2006年7月11日

[installer 815] samba-3.0.23

samba-3.0.23 出ています。

smbd の DoS 問題修正が含まれています。
http://www.samba.org/samba/security/CAN-2006-3403.html
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3403)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403)
参照のこと。

☆ samba-3.0.23
http://samba.org/
http://www.samba.org/samba/ftp/samba-3.0.23.tar.gz
ftp://ftp.samba.org/pub/samba/samba-3.0.23.tar.gz
ftp://ftp.samba.gr.jp/pub/samba/samba-3.0.23.tar.gz

==============================
Release Notes for Samba 3.0.23
Jul 10, 2006
==============================

This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes. Please read the changes in this section for details on
new features and difference in behavior from previous releases.

There has been a substantial amount of cleanup work done during
this development cycle. We would like to thank both Coverity
http://www.coverity.com/) and Klocwork http://www.klocwork.com/)
for analyzing the Samba source code. As a result, this release
includes fixes for over 400 defects. The coverage was approximately
even with over 200 defects reported by each tool.

Thanks very much to those people who spent time testing the
release candidates and reported their findings. We would like to
especially thank Thomas Bork <tombork@xxxxx> for his numerous
reports. We believe that the final release is in much better shape
in large part due to his efforts.

New features in 3.0.23 include:

o Improved 'make test'
o New offline mode in winbindd.
o New Kerberos support for pam_winbind.so.
o New handling of unmapped users and groups.
o New non-root share management tools.
o Improved support for local and BUILTIN groups.
o Winbind IDMAP integration with RFC2307 schema objects supported
by Windows 2003 R2.
o Rewritten 'net ads join' to mimic Windows XP without requiring
administrative rights to join a domain.


User and Group changes
======================

The user and group internal management routines have been
rewritten to prevent overlaps of assigned Relative Identifiers
(RIDs). In the past the has been a potential problem when either
manually mapping Unix groups with the 'net groupmap' command or
when migrating a Windows domain to a Samba domain using 'net rpc
vampire'.

Unmapped users are now assigned a SID in the S-1-22-1 domain and
unmapped groups are assigned a SID in the S-1-22-2 domain.
Previously they were assign a RID within the SAM on the Samba
server. For a DC this would have been under the authority of the
domain SID where as on a member server or standalone host, this
would have been under the authority of the local SAM (hint: net
getlocalsid).

The result is that any unmapped users or groups on an upgraded
Samba domain controller may be assigned a new SID. Because the
SID rather than a name is stored in Windows security descriptors,
this can cause a user to no longer have access to a resource for
example if a file was copied from a Samba file server to a local
NTFS partition. Any files stored on the Samba server itself will
continue to be accessible because Unix stores the Unix gid and not
the SID for authorization checks.

A further example will help illustrate the change. Assume that a
group named 'developers' exists with a Unix gid of 782 but this
user does not exist in Samba's group mapping table. it would be
perfectly normal for this group to be appear in an ACL editor.
Prior to 3.0.23, the group SID might appear as
S-1-5-21-647511796-4126122067-3123570092-2565. With 3.0.23, the
group SID would be reported as S-1-22-2-782. Any security
descriptors associated with files stored on an NTFS disk partition
would not allow access based on the group permissions if the user
was not a member of the
S-1-5-21-647511796-4126122067-3123570092-2565 group. Because this
group SID not reported in a user's token is S-1-22-2-782, Windows
would fail the authorization check even though both SIDs in some
respect referred to the same Unix group.

The current workaround is to create a manual domain group mapping
entry for the group 'developers' to point at the
S-1-5-21-647511796-4126122067-3123570092-2565 SID.


Passdb Changes
==============

The "passdb backend" parameter no long accepts multiple backends
in a chaining configuration. Also be aware that the SQL and XML
based passdb modules have been removed in this release. More
information of external support for a SQL passdb module can be
found at http://pdbsql.sourceforge.net/.


Group Mapping Changes
=====================

The default mapping entries for groups such as "Domain Admins" are
no longer created when using an smbpasswd file or a tdbsam passdb
backend. This means that it is necessary to use 'net groupmap
add' rather than 'net groupmap modify' to set these entries.
This change has no effect on winbindd's IDmap functionality for
domain groups.


LDAP Changes
============

There has also been a minor update the Samba LDAP schema file. A
substring matching rule has been added to the sambaSID attribute
definition. For OpenLDAP servers, this will require the addition
of 'index sambaSID sub' to the slapd.conf configuration file. It
will be necessary to run slapindex after making this change. There
has been no change to actual data storage schema.


######################################################################
Changes
#######

smb.conf changes
----------------

Parameter Name Description Default
-------------- ----------- -------
acl group control Deprecated No
add port command New ""
change notify timeout Changed Scope
dmapi support New No
dos filemode Modified No
enable asu support Changed default No
enable core files New Yes
enable privileges Changed default Yes
enable rid algorithm Removed
fam change notify New Yes
hosts equiv Removed
host msdfs Changed default Yes
msdfs root Changed default Yes
open files database hash size New 10007
passdb expand explicit Changed default No
strict locking Changed default auto
usershare allow guests New No
usershare max shares New 0
usershare owner only New Yes
usershare path New ${lockdir}
usershare prefix allow list New ""
usershare prefix deny list New ""
usershare template share New ""
winbind enum users Changed default No
winbind enum groups Changed default No
winbind nested groups Changed default Yes
winbind offline logon New No
winbind refresh tickets New No
winbind max idle children Removed
wins partners Removed


Changes since 3.0.23rc3
-----------------------

commits
-------
o Jeremy Allison <jra@xxxxx>
* BUG 3858: Ensure that all files are removed by a wildcard
delete when 'hide unreadable = yes'.
* Fix various issues raised by the Klocwork code analyzer.
* Fix nmbd WINS serving bug causing duplicate IPs in the *<1b>
query reply ("enhanced browsing = yes").
* Fix SMB signing failures in client tools.
* BUG 3909: Avoid EA lookups on MS-DFS links.


o Nicholas Brealey <nick@xxxxx>
* Compile fix for pam_winbind.


o Gerald (Jerry) Carter <jerry@xxxxx>
* Use system provided killproc() in RedHat init scripts for
more robust shutdown.
* Fix a crash in the printer publishing code when adding a
new printer via the APW.
* Fix broken compile of unsupported smbwrapper utility.
* BUG 3905: Fix smbd startup failure caused by a failure to
create an NT token for the guest account.
* BUG 3908: Fix RPC bind authentication failure which broke
user password changes.
* Ensure that "net ads join" reports failure correctly if
it cannot set the machine account password.


o Guenther Deschner <gd@xxxxx>
* Fix different extended_dn handling in adssearch.pl
(Thanks to Frederic Brin at Novell).
* Fix a memleak in winbindd's credentials cache.
* Protect against crashes in CLDAP request processing.
* Remove incomplete DfsEnum() info level to avoid an smbd crash.


o Volker Lendecke <vl@xxxxx>
* Fix a memleak in the server registry code for enumeration
shares.
* Fix an invalid munlock() call in winbindd's credentials cache.
* Fix compile warnings when passing NULL to snprintf().
* BUG 3915: Fall back to a pure unix user with S-1-22 SIDs in the
token in case anything weird is going on with the 'force user'.
* CVE-2006-3403: Fix minor memory exhaustion DoS in smbd.


o Jason Mader <jason@xxxxx>
* Compiler warning fixes.


o Simo Sorce <idra@xxxxx>
* Set the correct sid type when looking up a gid.


Changes since 3.0.22
--------------------
o Jeremy Allison <jra@xxxxx>
* Fixes for various Klocwork defect reports.
* Cleanup pdb_get_XXX() methods and ensure that a failure
to allocate memory for a samu user structure is reported
as a failure to the calling function.
* Fix memleak in printing gencache contents.
* Fix warnings reported by gcc4 -O6 on 64-bit systems
* Fix naming conflicts with 'net usershare' structures and
Solaris header files.
* Fix memleaks on error paths from the ASN.1 parsing code.
* Add uid to share_mode_entry structure so we can report who
opened the file.
* Ensure we use sys_write in password chats so we're not
interrupted.
* Ensure all new rid allocation goes through the same pdb_ldap
interface.
* BUG 3308: Stop us returning duplicate mid replies on path
based set-EOF trans2 calls.
* Pass RAW-OPLOCK with kernel oplocks off.
* Fix bug in OS/2 Warp - it doesn't set the ff_last offset
correctly when doing info level 1 directory scans.
* Add Samba4 replacement for timegm() to work on Solaris.
* Remove extra add-byte in the trans2 UNIX_BASIC infolevel.
* BUG 3592: Ignore a file in the tar output from smbclient if the
read failed (e.g. due to ACCESS_DENIED). (Based on ideas from
Justin Best <justinb@xxxxx>).
* BUG 3668: Workaround issues in Windows server code with LARGE_READX.
* Push/Pull Kerberos principal and realm names to/from UTF-8.
* Fix incorrect boolean in assert to make POSIX lock tests
pass with CIFSFS.
* Don't ever set O_SYNC on open unless "strict sync = yes".
* Remove dead printing code.
* Allow configurable guest access to Samba's usershare functionality.
* BUG 3587: Make byte-range locking tdb self-cleaning.
* Ensure every exit error path in the session setup code calls
nt_status_squash().
* Use portable wrapper functions instead of seteuid directly in
winbindd.
* Make "change notify timeout" a per-share parameter.
* Fix regression in SAMBA_4_0's smbtorture DENY tests.
* Fix valgrind-spotted issue in BASE-DELETE test.
* Fix early termination condition in winbindd when trying to
connect to a remote DC.
* Instruct winbindd to ignore fd_set when select() returns -1.
* BUG 3779: Make nmbd udp sockets non-blocking to prevent problem
with select returning true but no data being available.
* Back port talloc_steal() fixes from SAMBA_4_0 (original fixes by
Andrew Tridgell).
* BUG 3467: Fix delete on close semantics needed by WinXP Media
Center Ed. for simultaneous recording and playback (thanks to
Jason Qian for the debugging assistance).
* BUG 3347: Save the Unix user token used to set the
delete-on-close flag.
* Fix parsing of SAMR_Q_CONNECT_ANON.
* Add in support for userinfo26 structure and re-enable
userinfo25
* Schannel server fixes. Fix the credentials chaining across
\netlogon pipe disconnects.
* Replace ubqix code in nmbd with an internal tdb.
* Fix struct timespec checks in configure.in.
* Add in server support for the NetSamLogonEx().
* Add support for LsaLookupSids2() and LsaLookupSids3().
* Add LsaLookupNames[2-4]().
* Add support for 'net usershare'.
* BUG 3522: Fix error code return on SMBmkdir(foo) when foo
already exists (thanks to Sandeep Tamhankar).
* BUG 3510: Fix 'net rpc join' against a server when
schannel is disabled.
* Get rid of poor errno mapping table. Bounce through NTSTATUS
instead.
* Check for SeMachineAccountPrivilege when deleting machine
accounts.
* Fix a logic bug with multiple oplock contention.
* Add the replacements for opendir/readdir etc from SAMBA_4_0.
Attempt to fix the broken directory handling in the *BSD.
* Allow run time tuning of the locking tdb hash size for
very busy servers.
* BUG 3642: Ensure we don't call FD_SET on read with
fd == -1.
* BUG 3569: Work around linear posix locking issue on AIX
which was causing high loads due to the tdb CLEAR_IF_FIRST
flag (based on work from William JoJo).
* Fix OS/2 directory delete bug found by kukks.
* Match the Windows 2003 NTLMSSP signature.
* Performance tuning work in core read & write file serving
paths.
* Change default to 'strict locking' to better reflect
real world clients.
* Fix error return on session setup. Ensure no data blob is
added if the logon call failed so that Windows clients
interpret the NT_STATUS code correctly.
* Teach Samba the difference between exclusive and batch
oplocks.
* BUG 3592: Ignore a file in a smbtar output if the first
read fails (inspired by Justin Best).
* BUG 3668: Workaround Windows bug with LARGE_READX where if
you ask for exactly 64k bytes it returns 0.


o Andrew Bartlett <abartlet@xxxxx>
* Work around abort() in the OpenLDAP client libs caused by a NULL
msg pointer.


o Timur Bakeyev <timur@xxxxx>
* BUG 2961: Fix compile warnings for pam_smbpass.
* BUG 2746, 3763: Fix compile warnings in pam_winbind.


o Alexander Bokovoy <ab@xxxxx>
* Fix 'smbcontrol shutdown' messages for nmbd and winbindd.
* Fix absolute symlinks in the installbin.sh script.


o Max N. Boyarov <m.boyarov@xxxxx>
* Fix crash bug in perfmon daemon example code.


o Gerald (Jerry) Carter <jerry@xxxxx>
* Fix 'make install' problem when building outside source/.
* Fix 'net ads join' when the workgroup is set incorrectly in
smb.conf.
* Re-add code to include the BUILTIN\Administrators SID when
winbindd is not running, but the user's token includes the
Domain Admin SID. Fixes access problem for managing Services.
* Only call the printer publishing calls if 'security = ads'.
* Normalize printing keys when deleting.
* Only store LANMAN passwords on a change if 'lanman auth = yes'.
* Look at the NT password (not lanman one) when determining if 'smbpasswd
-e' should probably for a password.
* Default eventlog tdbs to mode 0660 to allow easier access by
BUILTIN\Administrators.
* Remove extra call to create_user on member servers without winbindd.
* Replace the use of OpenLDAP's ldap_domain2hostlist() for locating
AD DC's with out own DNS SRV queries.
* Fix compile error on HP-UX reported by Ryan Novosielski.
* Rewrite 'net ads join' to share common code with 'net rpc join'
and behave more like a Windows XP client.
* Remove --with-ldapsam option from configure (only used for
backwards compatibility for 2.2 smb.conf files).
* Remove 'wins partners' and 'hosts equiv' smb.conf parameters.
* Remove rhosts authentication module.
* Reimplement 'net ads leave' to disable the machine account in the
domain rather than removing it.
* Rewrite of tdbsam file descriptor handling.
* Add server affinity support when selecting a remote
domain controller.
* Remove chaining of passdb modules.
* Generate a local users primary group SID based on his
or her primary Unix group rather than storing the attribute
in the passdb entry.
* Default primary group SID to 'Domain Users' if the real Unix
primary group maps to the S-1-22-2 domain.
* Refactor memory management in passdb user objects.
* RHEL and Fedora packaging fixes.
* Implement XcvDataPort() spooler call and supporting 'add
port command'.
* BUG 3534: Ignore lines in the username map file with no right
hand list.
* Add support for the experimental %(DomainSID) smb.conf
variable.
* Add support for parsing SIDs in smb.conf value lists.
* Fix vuid allocation in Kerberos SMBsesssetup reply.
* Ensure that local group membership is included in the
getgroups() NSS reply.
* Automatically create a BUILTIN\{Administrators,Users} if
winbindd is running.
* Automatically grant all privileges to members of the local
Administrators group.
* Protect against NULL cli_state* pointers in
cli_rpc_pipe_open().
* Add a SUBSTR matching rule the the Samba LDAP schema
file for the sambaSID attribute. This will allow for
Searching group mapping entries within a given domain
without reorganizing the directory namespace. Also
requires 'index sambaSID sub' in slapd.conf.
* Fix parsing of 'idmap uid/gid' values that broke when
the range included any whitespace.
* Support renaming local groups (protect against renaming
BUILTIN groups).
* Do not allow the root account to be deleted via MS-RPC.
* Fix RID allocation to skip over RIDs that resolve in our
own domain (work around upgraded users and groups).
* Store the name/ip address combination when we do a reverse
look up in case future forward lookups would fail.
Fixes cases where a DC name could not be resolved via
NetBIOS queries,
* Allow winbindd to run on standalone servers in order to
provide support for local groups.
* Deprecate 'acl group control' and replace it with added
functionality to 'dos filemode'.
* Ensure that all global memory is freed from pam_winbind
when unloading the shared library (based on work from Arkady
Glabek).
* Fix 32-bit/64-bit portability issues between PAM & NSS winbind
libraries and winbindd.
* Add defensive checks about create local accounts (i.e. calling
'add user script') on domain member servers when winbindd
is running but having problems.


o Mathias Dietz <MDIETZ@xxxxx>
* EPERM can be a valid return from getting an xattr.
Don't disable if we get it.


o Guenther Deschner <gd@xxxxx>
* Fix memleaks in winbindd ads searches.
* Fix timestamp bug in pam_winbindd which forced users to change
passwords prematurely.
* Small debug message cleanups.
* Small fixes for 'net ads password'.
* BUG 3843: Allow to set passwords directly when creating users
via "net rpc user add"
* Add "rpc shell" to the usage text for the net command.
* Winbindd user aliases lookup fixes for large domains.
* Fix memleak in the CLDAP processing code.
* Enable AD features in winbindd's PAM support only when
communicating with an AD domain controller.
* Set our internal domains to "online" by default in winbindd.
* BUG 3800: Fill the password_policy method in winbindd for
winbindd_passdb.
* Fix memory leak when LDAP POSIX attribute queries fail.
* Honor the krb5 principal name change (of the new ads join code)
in the kerberized winbind pam_auth.
* Correctly handle the case when there is no configuration file
for pam_winbind.
* Adding "own-domain" switch to wbinfo which is handy from time
to time.
* BUG 3823: Fix in-forest domain trust enumeration in winbindd.
* Fix winbindd group enumeration for groups with no members.
* Correct "net ads changetrustpw" to use the sAMAccountName.
* Fix winbindd in ADS domains by removing code using the
UPN and rely upon the sAMAccountName.
* Fix a eDir related memory leak.
* Don't try to add the sn attribute twice to an LDAP
inetOrgPerson + samSamAccount entry.
* Fix winbind function table typo.
* Attempt to send the correct warning from pam_winbind when a password
change was attempted too early.
* Don't use cached credentials when changing passwords.
* Correctly disallow unauthorized access when logging on with the
kerberized pam_winbind and workstation restrictions are in effect.
* Save useless round trips in pam_winbind's auth calls.
* Make the existence of the /etc/security/pam_winbind.conf file
non-critical and fallback to only parse the argv options in that
case.
* Add winbind debug class to the main winbindd process.
* Be consistent between rpc and ads winbind backend: let the
ads backend query the samlogon cache first as well.
* Ignore BUILTIN groups when searching AD for group memberships.
* Fix KRB5KDC_ERR_POLICY -> NTSTATUS mapping.
* Cleanup credential caches from winbind's linked list.
* Fix 'winbindd -n' for new persistent caches.
* Fix searching by SID in winbindd.
* Add "smbcontrol winbind onlinestatus" for debugging purpose.
* Prefer to use the indexed objectCategory attribute (instead of
objectClass which is not indexed on AD) in LDAP queries.
* Free LDAP result in ads_get_attrname_by_oid().
* Prevent unnecessary storing of password in a WINBINDD_CCACHE_ENTRY.
* Prevent passwords of winbindd's list of credential caches from
being swapped to disk using mlock().
* BUG 3345: Expand the "winbind nss info" to also take "rfc2307" to
support the plain posix attributes LDAP schema from win2k3-r2
(based on patches from Howard Wilkinson and Bob Gautier).
* Add more robust code for fallback when lookup_usergroups() fails.
* Fix 'net rpc join' for winbindd running on a Samba DC.
* Add help text for new 'net rpc audit' utility.
* Add net ads search SID.
* samrQueryDomainInfo level 5 should return the domain name, not our
netbios name when we are a DC.
* Add some more client rpc for the querydominfo calls (from samba4 idl).
* Process all the supported info levels in the samr_query_domain_info2
call.
* Wrap the samr_query_domain_info2() call around
samr_query_domain_info().
* Fix segv in smbctool.
* Honour the time_offset also when verifying Kerberos tickets.
* Prevent unnecessary longstanding LDAP connection to eDirectory.
* Fix segv in smbspool.
* BUG 1914: Allow to store 24 password history entries in ldapsam.
* Enhancements to various commands in rpcclient
* Don't force 'Administrator' to change an expired password on
logon.
* Add support for offline mode in winbindd.
* Provide support in pam_winbind for initializing a user's
ticket cache.
* Implement samr_chgpasswd_user3 server-side.
* Make pam_winbind more robust when detecting domain users.
* Add client side support for SAMR_GET_USRDOM_PWINFO.
* Re-enable strict checking on C++ reserved keywords since Heimdal
0.7.2 has been released.
* Allow renaming of machine accounts in a Samba domain.
* BUG 3539: Let winbindd try to obtain the gecos field from
the msSFU30Gecos attribute when "winbind nss info = sfu" is
set.
* Correctly handle acb_info/acct_flags as uint32 not as uint16.
* Return the real ACB-flags in the SamLogon() reply.
* Some client side cleanup for the samr set security object
functions.
* Make sure we always reset the userAccountControl bits when
re-joining (net ads join) with an existing account.
* Document some more MSV1_0 bits and their behavior.
* Only set the last rebind timestamp when we did rebind
after a update LDAP operation to avoid the ldap replication
sleep period.
* Fix incorrect error checking in winbindd for domains with
no trusts.
* Consolidate the parsing of the Krb5 PAC and NET_USER_INFO3
structure.
* Work around crash bug in MIT krb5 libs when reading a
keytab file. Stop trying to decrypt a ticket as soon as
we have a clear indication that the ticket is bad.
* Merge DCERPC_FAULT constants from the SAMBA_4_0 tree.
* Adding client side samr querygroup infolevels 2 & 5.
* Make smbpasswd -a root work for eDirectory where there
is no "account" structural objectclass.
* Make sure we only send out a CLDAP request (net ads) to
an connected AD server.
* Fix a broken LDAP search filter when looking for groups.
* Add in-tree version of iniparser library from
http://ndevilla.free.fr/iniparser/ for use by pam_winbind
(rather than linking in loadparm.c). Settings are now stored
in /etc/security/pam_winbind.conf.


o Aleksey Fedoseev <fedoseev@xxxxx>
* Fix parameter type for 'acl compatibility'.
* Fixes for msgtest torture tool.
* Fix crash bug in the file locking code.


o Arek Glabek <aglabek@xxxxx>
* Fix parsing error on input parameters in eventlogadm.


o Paul Green <paulg@xxxxx>
* Properly rebuild time limit on systems with executable extensions.
* Fix build on platforms that do not support shared libs.
* Remove dead code in the auth_script module.


o Bjoern Jacke <samba@xxxxx>.
* Fix DMAPI compile failures on AIX and True64.
* Fix AIX PIC suffix (use .o instead of .po).
* Fall back to less-preferred clocks until we find one that we
can use if clock_gmtime() is not available at run-time.
* Fix EA support on AIX platforms.
* Automatically disable file shares with no explicit path set.
* Remove the local hack to set the RO bit on directories in
user profiles when profile acls = yes. Rely on EAs instead.
* Compile fixes for Solaris LDAP client libs.
* Add DMAPI/XDSM support for AIX.
* Find JFS DMAPI libs on Linux when only they are available.


o William Jojo <jojowil@xxxxx>
* Fixes for the winbind NSS library on AIX.
* Fix VFS builds on AIX platforms.
* Fixes for the AIX version of libnss_winbind.so


o Leonid Kabanov <lkabanov@xxxxx>
* BUG 3711: Shell portability fixes for 'make test'.


o Volker Lendecke <vl@xxxxx>
* Fixes for various Klocwork defect reports.
* Fixes for various Coverity defect reports.
* BUG 3848: Fix WinXP join error in a Samba domain using ldapsam.
* Fix more potential seg-faults when something on our way to a
DC connection fails.
* Never fall back to using the IP address for a DC's name in RPC
connections.
* Implement recycle:subdir_mode.
* Activate RPC-AUTHCONTEXT in "make test".
* Portability fixes for 'make test'.
* Correctly set the group RID in init_sam_from_buffer.
* Fix missing prompt in smbclient.
* Return correct error code upon success from _net_srv_pwset().
* Fix Windows XP joins to a Samba domain.
* Fix 'valid users = +unixgroup' which was failing with smbpasswd
when mapped to a non-algorithmic rid.
* Fix regression which upper-cased machine names passed to the
'add machine script'.
* Correct parsing error in parse_net.c for user's with no group
membership.
* Fix off by one error in client SPNEGO code and other klocwork
bug fixes.
* Memory leak fixes in 'net sam'.
* BUG 3720: Fix uninitialized error return variable.
* Default "passdb expand explicit" to no.
* BUG 3741: Re-enable algorithmic SID mapping in one critical place.
* Fix user NT token creation when utilizing a username map.
* More coverity fixes.
* Fix a VUID bug in 'security = share'.
* Correctly fill in the gid for local users.
* Fix some warnings on True64.
* Add special close handling for fake files.
* BUG 3788: Fix nss_winbind's getgrouplist() call on AIX.
* BUG 3435: Fix 'msdfs root = yes' in [homes].
* Instruct winbindd to find a trusted DC on its own when running on
a Samba DC.
* Fix segv in child winbindd processes caused by a failed tconX
to the DC.
* Dynamically compute the maximum password age based no the
last change time rather than reading the must change time
from the passdb record.
* Rewrite mechanisms for handling lookup_{name,sid} resolution.
* Assign unmapped users to the S-1-22-1 domain and unmapped
groups to the S-1-22-2 domain
* Disable algorithmic mapping for RIDs in tdbsam & ldapsam
* Remove sql passdb backends.
* Implement rpccli_samr_set_domain_info()
* Add initial support for 'net sam' command.
* BUG 2413: Remove anonymous connections in 'net rpc info'.
* Implement asynchronous support for trans2 calls.
* Make smbclient -L use RPC to list shares, fall back to RAP.
* Ensure that the global SAM SID is initialized before any
dependent routines are called.
* Enhance consistency checks on local configuration when joining
a domain.


o Derrell Lipman <derrell@xxxxx>
[libsmbclient]
* BUG 3814: Only set the DFS capability flag in client requests
if the share is a DFS root.
* Fix bug causing previous settings to be re-initialized
when parsing new configuration files.
* BUG 3446: Don't ignore the authentication domain when parsing
the SMB URI.
* Fix cli_setpathinfo() to actually do what it's supposed to.
* Fix libsmbclient to make correct use of the new "one connection
per server feature".


o Jason Mader <jason@xxxxx>
* Numerous compiler warning fixes.


o John E. Malmberg <wb8tyw@xxxxx>
* Make smbldap obey config tests.


o Jim McDonough <jmcd@xxxxx>
* Fixes for 'make test' on AIX.
* Ensure we do a wildcard search for SID's starting with the global SAM
sid, not an exact search (from John Janosik).
* Adapt smbclient fix to smbtree to enable long share names.
* Prevent machines and users with no home directory from
getting the previous entries home path when migrating via
'net rpc vampire' (based on a patch from Richard Renard).
* Remove hard-coded LDIF names when dumping a migrated
domain's users and groups.
* BUG 1374: Can't join an OU with name that contains '#'.


o Stefan Metzmacher <metze@xxxxx>
* Add more tests to 'make test'.
* Try to make timelimit.c more portable.
* Fix linking of smbmount tools with --enable-socket-wrapper.
* Pass 'target:samba3=yes' to samba4's smbtorture when running
samba3's make test.
* Miscellaneous fixes for 'make test'.
* Add improved support for 'make test' including making
use of smbtorture from SAMBA_4_0.
* Add --no-process-group to all server programs
(e.g. timelimit 20000 bin/nmbd -F -S --no-process-group).
* Add configure tests --with-selftest-prefix=/tmp/samba-test


o Lars M端ller <lmuelle@xxxxx>
* Fix lock calls in the python tdb bindings.
* Add -k switch to tdbdump for accessing a single key.
* Debian packaging fixes.
* Add -t|--password-from-stdin option to pdbedit as we had
with Samba 2.2.
* Various minor fixes to install scripts used by 'make install'.


o James Peach <jpeach@xxxxx>
* Ensure smbclient always prompts on standard output when in
interactive mode.
* BUG 3801, 3805: Fix MIPSPro compiler warnings on IRIX.
* Introduce command line options to set the remainder of the
parameters in dynconfig.c.
* Avoid pulling in -lpthreads caused by -lrt.
* Fix build failures on IRIX 6.4 due to DMAPI support.
* Isolate the slow CLOCK_REALTIME message in the profiling code.
* Correct comparison logic so that libunwind can be correctly detected.
* Implement a "stacktrace" smbcontrol option using libunwind's remote
stack tracing support (ia64 only).
* Use dynamic buffers in the IRIX nsswitch module to prevent truncation
of long group lists.
* New autoconf macro to test for sysconf variables.
* Change profiling data macros to use stack variables rather than
globals. This catches mismatched start/end calls and removes
the need for special nested profiling calls.
* Rewrite AC_LIBTESTFUNC so that it works like the callers
of it expect.
* Use clock_gettime for profiling timstamps if it is available. Use
the fastest clock available on uniprocessors.
* Preserve errno in fcntl lock wrappers.
* Initialize our saved uid and gid so that we can tell when we
created the profiling shmem segment and don't bogusly refuse to
look at it.
* Add a new option "enable core files" which can be used to disable
automatic core file dumping.
* Update our internal copy of popt to that distributed with the RPM
4.2 source code.
* Add support for FAM for file change notification.
* Disable sendfile if the 'write cache;' has been enabled.
* Refactor capability interface from being IRIX-specific to
using only the POSIX interface.
* Consolidate core dumping code to aid in debugging.
* Add support for libunwind to generating a backtrace.
* BUG 3490: Don't test for ldap or krb5 libs if --without-ldap
and --without-ads are specified.
* Allow the user to set winbind nss timeouts in seconds on IRIX.
* Set the FILE_STATUS_OFFLINE bit by observing the events
a DMAPI-based HSM is interested in.


o Tim Potter <tpot@xxxxx>
* Build janitorial duties.
* BUG 3725: Put references to $PICFLAGS in quotes.


o Aruna Prabakar <aruna.prabakar@xxxxx>
* Show -W option in smbpasswd usage text.


o ISHIKAWA Tomonori <toishika@xxxxx>
* BUG 2715: Fix nmbd datagram comment buffer size for multibyte
character strings


o Andreas Schwab
* Correct syntax error in aclocal.m4.


o Simo Sorce <idra@xxxxx>
* Pam modules install fix.
* Allow "net changesecretpw" to accept a password via stdin.
* Implement 'net setdomainsid' command.
* Ensure that sid -> group conversion are done as root.
* BUG 3413: Sanity check for existence of 'ldap admin
dn' before setting a password in secrets.tdb (based on
work by William Jojo).
* New revision of the snprintf replace code.


o Todd Stecher <tstecher@xxxxx>
* Add TCP fallback for our implementation of the CHANGEPW
kpasswd calls.


o Ronan Waide <waider@xxxxx>
* Add 'wbinfo -i' functionality to exercise winbindd's getpwnam()
functionality.


o Shlomi Yaakobovich <Shlomi@xxxxx>
* Fix for machine password time_t overflow.

----
こがよういちろう


投稿者 xml-rpc : 2006年7月11日 10:25
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/44825
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。