1 What's new in Samba 2.2.8pre1 - 3rd February 2003
2 =================================================
4 This is a non-production, preview release of the upcoming Samba
5 2.2.8 distribution. This preview release is for testing purposes
6 only and should not be installed in production environments.
8 The purpose of this preview release to make numerous bugs fixes
9 for Samba 2.2.7a available to the Samba community. Please report
10 testing results of this release to the Samba mailing list
17 See the cvs log for SAMBA_2_2 for more details
19 1) Fix seg fault in smbpasswd when specifying the new password
20 as a command line argument
21 2) Correct 64-but file sizes issues with smbtar and smbclient
22 3) Add batch mode option to pdbedit
23 4) Add protection in nmbd against malformed reply packets
24 5) Fix bug with sendfile profiling support in smbstatus output
25 6) Correct bug in "hide unreadable" smb.conf parameter that
26 resulted in incorrect directory listings
27 7) Fix bug in group enumeration in winbindd
28 8) Correct build issues with libsmbclient on Solaris
29 9) Fix memory leak and bad pointer dereference in password
31 10) Fix for changing attributes on a file truncate
32 11) Ensure smbd process count never gets to -1 if limiting number
34 12) Ensure we return disk full by default on short writes
35 13) Don't delete jobs submitted after the lpq time
36 14) Fix reference count bug where smbds would not terminate
37 with no open resources
38 15) Performance fix when using quota support on HP-UX
39 16) Fixes for --with-ldapsam
40 * Default to port 389 when "ldap ssl != on"
41 * add support for rebinding to the master directory server
42 for password changes when "ldap server" points to a read-only
44 17) Add -W and -X command line flags to smbpasswd for extracting and
45 setting the machine/domain SID in secrets.tdb. See the
46 smbpasswd(8) man page for details.
47 18) Added (c) Luke Howard to winbind_nss_solaris.c for coded
48 obtained from PADL's nss_ldap library.
49 19) Fix bug in samr_dispinfo query in winbindd
50 20) Fix segfault in NTLMSSP password changing code for
52 21) Correct pstring/fstring mismatches
53 22) Send level II oplock break requests synchronously to prevent
54 condition where one smbd would continually lock a share entry
56 23) Miscellaneous cleanups for tdb error conditions and appending
58 24) Implement correct open file truncate semantics with DOS
60 25) Enforce wide links = no on files as well as directories
61 26) Include shared library checks for Stratus VOS
62 27) Include support for CUPS printer classes and logging the remote
65 Changes since 2.2.8pre1
66 -----------------------
67 28) smbumount lazy patch from Mandrake
68 29) Check for too many processes *before* the fork.
69 30) make sure we don't run over the end of 'name' in unix_convert()
70 31) set umask to 0 before creating socket directory.
76 See the cvs log for SAMBA_2_2 for more details
78 1) Fix for smbclient reporting negative file sizes on dir command
79 and negative statistics being reported when using put or get
81 2) Fix bug in determination of allocation size
82 3) Fix 64bit size problems which prevented copying of files larger
84 4) Fix for xcopy /s problem with old DOS clients not sending correct
85 attributes on subsequent SMBsearch calls.
86 5) Fix bug in call to standard_sub_advanced giving a 0 length. This
87 fixes the string overflow in string_sub errors.
88 6) Correctly handle querygroup rpcclient command
89 7) fix broken incremental tar in smbtar command
91 =========================================
93 Older releases notes for 2.2.x distributions follow
95 -----------------------------------------------------------------------------
96 The release notes for 2.2.7 follow :
98 IMPORTANT: Security bugfix for Samba
99 ------------------------------------
104 A security hole has been discovered in versions 2.2.2 through 2.2.6
105 of Samba that could potentially allow an attacker to gain root access
106 on the target machine. The word "potentially" is used because there
107 is no known exploit of this bug, and the Samba Team has not been able to
108 craft one ourselves. However, the seriousness of the problem warrants
109 this immediate 2.2.7 release.
111 In addition to addressing this security issue, Samba 2.2.7 also includes
112 thirteen unrelated improvements. These improvements result from our
113 process of continuous quality assurance and code review, and are part of
114 the Samba team's committment to excellence.
119 There was a bug in the length checking for encrypted password change
120 requests from clients. A client could potentially send an encrypted
121 password, which, when decrypted with the old hashed password could be
122 used as a buffer overrun attack on the stack of smbd. The attach would
123 have to be crafted such that converting a DOS codepage string to little
124 endian UCS2 unicode would translate into an executable block of code.
126 All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable
127 to this problem. This version of Samba 2.2.7 contains a fix for this
130 Earlier versions of Samba are not vulnerable.
132 There is no known exploit or exploit code for this vulnerability,
133 it was discovered by a code audit by Debian Samba maintainers.
138 Thanks to Steve Langasek <vorlon@debian.org> and Eloy Paris
139 <peloy@debian.org> for bringing this vulnerability to our notice.
141 Patch for Samba versions 2.2.2 to 2.2.6
142 ---------------------------------------
144 The following patch applies cleanly to the above Samba versions
145 and will fix the vulnerability for sites that do not wish to upgrade
146 to 2.2.7 at this time.
149 -------------------------------cut here---------------------------------
150 --- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002
151 +++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
155 /* Password must be converted to NT unicode - null terminated. */
156 - dos_struni2((char *)wpwd, (const char *)passwd, 256);
157 + dos_struni2((char *)wpwd, (const char *)passwd, len);
158 /* Calculate length in bytes */
159 len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
160 -------------------------------cut here---------------------------------
167 See the cvs log for SAMBA_2_2 for more details
169 1) ensure we send the notify message in the same way it is expected
170 to be received by srv_spoolss_receive_message().
171 2) attribute matching on truncate only matters when opening truncate
172 with current SYSTEM|HIDDEN -> NONE. It's fine to truncate on open
173 with current NONE -> SYSTEM | HIDDEN.
174 3) Fix bug in rpcclient's deldriver command
175 4) Don't set global_machine_password_needs_changing if
176 lp_machine_password_timeout() is set to zero
177 5) don't parse the BUFFER5 if the buffer length is zero
178 6) fix core dump if pdbedit is run as non-root or smbpasswd file does
180 7) Ensure can_delete() returns correct error code
181 8) correctly return NT_STATUS_DELETE_PENDING from open code
182 9) fix bug that assumed dos_unistr2 length was in ucs2 units, not bytes
183 10) check the long_archi name is not null when deleting a printer driver.
184 fixes core dump in smbd when using rpcclient's deldriver
185 11) fix fd leak with kernel change notify on Linux 2.4 kernels
186 12) must add one to the extra_data size to transfer the 0 string
187 terminator. This was causing "wbinfo --sequence" to access past the
188 end of malloced memory
189 13) fix for large systems allowing more than 65536 files open in
191 14) Fix bug in %U expansion
195 -----------------------------------------------------------------------------
196 The release notes for 2.2.6 follow :
198 There have been several fixes and internal enhancements which include:
200 * Fixes for MS-RPC printing issues affecting Windows 2000 clients
201 * New support for smb.conf generation in SWAT
202 * Inclusion of several performance enhancements (See --with-sendfile
203 & and the modified smb.conf(5) parameters in these Release Notes)
204 * Fixes for several file locking bugs and returned status codes
210 Refer to the smb.conf(5) man page for complete descriptions of new parameters.
212 * profile acls (S) workaround for issue with WinXP SP1
213 and roaming user profiles
224 * max xmit (G) new default value
225 * large readwrite (G) new default value
227 New ./configure Options
228 -----------------------
230 --with-sendfile Enable experimental sendfile support
231 --with-winbind-ldap-hack Enable winbindd_ldap_hack() functionality
232 for Windows 2000 native mode domains
238 See the cvs log for SAMBA_2_2 for more details
240 1) Fixed several compiler warnings caused by the use of const parameters
241 2) Fixed a hang in the main smbd process caused by an EINTR in the
243 3) Fixed string substitutions to accept a length for sanity checks
244 4) Fixed 17-bit length field in nmb header
245 5) Removed non-portable inline declaration for functions
246 6) Performance fix for including files with an smb.conf variable in the
248 7) Fix for parsing LPRng lpq output
249 8) Parsing fix for PRINTER_INFO_2 structure which was causing viewing
250 printer properties to fail
251 9) Fix for printer change notification and Windows NT clients which caused
252 the client to go into an infinite loop of refreshing the local printers
254 10) Allow trans2 and nttrans messages to be processed in oplock break state
255 which fixes a problem with oplock break requests and Win2k clients
256 11) Don't crash on setfileinfo on printer fsp
257 12) Memory fixes caught by Valgrind
258 13) Updates to stop spurious error message in tdb
259 14) Fix silly logic bug in 'make smbd processes' and 'status = no' check
260 15) Fix compilation of pam_smbpass and --with-ldap
261 16) Fix compilation of smbwrapper on Solaris hosts
262 17) fix logic error in a check for enabling the winbind_pam_auth_crap() code
263 & fix formatting typo in --with-winbind-auth-challenge
264 18) Correcting check for ldap_start_tls()
265 19) Fixed a problem with getgroups() where it could include our current
267 20) fix incorrect semantics in the DeletePrinterDriver() spoolss rpc
268 to only attempt to delete the architecture specified by the client
269 21) Don't allow TEMP attribute on directory open
270 22) Restore VxFS quotas to the 2.2 branch
271 23) Added basic "Wizard" functionality to SWAT
272 24) Fix initial "allocation size" in NTcreate&X call
273 25) Fix for open fid, "nametoolong"
274 26) Exit server on receipt of a non-SMB packet. Ensure we have
275 at least smb_size bytes before processing a packet
276 27) Replace inet_aton with inet_addr() to correct compile problems on Solaris
277 28) Include the "account" objectclass when adding a new account to --with-ldapsam
278 in order to comply with the data model implemented by OpenLDAP 2.1.x
279 29) Various fixes for POSIX compliance
280 30) Correct alignment & offset bug in EnumPrinterDataEx()
281 31) Fix access checks when modifying forms using a print server handle
282 (not just a printer handle)
283 32) Account for case data_len == 0 in EnumPrinterDataEx()
284 33) Fix logic error in blocking lock code
285 34) Fixed various incorrect return codes to clients
286 35) Add RESOLVE_DFSPATH to mkdir operations
287 36) Fix longstanding bug in Win2k clients by clearing the shortname
288 buffer before returning ASCII short name
289 37) added -t option to smbpasswd for explicitly changing a trust
290 account password when operating in security = domain
291 38) installed -x option to testparm to eXclude printing all parameter
292 values that are at default settings.
293 39) Fix shares/printers view in SWAT so that only Basic options are exposed
295 40) Added 1125 & KOI8-U to codepage list in Makefile.in
296 41) Include separate configure checks for *openbsd* & *freebsd* when
297 determining flags used to compile shared libraries.
298 42) Merge in free list unlock on error fix
299 43) Correctly fail opens with mismatching SYSTEM or HIDDEN attributes
300 if we are mapping system or hidden
301 44) Fix bug with stat mode open being done on read-only open with truncate
302 45) Fix crash bug discovered where cli struct was being deallocated in a
304 46) Ensure we open UNIX fifo's non-blocking
305 47) Fix DeletePrinterDriver() (hopefully for the last time...yeah right....)
306 48) only lowercase global_myname in the %L substitution, not the whole string
307 49) Merged Steve French's fix for OS/2 EA return error being removed
308 50) Patch from Steve French to fix difference in responses to smbclient
309 //server/share ls / on Samba and Windows 2000
310 51) Print error and exit if smb.conf doesn't have security=domain and
311 encrypt passwords=yes when joining domain
312 52) Added final Steve French patch for "required" attributes with old dir
314 53) Initialize user_rid value in WINBIND_USERINFO structure returned by
315 the rpc version of query_user()
316 54) Ensure we've failed a lock with a lock denied message before automatically
317 pushing it onto the blocking queue
318 55) Add experimental --with-sendfile code
319 56) alignment fix in printing code merged from HEAD
320 57) Merge fix for other sids in token from HEAD
321 58) Merge winbindd with current (more advanced) state of play in APPLIANCE_HEAD
322 59) fix smbclient / Win98 off by one bug
323 60) Never, *ever* hold a mutex lock in the message database where there may be
324 traversals being attempted
325 61) Add LDAP hack for retrieving the SAM sequence number when a member of a
326 Windows 2000 native mode domain
327 62) Fix race condition when changing a machine account password as we were
328 no longer locking the secrets entry
329 63) Allow '@' as a valid character in domain names
330 64) remove jobs from the spool directory when using cups
331 65) removed -lresolv for --enable-ldapsam
332 66) Memory leak fix and correct use of negative caching in winbindd
333 67) Updated spoolss parsing code with known good state of APPLIANCE_HEAD
334 68) Delete printer security check was reversed
335 69) Windows allows delete printer on a handle opened by an admin user, then
336 used on a pipe handle created by an anonymous user...We do to now...
337 70) Make explicit the difference between a tdb key with no data attached, and
339 71) Ensure we register the 1c name on the unicast subnet.
340 72) Fix inheritance problem when recursively setting ACLs on directories
341 73) prevent ACL set on read-only share
342 74) Ensure we never have more than MAX_PRINT_JOBS in a queue
343 75) Added timeout to tdb_lock_bystring()
344 76) Ensure we set FIRST+LAST flags on a bind request
345 77) Add version strings to the usage message for smbcacls and smbpasswd
346 78) Fix bug in the write cache code
347 79) make the default printed values for boolean the same for all parameters
348 80) Default all LDAP connections to v3 with compiling with --with-ldapsam
349 81) Fix memory leak in smbspool
350 82) Fix bug in mangling code that resulted in Win9x clients not being
351 able to execute batch files in deep, non 8.3 directory paths
352 83) Fix infinite looping bug in winbindd_getgrent()
353 84) Fix crash bug on 64-bit systems (merge from HEAD)
354 85) Fix extended character bug when setting LanMan/NT password
355 86) Negotiate same SMB read size as a Windows 2000 file server
356 to fix performance bug with NT4 clients
360 -----------------------------------------------------------------------------
361 The release notes for 2.2.5 follow :
363 There have been several fixes and internal enhancements which include:
365 * Several compile fixes for Solaris and HP-UX
366 * More printing fixes for Windows NT/2k/XP clients
367 * New options for the VFS recycle bin library
368 * New internal signal handling semantics relating to directory change
369 notification and oplocks
371 New/Changed parameters in 2.2.5
372 --------------------------------
374 For more information on these parameters, see the man pages for
377 Added/changed parameters
378 ------------------------
380 * block size = <INTEGER>
381 * force unknown acl user = <boolean>
382 * mangling method = [hash|hash2]
385 Deprecated Parameters
386 ---------------------
388 The following parameters have been marked as deprecated and will be removed
404 See the cvs log for SAMBA_2_2 for more details
406 1) Removal of several compiler warnings, incorrect Makefile dependencies,
407 and wrong autoconf tests on various platforms--Solaris & HP-UX 10.20
408 being the predominantly reported platforms
409 2) Fixed winbindd crash bug on the IBM s390 running Linux
410 3) Inclusion of enhanced Linux quota support
411 4) Correctly link against Sun LDAP libraries on Solaris 8 (even through
412 there is no apparent SSL support there)
413 5) POSIX conformance patches
414 6) Include new configure --enable-cups option (can also be disabled even
415 if CUPS libraries are installed on the system)
416 7) Set reasonable default for the "passwd program" parameter using an
418 8) Added --with-winbind-auth for enabling winbindd_pam_auth_crap() code
419 9) fixed bug to prevent root account from being deleted by the
421 10) Inclusion of autoconf script for building VFS modules
422 11) Add new run time options to the VFS recycle bin library (see
423 examples/VFS/recycle/README for details)
424 12) Include findsmb perl script as part of the "make install" process
425 13) Return correct error code for EnumPrinters(PRINTER_ENUM_REMOTE, InfoLevel1)
426 to fix a bug where printers appear at the workgroup level in the Windows
427 NT/2k APW browse list
428 14) Added support to nmblookup to return NMB flags (See nmblookup(8) for
430 15) Fix length bug that caused password changes from Windows NT/2k clients to
432 16) Correct false password expiration when using --with-ldapsam caused by
433 missing attributes in the directory
434 17) added -S option to smbpasswd for storing the SID of a domain controller
435 as the local machine SID in secrets.tdb. See the smbpasswd(8) man page
437 18) Various fixes for UNIX CIFS extensions commands
438 19) Fixed CIDR notation in "hosts allow/deny"
439 20) Change semantics of an idle connection to mean "no open files and no
440 open handles". We cannot idle a connection if there are open named
441 pipe handles. This fixes scalability problem on Samba print servers
442 and NT/2k clients introduced in 2.2.4
443 21) Fix germam umlaut problem when returning ACL entries
444 22) Return NT_STATUS_OBJECT_NAME_NOT_FOUND for ENOENT. This fixes the bug
445 of running the Microsoft Access executable (msaccess.exe) and database
446 files from a Samba share documented in the 2.2.4 release
447 23) Corrected signal handling relating to directory change notification and
449 24) Fix bug in unix_to_nt_time() that appeared on files dated close to Daylight
451 25) Corrected alignment bug in spoolss parsing code which caused Win2k/XP
452 clients not to be able to view printer properties from a Samba host
453 26) Fixed spoolss parsing bug causing printing from ACT! 2000 running on
454 Windows 2k/XP clients to fail
455 27) Fixed incorrect error check in mod_share_entry()
456 28) Allow %S variable in MS-DFS root paths
457 29) Correct a bug regarding the use of 'wbinfo -A'
458 30) Fixed libnss_wins.so to correctly work on RedHat 7.3 systems
459 31) Store the key for a name-to-sid cache entry in upper case rather than
460 whatever case the request was made in. This gets rid of duplicate
462 32) Fix bug causing the pid stored in winbindd's pid file to be the wrong id
463 33) Enhanced error reporting messages of wbinfo
464 34) Parameterize block size on disk size return
465 35) Added new parameter to allow incoming ACLs to have owner and group forced
466 to the currently logged in user. This fixes the XCOPY /O problem
467 36) Fixed bug in local_change_password() caused by reusing a struct
469 37) Change default value for "ldap port" to 389 if "ldap ssl = no"
470 38) Updated HOWTO's, manpages, and general documentation....
471 39) Allow root as well as domain admins to open an LDAP connection
472 40) Fixed veto files bug with ".*"
473 41) Fixed uninitialized variable bug in smbpasswd that was causing a random
474 IP address to be used in the connection when joining a domain
475 42) Fix for joining a domain with a netbios name of 15 characters and
476 pre-creating the account on the DC
477 43) Added links to new documentation on SWAT welcome page
481 -----------------------------------------------------------------------------
482 The release notes for 2.2.4 follow :
484 There have been several fixes and internal enhancements which include:
486 * More/better SPOOLSS printing functionality for Windows
488 * Several fixes relating to serving PC database files such
489 as (Access and FoxPro) from a Samba file share.
490 * Several improves in Samba's VFS layer which can be seen
491 in the inclusion of a "Recycle Bin" vfs module. See
492 examples/VFS/README for more details on this.
493 * Addition of a tool (tdbbackup) for backup/restore of Samba's
495 * Continued improvements to winbind for greater scalability
497 * Several fixes related to Samba's MS-DFS support
498 * Rpcclient's various printer commands now work (again)
501 New/Changed parameters in 2.2.4
502 --------------------------------
504 For more information on these parameters, see the man pages for
507 Added/changed parameters
508 ------------------------
516 * winbind use default domain
519 Deprecated parameters
520 ---------------------
522 The following parameters have been marked as deprecated
523 and will be removed in Samba 3.0
527 * printer driver file
528 * printer driver location
540 See the cvs log for SAMBA_2_2 for more details
542 1) added -c option to smbpasswd
543 2) reworked smbpasswd internal command line option parsing
544 3) small various bug fixes to experimental pdb_tdb.c
545 4) Enforce spoolss RPCs based on the access granted at PrinterOpen()
546 5) Added missing access checks to [add/delete/set]form
547 6) Compile fixes for pam_smbpass
548 7) fix smbd crash when netbios session request fails from
549 spoolss_connect_to_client().
550 8) fixed logic bug that prevent SetPrinter() from storing devmode
551 9) Removed extra get_printer_snum() calls from set_printer_hnd_name()
552 10) fix joining domain on big endian machine when using -U to smbpasswd
553 11) allow command line arg to override smb.conf log level
554 12) continue to retry to register 1b name with wins server if there is an old IP there
555 13) fix smbclient print crash bug
556 14) 9x pnp fix when the config file and driver file are different
557 15) force testparm to print the correct value for log level
558 16) fix swat to show full log level info
559 17) fix server GetPrinterData() fields to be more sensible
560 18) fix logic error in SetPrinterDataEx()
561 19) Only set smb_read_error if not already set
562 20) Fix string returns that require unicode
563 21) Merge of printing performance fixes from appliance
564 22) lpq parsing fixes
565 23) Back port tridge's xcopy /o fix from HEAD
566 24) Fix the printer change notify code (unfinished)
567 25) Patch for Domain users not showing up
568 26) Fixed SetPrinterData(magic key) to support zero length DEVMODE
569 27) Ensure that all methods of looking up and connecting to DC's work
570 using identical logic.
571 28) Merge in the mutex code to stop multiple domain logon failure
573 30) Fix winbindd to respect command line debuglevel as nmbd/smbd
574 31) Update with tdbbackup from HEAD
575 32) Fix for typo on solaris nss
576 33) Merge in the locking changes from HEAD
577 34) Added POSIX ACL layer into the vfs
578 35) Fix the returning of domain enum
579 36) Fix the generation of the MACHINE.SID file into the secrets.tdb.
580 37) Enable test for -rdynamic when building binaries
581 38) Remove the "stat open" code - make it inline
582 39) Fix the mp3 rename bug
583 40) Fix for Explorer DFS problems on older Windows 9X machines
584 41) implement OpenPrinter() opnum == 0x01
585 42) Matched W2K *insane* open semantics....
586 43) small fix that will prevent the "failed to marshall
587 R_NET_SAMLOGON" message in the logs
588 42) don't do checking of local passdb in smbpasswd if using -r option
589 43) fix "smbpasswd -j DOMAIN -r * -U Admin%XXXX" so that it doesn't
590 try to connect to a server named '*'
591 44) merge rpcclient code from HEAD
592 45) Ensure MACHINE.SID update done before child spawns
593 46) Fix the bad path errors for mkdir so mkdir \a\b\c\d works
594 47) Removed --with-vfs - always built if available
595 48) Fixed psec for 2.2
596 49) Fixed the handle leak in the connection management code
597 50) fix disable spoolss after the switch to nt status codes
598 51) Added Shirish's client side caching policy change
599 52) Honor the specversion when parsing the the DEVICEMODE
600 53) fix parsing bug when DEVICEMODE's private data does not end
602 54) do not idle an smbd when there is an open pipe
603 55) when a new driver is added to a Samba server, cycle through
604 all printers and bump the change_id for each one bound to the driver
605 56) allow smbclient to work with a FIFO as well (needed for KDE
607 57) various updates to pdb_nisplus.c
608 58) many small documentation updates
609 59) removed many compiler warnings
612 -----------------------------------------------------------------------------
613 The release notes for 2.2.3a follow :
615 This is a minor bugfix release for the 2.2.3 release. The 2.2.3
616 release had a problem that was visible to Windows 2000 Explorer
617 users in that copying files into a share that already existed
618 failed with "Access Denied" rather than asking the user if an
619 overwrite was required. This was due to an incorrect error mapping
620 between the UNIX EXIST error code and the NT status error.
622 As Windows Explorer is a highly visible end user application a quick
623 bugfix release was required, hence 2.2.3a.
625 Compilation on HPUX versions earlier than HPUX 11 has also been
628 The cvs.log file is no longer included with this release, as it adds
629 13Mb to the size of the release, and is easily available on the Web.
631 -----------------------------------------------------------------------------
632 The release notes for 2.2.3 follow :
634 There are several important scaling bugs that have been fixed in this release
635 for large server systems so an upgrade is recommended.
640 Much work has been done on the LDAP backend code. The configure
641 option --with-ldapsam is now considered to be stable. The schema
642 used has changed, see the file examples/LDAP/samba.schema for the
645 New documentation explaining how to set up a Samba only PDC/BDC
646 setup has been added in the files Samba-LDAP-HOWTO and Samba-BDC-HOWTO
647 in the documentation tree.
649 winbindd daemon extended
650 ------------------------
652 Samba 2.2.2 was the first release to include the winbind daemon.
653 This code allows UNIX systems that implement the name service
654 switch (nss) to be entered into a Windows NT/2000 domain and
655 use the Domain controller for all user and group enumeration.
657 Samba 2.2.3 fixes the known memory leaks in winbindd and has
658 been extended to work with SGI IRIX and HPUX (11.x) in addition
659 to the earlier targets of Linux and Solaris.
661 For more information on using winbind, see the man pages for
664 Note that winbindd is not installed by default.
666 New/Changed parameters in 2.2.3
667 --------------------------------
669 For more information on these parameters, see the man pages for
672 Added/changed parameters.
673 -------------------------
677 Enables the experimental UNIX CIFS extensions in smbd. See the manpage
682 Some printer drivers will crash the Windows NT/2000 spooler service
683 if they are given a default devmode, some require it. This parameter
684 allows the administrator a choice of whether smbd returns such a
685 default devmode for a driver.
689 This parameter has been restored to allow people who wish smbd to ignore
690 client share modes. This is *very dangerous* and should not be set without
691 full knowledge of what this is designed for.
696 1). Fixed shared library compile for Solaris with native compiler.
697 2). UNIX CIFS extensions code added (donated by HP).
698 3). Changed to using NT status codes on the wire if the client can support
700 4). altname command to show 8.3 name added to smbclient.
701 5). const-safe endian macros now used.
702 6). client code now uses UNICODE on the wire.
703 7). Correctly return fault PDU's on bad handle.
704 8). Improved NT error code mapping table.
705 9). Many new point and print RPC calls added.
706 10). Win9x clients can now see full user list.
707 11). field added to identify simultaneous open files (no longer
708 use dev/inode/time as unique value).
709 12). HPUX ACL code added (donated by HP).
710 13). vfs interfaces updated (again !).
711 14). MSDOS Code Page 866 -> 1251 mapping added.
712 15). winbindd now processes quit/hup signals correctly.
713 16). No tdb traversal done on startup/shutdown - ensures scalability.
714 17). Fix bug with paths for homes share.
715 18). Fixed copyfile for OS/2.
716 19). Fix group membership when groups are on more than one line.
717 20). Fixed core dumps in posix ACL mapping code.
718 21). Tidyup of UNICODE functions (put/get).
719 22). Move rpcclient to the new libsmb code.
720 23). Add missing Windows 2000 passthough trans2 calls.
721 24). Return check all tdb calls.
722 25). Make local name lookup work even if wins server is down.
723 26). pam session code added to winbind.
724 27). Added winbindd cache to all lookups.
725 28). Fix allocate bugs that caused file sizes to be incorrect.
726 29). Fixed write cache code - now safe to use.
727 30). Fixed winbindd memory leaks.
728 31). winbindd will now do name lookups (to allow non Open Source
729 systems to do the nsswitch WINS lookup). Fixed by SGI.
730 32). passdb memory leaks fixed.
731 33). LDAP code updates and now properly maintained.
732 34). Finally figured out how changeid is meant to work.
733 35). Downlevel printing now looks as NT does in print monitor window.
734 36). Many fixups in spoolss printing RPC parsing.
735 37). Speed up password enumeration as a PDC.
736 38). Fix printer changed notify messages (work from HP).
737 39). Fix modify timestamp on close code.
738 40). Fix long standing mangled names bug.
739 41). Fix delete on close semantics.
740 42). Stop opening all files with O_NONBLOCK !
741 43). Use O_NOFOLLOW for systems that have it and don't want symlinks.
742 44). Ensure NT supplementary groups get added to user token.
743 45). Try and mitigate effects of DNS timeout (do less lookups).
744 46). Added current user connection context stack.
745 47). Fixes to utmp code.
746 48). smbw code tidyups.
747 49). Added tdb open log code. Several tdb fixes.
749 -----------------------------------------------------------------------------
750 The release notes for 2.2.2 follow :
752 New daemon included - winbindd
753 ------------------------------
755 Samba 2.2.2 is the first release to include the winbind daemon.
756 This code allows UNIX systems that implement the name service
757 switch (nss) to be entered into a Windows NT/2000 domain and
758 use the Domain controller for all user and group enumeration.
760 This allows a Samba server added to a Windows domain to serve
761 file and print services with *NO* local users needed in /etc/passwd
762 and /etc/group - all users and groups are read directly from the
763 Windows domain controller. In addition with pam_winbind which allows
764 a PAM enabled UNIX system to use a Windows domain for authentication
765 service this allows single sign on and account control across
766 UNIX and Windows systems.
768 The current version of winbindd shipped in 2.2.2 does have some
769 memory leaks, which will be addressed for the next Samba release,
770 so it is advisable to monitor the winbind process. This code is
771 being used in production by several vendors, so the leaks are
772 manageable. In addition, this version of winbind does not work
773 correctly against a Samba PDC, due to some missing calls on the
774 PDC side. These problems are being addressed for the next Samba
775 release, but it was thought better to release the code now rather
776 than delay the main Samba code to match the winbind release schedule.
778 For more information on using winbind, see the man pages for
781 Note that winbindd is not installed by default.
783 New/Changed parameters in 2.2.2
784 -------------------------------
786 For more information on these parameters, see the man pages for
789 Added/changed parameters.
790 -------------------------
794 Causes Samba not to create UNIX 'sparse' files, but to follow the
795 Windows behavior of always allocating on-disk space.
799 Set to 'on' by default, only set to 'off' on HPUX 11.x or below or other
800 UNIX systems that don't have coherent mmap/read-write internal caches.
801 You should not need to set this parameter.
805 This parameter has been changed to a per-share option, and is very
806 useful in enabling Windows 2000 SP2 to load/save profiles from a
809 New printing parameters.
810 ------------------------
814 Setting this parameter causes Samba to go back to the old 2.0.x
815 LANMAN printing behavior, for people who wish to disable the
820 Causes Windows NT/2000 clients to need have a local printer driver
821 installed and to treat the printer as local.
826 Samba 2.2.2 contains new code to maintain a Samba SAM database
827 on a remote LDAP server. These parameters have been added as
828 part of this code. These parameters are only available when Samba
829 has been compiled with the --with-ldapsam option.
837 The SSL support in Samba has been fixed. These new parameters
838 are part of the changes added. These parameters are only available
839 when Samba has been compiled with the --with-ssl option.
840 Please see the smb.conf man page for details.
846 New winbindd parameters.
847 ------------------------
849 These parameters are used by winbindd. See the man page for
850 winbindd for details.
871 Some new README's have been added in the docs/ directory. These cover
872 using roving profiles with Windows 2000 SP2 (docs/README.Win2kSP2),
873 and how to use Samba to help prevent Windows virus spread
874 (docs/README.Win32-Viruses).
876 Quota problems on a Linux 2.4 kernel.
877 -------------------------------------
879 Currently the quota interfaces have diverged between the Linus
880 2.4.x kernels and the Alan Cox 2.4.x kernels (the Alan Cox variants
881 are shipped with RedHat). Running quota-enabled Samba compiled on
882 an Alan Cox kernel works correctly on an Alan Cox kernel (the one
883 shipped by default with RedHat 7.x) but fails on a Linus kernel.
885 This is a mess, and hopefully Alan and Linus will sort it out soon.
886 In the meantime we need to ship.....
891 1). mmap tdb code disabled on HPUX. This should prevent the reports of
892 tdb corruption on HUPX.
893 2). Large file support set to off in Solaris 5.5 and below.
894 3). Better CUPS detection.
895 4). New SAM (password database) backends - smbpasswd (traditional),
896 LDAP, NIS+ and Samba TDB.
897 5). Quota fixups on Linux.
898 6). libsmbclient stand-alone code added. Can be built as a shared library
900 7). Tru64 ACL support added.
901 8). winbindd option added.
902 9). Realloc fail tidyup fixes all over the code.
903 10). Large improvement in hash table code efficiency - would be found with
905 11). Error code consistency improved (still needs more work).
906 12). Profile shared memory support added to nmbd.
907 13). New Windows 2000/NT passthrough info levels added.
908 14). readraw/writeraw code rewritten - many bugs fixed.
909 15). UNIX password sync (non pam) code fixed, use correct wildcard matcher.
910 16). Reverse DNS lookup avoided on socket open.
911 17). Bug preventing nmbd re-registering names on WINS server timeout fixed.
912 18). Zero length byte range lock code added. Much closer to Windows semantics.
913 19). Alignment fault fixes for Linux/Alpha.
914 20). Error checking on tdb returns vastly improved.
915 21). Handling of delete on close fixed. No longer possible to leave 'dead'
917 22). Handling of oplock break failure cleanups improved. Should not be
918 able to leave 'dead' entries.
919 23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts.
920 24). Misc. MS-DFS code fixes.
921 25). Ignore logon packets if not a PDC (needed for PDC/BDC failover).
922 26). winbind pam module added.
923 27). Order N^^2 enumeration of printers problem fixed.
924 28). Password backend database code re-ordered to allow different password
925 backends (at compile time currently).
926 29). Improved print driver version detection for Windows 2000.
927 30). Driver DEVMODE initialization fixes.
928 31). Improved SYSV print parse code.
929 32). Fixed enumeration of large numbers of users/groups from Windows clients.
931 33). Fix for buggy NetApp RPC pipe clients.
932 34). Fix for NT sending multiple SetPrinterDataEx calls.
933 35). Fix for logic bug where smbd could delay oplock break request messages
934 from other smbd daemons whilst client kept us busy.
935 36). Fix deadlock problem with connections tdb on enumeration.
936 37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways.
937 38). Removed unused readbmpx/writebmpx code.
938 39). Attempt to fix Linux 2.4.x quota mess.
939 40). Improved ctemp code for Windows 2000 compatibility.
940 41). Finally understood difference between set EOF and set allocation requests.
941 Added strict allocate parameter to help.
942 42). Correctly return name types on name to SID lookups.
943 43). tdb spinlock code update.
944 44). Use pread/pwrite on systems that have it to fix race condition in tdb code.
946 -----------------------------------------------------------------------------
947 The release notes for 2.2.1a follow :
949 This is a minor bugfix release for 2.2.1, *NOT* security related.
951 1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or
952 Windows2000 machine into a Samba hosted PDC would fail due to our
953 stricter user name checking. We were disallowing user names
954 containing '$', which is needed when using smbpasswd to add a
955 machine into a domain. Automatically adding machines (using the
956 native Windows tools) into a Samba domain worked correctly.
958 2.2.1a fixes this single problem.
960 -----------------------------------------------------------------------------
961 The release notes for 2.2.1 follow :
963 New/Changed parameters in 2.2.1
964 -------------------------------
969 obey pam restrictions
971 When Samba is configured to use PAM, turns on or off Samba checking
972 the PAM account restrictions. Defaults to off.
976 When Samba is configured to use PAM, turns on or off Samba passing
977 the password changes to PAM. Defaults to off.
981 New option to allow new Windows 2000 large file (64k) streaming
982 read/write options. Needs a 64 bit underlying operating system
983 (for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance
984 by 10% with Windows 2000 clients. Defaults to off. Not as tested
985 as some other Samba code paths.
989 Prevents clients from seeing the existence of files that cannot
990 be read. Off by default.
994 Turn on/off the enhanced Samba browsing functionality (*1B names).
995 Default is "on". Can prevent eternal machines in workgroups when
996 WINS servers are not synchronized.
1008 1). "find" command removed for smbclient. Internal code now used.
1009 2). smbspool updates to retry connections from Michael Sweet.
1010 3). Fix for mapping 8859-15 characters to UNICODE.
1011 4). Changed "security=server" to try with invalid username to prevent
1013 5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC.
1014 6). Support for Windows 9x Nexus tools to allow security changes from Win9x.
1015 7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network
1016 lock tester tool for distributed databases.
1017 8). Preliminary support added for Windows 2000 large file read/write SMBs.
1018 9). Changed random number generator in Samba to prevent guess attacks.
1019 10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb.
1020 smbd's clean the tdb files on startup and shutdown.
1021 11). Fixes for default ACLs on Solaris.
1022 12). Tidyup of password entry caching code.
1023 13). Correct shutdowns added for send fails. Helps tdb cleanup code.
1024 14). Prevent invalid '/' characters in workgroup names.
1025 15). Removed more static arrays in SAMR code.
1026 16). Client code is now UNICODE on the wire.
1027 17). Fix 2 second timestamp resolution everywhere if dos timestamp set to yes.
1028 18). All tdb opens now going through logging function.
1029 19). Add pam password changing and pam restrictions code.
1030 20). Printer driver management improvements (delete driver).
1031 21). Fix difference between NULL security descriptors and empty
1032 security descriptors.
1033 22). Fix SID returns for server roles.
1034 23). Allow Windows 2000 mmc to view and set Samba share security descriptors.
1035 24). Allow smbcontrol to forcibly disconnect a share.
1036 25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent
1037 mmap/file read/write cache.
1038 26). Fix race condition in returning create disposition for file create/open.
1039 27). Fix NT rewriting of security descriptors to their canonical form for
1041 28). Fix for Samba running on top of Linux VFAT ftruncate bug.
1042 29). Swat fixes for being run with xinetd that doesn't set the umask.
1043 30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft
1044 TCP stack early ack specification error.
1045 31). Changed lock & persistent tdb directory to /var/cache/samba by default on
1046 RedHat and Mandrake as they clear the /var/lock/samba directory on reboot.
1048 -----------------------------------------------------------------------------
1049 The release notes for 2.2.0a follow :
1054 This is a security bugfix release for Samba 2.2.0. This release provides the
1055 following two changes *ONLY* from the 2.2.0 release.
1057 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
1058 and described in the security advisory below.
1059 2). Fix for the hosts allow/hosts deny parameters not being honoured.
1061 No other changes are being made for this release to ensure a security fix only.
1062 For new functionality (including these security fixes) download Samba 2.2.1
1063 when it is available.
1065 The security advisory follows :
1068 IMPORTANT: Security bugfix for Samba
1069 ------------------------------------
1077 A serious security hole has been discovered in all versions of Samba
1078 that allows an attacker to gain root access on the target machine for
1079 certain types of common Samba configuration.
1081 The immediate fix is to edit your smb.conf configuration file and
1082 remove all occurances of the macro "%m". Replacing occurances of %m
1083 with %I is probably the best solution for most sites.
1088 A remote attacker can use a netbios name containing unix path
1089 characters which will then be substituted into the %m macro wherever
1090 it occurs in smb.conf. This can be used to cause Samba to create a log
1091 file on top of an important system file, which in turn can be used to
1092 compromise security on the server.
1094 The most commonly used configuration option that can be vulnerable to
1095 this attack is the "log file" option. The default value for this
1096 option is VARDIR/log.smbd. If the default is used then Samba is not
1097 vulnerable to this attack.
1099 The security hole occurs when a log file option like the following is
1102 log file = /var/log/samba/%m.log
1104 In that case the attacker can use a locally created symbolic link to
1105 overwrite any file on the system. This requires local access to the
1108 If your Samba configuration has something like the following:
1110 log file = /var/log/samba/%m
1112 Then the attacker could successfully compromise your server remotely
1113 as no symbolic link is required. This type of configuration is very
1116 The most commonly used log file configuration containing %m is the
1117 distributed in the sample configuration file that comes with Samba:
1119 log file = /var/log/samba/log.%m
1121 in that case your machine is not vulnerable to this attack unless you
1122 happen to have a subdirectory in /var/log/samba/ which starts with the
1128 Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
1135 While we recommend that vulnerable sites immediately change their
1136 smb.conf configuration file to prevent the attack we will also be
1137 making new releases of Samba within the next 24 hours to properly fix
1138 the problem. Please see http://www.samba.org/ for the new releases.
1140 Please report any attacks to the appropriate authority.
1145 ---------------------------------------------------------------------------
1147 The release notes for 2.2.0 follow :
1149 This is the official Samba 2.2.0 release. This version of Samba provides
1150 the following new features and enhancements.
1152 Integration between Windows oplocks and NFS file opens (IRIX and Linux
1153 2.4 kernel only). This gives complete data and locking integrity between
1154 Windows and UNIX file access to the same data files.
1156 Ability to act as an authentication source for Windows 2000 clients as
1157 well as for NT4.x clients.
1159 Integration with the winbind daemon that provides a single
1160 sign on facility for UNIX servers in Windows 2000/NT4 networks
1161 driven by a Windows 2000/NT4 PDC. winbind is not included in
1162 this release, it currently must be obtained separately. We are
1163 committed to including winbind in a future Samba 2.2.x release.
1165 Support for native Windows 2000/NT4 printing RPCs. This includes
1166 support for automatic printer driver download.
1168 Support for server supported Access Control Lists (ACLs).
1169 This release contains support for the following filesystems:
1173 Linux Kernel with ACL patch from http://acl.bestbits.at
1174 Linux Kernel with XFS ACL support.
1175 Caldera/SCO UnixWare
1177 FreeBSD (with external patch)
1179 Other platforms will be supported as resources are
1180 available to test and implement the necessary modules. If
1181 you are interested in writing the support for a particular
1182 ACL filesystem, please join the samba-technical mailing
1183 list and coordinate your efforts.
1185 On PAM (Pluggable Authentication Module) based systems - better debugging
1186 messages and encrypted password users now have access control verified via
1187 PAM - Note: Authentication still uses the encrypted password database.
1189 Rewritten internal locking semantics for more robustness.
1190 This release supports full 64 bit locking semantics on all
1191 (even 32 bit) platforms. SMB locks are mapped onto POSIX
1192 locks (32 bit or 64 bit) as the underlying system allows.
1194 Conversion of various internal flat data structures to use
1195 database records for increased performance and
1198 Support for acting as a MS-DFS (Distributed File System) server.
1200 Support for manipulating Samba shares using Windows client tools
1201 (server manager). Per share security can be set using these tools
1202 and Samba will obey the access restrictions applied.
1204 Samba profiling support (see below).
1206 Compile time option for enabling a (Virtual file system) VFS layer
1207 to allow non-disk resources to be exported as Windows filesystems
1208 (such as databases etc.).
1210 The documentation in this release has been updated and converted
1211 from Yodl to DocBook 4.1. There are many new parameters since 2.0.7
1212 and some defaults have changed.
1216 Support for collection of profile information. A shared
1217 memory area has been created which contains counters for
1218 the number of calls to and the amount of time spent in
1219 various system calls, smb transactions and nmbd activity. See
1220 the file profile.h for a complete listing of the information
1221 collected. Sample code for a samba pmda (collection agent
1222 for Performance Co-Pilot) has been included in the pcp
1225 To enable the profile data collection code in samba, you must
1226 compile samba with profile data support (run configure with
1227 the --with-profiling-data option). On startup, collection of
1228 data is disabled. To begin collecting data use the smbcontrol
1229 program to turn on profiling (see the smbcontrol man page).
1230 Profile information collection can be enabled for nmbd, all smbd
1231 processes or one or more selected processes. The profiling
1232 data collected is the aggregate for all processes that have
1235 With samba compiled for profile data collection, you may see
1236 a very slight degradation in performance even with profiling
1237 collection turned off. On initial tests with NetBench on an
1238 SGI Origin 200 server, this degradation was not measurable
1239 with profile collection off compared to no profile collection
1240 compiled into samba.
1242 With count profile collection enabled on all clients, the
1243 degradation was less than 2%. With full profile collection
1244 enabled on all clients, the degradation was about 8.5%.
1246 =====================================================================
1248 If you think you have found a bug please email a report to :
1252 As always, all bugs are our responsibility.