=================================
- Release Notes for Samba 3.2.0pre2
- Feb 29, 2008
+ Release Notes for Samba 3.2.0pre3
+ Apr 25, 2008
=================================
-This is the second preview release of Samba 3.2.0. This is *not*
+This is the third preview release of Samba 3.2.0. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
o Introduction of a registry based configuration system.
o Improved CIFS Unix Extensions support.
o Experimental support for file serving clusters.
- o Support for IPv6 connections.
- o Support for storing alternate data streams in xattrs
-
+ o Support for IPv6 in the server, and client tools and libraries.
+ o Support for storing alternate data streams in xattrs.
+ o Encrypted SMB transport in client tools and libraries, and server.
+ o Support for Vista clients authenticating via Kerberos.
Winbind and Active Directory Integration:
o Full support for Windows 2003 cross-forest, transitive trusts
- and one-way domain trusts
+ and one-way domain trusts.
o Support for userPrincipalName logons via pam_winbind and NSS
lookups.
- o Support in pam_winbind for logging on using the userPrincipalName.
o Expansion of nested domain groups via NSS calls.
o Support for Active Directory LDAP Signing policy.
- o New LGPL Winbind client library (libwbclient.so)
+ o New LGPL Winbind client library (libwbclient.so).
+ o Support for establishing interdomain trust relationships with
+ Windows 2008.
+ Joining:
+ o New NetApi library for domain join related queries (libnetapi.so)
+ and example GTK+ Domain join gui.
+ o New client and server support for remotely joining and unjoining
+ Domains.
+ o Support for joining into Windows 2008 domains.
Users & Groups:
o New ldb backend for local group mapping tables
o Raised level of security defaults for authentication operations.
+ o New NetApi library for user account related queries.
Documentation:
- o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
+ o Inclusion of an HTML version of the 3rd edition of "Using Samba"
from O'Reilly Publishing.
updated.
-
Registry Configuration Backend
==============================
Samba is now able to use a registry based configuration backed to
-supplement smb.conf setting. This feature may be enabled by setting
-"config backend = registry" and "registry shares = yes" in the [global]
-section of smb.conf and may be managed using the "net conf" command.
+supplement smb.conf settings. This feature may be enabled by setting
+"config backend = registry" in the [global] section of smb.conf for a
+registry only configuration, or by specifying "include = registry" to
+include global options from registry for a mixed setup.
+
+The new parameter "registry shares = yes" in the [global] section of
+smb.conf can be used to activate share definitions from registry.
+These shares are loaded on demand by the server. Registry shares are
+automatically activated by the global registry options above.
+
+The configuration stored in registry can be conveniently managed using
+the "net conf" command.
More information may be obtained from the smb.conf(5) and net(8) man
pages.
Both the Python bindings and the libmsrpc shared library have been
removed from the tree due to lack of an official maintainer.
+As smbfs is no longer supported in current kernel versions, smbmount has
+been removed in this Samba version. Please use cifs (mount.cifs) instead.
+See examples/scripts/mount/mount.smbfs as an example for a wrapper which
+calls mount.cifs instead of smbmount/mount.smbfs.
+
+
+Modified API for libsmbclient
+==============================================================================
+
+Maintaining ABI compatibility for libsmbclient has become increasingly
+difficult to accomplish, while also keeping the code organization such that it
+is easily readable. Towards the goal of maintaining ABI compatibility and
+also keeping the code easy to maintain and enhance, the API has been enhanced.
+In particular, the fields in the SMBCCTX context structure are no longer
+intended to be read/write by the user, and are marked as deprecated. An
+application that previously accessed the members of the SMBCCTX context
+structure will now encounter warnings if recompiled. This is intentional, to
+encourage implementation of the small changes required for the new interface.
+The number of changes is expected to be quite small for the vast majority of
+applications, and no changes need be made for many applications. The changes
+required for KDE (konqueror) to conform to the new interface, for example, are
+only four lines in only one file.
+
+Instead of the application manually changing or reading values in the context
+structure, there are now setter and getter functions for each configurable
+member in that structure. Similarly, the smbc_option_get() and
+smbc_option_set() functions are deprecated in favor of the setter/getter
+interface. The setters and getters are all documented in libsmbclient.h
+under these comment blocks:
+
+ Getters and setters for CONFIGURATION
+ Getters and setters for OPTIONS
+ Getters and setters for FUNCTIONS
+ Callable functions for files
+ Callable functions for directories
+ Callable functions applicable to both files and directories
+
+Example changes that may be required to eliminate "deprecated" warnings:
+
+ /* Set the debug level */
+ context->debug = 99;
+changes to:
+ smbc_setDebug(context, 99);
+
+ /* Specify the authentication callback function */
+ context->callbacks.auth_fn = auth_smbc_get_data;
+changes to:
+ smbc_setFunctionAuthData(context, auth_smbc_get_data);
+
+ /* Specify the new-style authentication callback with context parameter */
+ smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
+changes to:
+ smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
+
+ /* Set kerberos flags */
+ context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
+ SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
+changes to:
+ smbc_setOptionUseKerberos(context, 1);
+ smbc_setOptionFallbackAfterKerberos(context, 1);
+
+
######################################################################
Parameter Name Description Default
-------------- ----------- -------
+ administrative share New No
client lanman auth Changed Default No
client ldap sasl wrapping New plain
client plaintext auth Changed Default No
ldap debug level New 0
ldap debug threshold New 10
mangle map Removed
+ min receive file size New 0
open files database hashsize Removed
- read bmpx Removed
+ read bmpx Removed
registry shares New No
winbind expand groups New 1
winbind rpc only New No
+ New special meaning of "include = registry".
+
+
+Changes since 3.2.0pre2:
+-----------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * Fix session setup with security = share.
+ * Fix segfault in testparm.
+ * Fix several Makefile issues.
+ * Fix build of bin/net on Solaris.
+ * Reformat the parm table of loadparm to use named initializers.
+ * Fix %I macro expansion for IPv4 mapped IPv6 addresses.
+ * Convert registry.tdb to use dbwrap and fix memleaks.
+ * Several make test fixes and improvements.
+ * Several libreplace extensions and fixes (portet from v4-0-test).
+ * Rename libnet_conf to libsmbconf and introduce backend abstraction layer.
+ * Add text backend to libsmbconf, based on params.c.
+ * Fix handling of includes in registry libsmbconf backend.
+ * Fix net conf import by reading from text backend.
+ * Add a "net registry" command to locally access the registry.
+ * Add getvalue subcommand to "net rpc registry".
+ * Add testsuites for libsmbconf and "net registry".
+ * Fix Coverity IDs 517, 536, 545.
+ * Remove unneeded REGISTRY_HOOKS layer from reghook cache
+ to allow plugging one backend to multiple keys more easily.
+ * Add smbconf_init dispatcher taking source strings like "backend:path"
+ * Fix handling of dangling parameters (without share) in libsmbconf.
+ * Introduce special meaning of "include = registry" to complement
+ the registry-only configuration of "config backend = registry".
+ * Enhance error propagation by making several registry functions
+ return WERROR.
+ * Fix loading of registry shares in smbd by fixing the token.
+ * Fix a segfault in tdb_wrap_log().
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5311: Fix IPv6 issue with hosts allow/deny settings.
+ * BUG 5372: Fix client timeouts in large CUPS installations.
+ * Fix problem with nmbd not waiting until interfaces come up.
+ * Fix S3 to pass the test_raw_oplock_exclusive3 test.
+ * Fix MSDFS bug breaking MS clients in some cases by ensuring
+ the target host is ourselves.
+ * Rewrite the wrap checks to deal with gcc 4.x optimisations.
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 4235: Prevent ntlm_auth from sending BH responses without a message.
+ * Fix one BH message.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fix libtdb some to move back towards allowing out of tree builds.
+ * Ignore port when pulling IP addr from struct sockaddr_storage..
+
+
+o Guenther Deschner <gd@samba.org>
+ * Fix build of pam_smbpass.
+ * Fix lp_load with an empty registry and "config backend = registry".
+ * Fix build targets for bin/net.
+ * Fix _dssetup_DsRoleGetPrimaryDomainInformation().
+ * Fix the build of cifs.spnego.
+ * Migration of the SRVSVC client and server DCE/RPC code to IDL
+ based structures and autogenerated code
+ * Fix Kerberos session setup with Vista SP1 (ignore PAC type 12)
+ * Fix support for vampire of lockout policies and
+ for storing dialin/terminal server settings.
+ * Fix remote join/unjoin server implementation.
+ * BUG 5328: Fix netlogon credential chain with Windows 2008
+ (this also fixes joining Windows 2008 with rpc methods).
+ * Various fixes for establishing and validating interdomain trust
+ relationships with Windows 2008.
+ * Use IDL for storing domain controller information in dsgetdcname.
+ * Re-arranged internal structure of libnetapi.
+ * Add support for domain\dcname syntax in libnetjoin.
+ * Add support for browsing/joining OUs in netdomjoin-gui.
+ * Add various new calls to libnetapi.
+
+
+o Björn Jacke <bj@sernet.de>
+ * Add AC_TRY_RUN_STRICT support for Sun Studio compiler.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Add support for async SMB requests.
+ * Add transactions to the dbwrap API.
+ * Add "net idmap aclmapset".
+ * Change default bufsize to 512k.
+ * Fix Coverity IDs 473, 481, 506, 507, 525, 526, 527, 528, 529, 530, 537,
+ 538, 547, 548, 551, 552, 553, 554, 555, 557, 558, 559, 563, 564, 567.
+ ... and half a ton more
+ * Fix some warnings in the tsmsm module.
+ * Fix warnings.
+ * BUG 4901: Fix "ldap passwd sync = only".
+ * BUG 5334: Fix download of empty files using smbclient.
+ * BUG 5307: Fix notify changes.
+ * BUG 5317: Fix debug output in domain_client_validate.
+ * BUG 5338: Fix format string issue in rpcclient.
+ * Convert account_pol.tdb and share_info.tdb to dbwrap.
+ * Protect group_mapping.tdb ops with transactions.
+ * BUG 5366: "passwd program" should work on Solaris 10 again now.
+ * A level 25 setuserinfo does change the pwdlastset, fixes XP joins.
+ * BUG 5350: A Samba DC trusting NT4 should do an anon session setup.
+ * BUG 5375: Fix a segfault with "security=share" and [in]valid users.
+ * Fix printing from DOS clients -- introduced by inbuf/outbuf rewrite.
+ * Fix wbinfo -a trusted\\user%password on a Samba DC with trusts.
+ * BUG 5341: Fix async smbclient get command on Solaris.
+ * Make winbind use NetSamLogonEx when possible.
+ * Merge fixes in the 3-0-ctdb cluster code.
+ * Fix a segfault in snprintf replacement code.
+ * Fix a regression for wbinfo --group-info if winbind separator is set
+
+
+o Derrell Lipman <derrell@samba.org>
+ * Check for NULL pointers before dereferencing them.
+ * Fix use of AuthDataWithContext capability.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Add dbwrap_tdb2 backend, useful for cluster setups.
+ * Add more functions to libwbclient:
+ - wbcGetGroups()
+ - wbcInterfaceDetails()
+ - wbcListUsers()
+ - wbcListGroups()
+ - wbcLookupUserSids()
+ - wbcSetUidMapping()
+ - wbcSetGidMapping()
+ - wbcSetUidHwm()
+ - wbcSetGidHwm()
+ - wbcResolveWinsByName()
+ - wbcResolveWinsByIP()
+ - wbcCheckTrustCredentials()
+ * Let wbinfo use libwbclient where possible.
+ * Let net use only libwbclient to access winbindd.
+ * Make socket wrapper pcap support more portable.
+ * Some libreplace backports from v4-0-test.
+ * Store the write time in the locking.tdb,
+ so that smbd passes the BASE-DELAYWRITE test.
+ * Run RAW-SEARCH and BASE-DELAYWRITE by 'make test'.
+ * Let each process use its own connection to ctdb
+ in cluster mode.
+ * Add a reinit_after_fork() helper function to correct
+ reinitialize the same things in all cases.
+ * Fix a chicken and egg problem with "include = registry".
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix usage message for "net idmap dump".
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Suppress superfluous message.
+
+
+o Marc VanHeyningen <marc.vanheyningen@isilon.com>
+ * Coverity fixes.
+
Changes since 3.2.0pre1:
-----------------------
* Move "net conf" functionality into a separate module libnet_conf.c
* Restructure registry code, eliminating the dynamic overlay.
Make use of reg_api instead of backend code in most places.
+ * Add support for intercepting LDAP libraries' debug output and print
+ it in Samba's debugging system.
* Libreplace fixes.
* Build fixes.
* Initial support for using subsystems as shared libraries.
* Remove unused utilities: smbctool and rpctorture.
* Fix service principal detection to match Windows Vista
(based on work from Andreas Schneider).
- * Additional work on the session data privacy for clients
- implementing the Unix CIFS Extensions.
+ * Encrypted SMB transport in client tools and libraries, and server.
o Kai Blin <kai@samba.org>
(including calls from "net dom" command).
* Add libnetapi.so library for joining domains including
sample GTK+ app.
+ * Fixes for Vista SP1 Kerberos authdata handling to only pickup
+ the PAC.
+ * Various error code and error message fixes.
+ * Add initial draft of libnetconf to allow programmatic
+ configuration changes.
+ * Add libnet_join internal library for programmatically joining
+ and unjoining Domains.
+ * Add various fixes and new calls to libnetapi.so library.
+ * Various fixes for DsGetDcName and conversion to IDL based
+ structures.
+ * Fixes for pidl to correctly generate WERROR based client calls.
+ * Fixes for pidl to generate output that complies to coding
+ conventions.
+ * Various IDL fixes.
+ * Add ads_get_joinable_ous() to libads to get list of joinable ous.
+ * Add get_logon_hours_from_pdb() to comply with new IDL based
+ structures.
+ * Add debugging capabilities to dump AD connections to libads
+ (using ndr_print).
+ * Add "dump-domain-list" command for smbcontrol to retrieve better
+ debugging information out of winbindd.
+ * Migration of the entire client and server DCE/RPC code to IDL
+ based structures and autogenerated code for DSSETUP, LSA, SAMR
+ and NETLOGON.
+ * Started migration of client and server DCE/RPC code to IDL based
+ structures and autogenerated code for NTSSVC, SVCCTL and
+ EVENTLOG.
+ * Use IDL and autogenerated code for samlogoncache and Kerberos
+ PAC handling.
+ * Various fixes and cleanup of Kerberos PAC handling.
+ * Fix segfault in _srv_net_file_enum.
+ * Conversion of client join and unjoin code to libnet_join.
+ * Add remote join/unjoin server-side implementation.
+ * Removed a lot of code which has become obsolete.
o Steve Langasek <vorlon@debian.org>
for better adherence to the FHS standard.
-o Volker Lendecke <vl@samba.org>
+o Volker Lendecke <vl@samba.org>
* Add talloc_stackframe() and talloc_pool() features.
* Removal of pstring data type.
* Add generic a in-memory cache.
* Import the Linux red-black tree implementation.
* Remove large amount of global variables.
- * Support for storing xattrs in tdb files
- * Support for storing alternate data streams in xattrs
- * Implement a generic in-memory cache based on rb-trees
- * Add implicit temporary talloc contexts via talloc_stack()
-
+ * Support for storing xattrs in tdb files.
+ * Support for storing alternate data streams in xattrs.
+ * Implement a generic in-memory cache based on rb-trees.
+ * Add implicit temporary talloc contexts via talloc_stack().
+ * Speed up the smbclient "get" command
+ * Add the aio_fork module
+ * Fix bug 4901
+
+o Derrell Lipman <derrell@samba.org>
+ * Modified libsmbclient API for more easily maintaining ABI compatibility
+ while adding new features to libsmbclient.
o Stefan Metzmacher <metze@samba.org>
- * Fixes for libreplace.
+ * Refactor Winbind internal parent-child interface tables
+ to achieve better unit testing support.
+ * Add nss_wrapper API for local Winbind unit tests.
+ * Networking fixes to the libreplace library.
* Pidl fixes.
+ * Remove unused Winbind pipe calls.
* Build fixes.
- * Add nss_wrapper support.
- * Start and test winbindd by 'make test'
- * Split up child_dispatch_table into domain, idmap and locator tables
- in winbindd.
* Fix for a crash bug in pidl generated client code.
This could have happend with [in,out,unique] pointers
when the client sends a valid pointer, but the server
o Andreas Schneider <anschneider@suse.de>
* Don't restart winbind if a corrupted tdb is found during
initialization.
+ * Fix Windows 2008 (Longhorn) join.
+ * Fix crashbug in winbindd.
+ * Add share parameter "administrative share".
o Karolin Seeger <ks@sernet.de>
* Add 'net rap file user'.
* Change LDAP search filter to find machine accounts which
are not located in the user suffix.
+ * Remove smbmount.
o David Shaw <dshaw@jabberwocky.com>
* Additional portability support for building shared libraries.
+o Corinna Vinschen <corinna@vinschen.de>
+ * Get Samba version or capability information from Windows user space.
+
Original 3.2.0pre1 commits:
---------------------------
o Steve French <sfrench@samba.org>
- * Fixes for mount.cfs Linux utility.
+ * Fixes for mount.cifs Linux utility.
o Stefan Metzmacher <metze@samba.org>
git.samba.org / kai / samba-autobuild / .git / blobdiff