| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
spurious output.
fixes PR pkg/22814 from Rob Quinn.
|
|
|
|
adduser and deluser scripts into ${PKG_SYSCONFDIR} that are capable of
dealing with usernames containing a "$". These scripts basically
accept the same options as useradd/userdel. They're meant to be used
in "add user script" and "delete user script" to deal with samba
machine accounts.
|
|
|
|
|
|
http://lists.xsec.it/pipermail/samba-it/2003-April/000321.html
|
|
USE_PKGINSTALL is "YES". bsd.pkg.install.mk will no longer automatically
pick up a INSTALL/DEINSTALL script in the package directory and assume that
you want it for the corresponding *_EXTRA_TMPL variable.
|
|
|
|
|
|
* findsmb is a perl script, and we need to substitute the correct path to
the perl interpreter.
* Don't create ${PREFIX}/private during a "make install" as it's a
completely useless directory.
* Don't bother to install the completely outdated Samba HTML documentation
that is superseded by the Samba HOWTO Collection documentation.
|
|
Should anybody feel like they could be the maintainer for any of thewe packages,
please adjust.
|
|
dependency bumps.
|
|
Addresses PR21086 by Rob Quinn <rquinn at sec dot sprint dot net>.
|
|
Changes since 2.2.8:
Digital Defense, Inc. has alerted the Samba Team to a serious
vulnerability in all stable versions of Samba currently shipping.
The Common Vulnerabilities and Exposures (CVE) project has assigned
the ID CAN-2003-0201 to this defect.
This vulnerability, if exploited correctly, leads to an anonymous
user gaining root access on a Samba serving system. All versions
of Samba up to and including Samba 2.2.8 are vulnerable. An active
exploit of the bug has been reported in the wild.
|
|
|
|
****************************************
* IMPORTANT: Security bugfix for Samba *
****************************************
The SuSE security audit team, in particular Sebastian Krahmer
<krahmer@suse.de>, has found a flaw in the Samba main smbd code which
could allow an external attacker to remotely and anonymously gain
Super User (root) privileges on a server running a Samba server.
This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a
inclusive. This is a serious problem and all sites should either
upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139
and 445. Advice created by Andrew Tridgell, the leader of the Samba
Team, on how to protect an unpatched Samba server is given at the end
of this section.
The SMB/CIFS protocol implemented by Samba is vulnerable to many
attacks, even without specific security holes. The TCP ports 139 and
the new port 445 (used by Win2k and the Samba 3.0 alpha code in
particular) should never be exposed to untrusted networks.
|
|
O_RDWR fails in fcbopen case, remember the errno from previous open_file()
call and set errno back to this value if the second open_file() call
fails too
this makes samba report EACCESS instead of confusing ENOENT if creation
of file fails due to insufficient permissions for SMBcreate/SMBmknew call
bump package revision
|
|
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set
to "YES". This enforces the requirement that bsd.pkg.install.mk be
included at the end of a package Makefile. Idea suggested by Julio M.
Merino Vidal <jmmv at menta.net>.
|
|
1) Fix for smbclient reporting negative file sizes on dir command
and negative statistics being reported when using put or get
on large files.
2) Fix bug in determination of allocation size
3) Fix 64bit size problems which prevented copying of files larger
than 2 GBytes.
4) Fix for xcopy /s problem with old DOS clients not sending correct
attributes on subsequent SMBsearch calls.
5) Fix bug in call to standard_sub_advanced giving a 0 length. This
fixes the string overflow in string_sub errors.
6) Correctly handle querygroup rpcclient command
7) fix broken incremental tar in smbtar command
|
|
A security hole has been discovered in versions 2.2.2 through 2.2.6
of Samba that could potentially allow an attacker to gain root access
on the target machine. The word "potentially" is used because there
is no known exploit of this bug, and the Samba Team has not been able to
craft one ourselves. However, the seriousness of the problem warrants
this immediate 2.2.7 release.
1) ensure we send the notify message in the same way it is expected
to be received by srv_spoolss_receive_message().
2) attribute matching on truncate only matters when opening truncate
with current SYSTEM|HIDDEN -> NONE. It's fine to truncate on open
with current NONE -> SYSTEM | HIDDEN.
3) Fix bug in rpcclient's deldriver command
4) Don't set global_machine_password_needs_changing if
lp_machine_password_timeout() is set to zero
5) don't parse the BUFFER5 if the buffer length is zero
6) fix core dump if pdbedit is run as non-root or smbpasswd file does
not exist
7) Ensure can_delete() returns correct error code
8) correctly return NT_STATUS_DELETE_PENDING from open code
9) fix bug that assumed dos_unistr2 length was in ucs2 units, not bytes
10) check the long_archi name is not null when deleting a printer driver.
fixes core dump in smbd when using rpcclient's deldriver
11) fix fd leak with kernel change notify on Linux 2.4 kernels
12) must add one to the extra_data size to transfer the 0 string
terminator. This was causing "wbinfo --sequence" to access past the
end of malloced memory
13) fix for large systems allowing more than 65536 files open in
NTcreate&X
14) Fix bug in %U expansion
|
|
can turn on or off. Bump PKGREVISION.
|
|
* Fixes for MS-RPC printing issues affecting Windows 2000 clients
* New support for smb.conf generation in SWAT
* Inclusion of several performance enhancements
* Fixes for several file locking bugs and returned status codes
|
|
|
|
|
|
script handling and using @RCD_SCRIPTS_SHELL@.
as discussed with jlam.
|
|
|
|
exists, then use it as the default value of DEINSTALL_EXTRA_TMPL or
INSTALL_EXTRA_TMPL.
|
|
have been converted to USE_BUILDLINK2.
|
|
|
|
|
|
and merge their patch collections. These two packages are built from the
same source tree, and updates to the main distfile should be shared by
both packages.
|
|
version 2.2.4nb1 is that there are the usual minor bug fixes, plus some
important ones:
* fix printing with Win2K/XP clients
* fixes related to using LDAP for the SAM
* fixes related to changing passwords
Pkgsrc changes:
* Fetch the .tar.bz2 file -- it's smaller.
* Use smb.conf.default as the sample config file and get rid of
the homegrown files/smb.conf.sample. smb.conf.default is more
informative and is a better resource.
* Remove irrelevant examples.
* Move convert_smbpasswd script to the examples/samba/misc
directory. It's pretty much outlived it's usefulness at this
point of the Samba release cycle.
|
|
element.
- Remove redundant PKGNAME and bump PKGREVISION to 1.
|
|
Make sure the new ones get defined from the old ones.
|
|
WHAT'S NEW IN Samba 2.2.4 - 2nd May 2002
=========================================
This is the latest stable release of Samba. This is the version that all
production Samba servers should be running for all current bug-fixes.
There have been several fixes and internal enhancements which include:
* More/better SPOOLSS printing functionality for Windows
NT/2k/XP clients.
* Several fixes relating to serving PC database files such
as (Access and FoxPro) from a Samba file share.
* Several improves in Samba's VFS layer which can be seen
in the inclusion of a "Recycle Bin" vfs module. See
examples/VFS/README for more details on this.
* Addition of a tool (tdbbackup) for backup/restore of Samba's
tdb's
* Continued improvements to winbind for greater scalability
and stability
* Several fixes related to Samba's MS-DFS support
* Rpcclient's various printer commands now work (again)
New/Changed parameters in 2.2.4
--------------------------------
For more information on these parameters, see the man pages for
smb.conf(5).
Added/changed parameters
------------------------
* csc policy
* inherit acls
* nt status support
* lock spin count
* lock spin time
* pid directory
* winbind use default domain
Depreciated parameters
----------------------
The following parameters have been marked as depreciated
and will be removed in Samba 3.0
* postscript
* printer driver
* printer driver file
* printer driver location
Removed Parameters
------------------
none
Changes in 2.2.4
----------------
See the cvs log for SAMBA_2_2 for more details
1) added -c option to smbpasswd
2) reworked smbpasswd internal command line option parsing
3) small various bug fixes to experimental pdb_tdb.c
4) Enforce spoolss RPCs based on the access granted at PrinterOpen()
5) Added missing access checks to [add/delete/set]form
6) Compile fixes for pam_smbpass
7) fix smbd crash when netbios session request fails from
spoolss_connect_to_client().
8) fixed logic bug that prevent SetPrinter() from storing devmode
9) Removed extra get_printer_snum() calls from set_printer_hnd_name()
10) fix joining domain on big endian machine when using -U to smbpasswd
11) allow command line arg to override smb.conf log level
12) continue to retry to register 1b name with wins server if there is an old IP there
13) fix smbclient print crash bug
14) 9x pnp fix when the config file and driver file are different
15) force testparm to print the correct value for log level
16) fix swat to show full log level info
17) fix server GetPrinterData() fields to be more sensible
18) fix logic error in SetPrinterDataEx()
19) Only set smb_read_error if not already set
20) Fix string returns that require unicode
21) Merge of printing performance fixes from appliance
22) lpq parsing fixes
23) Back port tridge's xcopy /o fix from HEAD
24) Fix the printer change notify code (unfinished)
25) Patch for Domain users not showing up
26) Fixed SetPrinterData(magic key) to support zero length DEVMODE
27) Ensure that all methods of looking up and connecting to DC's work
using identical logic.
28) Merge in the mutex code to stop multiple domain logon failure
29) Ignore 0/0 lock
30) Fix winbindd to respect command line debuglevel as nmbd/smbd
31) Update with tdbbackup from HEAD
32) Fix for typo on solaris nss
33) Merge in the locking changes from HEAD
34) Added POSIX ACL layer into the vfs
35) Fix the returning of domain enum
36) Fix the generation of the MACHINE.SID file into the secrets.tdb.
37) Enable test for -rdynamic when building binaries
38) Remove the "stat open" code - make it inline
39) Fix the mp3 rename bug
40) Fix for Explorer DFS problems on older Windows 9X machines
41) implement OpenPrinter() opnum == 0x01
42) Matched W2K *insane* open semantics....
43) small fix that will prevent the "failed to marshall
R_NET_SAMLOGON" message in the logs
42) don't do checking of local passdb in smbpasswd if using -r option
43) fix "smbpasswd -j DOMAIN -r * -U Admin%XXXX" so that it doesn't
try to connect to a server named '*'
44) merge rpcclient code from HEAD
45) Ensure MACHINE.SID update done before child spawns
46) Fix the bad path errors for mkdir so mkdir \a\b\c\d works
47) Removed --with-vfs - always built if available
48) Fixed psec for 2.2
49) Fixed the handle leak in the connection management code
50) fix disable spoolss after the switch to nt status codes
51) Added Shirish's client side caching policy change
52) Honor the specversion when parsing the the DEVICEMODE
53) fix parsing bug when DEVICEMODE's private data does not end
on a 4 byte boundary
54) do not idle an smbd when there is an open pipe
55) when a new driver is added to a Samba server, cycle through
all printers and bump the change_id for each one bound to the driver
56) allow smbclient to work with a FIFO as well (needed for KDE
ioslave)
57) various updates to pdb_nisplus.c
58) many small documentation updates
59) removed many compiler warnings
Known Bugs
----------
* Under certain conditions when serving the MS Access 2000
executable file and an Access database from a Samba share,
it is possible to experience data corruption. This pug does
does occur when the database is served from a Samba file share
but the Access *.exe is stored on the client's local file system.
The exact reason for this bug is unknown at this time.
|
|
Change from 2.2.3
-----------------
This is a minor bugfix release for the 2.2.3 release. The 2.2.3
release had a problem that was visible to Windows 2000 Explorer
users in that copying files into a share that already existed
failed with "Access Denied" rather than asking the user if an
overwrite was required. This was due to an incorrect error mapping
between the UNIX EEXIST error code and the NT status error.
As Windows Explorer is a highly visible end user application a quick
bugfix release was required, hence 2.2.3a.
Compilation on HPUX versions earlier than HPUX 11 has also been
corrected.
The cvs.log file is no longer included with this release, as it adds
13Mb to the size of the release, and is easily available on the Web.
|
|
Noted by Stoned Elipot <seb@netbsd.org> in private email.
|
|
is not defined, as that is the only time when the smbpasswd file is
consulted. Also don't create a the smbpasswd file from /etc/passwd, as
that generates a lot of bad users, e.g. root, daemon, operator, etc.
Instead, just create an empty smbpasswd file and rely on the admin to add
approved users to the smbpasswd file using "smbpasswd -a".
|
|
|
|
(2) Add "piddir" as /var/run and "pidfile dir" and "pidfile directory"
statement for smb.conf.
(3) Some fix for password synchronization but it isn't tested much and
it is almost useless under "encrypt passwords = yes" environment.
Changes for INSTALL and part of Makefile are provided by
"Johnny C. Lam" <jlam@netbsd.org> and (2) and (3) are got
from FreeBSD ports.
Bump revision to 1; samba-2.2.3nb1 now.
|
|
|
|
According to Samba 2.2.3 release announcement:
Much work has been done on the LDAP backend code. The configure
option --with-ldapsam is now considered to be stable. The schema
used has changed, see the file examples/LDAP/samba.schema for the
new schema.
New documentation explaining how to set up a Samba only PDC/BDC
setup has been added in the files Samba-LDAP-HOWTO and Samba-BDC-HOWTO
in the documentation tree.
|
|
Changes in 2.2.3
-----------------
1). Fixed shared library compile for Solaris with native compiler.
2). UNIX CIFS extensions code added (donated by HP).
3). Changed to using NT status codes on the wire if the client can support this.
4). altname command to show 8.3 name added to smbclient.
5). const-safe endian macros now used.
6). client code now uses UNICODE on the wire.
7). Correctly return fault PDU's on bad handle.
8). Improved NT error code mapping table.
9). Many new point and print RPC calls added.
10). Win9x clients can now see full user list.
11). fileid added to identify simultaneous open files (no longer
use dev/inode/time as unique value).
12). HPUX ACL code added (donated by HP).
13). vfs interfaces updated (again !).
14). MSDOS Code Page 866 -> 1251 mapping added.
15). winbindd now processes quit/hup signals correctly.
16). No tdb traversal done on startup/shutdown - ensures scalability.
17). Fix bug with paths for homes share.
18). Fixed copyfile for OS/2.
19). Fix group membership when groups are on more than one line.
20). Fixed core dumps in posix ACL mapping code.
21). Tidyup of UNICODE functions (put/get).
22). Move rpcclient to the new libsmb code.
23). Add missing Windows 2000 passthough trans2 calls.
24). Return check all tdb calls.
25). Make local name lookup work even if wins server is down.
26). pam session code added to winbind.
27). Added winbindd cache to all lookups.
28). Fix allocate bugs that caused file sizes to be incorrect.
29). Fixed write cache code - now safe to use.
30). Fixed winbindd memory leaks.
31). winbindd will now do name lookups (to allow non Open Source
systems to do the nsswitch WINS lookup). Fixed by SGI.
32). passdb memory leaks fixed.
33). LDAP code updates and now properly maintained.
34). Finally figured out how changeid is meant to work.
35). Downlevel printing now looks as NT does in print monitor window.
36). Many fixups in spoolss printing RPC parsing.
37). Speed up password enumeration as a PDC.
38). Fix printer changed notify messages (work from HP).
39). Fix modify timestamp on close code.
40). Fix long standing mangled names bug.
41). Fix delete on close semantics.
42). Stop opening all files with O_NONBLOCK !
43). Use O_NOFOLLOW for systems that have it and don't want symlinks.
44). Ensure NT suplementary groups get added to user token.
45). Try and mitigate effects of DNS timeout (do less lookups).
46). Added current user connection context stack.
47). Fixes to utmp code.
48). smbw code tidyups.
49). Added tdb open log code. Several tdb fixes.
|
|
|
|
as they might not be there depending on whether INSTALL_RCD_SCRIPTS is set
in /etc/mk.conf when the package is built. Instead, assume that the other
rc.d scripts are in the same place as this "meta" script and locate them
using "dirname $0". Problem noted by Stoned Elipot <seb@netbsd.org> in
private email.
|
|
print/lprng, we make a new variable USE_CUPS that is used by packages to
determine whether depend on print/cups and to compile in support for CUPS.
USE_CUPS may be either "YES" or undefined. Deprecate SAMBA_WITH_CUPS as
its purpose is superseded by USE_CUPS. Convert net/samba and net/samba20
to use USE_CUPS and make x11/kdelibs2 respect USE_CUPS.
|
|
automatically, so no need to do it ourselves.
|
|
1.69, but some were remained.
Fix the problem that some data files are installed into root directory,
noted from Lennart Augustsson <lennart@augustsson.net> private mail.
|
