From 5f67f6636b885d247b2a6ae029e1ff715268bfe5 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Thu, 26 Jun 2008 14:47:27 +0200 Subject: WHATSNEW: Preparations for 3.2.0. Karolin (cherry picked from commit 7e3e68bbeaa8b644c6a84848bcb28507765b2b3d) --- WHATSNEW.txt | 649 ++--------------------------------------------------------- 1 file changed, 14 insertions(+), 635 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e94f5baae5e..c498f88c8c2 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,12 +1,9 @@ - ================================= - Release Notes for Samba 3.2.0rc3 - July 1, 2008 - ================================= + ============================== + Release Notes for Samba 3.2.0 + July 1, 2008 + ============================== -This is the third release candidate of Samba 3.2.0. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. +This is the first stable release of Samba 3.2.0. Please be aware that Samba is now distributed under the version 3 of the new GNU General Public License. You may refer to the COPYING @@ -217,10 +214,13 @@ o Jeremy Allison * BUG 5531: Fix conversion of ns units when converting from nttime to timespec. * BUG 5533: Fix handling of workgroup names containing a '.' in Winbindd. + * BUG 5551: Fix group enumeration with 'wbinfo -g' on PDCs. + * BUG 5555: Fix setting of the password last set field during domain joins. o Michael Adam * BUG 5548: Fix segfaults in handle_include with %m macro expansion. + * Add several tests to the testsuite. o Volker Lendecke @@ -232,7 +232,7 @@ o Volker Lendecke * Fix warnings on Fedory Core 9. * Fix several memleaks. * Fix a segfaults in wbcLookupRids. - * Fix a segfault in clitar + * Fix a segfault in clitar. * Fix the build on FreeBSD 4.6.2 and Darwin. * Fix a double-closedir() in form_junctions(). * Fix a crash in _dfs_Enum. @@ -247,6 +247,11 @@ o William Jojo * Add -brtl to the AIX linker flags. +o Andreas Schneider + * Add documentation for kerberos support in libsmbclient. + * Add krb5 support for the testbrowse example. + + o John H Terpstra * Fix net help info. * Add documentation for TDB file. @@ -260,632 +265,6 @@ o Christoph Zauner * Fix several typos in the man pages and the Samba3 HowTo Collection. -Changes since 3.2.0rc1: ------------------------ - - -o Jeremy Allison - * BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. - * BUG 5489: Split the winbindd_passdb backend into a 'builtin' and a 'sam'. - * Security fix for CVE-2008-1105. - * Fix valgrind bug in debug statement. - * Make sure we take account of the large read/write SMB headers as - well as the buffer space when allocating cli buffers for large - read/write. - * Fix tag as a goto target we were not reinitializing the array counts. - - -o Steven Danneman - * BUG 5451: Fix for using the correct machine domain when looking up trust - credentials in our tdb. - * Fix spnego SPN when contacting trusted domains. - - -o Günther Deschner - * BUG 5285: Fix libcap header mismatch. - * Fix pam_sm_chauthtok for storing modified cached creds. - * Fix joining issue in setups with "config backend = registry". - - -o Björn Jacke - * BUG 4544: Add new parameter 'ldap connection timeout' to prevent - waiting for TCP connection timeouts if no LDAP server is available. - - -o Volker Lendecke - * BUG 5502: Fix security=server. - * Fix coverity IDs 552, 553, 570, 571, 572. - * Fix the compile on NetBSD. - * Shrink ldbtools. - - -o Jim McDonough - * Fix reset of password last set time just because the expired flag - is set to 0. - - -o Stefan Metzmacher - * Remove support for symbol versioning in shared libraries. - For more information, please have a look at the disussion on - samba-technical starting with - http://lists.samba.org/archive/samba-technical/2008-June/059511.html. - * Fix autogen for autoconf 2.62. - - -o Marc VanHeyningen - * Fix memory leak. - - -o Andreas Schneider - * BUG 5515: Fix empty input fields in SWAT. - * BUG 5516: Fix saving of the config file in SWAT. - - -o Bo Yang - * Fix winbindd trusted domain child not keeping primary domain - online status up to date. - - -o Chere Zhou - * Fix memory leaks. - - -Changes since 3.2.0pre3: ------------------------ - - -o Michael Adam - * Move the posix pending close functionality down into the VFS layer. - * Fix activation of registry globals in loadparm. - - -o Jeremy Allison - * BUG 5452: Fix smbclient put. - * BUG 5095: Fix Manage Documents privilege. - * BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. - * BUG 5456: Fix missing echo if we ^C at the prompt. - * BUG 5460: Fix DFS referrals. - * BUG 5464: Fix timeout in winbindd. - * Fix returning a directory value for a QPATHINFO on a msdfs link - with a non-dfs path. - - -o Alexander Bokovoy - * Use more error-prone form of testing dm_destroy_session() return code. - - -o Günther Deschner - * BUG 5453: Fix winbindd and smbd crash when dsgetdcname is used. - * BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. - * BUG 5461: Fix issue with Citrix on Samba DCs with more than 900 groups. - * Fix wins null pointer crash in nss_wins module. - * Fix lm session key length in _netr_LogonSamLogon. - * Add -f switch for DsGetDCName() example and be more verbose on output. - - -o Gerald (Jerry) Carter - * Prevent Winbind cycle in children list when reaping dead child processes. - * BUG 5107: Fix handling of large DNS replies on AIX and Solaris. - * BUG 5429: Clarify log msgs re: failure to create - BUILTIN\{Administrators,Users} - * Fix the DNS Update option of "net ads join". - - -o Eric Cronin - * BUG 5184: Add Missing HAVE_UPDWTMPX check before using updwtmpx(). - - -o Steven Danneman - * Bug 5419: Fix memory leak in ads_do_search_all_args() when enumerating - 1000s of entries - - -o Holger Hetterich - * Recognize and allow longer UA keys in winbindd_cache. - - -o Björn Jacke - * Fix compile warnings. - * Increase log level for failed setsockopt call. - - -o Volker Lendecke - * BUG 5420: Fix build on IRIX. - * BUG 5398: Fix compiler warning. - * BUG 5399: Fix compiler warning. - * BUG 5400: Fix compiler warning. - * BUG 5436: Fix signing problem in the client with transs requests. - * Fix a valgrind bug in the new [ug]id2sid cache. - * Fix Coverity IDs 565 and 222. - * Fix dfs_Enum: In form_junctions, correctly check for malloc failure. - - -o Stefan Metzmacher - * BUG 5443: Fix build on HP-UX. - * Add support for symbol versioning in shared libraries (can be - disabled with --disable-sysmbol-versioning). - * Add new function wbcLibraryDetails() to libwbclient. - - -o Tim Prouty - * Cleanup size_t return values in convert_string_allocate. - - -o Mike Sweet - * Fix Kerberos support for CUPS 1.3 in smbspool. - - -o Martin Zielinski - * Fix printing with Vista. - * Fix deletion of files when they're in use by other drivers. - - -Changes since 3.2.0pre2: ------------------------ - - -o Michael Adam - * Fix session setup with security = share. - * Fix segfault in testparm. - * Fix several Makefile issues. - * Fix build of bin/net on Solaris. - * Reformat the parm table of loadparm to use named initializers. - * Fix %I macro expansion for IPv4 mapped IPv6 addresses. - * Convert registry.tdb to use dbwrap and fix memleaks. - * Several make test fixes and improvements. - * Several libreplace extensions and fixes (portet from v4-0-test). - * Rename libnet_conf to libsmbconf and introduce backend abstraction layer. - * Add text backend to libsmbconf, based on params.c. - * Fix handling of includes in registry libsmbconf backend. - * Fix net conf import by reading from text backend. - * Add a "net registry" command to locally access the registry. - * Add getvalue subcommand to "net rpc registry". - * Add testsuites for libsmbconf and "net registry". - * Fix Coverity IDs 517, 536, 545. - * Remove unneeded REGISTRY_HOOKS layer from reghook cache - to allow plugging one backend to multiple keys more easily. - * Add smbconf_init dispatcher taking source strings like "backend:path" - * Fix handling of dangling parameters (without share) in libsmbconf. - * Introduce special meaning of "include = registry" to complement - the registry-only configuration of "config backend = registry". - * Enhance error propagation by making several registry functions - return WERROR. - * Fix loading of registry shares in smbd by fixing the token. - * Fix a segfault in tdb_wrap_log(). - - -o Jeremy Allison - * BUG 5311: Fix IPv6 issue with hosts allow/deny settings. - * BUG 5372: Fix client timeouts in large CUPS installations. - * Fix problem with nmbd not waiting until interfaces come up. - * Fix S3 to pass the test_raw_oplock_exclusive3 test. - * Fix MSDFS bug breaking MS clients in some cases by ensuring - the target host is ourselves. - * Rewrite the wrap checks to deal with gcc 4.x optimisations. - - -o Kai Blin - * BUG 4235: Prevent ntlm_auth from sending BH responses without a message. - * Fix one BH message. - - -o Gerald (Jerry) Carter - * Fix libtdb some to move back towards allowing out of tree builds. - * Ignore port when pulling IP addr from struct sockaddr_storage.. - - -o Guenther Deschner - * Fix build of pam_smbpass. - * Fix lp_load with an empty registry and "config backend = registry". - * Fix build targets for bin/net. - * Fix _dssetup_DsRoleGetPrimaryDomainInformation(). - * Fix the build of cifs.spnego. - * Migration of the SRVSVC client and server DCE/RPC code to IDL - based structures and autogenerated code - * Fix Kerberos session setup with Vista SP1 (ignore PAC type 12) - * Fix support for vampire of lockout policies and - for storing dialin/terminal server settings. - * Fix remote join/unjoin server implementation. - * BUG 5328: Fix netlogon credential chain with Windows 2008 - (this also fixes joining Windows 2008 with rpc methods). - * Various fixes for establishing and validating interdomain trust - relationships with Windows 2008. - * Use IDL for storing domain controller information in dsgetdcname. - * Re-arranged internal structure of libnetapi. - * Add support for domain\dcname syntax in libnetjoin. - * Add support for browsing/joining OUs in netdomjoin-gui. - * Add various new calls to libnetapi. - - -o Björn Jacke - * Add AC_TRY_RUN_STRICT support for Sun Studio compiler. - - -o Volker Lendecke - * Add support for async SMB requests. - * Add transactions to the dbwrap API. - * Add "net idmap aclmapset". - * Change default bufsize to 512k. - * Fix Coverity IDs 473, 481, 506, 507, 525, 526, 527, 528, 529, 530, 537, - 538, 547, 548, 551, 552, 553, 554, 555, 557, 558, 559, 563, 564, 567. - ... and half a ton more - * Fix some warnings in the tsmsm module. - * Fix warnings. - * BUG 4901: Fix "ldap passwd sync = only". - * BUG 5334: Fix download of empty files using smbclient. - * BUG 5307: Fix notify changes. - * BUG 5317: Fix debug output in domain_client_validate. - * BUG 5338: Fix format string issue in rpcclient. - * Convert account_pol.tdb and share_info.tdb to dbwrap. - * Protect group_mapping.tdb ops with transactions. - * BUG 5366: "passwd program" should work on Solaris 10 again now. - * A level 25 setuserinfo does change the pwdlastset, fixes XP joins. - * BUG 5350: A Samba DC trusting NT4 should do an anon session setup. - * BUG 5375: Fix a segfault with "security=share" and [in]valid users. - * Fix printing from DOS clients -- introduced by inbuf/outbuf rewrite. - * Fix wbinfo -a trusted\\user%password on a Samba DC with trusts. - * BUG 5341: Fix async smbclient get command on Solaris. - * Make winbind use NetSamLogonEx when possible. - * Merge fixes in the 3-0-ctdb cluster code. - * Fix a segfault in snprintf replacement code. - * Fix a regression for wbinfo --group-info if winbind separator is set - - -o Derrell Lipman - * Check for NULL pointers before dereferencing them. - * Fix use of AuthDataWithContext capability. - - -o Stefan Metzmacher - * Add dbwrap_tdb2 backend, useful for cluster setups. - * Add more functions to libwbclient: - - wbcGetGroups() - - wbcInterfaceDetails() - - wbcListUsers() - - wbcListGroups() - - wbcLookupUserSids() - - wbcSetUidMapping() - - wbcSetGidMapping() - - wbcSetUidHwm() - - wbcSetGidHwm() - - wbcResolveWinsByName() - - wbcResolveWinsByIP() - - wbcCheckTrustCredentials() - * Let wbinfo use libwbclient where possible. - * Let net use only libwbclient to access winbindd. - * Make socket wrapper pcap support more portable. - * Some libreplace backports from v4-0-test. - * Store the write time in the locking.tdb, - so that smbd passes the BASE-DELAYWRITE test. - * Run RAW-SEARCH and BASE-DELAYWRITE by 'make test'. - * Let each process use its own connection to ctdb - in cluster mode. - * Add a reinit_after_fork() helper function to correct - reinitialize the same things in all cases. - * Fix a chicken and egg problem with "include = registry". - - -o Karolin Seeger - * Fix usage message for "net idmap dump". - - -o Andrew Tridgell - * Suppress superfluous message. - - -o Marc VanHeyningen - * Coverity fixes. - - -Changes since 3.2.0pre1: ------------------------ - -o Michael Adam - * Add library for access to the registry configuration data. - * BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. - * BUG 4308: Fix Excel save operation ACL bug. - * Refactor and consolidate logic for retrieving the machine - trust password information. - * VFS API cleanup (remove redundant parameter). - * BUG 4801: Correctly implement LSA lookup levels for LookupNames. - * Add new option "debug class" to control printing of the debug class. - in debug headers. - * Enable building of the zfsacl and notify_fam vfs modules. - * BUG 5083: Fix memleak in solarisacl module. - * BUG 5063: Fix build on RHEL5. - * New smb.conf parameter "config backend = registry" to enable registry - only configuration. - * Move "net conf" functionality into a separate module libnet_conf.c - * Restructure registry code, eliminating the dynamic overlay. - Make use of reg_api instead of backend code in most places. - * Add support for intercepting LDAP libraries' debug output and print - it in Samba's debugging system. - * Libreplace fixes. - * Build fixes. - * Initial support for using subsystems as shared libraries. - Use talloc, tdb, and libnetapi as shared libraries internally. - - -o Jeremy Allison - * Added support for IPv6 client and server connections. - * Add in the recvfile entry to the VFS layer. - * Removal of pstring data type. - * Remove unused utilities: smbctool and rpctorture. - * Fix service principal detection to match Windows Vista - (based on work from Andreas Schneider). - * Encrypted SMB transport in client tools and libraries, and server. - - -o Kai Blin - * Added support for an SMB_CONF_PATH environment variable - containing the path to smb.conf. - * Various fixes to ntlm_auth. - * make test now supports more extensive SPOOLSS testing using vlp. - * Correctly handle mixed-case hostnames in NTLMv2 authentication. - - -o Gerald (Jerry) Carter - * Add Winbind client library. - * Decouple static linking between smbd and winbindd's client - interface. - - -o Guenther Deschner - * Enhance client and server remote registry access. - * Add client calls for remotely joining a computer to a domain - (including calls from "net dom" command). - * Add libnetapi.so library for joining domains including - sample GTK+ app. - * Fixes for Vista SP1 Kerberos authdata handling to only pickup - the PAC. - * Various error code and error message fixes. - * Add initial draft of libnetconf to allow programmatic - configuration changes. - * Add libnet_join internal library for programmatically joining - and unjoining Domains. - * Add various fixes and new calls to libnetapi.so library. - * Various fixes for DsGetDcName and conversion to IDL based - structures. - * Fixes for pidl to correctly generate WERROR based client calls. - * Fixes for pidl to generate output that complies to coding - conventions. - * Various IDL fixes. - * Add ads_get_joinable_ous() to libads to get list of joinable ous. - * Add get_logon_hours_from_pdb() to comply with new IDL based - structures. - * Add debugging capabilities to dump AD connections to libads - (using ndr_print). - * Add "dump-domain-list" command for smbcontrol to retrieve better - debugging information out of winbindd. - * Migration of the entire client and server DCE/RPC code to IDL - based structures and autogenerated code for DSSETUP, LSA, SAMR - and NETLOGON. - * Started migration of client and server DCE/RPC code to IDL based - structures and autogenerated code for NTSSVC, SVCCTL and - EVENTLOG. - * Use IDL and autogenerated code for samlogoncache and Kerberos - PAC handling. - * Various fixes and cleanup of Kerberos PAC handling. - * Fix segfault in _srv_net_file_enum. - * Conversion of client join and unjoin code to libnet_join. - * Add remote join/unjoin server-side implementation. - * Removed a lot of code which has become obsolete. - - -o Steve Langasek - * Integrate 2 out of 3 --with-fhs patches from Debian packaging - for better adherence to the FHS standard. - - -o Volker Lendecke - * Add talloc_stackframe() and talloc_pool() features. - * Removal of pstring data type. - * Add generic a in-memory cache. - * Import the Linux red-black tree implementation. - * Remove large amount of global variables. - * Support for storing xattrs in tdb files. - * Support for storing alternate data streams in xattrs. - * Implement a generic in-memory cache based on rb-trees. - * Add implicit temporary talloc contexts via talloc_stack(). - * Speed up the smbclient "get" command - * Add the aio_fork module - * Fix bug 4901 - -o Derrell Lipman - * Modified libsmbclient API for more easily maintaining ABI compatibility - while adding new features to libsmbclient. - -o Stefan Metzmacher - * Refactor Winbind internal parent-child interface tables - to achieve better unit testing support. - * Add nss_wrapper API for local Winbind unit tests. - * Networking fixes to the libreplace library. - * Pidl fixes. - * Remove unused Winbind pipe calls. - * Build fixes. - * Fix for a crash bug in pidl generated client code. - This could have happend with [in,out,unique] pointers - when the client sends a valid pointer, but the server - responds with a NULL pointer (as samba-3.0.26a does for some calls). - * Change NTSTATUS into enum ndr_err_code in librpc/ndr. - * Remove unused calls in the struct based winbindd protocol. - * Add --configfile option to wbinfo. - * Convert winbind_env_set(), winbind_on() and winbind_off() into macros. - * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode. - * Implement wbcErrorString() and wbcAuthenticateUserEx(). - * Convert auth_winbind to use wbcAuthenticateUserEx(). - - -o James Peach - * Add support for DNS Service Discovery. Based on work from - Rishi Srivatsavai . - - -o Andreas Schneider - * Don't restart winbind if a corrupted tdb is found during - initialization. - * Fix Windows 2008 (Longhorn) join. - * Fix crashbug in winbindd. - * Add share parameter "administrative share". - - -o Karolin Seeger - * Improve error messages of net subcommands. - * Add 'net rap file user'. - * Change LDAP search filter to find machine accounts which - are not located in the user suffix. - * Remove smbmount. - - -o David Shaw - * BUG 5073: Allow "delete readonly = yes" to correctly override - deletion of a file. - - -o Rishi Srivatsavai - * Register the smb service with mDNS if mDNS is supported. - * Add smbclient support for basic mDNS browsing. - - -o Andrew Tridgell - * Fix padding between Winbind 32bit/64bit client library in - the request/response structures. - * Added a syncops VFS module for file systems which do not - guarantee meta-data operations are immediately committed to - disk in stable form. - - -o Jelmer Vernooij - * Additional portability support for building shared libraries. - - -o Corinna Vinschen - * Get Samba version or capability information from Windows user space. - - -Original 3.2.0pre1 commits: ---------------------------- -o Michael Adam - * Unified POSIX ACL detection including support for FreeBSD and - HP-UX. - * Performance improvements for Winbind's lookup functions (names, - SIDs, and group membership) when joined to an AD domain. - * Winbind cache validation support. - * Store domain trust passwords for Samba domain controller's in - the domain's passdb backend. - * Merged \winreg server code from the SAMBA_3_2 development branch. - * Fixes for libreplace. - * Implement new registry configuration backend. - - -o Jeremy Allison - * Add support for file system objectIDs. - * Winbind cache validation support. - * Add in the UNIX capability for 24-bit readX. - * Improve Delete-on-Close semantics. - * Removal of static file and path name buffers in SMB file serving - code. - - -o Danilo Almeida - * Move the machine account to the OU specified when running "net - ads join". - - -o Andrew Bartlett - * Tighten authentication protocol defaults in client tools and - servers. - - -o Gerald (Jerry) Carter - * Implement support for one-way trusts and two-way cross-forest - transitive trust in winbindd. - * Fixes for Winbind's offline/disconnected logon support when - using remote idmap backends. - * Fix LookupNames and LookupSids to use the same resolution - heuristics as Windows XP. - * Fix lockups in Winbind when running nscd. - * UPN logon support in pam_winbind. - * Add support for GNU linker scripts when build shared libraries - (based on work by Julien Cristau and James - Peach). - - -o Guenther Deschner - * Additional support for decoding and downloading group policy - objects from Active Directory. - * Improvements to "net ads keytab" command. - * Fixes for linking against Heimdal Kerberos client libs. - * Support LDAP range retrieval searches. - * Fixes for failure to refresh user ticket caches in Winbind. - * UPN logon support in pam_winbind. - * Add KDC locator plugin for MIT kerberos 1.6 or later. - - -o Steve Langasek - * Allow SIGTERM to cause nmbd to exit while awaiting a interface - to come up. - - -o Volker Lendecke - * Merge experimental cluster support patches from the ctdb branch. - * Add tdb storage abstraction for ctdb. - * Use IDL for internal message passing system. - * Add client support for the SamLogonEx() authentication request. - * Implement RPC proxy stubs in the Samba server code to allow - replacing implementation functions one by one. - * Remove static incoming and outgoing buffers from core server SMB - packet processing code. - * Add "net sam rights" command. - - -o Steve French - * Fixes for mount.cifs Linux utility. - - -o Stefan Metzmacher - * Fixes for libreplace. - * Add support for LDAP digital signing policy. - * Experimental clustered file system support. - - -o Lars Mueller - * Makefile and build fixes. - * Add pam_pwd_expire for pam_winbind (original patch from Andreas - Schneider). - - -o James Peach - * Fixes for setgroups() and *BSD and Darwin. - * Support membership of >16 groups on Darwin. - - -o Jiri Sasek - * Added vfs_zfsacl module. - - -o Karolin Seeger - * Add deletelocalgroup and unmapunixgroup subcommand to "net sam". - * Cleanup internal passdb functions. - - -o Simo Sorce - * Fixes for IDmap and Passdb backends. - - -o Andrew Tridgell - * Port ldb from the Samba 4 tree and add ldb group mapping plugin. - * Move several file serving related tdb files to use the dbwrap - API internally. - * Cleanup the GPFS VFS plugin. - * Experimental clustered file system support. - - -o Jelmer Vernooij - * Implement NDR basic to support utilizing IDL files from Samba 4 - tree for general DCE/RPC parsing stubs. - - ###################################################################### Reporting bugs & Development Discussion -- cgit v1.2.1