The Samba-Bugzilla – Attachment 18246 Details for
Bug 15577
Additional witness backports for 4.20.0
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-20-test
bfixes-tmp420.txt (text/plain), 32.13 KB, created by
Stefan Metzmacher
on 2024-02-13 21:32:36 UTC
(
hide
)
Description:
Patches for v4-20-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2024-02-13 21:32:36 UTC
Size:
32.13 KB
patch
obsolete
>From 5df91686a4568fcd9374aec29bc86879b1407df6 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 2 Feb 2024 13:54:20 +0100 >Subject: [PATCH 1/7] ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in > 48.netbios.script > >We can easily monitor if the service is running at all, >that better than no monitoring at all... > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit ff8f778e39af563d97b1d38f89368a3c148532f2) >--- > ctdb/config/events/legacy/48.netbios.script | 11 +++++++++++ > 1 file changed, 11 insertions(+) > >diff --git a/ctdb/config/events/legacy/48.netbios.script b/ctdb/config/events/legacy/48.netbios.script >index 43204476d6b2..1531e4919dee 100755 >--- a/ctdb/config/events/legacy/48.netbios.script >+++ b/ctdb/config/events/legacy/48.netbios.script >@@ -48,6 +48,13 @@ service_stop () > service "$CTDB_SERVICE_NMB" stop > } > >+service_status () >+{ >+ service "$CTDB_SERVICE_NMB" status > /dev/null >+ test $? = 0 && return 0 >+ service "$CTDB_SERVICE_NMB" status >+} >+ > ########################### > > case "$1" in >@@ -59,6 +66,10 @@ shutdown) > service_stop > ;; > >+monitor) >+ service_status >+ ;; >+ > esac > > exit 0 >-- >2.34.1 > > >From eafb2593175061eb70f29135c406887154c07712 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 2 Feb 2024 13:54:20 +0100 >Subject: [PATCH 2/7] ctdb/events: add 47.samba-dcerpcd.script > >If someone wants to enable the witness service >samba-dcerpcd needs to be started as standalone service > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit f1f68108cc303b92b8a88728d12c2b699fdfc731) >--- > .../events/legacy/47.samba-dcerpcd.script | 66 +++++++++++++++++++ > 1 file changed, 66 insertions(+) > create mode 100755 ctdb/config/events/legacy/47.samba-dcerpcd.script > >diff --git a/ctdb/config/events/legacy/47.samba-dcerpcd.script b/ctdb/config/events/legacy/47.samba-dcerpcd.script >new file mode 100755 >index 000000000000..9492d553a621 >--- /dev/null >+++ b/ctdb/config/events/legacy/47.samba-dcerpcd.script >@@ -0,0 +1,66 @@ >+#!/bin/sh >+# ctdb event script for SAMBA DCERPCD Services >+ >+[ -n "$CTDB_BASE" ] || \ >+ CTDB_BASE=$(d=$(dirname "$0") && cd -P "$d" && dirname "$PWD") >+ >+. "${CTDB_BASE}/functions" >+ >+detect_init_style >+ >+case $CTDB_INIT_STYLE in >+ *) >+ # distributions don't have this yet, >+ # but assume samba-dcerpcd as service name >+ CTDB_SERVICE_SAMBA_DCERPCD=${CTDB_SERVICE_SAMBA_DCERPCD:-samba-dcerpcd} >+ ;; >+esac >+ >+load_script_options >+ >+service_start () >+{ >+ # make sure samba-dcerpcd is not already started >+ service "$CTDB_SERVICE_SAMBA_DCERPCD" stop > /dev/null 2>&1 >+ killall -0 -q samba-dcerpcd && { >+ sleep 1 >+ # make absolutely sure samba-dcerpcd is dead >+ killall -q -9 samba-dcerpcd >+ } >+ >+ # start Samba dcerpcd service. Start it reniced, as under very heavy load >+ # the number of smbd processes will mean that it leaves few cycles >+ # for anything else >+ nice_service "$CTDB_SERVICE_SAMBA_DCERPCD" start || die "Failed to start samba-dcerpcd" >+} >+ >+service_stop () >+{ >+ service "$CTDB_SERVICE_SAMBA_DCERPCD" stop >+} >+ >+service_status () >+{ >+ service "$CTDB_SERVICE_SAMBA_DCERPCD" status > /dev/null >+ test $? = 0 && return 0 >+ service "$CTDB_SERVICE_SAMBA_DCERPCD" status >+} >+ >+########################### >+ >+case "$1" in >+startup) >+ service_start >+ ;; >+ >+shutdown) >+ service_stop >+ ;; >+ >+monitor) >+ service_status >+ ;; >+ >+esac >+ >+exit 0 >-- >2.34.1 > > >From 6ce6ee232f35906140ad71f65882a5a20225384f Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 8 Feb 2024 15:07:42 +0100 >Subject: [PATCH 3/7] s3:utils: fix help string for 'net witness > force-response' > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 7a23429ed6a04bb14509758492bfaee5db6dbd0d) >--- > source3/utils/net_witness.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/utils/net_witness.c b/source3/utils/net_witness.c >index bfa433b40f19..accff5b36e75 100644 >--- a/source3/utils/net_witness.c >+++ b/source3/utils/net_witness.c >@@ -2350,7 +2350,7 @@ int net_witness(struct net_context *c, int argc, const char **argv) > NET_TRANSPORT_LOCAL, > N_("Force an AsyncNotify response based on " > "json input (mostly for testing)"), >- N_("net witness force-reponse\n" >+ N_("net witness force-response\n" > " Force an AsyncNotify response based on " > "json input (mostly for testing)"), > }, >-- >2.34.1 > > >From f606b50b64467bb1f957cc37d5479102a77bbe49 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 8 Feb 2024 14:25:05 +0100 >Subject: [PATCH 4/7] docs-xml: add details for 'net witness' > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 1d0938d6fe46c06432ae5fda9e7491b908a9ac56) >--- > docs-xml/manpages/net.8.xml | 567 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 567 insertions(+) > >diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml >index 4ff99e238a27..c284cc25b49f 100644 >--- a/docs-xml/manpages/net.8.xml >+++ b/docs-xml/manpages/net.8.xml >@@ -61,6 +61,16 @@ > <arg choice="opt">-t|--timeout seconds</arg> > <arg choice="opt">--dns-ttl TTL-IN-SECONDS</arg> > <arg choice="opt">-i|--stdin</arg> >+ <arg choice="opt">--witness-registration=REGISTRATION_UUID</arg> >+ <arg choice="opt">--witness-net-name=REGEX</arg> >+ <arg choice="opt">--witness-share-name=REGEX</arg> >+ <arg choice="opt">--witness-ip-address=REGEX</arg> >+ <arg choice="opt">--witness-client-computer-name=REGEX</arg> >+ <arg choice="opt">--witness-apply-to-all</arg> >+ <arg choice="opt">--witness-new-node=NODEID</arg> >+ <arg choice="opt">--witness-new-ip=IPADDRESS</arg> >+ <arg choice="opt">--witness-forced-response=JSON</arg> >+ > </cmdsynopsis> > </refsynopsisdiv> > >@@ -402,6 +412,86 @@ > </para></listitem> > </varlistentry> > >+ <!-- Options for net witness subcommands --> >+ >+ <varlistentry> >+ <term>--witness-registration=REGISTRATION_UUID</term> >+ <listitem><para> >+ This does a direct lookup for REGISTRATION_UUID >+ instead of doing a database traversal. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-net-name=REGEX</term> >+ <listitem><para> >+ This specifies the 'server name' the client >+ registered for monitoring. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-share-name=REGEX</term> >+ <listitem><para> >+ This specifies the 'share name' the client >+ registered for monitoring. >+ Note that the share name is optional in the >+ registration, otherwise an empty string is >+ matched. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-ip-address=REGEX</term> >+ <listitem><para> >+ This specifies the ip address the client >+ registered for monitoring. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-client-computer-name=REGEX</term> >+ <listitem><para> >+ This specifies the client computer name the client >+ specified in the registration. >+ Note it is just a string chosen by the client itself. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-apply-to-all</term> >+ <listitem><para> >+ This selects all registrations. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-new-node=NODEID</term> >+ <listitem><para> >+ By specifying a NODEID all ip addresses >+ currently available on the given node are >+ included in the response. >+ By specifying '-1' as NODEID all ip addresses >+ of the cluster are included in the response. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-new-ip=IPADDRESS</term> >+ <listitem><para> >+ By specifying an IPADDRESS only the specified >+ ip address is included in the response. >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--witness-forced-response=JSON</term> >+ <listitem><para> >+ This allows the generation of very complex >+ witness_notifyResponse structures. >+ </para></listitem> >+ </varlistentry> >+ > &cmdline.common.samba.client; > &cmdline.common.connection; > &cmdline.common.credentials; >@@ -3096,6 +3186,483 @@ Requests an offline domain join by providing file-based provisioning data. This > > </refsect2> > >+<refsect2> >+<title>WITNESS</title> >+ >+<para>Starting with version 4.20 Samba has support for the SMB Witness service in a cluster. >+</para> >+ >+<para>The following witness commands are implemented: >+<simplelist> >+<member> >+net witness list List witness registrations from rpcd_witness_registration.tdb. >+</member> >+<member> >+net witness client-move Generate client move notifications for witness registrations to a new ip or node. >+</member> >+<member> >+net witness share-move Generate share move notifications for witness registrations to a new ip or node. >+</member> >+<member> >+net witness force-unregister Force unregistrations for witness registrations. >+</member> >+<member> >+net witness force-response Force an AsyncNotify response based on json input (mostly for testing). >+</member> >+ >+</simplelist> >+</para> >+ >+<refsect3> >+<title>WITNESS LIST</title> >+<para> >+ List witness registrations from rpcd_witness_registration.tdb >+</para> >+<para> >+ Note: Only supported with clustering=yes! >+</para> >+<para> >+ Machine readable output can be generated with the following option: >+</para> >+<para> >+ --json >+</para> >+<para> >+ The selection of registrations can be limited by the following options: >+</para> >+<para> >+ --witness-registration=REGISTRATION_UUID >+</para> >+<para> >+ This does a direct lookup for REGISTRATION_UUID >+ instead of doing a database traversal. >+</para> >+<para> >+ The following options all take a POSIX Extended Regular Expression, >+ which can further filter the selection of registrations. >+ These options are applied as logical AND, but each REGEX >+ allows specifying multiple strings using the pipe symbol. >+</para> >+<para> >+ --witness-net-name=REGEX >+</para> >+<para> >+ This specifies the 'server name' the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-share-name=REGEX >+</para> >+<para> >+ This specifies the 'share name' the client >+ registered for monitoring. >+ Note that the share name is optional in the >+ registration, otherwise an empty string is >+ matched. >+</para> >+<para> >+ --witness-ip-address=REGEX >+</para> >+<para> >+ This specifies the ip address the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-client-computer-name=REGEX >+</para> >+<para> >+ This specifies the client computer name the client >+ specified in the registration. >+ Note it is just a string chosen by the client itself. >+</para> >+ >+</refsect3> >+ >+<refsect3> >+<title>WITNESS CLIENT-MOVE</title> >+<para> >+ Generate client move notifications for witness registrations to a new ip or node >+</para> >+<para> >+ Note: Only supported with clustering=yes! >+</para> >+<para> >+ Machine readable output can be generated with the following option: >+</para> >+<para> >+ --json >+</para> >+<para> >+ The selection of registrations can be limited by the following options: >+</para> >+<para> >+ --witness-registration=REGISTRATION_UUID >+</para> >+<para> >+ This does a direct lookup for REGISTRATION_UUID >+ instead of doing a database traversal. >+</para> >+<para> >+ The following options all take a POSIX Extended Regular Expression, >+ which can further filter the selection of registrations. >+ These options are applied as logical AND, but each REGEX >+ allows specifying multiple strings using the pipe symbol. >+</para> >+<para> >+ --witness-net-name=REGEX >+</para> >+<para> >+ This specifies the 'server name' the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-share-name=REGEX >+</para> >+<para> >+ This specifies the 'share name' the client >+ registered for monitoring. >+ Note that the share name is optional in the >+ registration, otherwise an empty string is >+ matched. >+</para> >+<para> >+ --witness-ip-address=REGEX >+</para> >+<para> >+ This specifies the ip address the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-client-computer-name=REGEX >+</para> >+<para> >+ This specifies the client computer name the client >+ specified in the registration. >+ Note it is just a string chosen by the client itself. >+</para> >+<para> >+ If the update should be applied to all registrations >+ it needs to be explicitly specified: >+</para> >+<para> >+ --witness-apply-to-all >+</para> >+<para> >+ This selects all registrations. >+ Note: This is mutual exclusive to the above options. >+</para> >+<para> >+ The content of the CLIENT_MOVE notification contains ip addresses >+ specified by (exactly one) of the following options: >+</para> >+<para> >+ --witness-new-node=NODEID >+</para> >+<para> >+ By specifying a NODEID all ip addresses >+ currently available on the given node are >+ included in the response. >+ By specifying '-1' as NODEID all ip addresses >+ of the cluster are included in the response. >+</para> >+<para> >+ --witness-new-ip=IPADDRESS >+</para> >+<para> >+ By specifying an IPADDRESS only the specified >+ ip address is included in the response. >+</para> >+ >+</refsect3> >+ >+<refsect3> >+<title>WITNESS SHARE-MOVE</title> >+<para> >+ Generate share move notifications for witness registrations to a new ip or node >+</para> >+<para> >+ Note: Only supported with clustering=yes! >+</para> >+<para> >+ Machine readable output can be generated with the following option: >+</para> >+<para> >+ --json >+</para> >+<para> >+ The selection of registrations can be limited by the following options: >+</para> >+<para> >+ --witness-registration=REGISTRATION_UUID >+</para> >+<para> >+ This does a direct lookup for REGISTRATION_UUID >+ instead of doing a database traversal. >+</para> >+<para> >+ The following options all take a POSIX Extended Regular Expression, >+ which can further filter the selection of registrations. >+ These options are applied as logical AND, but each REGEX >+ allows specifying multiple strings using the pipe symbol. >+</para> >+<para> >+ --witness-net-name=REGEX >+</para> >+<para> >+ This specifies the 'server name' the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-share-name=REGEX >+</para> >+<para> >+ This specifies the 'share name' the client >+ registered for monitoring. >+ Note that the share name is optional in the >+ registration, otherwise an empty string is >+ matched. >+</para> >+<para> >+ --witness-ip-address=REGEX >+</para> >+<para> >+ This specifies the ip address the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-client-computer-name=REGEX >+</para> >+<para> >+ This specifies the client computer name the client >+ specified in the registration. >+ Note it is just a string chosen by the client itself. >+</para> >+<para> >+ If the update should be applied to all registrations >+ it needs to be explicitly specified: >+</para> >+<para> >+ --witness-apply-to-all >+</para> >+<para> >+ This selects all registrations. >+ Note: This is mutual exclusive to the above options. >+</para> >+<para> >+ Note: This only applies to registrations with a non empty share name! >+</para> >+<para> >+ The content of the SHARE_MOVE notification contains ip addresses >+ specified by (exactly one) of the following options: >+</para> >+<para> >+ --witness-new-node=NODEID >+</para> >+<para> >+ By specifying a NODEID all ip addresses >+ currently available on the given node are >+ included in the response. >+ By specifying '-1' as NODEID all ip addresses >+ of the cluster are included in the response. >+</para> >+<para> >+ --witness-new-ip=IPADDRESS >+</para> >+<para> >+ By specifying an IPADDRESS only the specified >+ ip address is included in the response. >+</para> >+ >+</refsect3> >+ >+<refsect3> >+<title>WITNESS FORCE-UNREGISTER</title> >+<para> >+ Force unregistrations for witness registrations >+</para> >+<para> >+ Note: Only supported with clustering=yes! >+</para> >+<para> >+ Machine readable output can be generated with the following option: >+</para> >+<para> >+ --json >+</para> >+<para> >+ The selection of registrations can be limited by the following options: >+</para> >+<para> >+ --witness-registration=REGISTRATION_UUID >+</para> >+<para> >+ This does a direct lookup for REGISTRATION_UUID >+ instead of doing a database traversal. >+</para> >+<para> >+ The following options all take a POSIX Extended Regular Expression, >+ which can further filter the selection of registrations. >+ These options are applied as logical AND, but each REGEX >+ allows specifying multiple strings using the pipe symbol. >+</para> >+<para> >+ --witness-net-name=REGEX >+</para> >+<para> >+ This specifies the 'server name' the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-share-name=REGEX >+</para> >+<para> >+ This specifies the 'share name' the client >+ registered for monitoring. >+ Note that the share name is optional in the >+ registration, otherwise an empty string is >+ matched. >+</para> >+<para> >+ --witness-ip-address=REGEX >+</para> >+<para> >+ This specifies the ip address the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-client-computer-name=REGEX >+</para> >+<para> >+ This specifies the client computer name the client >+ specified in the registration. >+ Note it is just a string chosen by the client itself. >+</para> >+<para> >+ If the update should be applied to all registrations >+ it needs to be explicitly specified: >+</para> >+<para> >+ --witness-apply-to-all >+</para> >+<para> >+ This selects all registrations. >+ Note: This is mutual exclusive to the above options. >+</para> >+<para> >+ The selected registrations are removed on the server and >+ any pending AsyncNotify request will get a NOT_FOUND error. >+</para> >+<para> >+ Typically this triggers a clean re-registration on the client. >+</para> >+ >+</refsect3> >+ >+<refsect3> >+<title>WITNESS FORCE-RESPONSE</title> >+<para> >+ Force an AsyncNotify response based on json input (mostly for testing) >+</para> >+<para> >+ Note: Only supported with clustering=yes! >+</para> >+<para> >+ Machine readable output can be generated with the following option: >+</para> >+<para> >+ --json >+</para> >+<para> >+ The selection of registrations can be limited by the following options: >+</para> >+<para> >+ --witness-registration=REGISTRATION_UUID >+</para> >+<para> >+ This does a direct lookup for REGISTRATION_UUID >+ instead of doing a database traversal. >+</para> >+<para> >+ The following options all take a POSIX Extended Regular Expression, >+ which can further filter the selection of registrations. >+ These options are applied as logical AND, but each REGEX >+ allows specifying multiple strings using the pipe symbol. >+</para> >+<para> >+ --witness-net-name=REGEX >+</para> >+<para> >+ This specifies the 'server name' the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-share-name=REGEX >+</para> >+<para> >+ This specifies the 'share name' the client >+ registered for monitoring. >+ Note that the share name is optional in the >+ registration, otherwise an empty string is >+ matched. >+</para> >+<para> >+ --witness-ip-address=REGEX >+</para> >+<para> >+ This specifies the ip address the client >+ registered for monitoring. >+</para> >+<para> >+ --witness-client-computer-name=REGEX >+</para> >+<para> >+ This specifies the client computer name the client >+ specified in the registration. >+ Note it is just a string chosen by the client itself. >+</para> >+<para> >+ If the update should be applied to all registrations >+ it needs to be explicitly specified: >+</para> >+<para> >+ --witness-apply-to-all >+</para> >+<para> >+ This selects all registrations. >+ Note: This is mutual exclusive to the above options. >+</para> >+<para> >+ Note this is designed for testing and debugging! >+</para> >+<para> >+ In short it is not designed to be used by administrators, >+ but developers and automated tests. >+</para> >+<para> >+ By default an empty response with WERR_OK is generated, >+ but basically any valid response can be specified by a >+ specifying a JSON string: >+</para> >+<para> >+ --witness-forced-response=JSON >+</para> >+<para> >+ This allows the generation of very complex >+ witness_notifyResponse structures. >+</para> >+<para> >+ As this is for developers, please read the code >+ in order to understand all possible values >+ of the JSON string format... >+</para> >+<para> >+ See 'net help witness force-response' for further details. >+</para> >+ >+</refsect3> >+ >+</refsect2> >+ > <refsect2> > <title>HELP [COMMAND]</title> > >-- >2.34.1 > > >From 5f1e360a4035e4b7391b9c76c6a19227c369021a Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 8 Feb 2024 15:15:28 +0100 >Subject: [PATCH 5/7] smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if > rpcd_witness can run > >rpcd_witness needs ncacn_ip_tcp support and that's only >available if samba-dcerpcd is not started on demand. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit d8bfdaaaa737032c6a8623512fcb2cd01850628a) >--- > source3/smbd/smb2_tcon.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c >index fca35e36ce5c..8855202d7fd7 100644 >--- a/source3/smbd/smb2_tcon.c >+++ b/source3/smbd/smb2_tcon.c >@@ -428,6 +428,8 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > if (*out_share_type == SMB2_SHARE_TYPE_DISK) { > bool persistent = false; /* persistent handles not implemented yet */ > bool cluster = lp_clustering(); >+ bool scaleout = cluster; >+ bool witness = cluster && !lp_rpc_start_on_demand_helpers(); > bool asymmetric = false; /* shares are symmetric by default */ > bool announce; > >@@ -461,7 +463,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > announce = lp_parm_bool(SNUM(tcon->compat), > "smb3 share cap", > "SCALE OUT", >- cluster); >+ scaleout); > if (announce) { > *out_capabilities |= SMB2_SHARE_CAP_SCALEOUT; > } >@@ -472,7 +474,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > announce = lp_parm_bool(SNUM(tcon->compat), > "smb3 share cap", > "CLUSTER", >- cluster); >+ witness); > if (announce) { > *out_capabilities |= SMB2_SHARE_CAP_CLUSTER; > } >-- >2.34.1 > > >From f35bd74a80153cd275d554d535d8af22de241a46 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 8 Feb 2024 15:31:10 +0100 >Subject: [PATCH 6/7] smb2_tcon: only announce SMB3 related share capabilities > if SMB3 is used > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> >(cherry picked from commit 32b84c5bce00c4f91191596dc00d9824e82e0f24) >--- > source3/smbd/smb2_tcon.c | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > >diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c >index 8855202d7fd7..b228036510aa 100644 >--- a/source3/smbd/smb2_tcon.c >+++ b/source3/smbd/smb2_tcon.c >@@ -425,7 +425,9 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > * For disk shares we can change the client > * behavior on a cluster... > */ >- if (*out_share_type == SMB2_SHARE_TYPE_DISK) { >+ if (conn->protocol >= PROTOCOL_SMB3_00 && >+ *out_share_type == SMB2_SHARE_TYPE_DISK) >+ { > bool persistent = false; /* persistent handles not implemented yet */ > bool cluster = lp_clustering(); > bool scaleout = cluster; >@@ -486,10 +488,12 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > * an isolated transport and witness registration for the > * specific share. > */ >- announce = lp_parm_bool(SNUM(tcon->compat), >- "smb3 share cap", >- "ASYMMETRIC", >- asymmetric); >+ if (conn->protocol >= PROTOCOL_SMB3_02) { >+ announce = lp_parm_bool(SNUM(tcon->compat), >+ "smb3 share cap", >+ "ASYMMETRIC", >+ asymmetric); >+ } > if (announce) { > *out_capabilities |= SMB2_SHARE_CAP_ASYMMETRIC; > } >-- >2.34.1 > > >From ab775f21d20a31fe9d997c6c884a4794fbe74470 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 8 Feb 2024 15:43:39 +0100 >Subject: [PATCH 7/7] docs-xml: document "smb3 share cap:{CONTINUOUS > AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Guenther Deschner <gd@samba.org> > >Autobuild-User(master): Günther Deschner <gd@samba.org> >Autobuild-Date(master): Tue Feb 13 21:06:24 UTC 2024 on atb-devel-224 > >(cherry picked from commit 7a674ee9ffeca047ceed7ac046db1b168d4025a6) >--- > .../smbdotconf/protocol/smb3sharecaps.xml | 202 ++++++++++++++++++ > 1 file changed, 202 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/smb3sharecaps.xml > >diff --git a/docs-xml/smbdotconf/protocol/smb3sharecaps.xml b/docs-xml/smbdotconf/protocol/smb3sharecaps.xml >new file mode 100644 >index 000000000000..add89f1644a9 >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/smb3sharecaps.xml >@@ -0,0 +1,202 @@ >+<samba:parameter name="smb3 share cap:CONTINUOUS AVAILABILITY" >+ context="S" >+ type="string" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para> >+ The SMB3 protocol introduced the SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY >+ flag. It means clients can have different expectations from the >+ server (or cluster of servers). >+ </para> >+ >+ <para> >+ Note: this option only applies to disk shares. >+ </para> >+ >+ <para>In a ctdb cluster shares are continuously available, >+ but windows clients mix this with the global persistent >+ handles support. >+ </para> >+ >+ <para>Persistent handles are requested if >+ SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY is present >+ even without SMB2_CAP_PERSISTENT_HANDLES. >+ </para> >+ >+ <para>And SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY is >+ required for SMB2_SHARE_CAP_CLUSTER to have >+ an effect. >+ </para> >+ >+ <para>So we better don't announce this by default >+ until we support persistent handles. >+ </para> >+ >+ <para>The <smbconfoption name="smb3 share cap:CONTINUOUS AVAILABILITY"/> option >+ can be used to force the announcement of SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY. >+ </para> >+ >+ <para> >+ Warning: only use this if you know what you are doing! >+ </para> >+ >+ <programlisting> >+ smb3 share cap:CONTINUOUS AVAILABILITY = yes >+ </programlisting> >+</description> >+<related>smb3 share cap:CLUSTER</related> >+</samba:parameter> >+ >+<samba:parameter name="smb3 share cap:SCALE OUT" >+ context="S" >+ type="string" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para> >+ The SMB3 protocol introduced the SMB2_SHARE_CAP_SCALEOUT >+ flag. It means clients can have different expectations from >+ cluster of multiple servers and alters the retry/reconnect >+ behavior. >+ </para> >+ >+ <para> >+ Note: this option only applies to disk shares. >+ </para> >+ >+ <para>In a ctdb cluster we have multiple active nodes, >+ so we announce SMB2_SHARE_CAP_SCALEOUT in a cluster. >+ </para> >+ >+ <para>The <smbconfoption name="smb3 share cap:SCALE OUT"/> option >+ can be used to disable the announcement of SMB2_SHARE_CAP_SCALEOUT, >+ even if <smbconfoption name="clustering"/> is yes. >+ </para> >+ >+ <programlisting> >+ clustering = yes >+ smb3 share cap: SCALE OUT = no >+ </programlisting> >+</description> >+<related>clustering</related> >+</samba:parameter> >+ >+<samba:parameter name="smb3 share cap:CLUSTER" >+ context="S" >+ type="string" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para> >+ The SMB3 protocol introduced the SMB2_SHARE_CAP_CLUSTER >+ flag. It means clients can expect that all cluster nodes >+ provide a witness service in order to use the [MS-SWN] >+ protocol to monitor the server cluster. >+ </para> >+ >+ <para> >+ Note: this option only applies to disk shares. >+ </para> >+ >+ <para>rpcd_witness is only active if >+ <citerefentry><refentrytitle>samba-dcerpcd</refentrytitle><manvolnum>8</manvolnum></citerefentry> >+ is not started as on demand helper and only in a ctdb cluster. >+ </para> >+ >+ <para>So we announce SMB2_SHARE_CAP_CLUSTER only if >+ <smbconfoption name="clustering"/> is yes and >+ <smbconfoption name="rpc start on demand helpers"/> is no. >+ </para> >+ >+ <para>The <smbconfoption name="smb3 share cap:SCALE OUT"/> option >+ can be used to control the announcement of SMB2_SHARE_CAP_CLUSTER >+ independent of >+ <smbconfoption name="clustering"/> and >+ <smbconfoption name="rpc start on demand helpers"/>. >+ </para> >+ >+ <para>Example to disable the announcement of SMB2_SHARE_CAP_CLUSTER: >+ </para> >+ <programlisting> >+ clustering = yes >+ rpc start on demand helpers = no >+ smb3 share cap: CLUSTER = no >+ </programlisting> >+ >+ <para>Example to force the announcement of SMB2_SHARE_CAP_CLUSTER: >+ </para> >+ <programlisting> >+ smb3 share cap: CLUSTER = yes >+ </programlisting> >+ >+ <para>Example to let Windows clients use the witness service, >+ see <smbconfoption name="smb3 share cap:CONTINUOUS AVAILABILITY"/> option >+ and USE AT YOUR OWN RISK!: >+ </para> >+ >+ <programlisting> >+ clustering = yes >+ rpc start on demand helpers = no >+ # This is the default with the above: >+ # smb3 share cap: CLUSTER = yes >+ # >+ # Use at you own risk! >+ smb3 share cap: CONTINUOUS AVAILABILITY = yes >+ </programlisting> >+</description> >+<related>clustering</related> >+<related>rpc start on demand helpers</related> >+<related>smb3 share cap:CONTINUOUS AVAILABILITY</related> >+<related>smb3 share cap:ASYMMETRIC</related> >+</samba:parameter> >+ >+<samba:parameter name="smb3 share cap:ASYMMETRIC" >+ context="S" >+ type="string" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para> >+ The SMB3_02 protocol introduced the SMB2_SHARE_CAP_ASYMMETRIC >+ flag. It means clients alters its behavior and uses >+ isolated transport connections and witness registrations for >+ the share. It means a client may connect to different >+ cluster nodes for individual shares and >+ <command>net witness share-move</command> can be used >+ to control the node usage. >+ </para> >+ >+ <para> >+ Note: this option only applies to disk shares. >+ </para> >+ >+ <para>Shares in a ctdb cluster are symmetric by design, >+ so we don't announce SMB2_SHARE_CAP_ASYMMETRIC by default. >+ </para> >+ >+ <para>The <smbconfoption name="smb3 share cap:ASYMMETRIC"/> option >+ can be used to force the announcement of SMB2_SHARE_CAP_ASYMMETRIC. >+ </para> >+ >+ <para>Example to force the announcement of SMB2_SHARE_CAP_ASYMMETRIC: >+ </para> >+ >+ <programlisting> >+ smb3 share cap: ASYMMETRIC = yes >+ </programlisting> >+ >+ <para>Example to let Windows clients use the witness service, >+ see <smbconfoption name="smb3 share cap:CONTINUOUS AVAILABILITY"/> option >+ and USE AT YOUR OWN RISK!: >+ </para> >+ >+ <programlisting> >+ clustering = yes >+ rpc start on demand helpers = no >+ # This is the default with the above: >+ # smb3 share cap: CLUSTER = yes >+ # >+ # Use at you own risk! >+ smb3 share cap: CONTINUOUS AVAILABILITY = yes >+ smb3 share cap: ASYMMETRIC = yes >+ </programlisting> >+</description> >+<related>smb3 share cap:CLUSTER</related> >+</samba:parameter> >-- >2.34.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18246">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 15577
: 18246