Roadmap: Difference between revisions

From SambaWiki
(reference DCERPC and Samba3/SMB2 pages)
 
(113 intermediate revisions by 10 users not shown)
Line 1: Line 1:
== Introduction ==
= Introduction =


This page describes the bigger next steps in the development of Samba.
This page describes the bigger next steps in the development of Samba. The purpose is to point out the broader direction into which Samba is heading.
It is not named roadmap since it does presently not provide a timeline.
The purpose is to point out the broader direction into which Samba is heading.


If a feature listed below is flagged as '''FUNDED''', this means that someone is currently being paid to work on it. Hence there are realistic chances that this feature might be completed in a reasonably short time frame. For all other features, further involvement is needed: Otherwise it could even take years to complete even if a feature is flagged as work in progress (WIP), since these are usually being worked on in someone's spare time.
== DCERPC infrastructure ==


Involvement is highly welcome and can come in various guises: manpower for coding, testing, documentation, ...
* See [[DCERPC]]

'''Contact the Samba Team go get involved!'''

= Features =

== File Server (smbd) ==

=== Infrastructure ===

* s4u2self (Correct authorization in complex AD topologies on Linux AD member for non-SMB acccess)
* ksmbd integration

=== [[Samba3/SMB2|SMB2/SMB3]] ===

* Witness service - Prototype
* Clustering (Continuous availability, Scale-out)
* Persistent file handles - Prototype ([[User:slowfranklin|slow]])
* RDMA (SMB direct) - Prototype ([[User:Metze|Metze]])
* Directory leases - Prototype ([[User:slowfranklin|slow]])
* SMB2 UNIX Extensions

=== Clustering - CTDB ===

* Split up locking.tdb for better scaling of per-file concurrent access

=== File Systems ===

Support for special features of various file systems, especially cluster file systems, typically through VFS modules.

* gpfs ('''FUNDED''')
* GlusterFS ('''FUNDED''')
* CephFS

=== Performance ===

Performance tuning and optimization is an important reoccurring topic. It is difficult
to really track the current issues...

* Use iouring with splice() - Prototype ('''FUNDED''')
* Performance in clusters, TDB/CTDB
* Parallel, small I/O (HyperV) workload

== Print Server (smbd|spoolssd) ==

* 'MS-PAR'
* [[Spoolss|SPOOLSS]]
** Improve Spoolss Server performance
** Improve Spoolss Testsuite
* [[Winreg|Improve Winreg performance]]


== Active Directory Server ==
== Active Directory Server ==


* S4U2Self, S4U2Proxy, PKINIT ... You can find more details at: [[Roadmap_MIT_KDC]]
* sysvol replication (file system replication)
* Two-way forest trusts (Metze)
** FRS / DFSR
* [[The_Samba_AD_DNS_Back_Ends]]
*** See [[DCERPC]]
* [[Samba4/DRS_TODO_List|Directory Replication Service (DRS)]]
** use source3/winbindd in AD server
* sysvol Replication (FRS/DFSR)
** subdomains
* Read-only Domain Controller (RODC)
** forest trusts
* MIT Kerberos support in AD server
* Subdomain support
* One way trusts
** Create preloadable wrappers (IN_PROGRESS)
* Support all LSA and Netlogon server functions
** Re-test existing MIT KDC glue around the hdb backend
* [[Samba4/LDAP Backend|Use the OpenLDAP Database engine and LDAP protocol handlers in AD server]]


=== Trust support ===
== [[DCERPC]] infrastructure ==


The RPC server infrastructure component is of crucial importance for both the file server and the active directory server. A few tasks in for the RPC server are prerequisites for higher level features in the file server and the active directory server. See [[DCERPC]] for details.
A lot of DCE/RPC work needs to be done before we can really finish this task.


* Merge source3 and source4 client implementations (Metze)
* Make RPC client implementation fully asynchronuous (Metze)
* Merge [[Endpoint_Mapper|endpoint mapper]] implementations
* Implement Association groups
* async schannel (NETLOGON) client (Metze)
* async schannel (NETLOGON) client (Metze)
* merged crypto handling for samlogon cred validation (Günther/Metze)
* merged crypto handling for samlogon cred validation (Günther/Metze)
* merged libnetjoin interfaces (Günther/Metze)
* merged libnetjoin interfaces (Günther/Metze)
* DCE/RPC client API changes (Günther/Metze)
** tevent based async infrastructure (new services: witness, replication, snapshot, PAR)
** client context (get rid of lp_ usage and globals for client details)
** association group implementation
* DCE/RPC server API merge and cleanup
* See [[DCERPC]]


==== Abstract data model ====
== Testing ==


* Multi-trust environments setup to test trusts
We might want to implement the abstract data model as outlined in MS-ADPS and other specs. This would allow to abstract the existing interfaces (dsdb/passdb) which both are not the best match for trust handling. Once we have that, and we have the common DCE/RPC infrastructure, we can easily plug implementations for trusts (e.g. from s3) into s4 (and vice-versa).
* Rewrite and improve the Selftest Suite


= Completed tasks =
==== Testing ====


=== File Server ===
* We need to find a way to setup multi-trust environments during make test to test more compelx scenarios (e.g. the forst trust test from Sumit Bose).
* We need to test trust calls on MEMBER and DC configurations.


* SMB 2.0 durable file handles
==== LSA/Netlogon ====
* SMB 2.1 Leases
* SMB 2.1 Multi-Credit
* SMB 3.0 protocol support (including encryption)
* Multichannel
* Transparent file compression
* Serverside copy using COPYCHUNK
* Improved performance on small-CPUs
* Improved TDB database performance (using robust mutex locking)


=== Clustering - CTDB ===
* Samba4 lacks support for some LSA and Netlogon calls related to trusts, some of them exist in s3 some are in my master-netlogon branch.


* integrate CTDB master into samba master:
== File Server (smbd) ==
** integrate the code under ctdb/
** integrate the build into the top level waf build


=== SMB2 ===
=== Active Directory Server ===


* internal dns server
* SMB2 leases
* use smbd as file server
** See [[Samba3/SMB2#SMB_2.1]]
* use winbindd for id-mapping
* Correct non-mesh inter-site and intra-site replication via Knowledge Consistency Checker (KCC) (Andrew Bartlett, Garming Sam, Douglas Bagnall)


=== SMB3 ===
=== DCERPC Infrastructure ===


* common secure channel implementation
* See [[Samba3/SMB2#SMB_3.0]]
* Merge source3 and source4 server implementations
* multi-channel
* Make RPC server implementation fully asynchronuous
* persistent file handles
* witness notification protocol
** asynchronous RPC server. See [[DCERPC]]
* RDMA (SMB direct)
* directory leases
* clustering
** continuously available shares, scale-out shares


== CTDB ==
=== Testing ===


* Implement preloadable wrappers for better testing - [https://cwrap.org The cwrap project]
* integrate CTDB master into samba master

Latest revision as of 15:38, 20 January 2022

Introduction

This page describes the bigger next steps in the development of Samba. The purpose is to point out the broader direction into which Samba is heading.

If a feature listed below is flagged as FUNDED, this means that someone is currently being paid to work on it. Hence there are realistic chances that this feature might be completed in a reasonably short time frame. For all other features, further involvement is needed: Otherwise it could even take years to complete even if a feature is flagged as work in progress (WIP), since these are usually being worked on in someone's spare time.

Involvement is highly welcome and can come in various guises: manpower for coding, testing, documentation, ...

Contact the Samba Team go get involved!

Features

File Server (smbd)

Infrastructure

  • s4u2self (Correct authorization in complex AD topologies on Linux AD member for non-SMB acccess)
  • ksmbd integration

SMB2/SMB3

  • Witness service - Prototype
  • Clustering (Continuous availability, Scale-out)
  • Persistent file handles - Prototype (slow)
  • RDMA (SMB direct) - Prototype (Metze)
  • Directory leases - Prototype (slow)
  • SMB2 UNIX Extensions

Clustering - CTDB

  • Split up locking.tdb for better scaling of per-file concurrent access

File Systems

Support for special features of various file systems, especially cluster file systems, typically through VFS modules.

  • gpfs (FUNDED)
  • GlusterFS (FUNDED)
  • CephFS

Performance

Performance tuning and optimization is an important reoccurring topic. It is difficult to really track the current issues...

  • Use iouring with splice() - Prototype (FUNDED)
  • Performance in clusters, TDB/CTDB
  • Parallel, small I/O (HyperV) workload

Print Server (smbd|spoolssd)

Active Directory Server

DCERPC infrastructure

The RPC server infrastructure component is of crucial importance for both the file server and the active directory server. A few tasks in for the RPC server are prerequisites for higher level features in the file server and the active directory server. See DCERPC for details.

  • Merge source3 and source4 client implementations (Metze)
  • Make RPC client implementation fully asynchronuous (Metze)
  • Merge endpoint mapper implementations
  • Implement Association groups
  • async schannel (NETLOGON) client (Metze)
  • merged crypto handling for samlogon cred validation (Günther/Metze)
  • merged libnetjoin interfaces (Günther/Metze)

Testing

  • Multi-trust environments setup to test trusts
  • Rewrite and improve the Selftest Suite

Completed tasks

File Server

  • SMB 2.0 durable file handles
  • SMB 2.1 Leases
  • SMB 2.1 Multi-Credit
  • SMB 3.0 protocol support (including encryption)
  • Multichannel
  • Transparent file compression
  • Serverside copy using COPYCHUNK
  • Improved performance on small-CPUs
  • Improved TDB database performance (using robust mutex locking)

Clustering - CTDB

  • integrate CTDB master into samba master:
    • integrate the code under ctdb/
    • integrate the build into the top level waf build

Active Directory Server

  • internal dns server
  • use smbd as file server
  • use winbindd for id-mapping
  • Correct non-mesh inter-site and intra-site replication via Knowledge Consistency Checker (KCC) (Andrew Bartlett, Garming Sam, Douglas Bagnall)

DCERPC Infrastructure

  • common secure channel implementation
  • Merge source3 and source4 server implementations
  • Make RPC server implementation fully asynchronuous

Testing