r14823: committing changes for 3.0.22samba-3.0.22

3 files changed, 42 insertions, 11 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index ff6f03a7cb8..fdcfc6045d0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,13 +1,47 @@
+                   ==============================
+                   Release Notes for Samba 3.0.22
+                            Mar 30, 2006
+                   ==============================
+
+This is a security release of Samba. The Samba 3.0.21 release 
+series (including the patch releases a through c) has been 
+discovered to expose the clear text of the server's machine 
+account credentials in the winbind log files when the log 
+level is set to 5 or higher.  This defect has been assigned 
+the CVE number CAN-2006-1059.
+
+Summary
+=======
+
+The machine trust account password is the secret shared
+between a domain controller and a specific member server.
+Access to the member server machine credentials allows
+an attacker to impersonate the server in the domain and 
+gain access to additional information regarding domain 
+users and groups.
+
+The winbindd daemon included in Samba 3.0.21 and subsequent
+patch releases (3.0.21a-c) writes the clear text of server's
+machine credentials to its log file at level 5.  The winbindd
+log files are world readable by default and often log files
+are requested on open mailing lists as tools used to debug
+server misconfigurations.
+
+This affects servers configured to use domain or ads security
+and possibly Samba domain controllers as well (if configured
+to use winbindd).
+
+=======
+
+Release Notes for older release follow:
+
+      --------------------------------------------------
+
                    ===============================
                    Release Notes for Samba 3.0.21c
                               Feb 24, 2006
                    ===============================
 
-This is the latest stable release of Samba. This is the version
-that production Samba servers should be running for all current
-bug-fixes.  Please read the following important changes in this
-release.
-
 Common bugs fixed in 3.0.21c include:
 
   o Access checks when deleting printer driver meta-data.
@@ -122,9 +156,6 @@ o   Qiao Yang <qyang@stbernard.com>
       connection code in winbindd.
 
 
-
-Release Notes for older release follow:
-
       --------------------------------------------------
                    ===============================
                    Release Notes for Samba 3.0.21b
diff --git a/source/VERSION b/source/VERSION
index 3f800b0dc94..2bc9da4fc29 100644
--- a/source/VERSION
+++ b/source/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=0
-SAMBA_VERSION_RELEASE=21
+SAMBA_VERSION_RELEASE=22
 
 ########################################################
 # If a official release has a serious bug              #
@@ -37,7 +37,7 @@ SAMBA_VERSION_RELEASE=21
 # e.g. SAMBA_VERSION_REVISION=a                        #
 #  ->  "2.2.8a"                                        #
 ########################################################
-SAMBA_VERSION_REVISION=c
+SAMBA_VERSION_REVISION=
 
 ########################################################
 # For 'pre' releases the version will be               #
diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c
index 2ac984176c6..acca6fcb938 100644
--- a/source/nsswitch/winbindd_cm.c
+++ b/source/nsswitch/winbindd_cm.c
@@ -294,7 +294,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 
 		DEBUG(5, ("connecting to %s from %s with username "
 			  "[%s]\\[%s]\n",  controller, global_myname(),
-			  machine_account, machine_password));
+			  lp_workgroup(), machine_account));
 
 		ads_status = cli_session_setup_spnego(*cli,
 						      machine_account,