Difference between revisions of "SoC/Ideas"

From SambaWiki
(format more ideas)
Line 29: Line 29:
 
These libraries need an advocate and packager, to help push them into distributions.
 
These libraries need an advocate and packager, to help push them into distributions.
   
  +
==Wireshard PIDL expansion==
wireshark idl annotation, more pipes
 
  +
Wireshark (nee Ethereal) uses PIDL to generate dissectors. However to create the best output, our IDL needs annotation and correction.
   
  +
We also need to do the work to decode more RPC pipes with PIDL, rather than with the hand-written decoder. The problem is, the hand-written code currently produces nicer, and more user friendly output.
samba3 compatible idmap in samba4
 
   
  +
==Samba4 Domain Member support==
domain member in samba4 (partial?)
 
  +
Samba4 needs various bits of work, to become a useful domain member:
  +
Students may wish to take on some or all of the tasks below
  +
* Create a [[Samba3]] compatible IDMAP implementation in Samba4
  +
* Implement user and group enumeration for nss_winbindd is Samba4
  +
* Implement Kerberos handling in Samba4
  +
* Research and improve other aspects of domain member support
   
  +
==LDB ACLs==
ldb acls
 
  +
Currently, Samba4 uses a module known as 'kludge_acls' to perform some basic access control on Samba4's database. This is highly inflexible, and needs to be replaced with real NT ACLs on the elements.
   
 
==CIFS POSIX extensions in Samba4==
mozilla nss in samba4??
 
  +
Samba4 does not implement the CIFS POSIX extensions at this stage.
   
  +
A testsuite needs to be written, to prove consistent behavior, and the Samba3 compatible server implemented.
CIFS posix extensions in Samba4
 
   
   
 
==SACL VFS Module (Samba 3)==
 
SACL VFS Module (Samba 3)
 
   
 
Support for file systems SACLs (i.e. file system auditing) on in Samba
 
Support for file systems SACLs (i.e. file system auditing) on in Samba
Line 51: Line 59:
   
   
Consolidate internal LDAP SASL support (Samba 3)
+
==Consolidate internal LDAP SASL support (Samba 3)==
   
 
Samba has two separate copies of LDAP support routines. One is used to
 
Samba has two separate copies of LDAP support routines. One is used to
Line 60: Line 68:
   
   
Backport EndPointMapper and support for ncacn_ip_tcp (Samba 3)
+
==Backport EndPointMapper and support for ncacn_ip_tcp (Samba 3)==
  +
(pre-requistite of events framework backport first?)
 
   
 
Current Samba 3.0 releases only support MS-RPC over SMB named
 
Current Samba 3.0 releases only support MS-RPC over SMB named
Line 67: Line 75:
 
which could be back ported in some degree to the SAMBA_3_0 tree.
 
which could be back ported in some degree to the SAMBA_3_0 tree.
   
 
A pre-requistite task may be to backport the events framework first
   
Alternative configuration backends (Samba 3)
+
==Alternative configuration backends (Samba 3)==
(obsoleted by registry shares work?)
 
 
 
The current smb.conf does not allow the flexible set read and modify
 
The current smb.conf does not allow the flexible set read and modify
 
individual key/value pairs from within smbd. This project would
 
individual key/value pairs from within smbd. This project would
Line 80: Line 87:
 
interpreter/editor.
 
interpreter/editor.
   
  +
The interaction between this and the registry shares in Samba3 should be carefully considered.
   
 
==Full SAM implementation (Samba 3)==
 
Full SAM implementation (Samba 3)
 
(replace with ldb_sam idea, using samba4 layout?)
 
 
 
Provide a new database passdb backend that provides both the Unix and
 
Provide a new database passdb backend that provides both the Unix and
 
Win32 attributes without the use of external commands such as the "add
 
Win32 attributes without the use of external commands such as the "add
user script".
+
user script".
  +
  +
This could be based around LDB, perhaps with the Samba4/AD layout.
   
   

Revision as of 05:18, 1 March 2007

Google Summer of Code: Suggested Project ideas

Linux Kernel CIFS client improvements

Interested students should contact Steve French for a list of suggested improvements to the Linux Kernel CIFS VFS client.

FRS: File Replication Service

The protocol used for the File Replication Service in Active Directory is not currently understood.

This project would be to document this protocol, and potentially implement it in Samba4

ci-skads

Like FRS, the protocol used for the content indexing search engine isn't understood.


Static and dynamic code analysis

We regularly use tools such as the IBM Checker, and Valgrind to work over our codebase.

These produce many warnings, and in particular the IBM Checker has found many 'unfixed' issues in the codebase. Many are false positives, but many are also very serious issues. Students will need to work with the team and the upstream developers to resolve as many of these as possible.

Windows GUI Testing

With GUI automation tools, test the behaviour of windows applications against Samba3 and Samba4. This needs to be integrated into the existing Windows testing code.

multi-smbd testing

The current test infrastructure in Samba3 and Samba4 only starts one copy of smbd.

For testing of domain member implementation, we should start multiple server binaries, and test the interaction between them.

Packaging ldb/tdb/talloc

These libraries need an advocate and packager, to help push them into distributions.

Wireshard PIDL expansion

Wireshark (nee Ethereal) uses PIDL to generate dissectors. However to create the best output, our IDL needs annotation and correction.

We also need to do the work to decode more RPC pipes with PIDL, rather than with the hand-written decoder. The problem is, the hand-written code currently produces nicer, and more user friendly output.

Samba4 Domain Member support

Samba4 needs various bits of work, to become a useful domain member: Students may wish to take on some or all of the tasks below

  • Create a Samba3 compatible IDMAP implementation in Samba4
  • Implement user and group enumeration for nss_winbindd is Samba4
  • Implement Kerberos handling in Samba4
  • Research and improve other aspects of domain member support

LDB ACLs

Currently, Samba4 uses a module known as 'kludge_acls' to perform some basic access control on Samba4's database. This is highly inflexible, and needs to be replaced with real NT ACLs on the elements.

CIFS POSIX extensions in Samba4

Samba4 does not implement the CIFS POSIX extensions at this stage.

A testsuite needs to be written, to prove consistent behavior, and the Samba3 compatible server implemented.


SACL VFS Module (Samba 3)

Support for file systems SACLs (i.e. file system auditing) on in Samba in a VFS module by utilizing Extended Attributes. This project should ensure that users are able to successfully view and modify auditing settings on files and directories using the Windows Explorer.


Consolidate internal LDAP SASL support (Samba 3)

Samba has two separate copies of LDAP support routines. One is used to access Active Directories servers when operating as a member server and the other is used for implementing the LDAP passdb backend feature. Applicants should be comfortable with LDAP directories services and SASL mechanisms such as GSS-SPNEGO.


Backport EndPointMapper and support for ncacn_ip_tcp (Samba 3)

Current Samba 3.0 releases only support MS-RPC over SMB named pipes. The SAMBA_4_0 code base has support RPC directory over TCP which could be back ported in some degree to the SAMBA_3_0 tree.

A pre-requistite task may be to backport the events framework first

Alternative configuration backends (Samba 3)

The current smb.conf does not allow the flexible set read and modify individual key/value pairs from within smbd. This project would explore using a registry like backend that would allow more flexibility is managing Samba's configuration settings outside on a simple text editor. The LibElektra project provides a common configuration library with storage plugins. One possibility would be to implement an LDB backend along with a simple command line interpreter/editor.

The interaction between this and the registry shares in Samba3 should be carefully considered.

Full SAM implementation (Samba 3)

Provide a new database passdb backend that provides both the Unix and Win32 attributes without the use of external commands such as the "add user script".

This could be based around LDB, perhaps with the Samba4/AD layout.


SNMP support (Samba 3) (does anyone still care?)

Explore supporting the LANMAN SNMP MIB included with Windows server operating systems in smbd, nmbd, and winbindd.


Solve the overabundance of configuration parameters (Samba 3) (warning: long gloves required?)

Samba 3.0 includes many config options which are necessary only in extreme circumstances. Only a small percentage of the parameters are required in most installations. The challenge is to remove the more advanced settings from immediate misuse while still providing access to them when absolutely necessary.


Implement a Berkeley DB backend for LDB (less important now we have transactions in tdb?)

LDB currently supports both TDB and LDAP backend storage mechanisms. Another alternative backend possibility is the Berkeley DB database.


Develop an Administrative Logging System (Samba 3)

The log files in Samba are commonly of more use to developers than to administrators. A new logging system (in parallel with the existing debug logs) similar to the Windows auditing facilities would record those specific events of concern to sysadmins. This support would include auditing for printers, users & groups, configuration changes, etc...


Componentization of Samba (Samba 3 & 4)

Samba has many APIs and subsystems, such as talloc, ldb & tdb, etc..., that would be of use to the Open Source community at large. Much work is needed to break these individual projects out of the current Samba source trees and establish them an individual projects if which Samba is but one consumer. (packaging and docs mainly)



Dbench and Nbench workload generator based on Samba 4

Samba 4 has two NTVFS backends (cifs and nbench) which allow to create a CIFS proxy which:

  1. intercepts CIFS traffic and forwards that to a remote server, and
  2. write down a workload scenario file for Nbench and Dbench tools

For every connection there is one log file is written. These logs can later be replayed by nbench/dbench against any file system/server to reproduce the same workload. Implementation of the following things will allow to create a specialized workload generator to test various usage scenarios based on real world applications:

  1. Add a functionality to post-process generated logs to create a combined dbench/nbench scenario representing multiple-client access pattern.
  2. Add CIFS Posix Extensions support to both Nbench NTVFS backend and dbench/nbench tools so that Linux applications running against Linux CIFS file system could be profiled.
  3. Package resulting solution as simply-installable and configurable application similar to Samba4WINS package


Subversion VFS Module (Samba 3)

Given a share that is also a Subversion working copy, provide a VFS module that performs the svn action corresponding to the file system action. For example, if a file is added from a Windows client, an "svn add" is done by the VFS module (note: not the command itself, but the equivalent SVN api call.) When (and if) to commit and what message to attach could be configurable options.


Re-implement smbclient in ejs (Samba 4)

Samba4 now has an embedded javascript interpreter, which is used for both web configuration and for command line tools. The interpreter has access to the extensive internal C library of Samba. We would like smbclient to be rewritten in js, making it much more easily extendable by administrators.


ci-skads decoding and implementation

The ci-skads protocol is used to implement remote full filesystem indexing (indexed search) between windows machines. We would like to support this functionality in Samba, interfacing with existing indexing tools on Unix systems (such as beagle). This would be a very challenging project, suitable for someone experienced with analyzing completely new protocols.


GQ replacement using GTK and LDB

GQ is a widely used LDAP query tool. Many LDAP administrators would benefit if a similar tool were constructed, in particular with similar schema knowledge. Using LDB as a backend could allow easy use of Samba-supported SASL mechanisms for easier authentication. Likewise, an LDB editor in SWAT would be very useful. Building it with interactive functionality would make it a very powerful way to manage Samba4's LDB databases.