diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9b9ff24ad63..8b21e101b46 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,10 +1,98 @@ - WHATS NEW IN Samba 3.0.0 - September 24, 2003 + WHATS NEW IN Samba 3.0.1pre1 + October 10, 2003 ============================== -This is the first official release of Samba 3.0.0 code base. Work -on the SAMBA_3_0 CVS branch continues. Please refer to the section -on "Known Issues" for more details. +This is a preview release of the Samba 3.0.1 code base and is +provided for testing only. This release is *not* intended for +production servers. Use at your own risk. + +There have been several bug fixes since the 3.0.0 releaser that +we feel are important to make available to the Samba community +for wider testings. See the "Changes" section for details on +exact updates. + + +###################################################################### +Changes +####### + +Changes since 3.0.0 +------------------- + +Please refer to the CVS log for the SAMBA_3_0 branch for complete +details: + + +Modified parameters + * mangled map (deprecated) + +Removed Parameters + * mangled stack (unused) + + +1) Change the interface for init_unistr2 to not take a length + but a flags field. We were assuming that + 2*strlen(mb_string) == length of ucs2-le string. (bug 480). +2) Allow d_printf() to handle strings with escaped quotation + marks since the msg file includes the escape character (bug 489). +3) Fix bad html table row termination in SWAT wizard code (bug 413). +4) Fix to parse the level-2 strings. +5) Fix for "valid users = %S" in [homes]. Fix read/write + list as well. +6) Change AC_CHECK_LIB_EXT to prepend libraries instead of append. + This is the same way AC_CHECK_LIB works (bug 508). +7) Testparm output fixes for clarity. +8) Fix broken wins hook functionality -- i18n bug (bug 528). +9) Take care of condition where DOS and NT error codes must differ. +10) Default to using only built-in charsets when a working iconv + implementation cannot be located. +11) Wrap internals of sys_setgroups() so the sys_XX() call can + be done unconditionally (bug 550). +12) Remove duplicate smbspool link on SWAT's front page (bug 541). +13) Save and restore CFLAGS before/after AC_PROG_CC. Ensures that + --enable-debug=[yes|no] works correctly. +14) Allow ^C to interrupt smbpasswd if using our getpass + (e.g. smbpasswd command). +15) Support signing only on RPC's (bug 167). +16) Correct bug that prevented Excel 2000 clients from opening + files marked as read-only. +17) Portability fix bugs 546 - 549). +18) Explicitly initialize the value of AR for vendor makes that don't + do this (e.g. HPUX 11). (bug 552). +19) More i18n fixes for SWAT (bug 413). +20) Change the cwd before the postexec script to ensure that a + umount will succeed. +21) Correct double free that caused winbindd to crash when a DC + is rebooted (bug 437). +22) Fix incorrect mode sum (bug 562). +23) Canonicalize SMB_INFO_ALLOCATION in the same was as + SMB_FS_FULL_SIZE_INFORMATION (bug 564). +24) Add script to generate *msg files. +25) Add Dutch SWAT translation file. +26) Make sure to call get_user_groups() with the full winbindd + name for a user if he/she has one (bug 406). +27) Fix up error code returns from Samba4 tester. Ensure invalid + paths are validated the same way. +28) Allow Samba3 to pass the Samba4 RAW-READ tests. +29) Refuse to configure if --with-expsam=$BACKEND was used but no + libraries were found for $BACKEND. +30) Move sysquotas autoconf tests to a separate file. +31) Match W2K w.r.t. writelock and writeclose. Samba4 torture + tester +32) Make sure that the files that contain the static_init_$subsystem; + macro get recompiled after configure by removing the object + files. +33) Ensure canceling a blocking lock returns the correct error + message. +34) Match Samba 2.2, and make ACB_NORMAL the default ACB value. + + + +###################################################################### + + ======================================= + The original 3.0.0 release notes follow + ======================================= Major new features: @@ -80,442 +168,6 @@ publisher for making "Using Samba" under the GNU Free Documentation License. -###################################################################### -Changes since 3.0rc4 -#################### - -Please refer to the CVS log for the SAMBA_3_0 branch for complete -details: - -1) Fix bug that prevented filenames of length >100 characters - from being restored using smbclient's tar functionality. -2) Fix bug that prevented fast path code in strchr_m() - from being used. -3) Make sure we store the desired access flag on incoming - SAMR rpc calls. -4) Fix smbd crash when dealing with mangled file names. -5) Ensure that the group comment field is not overwritten - if it already exists. -6) Fix bug that prevented 'net rpc join' from working - with mixed mode AD domains (bug 442). -7) Fix crash in smbd when a Samba PDC is not able to - enumerate trusted domains (bug 450). -8) Fix crash bug found by the Samba4 testsuite. -9) Fix bug that prevented smbd from returning an ACL list - if one of the SIDs could not be resolved (bug 470). -10) Remove -P option from smbclient printing scripts since it - has a different meaning in Samba 3.0 (bug 473). -11) Sync smbldap-tools with latest version from idealx cvs tree. -12) Cleanup some warnings produced by the Sun C compiler. -13) Several fixes for SWAT relating to international character - sets. - - -Changes since 3.0rc3 -#################### - -1) Fix incorrect error message in testparm.c regarding 'map system'. -2) Protect against core dump if ioctl for print job sends invalid - fid. -3) Fix bug in generic hash cacluation. -4) Remove references to unused 'strip dot' parameter -5) Fix CPU burn bug in multi-byte character conversion. -6) Use opt_target_workgroup instead of lp_workgroup() in vampire - code so we can override the value in smb.conf with the -w option. -7) Display an error if we can't create a posix account for the - user when running 'net rpc vampire' (bug 323). -8) Fix UTF8 conversion bugs in LDAP passdb and idmap code (bug 296). -9) Fix smbd crash when changing the machine trust account password - (bug 273). -10) Remove getpwnam() calls from init_sam_from_xxx(). This means - that %u & %g will no longer expand in the "login ..." set of - smb.conf options, but %U and %G still do. The payback is that - winbindd local accounts for users work with 'wbinfo -u' - when winbind is running on a Samba PDC. -11) Fix unitiailized timestamp where merging print_jobs and - lpq listing. -12) Fix bug in debian packaging files affecting non-i386 platforms. - - -Changes since 3.0rc2 -#################### - -1) Remove Perl module dependencies in generated RedHat 8/9 RPMS. -2) Update mount helper to take synonyms for file_mode and - dir_mode (fmask and dmask). -3) Fix portability bug with log2pcaphex. -4) Use different algorithm to generate codepages source code which - allows to take gaps into account thus making unnecessary - extended [index] = value, syntax in to_ucs2 array (bug 380). -5) Fix comment strings to 43 bytes as per spec. -6) Fix pam_winbind compile bug on FreeBSD (bug 261). -7) Support for in-memory keytabs, which are needed to make heimdal - work properly. MIT does not support them, so this check will be - used to decide whether to use them. (partial fix for bug 372). -8) Disable RC4-HMAC on broken heimdal setups. (remainder of bug - 372). -9) Correct bug in smbclient that resulted in errors when untarring - long filenames (bug 308). -10) Improve autoconf checks for PAM header files and libs. -11) Added fast path to convert_string() when dealing with - ASCII->ASCII, UCS2-LE->ASCII, and ASCII->UCS2-LE with - values <= 0x7F. -12) Quiet debug messages when we don't find a module and it is not - a critical error (bug 375). -13) Fix UNIX passwd sync properly. -14) Fix more transitive trust issues in winbindd (bug 305). -15) Ensure that winbindd functions with 'disable netbios = yes' -16) Store the real short domain name in secrets.tdb as soon as we - know it. Also display an error message when joining an AD - domain and the 'workgroup' parameter has not been specified. -17) Return 0 DFS links instead of -1 when dfs support is not enabled. -18) Update LDAP schema for Netscape DS 4.x and Novell eDirectory 8.7 -19) Ensure that name types can be specified using name#type notation - in the 'net' command (bug 73). -20) Add retry looks to ADS sequence number and domain SID lookups - (bug 364). -21) use a variant of alloc_sub_basic() for string lists such as - 'valid users', 'write list', and 'read list' (bug 397). -22) Fix seg fault when winbindd receives an error from the AD server - in response to an LDAP search (bug 282). -23) Update findsmb to use the new syntax for smbclient and nmblookup. -24) Fix bug that prevented variables from being used in explicitly - defined path in [homes]. -25) Only set SIDs when they're returned by the MySQL query - (pdb_mysql.so). -26) Include support for NTLMv2 key exchange. -27) Revert default for 'client ntlmv2 auth' to off (bug 359). -28) Fix crash in winbindd when the trust account password gets - changed underneath us via 'net rpc changetrustpw' (bug 382). -29) Use djb-algorithm string hash - faster than the tdb one we - used to use. Does not change on disk format or hashing location. -30) Implements some kind of improved AFS support for Samba on - Linux with OpenAFS 1.2.10. './configure --with-fake-kaserver' - assumes that you have OpenAFS on your machine. -31) When enumerating dfs shares loop from 0 to lp_numservices() instead - of relying on lp_servicename(n) to return an empty string for - invalid service numbers (bug 403). -32) Fix crash bug in 'net rpc samdump' (bug 334). -33) Fix crash bug in WINS NSS module (bug 299). -34) Fix a few minor compile errors on HP-UX. - - - -Changes since 3.0rc1 -#################### - -1) Add levels 261 and 262 to search. Found using Samba4 tester. -2) Correct bad error return code in session setup reply -3) Fix bug where smbd returned DOS error codes from SMBsearch - even when NT1 protocol was negotiated. -4) Implement SMBexit properly. -5) Return group lists from a Samba PDC to a Windows 9x/ME box - in implementing user level access control (bug 314). -6) Prevent SWAT from crashing when adding shares (bug 254) -7) Fix various documentation issues (bugs 304 & 214) -8) Fix wins server listing in SWAT (bug 197) -9) Fix problem in rpcclient that caused enumerating printer - drivers to report failure (bug 294). -10) Use kerberos 5 authentication in our client code whenever possible -11) Fix schannel bug that caused Active Directory DC's to downgrade our - machine account to an NT member. -12) Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAIN call (bug 252). -13) Implement automatic generation of include/version.h -14) Include initial version of smbldap-tool scripts for the Samba - 3.0 schema. -15) Implement numerous fixes for multi-byte character strings. -16) Enable 'unix extensions' parameter by default. -17) Make sure we set the SID type when falling back to the rid - algorithm (bug 245). -18) Correct linking problems with pam_smbpass (bug 327). -19) Add SYSV defines for Irix and Solaris to ensure the 'printing' - parameter default to the correct value (bug 230) -20) Fix recursion bug in alloc_string_sub() (bug 289, et. al.) -21) Ensure that 'make install' includes the static and shared - versions of the libsmbclient libraries. -22) Add CP850 and CP437 internal character set support (bug 150). -23) Add support to examples/LDAP/convertSambaAccount for generating - LDIF modify files instead of just add (303). -24) Fix support for -W option in smbclient (bug 39) -25) Remove 'ldap trust ids' parameter since it could not be supported - by the current architecture. -26) Don't crash when no argument is given to -T in smbclient (bug 345). -27) Ensure smbadduser contains the same paths for the smbpasswd file - as the other Samba tools (bug 290). -28) Port of 'available = no' fix for [homes] from SAMBA_2_2 cvs tree. -29) Add sanity checks to DeletePrinterData[Ex]() and ensure that the - modified printer is written to disk. -30) Force winbindd to periodically update the trusted domain cache. -31) Remove outdated import/export script to convert an smbpasswd file - to and from and LDAP directory. Use the pdbedit tool instead. -32) Ensure that %U substitution is restored on next valid packet - if a logon fails. - - -Changes since 3.0beta3 -###################### - -1) Various memory leak fixes. -2) Provide full support for SMB signing (server and client) -3) Check for broken getgrouplist() in glibc. -4) Don't get stuck in an infinite loop listing directories - recursively if the server returns an empty directory name - (bug 222). -5) Idle LDAP connections after 150 seconds. -6) Patched make uninstallmodules (bug 236). -7) Fix bug that caused smbd to return incomplete directory listings - when UNIX files contained MS wildcard characters. -8) Quiet default debug messages in command line tools. -9) Fixes to avoid panics on invalid multi-byte strings. -10) Fix error messages when creating a new smbpasswd file (bug 198). -11) Implemented better detection routines in autoconf scripts for - locating ads support on the host OS. -12) Fix bug that caused libraries in /usr/local/lib to be ignored - (bug 174). -13) Ensure winbindd_ads uses the correct realm or domain name when - connecting to trusted DC. -14) Ensure a correct prototype is created for snprintf() (bug 187) -15) Stop files being created on read-only shares in some circumstances. -16) Fix wbinfo -p (bug 251) -17) Support schannel on any tcp/ip connection if necessary -18) Correct bug in user_in_list() so that it works with winbind groups - again. -19) Ensure the schannel bind credentials default to the domain - of the destination host. -20) Default password expiration time in account_pol.tdb to never - expire. Remove any existing account_pol.tdb file to reset - the new default policy (bug 184). -21) Add buttons to SWAT to change the view of smb.conf (bug 212) -22) Fix incorrect checks that determine whether or not the 'add user - script' has been set. -23) More cleanup for internal character set conversions. -24) Fixes for multi-byte strings in stat cache code. -25) Ensure that the net command honors the 'workgroup' parameter - in smb.conf when not overridden from the command line. -26) Add gss-spnego support to the ntlm_auth tool. -27) Add vfs_default_quota VFS module. -28) Added server support for NT quota interfaces. -29) Prevent Krb5 replay attacks by adding a replay_cache. -30) Fix problems with winbindd and transitive trusts in AD domains. -31) Added -S to client tools for setting SMB signing options on the - command line. -32) Fix bug causing the 'passwd change program' to be called as the - connected user and not root. -33) Fixed data corruption bug in byte-range locking (e.g. affected MS Excel). -34) Support winbindd on FreeBSD is possible. -35) Look at only the first OID in the security blob sent in the session - setup request to determine the token type. -36) Only push locks onto a blocking lock queue if the posix lock failed with - EACCES or EAGAIN (this means another lock conflicts). Else return an - error and don't queue the request. -37) Fix command line argument processing for smbtar. -38) Correct issue that caused smbd to return generic unix_user. - for lookupsid(). -39) Default to algorithmic mapping when generating a rid for a group - mapping. -40) Expand %g and %G in logon script, profile path, etc... during - a domain logon (bug 208). -41) Make sure smbclient obeys '-s ' -42) Added win2k3 shadow copy operations to VFS interface. -43) Allow connections to samba domain member as SERVER\user (don't - always default to DOMAIN\user). -44) Remove checks in winbindd that caused it to attempt to use - non-transitive trust relationships. -45) Remove delays in winbindd caused by invalid DNS lookups. -46) Fix supplementary group memberships on systems with slightly - broken NSS implementations (bug 267). -47) Correct issue that prevented smbclient from viewing shares on - a win2k server when using a non-anonymous connection (bug 284). -48) Add --domain=DOMAIN_NAME to wbinfo for limiting operations like - 'wbinfo -u' to a single domain. The '.' character represents - our domain. -49) Fix group enumeration bug when using an LDAP directory for - storing group mappings. -50) Default to use NTLMv2 if available. Fallback to not use LM/NTLM - when the extended security capability bit is not set. -51) Fix crash in 'wbinfo -a' when using extended characters in the - username (bug 269). -52) Fix multi-byte strupper() panics (bug 205). -53) Add vfs_readonly VFS module. -54) Make sure to initialize the sambaNextUserRid and sambaNextGroupRid - attributes when using 'idmap backend = ldap' (bug 280). -55) Make sure that users shared between a Samba PDC and member - samba server are seen as domain users and not local users on the - domain member. -56) Fix Query FS Info level 2. -57) Allow enumeration of users and groups by win9x "file server" (bug - 286). -58) Create symlinks during install for modules that support mutliple - functions (bug 91). -59) More iconv detection fixes. -60) Fix path length error in vfs_recycle module (bug 291). -61) Added server support for the LSA_DS UUID on the \lsarpc pipe. - (server DsRoleGetPrimaryDomainInfo() is currently disabled). -62) Fix SMBseek and get/set position calls. -62) Fix SetFileInfo level 1. -63) Added tool to convert smbd log file to a pcap file (log2pcaphex). - - - -Changes since 3.0beta2 -###################### - -1) Added fix for Japanese case names in statcache code; - these can change size on upper casing. -2) Correct issues with iconv detection in configure script - (support needed to find iconv libraries on FreeBSD). -3) Fix bug that caused a WINS server to be marked as dead - incorrectly (bug #190). -4) Removing additional deadlocks conditions that prevented - winbindd from running on a Samba PDC (used for trust - relationships). -5) Add support for searching for Active Directory for - published printers (net ads printer search). -6) Separate UNIX username from DOMAIN\username in pipe - credentials. -7) Auth modules now support returning NT_STATUS_NOT_IMPLEMENTED - for cases that they cannot handle. -8) Flush winbindd connection cache when the machine trust account - password is changed while a connection is open (bug #200). -9) Add support for 'OSVersion' server printer data string - (corrects problem with uploading printer drivers from - WinXP clients). -10) Numerous memory leak fixes. -11) LDAP fixes ("passdb backend = ldapsam" & "idmap backend = ldap"): - - Store domain SID in LDAP directory. - - store idmap information in existing entries (use sambaSID=... - if adding a new entry). -12) Fix incorrect usage of primary group SID when looking up user - groups (bug #109). -13) Remove idmap_XX_to_XX calls from smbd. Move back to the the - winbind_XXX and local_XXX calls used in 2.2. -14) All uid/gid allocation must involve winbindd now (we do not - attempt to map unknown SIDs to a UNIX identify). -15) Add 'winbind trusted domains only' parameter to force a domain - member. The server to use matching users names from /etc/passwd - for its domain (needed for domain member of a Samba domain). -16) Rename 'idmap only' to 'enable rid algorithm' for better clarity - (defaults to "yes"). -17) Add support for multi-byte statcache code (bug #185) -18) Fix open mode race condition. -19) Implement winbindd local account management functions. Refer to - the "Winbind Changes" section for details. -20) Move RID allocation functions into idmap backend. -21) Fix parsing error that prevented publishing printers from a - Samba server in an AD domain. -22) Revive NTLMSSP support for named pipes. -23) More SCHANNEL fixes. -24) Correct SMB signing with NTLMSSP. -25) Fix coherency bug in print handle/printer object caching code - that could cause XP clients to infinitely loop while updating - their local printer cache. -26) Make winbindd use its dual-daemon mode by default (use -Y to - start as a single process). -27) Add support to nmbd and winbindd for 'smbcontrol - reload-config'. -28) Correct problem with smbtar when dealing with files > 8Gb - (bug #102). - - - -Changes since 3.0beta1 -###################### - -1) Rework our smb signing code again, this factors out some of - the common MAC calculation code, and now supports multiple - outstanding packets (bug #40). -2) Enforce 'client plaintext auth', 'client lanman auth' and 'client - ntlmv2 auth'. -3) Correct timestamp problem on 64-bit machines (bug #140). -4) Add extra debugging statements to winbindd for tracking down - failures. -5) Fix bug when aliased 'winbind uid/gid' parameters are used. - ('winbind uid/gid' are now replaced with 'idmap uid/gid'). -6) Added an auth flag that indicates if we should be allowed - to fall back to NTLMSSP for SASL if krb5 fails. -7) Fixed the bug that forced us not to use the winbindd cache when - we have a primary ADS domain and a secondary (trusted) NT4 - domain. -8) Use lp_realm() to find the default realm for 'net ads password'. -9) Removed editreg from standard build until it is portable.. -10) Fix domain membership for servers not running winbindd. -11) Correct race condition in determining the high water mark - in the idmap backend (bug #181). -12) Set the user's primary unix group from usrmgr.exe (partial - fix for bug #45). -13) Show comments when doing 'net group -l' (bug #3). -14) Add trivial extension to 'net' to dump current local idmap - and restore mappings as well. -15) Modify 'net rpc vampire' to add new and existing users to - both the idmap and the SAM. This code needs further testing. -16) Fix crash bug in ADS searches. -17) Build libnss_wins.so as part of nsswitch target (bug #160). -18) Make net rpc vampire return an error if the sam sync RPC - returns an error. -19) Fail to join an NT 4 domain as a BDC if a workstation account - using our name exists. -20) Fix various memory leaks in server and client code -21) Remove the short option to --set-auth-user for wbinfo (-A) to - prevent confusion with the -a option (bug #158). -22) Added new 'map acl inherit' parameter. -23) Removed unused 'privileges' code from group mapping database. -24) Don't segfault on empty passdb backend list (bug #136). -25) Fixed acl sorting algorithm for Windows 2000 clients. -26) Replace universal group cache with netsamlogon_cache - from APPLIANCE_HEAD branch. -27) Fix autoconf detection issues surrounding --with-ads=yes - but no Krb5 header files installed (bug #152). -28) Add LDAP lookup for domain sequence number in case we are - joined using NT4 protocols to a native mode AD domain. -29) Fix backend method selection for trusted NT 4 (or 2k - mixed mode) domains. -30) Fixed bug that caused us to enumerate domain local groups - from native mode AD domains other than our own. -31) Correct group enumeration for viewing in the Windows - security tab (bug #110). -32) Consolidate the DC location code. -33) Moved 'ads server' functionality into 'password server' for - backwards compatibility. -34) Fix winbindd_idmap tdb upgrades from a 2.2 installation. - ( if you installed beta1, be sure to - 'mv idmap.tdb winbindd_idmap.tdb' ). -35) Fix pdb_ldap segfaults, and wrong default values for - ldapsam_compat. -36) Enable negative connection cache for winbindd's ADS backend - functions. -37) Enable address caching for active directory DC's so we don't - have to hit DNS so much. -38) Fix bug in idmap code that caused mapping to randomly be - redefined. -39) Add tdb locking code to prevent race condition when adding a - new mapping to idmap. -40) Fix 'map to guest = bad user' when acting as a PDC supporting - trust relationships. -41) Prevent deadlock issues when running winbindd on a Samba PDC - to handle allocating uids & gids for trusted users and groups -42) added LOCALE patch from Steve Langasek (bug #122). -43) Add the 'guest' passdb backend automatically to the end of - the 'passdb backend' list if 'guest account' has a valid - username. -44) Remove samstrict_dc auth method. Rework 'samstrict' to only - handle our local names (or domain name if we are a PDC). - Move existing permissive 'sam' method to 'sam_ignoredomain' - and make 'samstrict' the new default 'sam' auth method. -45) Match Windows NT4/2k behavior when authenticating a user with - and unknown domain (default to our domain if we are a DC or - domain member; default to our local name if we are a - standalone server). -46) Fix Get_Pwnam() to always fall back to lookup 'user' if the - 'DOMAIN\user' lookup fails. This matches 2.2. behavior. -47) Fix the trustdom_cache code to update the list of trusted - domains when operating as a domain member and not using - winbindd. -48) Remove 'nisplussam' passdb backend since it has suffered for - too long without a maintainer. - - - - ###################################################################### Upgrading from a previous Samba 3.0 beta ########################################