[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4965-g311abc3
Karolin Seeger
kseeger at samba.org
Mon Feb 16 10:31:20 GMT 2009
The branch, v3-3-test has been updated
via 311abc32da851894edff3324acbe58213c131729 (commit)
from cafc9efceadcefa9154874e9846158cf23ee1645 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 311abc32da851894edff3324acbe58213c131729
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Feb 16 11:30:30 2009 +0100
s3-WHATSNEW: Start WHATSNEW for 3.3.1.
Karolin
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 753 ++++++----------------------------------------------------
1 files changed, 75 insertions(+), 678 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index bce7fb7..24211f5 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,202 +1,16 @@
=============================
- Release Notes for Samba 3.3.0
- January, 27 2009
+ Release Notes for Samba 3.3.1
+ February, 24 2009
=============================
-This is the first stable release of Samba 3.3.0.
+This is the latest bugfix release release of the Samba 3.3 series.
-Major enhancements in Samba 3.3.0 include:
+Major enhancements in Samba 3.3.1 include:
- General changes:
- o The passdb tdbsam version has been raised.
-
- Configuration/installation:
- o Splitting of library directory into library directory and separate
- modules directory.
- o The default value of "ldap ssl" has been changed to "start tls".
-
- File Serving:
- o Extended Cluster support.
- o New experimental VFS modules "vfs_acl_xattr" and "vfs_acl_tdb"
- to store NTFS ACLs on Samba file servers.
-
- Winbind:
- o Simplified idmap configuration.
- o New idmap backends "adex" and "hash".
- o Added new parameter "winbind reconnect delay".
- o Added support for user and group aliasing.
- o Added support for multiple domains to idmap_ad.
-
- Administrative tools:
- o The destination "all" of smbcontrol does now affect all running
- daemons including nmbd and winbindd.
- o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
- o The 'net' utility can now use kerberos for joining and authentication.
- o The 'wbinfo' utility can now add, modify and remove identity mapping entries.
-
- Libraries:
- o NetApi library implements various new calls for User- and Group
- Account Management.
- o libsmbclient does now determine case sensitivity based on file system
- attributes.
-
-
-General changes
-===============
-
-The passdb tdbsam version has been raised as among other things the RID counter
-has been moved from the winbindd_idmap.tdb to the passdb.tdb file to make
-"passdb backend = tdbsam" working in clustered environments.
-
-Please note that an updated passdb.tdb file is _not_ compatible with Samba
-versions before 3.3.0! Please backup your passdb.tdb file if
-you use "passdb backend = tdbsam". That can be achieved by running
-
-'tdbbackup /etc/samba/passdb.tdb'
-
-before the update.
-
-
-Configure changes
-=================
-
-The configure option "--with-libdir" has been removed. The library
-directory can still be specified by using the existing "--libdir" option.
-A new option "--with-modulesdir" has been added to allow the specification
-of a separate directory for the shared modules.
-
-
-Configuration changes
-=====================
-
-The default value of "ldap ssl" has been changed to "start tls". This means,
-Samba will use the LDAPv3 StartTLS extended operation (RFC2830) for
-communicating with directory servers by default. If your directory servers
-do not support this extended operation, you will have to set
-"ldap ssl = no". Otherwise, Samba could not contact the directory servers
-anymore!
-
-
-Winbind idmap backend changes
-=============================
-
-The idmap configuration has changed with version 3.3 to something that
-allows a smoother upgrade path from pre-3.0.25 configurations that use
-"idmap backend". The reason for this change is that to many, also to Samba
-developers, the 3.0.25 style configuration with "idmap config" turned out
-to be very complex. Version 3.3 no longer deprecates the "idmap backend"
-parameter, instead with "idmap backend" the default idmap backend is
-specified.
-
-Accordingly, the "idmap config <domain> : default = yes" setting is no
-longer being looked at.
-
-The alloc backend defaults to the default backend, which should be able to
-allocate IDs. In the default distribution the tdb and ldap backends can
-allocate, the ad and rid backends can not. The idmap alloc range is now
-being set with the "old" parameters "idmap uid" and "idmap gid".
-
-The "idmap domains" parameter has been removed.
-
-
-winbind reconnect delay
-=======================
-
-This is a new parameter which specifies the number of seconds the Winbind
-daemon will wait between attempts to contact a Domain controller for a domain
-that is determined to be down or not contactable.
-
-
-Winbind's Name Aliasing
-=======================
-
-Name aliasing in Winbind is a feature that allows an administrator to
-map a fully qualified user or group name from a Windows domain to a
-convenient short name for Unix access. This is similar to the username
-map functionality supported by smbd but is primary intended for
-clients and servers making use of Winbind's PAM and NSS libraries.
-
-For example, the user "DOMAIN\fred" has been mapped to the Unix name
-"freddie".
-
- $ getent passwd "DOMAIN\fred"
- freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
-
- $ getent passwd freddie
- freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
-
-The name aliasing support is provided by individual nss_info plugins.
-For example, the new "adex" plugin reads the uid attribute from Active
-Directory to make a short login name to the fully qualified name.
-While the new "hash" module utilizes a local file to map "short_name
-= QUALIFIED\name". Both user and group name mapping is supported.
-Please refer to the "winbind nss info" option in smb.conf(5) and
-to individual plugin man pages for further details.
-
-
-idmap_hash
-==========
-
-The idmap_hash plugin provides similar support as the idmap_rid
-module. However, uids and gids are generated from the full domain
-SID using a hashing algorithm that maps the lower 19 bits from the user
-or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from
-the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit
-uid or gid that is consistent across machines and provides support for
-trusted domains.
-
-Please refer to the idmap_hash(8) man page for more details.
-
-
-idmap_adex
-==========
-
-The adex idmap/nss_info plugin is an adaptation of the Likewise
-Enterprise plugin with support for OU based cells removed
-(since the Windows pieces to manage the cells are not available).
-
-This plugin supports
-
- * The RFC2307 schema for users and groups.
- * Connections to trusted domains
- * Global catalog searches
- * Cross forest trusts
- * User and group aliases
-
-Prerequisite: Add the following attributes to the Partial Attribute
-Set in global catalog:
-
- * uidNumber
- * uid
- * gidNumber
-
-A basic config using the current trunk code would look like:
-
-[global]
- idmap backend = adex
- idmap uid = 10000 - 29999
- idmap gid = 10000 - 29999
- winbind nss info = adex
-
- winbind normalize names = yes
- winbind refresh tickets = yes
- template homedir = /home/%D/%U
- template shell = /bin/bash
-
-Please refer to the idmap_adex(8) man page for more details.
-
-
-Libraries
-=========
-
-libsmbclient will now treat file names case-sensitive by default if the filesystem
-we are connecting to supports case sensitivity. This change of behavior is
-considered a bug fix, as it was previously possible to accidentally overwrite a
-file that had the same case-insensitive name but a different case-sensitive name
-as a previously-existing file, while creating a new file.
-
-If it is not possible to detect if the filesystem supports case sensitivity,
-the user-specified option value will be used.
+ * Fix net ads join when "ldap ssl = start tls" (bug #6073).
+ * Fix renaming/deleting of files using Windows clients (bug #6082).
+ * Fix renaming/deleting a "not matching/resolving" symlink (bug #6090).
+ * Fix remotely adding a share via the Windows MMC.
######################################################################
@@ -208,538 +22,121 @@ smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
- cups connection timeout New 30
- idmap alloc config : range Removed
- idmap domains Removed
- init logon delayed hosts New ""
- init logon delay New 100
- ldap ssl Changed Default start tls
- share modes Deprecated
- winbind reconnect delay New 30
-
-
-Changes since 3.3.0rc2:
------------------------
-
-
-o Jeremy Allison <jra at samba.org>
- * BUG 4308: Fix corrupting of file ACLs during Excel save operations.
- * BUG 5979: Fix level 2 oplocks being granted improperly.
- * BUG 5980: Race condition when granting level2 oplocks can cause break
- notify to be missed.
- * BUG 5986: Editing a stream is broken (rename problems).
- * BUG 5990: Strict allocate should be checked before ftruncate.
- * BUG 6009: Setting "min receivefile size = 1" breaks writes.
- * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict.
- * BUG 6017: Fix magic scripts.
- * BUG 6019: Fix file corruption in Clustered SMB/NFS environment managed via
- CTDB.
- * BUG 6021: smbclient du command does not recuse properly.
- * BUG 6024: Deprecate the "share modes" parameter.
- * BUG 6030: Add missing <th> header in Status page.
- * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery.
- * BUG 6040: Calling Samba print server with an aliased DNS-name fails.
- * Fix gcc 4.3.2 warnings.
- * Fix more asprintf errors and error code paths.
- * Attempt to fix crash seen with new CUPS async printcap loading code.
- * Add winbindd_reinit_after_fork(), cleaning out all possible events
- in a forked child.
- * Make winbindd_cm.c use winbindd_reinit_after_fork().
- * Fix race condition in alarm lock processing.
- * Fixes crash bug in SWAT.
-
-
-o Michael Adam <obnox at samba.org>
- * Fix build of pam_winbind.so on older Linux systems.
- * Packaging RHEL-CTDB: Fix build of [u]mount.cifs.
- * Prevent access to root filesystem when connecting with empty service name.
- * Fix distclean target and add realdistclean target in the docs build.
- * Add manpage for idmap_tdb2.
- * Clarify idmap manpages.
-
-
-o Kai Blin <kai at samba.org>
- * BUG 5953: Fix smbclient crashes.
-
-
-o Gerald (Jerry) Carter <jerry at samba.org>
- * Fix "allow trusted domain" so it disables trusted domains.
- * Return immediately on a failed GC connection in ads_connect.
-
-
-o SATOH Fumiyasu <fumiyas at osstech.jp>
- * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit.
- * Fix SIGBUS on non-x86 CPUs in libsmbclient.
- * Fix a compile-time warning.
-
-
-o Holger Hetterich <hhetter at novell.com>
- * Add a simple tdb integrity check to tdbtool.
-
-
-o Björn Jacke <bj at sernet.de>
- * Correct the description of the "ldap timeout" parameter.
-
-
-o Volker Lendecke <vl at samba.org>
- * BUG 5913: Fix build error with at least GCC 4.2.2.
- * BUG 5933: Fix incrementing/decrementing of num_validated_vuids.
- * BUG 5953: Make cli_send_smb_direct_writeX use writev.
- * BUG 5965: Fix creation of the first share using SWAT.
- * BUG 5969: Optimize smbclient put command.
- * BUG 6012: Add "get_real_filename" to full_audit.
- * BUG 6014: Fix segfault when calling mget without arguments.
- * Fix a spinning smbd when printing.
- * Fix a memory leak in cups_pull_comment_location.
- * Fix a valgrind error.
- * Fix a "ignoring function call result" warning.
- * Fix some C++ warnings.
- * Fix an ancient uninitialized variable read.
- * Fix a bad memleak in vfs_full_audit.
-
-
-o Derrell Lipman <derrell.lipman at unwireduniverse.com>
- * BUG 6022: Make smbc_urlencode and smbc_urldecode in libsmbclient.
- * Determine case sensitivity based on file system attributes.
-
-
-o Stefan Metzmacher <metze at samba.org>
- * net_status: Use dbwrap to open sessionid.tdb.
- * Fix dbwrap_store_uint32() to match dbwrap_store_int32().
- * Make marshalling struct samu from and to a buffer more generic.
- * Store the next rid counter in passdb.tdb instead of winbind_idmap.tdb.
- * Register the client connection via CTDB_CONTROL_TCP_ADD.
- * Don't need to call messaging_reinit() twice.
- * Raise TDBSAM_VERSION.
- * Add manpage for vfs_fileid.
- * Rename 'fd_event' to 'winbindd_fd_event' to avoid confusion.
- * Recreate the per domain check_online_event without relying on global
- state.
- * Handle the smb signing states the same in the krb5 and ntlmssp cases.
- * Re-add 'fileid:algorithm' option to vfs_fileid.
- * Fix CTDB IPv6 support in cluster setups.
- * Reinit_after_fork() should reinit the event context before the
- messaging context.
- * Fix PCAP support in socket_wrapper.
-
-
-o Lars Müller <lars at samba.org>
- * Tweak with pam defines of older Linux versions.
-
-
-o Tim Prouty <tprouty at samba.org>
- * Fix stream marshalling to return the correct streaminfo status.
- * Allow renames of streams via NTRENAME and fix stream error codes on
- rename.
- * Remove a few unnecessary checks from the streams xattr module.
- * Remove a few unnecessary checks from the streams depot module and fix to
- work with NTRENAME.
-
-
-o Andreas Schneider <anschneider at suse.de>
- * Fix a segfault if ? is there but the options are NULL.
- * Avoid flooding of syslog with failing pam_putenv messages.
-
-
-o Karolin Seeger <kseeger at samba.org>
- * BUG 6000: Avoid bashism in perfcount.init.
- * Change default value of "ldap ssl" to "start tls".
- * Update version number in the manpages.
- * Fix several small issues and typos in the manpages.
- * Check if Unix account exists before asking for the password in smbpasswd.
-
-
-o Todd Stecher <todd.stecher at gmail.com>
- * Fix memory leaks and other fixes found by Coverity.
-
-
-o Bo Yang <boyang at novell.com>
- * Clean event context after child is forked.
- * Fix broken krb5 refresh chain.
- * Set entry->refresh_time to make ccache_regain_all_now() work correctly.
- * Refresh sequence number as soon as possible.
- * Don't set child->requests to NULL in parent after fork.
- * Don't send message to any other child in child process.
- * Fix bug in get_dc_name_via_netlogon(), null pointer reference.
-
+ ldap ssl ads New No
-"Changes since" sections of 3.3 previews and release candidates follow:
-=======================================================================
+Changes since 3.3.0:
+--------------------
-Changes since 3.3.0rc1:
-------------------------
o Jeremy Allison <jra at samba.org>
- * BUG 1254: Fix "write list" in setups using "security = share".
- * BUG 5937: Fix filenames with "*" char hiding other files.
- * BUG 5953: Fix segfaults in smbclient.
- * Fix usrmgr opening a user object as non-root.
+ * BUG 6082: Fix renaming/deleting of files using Windows clients.
+ * BUG 6069: Fix build with too many arguments.
+ * BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink.
+ * BUG 6099: Try to fix domain join of Win7 Beta.
+ * Fix Coverity IDs 115, 116, 117.
+ * Fix warning (bad handler prototype).
+ * Unify the detection of the timespec code in configure.in, and the
+ application of it in time.c.
+ * Correctly use chroot().
+ * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered"
+ read from the rpc packet in spoolss is under that size.
o Michael Adam <obnox at samba.org>
- * BUG 3661: Add support for trusted domains to idmap_ad.
- * Fix default backend handling for ad backends.
- * Fix potential segfault in vfs_tsmsm.
- * Fix several RHEL CTDB packaging issues.
+ * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.
+ * BUG 6073: Prevent ads_connect() from using SSL unless explicitly
+ requested.
+ * Fix 'getent passwd' to allocate new uids.
+ * Fix 'getent group' to allocate new gids.
+ * Remove check for sharename being a username in 'net conf
+ addshare'.
o Guenther Deschner <gd at samba.org>
- * BUG 5957: Do not abort rename process on valid rename script.
- * Fix various potential memleaks in samr_SetUserInfo.
- * Fix access bits in netapi.
-
-
-o Steve French <stevef at smf-t60p.smfdom>
- * BUG 5934: Use USER environment in mount.cifs when no user is specified.
- * variable
-
-
-o SATOH Fumiyasu <fumiyas at osstech.co.jp>
- * BUG 5688: LPQ process is orphaned if socket address parameter is invalid.
- * Vars for signals must be volatile sig_atomic_t.
-
-
-o Henning Henkel <henning.henkel at fh-furtwangen.de>
- * BUG 5929: Fix build of vfs_prealloc with option --with-cluster-support and
- GPFS.
-
-
-o Tomasz Krasuski <kr0tki at poczta.onet.pl>
- * BUG 5928: Fix 'testparm --version'.
-
-
-o Jeff Layton <jlayton at redhat.com>
- * Allow mounts to ipv6 capable servers in mount.cifs.
-
-
-o Volker Lendecke <vl at samba.org>
- * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a
- non-encrypted packet with the crypto state set.
- * Fix error code when smbclient puts a file over an existing directory.
- * Pass the get_real_filename operation through the VFS.
-
-
-o Stefan Metzmacher <metze at samba.org>
- * BUG 5749: Re-set acctflags while joining.
- * Fix several issues concerning Alternate Data Streams.
- * Fix valgrind bug lp_parm_const_string().
- * Fix setting of trust passwords using 'net rpc trustdom add'.
- * Correctly detect if the current dc is the closest one.
-
-
-o Tim Prouty <tprouty at samba.org>
- * Fix a delete on close divergence from windows.
-
-
-o Dan Sledz <dsledz at isilon.com>
- * Fix logging to syslog.
-
-
-o Yasuma Takeda <yasuma at osstech.co.jp>
- * BUG 5944: Fix starting of nmbd with "socket address" set to "".
-
+ * Remove unused ENUM_HND from 'net'.
+ * Fix getform command asprintf return code in rpcclient.
+ * Fix memleak in get_remote_printer_publishing_data().
-o Bo Yang <boyang at novell.com>
- * Fix script installmo.sh when no .po file exists.
-
-----------------------------------------------------
-
-Changes since 3.3.0pre2:
-------------------------
-
-o Michael Adam <obnox at samba.org>
- * Fix eventlog crash.
- * Make keytab filename argument mandatory to "net rpc vampire keytab".
- * Add domain prefix to username in lookup_groupmem().
- * Honour "winbind use default domain" in lookup_groupmem().
- * Sanely handle NULL domain in add_member().
- * Don't list the domain twice when expanding internal aliases.
- * Prevent negative GM/ cache entries due to broken connections.
- * Use the reconnect methods instead of the rpc methods directly.
-
-
-o Jeremy Allison <jra at samba.org>
- * BUG 5080: Fix access to cups-printers with cups 1.3.4.
- * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
- * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
- * BUG 5825: Fix account locking with an LDAP backend.
--
Samba Shared Repository
More information about the samba-cvs
mailing list