULTI-CHANNEL IN PRODUCTION
1639 at this stage. This situation can be expected to improve during
1640 the life-time of the 4.4 release. Feed-back from test-setups is
1650 Several public headers are not installed any longer. They are made for internal
1651 use only. More public headers will very likely be removed in future releases.
1653 The following headers are not installed any longer:
1654 dlinklist.h, gen_ndr/epmapper.h, gen_ndr/mgmt.h, gen_ndr/ndr_atsvc_c.h,
1655 gen_ndr/ndr_epmapper_c.h, gen_ndr/ndr_epmapper.h, gen_ndr/ndr_mgmt_c.h,
1656 gen_ndr/ndr_mgmt.h,gensec.h, ldap_errors.h, ldap_message.h, ldap_ndr.h,
1657 ldap-util.h, pytalloc.h, read_smb.h, registry.h, roles.h, samba_util.h,
1658 smb2_constants.h, smb2_create_blob.h, smb2.h, smb2_lease.h, smb2_signing.h,
1659 smb_cli.h, smb_cliraw.h, smb_common.h, smb_composite.h, smb_constants.h,
1660 smb_raw.h, smb_raw_interfaces.h, smb_raw_signing.h, smb_raw_trans2.h,
1661 smb_request.h, smb_seal.h, smb_signing.h, smb_unix_ext.h, smb_util.h,
1662 torture.h, tstream_smbXcli_np.h.
1664 vfs_smb_traffic_analyzer
1665 ------------------------
1667 The SMB traffic analyzer VFS module has been removed, because it is not
1668 maintained any longer and not widely used.
1673 The scannedonly VFS module has been removed, because it is not maintained
1679 Parameter Name Description Default
1680 -------------- ----------- -------
1681 aio max threads New 100
1682 ldap page size Changed default 1000
1683 server multi channel support New No
1684 interfaces Extended syntax
1693 CHANGES SINCE 4.4.0rc5
1694 ======================
1696 o Michael Adam <obnox@samba.org>
1697 * BUG 11796: smbd: Enable multi-channel if 'server multi channel support =
1700 o Günther Deschner <gd@samba.org>
1701 * BUG 11802: lib/socket/interfaces: Fix some uninitialied bytes.
1703 o Uri Simchoni <uri@samba.org>
1704 * BUG 11798: build: Fix build when '--without-quota' specified.
1707 CHANGES SINCE 4.4.0rc4
1708 ======================
1710 o Andrew Bartlett <abartlet@samba.org>
1711 * BUG 11780: mkdir can return ACCESS_DENIED incorrectly on create race.
1712 * BUG 11783: Mismatch between local and remote attribute ids lets
1713 replication fail with custom schema.
1714 * BUG 11789: Talloc: Version 2.1.6.
1716 o Ira Cooper <ira@samba.org>
1717 * BUG 11774: vfs_glusterfs: Fix use after free in AIO callback.
1719 o Günther Deschner <gd@samba.org>
1720 * BUG 11755: Fix net join.
1722 o Amitay Isaacs <amitay@gmail.com>
1723 * BUG 11770: Reset TCP Connections during IP failover.
1725 o Justin Maggard <jmaggard10@gmail.com>
1726 * BUG 11773: s3:smbd: Add negprot remote arch detection for OSX.
1728 o Stefan Metzmacher <metze@samba.org>
1729 * BUG 11772: ldb: Version 1.1.26.
1730 * BUG 11782: "trustdom_list_done: Got invalid trustdom response" message
1733 o Uri Simchoni <uri@samba.org>
1734 * BUG 11769: libnet: Make Kerberos domain join site-aware.
1735 * BUG 11788: Quota is not supported on Solaris 10.
1738 CHANGES SINCE 4.4.0rc3
1739 ======================
1741 o Jeremy Allison <jra@samba.org>
1742 * BUG 11648: CVE-2015-7560: Getting and setting Windows ACLs on symlinks can
1743 change permissions on link target.
1745 o Christian Ambach <ambi@samba.org>
1746 * BUG 11767: s3:utils/smbget: Fix option parsing.
1748 o Alberto Maria Fiaschi <alberto.fiaschi@estar.toscana.it>
1749 * BUG 8093: Access based share enum: handle permission set in configuration
1752 o Stefan Metzmacher <metze@samba.org>
1753 * BUG 11702: s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap().
1754 * BUG 11742: tevent: version 0.9.28: Fix memory leak when old signal action
1756 * BUG 11755: s3:libads: setup the msDS-SupportedEncryptionTypes attribute on
1758 * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
1761 o Garming Sam <garming@catalyst.net.nz>
1762 * BUGs 11128, 11686: CVE-2016-0771: Read of uninitialized memory DNS TXT
1765 o Uri Simchoni <uri@samba.org>
1766 * BUG 11691: winbindd: Return trust parameters when listing trusts.
1767 * BUG 11753: smbd: Ignore SVHDX create context.
1768 * BUG 11763: passdb: Add linefeed to debug message.
1771 CHANGES SINCE 4.4.0rc2
1772 ======================
1774 o Michael Adam <obnox@samba.org>
1775 * BUG 11723: lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN.
1776 * BUG 11735: lib:socket: Fix CID 1350009: Fix illegal memory accesses
1777 (BUFFER_SIZE_WARNING).
1779 o Jeremy Allison <jra@samba.org>
1780 * BUG 10489: s3: smbd: posix_acls: Fix check for setting u:g:o entry on a
1781 filesystem with no ACL support.
1783 o Christian Ambach <ambi@samba.org>
1784 * BUG 11700: s3:utils/smbget: Set default blocksize.
1786 o Anoop C S <anoopcs@redhat.com>
1787 * BUG 11734: lib/socket: Fix improper use of default interface speed.
1789 o Ralph Boehme <slow@samba.org>
1790 * BUG 11714: lib/tsocket: Work around sockets not supporting FIONREAD.
1792 o Volker Lendecke <vl@samba.org>
1793 * BUG 11724: smbd: Fix CID 1351215 Improper use of negative value.
1794 * BUG 11725: smbd: Fix CID 1351216 Dereference null return value.
1795 * BUG 11732: param: Fix str_list_v3 to accept ; again.
1797 o Noel Power <noel.power@suse.com>
1798 * BUG 11738: libcli: Fix debug message, print sid string for new_ace trustee.
1800 o Jose A. Rivera <jarrpa@samba.org>
1801 * BUG 11727: s3:smbd:open: Skip redundant call to file_set_dosmode when
1802 creating a new file.
1804 o Andreas Schneider <asn@samba.org>
1805 * BUG 11730: docs: Add manpage for cifsdd.
1806 * BUG 11739: Fix installation path of Samba helper binaries.
1808 o Berend De Schouwer <berend.de.schouwer@gmail.com>
1809 * BUG 11643: docs: Add example for domain logins to smbspool man page.
1811 o Martin Schwenke <martin@meltin.net>
1812 * BUG 11719: ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."
1814 o Hemanth Thummala <hemanth.thummala@nutanix.com>
1815 * BUG 11708: loadparm: Fix memory leak issue.
1816 * BUG 11740: Fix memory leak in loadparm.
1819 CHANGES SINCE 4.4.0rc1
1820 ======================
1822 o Michael Adam <obnox@samba.org>
1823 * BUG 11715: s3:vfs:glusterfs: Fix build after quota changes.
1825 o Jeremy Allison <jra@samba.org>
1826 * BUG 11703: s3: smbd: Fix timestamp rounding inside SMB2 create.
1828 o Christian Ambach <ambi@samba.org>
1829 * BUG 11700: Streamline 'smbget' options with the rest of the Samba utils.
1831 o Günther Deschner <gd@samba.org>
1832 * BUG 11696: ctdb: Do not provide a useless pkgconfig file for ctdb.
1834 o Stefan Metzmacher <metze@samba.org>
1835 * BUG 11699: Crypto.Cipher.ARC4 is not available on some platforms, fallback
1836 to M2Crypto.RC4.RC4 then.
1838 o Amitay Isaacs <amitay@gmail.com>
1839 * BUG 11705: Sockets with htons(IPPROTO_RAW) and CVE-2015-8543.
1841 o Andreas Schneider <asn@samba.org>
1842 * BUG 11690: docs: Add smbspool_krb5_wrapper manpage.
1844 o Uri Simchoni <uri@samba.org>
1845 * BUG 11681: smbd: Show correct disk size for different quota and dfree block
1849 #######################################
1850 Reporting bugs & Development Discussion
1851 #######################################
1853 Please discuss this release on the samba-technical mailing list or by
1854 joining the #samba-technical IRC channel on irc.freenode.net.
1856 If you do report problems then please try to send high quality
1857 feedback. If you don't provide vital information to help us track down
1858 the problem then you will probably be ignored. All bug reports should
1859 be filed under the Samba 4.1 and newer product in the project's Bugzilla
1860 database (https://bugzilla.samba.org/).
1863 ======================================================================
1864 == Our Code, Our Bugs, Our Responsibility.
1866 ======================================================================