1 <!--#include virtual="/samba/header.html" -->
3 <H2>The Samba Team are pleased to announce Samba 2.2.7</H2>
7 The Samba Team is proud to announce the release of Samba 2.2.7.
9 A security hole has been discovered in versions 2.2.2 through 2.2.6
10 of Samba that could potentially allow an attacker to gain root access
11 on the target machine. The word "potentially" is used because there
12 is no known exploit of this bug, and the Samba Team has not been able to
13 craft one ourselves. However, the seriousness of the problem warrants
14 this immediate 2.2.7 release.
16 In addition to addressing this security issue, Samba 2.2.7 also includes
17 thirteen unrelated improvements. These improvements result from our
18 process of continuous quality assurance and code review, and are part of
19 the Samba team's commitment to excellence.
21 The source code can be downloaded from :
23 <a href="/samba/ftp">http://download.samba.org/samba/ftp/</a>
25 All current source releases have been signed as well using the
26 <a href="/samba/ftp/samba-pubkey.asc">Samba Distribution Key</a>
28 Binary packages for major platforms can be found at
30 <a href="/samba/ftp/Binary_Packages">http://download.samba.org/samba/ftp/Binary_Packages/</a>
32 The release notes follow.
34 As always, all bugs are our responsibility.
40 WHAT'S NEW IN Samba 2.2.7 - 20th November 2002
41 ==============================================
43 This is the latest stable release of Samba. This is the version
44 that all production Samba servers should be running for all current
47 IMPORTANT: Security bugfix for Samba
48 ------------------------------------
53 A security hole has been discovered in versions 2.2.2 through 2.2.6
54 of Samba that could potentially allow an attacker to gain root access
55 on the target machine. The word "potentially" is used because there
56 is no known exploit of this bug, and the Samba Team has not been able to
57 craft one ourselves. However, the seriousness of the problem warrants
58 this immediate 2.2.7 release.
60 In addition to addressing this security issue, Samba 2.2.7 also includes
61 thirteen unrelated improvements. These improvements result from our
62 process of continuous quality assurance and code review, and are part of
63 the Samba team's commitment to excellence.
68 There was a bug in the length checking for encrypted password change
69 requests from clients. A client could potentially send an encrypted
70 password, which, when decrypted with the old hashed password could be
71 used as a buffer overrun attack on the stack of smbd. The attach would
72 have to be crafted such that converting a DOS codepage string to little
73 endian UCS2 unicode would translate into an executable block of code.
75 All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable
76 to this problem. This version of Samba 2.2.7 contains a fix for this
79 Earlier versions of Samba are not vulnerable.
81 There is no known exploit or exploit code for this vulnerability,
82 it was discovered by a code audit by Debian Samba maintainers.
87 Thanks to Steve Langasek <vorlon@debian.org> and Eloy Paris
88 <peloy@debian.org> for bringing this vulnerability to our notice.
90 Patch for Samba versions 2.2.2 to 2.2.6
91 ---------------------------------------
93 The following patch applies cleanly to the above Samba versions
94 and will fix the vulnerability for sites that do not wish to upgrade
95 to 2.2.7 at this time.
97 -------------------------------cut here---------------------------------
98 --- libsmb/smbencrypt.c.orig Tue Nov 19 17:21:57 2002
99 +++ libsmb/smbencrypt.c Tue Nov 19 17:22:12 2002
103 /* Password must be converted to NT unicode - null terminated. */
104 - dos_struni2((char *)wpwd, (const char *)passwd, 256);
105 + dos_struni2((char *)wpwd, (const char *)passwd, len);
106 /* Calculate length in bytes */
107 len = strlen_w((const smb_ucs2_t *)wpwd) * sizeof(int16);
108 -------------------------------cut here---------------------------------
115 See the cvs log for SAMBA_2_2 for more details
117 1) ensure we send the notify message in the same way it is expected
118 to be received by srv_spoolss_receive_message().
119 2) attribute matching on truncate only matters when opening truncate
120 with current SYSTEM|HIDDEN -> NONE. It's fine to truncate on open
121 with current NONE -> SYSTEM | HIDDEN.
122 3) Fix bug in rpcclient's deldriver command
123 4) Don't set global_machine_password_needs_changing if
124 lp_machine_password_timeout() is set to zero
125 5) don't parse the BUFFER5 if the buffer length is zero
126 6) fix core dump if pdbedit is run as non-root or smbpasswd file does
128 7) Ensure can_delete() returns correct error code
129 8) correctly return NT_STATUS_DELETE_PENDING from open code
130 9) fix bug that assumed dos_unistr2 length was in ucs2 units, not bytes
131 10) check the long_archi name is not null when deleting a printer driver.
132 fixes core dump in smbd when using rpcclient's deldriver
133 11) fix fd leak with kernel change notify on Linux 2.4 kernels
134 12) must add one to the extra_data size to transfer the 0 string
135 terminator. This was causing "wbinfo --sequence" to access past the
136 end of malloced memory
137 13) fix for large systems allowing more than 65536 files open in
139 14) Fix bug in %U expansion
142 =========================================
144 Older releases notes for 2.2.x distributions follow
146 -----------------------------------------------------------------------------
147 The release notes for 2.2.6 follow :
149 There have been several fixes and internal enhancements which include:
151 * Fixes for MS-RPC printing issues affecting Windows 2000 clients
152 * New support for smb.conf generation in SWAT
153 * Inclusion of several performance enhancements (See --with-sendfile
154 & and the modified smb.conf(5) parameters in these Release Notes)
155 * Fixes for several file locking bugs and returned status codes
161 Refer to the smb.conf(5) man page for complete descriptions of new parameters.
163 * profile acls (S) workaround for issue with WinXP SP1
164 and roaming user profiles
175 * max xmit (G) new default value
176 * large readwrite (G) new default value
178 New ./configure Options
179 -----------------------
181 --with-sendfile Enable experimental sendfile support
182 --with-winbind-ldap-hack Enable winbindd_ldap_hack() functionality
183 for Windows 2000 native mode domains
189 See the cvs log for SAMBA_2_2 for more details
191 1) Fixed several compiler warnings caused by the use of const parameters
192 2) Fixed a hang in the main smbd process caused by an EINTR in the
194 3) Fixed string substitutions to accept a length for sanity checks
195 4) Fixed 17-bit length field in nmb header
196 5) Removed non-portable inline declaration for functions
197 6) Performance fix for including files with an smb.conf variable in the
199 7) Fix for parsing LPRng lpq output
200 8) Parsing fix for PRINTER_INFO_2 structure which was causing viewing
201 printer properties to fail
202 9) Fix for printer change notification and Windows NT clients which caused
203 the client to go into an infinite loop of refreshing the local printers
205 10) Allow trans2 and nttrans messages to be processed in oplock break state
206 which fixes a problem with oplock break requests and Win2k clients
207 11) Don't crash on setfileinfo on printer fsp
208 12) Memory fixes caught by Valgrind
209 13) Updates to stop spurious error message in tdb
210 14) Fix silly logic bug in 'make smbd processes' and 'status = no' check
211 15) Fix compilation of pam_smbpass and --with-ldap
212 16) Fix compilation of smbwrapper on Solaris hosts
213 17) fix logic error in a check for enabling the winbind_pam_auth_crap() code
214 & fix formatting typo in --with-winbind-auth-challenge
215 18) Correcting check for ldap_start_tls()
216 19) Fixed a problem with getgroups() where it could include our current
218 20) fix incorrect semantics in the DeletePrinterDriver() spoolss rpc
219 to only attempt to delete the architecture specified by the client
220 21) Don't allow TEMP attribute on directory open
221 22) Restore VxFS quotas to the 2.2 branch
222 23) Added basic "Wizard" functionality to SWAT
223 24) Fix initial "allocation size" in NTcreate&X call
224 25) Fix for open fid, "nametoolong"
225 26) Exit server on receipt of a non-SMB packet. Ensure we have
226 at least smb_size bytes before processing a packet
227 27) Replace inet_aton with inet_addr() to correct compile problems on Solaris
228 28) Include the "account" objectclass when adding a new account to --with-ldapsam
229 in order to comply with the data model implemented by OpenLDAP 2.1.x
230 29) Various fixes for POSIX compliance
231 30) Correct alignment & offset bug in EnumPrinterDataEx()
232 31) Fix access checks when modifying forms using a print server handle
233 (not just a printer handle)
234 32) Account for case data_len == 0 in EnumPrinterDataEx()
235 33) Fix logic error in blocking lock code
236 34) Fixed various incorrect return codes to clients
237 35) Add RESOLVE_DFSPATH to mkdir operations
238 36) Fix longstanding bug in Win2k clients by clearing the shortname
239 buffer before returning ASCII short name
240 37) added -t option to smbpasswd for explicitly changing a trust
241 account password when operating in security = domain
242 38) installed -x option to testparm to eXclude printing all parameter
243 values that are at default settings.
244 39) Fix shares/printers view in SWAT so that only Basic options are exposed
246 40) Added 1125 & KOI8-U to codepage list in Makefile.in
247 41) Include separate configure checks for *openbsd* & *freebsd* when
248 determining flags used to compile shared libraries.
249 42) Merge in free list unlock on error fix
250 43) Correctly fail opens with mismatching SYSTEM or HIDDEN attributes
251 if we are mapping system or hidden
252 44) Fix bug with stat mode open being done on read-only open with truncate
253 45) Fix crash bug discovered where cli struct was being deallocated in a
255 46) Ensure we open UNIX fifo's non-blocking
256 47) Fix DeletePrinterDriver() (hopefully for the last time...yeah right....)
257 48) only lowercase global_myname in the %L substitution, not the whole string
258 49) Merged Steve French's fix for OS/2 EA return error being removed
259 50) Patch from Steve French to fix difference in responses to smbclient
260 //server/share ls / on Samba and Windows 2000
261 51) Print error and exit if smb.conf doesn't have security=domain and
262 encrypt passwords=yes when joining domain
263 52) Added final Steve French patch for "required" attributes with old dir
265 53) Initialize user_rid value in WINBIND_USERINFO structure returned by
266 the rpc version of query_user()
267 54) Ensure we've failed a lock with a lock denied message before automatically
268 pushing it onto the blocking queue
269 55) Add experimental --with-sendfile code
270 56) alignment fix in printing code merged from HEAD
271 57) Merge fix for other sids in token from HEAD
272 58) Merge winbindd with current (more advanced) state of play in APPLIANCE_HEAD
273 59) fix smbclient / Win98 off by one bug
274 60) Never, *ever* hold a mutex lock in the message database where there may be
275 traversals being attempted
276 61) Add LDAP hack for retrieving the SAM sequence number when a member of a
277 Windows 2000 native mode domain
278 62) Fix race condition when changing a machine account password as we were
279 no longer locking the secrets entry
280 63) Allow '@' as a valid character in domain names
281 64) remove jobs from the spool directory when using cups
282 65) removed -lresolv for --enable-ldapsam
283 66) Memory leak fix and correct use of negative caching in winbindd
284 67) Updated spoolss parsing code with known good state of APPLIANCE_HEAD
285 68) Delete printer security check was reversed
286 69) Windows allows delete printer on a handle opened by an admin user, then
287 used on a pipe handle created by an anonymous user...We do to now...
288 70) Make explicit the difference between a tdb key with no data attached, and
290 71) Ensure we register the 1c name on the unicast subnet.
291 72) Fix inheritance problem when recursively setting ACLs on directories
292 73) prevent ACL set on read-only share
293 74) Ensure we never have more than MAX_PRINT_JOBS in a queue
294 75) Added timeout to tdb_lock_bystring()
295 76) Ensure we set FIRST+LAST flags on a bind request
296 77) Add version strings to the usage message for smbcacls and smbpasswd
297 78) Fix bug in the write cache code
298 79) make the default printed values for boolean the same for all parameters
299 80) Default all LDAP connections to v3 with compiling with --with-ldapsam
300 81) Fix memory leak in smbspool
301 82) Fix bug in mangling code that resulted in Win9x clients not being
302 able to execute batch files in deep, non 8.3 directory paths
303 83) Fix infinite looping bug in winbindd_getgrent()
304 84) Fix crash bug on 64-bit systems (merge from HEAD)
305 85) Fix extended character bug when setting LanMan/NT password
306 86) Negotiate same SMB read size as a Windows 2000 file server
307 to fix performance bug with NT4 clients
310 =========================================
312 Older releases notes for 2.2.x distributions follow
314 -----------------------------------------------------------------------------
315 The release notes for 2.2.5 follow :
317 There have been several fixes and internal enhancements which include:
319 * Several compile fixes for Solaris and HP-UX
320 * More printing fixes for Windows NT/2k/XP clients
321 * New options for the VFS recycle bin library
322 * New internal signal handling semantics relating to directory change
323 notification and oplocks
325 New/Changed parameters in 2.2.5
326 --------------------------------
328 For more information on these parameters, see the man pages for
331 Added/changed parameters
332 ------------------------
334 * block size = <INTEGER>
335 * force unknown acl user = <boolean>
336 * mangling method = [hash|hash2]
339 Deprecated Parameters
340 ---------------------
342 The following parameters have been marked as deprecated and will be removed
358 See the cvs log for SAMBA_2_2 for more details
360 1) Removal of several compiler warnings, incorrect Makefile dependencies,
361 and wrong autoconf tests on various platforms--Solaris & HP-UX 10.20
362 being the predominantly reported platforms
363 2) Fixed winbindd crash bug on the IBM s390 running Linux
364 3) Inclusion of enhanced Linux quota support
365 4) Correctly link against Sun LDAP libraries on Solaris 8 (even through
366 there is no apparent SSL support there)
367 5) POSIX conformance patches
368 6) Include new configure --enable-cups option (can also be disabled even
369 if CUPS libraries are installed on the system)
370 7) Set reasonable default for the "passwd program" parameter using an
372 8) Added --with-winbind-auth for enabling winbindd_pam_auth_crap() code
373 9) fixed bug to prevent root account from being deleted by the
375 10) Inclusion of autoconf script for building VFS modules
376 11) Add new run time options to the VFS recycle bin library (see
377 examples/VFS/recycle/README for details)
378 12) Include findsmb perl script as part of the "make install" process
379 13) Return correct error code for EnumPrinters(PRINTER_ENUM_REMOTE, InfoLevel1)
380 to fix a bug where printers appear at the workgroup level in the Windows
381 NT/2k APW browse list
382 14) Added support to nmblookup to return NMB flags (See nmblookup(8) for
384 15) Fix length bug that caused password changes from Windows NT/2k clients to
386 16) Correct false password expiration when using --with-ldapsam caused by
387 missing attributes in the directory
388 17) added -S option to smbpasswd for storing the SID of a domain controller
389 as the local machine SID in secrets.tdb. See the smbpasswd(8) man page
391 18) Various fixes for UNIX CIFS extensions commands
392 19) Fixed CIDR notation in "hosts allow/deny"
393 20) Change semantics of an idle connection to mean "no open files and no
394 open handles". We cannot idle a connection if there are open named
395 pipe handles. This fixes scalability problem on Samba print servers
396 and NT/2k clients introduced in 2.2.4
397 21) Fix germam umlaut problem when returning ACL entries
398 22) Return NT_STATUS_OBJECT_NAME_NOT_FOUND for ENOENT. This fixes the bug
399 of running the Microsoft Access executable (msaccess.exe) and database
400 files from a Samba share documented in the 2.2.4 release
401 23) Corrected signal handling relating to directory change notification and
403 24) Fix bug in unix_to_nt_time() that appeared on files dated close to Daylight
405 25) Corrected alignment bug in spoolss parsing code which caused Win2k/XP
406 clients not to be able to view printer properties from a Samba host
407 26) Fixed spoolss parsing bug causing printing from ACT! 2000 running on
408 Windows 2k/XP clients to fail
409 27) Fixed incorrect error check in mod_share_entry()
410 28) Allow %S variable in MS-DFS root paths
411 29) Correct a bug regarding the use of 'wbinfo -A'
412 30) Fixed libnss_wins.so to correctly work on RedHat 7.3 systems
413 31) Store the key for a name-to-sid cache entry in upper case rather than
414 whatever case the request was made in. This gets rid of duplicate
416 32) Fix bug causing the pid stored in winbindd's pid file to be the wrong id
417 33) Enhanced error reporting messages of wbinfo
418 34) Parameterize block size on disk size return
419 35) Added new parameter to allow incoming ACLs to have owner and group forced
420 to the currently logged in user. This fixes the XCOPY /O problem
421 36) Fixed bug in local_change_password() caused by reusing a struct
423 37) Change default value for "ldap port" to 389 if "ldap ssl = no"
424 38) Updated HOWTO's, manpages, and general documentation....
425 39) Allow root as well as domain admins to open an LDAP connection
426 40) Fixed veto files bug with ".*"
427 41) Fixed uninitialized variable bug in smbpasswd that was causing a random
428 IP address to be used in the connection when joining a domain
429 42) Fix for joining a domain with a netbios name of 15 characters and
430 pre-creating the account on the DC
431 43) Added links to new documentation on SWAT welcome page
435 -----------------------------------------------------------------------------
436 The release notes for 2.2.4 follow :
438 There have been several fixes and internal enhancements which include:
440 * More/better SPOOLSS printing functionality for Windows
442 * Several fixes relating to serving PC database files such
443 as (Access and FoxPro) from a Samba file share.
444 * Several improves in Samba's VFS layer which can be seen
445 in the inclusion of a "Recycle Bin" vfs module. See
446 examples/VFS/README for more details on this.
447 * Addition of a tool (tdbbackup) for backup/restore of Samba's
449 * Continued improvements to winbind for greater scalability
451 * Several fixes related to Samba's MS-DFS support
452 * Rpcclient's various printer commands now work (again)
455 New/Changed parameters in 2.2.4
456 --------------------------------
458 For more information on these parameters, see the man pages for
461 Added/changed parameters
462 ------------------------
470 * winbind use default domain
473 Deprecated parameters
474 ---------------------
476 The following parameters have been marked as deprecated
477 and will be removed in Samba 3.0
481 * printer driver file
482 * printer driver location
494 See the cvs log for SAMBA_2_2 for more details
496 1) added -c option to smbpasswd
497 2) reworked smbpasswd internal command line option parsing
498 3) small various bug fixes to experimental pdb_tdb.c
499 4) Enforce spoolss RPCs based on the access granted at PrinterOpen()
500 5) Added missing access checks to [add/delete/set]form
501 6) Compile fixes for pam_smbpass
502 7) fix smbd crash when netbios session request fails from
503 spoolss_connect_to_client().
504 8) fixed logic bug that prevent SetPrinter() from storing devmode
505 9) Removed extra get_printer_snum() calls from set_printer_hnd_name()
506 10) fix joining domain on big endian machine when using -U to smbpasswd
507 11) allow command line arg to override smb.conf log level
508 12) continue to retry to register 1b name with wins server if there is an old IP there
509 13) fix smbclient print crash bug
510 14) 9x pnp fix when the config file and driver file are different
511 15) force testparm to print the correct value for log level
512 16) fix swat to show full log level info
513 17) fix server GetPrinterData() fields to be more sensible
514 18) fix logic error in SetPrinterDataEx()
515 19) Only set smb_read_error if not already set
516 20) Fix string returns that require unicode
517 21) Merge of printing performance fixes from appliance
518 22) lpq parsing fixes
519 23) Back port tridge's xcopy /o fix from HEAD
520 24) Fix the printer change notify code (unfinished)
521 25) Patch for Domain users not showing up
522 26) Fixed SetPrinterData(magic key) to support zero length DEVMODE
523 27) Ensure that all methods of looking up and connecting to DC's work
524 using identical logic.
525 28) Merge in the mutex code to stop multiple domain logon failure
527 30) Fix winbindd to respect command line debuglevel as nmbd/smbd
528 31) Update with tdbbackup from HEAD
529 32) Fix for typo on solaris nss
530 33) Merge in the locking changes from HEAD
531 34) Added POSIX ACL layer into the vfs
532 35) Fix the returning of domain enum
533 36) Fix the generation of the MACHINE.SID file into the secrets.tdb.
534 37) Enable test for -rdynamic when building binaries
535 38) Remove the "stat open" code - make it inline
536 39) Fix the mp3 rename bug
537 40) Fix for Explorer DFS problems on older Windows 9X machines
538 41) implement OpenPrinter() opnum == 0x01
539 42) Matched W2K *insane* open semantics....
540 43) small fix that will prevent the "failed to marshall
541 R_NET_SAMLOGON" message in the logs
542 42) don't do checking of local passdb in smbpasswd if using -r option
543 43) fix "smbpasswd -j DOMAIN -r * -U Admin%XXXX" so that it doesn't
544 try to connect to a server named '*'
545 44) merge rpcclient code from HEAD
546 45) Ensure MACHINE.SID update done before child spawns
547 46) Fix the bad path errors for mkdir so mkdir \a\b\c\d works
548 47) Removed --with-vfs - always built if available
549 48) Fixed psec for 2.2
550 49) Fixed the handle leak in the connection management code
551 50) fix disable spoolss after the switch to nt status codes
552 51) Added Shirish's client side caching policy change
553 52) Honor the specversion when parsing the the DEVICEMODE
554 53) fix parsing bug when DEVICEMODE's private data does not end
556 54) do not idle an smbd when there is an open pipe
557 55) when a new driver is added to a Samba server, cycle through
558 all printers and bump the change_id for each one bound to the driver
559 56) allow smbclient to work with a FIFO as well (needed for KDE
561 57) various updates to pdb_nisplus.c
562 58) many small documentation updates
563 59) removed many compiler warnings
566 -----------------------------------------------------------------------------
567 The release notes for 2.2.3a follow :
569 This is a minor bugfix release for the 2.2.3 release. The 2.2.3
570 release had a problem that was visible to Windows 2000 Explorer
571 users in that copying files into a share that already existed
572 failed with "Access Denied" rather than asking the user if an
573 overwrite was required. This was due to an incorrect error mapping
574 between the UNIX EXIST error code and the NT status error.
576 As Windows Explorer is a highly visible end user application a quick
577 bugfix release was required, hence 2.2.3a.
579 Compilation on HPUX versions earlier than HPUX 11 has also been
582 The cvs.log file is no longer included with this release, as it adds
583 13Mb to the size of the release, and is easily available on the Web.
585 -----------------------------------------------------------------------------
586 The release notes for 2.2.3 follow :
588 There are several important scaling bugs that have been fixed in this release
589 for large server systems so an upgrade is recommended.
594 Much work has been done on the LDAP backend code. The configure
595 option --with-ldapsam is now considered to be stable. The schema
596 used has changed, see the file examples/LDAP/samba.schema for the
599 New documentation explaining how to set up a Samba only PDC/BDC
600 setup has been added in the files Samba-LDAP-HOWTO and Samba-BDC-HOWTO
601 in the documentation tree.
603 winbindd daemon extended
604 ------------------------
606 Samba 2.2.2 was the first release to include the winbind daemon.
607 This code allows UNIX systems that implement the name service
608 switch (nss) to be entered into a Windows NT/2000 domain and
609 use the Domain controller for all user and group enumeration.
611 Samba 2.2.3 fixes the known memory leaks in winbindd and has
612 been extended to work with SGI IRIX and HPUX (11.x) in addition
613 to the earlier targets of Linux and Solaris.
615 For more information on using winbind, see the man pages for
618 Note that winbindd is not installed by default.
620 New/Changed parameters in 2.2.3
621 --------------------------------
623 For more information on these parameters, see the man pages for
626 Added/changed parameters.
627 -------------------------
631 Enables the experimental UNIX CIFS extensions in smbd. See the manpage
636 Some printer drivers will crash the Windows NT/2000 spooler service
637 if they are given a default devmode, some require it. This parameter
638 allows the administrator a choice of whether smbd returns such a
639 default devmode for a driver.
643 This parameter has been restored to allow people who wish smbd to ignore
644 client share modes. This is *very dangerous* and should not be set without
645 full knowledge of what this is designed for.
650 1). Fixed shared library compile for Solaris with native compiler.
651 2). UNIX CIFS extensions code added (donated by HP).
652 3). Changed to using NT status codes on the wire if the client can support
654 4). altname command to show 8.3 name added to smbclient.
655 5). const-safe endian macros now used.
656 6). client code now uses UNICODE on the wire.
657 7). Correctly return fault PDU's on bad handle.
658 8). Improved NT error code mapping table.
659 9). Many new point and print RPC calls added.
660 10). Win9x clients can now see full user list.
661 11). field added to identify simultaneous open files (no longer
662 use dev/inode/time as unique value).
663 12). HPUX ACL code added (donated by HP).
664 13). vfs interfaces updated (again !).
665 14). MSDOS Code Page 866 -> 1251 mapping added.
666 15). winbindd now processes quit/hup signals correctly.
667 16). No tdb traversal done on startup/shutdown - ensures scalability.
668 17). Fix bug with paths for homes share.
669 18). Fixed copyfile for OS/2.
670 19). Fix group membership when groups are on more than one line.
671 20). Fixed core dumps in posix ACL mapping code.
672 21). Tidyup of UNICODE functions (put/get).
673 22). Move rpcclient to the new libsmb code.
674 23). Add missing Windows 2000 passthough trans2 calls.
675 24). Return check all tdb calls.
676 25). Make local name lookup work even if wins server is down.
677 26). pam session code added to winbind.
678 27). Added winbindd cache to all lookups.
679 28). Fix allocate bugs that caused file sizes to be incorrect.
680 29). Fixed write cache code - now safe to use.
681 30). Fixed winbindd memory leaks.
682 31). winbindd will now do name lookups (to allow non Open Source
683 systems to do the nsswitch WINS lookup). Fixed by SGI.
684 32). passdb memory leaks fixed.
685 33). LDAP code updates and now properly maintained.
686 34). Finally figured out how changeid is meant to work.
687 35). Downlevel printing now looks as NT does in print monitor window.
688 36). Many fixups in spoolss printing RPC parsing.
689 37). Speed up password enumeration as a PDC.
690 38). Fix printer changed notify messages (work from HP).
691 39). Fix modify timestamp on close code.
692 40). Fix long standing mangled names bug.
693 41). Fix delete on close semantics.
694 42). Stop opening all files with O_NONBLOCK !
695 43). Use O_NOFOLLOW for systems that have it and don't want symlinks.
696 44). Ensure NT supplementary groups get added to user token.
697 45). Try and mitigate effects of DNS timeout (do less lookups).
698 46). Added current user connection context stack.
699 47). Fixes to utmp code.
700 48). smbw code tidyups.
701 49). Added tdb open log code. Several tdb fixes.
703 -----------------------------------------------------------------------------
704 The release notes for 2.2.2 follow :
706 New daemon included - winbindd
707 ------------------------------
709 Samba 2.2.2 is the first release to include the winbind daemon.
710 This code allows UNIX systems that implement the name service
711 switch (nss) to be entered into a Windows NT/2000 domain and
712 use the Domain controller for all user and group enumeration.
714 This allows a Samba server added to a Windows domain to serve
715 file and print services with *NO* local users needed in /etc/passwd
716 and /etc/group - all users and groups are read directly from the
717 Windows domain controller. In addition with pam_winbind which allows
718 a PAM enabled UNIX system to use a Windows domain for authentication
719 service this allows single sign on and account control across
720 UNIX and Windows systems.
722 The current version of winbindd shipped in 2.2.2 does have some
723 memory leaks, which will be addressed for the next Samba release,
724 so it is advisable to monitor the winbind process. This code is
725 being used in production by several vendors, so the leaks are
726 manageable. In addition, this version of winbind does not work
727 correctly against a Samba PDC, due to some missing calls on the
728 PDC side. These problems are being addressed for the next Samba
729 release, but it was thought better to release the code now rather
730 than delay the main Samba code to match the winbind release schedule.
732 For more information on using winbind, see the man pages for
735 Note that winbindd is not installed by default.
737 New/Changed parameters in 2.2.2
738 -------------------------------
740 For more information on these parameters, see the man pages for
743 Added/changed parameters.
744 -------------------------
748 Causes Samba not to create UNIX 'sparse' files, but to follow the
749 Windows behavior of always allocating on-disk space.
753 Set to 'on' by default, only set to 'off' on HPUX 11.x or below or other
754 UNIX systems that don't have coherent mmap/read-write internal caches.
755 You should not need to set this parameter.
759 This parameter has been changed to a per-share option, and is very
760 useful in enabling Windows 2000 SP2 to load/save profiles from a
763 New printing parameters.
764 ------------------------
768 Setting this parameter causes Samba to go back to the old 2.0.x
769 LANMAN printing behavior, for people who wish to disable the
774 Causes Windows NT/2000 clients to need have a local printer driver
775 installed and to treat the printer as local.
780 Samba 2.2.2 contains new code to maintain a Samba SAM database
781 on a remote LDAP server. These parameters have been added as
782 part of this code. These parameters are only available when Samba
783 has been compiled with the --with-ldapsam option.
791 The SSL support in Samba has been fixed. These new parameters
792 are part of the changes added. These parameters are only available
793 when Samba has been compiled with the --with-ssl option.
794 Please see the smb.conf man page for details.
800 New winbindd parameters.
801 ------------------------
803 These parameters are used by winbindd. See the man page for
804 winbindd for details.
825 Some new README's have been added in the docs/ directory. These cover
826 using roving profiles with Windows 2000 SP2 (docs/README.Win2kSP2),
827 and how to use Samba to help prevent Windows virus spread
828 (docs/README.Win32-Viruses).
830 Quota problems on a Linux 2.4 kernel.
831 -------------------------------------
833 Currently the quota interfaces have diverged between the Linus
834 2.4.x kernels and the Alan Cox 2.4.x kernels (the Alan Cox variants
835 are shipped with RedHat). Running quota-enabled Samba compiled on
836 an Alan Cox kernel works correctly on an Alan Cox kernel (the one
837 shipped by default with RedHat 7.x) but fails on a Linus kernel.
839 This is a mess, and hopefully Alan and Linus will sort it out soon.
840 In the meantime we need to ship.....
845 1). mmap tdb code disabled on HPUX. This should prevent the reports of
846 tdb corruption on HUPX.
847 2). Large file support set to off in Solaris 5.5 and below.
848 3). Better CUPS detection.
849 4). New SAM (password database) backends - smbpasswd (traditional),
850 LDAP, NIS+ and Samba TDB.
851 5). Quota fixups on Linux.
852 6). libsmbclient stand-alone code added. Can be built as a shared library
854 7). Tru64 ACL support added.
855 8). winbindd option added.
856 9). Realloc fail tidyup fixes all over the code.
857 10). Large improvement in hash table code efficiency - would be found with
859 11). Error code consistency improved (still needs more work).
860 12). Profile shared memory support added to nmbd.
861 13). New Windows 2000/NT passthrough info levels added.
862 14). readraw/writeraw code rewritten - many bugs fixed.
863 15). UNIX password sync (non pam) code fixed, use correct wildcard matcher.
864 16). Reverse DNS lookup avoided on socket open.
865 17). Bug preventing nmbd re-registering names on WINS server timeout fixed.
866 18). Zero length byte range lock code added. Much closer to Windows semantics.
867 19). Alignment fault fixes for Linux/Alpha.
868 20). Error checking on tdb returns vastly improved.
869 21). Handling of delete on close fixed. No longer possible to leave 'dead'
871 22). Handling of oplock break failure cleanups improved. Should not be
872 able to leave 'dead' entries.
873 23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts.
874 24). Misc. MS-DFS code fixes.
875 25). Ignore logon packets if not a PDC (needed for PDC/BDC failover).
876 26). winbind pam module added.
877 27). Order N^^2 enumeration of printers problem fixed.
878 28). Password backend database code re-ordered to allow different password
879 backends (at compile time currently).
880 29). Improved print driver version detection for Windows 2000.
881 30). Driver DEVMODE initialization fixes.
882 31). Improved SYSV print parse code.
883 32). Fixed enumeration of large numbers of users/groups from Windows clients.
885 33). Fix for buggy NetApp RPC pipe clients.
886 34). Fix for NT sending multiple SetPrinterDataEx calls.
887 35). Fix for logic bug where smbd could delay oplock break request messages
888 from other smbd daemons whilst client kept us busy.
889 36). Fix deadlock problem with connections tdb on enumeration.
890 37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways.
891 38). Removed unused readbmpx/writebmpx code.
892 39). Attempt to fix Linux 2.4.x quota mess.
893 40). Improved ctemp code for Windows 2000 compatibility.
894 41). Finally understood difference between set EOF and set allocation requests.
895 Added strict allocate parameter to help.
896 42). Correctly return name types on name to SID lookups.
897 43). tdb spinlock code update.
898 44). Use pread/pwrite on systems that have it to fix race condition in tdb code.
900 -----------------------------------------------------------------------------
901 The release notes for 2.2.1a follow :
903 This is a minor bugfix release for 2.2.1, *NOT* security related.
905 1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or
906 Windows2000 machine into a Samba hosted PDC would fail due to our
907 stricter user name checking. We were disallowing user names
908 containing '$', which is needed when using smbpasswd to add a
909 machine into a domain. Automatically adding machines (using the
910 native Windows tools) into a Samba domain worked correctly.
912 2.2.1a fixes this single problem.
914 -----------------------------------------------------------------------------
915 The release notes for 2.2.1 follow :
917 New/Changed parameters in 2.2.1
918 -------------------------------
923 obey pam restrictions
925 When Samba is configured to use PAM, turns on or off Samba checking
926 the PAM account restrictions. Defaults to off.
930 When Samba is configured to use PAM, turns on or off Samba passing
931 the password changes to PAM. Defaults to off.
935 New option to allow new Windows 2000 large file (64k) streaming
936 read/write options. Needs a 64 bit underlying operating system
937 (for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance
938 by 10% with Windows 2000 clients. Defaults to off. Not as tested
939 as some other Samba code paths.
943 Prevents clients from seeing the existence of files that cannot
944 be read. Off by default.
948 Turn on/off the enhanced Samba browsing functionality (*1B names).
949 Default is "on". Can prevent eternal machines in workgroups when
950 WINS servers are not synchronized.
962 1). "find" command removed for smbclient. Internal code now used.
963 2). smbspool updates to retry connections from Michael Sweet.
964 3). Fix for mapping 8859-15 characters to UNICODE.
965 4). Changed "security=server" to try with invalid username to prevent
967 5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC.
968 6). Support for Windows 9x Nexus tools to allow security changes from Win9x.
969 7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network
970 lock tester tool for distributed databases.
971 8). Preliminary support added for Windows 2000 large file read/write SMBs.
972 9). Changed random number generator in Samba to prevent guess attacks.
973 10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb.
974 smbd's clean the tdb files on startup and shutdown.
975 11). Fixes for default ACLs on Solaris.
976 12). Tidyup of password entry caching code.
977 13). Correct shutdowns added for send fails. Helps tdb cleanup code.
978 14). Prevent invalid '/' characters in workgroup names.
979 15). Removed more static arrays in SAMR code.
980 16). Client code is now UNICODE on the wire.
981 17). Fix 2 second timestamp resolution everywhere if dos timestamp set to yes.
982 18). All tdb opens now going through logging function.
983 19). Add pam password changing and pam restrictions code.
984 20). Printer driver management improvements (delete driver).
985 21). Fix difference between NULL security descriptors and empty
986 security descriptors.
987 22). Fix SID returns for server roles.
988 23). Allow Windows 2000 mmc to view and set Samba share security descriptors.
989 24). Allow smbcontrol to forcibly disconnect a share.
990 25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent
991 mmap/file read/write cache.
992 26). Fix race condition in returning create disposition for file create/open.
993 27). Fix NT rewriting of security descriptors to their canonical form for
995 28). Fix for Samba running on top of Linux VFAT ftruncate bug.
996 29). Swat fixes for being run with xinetd that doesn't set the umask.
997 30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft
998 TCP stack early ack specification error.
999 31). Changed lock & persistent tdb directory to /var/cache/samba by default on
1000 RedHat and Mandrake as they clear the /var/lock/samba directory on reboot.
1002 -----------------------------------------------------------------------------
1003 The release notes for 2.2.0a follow :
1008 This is a security bugfix release for Samba 2.2.0. This release provides the
1009 following two changes *ONLY* from the 2.2.0 release.
1011 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
1012 and described in the security advisory below.
1013 2). Fix for the hosts allow/hosts deny parameters not being honoured.
1015 No other changes are being made for this release to ensure a security fix only.
1016 For new functionality (including these security fixes) download Samba 2.2.1
1017 when it is available.
1019 The security advisory follows :
1022 IMPORTANT: Security bugfix for Samba
1023 ------------------------------------
1031 A serious security hole has been discovered in all versions of Samba
1032 that allows an attacker to gain root access on the target machine for
1033 certain types of common Samba configuration.
1035 The immediate fix is to edit your smb.conf configuration file and
1036 remove all occurances of the macro "%m". Replacing occurances of %m
1037 with %I is probably the best solution for most sites.
1042 A remote attacker can use a netbios name containing unix path
1043 characters which will then be substituted into the %m macro wherever
1044 it occurs in smb.conf. This can be used to cause Samba to create a log
1045 file on top of an important system file, which in turn can be used to
1046 compromise security on the server.
1048 The most commonly used configuration option that can be vulnerable to
1049 this attack is the "log file" option. The default value for this
1050 option is VARDIR/log.smbd. If the default is used then Samba is not
1051 vulnerable to this attack.
1053 The security hole occurs when a log file option like the following is
1056 log file = /var/log/samba/%m.log
1058 In that case the attacker can use a locally created symbolic link to
1059 overwrite any file on the system. This requires local access to the
1062 If your Samba configuration has something like the following:
1064 log file = /var/log/samba/%m
1066 Then the attacker could successfully compromise your server remotely
1067 as no symbolic link is required. This type of configuration is very
1070 The most commonly used log file configuration containing %m is the
1071 distributed in the sample configuration file that comes with Samba:
1073 log file = /var/log/samba/log.%m
1075 in that case your machine is not vulnerable to this attack unless you
1076 happen to have a subdirectory in /var/log/samba/ which starts with the
1082 Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
1089 While we recommend that vulnerable sites immediately change their
1090 smb.conf configuration file to prevent the attack we will also be
1091 making new releases of Samba within the next 24 hours to properly fix
1092 the problem. Please see http://www.samba.org/ for the new releases.
1094 Please report any attacks to the appropriate authority.
1099 ---------------------------------------------------------------------------
1101 The release notes for 2.2.0 follow :
1103 This is the official Samba 2.2.0 release. This version of Samba provides
1104 the following new features and enhancements.
1106 Integration between Windows oplocks and NFS file opens (IRIX and Linux
1107 2.4 kernel only). This gives complete data and locking integrity between
1108 Windows and UNIX file access to the same data files.
1110 Ability to act as an authentication source for Windows 2000 clients as
1111 well as for NT4.x clients.
1113 Integration with the winbind daemon that provides a single
1114 sign on facility for UNIX servers in Windows 2000/NT4 networks
1115 driven by a Windows 2000/NT4 PDC. winbind is not included in
1116 this release, it currently must be obtained separately. We are
1117 committed to including winbind in a future Samba 2.2.x release.
1119 Support for native Windows 2000/NT4 printing RPCs. This includes
1120 support for automatic printer driver download.
1122 Support for server supported Access Control Lists (ACLs).
1123 This release contains support for the following filesystems:
1127 Linux Kernel with ACL patch from http://acl.bestbits.at
1128 Linux Kernel with XFS ACL support.
1129 Caldera/SCO UnixWare
1131 FreeBSD (with external patch)
1133 Other platforms will be supported as resources are
1134 available to test and implement the necessary modules. If
1135 you are interested in writing the support for a particular
1136 ACL filesystem, please join the samba-technical mailing
1137 list and coordinate your efforts.
1139 On PAM (Pluggable Authentication Module) based systems - better debugging
1140 messages and encrypted password users now have access control verified via
1141 PAM - Note: Authentication still uses the encrypted password database.
1143 Rewritten internal locking semantics for more robustness.
1144 This release supports full 64 bit locking semantics on all
1145 (even 32 bit) platforms. SMB locks are mapped onto POSIX
1146 locks (32 bit or 64 bit) as the underlying system allows.
1148 Conversion of various internal flat data structures to use
1149 database records for increased performance and
1152 Support for acting as a MS-DFS (Distributed File System) server.
1154 Support for manipulating Samba shares using Windows client tools
1155 (server manager). Per share security can be set using these tools
1156 and Samba will obey the access restrictions applied.
1158 Samba profiling support (see below).
1160 Compile time option for enabling a (Virtual file system) VFS layer
1161 to allow non-disk resources to be exported as Windows filesystems
1162 (such as databases etc.).
1164 The documentation in this release has been updated and converted
1165 from Yodl to DocBook 4.1. There are many new parameters since 2.0.7
1166 and some defaults have changed.
1170 Support for collection of profile information. A shared
1171 memory area has been created which contains counters for
1172 the number of calls to and the amount of time spent in
1173 various system calls, smb transactions and nmbd activity. See
1174 the file profile.h for a complete listing of the information
1175 collected. Sample code for a samba pmda (collection agent
1176 for Performance Co-Pilot) has been included in the pcp
1179 To enable the profile data collection code in samba, you must
1180 compile samba with profile data support (run configure with
1181 the --with-profiling-data option). On startup, collection of
1182 data is disabled. To begin collecting data use the smbcontrol
1183 program to turn on profiling (see the smbcontrol man page).
1184 Profile information collection can be enabled for nmbd, all smbd
1185 processes or one or more selected processes. The profiling
1186 data collected is the aggregate for all processes that have
1189 With samba compiled for profile data collection, you may see
1190 a very slight degradation in performance even with profiling
1191 collection turned off. On initial tests with NetBench on an
1192 SGI Origin 200 server, this degradation was not measurable
1193 with profile collection off compared to no profile collection
1194 compiled into samba.
1196 With count profile collection enabled on all clients, the
1197 degradation was less than 2%. With full profile collection
1198 enabled on all clients, the degradation was about 8.5%.
1200 =====================================================================
1202 If you think you have found a bug please email a report to :
1206 As always, all bugs are our responsibility.
1212 <!--#include virtual="/samba/footer.html" -->