7 August 2009

Samba Team Blog

Welcome to the Samba Team blog.

Starting today, we're going to try and create semi-regular updates on what is going on in the fast moving world of Samba development, what we're all up to, and where the code is going in the future. This will be a technical blog, with details on the internal changes in Samba code. We hope you enjoy it !

Firstly, we now have a Samba Team member working at Microsoft ! Congratulations to Chris Hertel, who was offered an opportunity to work directly with Microsoft to create a new set of SMB/CIFS protocol documentation. This will be published as part of the MCPP/WSPP set and made freely available from Microsoft's website.

This is the first Microsoft-sponsored SMB/CIFS documentation to be made available without restrictions since the 1997 IETF draft specifications. The first new document, [MS-CIFS], covers the SMB protocol as implemented in Windows NT. It is almost 500 pages at present, and is just entering the review and markup stage. It should be available in a few months.

In order to work with Microsoft on this project, Chris had to found a consulting company and hire a few people.

Volker Lendecke has been re-writing winbind, making it asynchronous. Here are the details:

In ancient days, winbind was just a single process. Later on came a separate deamon to update a cache, so that the main code paths in winbind would not be blocked by slow domain controllers or the network being slow to enumerate thousands of users. In an environment where winbind has to authenticate thousands of users from all over the world this can become a bit slow. So with 3.0.20, winbind was turned into a multi-process daemon. One asynchronous main daemon that in good Unix tradition is supported by several helper processes. This architecture made winbind asynchronous for all important code paths. In particular Windows clients logging into a Samba server running winbind could not block winbind from replying to other requests.

In subsequent years, this clear architecture was blurred a bit. It turned out that the architecture of winbind was not as easy to extend as everyone would have liked, so for later extensions to winbind many of the nice asynchronous code paths have become blocking again. This is not a real problem in a small installation, but for scalability this is bad. As of July 31, we laid the groundwork to make a fully async winbind a lot easier to achieve and program than it used to be: The Samba3 RPC client libraries have become asynchronous, thanks to great work by Stefan Metzmacher. Volker checked in code to make the winbind parent->child communication completely based on an IDL file and auto-generated RPC client/server stubs. This will lead to a much, much more scalable winbind soon.

o Michael Adam is working on the design of transactions in clustered Samba's CTDB database code. He's been re-factoring and re-writing the code to ensure we only access the persistent databases through the proper transaction layer.

o Jeremy Allison has been working on a particularly intransigent bug when a certain version of Excel is used on Vista with Offline file capabilities. Read more about the details here.

o Kai Blin has been working on adding internationalization to Samba's "net" command, to enable this to be used in the native language of system administrators. This is hard, unglamourous but very necessary work, so a big thanks to Kai for taking this on.

o Stefan Metzmacher (Metze) has been working on adding SMB2 support into the Samba3 fileserver. Only directory listings left to do !

o Bo Yang has been fixing authentication bugs in winbind and working on the correctness of dynamic permissions detection in the share mode database.

Samba4 has picked up a cracking pace in the past 6 weeks, with new features, new bug fixes and new developers.

The biggest change over the past few months is that Samba4 now attempts to emulate a Windows 2008 domain. This brings in new complications in Kerberos, but also a new clarity about the features we are aiming to support, and what we must compare ourselves against.

We have also seen a restart of the lively discussion between Samba developers and Microsoft, chiefly around interoperability issues between Samba4 domains an windows 2008 servers. Matthieu Patou (our Russian connection in Samba4 development, and sysadmin for our secret Russian production site) has found and fixed some very interesting bugs. A misplaced 0 or the PAC in the wrong position in a list can have big consequences in the world of AD interop!

Matthieu has also been at work with Wireshark, producing a decryption plugin for Netlogon SCHANNEL and NTLM, using a keytab.

Andrew Bartlett has been hard at work in the land of Kerberos, producing a new tool 'net export keytab' to produce the keytab input used by wireshark. He has also been working to chase the 'make test' back to passing, as well as numerous other small changes to keep others moving.

Andrew has also been working with the NTP community to integrate the patches for MS-SNTP authenticated time.

Matthias Dieter Wallnöfer has been hard at work on what should have been a very simple RPC call - the NetLogon LogonGetDomainInformations call looks like a simple query for a bit of info about the primary domain, but instead turns out to be really 'update computer OS version, service principal names and dnsHostName in the domain'. Matthias rose to the challenge, asking Microsoft for clarification and producing a client test suite to prove it's correctness.

Matthias also does a great job maintaining the Samba4 section of our Bugzilla, and is now a proud member of the Samba Team.

Nadezhda Ivanova and Zahari Zahariev are less dominant in the Samba4 commit logs, but this is because they have taken on the massive task of implementing AD compatible access control lists in Samba4. Their work and testing continues, and rumour has it that pending some final explanations, they will have patches landing shortly.

Anatoliy Atanasov continues to bash his head against the brick wall known as AD replication, but hopes to make some progress soon. With his work, and the groundwork by Metze, two-way Samba4 <-> Samba4 and Samba4 <-> AD replication will be possible.

Steve French and Jeff Layton have been working hard on the CIFS kernel client. The upcoming Linux kernel version 2.6.31 will include more than 50 CIFS patches which improve both performance and stability. Among the most recent patches is one that fixes sendfile, which was noticed by the Apache community when the Apache server was running over CIFS. The POSIX open and create code have significantly sped up these operations to Samba servers. Steve is working with Pavel on the new SMB2 kernel client, now that they are past the session establishment code, they are now working on the inode handling code which needs to be ported and updated to handle SMB2 semantics.

Finally, with an appropriate quotation from Bertolt Brecht, Karolin Seeger, our hard working and long suffering release manager, released the final version of the Samba 3.0.x series - Samba 3.0.36. This is the FINAL release of Samba 3.0, no more fixes, enhancements or security updates will be available. If you haven't already moved to a later version of Samba, this should be your wake up call :-).

Thanks for reading and don't forget you can contact all the Team on the samba@samba.org and samba-technical@samba.org lists. Don't be shy, we love to hear from you all :-).

Posted at 14:12 | Read more in: Developers