r4516: current with 3.0 as of r4514. Updated release notes

6 files changed, 322 insertions, 25 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index d86a85de9f9..0b03148e1ba 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,17 +1,26 @@
-                   ==============================
-                   Release Notes for Samba 3.0.10
-                             Dec 16, 2004
-                   ==============================
+                   ==================================
+                   Release Notes for Samba 3.0.11pre1
+                                Jan 4, 2005
+                   ===================================
 
-This is the latest stable release of Samba. This is the version
-that production Samba servers should be running for all current 
-bug-fixes.  This is primarily a security release to address 
-CAN-2004-1154.  See the "Changes" section for details on exact 
-updates.
+This is a preview release of the Samba 3.0.2 code base and
+is provided for testing only.  This release is *not* intended
+for production servers.  However, there have been several bug
+fixes since 3.0.10 that we feel are important to make available
+to the Samba community for wider testing.
 
-Common bugs fixed in 3.0.10 include:
+Common bugs fixed in 3.0.11pre1 include:
 
-  o Fix for security issues described in CAN-2004-1154.
+  o Numerous printing bugs bugs including memory 
+    bloating on large/busy print servers.
+  o Compatibility issues with Exchange 5.5 SP4.
+  o sendfile fixes.
+
+Additional features introduced in Samba 3.0.11pre1:
+
+  o Winbindd performance improvements.
+  o More 'net rpc campire' functionality.
+ 
 
 
 
@@ -19,6 +28,258 @@ Common bugs fixed in 3.0.10 include:
 Changes
 #######
 
+Changes since 3.0.10
+--------------------
+
+smb.conf changes
+----------------
+    Parameter Name              	Action
+    --------------              	------
+    afs token lifetime			New
+    min password length			Deprecated
+
+    
+commits
+-------
+
+o   Jeremy Allison <jra@samba.org>
+    * Extend vfs to add seekdir/telldir/rewinddir.
+    * Fix dirent return.
+    * Fix bugs when handling secondary trans2 requests.
+    * Implementation of get posix acls in UNIX extensions.
+    * Added set posix acl functionality into the UNIX extensions code.
+    * Updated config.guess/config.sub .
+    * Fix error reply when 'follow symlinks = no'.
+    * BUG 1061, 2045: Only set mtime from pending_modtime if it's 
+      not already zero.
+    * Fixes for LARGE_READX support.
+    * Fix the problem we get on Linux where sendfile fails, but we've
+      already sent the header using send().
+    * BUG 2081: Ensure SE_DESC_DACL_PROTECTED is set if 'map acl 
+      inherit = no'.
+    * BUG 2088: Ensure inherit permissions is only applied on a new 
+      file, not an existing one.
+    * Don't go fishing for the krb5 authorisation data unless we know
+      it's there.
+    * BUG 2110: Ensure we convert to ucs2 correctly after the 
+      CAN-2004-0930 patch.
+    * Make strict locking an enum. Auto means use oplock optimization.
+    * Fix client  & server to allow 127k READX calls.
+    * More *alloc fixes (includes additional fixes by Albert Chin.
+    * Catch sendfile errors correctly and return the correct values 
+      we want the caller to return.
+
+
+o   Timur Bakeyev <timur@com.bat.ru>
+    * BUG 2100: change the way we check for errors after a dlopen().
+    
+    
+o   Andrew Bartlett <abartlet@samba.org>
+    * Clarify error message when 'lanman auth = no'.
+    * Remove the unnecessary UTF-8 conversion calls in the calls to
+      auth_winbind from smbd.
+    
+
+o   Gerald (Jerry) Carter <jerry@samba.org>
+    * BUG 2073: fall back to smb_name if current_user_info is not
+      available in lp_file_list_changed().
+    * Fixes the spurious 'register_message_flags: tdb fetch failed' 
+      errors.
+    * Don't run the backgroup LPQ daemon when we are running in
+      interactive mode.
+    * prevent the background LPQ daemon from updating the print queue
+      cache just because multiple smbd processes sent a message that
+      it was out of date.
+    * consolidate printer searches to use find_service rather than 
+      for(...) loops.
+    * BUG 2091: don't remove statically defined printers in 
+      remove_stale_printers().
+    * Fix logic error in add_a_form() that only compared N characters 
+      instead of the entire form name.
+    * BUG 2107: fix memory bloating caused by large numbers of 
+      print_queue_updates() requests sent via messages.tdb.
+    * Check the setprinter(3) based on the access permissions on 
+      the handle and avoid the call to print_access_chaeck().
+      
+
+o   Nadav Danieli <nadavd@exanet.com>
+    * Short circuit some is_locked() tests if we are oplocked.
+    
+    
+o   Guenther Deschner <gd@samba.org> 
+    * Allow 'localhost' as a valid server name in the smbd for the
+      spoolss calls.
+    * Fix KRB5_SETPW-defines, no change in behaviour (Thanks to Luke
+      Mewburn for the input).
+    * BUG 2059: Add additional checks needed after logic change to the
+      HAVE_WRFILE_KEYTAB detection test.
+    * BUG 1076: Fix interaction with Exchange 5.5. SP4 and a 
+      Samba DC.  Allow us to lookup at least our own SID.
+    * More fixes to have proper german in swat (Thanks to Reiner 
+      Klaproth and Björn Jacke.
+    * BUG 404, 2076: Allow to set OWNER- and GROUP-entries while 
+      setting security descriptors with smbcacls and using with 
+      the -S or -M switch. 
+    * Include the munged_dial, bad_password_count, lopgon_count, and 
+      logon_hours attributes when running 'net rpc vampire'.
+    * Fix segfault in idmap_rid.
+    * When winbindd is operating in the multi-mapping mode of 
+      idmap_rid, allow BUILTIN domain-mapping.
+    * Display infolevel 12 in query_dom_info in rpcclient.
+    * Fix bug in winbindd's lowercasing of usernames.
+    * Allow -v or -l for displaying verbose groupmap-listing 
+      as well as "verbose".
+    * Backport Samba4 SAM_DELTA_DOMAIN_INFO for use in 'net rpc 
+      vampire'.
+    * Close LDAP-Connection before retrying to open a new connection 
+      in the retry-loop.
+    * Marking "min password length" as depreciated.  
+    * Implement SAMR query_dom_info-call info-level 8 server- and 
+      client-side, based on samba4-idl.
+
+
+
+o   Jay Fenlason <fenlason@redhat.com>
+    * Fix crash in 'net join' due to calling free on 
+      static buffers.
+
+
+o   Rob Foehl <rwf@loonybin.net>.
+    * Compiler warnings.
+    * Try modifying printer published attributes before adding it a
+      new entry in AD.
+    * Solaris packaging fixes.
+    * Don't force the cups printer-make-and-model tag as the comment
+      for autoloaded printers.
+    
+
+o   Johann Hanne <jhml@gmx.net>
+    * BUG 2038: Only fail winbindd_getgroups() if all lookups fail.
+
+
+o   David Hu <david.hu@hp.com>
+    * Copy structure from print_queue_update() message rather than 
+      referencing it.  Fixes seg fault on HP-UX.
+      
+      
+o   Buck Huppmann <buckh@pobox.com>
+    * BUG 2186: Don't free uninitialized credentials.
+    * BUG 2189: Add the HOST/fqdn servicePrincipalName even when 
+      dnsDomainName != realm.
+   
+
+o   Björn Jacke <bjoern@j3e.de>
+    * BUG 2040: Ensure the locale is reset to C to get ASCII-
+      compatible toupper/lower functions.
+
+
+o   William Jojo <jojowil@hvcc.edu>
+    * Fix HPUX sendfile and add configure.in tests and code for
+      sendfile on AIX.
+      
+
+o   Volker Lendecke <vl@samba.org>
+    * Optimize anonymous session setups by workstations in a 
+      Samba domain.
+    * Reimplment the QueryUserAliases() server RPC reply.
+    * Re-add the getpwnam-cache for performance.
+    * Cache the result of a pdb_getsampwnam for later SID lookup 
+      queries.
+    * Unify the means of localtaing a user's global groups on a 
+      Samba DC.
+    * Fix bug when serving the 'Start Menu' in a roaming user profile..
+    * Map more pre-defined NT security descriptors to AFS acls.
+    * Add timeout to AD searche requests.
+    * If a connection to a DC is requested (in winbindd), open
+      connections simultaeneously to all DCs found.
+    * Memleak fixes.
+    * Fix logic error in handling of 'printcap name' parameter.
+    * Prevent winbindd from SPAM'ing the log files with 'user root 
+      does not exist'.
+    * Baclkport samr_DomInfo2 IDL specification from Samba 4.
+    * Implement smbstatus -n, don't lookup users and groups.
+    * Implement a stupid mapping that maps the space to another 
+      character choosable by afsacl:space.
+    * Add support for 'net idmap delete <idmap-file> <SID>'.
+    * Add new parameter 'afs token lifetime' tells the AFS client 
+      when to throw away a token (patch from kllin@it.su.se).
+
+
+o   Jim McDonough <jmcd@us.ibm.com>
+    * BUG 1952: Try INITSHUTDOWN pipe first, used by newer 
+      clients.  If it fails, fall back to WINREG.
+    * BUG 1770: Remove READ_ATTRIBUTES from GENERIC_EXECUTE.
+
+
+o   Luke Mewburn <lukem@NetBSD.org>
+    * BUG 2150: shmget() - Use POSIX definitions instead of non-
+      standard SHM_.
+      
+
+o   Buchan Milne <bgmilne@mandrake.org>
+    * Mandrake packaging fixes.
+     
+
+o   Lars Mueller <lmuelle@suse.de>
+    * Fix build of libsmbclient on x86_64.
+    * BUG 2013: Fix testsuite build issues when libsmbclient.so 
+      is installed in a non-default location.
+    * BUG 2050: Calculate max_fd for select correctly.
+    * Fix inverted logic heck for HAVE_WRFILE_KEYTAB in autoconf 
+      script.
+
+
+o   Jason Mader <jason@ncac.gwu.edu>
+    * BUG 2069: Remove unused variables.
+    * BUG 2075: Remove dead code paths.
+    * BUG 2083: Fix compiler warnings caused by bad type casts.
+
+
+o   Gavrie Philipson <gavrie@disksites.com>
+    * BUG 1838: Remove stale printers imeeddiately when 
+      processing a SIGHUP and during smb.conf reload.
+
+      
+o   Tim Potter <tpot@samba.org>
+    * BUG 2080: Fix duplicate call to pdb_get_acct_desc().
+    * BUG 2168: Fix cast in SMB_XMALLOC_ARRAY.
+    * Change the license for the winbindd external interface 
+      more liberal.
+    * HP-UX compile fixes.
+
+    
+o   Simo Sorce <idra@samba.org>
+    * Backport pdbedit changes from trunk.
+
+
+o   Andrew Tridgell <tridge@samba.org>
+    * Bring Samba3 into line with the Samba4 password change code.
+    
+
+o   Jelmer Vernooij <jelmer@samba.org>
+    * Bug fixes for pdb_{xml,pqsql,xml}
+
+
+o   Shiro Yamada <shiro@miraclelinux.com>
+    * BUG 2190: Force SWAT to display parameters in unix charset and 
+      not UTF-8.
+
+
+
+Changes for older versions follow below:
+
+      --------------------------------------------------
+                   ==============================
+                   Release Notes for Samba 3.0.10
+                             Dec 16, 2004
+                   ==============================
+
+Common bugs fixed in 3.0.10 include:
+
+  o Fix for security issues described in CAN-2004-1154.
+
+
+      
 Changes since 3.0.9
 -------------------
 
@@ -45,8 +306,6 @@ o   Luke Mewburn <lukem@NetBSD.org>
      
 
 
-Changes for older versions follow below:
-
       --------------------------------------------------
 
                    =============================
diff --git a/source/include/smb.h b/source/include/smb.h
index 49d3d29ac03..a7db0c0a868 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -1066,7 +1066,7 @@ struct bitmap {
 #define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE_ACCESS|FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|\
 							FILE_WRITE_EA|FILE_APPEND_DATA|SYNCHRONIZE_ACCESS)
 
-#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|FILE_READ_ATTRIBUTES|\
+#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE_ACCESS|\
 								FILE_EXECUTE|SYNCHRONIZE_ACCESS)
 
 /* Mapping of access rights to UNIX perms. */
diff --git a/source/libads/ldap.c b/source/libads/ldap.c
index c18e253f7b2..8c37a90e732 100644
--- a/source/libads/ldap.c
+++ b/source/libads/ldap.c
@@ -1454,7 +1454,7 @@ static ADS_STATUS ads_add_machine_acct(ADS_STRUCT *ads, const char *machine_name
 	psp4 = talloc_asprintf(ctx, "HOST/%s", my_fqdn);
 	strlower_m(&psp4[5]);
 	for (i = 0; i < next_spn; i++) {
-		if (strequal(servicePrincipalName[i], psp3))
+		if (strequal(servicePrincipalName[i], psp4))
 			break;
 	}
 	if (i == next_spn) {
diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c
index 8cc44074abe..dd12a438cae 100644
--- a/source/rpc_server/srv_samr_util.c
+++ b/source/rpc_server/srv_samr_util.c
@@ -251,6 +251,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
 	}
 
 	if (from->fields_present & ACCT_LOGON_HOURS) {
+		pstring old, new;
 		DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
 		if (from->logon_divs != pdb_get_logon_divs(to)) {
 			pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
@@ -262,8 +263,11 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from)
 		}
 
 		DEBUG(15,("INFO_21 LOGON_HRS.HOURS: %s -> %s\n",pdb_get_hours(to),from->logon_hrs.hours));
-		/* Fix me: only update if it changes --metze */
-		pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
+		pdb_sethexhours(old, pdb_get_hours(to));
+		pdb_sethexhours(new, (const char *)from->logon_hrs.hours);
+		if (!strequal(old, new)) {
+			pdb_set_hours(to, from->logon_hrs.hours, PDB_CHANGED);
+		}
 
 		/* This is max logon hours */
 		DEBUG(10,("INFO_21 UNKNOWN_6: %08X -> %08X\n",pdb_get_unknown_6(to),from->unknown_6));
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index e8a110d083e..fccdc5f5ba5 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -380,8 +380,11 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta)
 	}
 
 	if (delta->hdr_parameters.buffer) {
+		DATA_BLOB mung;
 		old_string = pdb_get_munged_dial(account);
-		new_string = unistr2_static(&delta->uni_parameters);
+		mung.length = delta->hdr_parameters.uni_str_len;
+		mung.data = (uint8 *) delta->uni_parameters.buffer;
+		new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(mung);
 
 		if (STRING_CHANGED)
 			pdb_set_munged_dial(account, new_string, PDB_CHANGED);
@@ -408,10 +411,29 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta)
 			pdb_set_logoff_time(account, unix_time,PDB_CHANGED);
 	}
 
+	/* Logon Divs */
 	if (pdb_get_logon_divs(account) != delta->logon_divs)
 		pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED);
 
-	/* TODO: logon hours */
+	/* Max Logon Hours */
+	if (delta->unknown1 != pdb_get_unknown_6(account)) {
+		pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED);
+	}
+
+	/* Logon Hours Len */
+	if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) {
+		pdb_set_hours_len(account, delta->buf_logon_hrs.buf_len, PDB_CHANGED);
+	}
+
+	/* Logon Hours */
+	if (delta->buf_logon_hrs.buffer) {
+		pstring old, new;
+		pdb_sethexhours(old, pdb_get_hours(account));
+		pdb_sethexhours(new, (const char *)delta->buf_logon_hrs.buffer);
+		if (!strequal(old, new))
+			pdb_set_hours(account, (const char *)delta->buf_logon_hrs.buffer, PDB_CHANGED);
+	}
+
 	if (pdb_get_bad_password_count(account) != delta->bad_pwd_count)
 		pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED);
 
diff --git a/source/web/swat.c b/source/web/swat.c
index 48537d1d049..7bd9837c371 100644
--- a/source/web/swat.c
+++ b/source/web/swat.c
@@ -193,6 +193,7 @@ static void show_parameter(int snum, struct parm_struct *parm)
 {
 	int i;
 	void *ptr = parm->ptr;
+	char *utf8_s1, *utf8_s2;
 
 	if (parm->class == P_LOCAL && snum >= 0) {
 		ptr = lp_local_ptr(snum, ptr);
@@ -214,10 +215,17 @@ static void show_parameter(int snum, struct parm_struct *parm)
 			char **list = *(char ***)ptr;
 			for (;*list;list++) {
 				/* enclose in quotes if the string contains a space */
-				if ( strchr_m(*list, ' ') ) 
-					printf("\'%s\'%s", *list, ((*(list+1))?", ":""));
-				else
-					printf("%s%s", *list, ((*(list+1))?", ":""));
+				if ( strchr_m(*list, ' ') ) {
+					push_utf8_allocate(&utf8_s1, *list);
+					push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""));
+					printf("\'%s\'%s", utf8_s1, utf8_s2);
+				} else {
+					push_utf8_allocate(&utf8_s1, *list);
+					push_utf8_allocate(&utf8_s2, ((*(list+1))?", ":""));
+					printf("%s%s", utf8_s1, utf8_s2);
+				}
+				SAFE_FREE(utf8_s1);
+				SAFE_FREE(utf8_s2);
 			}
 		}
 		printf("\">");
@@ -238,16 +246,20 @@ static void show_parameter(int snum, struct parm_struct *parm)
 
 	case P_STRING:
 	case P_USTRING:
+		push_utf8_allocate(&utf8_s1, *(char **)ptr);
 		printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">",
-		       make_parm_name(parm->label), *(char **)ptr);
+		       make_parm_name(parm->label), utf8_s1);
+		SAFE_FREE(utf8_s1);
 		printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%s\'\">",
 			_("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
 		break;
 
 	case P_GSTRING:
 	case P_UGSTRING:
+		push_utf8_allocate(&utf8_s1, (char *)ptr);
 		printf("<input type=text size=40 name=\"parm_%s\" value=\"%s\">",
-		       make_parm_name(parm->label), (char *)ptr);
+		       make_parm_name(parm->label), utf8_s1);
+		SAFE_FREE(utf8_s1);
 		printf("<input type=button value=\"%s\" onClick=\"swatform.parm_%s.value=\'%s\'\">",
 			_("Set Default"), make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue)));
 		break;