1.69, but some were remained.
Fix the problem that some data files are installed into root directory,
noted from Lennart Augustsson <lennart@augustsson.net> private mail.
This value may be customized in various ways:
PKG_SYSCONFBASE is the main config directory under which all package
configuration files are to be found.
PKG_SYSCONFSUBDIR is the subdirectory of PKG_SYSCONFBASE under which the
configuration files for a particular package may be found.
PKG_SYSCONFDIR.${PKGBASE} overrides the value of ${PKG_SYSCONFDIR} for a
particular package.
Users will typically want to set PKG_SYSCONFBASE to /etc, or accept the
default location of ${PREFIX}/etc.
This obsoletes the use of CONFDIR, which was active for only 6 days, so no
need to have a workaround to still accept old CONFDIR settings.
provided by Luke Mewburn <lukem@wasabisystems.com> with modifications by
me to allow running on older NetBSD systems (so any errors in the script
are mine alone).
WHATS NEW IN Samba 2.2.1a: 11th July 2001
==========================================
This is the latest stable release of Samba. This is the version that all
production Samba servers should be running for all current bug-fixes.
This is a minor bugfix release for 2.2.1, *NOT* security related.
1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or
Windows2000 machine into a Samba hosted PDC would fail due to our
stricter user name checking. We were disallowing user names
containing '$', which is needed when using smbpasswd to add a
machine into a domain. Automatically adding machines (using the
native Windows tools) into a Samba domain worked correctly.
2.2.1a fixes this single problem.
New/Changed parameters in 2.2.1
-------------------------------
Added parameters.
-----------------
obey pam restrictions
When Samba is configured to use PAM, turns on or off Samba checking
the PAM account restrictions. Defaults to off.
pam password change
When Samba is configured to use PAM, turns on or off Samba passing
the password changes to PAM. Defaults to off.
large readwrite
New option to allow new Windows 2000 large file (64k) streaming
read/write options. Needs a 64 bit underlying operating system
(for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance
by 10% with Windows 2000 clients. Defaults to off. Not as tested
as some other Samba code paths.
hide unreadable
Prevents clients from seeing the existance of files that cannot
be read. Off by default.
enhanced browsing
Turn on/off the enhanced Samba browing functionality (*1B names).
Default is "on". Can prevent eternal machines in workgroups when
WINS servers are not synchronised.
Removed parameters.
-------------------
domain groups
domain admin users
domain guest users
Changes in 2.2.1
-----------------
1). "find" command removed for smbclient. Internal code now used.
2). smbspool updates to retry connections from Michael Sweet.
3). Fix for mapping 8859-15 characters to UNICODE.
4). Changed "security=server" to try with invalid username to prevent
account lockouts.
5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC.
6). Support for Windows 9x Nexus tools to allow security changes from Win9x.
7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network
lock tester tool for distributed databases.
8). Preliminary support added for Windows 2000 large file read/write SMBs.
9). Changed random number generator in Samba to prevent guess attacks.
10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb.
smbd's clean the tdb files on startup and shutdown.
11). Fixes for default ACLs on Solaris.
12). Tidyup of password entry caching code.
13). Correct shutdowns added for send fails. Helps tdb cleanup code.
14). Prevent invalid '/' characters in workgroup names.
15). Removed more static arrays in SAMR code.
16). Client code is now UNICODE on the wire.
17). Fix 2 second timstamp resolution everywhere if dos timestamp set to yes.
18). All tdb opens now going through logging function.
19). Add pam password changing and pam restrictions code.
20). Printer driver management improvements (delete driver).
21). Fix difference between NULL security descriptors and empty
security descriptors.
22). Fix SID returns for server roles.
23). Allow Windows 2000 mmc to view and set Samba share security descriptors.
24). Allow smbcontrol to forcibly disconnect a share.
25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent
mmap/file read/write cache.
26). Fix race condition in returning create disposition for file create/open.
27). Fix NT rewriting of security descriptors to their canonical form for
ACLs.
28). Fix for Samba running on top of Linux VFAT ftruncate bug.
29). Swat fixes for being run with xinetd that doesn't set the umask.
30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft
TCP stack early ack specification error.
31). Changed lock & persistant tdb directory to /var/cache/samba by default on
RedHat and Mandrake as they clear the /var/lock/samba directory on reboot.
WHATS NEW IN Samba 2.2.0a: 23rd June 2001
==========================================
SECURITY FIX
============
This is a security bugfix release for Samba 2.2.0. This release provides the
following two changes *ONLY* from the 2.2.0 release.
1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com)
and described in the security advisory below.
2). Fix for the hosts allow/hosts deny parameters not being honoured.
No other changes are being made for this release to ensure a security fix only.
For new functionality (including these security fixes) download Samba 2.2.1
when it is available.
The security advisory follows :
IMPORTANT: Security bugfix for Samba
------------------------------------
June 23rd 2001
Summary
-------
A serious security hole has been discovered in all versions of Samba
that allows an attacker to gain root access on the target machine for
certain types of common Samba configuration.
The immediate fix is to edit your smb.conf configuration file and
remove all occurances of the macro "%m". Replacing occurances of %m
with %I is probably the best solution for most sites.
Details
-------
A remote attacker can use a netbios name containing unix path
characters which will then be substituted into the %m macro wherever
it occurs in smb.conf. This can be used to cause Samba to create a log
file on top of an important system file, which in turn can be used to
compromise security on the server.
The most commonly used configuration option that can be vulnerable to
this attack is the "log file" option. The default value for this
option is VARDIR/log.smbd. If the default is used then Samba is not
vulnerable to this attack.
The security hole occurs when a log file option like the following is
used:
log file = /var/log/samba/%m.log
In that case the attacker can use a locally created symbolic link to
overwrite any file on the system. This requires local access to the
server.
If your Samba configuration has something like the following:
log file = /var/log/samba/%m
Then the attacker could successfully compromise your server remotely
as no symbolic link is required. This type of configuration is very
rare.
The most commonly used log file configuration containing %m is the
distributed in the sample configuration file that comes with Samba:
log file = /var/log/samba/log.%m
in that case your machine is not vulnerable to this attack unless you
happen to have a subdirectory in /var/log/samba/ which starts with the
prefix "log."
Credit
------
Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this
vulnerability.
New Release
-----------
While we recommend that vulnerable sites immediately change their
smb.conf configuration file to prevent the attack we will also be
making new releases of Samba within the next 24 hours to properly fix
the problem. Please see http://www.samba.org/ for the new releases.
Please report any attacks to the appropriate authority.
The Samba Team
security@samba.org
entry to prevent finding libncurses and unnecessary patches to configure
script to handle SSL location and probing libcups. Also use FILES_SUBST
instead of repeating a sed script throughout the Makefile.
CXXFLAGS, and LDFLAGS by the buildlink.mk files so remove the extra
definitions to add them from the package Makefiles. As advised by the
bsd.buildlink.mk file, also ensure that the buildlink.mk files are
included prior to defining any package-specific CFLAGS/LDFLAGS to ensure
that the buildlink directories are at the head of the compiler search
paths.
-I${BUILDLINK}/include through via CPPFLAGS as well as CFLAGS to ensure
that readline/readline.h is found by the configure script. Fixes
pkg/13110 by Jesse Off.
were previously enlarged by the sequence: lseek, write, munmap, mmap
and are now enlarged by: munmap, lseek, write, mmap.
The Samba team is already aware of the problem. I expect this patch will
be incorporated in a future release.
Use BUILDLINK_INCDIR, BUILDLINK_LIBDIR for locations of linked headers
and libraries. Create a variable BUILDLINK_TARGETS whose value is the
list of build-link targets to execute.
* Integration between Windows oplocks and NFS file opens (IRIX and Linux
2.4 kernel only). This gives complete data and locking integrity between
Windows and UNIX file access to the same data files.
* Ability to act as an authentication source for Windows 2000 clients as
well as for NT4.x clients.
* Integration with the winbind daemon that provides a single
sign on facility for UNIX servers in Windows 2000/NT4 networks
driven by a Windows 2000/NT4 PDC.
* Support for native Windows 2000/NT4 printing RPCs. This includes
support for automatic printer driver download.
* Support for server supported Access Control Lists (ACLs).
* On PAM (Pluggable Authentication Module) based systems - better debugging
messages and encrypted password users now have access control verified via
PAM - Note: Authentication still uses the encrypted password database.
* Rewritten internal locking semantics for more robustness.
This release supports full 64 bit locking semantics on all
(even 32 bit) platforms. SMB locks are mapped onto POSIX
locks (32 bit or 64 bit) as the underlying system allows.
* Conversion of various internal flat data structures to use
database records for increased performance and
flexibility.
* Support for acting as a MS-DFS (Distributed File System) server.
* Support for manipulating Samba shares using Windows client tools
(server manager). Per share security can be set using these tools
and Samba will obey the access restrictions applied.
* Samba profiling support
* Compile time option for enabling a (Virtual file system) VFS layer
to allow non-disk resources to be exported as Windows filesystems
(such as databases etc.).
Samba 2.0.9 is a security bugfix release which correctly fixes the problem
2.0.8 was supposed to address. (A bug in the handling of temporary files
that allowed local users to destroy data on local devices).
Samba 2.0.8 is a security bugfix release. Previous versions of Samba
had a bug with the handling of temporary files that allows local users
to destroy data on local devices. This bug was discovered during a
routine security audit by Caldera. While no exploitation of this bug
is known to have occurred it is fairly easy to exploit so sites with
untrusted local users should take the threat seriously.
Unfortunately we lose japanese language support by this update.
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.
While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).
Patch by Alistair Crooks <agc@netbsd.org>
supplied by Osamu OISHI <oishi@ims.ac.jp>.
Changes from 2.0.7.1.2a to 2.0.7.1.3:
- fixed bug that caused garbled output in browsing when
Samba was LMB.
- fixed bug that wrong file name length is sent to client in
short file name. It fixes bug that MS Access cannot run
under NT4 environment.
- multibyte characters are now allowed at fstype in
smb.conf.
- fixed bug that wrong string length is sent to client when
multibyte characters are used in Volume name.
- fixed bug that one extra memory block allocated in every
time and wasted it.
- included tools for administrating e.g. Coding System
modifier, replacement of `ls' or `cd' when CAP/HEX Coding
System is used.
- fixed bug about utmp.
complete list of changes can be found at http://www.samba.org/.
New Documentation in 2.0.7
--------------------------
O'Reilly and Associates have donated their book "Using Samba"
to the Samba community to be updated in a collaberative way
along with the Samba software. Starting with this release the
html of "Using Samba" will be distributed with the Samba software
as the online documentation for Samba. Bug fixes for the book
are encouraged as is new material. Please help us make this
documentation the best it can be for Samba !
Windows 2000 Issues
-------------------
This version of Samba has been tested with Windows 2000 and
the five known incompatibilities with Windows 2000 have been
fixed. See the "Changes in 2.0.7" list below for details.
New/Changed parameters in 2.0.7
-------------------------------
There are 5 new parameters in the smb.conf file.
utmp
utmp dir
utmp hostname
utmp consolidate
wtmp directory
These parameters are only available if the "--with-utmp"
option was selected at configure time. The yes/no option "utmp"
specifies whether utmp records should be recorded on user
logon/logoff. It defaults to "no". The "utmp dir" and "wtmp dir"
are string parameters specifying pathnames to the directories containing
the utmp/wtmp file databases. See the smb.conf man page for more details.
inherit permissions
This boolean parameter causes newly created files and directories
to inherit their initial permissions from their parent directory.
This can be very useful in propagating such things as the set-group
bit in directory heirarchies. See the smb.conf man page for more
details.
write cache size
This integer parameter specifies (in bytes) the size of a user level
per-file write cache that smbd will create for an oplocked file. This
can improve performance significantly for writing files by causing
writes to be done in large chunk sizes. If this parameter is set (it
defaults to zero which means no write cache) to the stripe size of
a raid volume then it will cause writes to be much more efficient.
Up to 10 write caches can be active simultaneously per smbd (allocated
for the first 10 oplocked file opens). All normal warnings about the
dangers of user level caching of data apply. See the smb.conf man page
for more details.
source environment
This pathname parameter causes Samba to read a list of environment
variables from a named file on startup. This can be useful in setting
up Samba in a clustered environment. See the smb.conf man page for more
details.
Ability to delete users added
-----------------------------
SWAT and smbpasswd can now delete users from the Samba smbpasswd file.
See the man page for smbpasswd for details.
Roving profile behavior finalized
---------------------------------
The change in behavior with roving profiles (using the "logon home"
parameter instead of the "logon path" parameter) introduced in 2.0.6
has been discovered to be consistant with the way Windows NT behaves,
and has been left as the default action. Please see the additional
notes in the "logon home" parameter description in the smb.conf man
page for more details.
* It turns out -lreadline also needs -ltermcap to link under ELF. I had
to patch the GNU configure script to make it correctly detect readline.
Are we going to have to do this to all the packages which depend upon
readline?
New/Changed parameters in 2.0.6
-------------------------------
There are 6 new parameters in the smb.conf file.
wins hook
This parameter allows an external program to be called
on all changes to a Samba WINS database, allowing dynamic
DNS updates.
debug hires timestamp
debug pid
debug uid
The above 3 parameters provide greater debug information.
preexec close
rootpreexec close
The above 2 parameters control the action taken on the
success or failure of a 'preexec' script.
There is also one removed parameter.
mangle locks
The addition of these new parameters and the removal of the old
is described in more detail in the smb.conf man page,
When using "security=domain" the "password server"
parameter can now be set to the string "*', which will
cause Samba to search for Domain controllers in the
same way that Windows NT does. See the smb.conf man
page for more details.
The "interfaces" parameter in smb.conf can now be dynamically
detected on startup and can also now take an interface name
such as eth0. See the smb.conf man page for the details
on the new features of the "interfaces" parameter.
nmbd has been enhanced to use this feature.
The syntax for the Linux-specific smbmount command has been changed
and is now compatible with the standard mount command. See the modified
smbmount man page for details.
Support for the UNIX CUPS printer standard has been added.
See www.cups.org for details. Thanks to the folks at Easy Software
Products for this code. Set the printcap name to "cups" to
enable this. See the smb.conf man page for details.
Changes in 2.0.6
-----------------
1). 64-bit locking removed from Linux autoconf build. This fixes
several Linux specific locking issues.
2). Crash bug fix in smbclient recursive processing. Fix from
E. Jay Berkenbilt (ejb@ql.org).
3). "history" command added to smbclient if readline available.
4). smbtar - updates files and directory message on restore.
5). smbmnt - 'u', 'g', 'r', 'f', 'd' options added by Andrew. See
man page for details.
6). smbmount updated to be useable by autofs on Linux. See the
samba/examples/autofs/README file for details.
7). Bug fixed where TCP_NODELAY was not being used by default in smbd.
8). Many oplock fixes. Samba now waits 30 seconds, not 45. Also
smbd no longer aborts on client break failure, but logs a message
and continues. This is what NT does. This should fix many "oplock
break" message problems people have been having.
9). New code from Andrew to dynamically detect interfaces. nmbd will
now attempt to dynamically detect interface changes and register names
as an interface goes "up".
10). Win95 ioctl for print jobs added by Matt.
11). Mapping for ISO8859-1 extended for codepage 437 and 850.
12). Code Page 737 -> ISO-8859-7 (Greek-Hellenic) mapping added.
13). Character strings now correctly converted from UNIX character set
format to DOS codepage when read from smb.conf or external passwd or
group files. Samba is now much more careful about what format external
strings should be converted to/from.
14). snprintf crash fix for IRIX 6.2 and below.
15). Increased timestamp debug fixes (adds milliseconds and uid/pid if
requested).
16). Optimisation for wildcard exact match requests.
17). Win95 wildcard semantics fix - unused code removed.
18). 'mangle locks' parameter removed. This now done automatically.
19). setXid() routines re-written to provide asserts and also to fix
AIX versions prior to 4.1.x.
20). MSG_WAITALL optimisation removed due to bugs in FreeBSD.
21). Length fix when writing UNICODE string.
22). oplock processing added to libsmb client code.
23). Added more client error message strings.
24). Fix bug with connecting to encrypted server when non-encrypted
password given.
25). In security=domain, password server extended to search for DC's
if parameter = '*'.
26). "root did not create samaphore" bug fixed.
27). random generator initialized early to prevent icons not showing
up in Win9x.
28). Logging fix after SIGHUP.
29). WINS hook external call added when nmbd is a WINS server.
30). Support for CUPS printer protocol added by Michael Sweet.
31). Support for NIS+ backend password database updates.
32). Handle dashes in print job id's. Fix from Dom.Mitchell@palmerharvey.co.uk
33). Race condition in UNIX password sync on some platforms fixed by Matt.
34). Dirptr leak from Win98 fixed.
35). Logic bug in handling of level II oplocks fixed.
36). smbd crash bug fix when opening directories.
37). Paranoia oplock fix from Charles Hoch (hoch@exemplary.com)
38). Fix Win2k problem where DCE/RPC is done on SMBwrite as well as SMBwriteX.
39). Fix Win95 redirector alignment bug that caused oplock break failures.
40). Preexec close code added.
41). Extra sanity checks in testparm code.
42). oplock tests added to smbtorture.
43). Tell SWAT user if logged in as root or not.
44). Solaris packaging fixes donated by VERITAS.
build a binary package with this definition would fail as the PLIST is
not correct.
If a package's documentation is overwhelming, it should arguably be handled
in a separate pre-requisite documentation package.
