A major change in the GPL versions is the digital rights management added to GPLv3, but the Samba team said that shouldn't affect anyone wanting to move to the latest Samba release. "We're not aware of any vendor distributing Samba in such a way that would cause them to fall foul of the new DRM language in the GPLv3," but users in doubt should seek their own legal advice, the team said in a statement.
Allison said any security fixes that apply to the 3.2 version will be inserted into the previous Samba 3.0.25b version under GPLv2 as well. All other changes and new features will be found in 3.2 and its successors, he said.
Future releases will be issued by a new release manager on the team, Karolin Seeger, the first female member of the core team. She was sponsored by Volker Lendecke's company, SerNet GmbH, an IT services firm in Goettingen, Germany. Lendecke was one of the original Samba developers, along with Andrew Tridgell and Allison.
"I'm really glad to finally have a woman on the Samba team," said Allison. The core committers on open source development projects are usually male and not always good at recruiting women into their ranks, he said.
In addition to the license change, Samba 3.2 brings several technical changes and enhancements.
The 3.2 release supports Windows Vista and Windows Server 2008, which included a few surprises for the Samba team. "With every new version of Windows, we learn we hadn't gotten straight something we've been doing that we thought was right." One case was a change in the way Microsoft uses Kerberos, the security system adopted by Windows Server that's long been in place in the Unix and Linux communities.
Microsoft made an addition to a field in a Kerberos format that the public version of Kerberos doesn't use. The addition caused the pre-3.2 versions of Samba to become "brittle" and stall until Microsoft provided the Samba team with documentation that illustrated the change and how it was done. Microsoft must provide such documentation under an agreement reached with the Samba team that enforced a 2004 European Union court ruling.
Samba 3.2 has been revised so that its use of one kilobyte of system memory for each path name, a basic programming construct that Samba relies on heavily, has been replaced with a more memory-conserving approach. "We were incredibly profligate with memory... When thousands of pathnames were used by a Samba server, we ate memory like a pig," said Allison. The original one-kilobyte allocation had been set up to accommodate all path names, including those that would be extremely long. But most path names didn't need the full allocation.
Allison worked several months himself revising the pathname data type, the P-String, so that the amount of memory allocated would closely reflect the actual need. In many cases, a small amount of memory, such as 15 bytes, sufficed and the remaining 985 bytes of system memory could remain available on a Samba server for other purposes.
Samba 3.2 has an extended protocol that allows a shared file on a Samba server to be encrypted before it's transported over the network to a user, protecting it from sniffing and other security threats. The addition to the CIFS/SMB protocol addresses a weakness that made it difficult to move shared files around securely. Allison noted that Windows clients do not currently support the protocol extension but it is open and Microsoft may do so in the future. Support for the extension is going to be built into the Linux kernel and Apple's Macintosh OSX, he predicted.
Samba 3.2 also introduces a registry-based configuration system that makes it easier for system administrators to generate various profiles of Samba in the enterprise, based on the policies governing the users it supports. Administrators could do so in the past by writing scripts to change the text file governing Samba configuration. Now a registry system helps generate and record configuration settings, Allison said.