I'm submitting this fasttrack for Jiri Sasek, seeking patch binding for backport to S10. Timeout is on 12/24/2009.
The proposal is to upgrade the current version of Samba to 3.4. The change in license from GPlv2 to GPLv3 has been reviewed by legal. https://opensourcereview.central.sun.com/app?action=ViewReq&traq_num=8443 The case directory contains 2 files, pkgs-1 contains a list of the package contents for the upgrade, ldap-pkg contains the package contents for the ldap deliverables. -Dan Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI This information is Copyright 2009 Sun Microsystems 1. Introduction 1.1. Project/Component Working Name: Update Samba to release 3.4 1.2. Name of Document Author/Supplier: Author: Jiri Sasek 1.3 Date of This Document: 17 December, 2009 4. Technical Description Proposal: Update Samba to release 3.4 and above in Solaris 10 and above. Detail: Samba is the only available CIFS volume and printing server in Solaris 10 and 9 (production releases of the Solaris). Samba is the only available CIFS printing server in Solaris 9 and above. Besides Apache, Samba is the most important component in Solaris in the case of the business deployment. It plays primary role in interoperability with the MS Windows on Solaris 10 and 9. Samba.org community discontinued support of the Samba 3.0.x currently bundled with all releases of Solaris. Samba.org community also changed the release model for samba where the minor release number is expected to be increased each approx. 6 month. Currently samba 3.5 pre-release is available and is expected to be released this year. Align the bundled release to community latest stable (3.4.3 in time of writing of this document) will allow to continue in porting all of the fixes released by the community into the Solaris bundle. As with any other FOSS component it is important to maintain the integrated version of Samba on "community supported stable version", so Sun can leverage the bug fixing work done by the community as well as getting new product features being added by the community. This is simply the most cost-effective approach, otherwise Sun needs to invest its own resources to bug fixing and does not get any new features on Samba, so it stays behind the community. Such approach is now possible only with Samba 3.4.x. In scope of this project is to update Samba to "latest stable" release supported by the community in Solaris 10 and above. Update of the samba in Solaris 9 is out of scope of this project where only the security fixes are expected in Solaris 9. Original integration of samba in Solaris introduced in PSARC/2000/488 was related to samba 2.2.x so it does not fully respect the current releases of samba, which are designed on modular basis. Placing of the samba loadable modules and libraries into the private locations should be accented here to prevent unintentional linking of the 3-rd party SWs to it. Samba executable objects will be moved from its original location in /usr/sfw to more generic paths in /usr/bin, /usr/sbin and /etc. Respecting the PSARC/2007/047 (/usr/gnu) the conflicting objects will be prefixed by "smb". Currently the "profiles" will be renamed to "smbprofiles". Private modules of the samba will be "separated" in the /usr/lib/samba subdirectory to hide these objects from the standard linker paths to prevent unintentional linking on it. On Solaris 10 the symbolic links will be created on the original positions of samba utilities in /usr/sfw/bin pointing to the new locations of these utilities in /usr/bin to conserve the compatibility of scripts created before this change. Current releases of Samba are released under the GPLv3 where 3.0.x releases of Samba replaced by this case were released under GPLv2. To prevent unintentional detecting of samba headers by GNU autoconf during the build of the other FOSS Solaris components we should isolate such samba headers into the separated directory (/usr/include/samba) to prevent possible legal issues in case of the automaticaly ported GPLv2 applications. Only the application bundled by hand will be allowed to browse this non-standard path by GNU autoconf if it will be allowed to do so. To fulfill conditions of the LSARC/2006/350/ contract where gnome-vfs released under GPLv2 is contracted to link libsmbclient so libsmbclient built from the samba 3.0.<latest> release (GPLv2) source will not be removed from the updated samba packages. GPLv2 licensed libsmbclient will remain located in /usr/sfw/lib (libraries) and /usr/sfw/include (header) as is currently located. Configuration file smb.conf and private-data directory currently located in /etc/sfw will be moved to separate directory /etc/samba to make samba removal from the system more simple in case of the CIFS server migration. In such case is more clean which private data belongs to samba than to the other SFW applications. This case adds 64-bit modules for PAM and NSS also which were missing from previous Samba cases by mistake and it brought problems for some applications in 64-bit enviroment in some setups. Samba man pages will be moved on Solaris 10 from the SUNWsfman package directly to SUNWsmbau samba package so further samba patches will not address changes in SUNWsfman. Samba man pages on Nevada together with samba html pages will be moved to the newly created package SUNWsmbadocu. Samba html pages are accessed via SWAT (Samba Web Admin. Tool) available as SMF(5) service. SMF(5) xml-manifest will be delivered by SUNWsmbadocr package. Samba html pages are currently located in /etc/sfw/swat and will be moved to /usr/share/samba/swat. There is intention to put also the DocBook source xml-code into the /usr/share/samba/xml but current release os DocBook in Nevada is too obsoleted to handle the xml-sources from samba.org archive. Availability of xml-source will allow to generate also the different output formats (i.e. PDF) by user. Samba 3.3 and above support remote administration by Win-RPC directly from registry editting application (i.e. regedit.exe). This style of remote administration is most common for MS Windows admins who are using gui administration tools. Forking the html documentation and Web based administration of samba into the separate packages will allow not to install these componnents in such case where just the documentation is representing majority in amount of data in SUNWsmbau package. It will make samba updates more flexible and lower the footprint. Exported Interfaces: In general samba is 3-rd party OpenSource product so only the committed interfaces are: - subdirectories to place the samba components - package names - SMF(5) services name description ------- Committed interfaces ---------------------------------------- /usr/sbin location of samba daemons /usr/bin location of samba utilities /usr/share/man manual pages /usr/include/samba location of headers exported by samba /usr/lib/samba location of samba libraries, modules, static data and docs /usr/lib/samba/$(MACH64) 64-bit libs needed by 64-bits modules /etc/samba configuration and passwords directory /etc/samba/smb.conf location of the default configuration file /var/samba runtime data directory /usr/share/samba samba .html docs for SWAT SUNWsmbar Samba (Root) package SUNWsmbau Samba (Usr) package samba SMF(5) service - CIFS session winbind SMF(5) service - idmap wins SMF(5) service - WINS hostnames swat SMF(5) service - Samba Web Adm. Tool --- The following packages will be added on Nevada --- SUNWmozldapC-SDK Mozilla DS6 C-SDK package DS6 C-SDK file objects will be delivered by SUNWsmbau package on Solaris 10. SUNWsmbadocr Samba documentation (Root) package SUNWsmbadocu Samba documentation (Usr) package Doc packages will not fork from SUNWsmbar SUNWsmbar packages on Solaris 10. ------ Uncommitted interfaces --------------------------------------- smb.conf Configuration file option syntax Imported Interfaces: Mozilla DS6 C-SDK ldap client API Directory Server C-SDK (LDAP client's C-API) is described by RFC 1823 IETF document. It provides set of library calls to handle data in directory by application. This is Mozilla community project. Extensions to RFC 1823 are documented in: http://www.mozilla.org/directory/ietf-docs/draft-ietf-ldapext-ldap-c-api-05.txt DS 6 C-API depend on other external interfaces also provided by Mozilla: NSS (Network Security Services) Homepage of the project is: http://www.mozilla.org/projects/security/pki/nss/ Bundled in solaris by the: SUNWtls package NSPR (Netscape Portable Runtime) Homepage of the project is: http://www.mozilla.org/projects/nspr/ Bundled in solaris by the: SUNWpr package libkrb5 Kerberos v5 API NSS interface is attached in modules: /usr/lib/nss_wins.so /usr/lib/$(MACH64)/nss_wins.so /usr/lib/nss_winbind.so /usr/lib/$(MACH64)/nss_winbind.so PAM interface is attached in modules: /usr/lib/security/pam_winbind.so /usr/lib/security/$(MACH64)/pam_winbind.so References: [01] http://samba.org/ Author(s) of Samba: Samba has many individual contributors and also the corporations like IBM, RedHat, SuSe. Authorship should be mentioned in each individual file in the Samba upstream. Core team is here: http://www.samba.org/samba/team/ [02] 6852659 Update samba to 3.3.5 or later [03] 6647164 net ads keytab add host fails to create keytab entry [04] https://wiki.mozilla.org/LDAP_C_SDK [05] 6892860 Samba needs Directory Server 6 C-SDK [06] 6447666 ldap_add_result_entry() is LOCL in libldap.so.5 ; Samba can not be built with the ADS support [07] 6706912 SWAT component of Samba should be a separate package. [08] 6902485 stealth samba man pages [09] 6770655 Samba: Bugzilla 5655 "Mac OS X 10.5.4 clients fail to authenticate with Kerberos credententials" [10] 6891889 Write keytab to file method is missing in krb5_keytab [11] 4900104 Insufficient number of interfaces allowed [SunIT] [12] 6902485 stealth samba man pages 6. Resources and Schedule 6.4. Steering Committee requested information 6.4.1. Consolidation C-team Name: ON 6.5. ARC review type: FastTrack 6.6. ARC Exposure: open
