From: Karolin Seeger Date: Wed, 6 Aug 2008 12:26:41 +0000 (+0200) Subject: WHATSNEW: Start WHATSNEW for 3.3.0pre1. X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=commitdiff_plain;h=8c8d7ff82300e729cb513810d9ec5231720765d4;hp=e9a501a501e111208cc39f3a9f8c345b8c55ad97 WHATSNEW: Start WHATSNEW for 3.3.0pre1. Karolin (This used to be commit 28ae738eee37face7dc5e938a036f0c2d3d2a9d6) --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3b56d6ccc83..afc138c9638 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,677 +1,16 @@ ================================= - Release Notes for Samba 3.2.0pre3 - Apr 25, 2008 + Release Notes for Samba 3.3.0pre1 + August 19, 2008 ================================= -This is the third preview release of Samba 3.2.0. This is *not* +This is the first preview release of Samba 3.3.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -Please be aware that Samba is now distributed under the version 3 -of the new GNU General Public License. You may refer to the COPYING -file that accompanies these release notes for further licensing details. - Major enhancements in Samba 3.2.0 include: - File Serving: - o Use of IDL generated parsing layer for several DCE/RPC - interfaces. - o Removal of the 1024 byte limit on pathnames and 256 byte limit on - filename components to honor the MAX_PATH setting from the host OS. - o Introduction of a registry based configuration system. - o Improved CIFS Unix Extensions support. - o Experimental support for file serving clusters. - o Support for IPv6 in the server, and client tools and libraries. - o Support for storing alternate data streams in xattrs. - o Encrypted SMB transport in client tools and libraries, and server. - o Support for Vista clients authenticating via Kerberos. - - Winbind and Active Directory Integration: - o Full support for Windows 2003 cross-forest, transitive trusts - and one-way domain trusts. - o Support for userPrincipalName logons via pam_winbind and NSS - lookups. - o Expansion of nested domain groups via NSS calls. - o Support for Active Directory LDAP Signing policy. - o New LGPL Winbind client library (libwbclient.so). - o Support for establishing interdomain trust relationships with - Windows 2008. - - Joining: - o New NetApi library for domain join related queries (libnetapi.so) - and example GTK+ Domain join gui. - o New client and server support for remotely joining and unjoining - Domains. - o Support for joining into Windows 2008 domains. - - Users & Groups: - o New ldb backend for local group mapping tables - o Raised level of security defaults for authentication operations. - o New NetApi library for user account related queries. - - - Documentation: - o Inclusion of an HTML version of the 3rd edition of "Using Samba" - from O'Reilly Publishing. - - -Now Licensed under the GNU GPLv3 -================================ - -The Samba Team has adopted the Version 3 of the GNU General Public -License for the 3.2 and later releases. The GPLv3 is the updated -version of the GPLv2 license under which Samba is currently -distributed. It has been updated to improve compatibility with other -licenses and to make it easier to adopt internationally, and is an -improved version of the license to better suit the needs of Free -Software in the 21st Century. - -The original announcement is available on-line at - - http://news.samba.org/announcements/samba_gplv3/ - - -New Security Defaults for Authentication -======================================== - -Support for LanMan passwords is now disabled in both client and server -applications. Additionally, clear text authentication requests are -disabled by default in client utilities such as smbclient and all -libsmbclient based applications. This will affect connection both -to and from hosts running DOS, Windows 9x/ME, and OS/2. Please refer -to the "Changes" section for details on the exact parameters that were -updated. - - -Registry Configuration Backend -============================== - -Samba is now able to use a registry based configuration backed to -supplement smb.conf settings. This feature may be enabled by setting -"config backend = registry" in the [global] section of smb.conf for a -registry only configuration, or by specifying "include = registry" to -include global options from registry for a mixed setup. - -The new parameter "registry shares = yes" in the [global] section of -smb.conf can be used to activate share definitions from registry. -These shares are loaded on demand by the server. Registry shares are -automatically activated by the global registry options above. - -The configuration stored in registry can be conveniently managed using -the "net conf" command. - -More information may be obtained from the smb.conf(5) and net(8) man -pages. - - -Removed Features -================ - -Both the Python bindings and the libmsrpc shared library have been -removed from the tree due to lack of an official maintainer. - -As smbfs is no longer supported in current kernel versions, smbmount has -been removed in this Samba version. Please use cifs (mount.cifs) instead. -See examples/scripts/mount/mount.smbfs as an example for a wrapper which -calls mount.cifs instead of smbmount/mount.smbfs. - - -Modified API for libsmbclient -============================================================================== - -Maintaining ABI compatibility for libsmbclient has become increasingly -difficult to accomplish, while also keeping the code organization such that it -is easily readable. Towards the goal of maintaining ABI compatibility and -also keeping the code easy to maintain and enhance, the API has been enhanced. -In particular, the fields in the SMBCCTX context structure are no longer -intended to be read/write by the user, and are marked as deprecated. An -application that previously accessed the members of the SMBCCTX context -structure will now encounter warnings if recompiled. This is intentional, to -encourage implementation of the small changes required for the new interface. -The number of changes is expected to be quite small for the vast majority of -applications, and no changes need be made for many applications. The changes -required for KDE (konqueror) to conform to the new interface, for example, are -only four lines in only one file. - -Instead of the application manually changing or reading values in the context -structure, there are now setter and getter functions for each configurable -member in that structure. Similarly, the smbc_option_get() and -smbc_option_set() functions are deprecated in favor of the setter/getter -interface. The setters and getters are all documented in libsmbclient.h -under these comment blocks: - - Getters and setters for CONFIGURATION - Getters and setters for OPTIONS - Getters and setters for FUNCTIONS - Callable functions for files - Callable functions for directories - Callable functions applicable to both files and directories - -Example changes that may be required to eliminate "deprecated" warnings: - - /* Set the debug level */ - context->debug = 99; -changes to: - smbc_setDebug(context, 99); - - /* Specify the authentication callback function */ - context->callbacks.auth_fn = auth_smbc_get_data; -changes to: - smbc_setFunctionAuthData(context, auth_smbc_get_data); - - /* Specify the new-style authentication callback with context parameter */ - smbc_option_set("auth_function", auth_smbc_get_data_with_ctx); -changes to: - smbc_setFunctionAuthDataWithContext(context, auth_smbc_get_data_with_ctx); - - /* Set kerberos flags */ - context->flags = (SMB_CTX_FLAG_USE_KERBEROS | - SMB_CTX_FLAG_FALLBACK_AFTER_KERBEROS); -changes to: - smbc_setOptionUseKerberos(context, 1); - smbc_setOptionFallbackAfterKerberos(context, 1); - - - - -###################################################################### -Changes -####### - -smb.conf changes ----------------- - - Parameter Name Description Default - -------------- ----------- ------- - administrative share New No - client lanman auth Changed Default No - client ldap sasl wrapping New plain - client plaintext auth Changed Default No - clustering New No - cluster addresses New "" - config backend New file - ctdb socket New "" - debug class New No - lanman auth Changed Default No - ldap debug level New 0 - ldap debug threshold New 10 - mangle map Removed - min receive file size New 0 - open files database hashsize Removed - read bmpx Removed - registry shares New No - winbind expand groups New 1 - winbind rpc only New No - - New special meaning of "include = registry". - - -Changes since 3.2.0pre2: ------------------------ - - -o Michael Adam - * Fix session setup with security = share. - * Fix segfault in testparm. - * Fix several Makefile issues. - * Fix build of bin/net on Solaris. - * Reformat the parm table of loadparm to use named initializers. - * Fix %I macro expansion for IPv4 mapped IPv6 addresses. - * Convert registry.tdb to use dbwrap and fix memleaks. - * Several make test fixes and improvements. - * Several libreplace extensions and fixes (portet from v4-0-test). - * Rename libnet_conf to libsmbconf and introduce backend abstraction layer. - * Add text backend to libsmbconf, based on params.c. - * Fix handling of includes in registry libsmbconf backend. - * Fix net conf import by reading from text backend. - * Add a "net registry" command to locally access the registry. - * Add getvalue subcommand to "net rpc registry". - * Add testsuites for libsmbconf and "net registry". - * Fix Coverity IDs 517, 536, 545. - * Remove unneeded REGISTRY_HOOKS layer from reghook cache - to allow plugging one backend to multiple keys more easily. - * Add smbconf_init dispatcher taking source strings like "backend:path" - * Fix handling of dangling parameters (without share) in libsmbconf. - * Introduce special meaning of "include = registry" to complement - the registry-only configuration of "config backend = registry". - * Enhance error propagation by making several registry functions - return WERROR. - * Fix loading of registry shares in smbd by fixing the token. - * Fix a segfault in tdb_wrap_log(). - - -o Jeremy Allison - * BUG 5311: Fix IPv6 issue with hosts allow/deny settings. - * BUG 5372: Fix client timeouts in large CUPS installations. - * Fix problem with nmbd not waiting until interfaces come up. - * Fix S3 to pass the test_raw_oplock_exclusive3 test. - * Fix MSDFS bug breaking MS clients in some cases by ensuring - the target host is ourselves. - * Rewrite the wrap checks to deal with gcc 4.x optimisations. - - -o Kai Blin - * BUG 4235: Prevent ntlm_auth from sending BH responses without a message. - * Fix one BH message. - - -o Gerald (Jerry) Carter - * Fix libtdb some to move back towards allowing out of tree builds. - * Ignore port when pulling IP addr from struct sockaddr_storage.. - - -o Guenther Deschner - * Fix build of pam_smbpass. - * Fix lp_load with an empty registry and "config backend = registry". - * Fix build targets for bin/net. - * Fix _dssetup_DsRoleGetPrimaryDomainInformation(). - * Fix the build of cifs.spnego. - * Migration of the SRVSVC client and server DCE/RPC code to IDL - based structures and autogenerated code - * Fix Kerberos session setup with Vista SP1 (ignore PAC type 12) - * Fix support for vampire of lockout policies and - for storing dialin/terminal server settings. - * Fix remote join/unjoin server implementation. - * BUG 5328: Fix netlogon credential chain with Windows 2008 - (this also fixes joining Windows 2008 with rpc methods). - * Various fixes for establishing and validating interdomain trust - relationships with Windows 2008. - * Use IDL for storing domain controller information in dsgetdcname. - * Re-arranged internal structure of libnetapi. - * Add support for domain\dcname syntax in libnetjoin. - * Add support for browsing/joining OUs in netdomjoin-gui. - * Add various new calls to libnetapi. - - -o Björn Jacke - * Add AC_TRY_RUN_STRICT support for Sun Studio compiler. - - -o Volker Lendecke - * Add support for async SMB requests. - * Add transactions to the dbwrap API. - * Add "net idmap aclmapset". - * Change default bufsize to 512k. - * Fix Coverity IDs 473, 481, 506, 507, 525, 526, 527, 528, 529, 530, 537, - 538, 547, 548, 551, 552, 553, 554, 555, 557, 558, 559, 563, 564, 567. - ... and half a ton more - * Fix some warnings in the tsmsm module. - * Fix warnings. - * BUG 4901: Fix "ldap passwd sync = only". - * BUG 5334: Fix download of empty files using smbclient. - * BUG 5307: Fix notify changes. - * BUG 5317: Fix debug output in domain_client_validate. - * BUG 5338: Fix format string issue in rpcclient. - * Convert account_pol.tdb and share_info.tdb to dbwrap. - * Protect group_mapping.tdb ops with transactions. - * BUG 5366: "passwd program" should work on Solaris 10 again now. - * A level 25 setuserinfo does change the pwdlastset, fixes XP joins. - * BUG 5350: A Samba DC trusting NT4 should do an anon session setup. - * BUG 5375: Fix a segfault with "security=share" and [in]valid users. - * Fix printing from DOS clients -- introduced by inbuf/outbuf rewrite. - * Fix wbinfo -a trusted\\user%password on a Samba DC with trusts. - * BUG 5341: Fix async smbclient get command on Solaris. - * Make winbind use NetSamLogonEx when possible. - * Merge fixes in the 3-0-ctdb cluster code. - * Fix a segfault in snprintf replacement code. - * Fix a regression for wbinfo --group-info if winbind separator is set - - -o Derrell Lipman - * Check for NULL pointers before dereferencing them. - * Fix use of AuthDataWithContext capability. - - -o Stefan Metzmacher - * Add dbwrap_tdb2 backend, useful for cluster setups. - * Add more functions to libwbclient: - - wbcGetGroups() - - wbcInterfaceDetails() - - wbcListUsers() - - wbcListGroups() - - wbcLookupUserSids() - - wbcSetUidMapping() - - wbcSetGidMapping() - - wbcSetUidHwm() - - wbcSetGidHwm() - - wbcResolveWinsByName() - - wbcResolveWinsByIP() - - wbcCheckTrustCredentials() - * Let wbinfo use libwbclient where possible. - * Let net use only libwbclient to access winbindd. - * Make socket wrapper pcap support more portable. - * Some libreplace backports from v4-0-test. - * Store the write time in the locking.tdb, - so that smbd passes the BASE-DELAYWRITE test. - * Run RAW-SEARCH and BASE-DELAYWRITE by 'make test'. - * Let each process use its own connection to ctdb - in cluster mode. - * Add a reinit_after_fork() helper function to correct - reinitialize the same things in all cases. - * Fix a chicken and egg problem with "include = registry". - - -o Karolin Seeger - * Fix usage message for "net idmap dump". - - -o Andrew Tridgell - * Suppress superfluous message. - - -o Marc VanHeyningen - * Coverity fixes. - - -Changes since 3.2.0pre1: ------------------------ - -o Michael Adam - * Add library for access to the registry configuration data. - * BUG 5023: Separate NFS4 and POSIX ACL code in file access checks. - * BUG 4308: Fix Excel save operation ACL bug. - * Refactor and consolidate logic for retrieving the machine - trust password information. - * VFS API cleanup (remove redundant parameter). - * BUG 4801: Correctly implement LSA lookup levels for LookupNames. - * Add new option "debug class" to control printing of the debug class. - in debug headers. - * Enable building of the zfsacl and notify_fam vfs modules. - * BUG 5083: Fix memleak in solarisacl module. - * BUG 5063: Fix build on RHEL5. - * New smb.conf parameter "config backend = registry" to enable registry - only configuration. - * Move "net conf" functionality into a separate module libnet_conf.c - * Restructure registry code, eliminating the dynamic overlay. - Make use of reg_api instead of backend code in most places. - * Add support for intercepting LDAP libraries' debug output and print - it in Samba's debugging system. - * Libreplace fixes. - * Build fixes. - * Initial support for using subsystems as shared libraries. - Use talloc, tdb, and libnetapi as shared libraries internally. - - -o Jeremy Allison - * Added support for IPv6 client and server connections. - * Add in the recvfile entry to the VFS layer. - * Removal of pstring data type. - * Remove unused utilities: smbctool and rpctorture. - * Fix service principal detection to match Windows Vista - (based on work from Andreas Schneider). - * Encrypted SMB transport in client tools and libraries, and server. - - -o Kai Blin - * Added support for an SMB_CONF_PATH environment variable - containing the path to smb.conf. - * Various fixes to ntlm_auth. - * make test now supports more extensive SPOOLSS testing using vlp. - * Correctly handle mixed-case hostnames in NTLMv2 authentication. - - -o Gerald (Jerry) Carter - * Add Winbind client library. - * Decouple static linking between smbd and winbindd's client - interface. - - -o Guenther Deschner - * Enhance client and server remote registry access. - * Add client calls for remotely joining a computer to a domain - (including calls from "net dom" command). - * Add libnetapi.so library for joining domains including - sample GTK+ app. - * Fixes for Vista SP1 Kerberos authdata handling to only pickup - the PAC. - * Various error code and error message fixes. - * Add initial draft of libnetconf to allow programmatic - configuration changes. - * Add libnet_join internal library for programmatically joining - and unjoining Domains. - * Add various fixes and new calls to libnetapi.so library. - * Various fixes for DsGetDcName and conversion to IDL based - structures. - * Fixes for pidl to correctly generate WERROR based client calls. - * Fixes for pidl to generate output that complies to coding - conventions. - * Various IDL fixes. - * Add ads_get_joinable_ous() to libads to get list of joinable ous. - * Add get_logon_hours_from_pdb() to comply with new IDL based - structures. - * Add debugging capabilities to dump AD connections to libads - (using ndr_print). - * Add "dump-domain-list" command for smbcontrol to retrieve better - debugging information out of winbindd. - * Migration of the entire client and server DCE/RPC code to IDL - based structures and autogenerated code for DSSETUP, LSA, SAMR - and NETLOGON. - * Started migration of client and server DCE/RPC code to IDL based - structures and autogenerated code for NTSSVC, SVCCTL and - EVENTLOG. - * Use IDL and autogenerated code for samlogoncache and Kerberos - PAC handling. - * Various fixes and cleanup of Kerberos PAC handling. - * Fix segfault in _srv_net_file_enum. - * Conversion of client join and unjoin code to libnet_join. - * Add remote join/unjoin server-side implementation. - * Removed a lot of code which has become obsolete. - - -o Steve Langasek - * Integrate 2 out of 3 --with-fhs patches from Debian packaging - for better adherence to the FHS standard. - - -o Volker Lendecke - * Add talloc_stackframe() and talloc_pool() features. - * Removal of pstring data type. - * Add generic a in-memory cache. - * Import the Linux red-black tree implementation. - * Remove large amount of global variables. - * Support for storing xattrs in tdb files. - * Support for storing alternate data streams in xattrs. - * Implement a generic in-memory cache based on rb-trees. - * Add implicit temporary talloc contexts via talloc_stack(). - * Speed up the smbclient "get" command - * Add the aio_fork module - * Fix bug 4901 - -o Derrell Lipman - * Modified libsmbclient API for more easily maintaining ABI compatibility - while adding new features to libsmbclient. - -o Stefan Metzmacher - * Refactor Winbind internal parent-child interface tables - to achieve better unit testing support. - * Add nss_wrapper API for local Winbind unit tests. - * Networking fixes to the libreplace library. - * Pidl fixes. - * Remove unused Winbind pipe calls. - * Build fixes. - * Fix for a crash bug in pidl generated client code. - This could have happend with [in,out,unique] pointers - when the client sends a valid pointer, but the server - responds with a NULL pointer (as samba-3.0.26a does for some calls). - * Change NTSTATUS into enum ndr_err_code in librpc/ndr. - * Remove unused calls in the struct based winbindd protocol. - * Add --configfile option to wbinfo. - * Convert winbind_env_set(), winbind_on() and winbind_off() into macros. - * Return rids and other_sids arrays in WBFLAG_PAM_INFO3_TEXT mode. - * Implement wbcErrorString() and wbcAuthenticateUserEx(). - * Convert auth_winbind to use wbcAuthenticateUserEx(). - - -o James Peach - * Add support for DNS Service Discovery. Based on work from - Rishi Srivatsavai . - - -o Andreas Schneider - * Don't restart winbind if a corrupted tdb is found during - initialization. - * Fix Windows 2008 (Longhorn) join. - * Fix crashbug in winbindd. - * Add share parameter "administrative share". - - -o Karolin Seeger - * Improve error messages of net subcommands. - * Add 'net rap file user'. - * Change LDAP search filter to find machine accounts which - are not located in the user suffix. - * Remove smbmount. - - -o David Shaw - * BUG 5073: Allow "delete readonly = yes" to correctly override - deletion of a file. - - -o Rishi Srivatsavai - * Register the smb service with mDNS if mDNS is supported. - * Add smbclient support for basic mDNS browsing. - - -o Andrew Tridgell - * Fix padding between Winbind 32bit/64bit client library in - the request/response structures. - * Added a syncops VFS module for file systems which do not - guarantee meta-data operations are immediately committed to - disk in stable form. - - -o Jelmer Vernooij - * Additional portability support for building shared libraries. - - -o Corinna Vinschen - * Get Samba version or capability information from Windows user space. - - -Original 3.2.0pre1 commits: ---------------------------- -o Michael Adam - * Unified POSIX ACL detection including support for FreeBSD and - HP-UX. - * Performance improvements for Winbind's lookup functions (names, - SIDs, and group membership) when joined to an AD domain. - * Winbind cache validation support. - * Store domain trust passwords for Samba domain controller's in - the domain's passdb backend. - * Merged \winreg server code from the SAMBA_3_2 development branch. - * Fixes for libreplace. - * Implement new registry configuration backend. - - -o Jeremy Allison - * Add support for file system objectIDs. - * Winbind cache validation support. - * Add in the UNIX capability for 24-bit readX. - * Improve Delete-on-Close semantics. - * Removal of static file and path name buffers in SMB file serving - code. - - -o Danilo Almeida - * Move the machine account to the OU specified when running "net - ads join". - - -o Andrew Bartlett - * Tighten authentication protocol defaults in client tools and - servers. - - -o Gerald (Jerry) Carter - * Implement support for one-way trusts and two-way cross-forest - transitive trust in winbindd. - * Fixes for Winbind's offline/disconnected logon support when - using remote idmap backends. - * Fix LookupNames and LookupSids to use the same resolution - heuristics as Windows XP. - * Fix lockups in Winbind when running nscd. - * UPN logon support in pam_winbind. - * Add support for GNU linker scripts when build shared libraries - (based on work by Julien Cristau and James - Peach). - - -o Guenther Deschner - * Additional support for decoding and downloading group policy - objects from Active Directory. - * Improvements to "net ads keytab" command. - * Fixes for linking against Heimdal Kerberos client libs. - * Support LDAP range retrieval searches. - * Fixes for failure to refresh user ticket caches in Winbind. - * UPN logon support in pam_winbind. - * Add KDC locator plugin for MIT kerberos 1.6 or later. - - -o Steve Langasek - * Allow SIGTERM to cause nmbd to exit while awaiting a interface - to come up. - - -o Volker Lendecke - * Merge experimental cluster support patches from the ctdb branch. - * Add tdb storage abstraction for ctdb. - * Use IDL for internal message passing system. - * Add client support for the SamLogonEx() authentication request. - * Implement RPC proxy stubs in the Samba server code to allow - replacing implementation functions one by one. - * Remove static incoming and outgoing buffers from core server SMB - packet processing code. - * Add "net sam rights" command. - - -o Steve French - * Fixes for mount.cifs Linux utility. - - -o Stefan Metzmacher - * Fixes for libreplace. - * Add support for LDAP digital signing policy. - * Experimental clustered file system support. - - -o Lars Mueller - * Makefile and build fixes. - * Add pam_pwd_expire for pam_winbind (original patch from Andreas - Schneider). - - -o James Peach - * Fixes for setgroups() and *BSD and Darwin. - * Support membership of >16 groups on Darwin. - - -o Jiri Sasek - * Added vfs_zfsacl module. - - -o Karolin Seeger - * Add deletelocalgroup and unmapunixgroup subcommand to "net sam". - * Cleanup internal passdb functions. - - -o Simo Sorce - * Fixes for IDmap and Passdb backends. - - -o Andrew Tridgell - * Port ldb from the Samba 4 tree and add ldb group mapping plugin. - * Move several file serving related tdb files to use the dbwrap - API internally. - * Cleanup the GPFS VFS plugin. - * Experimental clustered file system support. - - -o Jelmer Vernooij - * Implement NDR basic to support utilizing IDL files from Samba 4 - tree for general DCE/RPC parsing stubs. - +o ######################################################################