- * Implement LDAP rebind sleep patch.
- * Revert to 2.2 quota code because of so many broken quota files
- out there.
- * Fix XFS quotas: HAVE_XFS_QUOTA -> HAVE_XFS_QUOTAS
- XFS_USER_QUOTA -> USRQUOTA
- XFS_GROUP_QUOTA -> GRPQUOTA
- * Fix disk_free calculation with group quotas.
- * Add debug class 'quota' and a lot of DEBUG()'s
- to the quota code.
- * Fix sys_chown() when no chown() is present.
- * Add SIGABRT to fault handling in order to catch got a
- backtrace if an error occurs the OpenLDAP client libs.
-
-
-o <ndb@theghet.to>
- * Allow an existing LDAP machine account to be re-used when
- joining an AD domain.
-
-
-o James Peach <jpeach@sgi.com>
- * BUG 889: Change smbd to use pread/pwrite on platforms that
- support these calls. Can lead to a significant speed increase.
-
-
-o Tim Potter <tpot@samba.org>
- * BUG 905: Remove POBAD_CC to fix Solaris Forte compiles.
- * BUG 924: Fix typo in RW2 torture test.
-
-
-o Richard Sharpe <shape@samba.org>
- * Small fixes to torture.c to cleanup the error handling
- and prevent crashes.
-
-
-o J. Tournier <jerome.tournier@IDEALX.com>
- * Small fixes for the smbldap-tool scripts.
-
-
-o Andrew Tridgell <tridge@samba.org>
- * Fix src len check in pull_usc2().
-
-
-o Jelmer Vernooij <jelmer@samba.org>
- * Put functions for generating SQL queries in pdb_sql.c
- * Add pgSQL backend (based on patch by Hamish Friedlander)
- * BUG 908: Fix -s option to smbcontrol.
- * Add smbget utility - a wget-clone for the SMB/CIFS protocol.
- * Fix for libnss_wins on IRIX platforms.
- * Fix swatdir for --with-fhs.
-
-
- --------------------------------------------------
-
- =============================
- Release Notes for Samba 3.0.1
- December 15, 2003
- =============================
-
-Some of the more common bugs in 3.0.0 addressed in the release
-include:
-
- o Substitution problems with smb.conf variables.
- o Errors in return codes which caused some applications
- to fail to open files.
- o General Protection Faults on Windows 2000/XP clients
- using Samba point-n-print features.
- o Several miscellaneous crash bugs.
- o Access problems when enumerating group mappings are
- stored in an LDAP Directory.
- o Several common SWAT bugs when writing changes to
- smb.conf.
- o Internal inconsistencies when 'winbind use default
- domain = yes'
-
-
-
-Changes since 3.0.0
-----------------------
-
- Parameter Name Action
- -------------- ------
- hide local users Removed
- mangled map Deprecated
- mangled stack Removed
- passwd chat timeout New
-
-
-commits
--------
-
-o Change the interface for init_unistr2 to not take a length
- but a flags field. We were assuming that
- 2*strlen(mb_string) == length of ucs2-le string. (bug 480).
-o Allow d_printf() to handle strings with escaped quotation
- marks since the msg file includes the escape character (bug 489).
-o Fix bad html table row termination in SWAT wizard code (bug 413).
-o Fix to parse the level-2 strings.
-o Fix for "valid users = %S" in [homes]. Fix read/write
- list as well.
-o Change AC_CHECK_LIB_EXT to prepend libraries instead of append.
- This is the same way AC_CHECK_LIB works (bug 508).
-o Testparm output fixes for clarity.
-o Fix broken wins hook functionality -- i18n bug (bug 528).
-o Take care of condition where DOS and NT error codes must differ.
-o Default to using only built-in charsets when a working iconv
- implementation cannot be located.
-o Wrap internals of sys_setgroups() so the sys_XX() call can
- be done unconditionally (bug 550).
-o Remove duplicate smbspool link on SWAT's front page (bug 541).
-o Save and restore CFLAGS before/after AC_PROG_CC. Ensures that
- --enable-debug=[yes|no] works correctly.
-o Allow ^C to interrupt smbpasswd if using our getpass
- (e.g. smbpasswd command).
-o Support signing only on RPC's (bug 167).
-o Correct bug that prevented Excel 2000 clients from opening
- files marked as read-only.
-o Portability fix bugs 546 - 549).
-o Explicitly initialize the value of AR for vendor makes that don't
- do this (e.g. HPUX 11). (bug 552).
-o More i18n fixes for SWAT (bug 413).
-o Change the cwd before the postexec script to ensure that a
- umount will succeed.
-o Correct double free that caused winbindd to crash when a DC
- is rebooted (bug 437).
-o Fix incorrect mode sum (bug 562).
-o Canonicalize SMB_INFO_ALLOCATION in the same was as
- SMB_FS_FULL_SIZE_INFORMATION (bug 564).
-o Add script to generate *msg files.
-o Add Dutch SWAT translation file.
-o Make sure to call get_user_groups() with the full winbindd
- name for a user if he/she has one (bug 406).
-o Fix up error code returns from Samba4 tester. Ensure invalid
- paths are validated the same way.
-o Allow Samba3 to pass the Samba4 RAW-READ tests.
-o Refuse to configure if --with-expsam=$BACKEND was used but no
- libraries were found for $BACKEND.
-o Move sysquotas autoconf tests to a separate file.
-o Match W2K w.r.t. writelock and writeclose. Samba4 torture
- tester
-o Make sure that the files that contain the static_init_$subsystem;
- macro get recompiled after configure by removing the object
- files.
-o Ensure canceling a blocking lock returns the correct error
- message.
-o Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value.
-o Updated Japanese welcome file in SWAT.
-o Fix to nt-time <-> unix-time functions reversible.
-o Ensure that winbindd uses the the escaped DN when querying
- an AD ldap server.
-o Fix portability issues when compiling (bug 505, 550)
-o Compile fix for tdbbackup when Samba needs to override
- non-C99 compliant implementations of snprintf().
-o Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574).
-o Make sure we break out of samsync loop on error.
-o Ensure error code path doesn't free unmalloc()'d memory
- (bug 628).
-o Add configure test for krb5_keytab_entry keyblock vs key
- member (bug 636).
-o Fixed spinlocks.
-o Modified testparm so that all output so all debug output goes
- to stderr, and all file processing goes to stdout.
-o Fix error return code for BUFFER_TOO_SMALL in smbcacls
- and smbcquotas.
-o Fix "NULL dest in safe_strcpy()" log message by ensuring that
- we have a devmode before copying a string to the devicename.
-o Support mapping REALM.COM\user to a local user account (without
- running winbindd) for compatibility with 2.2.x release.
-o Ensure we don't use mmap() on blacklisted systems.
-o fixed a number of bugs and memory leaks in the AIX
- winbindd shim
-o Call initgroups() in SWAT before becomming the user so that
- secondary group permissions can be used when writing to
- smb.conf.
-o Fix signing problems when reverse connecting back to a
- client for printer notify
-o Fix signing problems caused by a miss-sequence bug.
-o Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata.
- Fixes NEXUS tools running on Win9x clients (bug 64).
-o Don't leave the domain field uninitialized in cli_lsa.c if some
- SID could not be mapped.
-o Fix segfault in mount.cifs helper when there is no options
- specified during mount.
-o Change the \n after the password prompt to go to tty instead
- of stdout (bug 668).
-o Stop net -P from prompting for machine account password (bug 451).
-o Change in behavior to Not only change the effective uid but also
- the real uid when becoming unprivileged.
-o Cope with Exchange 5.5 cleartext pop password auth.
-o New files for support of initshutdown pipe. Win2k doesn't
- respond properly to all requests on the winreg pipe, so we need
- to handle this new pipe (bug 534).
-o Added more va_copy() checks in configure.in.
-o Include fixes for libsmbclient build problems.
-o Missing UNIX -> DOS codepage conversion in lanman.c.
-o Allow DFMS-S filenames can now have arbitrary case (bug 667).
-o Parameterize the listen backlog in smbd and make it larger by
- default. A backlog of 5 is way too small these days.
-o Check for an invalid fid before dereferencing the fsp pointer
- (bug 696).
-o Remove invalid memory frees and return codes in pdb_ldap.c.
-o Prompt for password when invoking --set-auth-user and no
- password is given.
-o Bind the nmbd sending socket to the 'socket address'.
-o Re-order link command for smbd, rpcclient and smbpasswd to ensure
- $LDFLAGS occurs before any library specification (bug 661).
-o Fix large number of printf() calls for 64-bit size_t.
-o Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the
- keyblock in the krb5 structs.
-o Remove #include <compat.h> in hopes to avoid problems with
- apache header files.
-o Correct winbindd build problems on HP-UX 11.
-o Lowercase netgroups lookups (bug 703).
-o Use the actual size of the buffer in strftime instead of a made
- up value which just happens to be less than sizeof(fstring).
- (bug 713).
-o Add ldaplibs to pdbedit link line (bug 651).
-o Fix crash bug in smbclient completion (bug 659).
-o Fix packet length for browse list reply (bug 771).
-o Fix coredump in cli_get_backup_list().
-o Make sure that we expand %N (bug 612).
-o Allow rpcclient adddriver command to specify printer driver
- version (bug 514).
-o Compile tdbdump by default.
-o Apply patches to fix iconv detection for FreeBSD.
-o Do not allow the 'guest account' to be added to a passdb backend
- using smbpasswd or pdbedit (bug 624).
-o Save LDFLAGS during iconv detection (bug 57).
-o Run krb5 logins through the username map if the winbindd
- lookup fails (bug 698).
-o Add const for lp_set_name_resolve_order() to avoid compiler
- warnings (bug 471).
-o Add support for the %i macro in smb.conf to stand in for the for
- the local IP address to which a client connected.
-o Allow winbindd to match local accounts to domain SID when
- 'winbind trusted domains only = yes' (bug 680).
-o Remove code in idmap_ldap that searches the user suffix and group
- suffix. It's not needed and provides inconsistent functionality
- from the tdb backend.
-o Patch to handle munged dial string for Windows 2000 TSE.
- Thanks to Gaz de France, Direction de la Recherche, Service
- Informatique Métier for their supporting this work by Aurelien
- Degrémont <adegremont@idealx.com>.
-o Correct the "smbldap_open: cannot access when not root error"
- messages when looking up group information (bug 281).
-o Skip over the winbind separator when looking up a user.
- This fixes the bug that prevented local users from
- matching an AD user when not running winbindd (bug 698).
-o Fix a problem with configure on *BSD systems. Make sure
- we add -liconv etc to LDFLAGS.
-o Fix core dump bug when "security = server" and the authentication
- server goes away.
-o Correct crash bug due to an empty munged dial string.
-o Show files locked by a specific user (smbstatus -u 'user')
- (bug 590).
-o Fix bug preventing print jobs from display in the queue
- monitor used by Windows NT and later clients (bug 660).
-o Fix several reported problems with point-n-print from
- Windows 2000/XP clients due to a bug in the EnumPrinterDataEx()
- reply (bug 338, 527 & 643).
-o Fix a handful of potential memory leaks in the LDAP code used
- by ldapsam[_compat] and the LDAP idmap backend.
-o Fix for pdbedit error code returns (bug 763).
-o Make sure we only enumerate group mapping entries (not
- /etc/group) even when doing local aliases.
-o Relax check on the pipe name in a dce/rpc bind response to work
- around issues with establishing trusts to a Windows 2003 domain.
-o Ensure we mangle names ending in '.' in hash2 mangling method.
-o Correct parsing issues with munged dial string.
-o Fix bugs in quota support for XFS.
-o Add a cleaner method for applications that need to provide
- name->SID mappings to do this via NSS rather than having to
- know the winbindd pipe protocol.
-o Adds a variant of the winbindd_getgroups() call called
- winbindd_getusersids() that provides direct SID->SIDs listing of
- a users supplementary groups. This is enough to allow non-Samba
- applications to do ACL checking.
-o Make sure we don't append the 'ldap suffix' when writing out the
- 'ldap XXX suffix' values in SWAT (bug 328).
-o Fix renames across file systems.
-o Ensure that items in a list of strings containing whitespace are
- written out surrounded by single quotes. This means that both
- double and single quotes are now used to surround strings in
- smb.conf (bug 481).
-o Enable SWAT to correctly determine if winbindd is running (bug
- 398).
-o Include WWW-Authenticate field in 401 response for bad auth
- attempt (bug 629).
-o Add support for NTLM2 (NTLMv2 session security).
-o Add support for variable-length session keys.
-o More privilege fixes for group enumeration in LDAP (bug 281).
-o Use the dns name (or IP) as the originating client name when
- using CUPS (bug 467).
-o Fix various SMB signing bugs.
-o Fix ACL propagation on a DFS root (bug 263).
-o Disable NTLM2 for RPC pipes.
-o Allow the client to specify the NTLM2 flags got NTLMSSP
- authentication.
-o Change the name of the job passed off to cups from "Test Page"
- to "smbprn.00000033 Test Page" so that we can get the smb
- jobid back. This allow users to delete jobs with cups printing
- backend (partial work on bug 770).
-o Fix build of winbindd with static pdb modules.
-o Retrieve the correct ACL group bits if the file has an ACL
- (bug 802).
-o Implement "net rpc group members": Get members of a domain group
- in human-readable format.
-o Add MacOSX (Darwin) specific charset module code.
-o Use samr_dispinfo(level == 1) for enumerating domain users so we
- can include the full name in gecos field (bug 587).
-o Add support for winbind's NSS library on FeeeBSD 5.1 (bug 797).
-o Implement 'net rpc group list [global|local|builtin]*' for a
- select listing of the respective user databases.
-o Don't automatically set NT status code flag unless client tells
- us it can cope.
-o Add 'net status [sessions|shares] [parseable]'.
-o Don't mistake pre-existing UNIX jobs for smb jobs (remainder of
- bug 770).
-o Add 'Replicator' and 'RAS Servers' to list of builtin SIDs
- (bug 608).
-o Fix inverted logic in hosts allow/deny checks caused by
- s/strcmp/strequal/ (bug 846).
-o Implement correct version SamrRemoveSidForeignDomain() (bug 252).
-o Fix typo in 'hash' mangling algorithm.
-o Support munged dial for ldapsam (bug 800).
-o Fix process_incoming_data() to return the number of bytes handled
- this call whether we have a complete PDU or not; fixes bug
- with multiple PDU request rpc's broken over SMBwriteX calls
- each.
-o Fix incorrect smb flags2 for connections to pre-NT servers
- (causes smbclient to fail to OS2 for example) (bug 821).
-o Update version string in smbldap-tools Makefile to 0.8.2.
-o Correct a problem with "net rpc vampire" mis-parsing the
- alias member info reply.
-o Ensure the ${libdir} is created by the installclientlib script.
-o Fix detection of Windows 2003 client architecture in the smb.conf
- %a variable.
-o Ensure that smbd calls the add user script for a missing UNIX
- user on kerberos auth call (bug 445).
-o Fix bugs in hosts allow/deny when using a mismatched
- network/netmask pair.
-o Protect alloc_sub_basic() from crashing when the source string
- is NULL (partial work on bug 687).
-o Fix spinlocks on IRIX.
-o Corrected some bad destination paths when running "configure
- --with-fhs".
-o Add packaging files for Fedora Core 1.
-o Correct bug in SWAT install script for non-english languages.
-o Support character set ISO-8859-1 internally (bug 558).
-o Fixed more LDAP access errors when looking up group mappings
- (bug 281).
-o Fix UNISTR2 length bug in LsaQueryInfo(3) that caused SID
- resolution to fail on local files on on domain members
- (bug 875).
-o Fix uninitialized variable in passdb.c.
-o Fix formal parameter type in get_static() in nsswitch/wins.c.
-o Fix problem mounting directories when mount.cifs is installed
- with the setuid bit on.
-o Fix bug that prevent --mandir from overriding the defaults
- given in the --with-fhs macro.
-o Fix bug in in-memory Kerberos keytab detection routines
- in configure.in
-
-
-
-######################################################################
-
- The original 3.0.0 release notes follow
- =======================================
- WHATS NEW IN Samba 3.0.0
- September 24, 2003
- =======================================
-
-
-Major new features:
--------------------
-
-1) Active Directory support. Samba 3.0 is now able to
- join a ADS realm as a member server and authenticate
- users using LDAP/Kerberos.
-
-2) Unicode support. Samba will now negotiate UNICODE on the wire
- and internally there is now a much better infrastructure for
- multi-byte and UNICODE character sets.
-
-3) New authentication system. The internal authentication system
- has been almost completely rewritten. Most of the changes are
- internal, but the new auth system is also very configurable.
-
-4) New default filename mangling system.
-
-5) A new "net" command has been added. It is somewhat similar to
- the "net" command in windows. Eventually we plan to replace
- numerous other utilities (such as smbpasswd) with subcommands
- in "net".
-
-6) Samba now negotiates NT-style status32 codes on the wire. This
- improves error handling a lot.
-
-7) Better Windows 2000/XP/2003 printing support including publishing
- printer attributes in active directory.
-
-8) New loadable module support for passdb backends and character
- sets.