File: WHATSNEW.txt

package info (click to toggle)
samba 1.9.18p8-2
  • links: PTS
  • area: main
  • in suites: hamm
  • size: 6,404 kB
  • ctags: 6,517
  • sloc: ansic: 60,637; sh: 1,095; perl: 650; makefile: 565; awk: 120; csh: 110
file content (610 lines) | stat: -rw-r--r-- 24,002 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
          WHATS NEW IN 1.9.18p8 - June 12th 1998.
          ======================================

This is the latest stable release of Samba. This is the
version that all production Samba servers should be running
for all current bug-fixes.

Note that most Samba Team effort is now going into working on the
next major release which should contain some Windows NT Domain 
features. It is intended that any future work on the 1.9.18 series
be maintenance only fixes.

An announcement will be made when the first alpha release of the next
Samba series is available.

Bugfixes added since 1.9.18p7
-----------------------------

1). Fixed bug so Samba returns ERROR_MORE_DATA for long share
    lists that won't fit in the data buffer given by the client.
2). Made mapping of Windows to UNIX usernames only occur once per
    name.
3). Cause changing of SMB password to fail if UNIX pasword change
    fails and unix password sync is set.
4). Ensure the Samba names are added to the remote broadcast subnet
    to allow NT workstations to do a directed broadcast node status
    query (they seem to want to do this for some reason).
5). Fixed HPUX10 Trusted systems bigcrypt password authentication call.
6). Ensure smbd doesn't crash if 'account disabled' set in smbpasswd
    file.
7). Ensured 'revalidate' parameter is only checked if we're in share
    level security.
8). Ensure that password lengths are sanity checked even if in server
    level security.
9). Fix bug with multi-user NT systems where a file currently open by
    one user could always be opened by another.
10). Ensure we save the current user info and restore it correctly
     whilst in the oplock break state.
11). Added some simple sanity checks to testparam.
12). Added timezone sanity checks.
13). Re-wrote wildcard handling for trans2 calls. Wildcard matching
     now seems to be *identical* to NT (as far as I can tell).
14). Added facility for user list code to be explicit about checking
     UNIX group database or NIS netgroup list. Updated smb.conf 
     detailing this.
15). Fixed bug in multibyte character handling when parsing a pathname.
16). Fixed file descriptor leak in client code.
17). Fixed QSORT_CAST compile bugs on many systems.
18). Added codepages 737 (Greek) and 861 (Icelandic).

If you have problems, or think you have found a bug please email 
a report to :

        samba-bugs@samba.anu.edu.au

As always, all bugs are our responsibility.

Regards,

        The Samba Team. 


Previous release notes for 1.9.18p7 follow.
=========================================================================

This release is a security hole patch fix for a security hole reported
on BugTraq by Drago. The security hole may have allowed authenticated
users to subvert security on the server by overflowing a buffer in a
filename rename operation. It is as yet undetermined whether the
security hole is actually exploitable because of existing buffer
overflow checks in Samba and the limitations on available characters
in filenames but the Samba Team considered the threat of a possible
security hole enough to warrant an immediate patch release.

It is highly recommended that all sites assume that the security hole
is exploitable and upgrade to version 1.9.18p7 of Samba.

The previous release 1.9.18p6, which was intended to fix the
security hole, has compile problems on several platforms, and
should not be used.

Previous release notes for 1.9.18p5 follow.
=========================================================================

Added features in 1.9.18p5
--------------------------

New parameters
--------------

passwd chat debug

This parameter is to allow Samba administrators to debug their password
chat scripts more easily when they have "unix password sync" set. It is
provided as a debugging convenience only and should be enabled only when
debugging. Full documentation is in the smb.conf man page.

update encrypted

The code for this parameter was kindly donated by Bruce Tenison.
If this parameter is set to "yes" (it defaults to "no") and an smbpasswd
file exists containing all the valid users of a Samba system but
no encrypted passwords (ie. the Lanman hash and NT hash entries in
the file are set to "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"), then as
users log in with plaintext passwords that are matched against  
their UNIX password entries, their plaintext passwords will be  
hashed and entered into the smbpasswd file. After all the users
have successfully logged in using unencrypted passwords, the
smbpasswd file will have the Lanman and NT hashes of these users
UNIX passwords correctly stored. At that point the administrator
can convert Samba to use encrypted passwords (and configure the
Windows 95 and NT clients to send only encrypted passwords) and
migrate to an encrypted setup without having to ask users to re-enter
all their passwords explicitly. Note that to use this option the
"encrypt passwords" parameter must be set to "no" when this option
is set to "yes". See the smb.conf man page for up to date information 
on this parameter.

Updates to smbtar
-----------------

The following changes were developed by Richard Sharpe for Canon Information
Systems Research Australia (CISRA). The Samba Team would like to thank
Canon Information Systems Research Australia for their funding this
effort, as such sponsorship advances the Samba project significantly.

  1. Restore can now restore files with long file names
  2. Save now saves directory information so that we can restore
     directory creation times
  3. tar now accepts both UNIX path names and DOS path names.

New document in docs/ directory
-------------------------------

A new document, PROFILES.txt has been added to the docs/ directory.
This is still a work in progress (currently consisting of a series 
of email exchanges) and will be updated over the coming releases.
The document covers the task of getting roving profiles to work with
a Samba server with Windows 95 and Windows NT clients.

Bugfixes added since 1.9.18p4
-----------------------------

1). Samba should now compile cleanly with the gcc -Wstrict-prototypes
option.
2). New code page 852 tranlation table created by Petr Hubeny.
3). New "update encrypted" parameter (described above).
4). New "passwd chat debug" parameter (described above).
5). Updates to smbtar (described above).
6). Fix to do correct null session connections from nmbd and smbd.
7). Synchronous open flag is now honoured.
8). security=server now logs out correctly.
9). Fix to stop long printer job listings causing Win95 and smbd to
spin the CPU & network.
10). Multibyte character fix that prevented the "character set" parameter
working in 1.9.18p4.
11). Fix for problems with security=share and the [homes] share.
12). NIS+ patch to get home directory info.
13). Added FTRUNCATE_NEEDS_ROOT define for systems with broken ftruncate()
call.
14). Fix for nmbd not allowing log append mode.
15). Fix for nmbd as a WINS server doing a name query after a WACK with
the 'recursion desired' bit set - this would cause problems if directed
at a machine running a WINS server.
16). Correctly ignore "become backup browser" requests, rather than
logging them as a problem.
17). Use compressed names correctly as requested by RFC1002.
18). Workaround for bug where NT allows a guest logon and 
doesn't set the guest bit (in security=server mode).
19). Added SOFTQ print type.
20). Free filename on file close (long standing small memory leak fix).
21). Fix for lp_defaultservice() getting overwritten by rotating string
buffers.
22). Print time in international, rather than USA, format.
23). Fix to queue a trans2 open request when oplock break pending.
24). Added Simplified Chinese codepage (936).
25). Fixed expansion bug with %U, %G when multiple sessionsetups done
in security > SHARE mode.
26). Change to DEC enhanced mode security code to allow the same
binary to work when in enhanced and basic security mode. This change affects
all systems that define OSF1_ENH_SEC at compile time.

Previous release notes for 1.9.18p4 follow.
=========================================================================

Added features in 1.9.18p4
--------------------------

Changing passwords now supported
--------------------------------

Samba now supports changing the SMB password from a Windows 95 client,
using the standard Windows 95 password changing dialog. Note that by
default this changes the SMB password, not the UNIX password (Samba
must be set up with encrypted passwords in order to support this).

The smbpasswd program has been re-written to take advantage of this
feature, and now has no need to be a setuid root program, thus eliminating
a potential security hole. As a side effect of this change smbpasswd
can now be used on a UNIX machine to change users passwords on an NT
machine.

The new password changing code can also synchronize a users UNIX
password at the same time a SMB password is being changed, if Samba
is compiled with password changing enabled, and the new parameter
'unix password sync' is set to True. By default this is off, as
it allows the password change program to be called as root, which
may be considered a security problem at some sites.

Name resolution order now user selectable
-----------------------------------------

The resolution of NetBIOS names into IP addresses can be done in
several different ways (broadcast, lmhosts, DNS lookup, WINS). 
Previous versions of Samba were inconsistant in which commands
used which methods to look up IP addresses from a name. New in
this version is a parameter (name resolve order, mentioned in
the new parameters list below) that allows administrators to
select the methods of name resolution, and the order in which
such methods are applied. All Samba utilities have been changed
to use the new name to IP address name resolution code and
so this can be controlled from a central place.

Expanded multi-byte character support
-------------------------------------

In previous versions of Samba, Kanji (Japanese) character 
support was treated as a special case, making it the only
multi-byte character set natively supported in Samba. New
code has been added to generalize the multi-byte codepage
support, with the effect that other multibyte codepage support
can be easily added. The new codepages that this version
ships with are Korean Hangul and Traditional Chinese.

New Parameters in 1.9.18p4
--------------------------

name resolve order = lmhosts wins hosts bcast

This parameter allows control over the order in which netbios name to
IP Address resolution is attempted. Any method NOT specified will be
excluded from the name resolution process. If this parameter is not
specified then the above default order will be observed - this is
consistent with prior releases. See the smb.conf and smbclient man
pages for full details. See the above text for the announcement on
this feature.

fake directory create times

This parameter is a compatibility option for software developers
using Microsoft NMAKE make tool, saving files onto a Samba share.
Setting this parameter to true causes Samba to lie to the client
about the creation time of a directory, so NMAKE commands don't
re-compile every file.

unix password sync

This parameter is set to False by default. When set to True, it
causes Samba to attempt to synchronize the users UNIX password
when a user is changing their SMB password. This causes the
password change program to be run as root (as the new password
change code has no access to the plaintext of the old password).
Because of this, it is set off by default to allow sites to
set their own security policy regarding UNIX and SMB password
synchronization.

This parameter has no effect if Samba has been compiled without
password changing enabled.

Changed compile-time default in 1.9.18p4
----------------------------------------

The maximum length of a printer share name has now been increased to 15
characters - the same as file share names. Any one who needs to revert back
to 8 character printer share name support can do so by adjusting the #define
in local.h.

Bugfixes added since 1.9.18p3
-----------------------------

1). Fix for nmbd leaving the child nmbd running when doing DNS
lookups as a WINS server.
2). Fix core dump in smbd when acting as a logon server with 
security=share.
3). Workaround for a bug in FTP OnNet software NBT implementation.
It does a broadcast name release for WORKGROUP<0> and WORKGROUP<1e>
names and don't set the group bit.
4). Ensure all the NetBIOS aliases are added to all the known 
interfaces on nmbd initialization.
5). Fix bug in multiple query name responses print code.
6). Fix to send out mailslot reply on correct interface.
7). Fix retranmission queue to scan WINS server subnet so
nmbd retransmits queries needed when acting as a WINS server.
Thanks to Andrey Alekseyev <fetch@muffin.arcadia.spb.ru> for
spotting this one.
8). Send host announcement to correct 0x1d name rather than
0x1e name.
9). Fix for WINS server when returning multi-homed record,
was returning one garbage IP address.
10). Fix for Thursby Software's 'Dave' client - ensure
that a vuid of zero is always returned for them when in
share level security (the spec say's it shouldn't matter,
but it was causing them grief).
11). Added KRB4 authentication code.
12). Fix to allow max printer name to be 15 characters (see above).
13). Fix for name mangling cache bug - cache wasn't being
used in some cases.
14). Fix for RH5.0 broken system V shared memory include
files.
15). Fix for broken redirector use of resume keys between
deletes in a directory. Samba now returns zero as resume
keys (as does NT) and uses the resume filename instead.
16). Fix for systems that have a broken implementation
of isalnum() - was causing gethostbyname to fail.
17). Fix for 'hide files' bug not working correctly (bug
in is_in_path function - fix from Steven Hartland 
<steven_hartland@pa.press.net>.
18). Fixed bug in smbclient where debug log level on the
command line was being overridden by the log level in smb.conf.
19). Fixed bug in USE_MMAP code where client sending
a silly offset to readraw could cause a smbd core dump.

Bugfixes added since 1.9.18p2
-----------------------------

1). Fix to cause oplocked files to be broken when open
file table is full before giving up and reporting 'too
many open files'. This fix seems to help many applications
on Win95.
2). Fix to stop extra files being closed in user logoff
code.
3). Fix to stop padded packet being returned on
trans2 call. This bug could cause Windows 95 to freeze
on some (rare) occasions.
4). Added fix for Visual C++ filetime changes (see above).
5). Made security check code an option (see above).
6). Fixed printer job enumeration in smbclient.
7). Re-added code into smbclient that causes it to do NetBIOS
broadcast name lookups (as it used to in 1.9.17).
8). Fixed code dump bug in smbtar.
9). Fixed mapping code between Appletalk and Kanji filenames.
10). Tuned shared memory size based on open file table size.
11). Made nmbd log file names consistant with smbd.
12). Fixed nmbd problem where packet queues could grow
without bound when connection to WINS server was down.
13). Fix for DCE login code.
14). Fix for system V printing to remove extra space
in printer name.
15). Patch to add a new substitution paramter (%p) in
a service patchname. Adds NIS home path (see the man page
on smb.conf for details). Patch from Julian Field.
16). Fix to stop smbpassword code from failing when
parsing invalid uid fields.
17). Made volume serial number constant based on machine
and service name.
18). Added expand environment variables code from Branko 
Cibej. See the man page on smb.conf for details.
19). Fixed warnings in change_lanman_password code.


Bugfixes added since 1.9.18p1
-----------------------------

1). A deadlock condition in the oplock code has been found
and fixed. This occured under heavy load at large sites. Several
of the sites who reported the original problem have now been 
testing the code in this (1.9.18p2) release for a week now with
no problems (previously the problem occurred within 3-6 hours).
(Thanks to Peter Crawshaw of Mount Allison University for
his great help in tracking down this bug).
2). Fix for a share level security problem that caused 
'valid users' not to work correctly.
3). Addition of Russian code page support.
4). Fix to the password changing code (thanks to Randy Boring
at Thursby Software Systems for this).
5). More fixes to the Windows 95 printer driver support
code from Herb Lewis at SGI.
6). Two NetBIOS over TCP source name type fixes in nmbd.
7). Memory leak in the dynamic loading of services in an
smb.conf file fixed.
8). LPRng parsing code fix.
9). Fix to try and return a 'best guess' of create time
under UNIX (which doens't store such a file attribute).
10). Added parameters to samba/examples/smb.conf.default file :
Remote announce, Remote browse sync, username map, filename
case preservation and sensitivity options.
11). Reply to trans2 calls now aligns all parameters and
data on 4 byte boundary.
12). Fixed SIGTERM bug where nmbd would hang on exit.
13). Fixed WINS server bug to allow spaces in WINS names.

Bugfixes added since 1.9.18
---------------------------

1). Fix for oplock-break problem. If an open crossed
with an oplock break on the wire it was possible for the 
same fnum to be re-used. This caused a rare but fatal
problem.
2). Fix for adding printers to Windows NT 4.x. Now
return correct "no space error" when buffer of zero 
given.
3). Fix for nmbd core dumps when running on architectures
that cannot access structures on non-aligned boundaries
(sparc, alpha etc).
4). Compiler warnings in nmbd fixed.
5). Makefile updated for Linux 2.0 versions (new smbmount
commands should only be compiled for 2.1.x kernels).
6). Addition of a timestamp to attack warning messages.

Changes in 1.9.18.
------------------

This release contains several major changes and much re-written 
code.

The main changes are :

1). Oplock support now operational.
-----------------------------------

Samba now supports 'exclusive' and 'batch' oplocks.
These are an advanced networked file system feature
that allows clients to obtain a exclusive use of a 
file. This allows a client to cache any changes it
makes locally, and greatly improves performance.

Windows NT has this feature and prior to this
release this was one of the reasons Windows NT
could be faster in some situations. Samba has
now been benchmarked as out performing Windows
NT on equivalently priced hardware.

The oplock code in Samba has been extensively
tested and is believed to be completely stable.

Please report any problems to the samba-bugs alias.

2). NetBIOS name daemon re-written.
-----------------------------------

The old nmbd that has caused some users problems
has now been completely re-written and now is
much easier to maintain and add changes to.

Changes include support for multi-homed hosts
in the same way as an NT Server with multiple
IP interfaces behaves (registers with the WINS
server as a multi-homed name type), and also
support for multi-homed name registration in
the Samba WINS server. Another added feature
is robustness in the face of WINS server failure,
nmbd will now keep trying to contact the WINS 
server until it is successful, in the same
way as an NT Server.

Also in this release is an implementation
of the Lanman announce protocol used by
OS/2 clients. Thanks to Jacco de Leeuw for 
this code.

3). New Internationalization support.
-------------------------------------

With this release Samba no longer needs to be
separately compiled for Japanese (Kanji) support,
the same binary will serve both Kanji and non-Kanji
clients.

A new method of dynamically loading client code pages
has been added to allow the case insensitivity to
be done dependent on the code page of the client.

Note that Samba still will only handle one client
code page at a time. This will be fixed when
Samba is fully UNICODE enabled.

Please see the new man page for make_smbcodepage
for details on adding additional client code page
support.

4). New Printing support.
-------------------------

An implementation of the Windows 95 automatic printer
driver installation has been added to smbd. To use this
new feature please read the document:

docs/PRINTER_DRIVER.txt

Thanks to Jean-Francois Micouleau, and also Herb Lewis
of Silicon Graphics for this new code.

Printer support on System V systems (notably Solaris)
has been improved with the addition of code generously
donated by Norm Jacobs of Sun Microsystems. Sun have
also made a Solaris SPARC workstation available to the
Samba Team to aid in their porting efforts.


Changed code.
-------------

Samba no longer needs the libdes library to support
encrypted passwords. Samba now contains a restricted
version of DES that can only be used for authentication
purposes (to comply with the USA export encryption
regulations and to allow USA Mirror sites to carry
Samba source code). The 'encrypt passwords' parameter
may now be used without recompiling.

Much of the internals of Samba has been re-structured
to support the oplock and Domain controller changes.

Samba now contains an implementation of share modes
using System V shared memory as well as the mmap()
based code. This was done to allow the 'FAST_SHARE_MODES'
to be used on more systems (especially HPUX 9.x) that
have System V shared memory, but not the mmap() call.

The System V shared memory code is used by default on
many systems as it has benchmarked as faster on many
systems.

The Automount code has been slightly re-shuffled, such
that the home directory (and profile location) can be
specified by \\%N\homes and \\%N\homes\profiles
respectively, which are the defaults for these values.
If -DAUTOMOUNT is enabled, then %N is the server
component of the user's NIS auto.home entry.  Obviously,
you will need to be running Samba on the user's home
server as well as the one they just logged in on.

The RPC Domain code has been moved into a separate directory
rpc_pipe/, and a LGPL License issued specifically for code
in this directory.  This is so that people can use this
code in other projects.

Missing feature.
----------------

One feature that we wanted to get into this release
that was not possible due to the re-write of the nmbd
code was the scalability features in the Samba WINS server.
This feature is now tentatively scheduled for the next
release (1.9.19). Apologies to anyone who was hoping
for this feature to be included. The nmbd re-write
will make it much easier to add such things in future.

New parameters in smb.conf.
---------------------------

New Global parameters.
----------------------

Documented in the smb.conf man pages :

	"bind interfaces only"

        "lm announce"
        "lm interval"

	"logon drive"
	"logon home"

        "min wins ttl"
        "max wins ttl"

	"username level"

New Share level parameters.
---------------------------

Documented in the smb.conf man pages :

	"delete veto files"
	"oplocks"

Nascent web interface for configuration.
----------------------------------------

source/wsmbconf.c is a cgi-bin program for editing smb.conf. It can
also be run standalone. This is in a very early stage of development.

Debugging support.
------------------

smbd and nmbd will now modify their debug log level when
they receive a USR1 signal (increase debug level by one)
and USR2 signal (decrease debug level by one). This has
been added to aid administrators track down faults that
only occur after long periods of time, or transiently.

Reporting bugs.
---------------

If you have problems, or think you have found a
bug please email a report to :

	samba-bugs@samba.anu.edu.au

Please state the version number of Samba that
you are running, and *full details* of the steps
we need to reproduce the problem.

As always, all bugs are our responsibility.

Regards,

	The Samba Team.