WHATS NEW IN 1.9.18p10 - August 24th 1998. ========================================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. Note that the 1.9.18p9 code was not distributed due to a (rare) crash bug discovered during the final QA testing phase. However, in order not to allow any confusion about versions the Samba Team are upping the patch revision number to ensure we can identify a particular release of code exactly. Note that most Samba Team effort is now going into working on the next major release which should contain some Windows NT Domain features. It is intended that any future work on the 1.9.18 series be security critical only bug fixes. An announcement will be made when the first alpha release of the next Samba series is available. There are several new parameters for smb.conf as well as a number of significant documentation updates. New parameters in 1.9.18p10. ---------------------------- strict sync ----------- This is a new per-share parameter, added due to some problems in the Windows 98 explorer. The Windows 98 explorer seems to always set the bit that causes writes to be synchronised to disk before continuing. This *kills* performance for copying of large files, and is almost certainly not what was intended (many windows programs don't know the difference between flush and sync). This new parameter is set to off by default and in this setting means that Samba will now ignore the sync bit in SMB requests. To regain the old behaviour set: "strict sync = on" in the [global] section of the smb.conf. ole locking compatibility ------------------------- This global parameter allows administrators who are confident in the abilities of their UNIX nfs locking daemon to turn off the mapping of OLE generated byte range locks that Samba does to prevent nfs locking daemons from crashing. This parameter is set to on by default (ie. the same behavior as previous Samba versions). queuepause command ------------------ This printer share specific parameter is part of the new print queue pausing code donated by Dirk DeWachter. This parameter specifies the UNIX command to run to pause a given print queue. See the smb.conf man page for details. queueresume command ------------------ This printer share specific parameter is part of the new print queue pausing code donated by Dirk DeWachter. This parameter specifies the UNIX command to run to resume a given print queue. See the smb.conf man page for details. Deprecated parameter - networkstation user login ------------------------------------------------ The default of the "networkstation user login" parameter has now changed from true to false, as new code in Samba protects smbd from the Windows NT bug this parameter was introduced to fix. This parameter is now deprecated and will be removed in a future Samba release. Deprecated parameter - domain controller ---------------------------------------- The meaning of this parameter changed in a previous Samba release from a string to a boolean (yes/no) value. It is currently not used within the Samba source and should be removed from all current smb.conf files. It is left behind for compatibility reasons. Bugfixes added since 1.9.18p8 ----------------------------- 1). Fixed bug that could cause password changing code to coredump 2). Fixed bug with client using incorrect WORKGROUP on startup. 3). Added print queue pausing code from Dirk.DeWachter@rug.ac.be (see "queuepause command" and "queueresume command" above). 4). "strict sync" parameter added (see above). 5). "ole locking compatibility" parameter added (see above). 6). Several changes to file byte range locking code to allow clients to correctly request exclusive and shared locks. 7). Fixed race condition in browser code that starts a new election if we need one - previously we could have failed to register the name we needed to participate in the election. 8). Fixed accidental overwrite of buffer that could cause nmbd crash. 9). Fixed small memory leak in WINS server code when rejecting a registration. 10). Fix 'recursion desired' flag when sending queries from nmbd WINS server. 11). Make sure we're using the correct version number in browser elections. 12). Fixed stupid bug I introduced in 1.9.18p8 that sent the username mapped user name to the password server in "security=server" mode. 13). Fixed filename translation bug where pathnames were going through the dos to unix conversion function twice. 14). Fix from klausr@ITAP.Physik.Uni-Stuttgart.De to stop smbd's that only write a few log entries from growing the log without bound. 15). Fix from branko.cibej@hermes.si to not reload the parameter file in the SIGHUP handler. 16). Added '-U' for remote user name to smbpasswd to allow normal users to change their password on an NT server if their UNIX username is different. 17). Fixed map username bug where username would only be mapped once. 18). Fix from to strip mount options in an automount home map. 19). Fixed bug in scanning directories where if a mangled name was returned as a resume key the 'find next' would fail. Thanks to Zoltan Palmai for finding that one. 20). Fix from John Blair to allow smbclient to 'put' from standard input. 21). Fix to go back to unix wildcard semantics for 'veto files' and 'hidden files' parameters. 22). Fix for Kanji characters in wildcards. 23). Fix to stop file descriptor leak on failure in password change code. 24). Fix to cause nmbd to re-install SIGPIPE handler. Documentation Updates. ---------------------- The following documentation files have been updated or created. Users are advised to check the following files for anything that may affect or help site configuration. 1) smb.conf.5 (updated) 2) BROWSING_Config.txt (new) 3) DOMAIN_CONTROL.txt (updated) 4) BROWSING.txt (updated) 5) Recent-FAQs.txt (new) 6) UNIX_SECURITY.txt (updated) 7) UNIX_INSTALL.txt (updated) 8) Printing.txt (updated) 9) DIAGNOSIS.txt (updated) If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.anu.edu.au As always, all bugs are our responsibility. Regards, The Samba Team. Previous release notes for 1.9.18p8 follow. ================================================================== Bugfixes added since 1.9.18p7 ----------------------------- 1). Fixed bug so Samba returns ERROR_MORE_DATA for long share lists that won't fit in the data buffer given by the client. 2). Made mapping of Windows to UNIX usernames only occur once per name. 3). Cause changing of SMB password to fail if UNIX pasword change fails and unix password sync is set. 4). Ensure the Samba names are added to the remote broadcast subnet to allow NT workstations to do a directed broadcast node status query (they seem to want to do this for some reason). 5). Fixed HPUX10 Trusted systems bigcrypt password authentication call. 6). Ensure smbd doesn't crash if 'account disabled' set in smbpasswd file. 7). Ensured 'revalidate' parameter is only checked if we're in share level security. 8). Ensure that password lengths are sanity checked even if in server level security. 9). Fix bug with multi-user NT systems where a file currently open by one user could always be opened by another. 10). Ensure we save the current user info and restore it correctly whilst in the oplock break state. 11). Added some simple sanity checks to testparam. 12). Added timezone sanity checks. 13). Re-wrote wildcard handling for trans2 calls. Wildcard matching now seems to be *identical* to NT (as far as I can tell). 14). Added facility for user list code to be explicit about checking UNIX group database or NIS netgroup list. Updated smb.conf detailing this. 15). Fixed bug in multibyte character handling when parsing a pathname. 16). Fixed file descriptor leak in client code. 17). Fixed QSORT_CAST compile bugs on many systems. 18). Added codepages 737 (Greek) and 861 (Icelandic). Previous release notes for 1.9.18p7 follow. ========================================================================= This release is a security hole patch fix for a security hole reported on BugTraq by Drago. The security hole may have allowed authenticated users to subvert security on the server by overflowing a buffer in a filename rename operation. It is as yet undetermined whether the security hole is actually exploitable because of existing buffer overflow checks in Samba and the limitations on available characters in filenames but the Samba Team considered the threat of a possible security hole enough to warrant an immediate patch release. It is highly recommended that all sites assume that the security hole is exploitable and upgrade to version 1.9.18p7 of Samba. The previous release 1.9.18p6, which was intended to fix the security hole, has compile problems on several platforms, and should not be used. Previous release notes for 1.9.18p5 follow. ========================================================================= Added features in 1.9.18p5 -------------------------- New parameters -------------- passwd chat debug This parameter is to allow Samba administrators to debug their password chat scripts more easily when they have "unix password sync" set. It is provided as a debugging convenience only and should be enabled only when debugging. Full documentation is in the smb.conf man page. update encrypted The code for this parameter was kindly donated by Bruce Tenison. If this parameter is set to "yes" (it defaults to "no") and an smbpasswd file exists containing all the valid users of a Samba system but no encrypted passwords (ie. the Lanman hash and NT hash entries in the file are set to "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"), then as users log in with plaintext passwords that are matched against their UNIX password entries, their plaintext passwords will be hashed and entered into the smbpasswd file. After all the users have successfully logged in using unencrypted passwords, the smbpasswd file will have the Lanman and NT hashes of these users UNIX passwords correctly stored. At that point the administrator can convert Samba to use encrypted passwords (and configure the Windows 95 and NT clients to send only encrypted passwords) and migrate to an encrypted setup without having to ask users to re-enter all their passwords explicitly. Note that to use this option the "encrypt passwords" parameter must be set to "no" when this option is set to "yes". See the smb.conf man page for up to date information on this parameter. Updates to smbtar ----------------- The following changes were developed by Richard Sharpe for Canon Information Systems Research Australia (CISRA). The Samba Team would like to thank Canon Information Systems Research Australia for their funding this effort, as such sponsorship advances the Samba project significantly. 1. Restore can now restore files with long file names 2. Save now saves directory information so that we can restore directory creation times 3. tar now accepts both UNIX path names and DOS path names. New document in docs/ directory ------------------------------- A new document, PROFILES.txt has been added to the docs/ directory. This is still a work in progress (currently consisting of a series of email exchanges) and will be updated over the coming releases. The document covers the task of getting roving profiles to work with a Samba server with Windows 95 and Windows NT clients. Bugfixes added since 1.9.18p4 ----------------------------- 1). Samba should now compile cleanly with the gcc -Wstrict-prototypes option. 2). New code page 852 tranlation table created by Petr Hubeny. 3). New "update encrypted" parameter (described above). 4). New "passwd chat debug" parameter (described above). 5). Updates to smbtar (described above). 6). Fix to do correct null session connections from nmbd and smbd. 7). Synchronous open flag is now honoured. 8). security=server now logs out correctly. 9). Fix to stop long printer job listings causing Win95 and smbd to spin the CPU & network. 10). Multibyte character fix that prevented the "character set" parameter working in 1.9.18p4. 11). Fix for problems with security=share and the [homes] share. 12). NIS+ patch to get home directory info. 13). Added FTRUNCATE_NEEDS_ROOT define for systems with broken ftruncate() call. 14). Fix for nmbd not allowing log append mode. 15). Fix for nmbd as a WINS server doing a name query after a WACK with the 'recursion desired' bit set - this would cause problems if directed at a machine running a WINS server. 16). Correctly ignore "become backup browser" requests, rather than logging them as a problem. 17). Use compressed names correctly as requested by RFC1002. 18). Workaround for bug where NT allows a guest logon and doesn't set the guest bit (in security=server mode). 19). Added SOFTQ print type. 20). Free filename on file close (long standing small memory leak fix). 21). Fix for lp_defaultservice() getting overwritten by rotating string buffers. 22). Print time in international, rather than USA, format. 23). Fix to queue a trans2 open request when oplock break pending. 24). Added Simplified Chinese codepage (936). 25). Fixed expansion bug with %U, %G when multiple sessionsetups done in security > SHARE mode. 26). Change to DEC enhanced mode security code to allow the same binary to work when in enhanced and basic security mode. This change affects all systems that define OSF1_ENH_SEC at compile time. Previous release notes for 1.9.18p4 follow. ========================================================================= Added features in 1.9.18p4 -------------------------- Changing passwords now supported -------------------------------- Samba now supports changing the SMB password from a Windows 95 client, using the standard Windows 95 password changing dialog. Note that by default this changes the SMB password, not the UNIX password (Samba must be set up with encrypted passwords in order to support this). The smbpasswd program has been re-written to take advantage of this feature, and now has no need to be a setuid root program, thus eliminating a potential security hole. As a side effect of this change smbpasswd can now be used on a UNIX machine to change users passwords on an NT machine. The new password changing code can also synchronize a users UNIX password at the same time a SMB password is being changed, if Samba is compiled with password changing enabled, and the new parameter 'unix password sync' is set to True. By default this is off, as it allows the password change program to be called as root, which may be considered a security problem at some sites. Name resolution order now user selectable ----------------------------------------- The resolution of NetBIOS names into IP addresses can be done in several different ways (broadcast, lmhosts, DNS lookup, WINS). Previous versions of Samba were inconsistant in which commands used which methods to look up IP addresses from a name. New in this version is a parameter (name resolve order, mentioned in the new parameters list below) that allows administrators to select the methods of name resolution, and the order in which such methods are applied. All Samba utilities have been changed to use the new name to IP address name resolution code and so this can be controlled from a central place. Expanded multi-byte character support ------------------------------------- In previous versions of Samba, Kanji (Japanese) character support was treated as a special case, making it the only multi-byte character set natively supported in Samba. New code has been added to generalize the multi-byte codepage support, with the effect that other multibyte codepage support can be easily added. The new codepages that this version ships with are Korean Hangul and Traditional Chinese. New Parameters in 1.9.18p4 -------------------------- name resolve order = lmhosts wins hosts bcast This parameter allows control over the order in which netbios name to IP Address resolution is attempted. Any method NOT specified will be excluded from the name resolution process. If this parameter is not specified then the above default order will be observed - this is consistent with prior releases. See the smb.conf and smbclient man pages for full details. See the above text for the announcement on this feature. fake directory create times This parameter is a compatibility option for software developers using Microsoft NMAKE make tool, saving files onto a Samba share. Setting this parameter to true causes Samba to lie to the client about the creation time of a directory, so NMAKE commands don't re-compile every file. unix password sync This parameter is set to False by default. When set to True, it causes Samba to attempt to synchronize the users UNIX password when a user is changing their SMB password. This causes the password change program to be run as root (as the new password change code has no access to the plaintext of the old password). Because of this, it is set off by default to allow sites to set their own security policy regarding UNIX and SMB password synchronization. This parameter has no effect if Samba has been compiled without password changing enabled. Changed compile-time default in 1.9.18p4 ---------------------------------------- The maximum length of a printer share name has now been increased to 15 characters - the same as file share names. Any one who needs to revert back to 8 character printer share name support can do so by adjusting the #define in local.h. Bugfixes added since 1.9.18p3 ----------------------------- 1). Fix for nmbd leaving the child nmbd running when doing DNS lookups as a WINS server. 2). Fix core dump in smbd when acting as a logon server with security=share. 3). Workaround for a bug in FTP OnNet software NBT implementation. It does a broadcast name release for WORKGROUP<0> and WORKGROUP<1e> names and don't set the group bit. 4). Ensure all the NetBIOS aliases are added to all the known interfaces on nmbd initialization. 5). Fix bug in multiple query name responses print code. 6). Fix to send out mailslot reply on correct interface. 7). Fix retranmission queue to scan WINS server subnet so nmbd retransmits queries needed when acting as a WINS server. Thanks to Andrey Alekseyev for spotting this one. 8). Send host announcement to correct 0x1d name rather than 0x1e name. 9). Fix for WINS server when returning multi-homed record, was returning one garbage IP address. 10). Fix for Thursby Software's 'Dave' client - ensure that a vuid of zero is always returned for them when in share level security (the spec say's it shouldn't matter, but it was causing them grief). 11). Added KRB4 authentication code. 12). Fix to allow max printer name to be 15 characters (see above). 13). Fix for name mangling cache bug - cache wasn't being used in some cases. 14). Fix for RH5.0 broken system V shared memory include files. 15). Fix for broken redirector use of resume keys between deletes in a directory. Samba now returns zero as resume keys (as does NT) and uses the resume filename instead. 16). Fix for systems that have a broken implementation of isalnum() - was causing gethostbyname to fail. 17). Fix for 'hide files' bug not working correctly (bug in is_in_path function - fix from Steven Hartland . 18). Fixed bug in smbclient where debug log level on the command line was being overridden by the log level in smb.conf. 19). Fixed bug in USE_MMAP code where client sending a silly offset to readraw could cause a smbd core dump. Bugfixes added since 1.9.18p2 ----------------------------- 1). Fix to cause oplocked files to be broken when open file table is full before giving up and reporting 'too many open files'. This fix seems to help many applications on Win95. 2). Fix to stop extra files being closed in user logoff code. 3). Fix to stop padded packet being returned on trans2 call. This bug could cause Windows 95 to freeze on some (rare) occasions. 4). Added fix for Visual C++ filetime changes (see above). 5). Made security check code an option (see above). 6). Fixed printer job enumeration in smbclient. 7). Re-added code into smbclient that causes it to do NetBIOS broadcast name lookups (as it used to in 1.9.17). 8). Fixed code dump bug in smbtar. 9). Fixed mapping code between Appletalk and Kanji filenames. 10). Tuned shared memory size based on open file table size. 11). Made nmbd log file names consistant with smbd. 12). Fixed nmbd problem where packet queues could grow without bound when connection to WINS server was down. 13). Fix for DCE login code. 14). Fix for system V printing to remove extra space in printer name. 15). Patch to add a new substitution paramter (%p) in a service patchname. Adds NIS home path (see the man page on smb.conf for details). Patch from Julian Field. 16). Fix to stop smbpassword code from failing when parsing invalid uid fields. 17). Made volume serial number constant based on machine and service name. 18). Added expand environment variables code from Branko Cibej. See the man page on smb.conf for details. 19). Fixed warnings in change_lanman_password code. Bugfixes added since 1.9.18p1 ----------------------------- 1). A deadlock condition in the oplock code has been found and fixed. This occured under heavy load at large sites. Several of the sites who reported the original problem have now been testing the code in this (1.9.18p2) release for a week now with no problems (previously the problem occurred within 3-6 hours). (Thanks to Peter Crawshaw of Mount Allison University for his great help in tracking down this bug). 2). Fix for a share level security problem that caused 'valid users' not to work correctly. 3). Addition of Russian code page support. 4). Fix to the password changing code (thanks to Randy Boring at Thursby Software Systems for this). 5). More fixes to the Windows 95 printer driver support code from Herb Lewis at SGI. 6). Two NetBIOS over TCP source name type fixes in nmbd. 7). Memory leak in the dynamic loading of services in an smb.conf file fixed. 8). LPRng parsing code fix. 9). Fix to try and return a 'best guess' of create time under UNIX (which doens't store such a file attribute). 10). Added parameters to samba/examples/smb.conf.default file : Remote announce, Remote browse sync, username map, filename case preservation and sensitivity options. 11). Reply to trans2 calls now aligns all parameters and data on 4 byte boundary. 12). Fixed SIGTERM bug where nmbd would hang on exit. 13). Fixed WINS server bug to allow spaces in WINS names. Bugfixes added since 1.9.18 --------------------------- 1). Fix for oplock-break problem. If an open crossed with an oplock break on the wire it was possible for the same fnum to be re-used. This caused a rare but fatal problem. 2). Fix for adding printers to Windows NT 4.x. Now return correct "no space error" when buffer of zero given. 3). Fix for nmbd core dumps when running on architectures that cannot access structures on non-aligned boundaries (sparc, alpha etc). 4). Compiler warnings in nmbd fixed. 5). Makefile updated for Linux 2.0 versions (new smbmount commands should only be compiled for 2.1.x kernels). 6). Addition of a timestamp to attack warning messages. Changes in 1.9.18. ------------------ This release contains several major changes and much re-written code. The main changes are : 1). Oplock support now operational. ----------------------------------- Samba now supports 'exclusive' and 'batch' oplocks. These are an advanced networked file system feature that allows clients to obtain a exclusive use of a file. This allows a client to cache any changes it makes locally, and greatly improves performance. Windows NT has this feature and prior to this release this was one of the reasons Windows NT could be faster in some situations. Samba has now been benchmarked as out performing Windows NT on equivalently priced hardware. The oplock code in Samba has been extensively tested and is believed to be completely stable. Please report any problems to the samba-bugs alias. 2). NetBIOS name daemon re-written. ----------------------------------- The old nmbd that has caused some users problems has now been completely re-written and now is much easier to maintain and add changes to. Changes include support for multi-homed hosts in the same way as an NT Server with multiple IP interfaces behaves (registers with the WINS server as a multi-homed name type), and also support for multi-homed name registration in the Samba WINS server. Another added feature is robustness in the face of WINS server failure, nmbd will now keep trying to contact the WINS server until it is successful, in the same way as an NT Server. Also in this release is an implementation of the Lanman announce protocol used by OS/2 clients. Thanks to Jacco de Leeuw for this code. 3). New Internationalization support. ------------------------------------- With this release Samba no longer needs to be separately compiled for Japanese (Kanji) support, the same binary will serve both Kanji and non-Kanji clients. A new method of dynamically loading client code pages has been added to allow the case insensitivity to be done dependent on the code page of the client. Note that Samba still will only handle one client code page at a time. This will be fixed when Samba is fully UNICODE enabled. Please see the new man page for make_smbcodepage for details on adding additional client code page support. 4). New Printing support. ------------------------- An implementation of the Windows 95 automatic printer driver installation has been added to smbd. To use this new feature please read the document: docs/PRINTER_DRIVER.txt Thanks to Jean-Francois Micouleau, and also Herb Lewis of Silicon Graphics for this new code. Printer support on System V systems (notably Solaris) has been improved with the addition of code generously donated by Norm Jacobs of Sun Microsystems. Sun have also made a Solaris SPARC workstation available to the Samba Team to aid in their porting efforts. Changed code. ------------- Samba no longer needs the libdes library to support encrypted passwords. Samba now contains a restricted version of DES that can only be used for authentication purposes (to comply with the USA export encryption regulations and to allow USA Mirror sites to carry Samba source code). The 'encrypt passwords' parameter may now be used without recompiling. Much of the internals of Samba has been re-structured to support the oplock and Domain controller changes. Samba now contains an implementation of share modes using System V shared memory as well as the mmap() based code. This was done to allow the 'FAST_SHARE_MODES' to be used on more systems (especially HPUX 9.x) that have System V shared memory, but not the mmap() call. The System V shared memory code is used by default on many systems as it has benchmarked as faster on many systems. The Automount code has been slightly re-shuffled, such that the home directory (and profile location) can be specified by \\%N\homes and \\%N\homes\profiles respectively, which are the defaults for these values. If -DAUTOMOUNT is enabled, then %N is the server component of the user's NIS auto.home entry. Obviously, you will need to be running Samba on the user's home server as well as the one they just logged in on. The RPC Domain code has been moved into a separate directory rpc_pipe/, and a LGPL License issued specifically for code in this directory. This is so that people can use this code in other projects. Missing feature. ---------------- One feature that we wanted to get into this release that was not possible due to the re-write of the nmbd code was the scalability features in the Samba WINS server. This feature is now tentatively scheduled for the next release (1.9.19). Apologies to anyone who was hoping for this feature to be included. The nmbd re-write will make it much easier to add such things in future. New parameters in smb.conf. --------------------------- New Global parameters. ---------------------- Documented in the smb.conf man pages : "bind interfaces only" "lm announce" "lm interval" "logon drive" "logon home" "min wins ttl" "max wins ttl" "username level" New Share level parameters. --------------------------- Documented in the smb.conf man pages : "delete veto files" "oplocks" Nascent web interface for configuration. ---------------------------------------- source/wsmbconf.c is a cgi-bin program for editing smb.conf. It can also be run standalone. This is in a very early stage of development. Debugging support. ------------------ smbd and nmbd will now modify their debug log level when they receive a USR1 signal (increase debug level by one) and USR2 signal (decrease debug level by one). This has been added to aid administrators track down faults that only occur after long periods of time, or transiently. Reporting bugs. --------------- If you have problems, or think you have found a bug please email a report to : samba-bugs@samba.anu.edu.au Please state the version number of Samba that you are running, and *full details* of the steps we need to reproduce the problem. As always, all bugs are our responsibility. Regards, The Samba Team.