SoC/Ideas

From SambaWiki

Google Summer of Code: Suggested Project ideas

Samba 3

User-space ACL implementation

Samba4 contains an implementation of NT-style access control lists in user space. [1] contains a rudimentary start of this code to Samba3. This project should complete the implementation started by Volker Lendecke, together with a lot of tests that verify individual operations in Samba3 do the correct access checks.

Under http://git.samba.org/?p=vl/samba.git/.git;a=shortlog;h=aio_libs you can find what has been done so far. The basic idea of Samba right now is that we always do a seteuid() to the user logged in and let the kernel take care of access controls. This limits our abilities to match Windows semantics to what Posix provides. The new project would do it differently: Not do the seteuid() per request but do the access checks manually in user space. Samba would always use one user id, regardless of what user is connected, and uses the NT token it has calculated during user login to do the access checks itself.

The git branch mentioned above has some basic infrastructure in place. The project would be two steps: First, make the Samba4 torture test RAW-ACLS pass against Samba3, and secondly it would mean that all operations like read, write, getacl, setacl and so on would need to be expanded to do the necessary access checks. For that part it would be necessary to considerably extend the RAW-ACLS torture test.

Possible mentor: Volker Lendecke

Backport EndPointMapper and support for ncacn_ip_tcp

Current Samba 3.0 releases only support MS-RPC over SMB named pipes. The SAMBA_4_0 code base has support RPC directory over TCP which could be back ported in some degree to the SAMBA_3_0 tree. A pre-requisite task may be to backport the events framework first

Possible mentors: JelmerVernooij

Convert more of the Samba 4 IDL to be used in Samba 3

3.2 will start using more autogenerated DCE/RPC pull/push functions. At the moment, winreg, wkssvc, dssetup, lsarpc, netlogon and samr have been converted. The following interfaces still have to be converted (and would ideally also have the related tests from Samba 4 pass against them):

  • srvsvc (almost finished)
  • svcctl (already started)
  • eventlog (only 1 call left)
  • ntsvcs (already started)
  • spoolss (samba4's idl should be fixed first.)

Possible mentors: JelmerVernooij

Finish the move to the new NDR based winbind protocol

Samba 3.2 has a libwbclient library which abstracts the access to winbindd. However there're some caller's left which directly access the winbindd socket (e.g. wbinfo).

The student should add the missing functions to libwbclient and convert wbinfo (and maybe also nss_winbind.so and pam_winbind.so) to only use libwbclient.so.

It is aimed to replace the struct based winbind protocol in samba3 with a new NDR based one. The infrastructure for the autodection and request handling between the new and old protocol is already finished. Also the winbind internal communication uses almost only the new protocol. It's available in this branch http://gitweb.samba.org/?p=metze/samba/wb-ndr.git;a=shortlog;h=v3-2-wb-ndr.

The student should also start convert the winbindd code to support the new NDR based protocol also on the client socket. However the old struct based protocol should still be available, but the old protocol requests should be implemented just as wrappers to the new protocol, so that the winbind internal logic only uses the struct based interface.

The student should also extend the winbind torture tests in Samba4 to test the struct based and NDR based interfaces automaticly in the build-farm (make test).

The student doesn't need to convert libwbclient to use the new protocol.

Possible mentors: Stefan Metzmacher

Develop a .reg file registry dump/restore utility for Samba3

The goal of this project is to develop a library for reading and writing .reg files as described here: [2]. A subcommand of the net utility would be used to save and restore parts or all of Samba3's registry.

A simple project would develop this upon the existing Samba3 registry code. This task can also be achieved as part of a more ambitious project described in the next chapter.

Possible mentors: Michael Adam and JelmerVernooij

Reconcile Samba3 and Samba4 registry code

Samba4's registry code is a well structured mostly isolated library with replaceable backends mounted onto hives, similar to Windows registry structure. Samba3 registry code has many legacy parts that are currently being hidden more and more under a winreg-api-like interface. Special actions like dynamic overlays are tied to various registry subkeys by "hooks".

Reconciling the two registry versions would mostly mean porting Samba4 registry code to Samba3, things have to be adapted for Samba3 registry hooks functionality to be preserved.

A .reg file utility could be obtained more or less as side result of this project since ther is alread some support for this in Samba4.

Possible Mentors: JelmerVernooij and Michael Adam

Add remote (RPC) support for Samba configuration

Since recently, Samba has a registry based configuration backend: Configuration data is stored inside the registry key HKEY_LOCAL_MACHINE\Software\Samba\smbconf. Access to this configuration is available through a module that makes use of the "reg_api" interface which is similar to the winreg API. This project would at first develop a common api for registry access local through reg_api and remote through the winreg rpc client code. This new module could be abstraced from the code of the utility "net rpc registry". With this new module, the registry configuration code could be enhanced to allow for remote configuration.

Possible Mentors: Michael Adam

Samba 4

Compression in the ndr layer

The DRSUAPI DsGetNCChanges() call uses compression for replicating large chunks of objects.

We already have the MSZIP decompression working in samba4 and know the student should implement the MSZIP compression code used for the server code. The idea is to base the work on zlib and contribute the results back to the zlib authors.

There's also another compression algorithm "XPRESS" used in windows 2003. The algorithm is described in the MS-DRSR document of the Microsoft WSPP documentation (See http://msdn2.microsoft.com/en-us/library/cc203213.aspx). The student should implement windows 2003 compression/decompression.

The student should also write a testsuite, so that the compression is tested automaticly in the build-farm (make test).

The algorithm is also used between Outlook and Exchange, so this would also help the OpenChange team.

Possible mentors: Stefan Metzmacher

Windows Search Protocol WSP client library and torture tests

The Windows Search Protocol WSP is used to implement remote full filesystem indexing (indexed search) between windows machines. We would like to support this functionality in Samba, interfacing with existing indexing tools on Unix systems (such as beagle).

This is a new protocol based on SMB named pipes \pipe\ci_skads or \pipe\MSFTEWDS. See http://msdn2.microsoft.com/en-us/library/cc216195.aspx.

The student should write a (un)marshalling library to push and pull PDUs and an async client library on top of the samba4 raw smb client library.

The student should write sub tests for smbtorture which should demostrate how the protocol works against a windows server.

The student doesn't have to implement the samba4 server code.

Mentor: Tridge

CIFS POSIX extensions in Samba4

Samba4 does not implement the CIFS POSIX extensions at this stage.

A testsuite needs to be written, to prove consistent behavior, and the Samba3 compatible server implemented.

Possible mentors: Tridge?

Re-implement smbclient in python

Samba4 now has an embedded python interpreter, which is used for both web configuration and for command line tools. The interpreter has access to the extensive internal C library of Samba. We would like smbclient to be rewritten in python, making it much more easily extendable by administrators.

Possible mentors: JelmerVernooij

GQ replacement using GTK and LDB

GQ is a widely used LDAP query tool. Many LDAP administrators would benefit if a similar tool were constructed, in particular with similar schema knowledge. Using LDB as a backend could allow easy use of Samba-supported SASL mechanisms for easier authentication. Likewise, an LDB editor in SWAT would be very useful. Building it with interactive functionality would make it a very powerful way to manage Samba4's LDB databases.

Possible mentors: JelmerVernooij

Browsing support in Samba 4

Samba 4 still needs support for mailslots in general and in particular for the BROWSE mailslot. Should come with tests.

Possible mentors: JelmerVernooij

Extension of the GTK+ frontends

There are a couple of GTK+ frontends for Samba4 (see SambaGtk). These are very limited at the moment but you could work on expanding them and further integrating them with GNOME. Language: C or Python

Possible mentors: JelmerVernooij

SWAT implementation in Python

SWAT, the Samba Web Administration Tool is basically nonexistant in Samba4 at the moment. We would like to see it implemented in Python for Samba 4, with a focus on usability.

Possible mentors: JelmerVernooij

Miscellaneous

Linux Kernel CIFS client improvements

Interested students should contact Steve French and discuss possible improvements to the Linux Kernel CIFS VFS client. Here are some ideas to get you started:

  • improved async/vectored i/o support (improves performance)
  • Create a GUI for creating and managing Linux cifs mounts, and more easily configuring the many complex cifs mount options
  • Create GUI for displaying /proc/fs/cifs statistics and and mount/session status
  • Create a common uid mapping mechanism for Linux nfs and cifs vfs clients, that can be configured to remap, on a particular mount on the client, the uids returned by the server to uids which would be valid on the client (or to a default if such uid does not exist). This is helpful when the server even if it supports the CIFS Unix Extensions has different uids and gids than the client
  • Finish the Linux cifs vfs change notification support by completing the D_NOTIFY fcntl mapping to the FindNotify mechanism supported by the CIFS protocol
  • prototype SMB2 client
  • integration of cifs client with Dave Howell's fscache/cachefs (for offline caching of files on the client and to allow disconnected operation)
  • cifs->Samba automated test facility (build verification) similar to what we can now do with the Samba server and tools in the Samba build farm
  • Support for alternate transport protocols (other than TCP sockets)
  • Support for features (such as directory delegations) which NFS version 4.1 has but which current CIFS even with the most current CIFS->Samba protocol extensions (CIFS Unix Extensions) do not have.
  • Support for retrieving snapshots, encrypted files, or compressed files from Windows via the CIFS VFS


Possible mentors: Steve French