The branch, master has been updated via 0cf7a36 on our way with Samba 4.0alpha19 via 0a4827f prepare WHATSNEW for Samba 4.0alpha18 release and mark as release. via cab24da s3-libsmb: Remove unused spnego_parse_auth_and_mic from f14dffa s3-selftest: Verify GK and GF flag behaviour
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0cf7a3680aee282dd6c1a012401df83e2e111a2d Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 24 15:24:00 2012 +1100 on our way with Samba 4.0alpha19 Autobuild-User: Andrew Bartlett <abart...@samba.org> Autobuild-Date: Fri Feb 24 07:20:10 CET 2012 on sn-devel-104 commit 0a4827f594c87e5f0866999e8cfcae29c72ce675 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 16 16:45:10 2012 +1100 prepare WHATSNEW for Samba 4.0alpha18 release and mark as release. commit cab24da68dbebc419efaaf660b20994b71e42203 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 24 12:36:23 2012 +1100 s3-libsmb: Remove unused spnego_parse_auth_and_mic ----------------------------------------------------------------------- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 94 +++++++++++++++++++------------------------ source3/include/proto.h | 2 - source3/libsmb/clispnego.c | 40 ------------------- upgrading-samba4.txt | 8 ++++ 5 files changed, 51 insertions(+), 95 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 866376e..952ff93 100644 --- a/VERSION +++ b/VERSION @@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # -> "4.0.0alpha1" # ######################################################## -SAMBA_VERSION_ALPHA_RELEASE=18 +SAMBA_VERSION_ALPHA_RELEASE=19 ######################################################## # For 'pre' releases the version will be # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3fac360..a9258b0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,4 @@ -What's new in Samba 4 alpha17 +What's new in Samba 4 alpha18 ============================= Samba 4.0 will be the next version of the Samba suite and incorporates @@ -10,7 +10,7 @@ and above. WARNINGS ======== -Samba4 alpha17 is not a final Samba release, however we are now making +Samba4 alpha18 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release, of which this is a preview. Be aware the this release contains both the technology of Samba 3.6 (that you can reasonably expect to upgrade existing Samba 3.x releases @@ -55,84 +55,74 @@ programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. -CHANGES SINCE alpha16 +CHANGES SINCE alpha17 ===================== -For a list of changes since alpha 15, please see the git log. +For a list of changes since alpha 17, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git -$ git log release-4-0-0alpha16..release-4-0-0alpha17 +$ git log samba-4.0.0alpha17..samba-4.0.0alpha18 Some major user-visible changes include: -samba-tool dbcheck ------------------- +Improvements to DNS servers. Samba4 now has 3 options for the +handling of DNS: The default option is to use the BIND 9.8 DLZ plugin, +which stores the information about the DNS zone in the directory. +There is also an internal DNS server (but which does not support +secure DNS updates at this time) and the flat file BIND 9.8 backend +(storing the data in traditional zone files). -We now have an fsck-like tool for Samba's internal sam.ldb database. -Run samba-tool dbcheck after installation to check your database for -self-consistency. Any database created with a previous Samba4 alpha -will have a very large number of consistency errors, which this tool -can fix. +To migrate from zone files to directory based DNS servers, a migration +tool (upgradedns) has been added. -See also the -H option to point dbcheck at a different database to the -default, and the --fix and --yes options to make changes and to not -prompt about those changes. +samba-tool dns commands to manage DNS records stored in directory. -After upgrading Samba, it is suggested that you do the following: +smbwrapper (a user-space file system based on LD_PRELOAD) has been +removed. - - stop samba - - take a backup copy of your sam.ldb and sam.ldb.d/* database files - - run samba-tool dbcheck --cross-ncs --fix - - use 'all' to say yes to fixing each type of error found - - after it has finished, run dbcheck again to ensure it reports no - errors +Improvement to the upgrade process between Samba 3.x domains and Samba +4.0 AD domains (samba-tool domain samba3upgrade). -There will be a lot of errors fixed, particularly related to -bad/missing GUID values. This is due to a bug in previous releases -that left many objects with bad GUID values. These can all be fixed -using dbcheck with steps above. +Some major but less visible changes include: +Major work to bridge the code gap between the major parts of the code +base, including a common loadparm wrapper, smb client library, as well +as NTLMSSP, GSSAPI and SPNEGO code as part of the GENSEC +authentication and authorization stack. -New default paths ------------------ +Preparation work for moving to TDB2, a new version of Samba's core TDB +database. -The configure options for paths have changed again, and the ---enable-fhs option has been reinstated. Packagers should attempt to -first package Samba using: +smbtorture tests for SMB 2 and SMB 2.2 as the team improves and +develops support these new protocols. -./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var +Major cleanup and removal of global variables in the smbd SMB and SMB2 server. -and only after examining the location Samba uses with these options -should further changes be made. Existing packaging scripts are not -expected to work unmodified, instead the Samba Team's aim is to -simplify such scripts for the long term. +Heimdal security issue 2012-01-11 - libkrb5 checksum - denial of serice +http://www.h5l.org//advisories.html?show=2012-01-11 -samba-tool domain samba3upgrade -------------------------------- +KNOWN ISSUES +============ -The new samba-tool domain samba3upgrade command is a supported upgrade route from Samba -3.x domain controllers to Samba 4.0 AD domain controllers. This -provides a one-time migration of all users, domain members, passwords, -groups, group members and account polcies. +- upgradeprovision should not be run when upgrading to this release + from a recent release. No important database format changes have + been made since alpha16. -This tool is still under development and may fail when presented with -an inconsistant Samba3 database (such as many LDAP configurations). -We hope to improve the error handling and recovery in these -situations, so please provide feedback using the samba-technical -mailing list. +- The BIND 9 DLZ plugin is compatible only with BIND 9.8, not BIND 9.9. -KNOWN ISSUES -============ +- Systems with tdb or ldb installed as a system library may have + difficulty building this release of Samba4. The --disable-tdb2 + configure switch may be of assistance. (Distributors who (rightly) + have difficulty with this may wish to wait until a future release, + which will soon fix this issue). - Installation on systems without a system iconv (and developer headers at compile time) is known to cause errors when dealing with non-ASCII characters. - In some situations, group members may not be upgraded by the - samba-tool domain upgrade_from_s3 script - -- The samba-tool domain join script will not join Windows 2000 domains. + samba-tool domain samba3upgrade tool - Domain member support in the 'samba' binary is in it's infancy, and is not comparable to the support found in winbindd. As such, do not diff --git a/source3/include/proto.h b/source3/include/proto.h index 30fc216..f973800 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -874,8 +874,6 @@ bool spnego_parse_auth_response(TALLOC_CTX *ctx, const char *mechOID, DATA_BLOB *auth); -bool spnego_parse_auth_and_mic(TALLOC_CTX *ctx, DATA_BLOB blob, - DATA_BLOB *auth, DATA_BLOB *signature); /* The following definitions come from libsmb/conncache.c */ NTSTATUS check_negative_conn_cache( const char *domain, const char *server); diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index c1b49c9..2cc2a2a 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -412,46 +412,6 @@ DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob) /* parse a SPNEGO auth packet. This contains the encrypted passwords */ -bool spnego_parse_auth_and_mic(TALLOC_CTX *ctx, DATA_BLOB blob, - DATA_BLOB *auth, DATA_BLOB *signature) -{ - ssize_t len; - struct spnego_data token; - - len = spnego_read_data(talloc_tos(), blob, &token); - if (len == -1) { - DEBUG(3,("spnego_parse_auth: spnego_read_data failed\n")); - return false; - } - - if (token.type != SPNEGO_NEG_TOKEN_TARG) { - DEBUG(3,("spnego_parse_auth: wrong token type: %d\n", - token.type)); - spnego_free_data(&token); - return false; - } - - *auth = data_blob_talloc(ctx, - token.negTokenTarg.responseToken.data, - token.negTokenTarg.responseToken.length); - - if (!signature) { - goto done; - } - - *signature = data_blob_talloc(ctx, - token.negTokenTarg.mechListMIC.data, - token.negTokenTarg.mechListMIC.length); - -done: - spnego_free_data(&token); - - return true; -} - -/* - parse a SPNEGO auth packet. This contains the encrypted passwords -*/ bool spnego_parse_auth_response(TALLOC_CTX *ctx, DATA_BLOB blob, NTSTATUS nt_status, const char *mechOID, diff --git a/upgrading-samba4.txt b/upgrading-samba4.txt index 82f562e..4cd19d5 100644 --- a/upgrading-samba4.txt +++ b/upgrading-samba4.txt @@ -18,3 +18,11 @@ descriptors, and upgradeprovision --full will perform a more comprehensive upgrade of the data (including schema and display specifiers). This attempts to do a new provision, and to then copy existing data into that database. + +If you are upgrading from a more recent version, particularly alpha16 +or later, then it is better *NOT* to run upgradeprovision as the +database format has not changed. + +To upgrade from BIND9 flat files to the internal database store for +Bind 9 DLZ, use ./source4/scripting/bin/upgradedns + -- Samba Shared Repository