The branch, master has been updated
via 0cf7a36 on our way with Samba 4.0alpha19
via 0a4827f prepare WHATSNEW for Samba 4.0alpha18 release and mark as
release.
via cab24da s3-libsmb: Remove unused spnego_parse_auth_and_mic
from f14dffa s3-selftest: Verify GK and GF flag behaviour
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0cf7a3680aee282dd6c1a012401df83e2e111a2d
Author: Andrew Bartlett <[email protected]>
Date: Fri Feb 24 15:24:00 2012 +1100
on our way with Samba 4.0alpha19
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Fri Feb 24 07:20:10 CET 2012 on sn-devel-104
commit 0a4827f594c87e5f0866999e8cfcae29c72ce675
Author: Andrew Bartlett <[email protected]>
Date: Thu Feb 16 16:45:10 2012 +1100
prepare WHATSNEW for Samba 4.0alpha18 release and mark as release.
commit cab24da68dbebc419efaaf660b20994b71e42203
Author: Andrew Bartlett <[email protected]>
Date: Fri Feb 24 12:36:23 2012 +1100
s3-libsmb: Remove unused spnego_parse_auth_and_mic
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 94 +++++++++++++++++++------------------------
source3/include/proto.h | 2 -
source3/libsmb/clispnego.c | 40 -------------------
upgrading-samba4.txt | 8 ++++
5 files changed, 51 insertions(+), 95 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 866376e..952ff93 100644
--- a/VERSION
+++ b/VERSION
@@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE=
# e.g. SAMBA_VERSION_ALPHA_RELEASE=1 #
# -> "4.0.0alpha1" #
########################################################
-SAMBA_VERSION_ALPHA_RELEASE=18
+SAMBA_VERSION_ALPHA_RELEASE=19
########################################################
# For 'pre' releases the version will be #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3fac360..a9258b0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,4 @@
-What's new in Samba 4 alpha17
+What's new in Samba 4 alpha18
=============================
Samba 4.0 will be the next version of the Samba suite and incorporates
@@ -10,7 +10,7 @@ and above.
WARNINGS
========
-Samba4 alpha17 is not a final Samba release, however we are now making
+Samba4 alpha18 is not a final Samba release, however we are now making
good progress towards a Samba 4.0 release, of which this is a preview.
Be aware the this release contains both the technology of Samba 3.6
(that you can reasonably expect to upgrade existing Samba 3.x releases
@@ -55,84 +55,74 @@ programs to interface to Samba's internals, and many tools
and
internal workings of the DC code is now implemented in python.
-CHANGES SINCE alpha16
+CHANGES SINCE alpha17
=====================
-For a list of changes since alpha 15, please see the git log.
+For a list of changes since alpha 17, please see the git log.
$ git clone git://git.samba.org/samba.git
$ cd samba.git
-$ git log release-4-0-0alpha16..release-4-0-0alpha17
+$ git log samba-4.0.0alpha17..samba-4.0.0alpha18
Some major user-visible changes include:
-samba-tool dbcheck
-------------------
+Improvements to DNS servers. Samba4 now has 3 options for the
+handling of DNS: The default option is to use the BIND 9.8 DLZ plugin,
+which stores the information about the DNS zone in the directory.
+There is also an internal DNS server (but which does not support
+secure DNS updates at this time) and the flat file BIND 9.8 backend
+(storing the data in traditional zone files).
-We now have an fsck-like tool for Samba's internal sam.ldb database.
-Run samba-tool dbcheck after installation to check your database for
-self-consistency. Any database created with a previous Samba4 alpha
-will have a very large number of consistency errors, which this tool
-can fix.
+To migrate from zone files to directory based DNS servers, a migration
+tool (upgradedns) has been added.
-See also the -H option to point dbcheck at a different database to the
-default, and the --fix and --yes options to make changes and to not
-prompt about those changes.
+samba-tool dns commands to manage DNS records stored in directory.
-After upgrading Samba, it is suggested that you do the following:
+smbwrapper (a user-space file system based on LD_PRELOAD) has been
+removed.
- - stop samba
- - take a backup copy of your sam.ldb and sam.ldb.d/* database files
- - run samba-tool dbcheck --cross-ncs --fix
- - use 'all' to say yes to fixing each type of error found
- - after it has finished, run dbcheck again to ensure it reports no
- errors
+Improvement to the upgrade process between Samba 3.x domains and Samba
+4.0 AD domains (samba-tool domain samba3upgrade).
-There will be a lot of errors fixed, particularly related to
-bad/missing GUID values. This is due to a bug in previous releases
-that left many objects with bad GUID values. These can all be fixed
-using dbcheck with steps above.
+Some major but less visible changes include:
+Major work to bridge the code gap between the major parts of the code
+base, including a common loadparm wrapper, smb client library, as well
+as NTLMSSP, GSSAPI and SPNEGO code as part of the GENSEC
+authentication and authorization stack.
-New default paths
------------------
+Preparation work for moving to TDB2, a new version of Samba's core TDB
+database.
-The configure options for paths have changed again, and the
---enable-fhs option has been reinstated. Packagers should attempt to
-first package Samba using:
+smbtorture tests for SMB 2 and SMB 2.2 as the team improves and
+develops support these new protocols.
-./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var
+Major cleanup and removal of global variables in the smbd SMB and SMB2 server.
-and only after examining the location Samba uses with these options
-should further changes be made. Existing packaging scripts are not
-expected to work unmodified, instead the Samba Team's aim is to
-simplify such scripts for the long term.
+Heimdal security issue 2012-01-11 - libkrb5 checksum - denial of serice
+http://www.h5l.org//advisories.html?show=2012-01-11
-samba-tool domain samba3upgrade
--------------------------------
+KNOWN ISSUES
+============
-The new samba-tool domain samba3upgrade command is a supported upgrade route
from Samba
-3.x domain controllers to Samba 4.0 AD domain controllers. This
-provides a one-time migration of all users, domain members, passwords,
-groups, group members and account polcies.
+- upgradeprovision should not be run when upgrading to this release
+ from a recent release. No important database format changes have
+ been made since alpha16.
-This tool is still under development and may fail when presented with
-an inconsistant Samba3 database (such as many LDAP configurations).
-We hope to improve the error handling and recovery in these
-situations, so please provide feedback using the samba-technical
-mailing list.
+- The BIND 9 DLZ plugin is compatible only with BIND 9.8, not BIND 9.9.
-KNOWN ISSUES
-============
+- Systems with tdb or ldb installed as a system library may have
+ difficulty building this release of Samba4. The --disable-tdb2
+ configure switch may be of assistance. (Distributors who (rightly)
+ have difficulty with this may wish to wait until a future release,
+ which will soon fix this issue).
- Installation on systems without a system iconv (and developer
headers at compile time) is known to cause errors when dealing with
non-ASCII characters.
- In some situations, group members may not be upgraded by the
- samba-tool domain upgrade_from_s3 script
-
-- The samba-tool domain join script will not join Windows 2000 domains.
+ samba-tool domain samba3upgrade tool
- Domain member support in the 'samba' binary is in it's infancy, and
is not comparable to the support found in winbindd. As such, do not
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 30fc216..f973800 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -874,8 +874,6 @@ bool spnego_parse_auth_response(TALLOC_CTX *ctx,
const char *mechOID,
DATA_BLOB *auth);
-bool spnego_parse_auth_and_mic(TALLOC_CTX *ctx, DATA_BLOB blob,
- DATA_BLOB *auth, DATA_BLOB *signature);
/* The following definitions come from libsmb/conncache.c */
NTSTATUS check_negative_conn_cache( const char *domain, const char *server);
diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index c1b49c9..2cc2a2a 100644
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -412,46 +412,6 @@ DATA_BLOB spnego_gen_auth(TALLOC_CTX *ctx, DATA_BLOB blob)
/*
parse a SPNEGO auth packet. This contains the encrypted passwords
*/
-bool spnego_parse_auth_and_mic(TALLOC_CTX *ctx, DATA_BLOB blob,
- DATA_BLOB *auth, DATA_BLOB *signature)
-{
- ssize_t len;
- struct spnego_data token;
-
- len = spnego_read_data(talloc_tos(), blob, &token);
- if (len == -1) {
- DEBUG(3,("spnego_parse_auth: spnego_read_data failed\n"));
- return false;
- }
-
- if (token.type != SPNEGO_NEG_TOKEN_TARG) {
- DEBUG(3,("spnego_parse_auth: wrong token type: %d\n",
- token.type));
- spnego_free_data(&token);
- return false;
- }
-
- *auth = data_blob_talloc(ctx,
- token.negTokenTarg.responseToken.data,
- token.negTokenTarg.responseToken.length);
-
- if (!signature) {
- goto done;
- }
-
- *signature = data_blob_talloc(ctx,
- token.negTokenTarg.mechListMIC.data,
- token.negTokenTarg.mechListMIC.length);
-
-done:
- spnego_free_data(&token);
-
- return true;
-}
-
-/*
- parse a SPNEGO auth packet. This contains the encrypted passwords
-*/
bool spnego_parse_auth_response(TALLOC_CTX *ctx,
DATA_BLOB blob, NTSTATUS nt_status,
const char *mechOID,
diff --git a/upgrading-samba4.txt b/upgrading-samba4.txt
index 82f562e..4cd19d5 100644
--- a/upgrading-samba4.txt
+++ b/upgrading-samba4.txt
@@ -18,3 +18,11 @@ descriptors, and upgradeprovision --full will perform a more
comprehensive upgrade of the data (including schema and display
specifiers). This attempts to do a new provision, and to then copy
existing data into that database.
+
+If you are upgrading from a more recent version, particularly alpha16
+or later, then it is better *NOT* to run upgradeprovision as the
+database format has not changed.
+
+To upgrade from BIND9 flat files to the internal database store for
+Bind 9 DLZ, use ./source4/scripting/bin/upgradedns
+
--
Samba Shared Repository
