From 851e6d6b23548cb1b90338dc8f723f9ea586fc80 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 16 Feb 2009 11:30:30 +0100 Subject: s3-WHATSNEW: Start WHATSNEW for 3.3.1. Karolin (cherry picked from commit 311abc32da851894edff3324acbe58213c131729) --- WHATSNEW.txt | 753 ++++++----------------------------------------------------- 1 file changed, 75 insertions(+), 678 deletions(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index bce7fb7bc01..24211f513ae 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,202 +1,16 @@ ============================= - Release Notes for Samba 3.3.0 - January, 27 2009 + Release Notes for Samba 3.3.1 + February, 24 2009 ============================= -This is the first stable release of Samba 3.3.0. +This is the latest bugfix release release of the Samba 3.3 series. -Major enhancements in Samba 3.3.0 include: +Major enhancements in Samba 3.3.1 include: - General changes: - o The passdb tdbsam version has been raised. - - Configuration/installation: - o Splitting of library directory into library directory and separate - modules directory. - o The default value of "ldap ssl" has been changed to "start tls". - - File Serving: - o Extended Cluster support. - o New experimental VFS modules "vfs_acl_xattr" and "vfs_acl_tdb" - to store NTFS ACLs on Samba file servers. - - Winbind: - o Simplified idmap configuration. - o New idmap backends "adex" and "hash". - o Added new parameter "winbind reconnect delay". - o Added support for user and group aliasing. - o Added support for multiple domains to idmap_ad. - - Administrative tools: - o The destination "all" of smbcontrol does now affect all running - daemons including nmbd and winbindd. - o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands. - o The 'net' utility can now use kerberos for joining and authentication. - o The 'wbinfo' utility can now add, modify and remove identity mapping entries. - - Libraries: - o NetApi library implements various new calls for User- and Group - Account Management. - o libsmbclient does now determine case sensitivity based on file system - attributes. - - -General changes -=============== - -The passdb tdbsam version has been raised as among other things the RID counter -has been moved from the winbindd_idmap.tdb to the passdb.tdb file to make -"passdb backend = tdbsam" working in clustered environments. - -Please note that an updated passdb.tdb file is _not_ compatible with Samba -versions before 3.3.0! Please backup your passdb.tdb file if -you use "passdb backend = tdbsam". That can be achieved by running - -'tdbbackup /etc/samba/passdb.tdb' - -before the update. - - -Configure changes -================= - -The configure option "--with-libdir" has been removed. The library -directory can still be specified by using the existing "--libdir" option. -A new option "--with-modulesdir" has been added to allow the specification -of a separate directory for the shared modules. - - -Configuration changes -===================== - -The default value of "ldap ssl" has been changed to "start tls". This means, -Samba will use the LDAPv3 StartTLS extended operation (RFC2830) for -communicating with directory servers by default. If your directory servers -do not support this extended operation, you will have to set -"ldap ssl = no". Otherwise, Samba could not contact the directory servers -anymore! - - -Winbind idmap backend changes -============================= - -The idmap configuration has changed with version 3.3 to something that -allows a smoother upgrade path from pre-3.0.25 configurations that use -"idmap backend". The reason for this change is that to many, also to Samba -developers, the 3.0.25 style configuration with "idmap config" turned out -to be very complex. Version 3.3 no longer deprecates the "idmap backend" -parameter, instead with "idmap backend" the default idmap backend is -specified. - -Accordingly, the "idmap config : default = yes" setting is no -longer being looked at. - -The alloc backend defaults to the default backend, which should be able to -allocate IDs. In the default distribution the tdb and ldap backends can -allocate, the ad and rid backends can not. The idmap alloc range is now -being set with the "old" parameters "idmap uid" and "idmap gid". - -The "idmap domains" parameter has been removed. - - -winbind reconnect delay -======================= - -This is a new parameter which specifies the number of seconds the Winbind -daemon will wait between attempts to contact a Domain controller for a domain -that is determined to be down or not contactable. - - -Winbind's Name Aliasing -======================= - -Name aliasing in Winbind is a feature that allows an administrator to -map a fully qualified user or group name from a Windows domain to a -convenient short name for Unix access. This is similar to the username -map functionality supported by smbd but is primary intended for -clients and servers making use of Winbind's PAM and NSS libraries. - -For example, the user "DOMAIN\fred" has been mapped to the Unix name -"freddie". - - $ getent passwd "DOMAIN\fred" - freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash - - $ getent passwd freddie - freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash - -The name aliasing support is provided by individual nss_info plugins. -For example, the new "adex" plugin reads the uid attribute from Active -Directory to make a short login name to the fully qualified name. -While the new "hash" module utilizes a local file to map "short_name -= QUALIFIED\name". Both user and group name mapping is supported. -Please refer to the "winbind nss info" option in smb.conf(5) and -to individual plugin man pages for further details. - - -idmap_hash -========== - -The idmap_hash plugin provides similar support as the idmap_rid -module. However, uids and gids are generated from the full domain -SID using a hashing algorithm that maps the lower 19 bits from the user -or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from -the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit -uid or gid that is consistent across machines and provides support for -trusted domains. - -Please refer to the idmap_hash(8) man page for more details. - - -idmap_adex -========== - -The adex idmap/nss_info plugin is an adaptation of the Likewise -Enterprise plugin with support for OU based cells removed -(since the Windows pieces to manage the cells are not available). - -This plugin supports - - * The RFC2307 schema for users and groups. - * Connections to trusted domains - * Global catalog searches - * Cross forest trusts - * User and group aliases - -Prerequisite: Add the following attributes to the Partial Attribute -Set in global catalog: - - * uidNumber - * uid - * gidNumber - -A basic config using the current trunk code would look like: - -[global] - idmap backend = adex - idmap uid = 10000 - 29999 - idmap gid = 10000 - 29999 - winbind nss info = adex - - winbind normalize names = yes - winbind refresh tickets = yes - template homedir = /home/%D/%U - template shell = /bin/bash - -Please refer to the idmap_adex(8) man page for more details. - - -Libraries -========= - -libsmbclient will now treat file names case-sensitive by default if the filesystem -we are connecting to supports case sensitivity. This change of behavior is -considered a bug fix, as it was previously possible to accidentally overwrite a -file that had the same case-insensitive name but a different case-sensitive name -as a previously-existing file, while creating a new file. - -If it is not possible to detect if the filesystem supports case sensitivity, -the user-specified option value will be used. + * Fix net ads join when "ldap ssl = start tls" (bug #6073). + * Fix renaming/deleting of files using Windows clients (bug #6082). + * Fix renaming/deleting a "not matching/resolving" symlink (bug #6090). + * Fix remotely adding a share via the Windows MMC. ###################################################################### @@ -208,538 +22,121 @@ smb.conf changes Parameter Name Description Default -------------- ----------- ------- - cups connection timeout New 30 - idmap alloc config : range Removed - idmap domains Removed - init logon delayed hosts New "" - init logon delay New 100 - ldap ssl Changed Default start tls - share modes Deprecated - winbind reconnect delay New 30 - - -Changes since 3.3.0rc2: ------------------------ - - -o Jeremy Allison - * BUG 4308: Fix corrupting of file ACLs during Excel save operations. - * BUG 5979: Fix level 2 oplocks being granted improperly. - * BUG 5980: Race condition when granting level2 oplocks can cause break - notify to be missed. - * BUG 5986: Editing a stream is broken (rename problems). - * BUG 5990: Strict allocate should be checked before ftruncate. - * BUG 6009: Setting "min receivefile size = 1" breaks writes. - * BUG 6016: Alternate Data Streams / Extended Attributes seem to conflict. - * BUG 6017: Fix magic scripts. - * BUG 6019: Fix file corruption in Clustered SMB/NFS environment managed via - CTDB. - * BUG 6021: smbclient du command does not recuse properly. - * BUG 6024: Deprecate the "share modes" parameter. - * BUG 6030: Add missing header in Status page. - * BUG 6035: Fix possible race between fcntl F_SETLKW and alarm delivery. - * BUG 6040: Calling Samba print server with an aliased DNS-name fails. - * Fix gcc 4.3.2 warnings. - * Fix more asprintf errors and error code paths. - * Attempt to fix crash seen with new CUPS async printcap loading code. - * Add winbindd_reinit_after_fork(), cleaning out all possible events - in a forked child. - * Make winbindd_cm.c use winbindd_reinit_after_fork(). - * Fix race condition in alarm lock processing. - * Fixes crash bug in SWAT. - - -o Michael Adam - * Fix build of pam_winbind.so on older Linux systems. - * Packaging RHEL-CTDB: Fix build of [u]mount.cifs. - * Prevent access to root filesystem when connecting with empty service name. - * Fix distclean target and add realdistclean target in the docs build. - * Add manpage for idmap_tdb2. - * Clarify idmap manpages. - - -o Kai Blin - * BUG 5953: Fix smbclient crashes. - - -o Gerald (Jerry) Carter - * Fix "allow trusted domain" so it disables trusted domains. - * Return immediately on a failed GC connection in ads_connect. - - -o SATOH Fumiyasu - * Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit. - * Fix SIGBUS on non-x86 CPUs in libsmbclient. - * Fix a compile-time warning. - - -o Holger Hetterich - * Add a simple tdb integrity check to tdbtool. - - -o Björn Jacke - * Correct the description of the "ldap timeout" parameter. - - -o Volker Lendecke - * BUG 5913: Fix build error with at least GCC 4.2.2. - * BUG 5933: Fix incrementing/decrementing of num_validated_vuids. - * BUG 5953: Make cli_send_smb_direct_writeX use writev. - * BUG 5965: Fix creation of the first share using SWAT. - * BUG 5969: Optimize smbclient put command. - * BUG 6012: Add "get_real_filename" to full_audit. - * BUG 6014: Fix segfault when calling mget without arguments. - * Fix a spinning smbd when printing. - * Fix a memory leak in cups_pull_comment_location. - * Fix a valgrind error. - * Fix a "ignoring function call result" warning. - * Fix some C++ warnings. - * Fix an ancient uninitialized variable read. - * Fix a bad memleak in vfs_full_audit. - - -o Derrell Lipman - * BUG 6022: Make smbc_urlencode and smbc_urldecode in libsmbclient. - * Determine case sensitivity based on file system attributes. - - -o Stefan Metzmacher - * net_status: Use dbwrap to open sessionid.tdb. - * Fix dbwrap_store_uint32() to match dbwrap_store_int32(). - * Make marshalling struct samu from and to a buffer more generic. - * Store the next rid counter in passdb.tdb instead of winbind_idmap.tdb. - * Register the client connection via CTDB_CONTROL_TCP_ADD. - * Don't need to call messaging_reinit() twice. - * Raise TDBSAM_VERSION. - * Add manpage for vfs_fileid. - * Rename 'fd_event' to 'winbindd_fd_event' to avoid confusion. - * Recreate the per domain check_online_event without relying on global - state. - * Handle the smb signing states the same in the krb5 and ntlmssp cases. - * Re-add 'fileid:algorithm' option to vfs_fileid. - * Fix CTDB IPv6 support in cluster setups. - * Reinit_after_fork() should reinit the event context before the - messaging context. - * Fix PCAP support in socket_wrapper. - - -o Lars Müller - * Tweak with pam defines of older Linux versions. - - -o Tim Prouty - * Fix stream marshalling to return the correct streaminfo status. - * Allow renames of streams via NTRENAME and fix stream error codes on - rename. - * Remove a few unnecessary checks from the streams xattr module. - * Remove a few unnecessary checks from the streams depot module and fix to - work with NTRENAME. - - -o Andreas Schneider - * Fix a segfault if ? is there but the options are NULL. - * Avoid flooding of syslog with failing pam_putenv messages. - - -o Karolin Seeger - * BUG 6000: Avoid bashism in perfcount.init. - * Change default value of "ldap ssl" to "start tls". - * Update version number in the manpages. - * Fix several small issues and typos in the manpages. - * Check if Unix account exists before asking for the password in smbpasswd. - - -o Todd Stecher - * Fix memory leaks and other fixes found by Coverity. - - -o Bo Yang - * Clean event context after child is forked. - * Fix broken krb5 refresh chain. - * Set entry->refresh_time to make ccache_regain_all_now() work correctly. - * Refresh sequence number as soon as possible. - * Don't set child->requests to NULL in parent after fork. - * Don't send message to any other child in child process. - * Fix bug in get_dc_name_via_netlogon(), null pointer reference. - + ldap ssl ads New No -"Changes since" sections of 3.3 previews and release candidates follow: -======================================================================= +Changes since 3.3.0: +-------------------- -Changes since 3.3.0rc1: ------------------------- o Jeremy Allison - * BUG 1254: Fix "write list" in setups using "security = share". - * BUG 5937: Fix filenames with "*" char hiding other files. - * BUG 5953: Fix segfaults in smbclient. - * Fix usrmgr opening a user object as non-root. + * BUG 6082: Fix renaming/deleting of files using Windows clients. + * BUG 6069: Fix build with too many arguments. + * BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink. + * BUG 6099: Try to fix domain join of Win7 Beta. + * Fix Coverity IDs 115, 116, 117. + * Fix warning (bad handler prototype). + * Unify the detection of the timespec code in configure.in, and the + application of it in time.c. + * Correctly use chroot(). + * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered" + read from the rpc packet in spoolss is under that size. o Michael Adam - * BUG 3661: Add support for trusted domains to idmap_ad. - * Fix default backend handling for ad backends. - * Fix potential segfault in vfs_tsmsm. - * Fix several RHEL CTDB packaging issues. + * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. + * BUG 6073: Prevent ads_connect() from using SSL unless explicitly + requested. + * Fix 'getent passwd' to allocate new uids. + * Fix 'getent group' to allocate new gids. + * Remove check for sharename being a username in 'net conf + addshare'. o Guenther Deschner - * BUG 5957: Do not abort rename process on valid rename script. - * Fix various potential memleaks in samr_SetUserInfo. - * Fix access bits in netapi. - - -o Steve French - * BUG 5934: Use USER environment in mount.cifs when no user is specified. - * variable - - -o SATOH Fumiyasu - * BUG 5688: LPQ process is orphaned if socket address parameter is invalid. - * Vars for signals must be volatile sig_atomic_t. - - -o Henning Henkel - * BUG 5929: Fix build of vfs_prealloc with option --with-cluster-support and - GPFS. - - -o Tomasz Krasuski - * BUG 5928: Fix 'testparm --version'. - - -o Jeff Layton - * Allow mounts to ipv6 capable servers in mount.cifs. - - -o Volker Lendecke - * Fix crash bug when freeing a non-malloc'ed buffer if the client sends a - non-encrypted packet with the crypto state set. - * Fix error code when smbclient puts a file over an existing directory. - * Pass the get_real_filename operation through the VFS. - - -o Stefan Metzmacher - * BUG 5749: Re-set acctflags while joining. - * Fix several issues concerning Alternate Data Streams. - * Fix valgrind bug lp_parm_const_string(). - * Fix setting of trust passwords using 'net rpc trustdom add'. - * Correctly detect if the current dc is the closest one. - - -o Tim Prouty - * Fix a delete on close divergence from windows. - - -o Dan Sledz - * Fix logging to syslog. - - -o Yasuma Takeda - * BUG 5944: Fix starting of nmbd with "socket address" set to "". - + * Remove unused ENUM_HND from 'net'. + * Fix getform command asprintf return code in rpcclient. + * Fix memleak in get_remote_printer_publishing_data(). -o Bo Yang - * Fix script installmo.sh when no .po file exists. - ----------------------------------------------------- - -Changes since 3.3.0pre2: ------------------------- - -o Michael Adam - * Fix eventlog crash. - * Make keytab filename argument mandatory to "net rpc vampire keytab". - * Add domain prefix to username in lookup_groupmem(). - * Honour "winbind use default domain" in lookup_groupmem(). - * Sanely handle NULL domain in add_member(). - * Don't list the domain twice when expanding internal aliases. - * Prevent negative GM/ cache entries due to broken connections. - * Use the reconnect methods instead of the rpc methods directly. - - -o Jeremy Allison - * BUG 5080: Fix access to cups-printers with cups 1.3.4. - * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain". - * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance. - * BUG 5825: Fix account locking with an LDAP backend. - * BUG 5826: Fix truncated filenames when accessing old servers. - * BUG 5873: Fix ACL inheritance. - * BUG 5889: Fix "delete veto files = no". - * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog - list". - * BUG 5900: Fix vfs_readonly. - * BUG 5903: Fix breaking of file contents in vfs_streams_xattr. - * BUG 5904: Fix SIGABRT while servicing getaddrinfo() request caused by - libnss_wins. - * BUG 5914: Fix redefinition of struct name_list. - * Correctly fix smbclient to terminate on eof from server. - * Fix client timeout when searching for a large number of cups printers. - * Unify access checks for lsa server functions. - * Remove the requirement for ldap call made as root. - * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles. - * Fix net rpc vampire, based on an *amazing* piece of debugging work by - "Cooper S. Blake" . - * Fix memory leak in error path, spotted by Martin Zielinski . - * Add vfs_acl_tdb.c module to do ACLs completely in userspace. - * Use fxattr calls whenever possible (trying to work around the strange - Linux kernel oplock bug). - - -o Kai Blin - * BUG 5892: Fix net rap printq info documentation. - * Add placeholder functions to libwbclient. - - -o Gerald (Jerry) Carter - * Use the same prerequisite for DDNS update as Windows XP. - * Make "lwinet ads dns register" honor the "interfaces" parameter. - - -o Steven Danneman - * Add options to manage identity mapping entries to wbinfo and Winbind. - * Fix to allow setting of NULL DACL/SACL. +o Holger Hetterich + * Enable total anonymization in vfs_smb_traffic_analyzer. -o Guenther Deschner - * BUG 5888: Fix remote rpc service management. - * Ensure consistency when reporting password complexity. - * Fix _lsa_GetUserName. - * Fix access check in _samr_QuerySecurity(). - * _samr_DeleteUser needs to wipe out the user_handle on success. - * NetGroupEnum_r needs to handle servers with no groups. - * Fix numerous netapi issues. - * Add support for partial and delta netlogon replication in - "net rpc vampire". - * Add automatic machine password update in Winbind for member servers. - * Add German internalization for pam_winbind. - * Add Winbind krb5 locator plugin manpage. - * Add new wbclient wbcLookupDomainControllerEx call. - * Use autogenerated DCE/RPC routines for one more call on SVCCTL - named pipe. - * Use autogenerated NBT routines from Samba4 for Mailslot/CLDAP - parsing. - * Fix Winbind password change code for Windows 2000 DCs. - * Fix PNP_HwProfInfo NDR parsing. - * Add wbclient wbcLogonUser and wbcLogoffUserEx functions. - * Add automatic home directory creation for pam_winbind. - - -o Mathias Dietz - * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so. - - -o Dina Fine - * BUG 5908: Fix internal change notify on share directories. - - -o Nils Goroll - * BUG 5135: Prevent calling POSIX ACL vfs methods on zfs share. - * BUG 5446: Prevent calling POSIX ACL vfs methods on zfs share. +o Bjoern Jacke + * Fix build with external dns_sd libraries. + * Fix configure check "sub-second timestamps without struct timespec". + * Add configure check for AIX style sub-second resolution support. + * Add configure check for Tru64 sub-second timestamp resolution. + * Add Tru64 sub-second resolution timestamp support. + * Enable IPv6 support for NetBSD and FreeBSD. -o Jeff Layton - * Have uppercase_string return success on NULL pointer in mount.cifs. - * Make mount.cifs return codes match the return codes for /bin/mount. +o Guenter Kukkukk + * Don't try and delete a default ACL from a file. o Volker Lendecke - * BUG 5691: Fig smbd panic on Solaris. - * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights". - * BUG 5860: safe_strcpy gives a nasty error message for overlong strings. - * Fix the offset checks in the trans routines (CVE-2008-4314). - * Fix a potential NULL deref in found by the IBM Checker. - * Fix an uninitialized variable found by the IBM Checker. - * Fix an unlikely memleak found by the IBM Checker. - * Fix some missing error handlings. - * Add workaround for domain joins using a netbios name which is different - from the hostname. - * Fix a valgrind error in idmap_ad_sids_to_unixids(). - * Make memcache_add_talloc NULL out the source pointer. - * Fix memleak in memcache_add_talloc found by Martin Zielinski . - * Fix memleak in calculate_next_machine_pwd_change. + * BUG 5798: CFLAGS info lost in configure. + * Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880. + * Fix remotely adding a share via the Windows MMC. + * Avoid valgrind errors. + * Fix 'net rpc join' for users with the SeMachineAccountPrivilege. + * Fix resume handle for _samr_EnumDomainGroups. o Jeff Layton - * mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog. + * Initialize rc to 0 in main in mount.cifs. o Derrell Lipman - * BUG 5805: Don't close stdout when calling setup_logging multiple times. + * BUG 6069: Add a fstatvfs function for libsmbclient. + * Eliminate compiler warnings. o Stefan Metzmacher - * Return an error instead of crashing when no realm is given. - + * Make Samba work with older ctdb versions. + * Add S-1-22-X-Y sids to the local token. -o TAKAHASHI Motonobu - * 5901: Fix default value for streams_depot location. +o Lars Mueller + * Conditional install of the cifs.upcall man page. + * Adjust regex to match variable names including underscores. -o Tim Prouty - * Fix several build warnings. +o Shirish Pargaonkar + * BUG 4370: Clean-up entries in /etc/mtab after unmount. + * Add fakemount (-f) and nomtab (-n) flags to mount.cifs. -o Andreas Schneider - * Delete the krb5 ccname variable from the PAM environment if set. - * Add a function out of pam_sm_close_session to delete the credentials. - * Fix circular dependency error with autoconf 2.6.3. +o Ted Percival + * Fix a crash during name resolution. -o Davide Sfriso - * BUG 5906: Fix Winbind crash bug during 'getent group' on PDC. - -o Dan Sledz - * Add FreeBSD configure check for backtrace_symbols. - * Allow SYSLOG_FACILITY to be modified with a new configure option called - --with-syslog-facility. - - -o Joe Smith - * Fix typo in source/utils/net_rap.c. - - -o Martin Schwenke - * Prevent make errors for picky makes when $(EXTRA_ALL_TARGETS) is empty. - * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at - compile time rather than install time. - - -o Yasuma Takeda - * BUG 5909: Fix MS-DFS links containing multibyte characters on Vista. - - -o Bo Yang - * Fix broken msgids in ntstatus_errors. - * i18n/l10n pam_winbind - - ----------------------------------------------------- - -Changes since 3.3.0pre1: ------------------------- - -o Michael Adam - - * BUG 5492: Fix RHEL SPEC file by removing libmsrpc stuff. - * BUG 5507: Fix several issues in the RHEL SPEC file. - - -o Jeremy Allison - * BUG 5729: Explicitly allow "-valid". - * BUG 5737: Fix winbindd crash in an unusual failure mode. - * BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient. - * BUG 5762: Fix opening of mangled directory name (resulted - 'is a stream name'). - * BUG 5783: Fix FindFirst where search pattern == mangled filename. - * BUG 5790: Fix returning of STATUS_OBJECT_NAME_NOT_FOUND on set file - disposition. - * BUG 5797: Fix moving of readonly files. - * Fix crashes when looking up a non-existant uid. - * Fix getting/setting of NT ACLs on a file. - * Add st_birthtime and friends for accurate create times on *BSD - and MacOSX). - * Fix the wcache_invalidate_samlogon calls. - * Clarify usage of "force create mode". - * Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid - mappings. - * Write times code update. - * Add experimental version of VFS module acl_xattr. - * Fix rename_open_files. - * Make SMB traffic analyzer VFS module more efficient. - - -o Gerald W. Carter - * Fix segfault when calling nss_get_info() with a NULL ads structure. - * Add support for name aliasing in Winbind. - * Add the idmap/nss-info provider from Likewise Open. - * Allow an admin to define the "uid" attribute for a RFC2307 - user object in AD to be the username alias. - * Add new idmap backend "adex" to support RFC2307 enabled AD forests. - * Add new idmap backend "hash". - - -o Steven Danneman - * Fix build warnings. - * Cleanup of DC enumeration in get_dcs(). - - -o Guenther Deschner - * BUG 5710: Fix changing of machine account passwords. - * BUG 5784: Fix pam_winbind build issue on Solaris. - * Fix invalid sid copy (hit when enumerating sibling domains) in Winbind. - * Fix double installation of cifs.upcall. - * Add change-user-password command to wbinfo. - * Fix segfault in _srvsvc_NetShareAdd. - - -o James Ding - * BUG 5736: Fix Winbind crash bug with trusted domains. - - -o Ephi Dror - * Correct the netsamlogon_clear_cached_user function. - - -o Holger Hetterich - * Add new VFS module to analyze SMB traffic to record write and read - operations on the Samba server. - - -o Jeff Layton - * Fix build warnings in cifs.upcall. - - -o Volker Lendecke - * BUG 5707: Do proper error handling if the socket is closed. - * BUG 5778: Don't define 'strlcat' and 'strlcpy' if it's already defined. - * Fix Coverity IDs 587 and 589. - * Increase the default positive idmap cache time to a week. - * Fix calculation of useable_space for trans2 and nttrans replies. - * Add mapping of generic bits when setting an NFSv4 ACL. - - -o Stefan Metzmacher - * Some write time fixes. +o Tim Prouty + * Fix "assignment discards qualifiers from pointer target type" + warnings. + * Fix SMB_VFS_RECVFILE/SENDFILE macros. o Karolin Seeger - * Add new parameter "cups connection timeout". - - -o Simo Sorce - * Fix enumeration of nested group memberships in Winbind. - This affected only setups using "security = ads". + * Change "ldap ssl:ads" parameter to "ldap ssl ads". -o Timur - * Fix cut and paste error in quota code. - * Fix display of POSIX ACLs. - * Fix aio on FreeBSD. +o Dan Sledz + * Fix double free caused by incorrect talloc_steal usage. -o Andrew Tridgell - * Fix permissions of group_mapping.ldb (CVE-2008-3789). - * Avoid a race condition in glibc between AIO and setresuid(). - * Add missing become root for AIO operations. - * Fix an errno handling bug that could lead to an infinite loop. - * Fix logic of tsmsm_sendfile(). - * Fix handling of arbitrary new PAC types. - * Fix segfault on startup with trusted domains. - * Fix segfault on the CTDB destructor code. - * Fix memory leak. - * Re-add "winbind:ignore domains". +o Aravind Srinivasan + * Make nmbd check all available interfaces for WINS before failing. -o Jelmer Vernooij - * Fix segfault (Debian bug #431696). +o Miguel Suarez + * Fix compilation of vfs_default on systems that do not support utimes(). -o Qiao Yang - * Fix a memleak. +o Yasuma Takeda + * BUG 6098: Fix ads_find_dc() in setups with "security = domain". ###################################################################### -- cgit