Samba4/Andrew and Jelmers Fantasy Page/2010: Difference between revisions

From SambaWiki
(plans and achivements)
(more goals)
Line 1: Line 1:
=Plans for fortnight ending 4 July=
=Plans for fortnight ending 4 July=
*Sort out nTsecurityDescriptor problems from Zahari (Andrew)
*Sort out nTsecurityDescriptor problems from Zahari (Andrew)
*Work with summer of code students (Andrew)


==Achived so far==
==Achived so far==

Revision as of 00:58, 3 July 2009

Plans for fortnight ending 4 July

  • Sort out nTsecurityDescriptor problems from Zahari (Andrew)
  • Work with summer of code students (Andrew)

Achived so far

  • Worked with tridge to show DRS replication from windows works again (Andrew)
  • Applied patch queue from Matthias (Andrew)

Plans for fortnight ending 20 June

  • Improve automated setup of OpenLDAP backend (Andrew)
  • Finish subunit separation (Jelmer)
  • Maybe WMI..

Achieved so far

  • Samba4 alpha (Andrew)
  • Heimdal merge (Andrew)
  • Fixing Python rpcecho test and Python ldb test
  • Work with Don Davis on Samba4's Kerberos lib requirements (Andrew)

Plans for fortnight ending 6 June

  • rpcecho.python test (Jelmer)
  • Attempt Heimdal merge (Andrew)
  • More work on Kerberos requirements (Andrew)

Achived so far

  • Documentation of Kerberos requirements (in particular requiremnts that a MIT Kerberos swich would require) (Andrew with Don Davis)
  • Fix SAMR tests (Andrew)
  • Fix build with older libnet on Fedora 10
  • LDB performance issues with many users (Andrew and Tridge)
  • Unique indexes in LDB (Andrew and Tridge)
  • Fixed one-level indexes in LDB (Andrew and Tridge)
  • Worked with Howard Chu to chase down nasty crash bugs in OpenLDAP under Samba4's 'make test'

Plans for fortnight ending 23 May

  • Rework Samba4 DC to support only one realm at a time (Andrew)
    • This is not related to trusted domains, but to how we look at our database
  • Fix krbtgt expiry causing kpasswd account to be disabled (Andrew)

Achieved so far

  • 'make test' failures with OpenLDAP backend (Andrew)
    • Reproduced on current code
    • Fedora 11 VM prepared and supplied to Howard Chu for further investigation
  • str_list code (Andrew)
    • str_list_make_v3 added to Samba3 while I was away
    • Investigate why this 'v3' version is required
    • Add unit tests for all aspects of 'common' str_list behaviour
    • Attempt (but not committed) to re-merge all the str_list code

Plans for fortnight ending 9 May

Achieved so far

  • Documentation build system improvements (Jelmer)
    • Changed the docs build system to use dblatex rather than db2latex
    • Remove cruft from docs

Plans for fortnight ending 25 April

  • SambaXP conference
    • Samba4 status report presentation
    • Samba4 and Microsoft presentation

Achieved so far

  • libcli/auth merge (without ldb and Samba3 server-side components) (Andrew)
  • Fix RPC python tests (Andrew, Jelmer)

Plans for fortnight ending 11 April

Achieved so far

  • Use Full WSPP Microsoft schema in Samba4 (Andrew and Tridge)
    • Required a lot of work to make ldb more efficient with a full set of schema
    • Create and test possibleInferiors attribute for AD schema
    • Integrate work by Sreepathi Pai to convert the WSPP schema into LDIF for the provision
  • Prepare merge of charcnv code
    • Required cutting down patch from all code to just sharing a common API

Plans for fortnight ending 28 March

  • Improve the implementation of netr_DsRGetDCNameEx2 (Andrew)
  • Include full AD schema when permitted by Microsoft to do so (Andrew)
  • libcli/auth merge between Samba3 and Samba4 (Andrew)
  • charcvn merge between Samba3 and Samba4 (Andrew)
  • libregistry merge (Jelmer)
  • Samba3 DCE/RPC async (Jelmer)
  • WMI (Jelmer)
  • Fix kpasswd when the krbtgt account has expired (Andrew)

Achived so far

  • Pair programming of restoring minschema to operation
  • Implementation (with Tridge) of UID handling for recursion to a new event context in the VFS layer (Andrew)

Plans for fortnight ending 14 March

  • Improve the implementation of netr_DsRGetDCNameEx2 (Andrew)
  • Include full AD schema when permitted by Microsoft to do so (Andrew)

Achieved so far

  • Proposal for fixes for the 'wrong UID' problem with recursion to a new event context in the VFS layer
  • Improve performance of Samba will a full schema (Andrew)

Plans for fortnight ending 27 February

Achieved so far

  • Release of alpha7 (Andrew)
  • Work on the trusted domains and IPA proposal (Andrew)
  • Remove dependency of GENSEC on the Samba4 auth subsystem (Andrew)
  • Travel plans for SambaXP (Andrew)
  • Work with Microsoft on importing the full AD schema

Plans for fortnight ending 13 February

  • Prepare alpha7
  • Prepare proposal for linking IPA with AD via Samba4 (Andrew)
  • Windows7 join to Samba4
    • Work to add the AES schannel type
    • Fix Samba4 to accept Windows 7 joins

Achieved so far

Plans for fortnight ending 24 January

  • More work reintegrating WMI (Jelmer)
  • Finish full epmapper implementation (Jelmer)
  • Fix random failures of samba4.ldb.python tests (Jelmer)
  • Use subunit in submissions to the buildfarm (Jelmer)

Achieved so far

  • Alpha 6 ! (Andrew, Jelmer)

Plans for fortnight ending 10 January

Plans for fortnight ending 27 December 2008

  • Trusted domains (Andrew)
    • Reproduce metze's sucess trusting a Win2k3 domain
    • Reproduce metze's issue being trusted by a Samba3 domain
  • Make preperations for a alpha release
    • Fixing build farm failures (Andrew and Jelmer)
    • Testing a 'real' deployment (Andrew)
    • Write release notes (Jelmer)

Achieved so far

  • Proper Extended DN support (Andrew)
    • Pushed into the master branch
  • Shared object files for gen_ndr files between Samba 3 and Samba 4 (Jelmer)
  • rewrote SWIG-based Python modules in manual C (Jelmer)
  • made Samba 4 in merged build use shared libraries when possible (Jelmer)
  • fixed several issues building the standalone libraries (Jelmer)
  • prepared Debian package of tevents and packaged new versions of talloc, tdb and ldb (Jelmer)

Plans for fortnight ending 13 December 2008

Achieved so far

  • Added interactive mode to setup/provision (Jelmer)
  • Proper Extended DN support (Andrew)
    • Published final patch to list for review
  • Use Microsoft's full AD Schema in Samba4 (Andrew)
    • Conversion script taken on by Sreepathi Pai
    • Working with Microsoft to correct errors in the schema

Plans for fortnight ending 29 November 2008

Archived so far

  • Proper Extended DN support (Andrew)
    • continued work on implementation and testing

Plans for fortnight ending 15 November 2008

  • Research to check about transitive trusts between AD and MIT realms (Andrew)
  • Proper Extended DN support (Andrew)
    • Needed for Samba3 domain members in a Samba4 domain.
  • Make a Samba4 release
    • Needed for OpenChange, and to give users a solid alpha to test

Achieved so far

  • Increase to tridge's blood pressure (Andrew)
    • Tridge and I worked to learn python and start an 'upgrade_samba4' script to assist users who have to re-provision but do not wish to loose data.
  • Proper Extended DN support (Andrew)
    • Posted initial implementation to mailing list for comment

Plans for fortnight ending 1 November 2008

  • Finish 'unicode' password issues with integration of new charset (Andrew)
    • The character set conversion needs to change invalid sequences to a known 'bad' value
  • Proper Extended DN support (Andrew)
    • Needed for Samba3 domain members in a Samba4 domain.
  • Unique Index support (Andrew)
    • Needed to ensure we don't have more than one 'Administrator' in a domain (for example)
  • Allow registration in endpoint mapper (Jelmer)
  • ncacn_http (Jelmer)
  • Research to check about transitive trusts between AD and MIT realms (Andrew)

Achieved so far

  • Fix kpasswd server to not 'exit(10)' the whole of Samba (Andrew)
    • Found by Apple at the CIFS plugfest
  • Reconciled more library code between Samba 3 and 4 (Jelmer)
    • lib/util
    • librpc/gen_ndr
    • librpc/ndr
  • Repel pstring to nsswitch/ (Jelmer)
  • Move crypt() replacement to libreplace (Jelmer)
  • Enable merged-build automatically in developer builds (Jelmer)
  • Merged Matthias' registry server improvements (Jelmer)
  • Split up selftest code into a Samba4-specific and a generic part (Jelmer)
  • Fix blackbox tests on IPv6-only hosts (Jelmer)
  • Blog posting about interopability with Microsoft (Andrew)

Plans for fortnight ending 18 October 2008

  • Use separate structure for gensec settings (Jelmer)
  • Share DEBUG() code between Samba 3 and Samba 4 (Jelmer)
    • In preparation of merging my libutil-share branch
  • More work getting WMI back to work (Jelmer)

Achieved so far

  • Implement a 'unicode' password pass-down mechanism in LDB
    • This fixes domain trust problems where member servers select a compleatly random password
    • We still need to fix this for kerberos hash types (awating charset work by tridge)

Plans for fortnight ending 4 October 2008

  • Implement a 'unicode' password pass-down mechanism in LDB, or otherwise avoid UCS2 -> UTF8 -> UCS2 problems
  • Trusted domain support (LSA and KDC portions) (Andrew)

Achieved so far

  • Separate out and add tests for Subunit (Jelmer)
  • Remove global_loadparm use in a couple more places (Jelmer)
  • Restructure some of the installation bits together with Matthias (Jelmer)

Plans for fortnight ending 20 september 2008

  • wmi integration (Jelmer)
  • hdb_samba4 (Jelmer)
  • eliminate last EJS (minschema.js, samba3sam.js (Jelmer))
  • Trusted domain support (LSA and KDC portions) (Andrew)

Achieved so far

  • Committed merged build patch to Samba 3 (Jelmer)
  • Made Samba 3 and Samba 4 use the same copy of tdb, talloc, compression, replace, nss_wrapper, socket_wrapper, popt (Jelmer)
  • Committed WMI support to the repository (doesn't compile completely yet though) (Jelmer)
  • Fixed samba3sam.js and removed remaining JavaScript support. (Jelmer)
  • Implemented WSGI standard (http://www.python.org/dev/peps/pep-0333/) support in web_server.

Plans for fortnight ending 6 september 2008

  • wmi integration (Jelmer)
  • upload samba-gtk into Debian (Jelmer)
  • hdb_samba4 (Jelmer)
  • send out patch for merged franky build (Jelmer)
  • Use franky build for personal Samba4 development (Andrew)
  • eliminate last EJS (minschema.js, samba3sam.js (Jelmer))
  • Trusted domain support (LSA and KDC portions) (Andrew)

Achieved so far

  • Update NTP patch (Andrew)
  • Respond to comments and suggestions on RPMs for Fedora (Andrew)
  • (partial) Trusted domain support (LSA and KDC portions) (Andrew)
  • PAC Verification support over NETLOGON (Andrew)
  • Sent out franky merged build patch, more prerequisites fixed for Franky (Jelmer)

Plans for fortnight ending 23 august 2008

Achieved so far

  • slacking off (Jelmer)
  • Lots of questions to Microsoft on trusted domains and PAC validation (Andrew)
  • Build indexes and attributes directly from the schema, not a hard-coded list (Andrew)
  • Generate the cn=Aggregate schema in Samba4, rather than in minschema.js
    • This prepares us for adding arbitrary schema into Samba4
  • Integrate patches for multi-master OpenLDAP configuration (Andrew)
    • This allows a Samba4 provision-backend to create a multi-master backend, without hand-manipulation by the admin
  • Start of work on trusted domains
    • In our KDC, start with a special case for handling the trusted domains principals
    • In the drsblobs.idl, parse the trustAuthIncoming and trustAuthOutgoing blobs

Plans for fortnight ending 9 August 2008

  • Fix AES compatability with Windows 2008/Vista. (Andrew)
    • It turns out that Metze was starting to chase the same bug
    • The fix is to implement gss_wrap_ex() - ie AEAD, the signing of headers in DCE/RPC packets.
    • Earlier 'use Heimdal for SPNEGO' work is forming a very useful basis for this work
  • Look at smartcard login again (Andrew)
    • Bugs in Dogtag have been allegedly fixed.
  • Trusted domains (Andrew)
    • Add support for trusted domains in our KDC

Achieved so far

Plans for fortnight ending 26 July 2008

Achieved so far

  • Fix LDAP backend to be secure (not anonymous access) (Andrew)
  • Partially Fix vista join bugs due to AES and GSSAPI CFX (Andrew with Tridge)
    • Session keys for smb signing are original length (ie, 32 in this case)
    • Session keys for SAMR encryption are 16 (ie, truncated)
    • Still need to fix GSSAPI encryption for the AES case (it uses AEAD, as seen in NTLM2)
  • Phone calls with Microsoft (Andrew)
    • I now have a regular phone hookup with Microsoft to go over pending issues in the WSPP process
  • Fix 'file not found' errors from clients (Andrew with Tridge)
    • Due to an uninitialised variable, introduced in some recent SMB2 work
    • shows up on systems with extended attributes (typically those using SeLinux, such as Fedora)
    • Perhaps a good reason to push out a new alpha soon

Plans for fortnight ending 12 July 2008

  • wmi integration (Jelmer)
  • upload openchange and samba-gtk into Debian (Jelmer)
  • hdb_samba4 (Jelmer)
  • eliminate last EJS (minschema.js, samba3sam.js)
  • Improve LDAP backend from a technology preview to a deployable system (Andrew)

Achieved so far

  • Continue packaging of OpenChange and Samba4 for Fedora
  • Start work on smart card login (Andrew)
    • Including setting up DogTag certificate system (Andrew)
    • At least to the stage of the first crashes...
  • Rework schema handling to know about auxillary classes (Andrew)
    • Try to do this in common between ad2OLschema and the kludge_acl and objectclass modules.

Plans for fortnight ending 28 June 2008

  • external Heimdal use (Andrew)

Achievements

  • Created Samba 4 and OpenChange RPM packages (Andrew)
  • test TEST_LDAP=yes (Andrew)
  • Fixed Franky build for odd make versions (Jelmer)

Plans for fortnight ending 14 June 2008

  • Linked attributes for 'net vampire' (Andrew)
  • AES Key support (check with docs and Win2008 on format) in samdb (Andrew)
  • Work to make ldb merge easier for Simo (andrew)
  • Any work required to merge NTP patch with ntp.org distribution (Andrew)
  • Work with alpha testers on any issues that come up in production deployments of Samba4 (Andrew)

Achieved so far

  • Samba4 alpha4 release (andrew)
    • without LDB merge, which seems a while off yet
  • Sync ldap.py test with it's (now obsolete) ldap.js predecessor (andrew)
  • Add python bindings for NetBIOS (Jelmer)
  • Improve portability of Franky build (Jelmer)
  • Asked Microsoft about AES key formats (Andrew)
    • Just getting the data from Win2008 failed due to other reasons
  • Continued the battle with Microsoft over NTP documentation (Andrew)
  • Worked on package of Heimdal for Fedora (Andrew)
    • As a preview to packaging Samba4 for Fedora

Plans for fortnight ending 31 May 2008

  • Linked attributes for 'net vampire' (andrew)
  • Make a Samba 4.0 alpha4 release if the ldb branch gets merged

http://packages.debian.org/testing/python/python-wmi (Jelmer)

Achieved so far

  • Implement NTP signing (andrew)
  • Finish CLDAP and NBT netlogon parsing. (Andrew)
    • Including expected value tests (critical to ensuring we return the *right* answer)
    • This should help things like Group Policy, which rely on this 'DC ping' functionality
  • Merge Simo's ldb branch with current v4-0-test (abartlet)
    • Should make Simo's merge task easier.
  • Removed smbpython and restructured Python modules hierarchy to not clutter Python namespace (Jelmer)
  • Merged improvements made by Wilco and Jelmer to the registry during SambaXP (Jelmer)
  • Added documentation to most Python modules and improved descriptions. (Jelmer)
  • Fixed memory bug in autogenerated DCE/RPC Python bindings (Jelmer)
  • Several test infrastructure improvements. (Jelmer)
    • Print full test path for easy inclusion in knownfail lists
    • Make test case name part of test name to allow a test to have different results against different test cases
    • Set PYTHONPATH during test runs
  • Removed unused old EJS DCE/RPC bindings and testscripts (Jelmer)
  • Make it easier to use various libraries externally without including all of Samba 4's build system (Jelmer)
  • Updated Samba 4, OpenChange and Samba-Gtk Debian packages, now passes lintian. (Jelmer)
  • Added Python bindings for IRPC / Messaging interfaces (Jelmer)
    • Rewrote smbstatus in Python
  • Added mechanism for doing "raw" DCE/RPC requests from Python (Jelmer)
    • Also initial work on a script that should attempt to figure out IDL by probing
  • Exposed more DCE/RPC internals from Python bindings (Jelmer)
  • Initial work on WSGI implementation in web_server/ (Jelmer)
  • Added combined buildsystem for Franky

Plans for fortnight ending 17 May 2008

  • Fix our CLDAP netlogon processing to match description in [MS-ADTS] 7.3.3 (andrew)
    • Use this to fix and test group policy handling on Win2000 and WinXP clients

Achieved so far

  • Partial security=server implementation, awaiting VFS proxy merge for testing (Andrew)
  • Removed a large number of dead build farm hosts in response to automated mails (Andrew)
  • Brought back old (D)COM code and made it compile again (Jelmer)
  • Merged GNU make branch (Jelmer)
    • Now allows using system Python with Samba Python modules
  • Finished Samba 4 Debian package together with Christian (Jelmer)
  • Updated Debian packages for OpenChange and Samba-Gtk (Jelmer)
  • Most of the parsing work towards the CLDAP/NBT netlogon consolidation (Andrew)

Plans for fortnight ending 3 May 2008

  • Build Farm improvements
    • See if we can use SQLite to get a bit more done
    • make build farm summary page use sqlite
    • host list, by last reported time
    • last reported time on host individual page
  • Finish security=server re-implementation in Samba4
  • Finish ncacn_http implementation

Achieved so far

  • Very useful Visit to Sam's home company for 2 days
    • Chat with principals to encourage them
    • Jelmer prepared WAFS branch for merging
      • Looks like further development will be upstream, which is great
    • Jelmer did some initial work on tests for proxy code
    • Andrew Started work on 'security=server' re-implementation for Samba4
      • This will allow WAFS to hijack an unsigned connection as a man in the middle attack.
    • Andrew fixed 'make test' to fail if PIDL tests fail
  • Build Farm
    • make build farm send e-mails to dead hosts (based on SQLite database)

Achievements for fortnight ending ending 19 April 2008

SambaXP

  • Successfully gave 3 presentations
    • Samba4 status report (Both)
    • Samba4 and the LDAP backend / Little barber shop of horrors (Andrew)
    • RPC Scripting using Python (Jelmer)
  • Worked with Sam Liddicott
    • He has implemented the start of a WAFS (latency reducing) proxy for Samba4
    • Organised to visit his companies office
  • Improved code coverage to give better 'headline' figure for presentation (Andrew)
    • Working with Kai's winbind work to run metze's structure based tests
    • Kai worked on blackbox tests
    • Required fixing up parts of winbind (untested code is broken code, Andrew)
  • Fixed bugs in Pidl reported by Volker (Jelmer)
  • Added knownfailure support in test code (Jelmer)
  • Split out policy library into separate git repository (Jelmer)
  • Worked with Wilco on more registry tests (Jelmer)
  • Fixed several Python usability bits (Jelmer)
  • Fixed duplication in blackbox tests (Jelmer)
  • Initial work on ncacn_http support (Jelmer)
  • Discussions with Guenther, Michael about reconciling registry, libsmbdotconf and smbdotconf in Samba 3 and 4 (Jelmer)