Roadmap: Difference between revisions
From SambaWiki
(→SMB3) |
Slowfranklin (talk | contribs) |
||
| (42 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
= Introduction = |
|||
This page describes the bigger next steps in the development of Samba. The purpose is to point out the broader direction into which Samba is heading. |
This page describes the bigger next steps in the development of Samba. The purpose is to point out the broader direction into which Samba is heading. |
||
| Line 7: | Line 7: | ||
Involvement is highly welcome and can come in various guises: '''Manpower for coding, testing, documentation, ...''' |
Involvement is highly welcome and can come in various guises: '''Manpower for coding, testing, documentation, ...''' |
||
Contact the Samba Team go get involved! |
|||
'''Contact the Samba Team go get involved!''' |
|||
== File Server (smbd) == |
|||
= Features = |
|||
=== [[Samba3/SMB2#SMB_3.0|SMB3]] === |
|||
== File Server (smbd) == |
|||
* '''FUNDED''': Implment Multi-channel ([[User:Obnox|Michael]], [[User:Metze|Metze]]) |
|||
* '''FUNDED''': Add support for Witness service (Günther, [[User:Metze|Metze]]) |
|||
** Prerequisite: A asynchronous RPC server. See [[DCERPC]] |
|||
=== [[Samba3/SMB2|SMB2/SMB3]] === |
|||
* |
* '''FUNDED''': Implement multi-channel ([[User:Obnox|Michael]], [[User:Metze|Metze]]) |
||
* |
* '''FUNDED''': Implement the witness service (Günther, [[User:Metze|Metze]]) |
||
** Prerequisite: A asynchronous RPC server. See [[DCERPC]] |
|||
* RDMA (SMB direct) - Planning ([[User:Metze|Metze]], [[User:Rsharpe|Richard]], [[User:Obnox|Michael]]) |
|||
* '''FUNDED for Gluster''': Clustering (continuous availability, scale-out) - Planning ([[User:Ira|Ira]], [[User:Obnox|Michael]], ...) |
|||
* '''FUNDED for Gluster''': Persistent file handles - Planning ([[User:Ira|Ira]], [[User:Obnox|Michael]], ...) (Do not expect this immediately - Ira) |
|||
* RDMA (SMB direct) - Planning ([[User:Metze|Metze]], [[User:Rsharpe|Richard]], [[User:Obnox|Michael]], [[User:Ira|Ira]]) |
|||
* Directory leases |
* Directory leases |
||
| Line 26: | Line 27: | ||
* integrate the clustered file server into selftest/autobuild - WIP ([[User:Obnox|Michael]]) |
* integrate the clustered file server into selftest/autobuild - WIP ([[User:Obnox|Michael]]) |
||
=== File Systems === |
|||
Support for special features of various file systems, especially cluster file systems, typically through VFS modules. |
|||
* '''FUNDED''': gpfs |
|||
* '''FUNDED''': GlusterFS |
|||
* CephFS |
|||
* ... |
|||
=== Performance === |
=== Performance === |
||
Performance tuning and optimization is an important reoccurring topic. It is difficult |
|||
* Performance on small-CPU platforms (like ARM) |
|||
to really track the current issues... |
|||
** reduce CPU usage |
|||
* Database/TDB-Performance |
|||
* performance in clusters, TDB/CTDB |
* performance in clusters, TDB/CTDB |
||
* Parallel, small I/O (HyperV) workload |
* Parallel, small I/O (HyperV) workload |
||
| Line 37: | Line 47: | ||
== Print Server (smbd|spoolssd) == |
== Print Server (smbd|spoolssd) == |
||
* '''FUNDED''': MS-PAR (Andreas, Günther) |
|||
* [[Spoolss|SPOOLSS]] |
* [[Spoolss|SPOOLSS]] |
||
** Improve Spoolss Server performance |
** Improve Spoolss Server performance |
||
| Line 44: | Line 55: | ||
== Active Directory Server == |
== Active Directory Server == |
||
* '''HELP NEEDED:''' S4U2Self, S4U2Proxy, PKINIT ... You can find more details at: [[Roadmap_MIT_KDC]] |
|||
* '''FUNDED:''' MIT Kerberos support (Andreas) |
|||
* ''' |
* '''HELP NEEDED:''' Two-way forest trusts (Metze) |
||
* '''FUNDED:''' Correct non-mesh inter-site and intra-site replication via Knowledge Consistency Checker (KCC) (Andrew Bartlett, Garming Sam, Douglas |
|||
* '''FUNDED:''' [[Samba4/LDAP Backend|Use the OpenLDAP Database engine and LDAP protocol handlers in AD server]] |
|||
Bagnall) |
|||
* '''FUNDED:''' Knowledge Consistency Checker (KCC) |
|||
* [[The_Samba_AD_DNS_Back_Ends]] |
|||
* [[DNS]] |
|||
* [[Samba4/DRS_TODO_List|Directory Replication Service (DRS)]] |
* [[Samba4/DRS_TODO_List|Directory Replication Service (DRS)]] |
||
* |
* sysvol Replication (FRS/DFSR) |
||
* Read-only Domain Controller (RODC) |
|||
* Subdomain support |
* Subdomain support |
||
* One way trusts |
* One way trusts |
||
| Line 60: | Line 72: | ||
The RPC server infrastructure component is of crucial importance for both the file server and the active directory server. A few tasks in for the RPC server are prerequisites for higher level features in the file server and the active directory server. See [[DCERPC]] for details. |
The RPC server infrastructure component is of crucial importance for both the file server and the active directory server. A few tasks in for the RPC server are prerequisites for higher level features in the file server and the active directory server. See [[DCERPC]] for details. |
||
* |
* Merge source3 and source4 server and client implementations (Metze) |
||
* Make RPC server (and client) implementation fully asynchronuous (Metze) |
* Make RPC server (and client) implementation fully asynchronuous (Metze) |
||
* Endpoint_Mapper |
* Merge [[Endpoint_Mapper|endpoint mapper]] implementations |
||
* Implement Association groups |
|||
* async schannel (NETLOGON) client (Metze) |
|||
* Client changes |
|||
* merged crypto handling for samlogon cred validation (Günther/Metze) |
|||
* merged libnetjoin interfaces (Günther/Metze) |
|||
== Testing == |
== Testing == |
||
* Multi-trust environments setup to test trusts |
* Multi-trust environments setup to test trusts |
||
* Rewrite and improve the Selftest Suite |
|||
------------------------------------------------------------------------------------------------ |
|||
= Completed tasks = |
|||
=== File Server === |
|||
* [[DNS]] |
|||
* [[Samba4/DRS_TODO_List]] |
|||
* sysvol replication (file system replication) |
|||
** FRS / DFSR |
|||
*** See [[DCERPC]] |
|||
** use source3/winbindd in AD server |
|||
** subdomains |
|||
** forest trusts |
|||
* MIT Kerberos support in AD server (IN_PROGRESS, '''HELP NEEDED, TESTING NEEDED'''! Talk to Günther and Andreas to help with resources) |
|||
** Create preloadable wrappers (DONE) |
|||
** Re-test existing MIT KDC glue around the hdb backend (this has been completely rewritten) |
|||
* SMB 2.0 durable file handles |
|||
* [[Samba4/LDAP Backend|Use the OpenLDAP Database engine and LDAP protocol handlers in AD server]] |
|||
* SMB 2.1 Leases |
|||
* SMB 2.1 Multi-Credit |
|||
* SMB 3.0 protocol support (including encryption) |
|||
=== Trust support === |
|||
* Transparent file compression |
|||
A lot of DCE/RPC work needs to be done before we can really finish this task. |
|||
* Serverside copy using COPYCHUNK |
|||
* async schannel (NETLOGON) client (Metze) |
|||
* merged crypto handling for samlogon cred validation (Günther/Metze) |
|||
* merged libnetjoin interfaces (Günther/Metze) |
|||
* DCE/RPC client API changes (Günther/Metze) |
|||
** tevent based async infrastructure (new services: witness, replication, snapshot, PAR) |
|||
** client context (get rid of lp_ usage and globals for client details) |
|||
** association group implementation |
|||
* DCE/RPC server API merge and cleanup |
|||
* See [[DCERPC]] |
|||
* Improved performance on small-CPUs |
|||
==== Abstract data model ==== |
|||
* Improved TDB database performance (using robust mutex locking) |
|||
We might want to implement the abstract data model as outlined in MS-ADPS and other specs. This would allow to abstract the existing interfaces (dsdb/passdb) which both are not the best match for trust handling. Once we have that, and we have the common DCE/RPC infrastructure, we can easily plug implementations for trusts (e.g. from s3) into s4 (and vice-versa). |
|||
=== Clustering - CTDB === |
|||
* integrate CTDB master into samba master: |
|||
* We need to find a way to setup multi-trust environments during make test to test more compelx scenarios (e.g. the forst trust test from Sumit Bose). |
|||
** integrate the code under ctdb/ |
|||
* We need to test trust calls on MEMBER and DC configurations. |
|||
** integrate the build into the top level waf build |
|||
==== LSA/Netlogon ==== |
|||
=== Active Directory Server === |
|||
* Samba4 lacks support for some LSA and Netlogon calls related to trusts, some of them exist in s3 some are in my master-netlogon branch. |
|||
* internal dns server |
|||
== RPC Servers== |
|||
* use smbd as file server |
|||
* [[Spoolss]] |
|||
* use winbindd for id-mapping |
|||
* [[Winreg]] |
|||
== DCERPC infrastructure == |
|||
=== DCERPC Infrastructure === |
|||
The RPC server is an infrastructure component that is of crucial importance for both the file server and the active directory server. A few tasks in for the RPC server are prerequisites for higher level features in the file server and the active directory server. |
|||
* common secure channel implementation |
|||
* See [[DCERPC]] for details |
|||
* Reconcile source3 source4 server and client implementations ([[User:Metze|Metze]]) |
|||
* Make RPC server (and client) implementation fully asynchronuous ([[User:Metze|Metze]]) |
|||
* [[Endpoint_Mapper]] |
|||
=== Testing === |
|||
* Implement preloadable wrappers for better testing - [https://cwrap.org The cwrap project] |
|||
== Completed == |
|||
=== File Server === |
|||
* SMB2 Leases |
|||
=== Clustering - CTDB === |
|||
* integrate CTDB master into samba master: |
|||
** integrate the code under ctdb/ - DONE |
|||
** integrate the build into the top level waf build - DONE |
|||
=== Active Directory Server === |
|||
=== DCERPC Infrastructure === |
|||
Revision as of 10:38, 24 February 2021
Introduction
This page describes the bigger next steps in the development of Samba. The purpose is to point out the broader direction into which Samba is heading.
If a feature listed below is flagged as FUNDED, this means that someone is currently being paid to work on it. Hence there are realistic chances that this feature might be completed in a reasonably short time frame. For all other features, further involvement is needed: Otherwise it could even take years to complete even if a feature is flagged as work in progress (WIP), since these are usually being worked on in someone's spare time.
Involvement is highly welcome and can come in various guises: Manpower for coding, testing, documentation, ...
Contact the Samba Team go get involved!
Features
File Server (smbd)
SMB2/SMB3
- FUNDED: Implement multi-channel (Michael, Metze)
- FUNDED: Implement the witness service (Günther, Metze)
- Prerequisite: A asynchronous RPC server. See DCERPC
- FUNDED for Gluster: Clustering (continuous availability, scale-out) - Planning (Ira, Michael, ...)
- FUNDED for Gluster: Persistent file handles - Planning (Ira, Michael, ...) (Do not expect this immediately - Ira)
- RDMA (SMB direct) - Planning (Metze, Richard, Michael, Ira)
- Directory leases
Clustering - CTDB
- integrate the clustered file server into selftest/autobuild - WIP (Michael)
File Systems
Support for special features of various file systems, especially cluster file systems, typically through VFS modules.
- FUNDED: gpfs
- FUNDED: GlusterFS
- CephFS
- ...
Performance
Performance tuning and optimization is an important reoccurring topic. It is difficult to really track the current issues...
- performance in clusters, TDB/CTDB
- Parallel, small I/O (HyperV) workload
Print Server (smbd|spoolssd)
- FUNDED: MS-PAR (Andreas, Günther)
- SPOOLSS
- Improve Spoolss Server performance
- Improve Spoolss Testsuite
- Improve Winreg performance
Active Directory Server
- HELP NEEDED: S4U2Self, S4U2Proxy, PKINIT ... You can find more details at: Roadmap_MIT_KDC
- HELP NEEDED: Two-way forest trusts (Metze)
- FUNDED: Correct non-mesh inter-site and intra-site replication via Knowledge Consistency Checker (KCC) (Andrew Bartlett, Garming Sam, Douglas
Bagnall)
- The_Samba_AD_DNS_Back_Ends
- Directory Replication Service (DRS)
- sysvol Replication (FRS/DFSR)
- Read-only Domain Controller (RODC)
- Subdomain support
- One way trusts
- Support all LSA and Netlogon server functions
DCERPC infrastructure
The RPC server infrastructure component is of crucial importance for both the file server and the active directory server. A few tasks in for the RPC server are prerequisites for higher level features in the file server and the active directory server. See DCERPC for details.
- Merge source3 and source4 server and client implementations (Metze)
- Make RPC server (and client) implementation fully asynchronuous (Metze)
- Merge endpoint mapper implementations
- Implement Association groups
- async schannel (NETLOGON) client (Metze)
- merged crypto handling for samlogon cred validation (Günther/Metze)
- merged libnetjoin interfaces (Günther/Metze)
Testing
- Multi-trust environments setup to test trusts
- Rewrite and improve the Selftest Suite
Completed tasks
File Server
- SMB 2.0 durable file handles
- SMB 2.1 Leases
- SMB 2.1 Multi-Credit
- SMB 3.0 protocol support (including encryption)
- Transparent file compression
- Serverside copy using COPYCHUNK
- Improved performance on small-CPUs
- Improved TDB database performance (using robust mutex locking)
Clustering - CTDB
- integrate CTDB master into samba master:
- integrate the code under ctdb/
- integrate the build into the top level waf build
Active Directory Server
- internal dns server
- use smbd as file server
- use winbindd for id-mapping
DCERPC Infrastructure
- common secure channel implementation
Testing
- Implement preloadable wrappers for better testing - The cwrap project