=================================
- Release Notes for Samba 3.2.0pre2
- Oct XX, 2007
+ Release Notes for Samba 3.2.0pre3
+ Apr 25, 2008
=================================
-This is the second preview release of Samba 3.2.0. This is *not*
+This is the third preview release of Samba 3.2.0. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
o Introduction of a registry based configuration system.
o Improved CIFS Unix Extensions support.
o Experimental support for file serving clusters.
- o Support for storing alternate data streams in xattrs
-
+ o Support for IPv6 in the server, and client tools and libraries.
+ o Support for storing alternate data streams in xattrs.
+ o Encrypted SMB transport in client tools and libraries, and server.
+ o Support for Vista clients authenticating via Kerberos.
Winbind and Active Directory Integration:
o Full support for Windows 2003 cross-forest, transitive trusts
- and one-way domain trusts
+ and one-way domain trusts.
o Support for userPrincipalName logons via pam_winbind and NSS
lookups.
- o Support in pam_winbind for logging on using the userPrincipalName.
o Expansion of nested domain groups via NSS calls.
o Support for Active Directory LDAP Signing policy.
+ o New LGPL Winbind client library (libwbclient.so).
+ o Support for establishing interdomain trust relationships with
+ Windows 2008.
+ Joining:
+ o New NetApi library for domain join related queries (libnetapi.so)
+ and example GTK+ Domain join gui.
+ o New client and server support for remotely joining and unjoining
+ Domains.
+ o Support for joining into Windows 2008 domains.
Users & Groups:
o New ldb backend for local group mapping tables
o Raised level of security defaults for authentication operations.
+ o New NetApi library for user account related queries.
Documentation:
- o Inclusion of an HTLM version of the 3rd edition of "Using Samba"
+ o Inclusion of an HTML version of the 3rd edition of "Using Samba"
from O'Reilly Publishing.
updated.
-
Registry Configuration Backend
==============================
Both the Python bindings and the libmsrpc shared library have been
removed from the tree due to lack of an official maintainer.
+As smbfs is no longer supported in current kernel versions, smbmount has
+been removed in this Samba version. Please use cifs (mount.cifs) instead.
+See examples/scripts/mount/mount.smbfs as an example for a wrapper which
+calls mount.cifs instead of smbmount/mount.smbfs.
+
+
+Modified API for libsmbclient
+==============================================================================
+
+Maintaining ABI compatibility for libsmbclient has become increasingly
+difficult to accomplish, while also keeping the code organization such that it
+is easily readable. Towards the goal of maintaining ABI compatibility and
+also keeping the code easy to maintain and enhance, the API has been enhanced.
+In particular, the fields in the SMBCCTX context structure are no longer
+intended to be read/write by the user, and are marked as deprecated. An
+application that previously accessed the members of the SMBCCTX context
+structure will now encounter warnings if recompiled. This is intentional, to
+encourage implementation of the small changes required for the new interface.
+The number of changes is expected to be quite small for the vast majority of
+applications, and no changes need be made for many applications. The changes
+required for KDE (konqueror) to conform to the new interface, for example, are
+only four lines in only one file.
+
+Instead of the application manually changing or reading values in the context
+structure, there are now setter and getter functions for each configurable
+member in that structure. Similarly, the smbc_option_get() and
+smbc_option_set() functions are deprecated in favor of the setter/getter
+interface. The setters and getters are all documented in libsmbclient.h
+under these comment blocks:
+
+ Getters and setters for CONFIGURATION
+ Getters and setters for OPTIONS
+ Getters and setters for FUNCTIONS
+ Callable functions for files
+ Callable functions for directories
+ Callable functions applicable to both files and directories
+
+Example changes that may be required to eliminate "deprecated" warnings:
+
+ /* Set the debug level */
+ context->debug = 99;
+changes to:
+ smbc_setDebug(context, 99);
+
+ /* Specify the authentication callback function */
+ context->callbacks.auth_fn = auth_smbc_get_data;
+changes to:
+ smbc_setFunctionAuthData(context, auth_smbc_get_data);
+
+ /* Specify the new-style authentication callback with context parameter */
+ smbc_option_set("auth_function", auth_smbc_get_data_with_ctx);
+changes to:
+ smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx);
+
+ /* Set kerberos flags */
+ context->flags = (SMB_CTX_FLAG_USE_KERBEROS |
+ SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS);
+changes to:
+ smbc_setOptionUseKerberos(context, 1);
+ smbc_setOptionFallbackAfterKerberos(context, 1);
+
+
######################################################################
config backend New file
ctdb socket New ""
debug class New No
+ administrative share New No
lanman auth Changed Default No
ldap debug level New 0
ldap debug threshold New 10
mangle map Removed
+ min receive file size New 0
open files database hashsize Removed
- read bmpx Removed
+ read bmpx Removed
registry shares New No
winbind expand groups New 1
winbind rpc only New No
+Changes since 3.2.0pre2:
+-----------------------
+
+
+o Michael Adam <obnox@samba.org>
+ * Fix session setup with security = share.
+ * Fix segfault in testparm.
+ * Fix several Makefile issues.
+ * Fix build of bin/net on Solaris.
+ * Reformat the parm table of loadparm to use named initializers.
+ * Fix %I macro expansion for IPv4 mapped IPv6 addresses.
+ * Convert registry.tdb to use dbwrap and fix memleaks.
+ * Several make test fixes and improvements.
+ * Rename libnet_conf to libsmbconf and introduce backend abstraction layer.
+ * Add text backend to libsmbconf, based on params.c.
+ * Fix handling of includes in registry libsmbconf backend.
+ * Fix net conf import by reading from text backend.
+ * Add a "net registry" command to locally access the registry.
+ * Add testsuites for libsmbconf and "net registry".
+ * Fix Coverity IDs 517, 536, 545.
+
+
+o Jeremy Allison <jra@samba.org>
+ * BUG 5311: Fix IPv6 issue with hosts allow/deny settings.
+ * BUG 5372: Fix client timeouts in large CUPS installations.
+ * Fix problem with nmbd not waiting until interfaces come up.
+ * Fix S3 to pass the test_raw_oplock_exclusive3 test.
+ * Fix MSDFS bug breaking MS clients in some cases by ensuring
+ the target host is ourselves.
+ * Rewrite the wrap checks to deal with gcc 4.x optimisations.
+
+
+o Kai Blin <kai@samba.org>
+ * BUG 4235: Prevent ntlm_auth from sending BH responses without a message.
+ * Fix one BH message.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fix libtdb some to move back towards allowing out of tree builds.
+ * Ignore port when pulling IP addr from struct sockaddr_storage..
+
+
+o Guenther Deschner <gd@samba.org>
+ * Fix build of pam_smbpass.
+ * Fix lp_load with an empty registry and "config backend = registry".
+ * Fix build targets for bin/net.
+ * Fix _dssetup_DsRoleGetPrimaryDomainInformation().
+ * Fix the build of cifs.spnego.
+ * Migration of the SRVSVC client and server DCE/RPC code to IDL
+ based structures and autogenerated code
+ * Fix Kerberos session setup with Vista SP1 (ignore PAC type 12)
+ * Fix support for vampire of lockout policies and
+ for storing dialin/terminal server settings.
+ * Fix remote join/unjoin server implementation.
+ * BUG 5328: Fix netlogon credential chain with Windows 2008
+ (this also fixes joining Windows 2008 with rpc methods).
+ * Various fixes for establishing and validating interdomain trust
+ relationships with Windows 2008.
+ * Use IDL for storing domain controller information in dsgetdcname.
+ * Re-arranged internal structure of libnetapi.
+ * Add support for domain\dcname syntax in libnetjoin.
+ * Add support for browsing/joining OUs in netdomjoin-gui.
+ * Add various new calls to libnetapi.
+
+
+o Björn Jacke <bj@sernet.de>
+ * Add AC_TRY_RUN_STRICT support for Sun Studio compiler.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Add support for async SMB requests.
+ * Add transactions to the dbwrap API.
+ * Add "net idmap aclmapset".
+ * Change default bufsize to 512k.
+ * Fix Coverity IDs 473, 481, 506, 507, 525, 526, 527, 528, 529, 530, 537,
+ 538, 547, 548, 551, 552, 553, 554, 555, 557, 558, 559, 563, 564, 567.
+ ... and half a ton more
+ * Fix some warnings in the tsmsm module.
+ * Fix warnings.
+ * BUG 4901: Fix "ldap passwd sync = only".
+ * BUG 5334: Fix download of empty files using smbclient.
+ * BUG 5307: Fix notify changes.
+ * BUG 5317: Fix debug output in domain_client_validate.
+ * BUG 5338: Fix format string issue in rpcclient.
+ * Convert account_pol.tdb and share_info.tdb to dbwrap.
+ * Protect group_mapping.tdb ops with transactions.
+ * BUG 5366: "passwd program" should work on Solaris 10 again now.
+ * A level 25 setuserinfo does change the pwdlastset, fixes XP joins.
+ * BUG 5350: A Samba DC trusting NT4 should do an anon session setup.
+ * BUG 5375: Fix a segfault with "security=share" and [in]valid users.
+ * Fix printing from DOS clients -- introduced by inbuf/outbuf rewrite.
+ * Fix wbinfo -a trusted\\user%password on a Samba DC with trusts.
+ * BUG 5341: Fix async smbclient get command on Solaris.
+ * Make winbind use NetSamLogonEx when possible.
+ * Merge fixes in the 3-0-ctdb cluster code.
+ * Fix a segfault in snprintf replacement code.
+
+
+o Derrell Lipman <derrell@samba.org>
+ * Check for NULL pointers before dereferencing them.
+ * Fix use of AuthDataWithContext capability.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Add dbwrap_tdb2 backend, useful for cluster setups.
+ * Add more functions to libwbclient:
+ - wbcGetGroups()
+ - wbcInterfaceDetails()
+ - wbcListUsers()
+ - wbcListGroups()
+ - wbcLookupUserSids()
+ - wbcSetUidMapping()
+ - wbcSetGidMapping()
+ - wbcSetUidHwm()
+ - wbcSetGidHwm()
+ - wbcResolveWinsByName()
+ - wbcResolveWinsByIP()
+ - wbcCheckTrustCredentials()
+ * Let wbinfo use libwbclient where possible.
+ * Let net use only libwbclient to access winbindd.
+ * Make socket wrapper pcap support more portable.
+ * Some libreplace backports from v4-0-test.
+ * Store the write time in the locking.tdb,
+ so that smbd passes the BASE-DELAYWRITE test.
+ * Run RAW-SEARCH and BASE-DELAYWRITE by 'make test'.
+ * Let each process use its own connection to ctdb
+ in cluster mode.
+ * Add a reinit_after_fork() helper function to correct
+ reinitialize the same things in all cases.
+ * Fix a chicken and egg problem with "include = registry".
+
+
+o Karolin Seeger <kseeger@samba.org>
+ * Fix usage message for "net idmap dump".
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Suppress superfluous message.
+
+
+o Marc VanHeyningen <marc.vanheyningen@isilon.com>
+ * Coverity fixes.
+
+
Changes since 3.2.0pre1:
-----------------------
* BUG 5063: Fix build on RHEL5.
* New smb.conf parameter "config backend = registry" to enable registry
only configuration.
+ * Move "net conf" functionality into a separate module libnet_conf.c
+ * Restructure registry code, eliminating the dynamic overlay.
+ Make use of reg_api instead of backend code in most places.
+ * Add support for intercepting LDAP libraries' debug output and print
+ it in Samba's debugging system.
* Libreplace fixes.
* Build fixes.
* Initial support for using subsystems as shared libraries.
* Remove unused utilities: smbctool and rpctorture.
* Fix service principal detection to match Windows Vista
(based on work from Andreas Schneider).
- * Additional work on the session data privacy for clients
- implementing the Unix CIFS Extensions.
+ * Encrypted SMB transport in client tools and libraries, and server.
o Kai Blin <kai@samba.org>
(including calls from "net dom" command).
* Add libnetapi.so library for joining domains including
sample GTK+ app.
+ * Fixes for Vista SP1 Kerberos authdata handling to only pickup
+ the PAC.
+ * Various error code and error message fixes.
+ * Add initial draft of libnetconf to allow programmatic
+ configuration changes.
+ * Add libnet_join internal library for programmatically joining
+ and unjoining Domains.
+ * Add various fixes and new calls to libnetapi.so library.
+ * Various fixes for DsGetDcName and conversion to IDL based
+ structures.
+ * Fixes for pidl to correctly generate WERROR based client calls.
+ * Fixes for pidl to generate output that complies to coding
+ conventions.
+ * Various IDL fixes.
+ * Add ads_get_joinable_ous() to libads to get list of joinable ous.
+ * Add get_logon_hours_from_pdb() to comply with new IDL based
+ structures.
+ * Add debugging capabilities to dump AD connections to libads
+ (using ndr_print).
+ * Add "dump-domain-list" command for smbcontrol to retrieve better
+ debugging information out of winbindd.
+ * Migration of the entire client and server DCE/RPC code to IDL
+ based structures and autogenerated code for DSSETUP, LSA, SAMR
+ and NETLOGON.
+ * Started migration of client and server DCE/RPC code to IDL based
+ structures and autogenerated code for NTSSVC, SVCCTL and
+ EVENTLOG.
+ * Use IDL and autogenerated code for samlogoncache and Kerberos
+ PAC handling.
+ * Various fixes and cleanup of Kerberos PAC handling.
+ * Fix segfault in _srv_net_file_enum.
+ * Conversion of client join and unjoin code to libnet_join.
+ * Add remote join/unjoin server-side implementation.
+ * Removed a lot of code which has become obsolete.
o Steve Langasek <vorlon@debian.org>
for better adherence to the FHS standard.
-o Volker Lendecke <vl@samba.org>
+o Volker Lendecke <vl@samba.org>
* Add talloc_stackframe() and talloc_pool() features.
* Removal of pstring data type.
* Add generic a in-memory cache.
* Import the Linux red-black tree implementation.
* Remove large amount of global variables.
- * Support for storing xattrs in tdb files
- * Support for storing alternate data streams in xattrs
- * Implement a generic in-memory cache based on rb-trees
- * Add implicit temporary talloc contexts via talloc_stack()
-
+ * Support for storing xattrs in tdb files.
+ * Support for storing alternate data streams in xattrs.
+ * Implement a generic in-memory cache based on rb-trees.
+ * Add implicit temporary talloc contexts via talloc_stack().
+ * Speed up the smbclient "get" command
+ * Add the aio_fork module
+ * Fix bug 4901
+
+o Derrell Lipman <derrell@samba.org>
+ * Modified libsmbclient API for more easily maintaining ABI compatibility
+ while adding new features to libsmbclient.
o Stefan Metzmacher <metze@samba.org>
- * Fixes for libreplace.
+ * Refactor Winbind internal parent-child interface tables
+ to achieve better unit testing support.
+ * Add nss_wrapper API for local Winbind unit tests.
+ * Networking fixes to the libreplace library.
* Pidl fixes.
+ * Remove unused Winbind pipe calls.
* Build fixes.
- * Add nss_wrapper support.
- * Start and test winbindd by 'make test'
- * Split up child_dispatch_table into domain, idmap and locator tables
- in winbindd.
* Fix for a crash bug in pidl generated client code.
This could have happend with [in,out,unique] pointers
when the client sends a valid pointer, but the server
o Andreas Schneider <anschneider@suse.de>
* Don't restart winbind if a corrupted tdb is found during
initialization.
+ * Fix Windows 2008 (Longhorn) join.
+ * Fix crashbug in winbindd.
+ * Add share parameter "administrative share".
o Karolin Seeger <ks@sernet.de>
* Add 'net rap file user'.
* Change LDAP search filter to find machine accounts which
are not located in the user suffix.
+ * Remove smbmount.
o David Shaw <dshaw@jabberwocky.com>
* Additional portability support for building shared libraries.
+o Corinna Vinschen <corinna@vinschen.de>
+ * Get Samba version or capability information from Windows user space.
+
Original 3.2.0pre1 commits:
---------------------------
o Steve French <sfrench@samba.org>
- * Fixes for mount.cfs Linux utility.
+ * Fixes for mount.cifs Linux utility.
o Stefan Metzmacher <metze@samba.org>