[SCM] Samba Shared Repository - branch v4-21-test updated

Stefan Metzmacher metze at samba.org
Tue Aug 13 16:56:02 UTC 2024


The branch, v4-21-test has been updated
       via  cf4feb17783 VERSION: Bump version up to Samba 4.21.0rc3...
       via  8e440c0a96a VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.
       via  ac02a513c8f WHATSNEW: Add release notes for Samba 4.21.0rc2.
       via  2552df221d4 WHATSNEW: update the "Automatic keytab update after machine password change" section
       via  8c0820a9199 docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
       via  5129858389d docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
       via  4643ddbb7c7 docs:smbdotconf: Improve documentation for 'sync machine password script'
       via  ed391186250 s3:script: Install winbind_ctdb_updatekeytab.sh
       via  5730327bef6 s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
       via  80db72bdb3f docs: Add examples to net.8 that use 'sync machine password to keytab'
       via  4b6e24cba7b Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
       via  7477658193e docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
       via  ab1db57e9a7 vfs_ceph_new: use 'ceph_new' for config-param prefix
       via  0edfc053743 vfs_ceph_new: handle errno properly for 'readdir'
       via  7872fbd907b vfs_ceph{_new}: do not set errno upon successful call to libcephfs
       via  0d03161324c vfs_ceph_new: Unconditionally use ceph_select_filesystem
       via  ff2ecedd6f9 docs-xml/manpages: add entry for vfs_ceph_new
       via  fe3471eb5b2 vfs_ceph_new: common prefix to debug-log messages
       via  9de33d3442c vfs_ceph_new: debug-log upon libcephfs low-level calls
       via  ec119531a4f vfs_ceph_new: use low-level APIs for xattr ops
       via  e0d2953a847 vfs_ceph_new: use low-level APIs for mknodat
       via  9109ed18720 vfs_ceph_new: use low-level APIs for renameat
       via  6af3cb81a00 vfs_ceph_new: use low-level APIs for linkat
       via  2b1c65948c3 vfs_ceph_new: use low-level APIs for ftruncate/fallocate
       via  dc207c281cd vfs_ceph_new: use low-level APIs for fsync
       via  f429baca5cf vfs_ceph_new: use low-level APIs for lseek
       via  ddb5fcb2faf vfs_ceph_new: use low-level APIs for read/write
       via  69b671dcbfe vfs_ceph_new: use low-level APIs for symlink/readlink
       via  9278e661146 vfs_ceph_new: use low-level APIs for unlinkat
       via  2b660aaf9ed vfs_ceph_new: use low-level APIs for fntimes
       via  7780114ab02 vfs_ceph_new: use low-level APIs for fchown/fchmod
       via  26851f16fc2 vfs_ceph_new: proper error handling to readdir
       via  9fd6c5b41f4 vfs_ceph_new: use low-level APIs for readdir ops
       via  5eaa8749468 vfs_ceph_new: use low-level APIs for mkdirat
       via  34c848251cd vfs_ceph_new: use low-level APIs for fdopendir
       via  655e7a1508c vfs_ceph_new: use low-level APIs for fstatat
       via  6fdf1922a99 vfs_ceph_new: use low-level APIs for fstat
       via  62a43faa114 vfs_ceph_new: use low-level APIs for open/close
       via  f3e5d7237be vfs_ceph_new: ref cephmount_cached entry in handle->data
       via  7bb3f5f251a vfs_ceph_new: use low-level APIs for lchown
       via  be427077ce8 vfs_ceph_new: use low-level APIs for statfs
       via  8e28065f560 vfs_ceph_new: use low-level APIs for lstat
       via  9f68daaccc5 vfs_ceph_new: use low-level APIs for stat
       via  5a7f6e4610e vfs_ceph_new: use low-level APIs for disk_free
       via  74524c438b7 vfs_ceph_new: next iteration of samba-to-cephfs bridge
      from  b375043d62c script/autobuild.py: do some basic testing using --without-winbind

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test


- Log -----------------------------------------------------------------
commit cf4feb177837b396bef40e3ff15adb9f11273f6e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 13 17:35:36 2024 +0200

    VERSION: Bump version up to Samba 4.21.0rc3...
    
    and re-enable GIT_SNAPSHOT.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(v4-21-test): Tue Aug 13 16:55:05 UTC 2024 on atb-devel-224

commit 8e440c0a96aad8274435727812e89924559aeeff
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 13 17:34:52 2024 +0200

    VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit ac02a513c8f52f435997df5630401f9bef2177bd
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Aug 13 17:10:01 2024 +0200

    WHATSNEW: Add release notes for Samba 4.21.0rc2.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit 2552df221d4786782940683f3d2f2389ef56f519
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Tue Aug 6 08:42:34 2024 +0200

    WHATSNEW: update the "Automatic keytab update after machine password change" section
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

commit 8c0820a9199ed837bc0f9a96e582f67f1a8366fe
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Mon Aug 12 11:49:14 2024 +0200

    docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Tue Aug 13 15:27:26 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 9e4074d4268e34cf93f79cd1108e7dc661ad3845)

commit 5129858389d5b1e9f40b36e0c09f0655e435b182
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Mon Aug 12 11:49:14 2024 +0200

    docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 2dd81ec2bea46ad6caa6e40194eae4340f4acc7d)

commit 4643ddbb7c76fc8348928685fb5adfb84a780eb3
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Mon Aug 12 11:49:14 2024 +0200

    docs:smbdotconf: Improve documentation for 'sync machine password script'
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit ca7acec952b0e6154927b28b1afa3e9318f22035)

commit ed391186250aea6f9e74d80c064d3810971368ce
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Mon Aug 12 10:44:19 2024 +0200

    s3:script: Install winbind_ctdb_updatekeytab.sh
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 9f0183a9f55e52b09c6ae9f6c8badad6ba85bb64)

commit 5730327bef615c0c934ce84152a3bd74a1542970
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Mon Aug 12 11:49:35 2024 +0200

    s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit adcad1b537ce2e2e213b72131517233a8d2d91fd)

commit 80db72bdb3f55776f5b871e3055d0ad477aacace
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Tue Aug 6 23:31:21 2024 +0200

    docs: Add examples to net.8 that use 'sync machine password to keytab'
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit cb774a74c4e1cc03ad0267cc68b93c06738e2ce6)

commit 4b6e24cba7bb2a4464056aad7bdc4d1f4a4265ea
Author: Pavel Filipenský <pfilipensky at samba.org>
Date:   Tue Aug 6 23:22:42 2024 +0200

    Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
    
    This reverts commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
    
    Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 51784e80f2bdf84c296badba2caea800ce3813db)

commit 7477658193eb6e310c631a2ad39082cafb284843
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Aug 5 19:12:29 2024 +0300

    docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
    
    With 'ceph_new' prefix used by vfs_ceph_new for config parameters,
    update the relevant man-page accordingly.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Thu Aug  8 13:54:34 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 68f0835c8e1c5029cd831c267b75c02185b206c7)

commit ab1db57e9a775c958831ec112bbcc1244c643036
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Aug 5 16:21:10 2024 +0300

    vfs_ceph_new: use 'ceph_new' for config-param prefix
    
    Use explicit 'ceph_new' prefix to each of the ceph specific config
    parameters to avoid confusion with legacy 'vfs_ceph' module. Hence,
    users will have in their smb.conf a format similar to:
    
    ...
    [smbshare]
            vfs objects = ceph_new
            ceph_new: config_file = /etc/ceph/ceph.conf
            ceph_new: user_id = user1
            ceph_new: filesystem = fs1
            ...
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit aca4cf8327dcaef782dedd98a63a020469c45cdb)

commit 0edfc053743ef929784824a67749e1eb683e5dc2
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Tue Jul 30 17:36:09 2024 +0300

    vfs_ceph_new: handle errno properly for 'readdir'
    
    Take special care for readdir errno setting: in case of error, update
    errno by libcephfs (and protect from possible over-write by debug
    logging); in the case of successful result or end-of-stream restore
    errno to its previous value before calling the readdir_fn VFS hook.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Wed Aug  7 14:20:02 UTC 2024 on atb-devel-224
    
    (cherry picked from commit aa043a5808b73fc272de585c1446372fa3f21d08)

commit 7872fbd907b6917e1863a3df9fb50b0b6139ea2e
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Tue Jul 30 09:55:44 2024 +0300

    vfs_ceph{_new}: do not set errno upon successful call to libcephfs
    
    There is code in Samba that expects errno from a previous system call
    to be preserved through a subsequent system call. Thus, avoid setting
    "errno = 0" in status_code() and lstatus_code() upon successful return
    from libcephfs API call.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit a7f4e2bd47c7f4728f3ac8d90af693156a69c557)

commit 0d03161324ce7d89606c75bb957cf78bbb81c3b6
Author: Anoop C S <anoopcs at samba.org>
Date:   Fri Aug 2 11:10:28 2024 +0530

    vfs_ceph_new: Unconditionally use ceph_select_filesystem
    
    Currently we don't have an explicit check for the presence of
    ceph_select_filesystem() libcephfs API as it is always found to
    be present with the minimum ceph version that is supported with
    Samba right now. Therefore under this assumption directly call
    ceph_select_filesystem() without any #ifdefs. Please note that
    this change is already part of vfs_ceph via ef0068cd.
    
    ref: https://gitlab.com/samba-team/samba/-/merge_requests/3715
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    Signed-off-by: Anoop C S <anoopcs at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    
    Autobuild-User(master): Anoop C S <anoopcs at samba.org>
    Autobuild-Date(master): Mon Aug  5 16:06:47 UTC 2024 on atb-devel-224
    
    (cherry picked from commit de2f76fa47e6e672ce353ea9d3dc4019965c6491)

commit ff2ecedd6f9fd9fa8b2b6278e9a0339c9d8b03b0
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Tue Feb 20 19:37:45 2024 +0200

    docs-xml/manpages: add entry for vfs_ceph_new
    
    Create man entry for the newly added vfs_ceph_new module: almost
    identical to existing vfs_ceph, except to the configuration entry:
    
      [sharename]
      vfs objects = ceph_new
      ...
    
    Adds a bit of info for the motivation behind this new module.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit d8c84a2993b84ebb69011c33c1b5d44801c15363)

commit fe3471eb5b293547ad1c3342f71f445e08f8f6ae
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Tue Jul 16 14:33:16 2024 +0300

    vfs_ceph_new: common prefix to debug-log messages
    
    Keep logging consistent: add "[CEPH] " prefix to DBG_DEBUG log messages
    where missing.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Mon Jul 29 15:58:15 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 3bb6d441bf047bef6d95675057cecd3865a25540)

commit 9de33d3442c93dfd8bb81d1ac0d8888065a91f0f
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 26 17:24:37 2024 +0300

    vfs_ceph_new: debug-log upon libcephfs low-level calls
    
    Add developer's debug-logging upon each call to libcephfs' low-level
    APIs.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit d00f20f30f4e77463e82d202099682b7ef68260f)

commit ec119531a4f386c32aa4d5d06521a15d1ffb7702
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Sun Jun 23 14:57:10 2024 +0300

    vfs_ceph_new: use low-level APIs for xattr ops
    
    Implement extended-attributes operations using libcephfs' low-level
    APIs. Whenever possible, use the open file-handle from fsp-extension to
    resolve inode-reference and user-permissions. Otherwise, resolve both
    on-the-fly.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 0a8445e891c64d703d44258b2eef85296265c55f)

commit e0d2953a847b784b2157cf0a48b4c25036b1a53a
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Sun Jun 23 13:08:25 2024 +0300

    vfs_ceph_new: use low-level APIs for mknodat
    
    Implement mknodat operations using libcephfs' low-level APIs. Requires
    parent directory to have valid inode-ref associated with its fsp
    extension.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit e714e5ddc50a771e743f5e63f686c106abe33b75)

commit 9109ed18720972474816fa192f52f9f743deb20d
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Sun Jun 23 12:47:19 2024 +0300

    vfs_ceph_new: use low-level APIs for renameat
    
    Implement renameat operations using libcephfs' low-level APIs. Requires
    both directories to have valid inode-ref associated with their fsp
    extension.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 83011357fb834e92505f17d6f65d5f32e3d37ec0)

commit 6af3cb81a00c50c4d1b2a812ef1a6d02c8ec0b1a
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Thu Jun 20 22:46:52 2024 +0300

    vfs_ceph_new: use low-level APIs for linkat
    
    Implement link operations using libcephfs' low-level APIs. Requires two
    phase operation: resolve (by-lookup) reference to inode and then do the
    actual (hard) link operation using parent dir-inode reference to the
    locally-cached inode.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 9a70bd606728110ad91cab547a4e31350010bb68)

commit 2b1c65948c3b9d31adbbd283382c5bf88f08e436
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Thu Jun 20 14:58:34 2024 +0300

    vfs_ceph_new: use low-level APIs for ftruncate/fallocate
    
    Implement ftruncate/fallocate operations using libcephfs' low-level
    APIs. Requires open ceph Fh* associated with fsp (extension).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit b536bf1fa87fb794e2992ab5368f41fdba80e3ad)

commit dc207c281cde80429d80232c7791b71e34d5e013
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Thu Jun 20 12:43:39 2024 +0300

    vfs_ceph_new: use low-level APIs for fsync
    
    Implement fsync operation using libcephfs' low-level APIs. Requires
    open ceph Fh* associated with fsp (extension).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit e15586fc6097565208011c556282d83eeec2230b)

commit f429baca5cf070581de37ba372f001f6bcae2186
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Thu Jun 20 12:23:03 2024 +0300

    vfs_ceph_new: use low-level APIs for lseek
    
    Implement lseek operation using libcephfs' low-level APIs. Requires
    open ceph Fh* associated with fsp (extension).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 30c1a613fee3f625c0559e49e037af9fad04c3b8)

commit ddb5fcb2faf4085ce4d613df18ca6435cf93c310
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 19 17:52:45 2024 +0300

    vfs_ceph_new: use low-level APIs for read/write
    
    Implement read/write IO operations using libcephfs' low-level APIs.
    Requires open ceph Fh* associated with fsp (extension) to complete both
    pread/pwrite as well as async I/O operations.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 29bbe0f52d4ffae9dbb070ffc525acf99203444b)

commit 69b671dcbfe7f933efe2addbe5f3d66203839506
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 26 13:46:54 2024 +0300

    vfs_ceph_new: use low-level APIs for symlink/readlink
    
    Implement unlinkat using libcephfs low-level APIs. For readlink
    operation need to resolve child inode by-lookup and then used the inode
    reference for the actual low-level readlink.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 53c9269b219a54236500d22d8a4c7f2ed582faaf)

commit 9278e661146d89df128b6b9728b21fcc88b1a0b2
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 19 14:27:24 2024 +0300

    vfs_ceph_new: use low-level APIs for unlinkat
    
    Implement unlinkat using libcephfs low-level APIs. Operate using parent
    directory's open file-handle. When flags has AT_REMOVEDIR bit set call
    low-level rmdir; otherwise, do normal unlink.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 362a7cf8664270145bff815347e447797cc1a643)

commit 2b660aaf9ed39fd32ff5cee9063865f7a94aef7f
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 19 13:59:53 2024 +0300

    vfs_ceph_new: use low-level APIs for fntimes
    
    Implement fntimes hook using libcephfs' low-level APIs. Convert
    smb_file_time to ceph_statx plus proper field mask on-the-fly upon
    issuing low-level call to libcephfs.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 20b7d2bfe06beefb5e7f091eb317ad18cb53f8a9)

commit 7780114ab028c9cbf20a832b28eed75619afef91
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 19 12:48:14 2024 +0300

    vfs_ceph_new: use low-level APIs for fchown/fchmod
    
    Use libcephfs' low-level APIs to implement 'fchown' and 'fchmod' using
    open file-handle. If fsp does not have an open cephfs Fh reference,
    set errno to EBADF and return -1 to VFS.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit cb14d3630d8c110405c2a43bef15aa31ec4a0fba)

commit 26851f16fc2fb0e373871eece566a47b3d8e9a8b
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jul 17 11:41:13 2024 +0300

    vfs_ceph_new: proper error handling to readdir
    
    Error handling in the case of 'ceph_readdir' is done by setting 'errno'
    deep within libcephfs code. In case of error, emit proper debug message
    and re-update errno to avoid possible over-write by logging mechanism.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 24a3423949e127177c019a0d126c6f7523e61984)

commit 9fd6c5b41f4cff0671aed7d786624ac35e495fcd
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Jun 24 13:33:05 2024 +0300

    vfs_ceph_new: use low-level APIs for readdir ops
    
    Implement readdir and rewinddir operations using libcephfs' low-level
    APIs. Casts the opaque DIR pointer into struct vfs_ceph_dirp (the first
    member of struct vfs_ceph_fh) to resolve the ceph_dir_result pointer
    which libcephfs expects for readdir operations.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 99c7179e5da6d201f03b1a04dbe2a6722090783d)

commit 5eaa87494688c8c647ad723e335a198376a030e8
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 19 11:55:27 2024 +0300

    vfs_ceph_new: use low-level APIs for mkdirat
    
    Implement 'mkdirat' hook using libcephfs' low-level APIs, via the open
    file-handle reference to parent directory.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit bd955af86e71fa6c87648e578890ea6f4d490d4b)

commit 34c848251cd61fc8eef1bfb7238c5944ae8e8545
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Tue Jun 18 17:20:59 2024 +0300

    vfs_ceph_new: use low-level APIs for fdopendir
    
    Implement fdopendir using libcephfs low-level API and cached (via fsp)
    open file-handle. Embed the result within cached vfs_ceph_fh so it may
    be used properly by closedir.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit a8a7339c6b7a6866399fd6c409228267a585740f)

commit 655e7a1508cd2f8a4dd4c698f38f2af0a0af126a
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Wed Jun 19 12:35:11 2024 +0300

    vfs_ceph_new: use low-level APIs for fstatat
    
    Use libcephfs' low-level APIs to do lookup-by-name via parent's open
    reference followed by getattr on the inode itself.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 13671cefffb268d84c973583669681318a2ce3bb)

commit 6fdf1922a99becf6b03d6a5f5049d7d8ccdd2470
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Jun 24 11:39:43 2024 +0300

    vfs_ceph_new: use low-level APIs for fstat
    
    Use libcephfs' low-level APIs and apply the same logic as stat, but
    via explicit inode-reference.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit f16183f90abba3c2d3d26262926f1454275a9d3f)

commit 62a43faa114fb18365c9f720ffc75570c2fb126d
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Tue Jun 18 15:02:52 2024 +0300

    vfs_ceph_new: use low-level APIs for open/close
    
    Implement openat, close and closedir and hooks using libcephfs'
    low-level APIs. Cache the open Fh* from libcephfs and its related
    meta-data using VFS fsp-extension mechanism.
    
    Upon open-create of new vfs_ceph_fh store the caller credentials
    (ceph's UserPerm*) within the same context object for subsequent calls.
    In addition, provide a "pseudo" fd numbering which is reported back to
    VFS layer and used as debugging hints.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 491676846458980944b76d1693726627a9a32503)

commit f3e5d7237bea4e7fa1935c18f185cb76730d1160
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Tue Jun 18 12:58:52 2024 +0300

    vfs_ceph_new: ref cephmount_cached entry in handle->data
    
    Allow direct access to ceph-mount cached-entry via 'handle->data'
    private pointer. Required in order to allow more complex cached-state
    with each cephfs mount. Users should now use the local-helper function
    'cmount_of' to access the underlying ceph_mount_info.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 31085c7efc3572bd6200d3d8e49c1e554cdbfbcc)

commit 7bb3f5f251a0158195dcc6a7ec826ccdbd70e04d
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Jun 17 16:59:05 2024 +0300

    vfs_ceph_new: use low-level APIs for lchown
    
    Use libcephfs' low-level API ceph_ll_setattr to implement VFS lchown_fn
    hook. Use to standard pattern of iget/iput to allow operation by Inode
    reference.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit beb21324c9a554f50d8d99af2a1b7fe8a17c8ebb)

commit be427077ce8e19ee2fa2e6f481ae40c321e1cb20
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Jun 17 18:02:07 2024 +0300

    vfs_ceph_new: use low-level APIs for statfs
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 47224fbdeb55100cf8a7ee75e13b954ab71fc158)

commit 8e28065f560d611a35a182d5ceef426110b3dbbf
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Jun 17 15:57:42 2024 +0300

    vfs_ceph_new: use low-level APIs for lstat
    
    Use libcephfs' low-level APIs and apply the same logic as stat, but
    using AT_SYMLINK_NOFOLLOW flags.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 93d786b14358db5664e13b1aa43f3f03e7cf0be3)

commit 9f68daaccc5cfc3a448b0cb1500f98cf0a13b078
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Mon Jun 17 12:11:18 2024 +0300

    vfs_ceph_new: use low-level APIs for stat
    
    Start migrating to libcephfs' low-level APIs, using explicit Inode*
    reference. Implement the VFS 'stat' hook using a ceph_ll_getattr
    function, encapsulated with a pair of iget/iput to hold a
    pinned-to-cache Inode* instance.
    
    Upon calling to libcephfs this new code crates and destroys on-the-fly
    a Ceph UserPerm instance based on the uig, gid and groups from
    'handle->conn->session_info->unix_token'. This logic ensures that the
    correct caller-credentials are passed-on to cephfs (instead of those
    set upon connection-creation in legacy 'vfs_ceph.c').
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 1b78d79663c48aa4b6810a875427de85ae49a2e8)

commit 5a7f6e4610e6abe2b39b453534fe3e417e3771ba
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Sun Jun 16 14:50:08 2024 +0300

    vfs_ceph_new: use low-level APIs for disk_free
    
    Start using libcephfs low-level APIs: get reference to root inode and
    use it to query statfs. Requires an explicit put-inode to avoid resource
    leakage by libcephfs.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 192b0cf8717d79197b985539c9db8ca07a89c570)

commit 74524c438b7da962c352d1f5150a813c62942c9a
Author: Shachar Sharon <ssharon at redhat.com>
Date:   Thu Jun 13 15:54:48 2024 +0300

    vfs_ceph_new: next iteration of samba-to-cephfs bridge
    
    Defined new module 'vfs_ceph_new.c' which serves as a place holder for
    the next development phase of the bridge between samba's VFS layer and
    libcephfs. Begin with a module which is almost identical to existing
    'vfs_ceph.c', except for hooks-names prefix which is 'vfs_ceph_' in
    order to make clear distinction from existing code base. Following
    commits will also switch to low-level APIs.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
    
    Signed-off-by: Shachar Sharon <ssharon at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Anoop C S <anoopcs at samba.org>
    (cherry picked from commit 3720452720b4760509875f0d2a8ed0d104bb1844)

-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |    2 +-
 WHATSNEW.txt                                       |   46 +-
 docs-xml/manpages/net.8.xml                        |  131 +
 .../{vfs_ceph.8.xml => vfs_ceph_new.8.xml}         |   60 +-
 docs-xml/smbdotconf/security/kerberosmethod.xml    |    6 +
 .../security/syncmachinepasswordscript.xml         |   13 +-
 .../security/syncmachinepasswordtokeytab.xml       |    9 +
 docs-xml/wscript_build                             |    1 +
 source3/modules/vfs_ceph.c                         |    2 -
 source3/modules/vfs_ceph_new.c                     | 3100 ++++++++++++++++++++
 source3/modules/wscript_build                      |   10 +
 ...pdatekeytab.sh => winbind_ctdb_updatekeytab.sh} |    0
 source3/script/wscript_build                       |    1 +
 source3/wscript                                    |    1 +
 14 files changed, 3348 insertions(+), 34 deletions(-)
 copy docs-xml/manpages/{vfs_ceph.8.xml => vfs_ceph_new.8.xml} (66%)
 create mode 100644 source3/modules/vfs_ceph_new.c
 rename source3/script/{updatekeytab.sh => winbind_ctdb_updatekeytab.sh} (100%)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 697f19e0685..f238be6253e 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1                      #
 #  ->  "3.0.0rc1"                                      #
 ########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
 
 ########################################################
 # To mark SVN snapshots this should be set to 'yes'    #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9d5c0bac515..c42c8cdb142 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =====================
 
-This is the first release candidate of Samba 4.21.  This is *not*
+This is the second release candidate of Samba 4.21.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -231,11 +231,13 @@ keytab' as in these examples:
 
 
 A new parameter 'sync machine password script' allows to specify external script
-that will be triggered after the automatic keytab update. Example of such script
-that can be used in a cluster environment with ctdb is
-source3/script/updatekeytab.sh
+that will be triggered after the automatic keytab update. If keytabs should be
+generated in clustered environments it is recommended to update them on all
+nodes.  Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and
+46.update-keytabs.script in section 'sync machine password script' for details.
+
+For detailed information check the smb.conf(5) and net(8) manpages.
 
-For detailed information check the smb.conf(5) manpage.
 
 REMOVED FEATURES
 ================
@@ -268,6 +270,40 @@ smb.conf changes
   sync machine password script            script
 
 
+CHANGES SINCE 4.21.0rc1
+=======================
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 15673: --version-* options are still not ergonomic, and they reject
+     tilde characters.
+
+o  Anoop C S <anoopcs at samba.org>
+   * BUG 15686: Add new vfs_ceph module (based on low level API)
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * BUG 15673: --version-* options are still not ergonomic, and they reject
+     tilde characters.
+
+o  Jo Sutton <josutton at catalyst.net.nz>
+   * BUG 15690: ldb_version.h is missing from ldb public library
+
+o  Pavel Filipenský <pfilipensky at samba.org>
+   * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
+
+o  Shachar Sharon <ssharon at redhat.com>
+   * BUG 15686: Add new vfs_ceph module (based on low level API)
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 15673: --version-* options are still not ergonomic, and they reject
+     tilde characters.
+   * BUG 15687: undefined reference to winbind_lookup_name_ex
+   * BUG 15688: per user veto and hide file syntax is to complex
+   * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 15688: per user veto and hide file syntax is to complex
+
+
 KNOWN ISSUES
 ============
 
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 61a1e6362ce..e633c8c7c6a 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1557,6 +1557,137 @@ are made to the computer AD account.
 </para>
 </refsect2>
 
+<refsect2>
+<title>(Removed!) ADS KEYTAB <replaceable>ADD</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+
+<para>
+This command is no longer available in Samba 4.21.0 and newer. See <smbconfoption name="sync machine password to keytab"/> for replacement.
+</para>
+
+To replace e.g. call of
+<programlisting>
+net ads keytab add wurst/brot at REALM
+</programlisting>
+Add to smb.conf:
+<programlisting>
+sync machine password to keytab = /path/to/keytab1:spns=wurst/brot at REALM:machine_password
+</programlisting>
+and run:
+<programlisting>
+net ads keytab create
+</programlisting>
+
+<para>
+Original description of this command:
+</para>
+<para>
+Adds a new keytab entry, the entry can be either;
+  <variablelist>
+    <varlistentry><term>kerberos principal</term>
+    <listitem><para>
+      A kerberos principal (identified by the presence of '@') is just
+      added to the keytab file.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>machinename</term>
+    <listitem><para>
+      A machinename (identified by the trailing '$') is used to create a
+      a kerberos principal 'machinename at realm' which is added to the
+      keytab file.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>serviceclass</term>
+    <listitem><para>
+    A serviceclass (such as 'cifs', 'html' etc.) is used to create a pair
+    of kerberos principals 'serviceclass/fully_qualified_dns_name at realm' &
+    'serviceclass/netbios_name at realm' which are added to the keytab file.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>Windows SPN</term>
+    <listitem><para>
+    A Windows SPN is of the format 'serviceclass/host:port', it is used to
+    create a kerberos principal 'serviceclass/host at realm' which will
+    be written to the keytab file.
+    </para></listitem>
+    </varlistentry>
+  </variablelist>
+</para>
+<para>
+Unlike old versions no computer AD objects are modified by this command. To
+preserve the behaviour of older clients 'net ads keytab ad_update_ads' is
+available.
+</para>
+</refsect2>
+
+<refsect2>
+<title>(Removed!) ADS KEYTAB <replaceable>DELETE</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+
+<para>
+This command is no longer available in Samba 4.21.0 and newer. See <smbconfoption name="sync machine password to keytab"/> for replacement.
+</para>
+
+<para>
+To replace e.g. call of
+<programlisting>
+net ads keytab delete wurst/brot at REALM
+</programlisting>
+Delete from <smbconfoption name="sync machine password to keytab"/> principal "wurst/brot at REALM" and run:
+<programlisting>
+net ads keytab create
+</programlisting>
+
+</para>
+</refsect2>
+
+<refsect2>
+<title>(Removed!) ADS KEYTAB <replaceable>ADD_UPDATE_ADS</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+<para>
+This command is no longer available in Samba 4.21.0 and newer. See <smbconfoption name="sync machine password to keytab"/> for replacement.
+</para>
+
+To replace e.g. call of
+<programlisting>
+net ads keytab add_update_ads wurst/brot at REALM
+</programlisting>
+Add to smb.conf:
+<programlisting>
+sync machine password to keytab = /path/to/keytab2:sync_spns:machine_password
+</programlisting>
+and run:
+<programlisting>
+net ads setspn add wurst/brot at REALM
+net ads keytab create
+</programlisting>
+
+<para>
+Original description of this command:
+</para>
+
+<para>
+Adds a new keytab entry (see section for net ads keytab add). In addition to
+adding entries to the keytab file corresponding Windows SPNs are created
+from the entry passed to this command. These SPN(s) added to the AD computer
+account object associated with the client machine running this command for
+the following entry types;
+  <variablelist>
+    <varlistentry><term>serviceclass</term>
+    <listitem><para>
+    A serviceclass (such as 'cifs', 'html' etc.) is used to create a
+    pair of Windows SPN(s) 'param/full_qualified_dns' &
+    'param/netbios_name' which are added to the AD computer account object
+   for this client.
+    </para></listitem>
+    </varlistentry>
+    <varlistentry><term>Windows SPN</term>
+    <listitem><para>
+    A Windows SPN is of the format 'serviceclass/host:port', it is
+    added as passed to the AD computer account object for this client.
+    </para></listitem>
+    </varlistentry>
+  </variablelist>
+</para>
+</refsect2>
+
 <refsect2>
 <title>ADS setspn <replaceable>SETSPN LIST [machine]</replaceable></title>
 
diff --git a/docs-xml/manpages/vfs_ceph.8.xml b/docs-xml/manpages/vfs_ceph_new.8.xml
similarity index 66%
copy from docs-xml/manpages/vfs_ceph.8.xml
copy to docs-xml/manpages/vfs_ceph_new.8.xml
index 47b5523b9a1..b0640a591a5 100644
--- a/docs-xml/manpages/vfs_ceph.8.xml
+++ b/docs-xml/manpages/vfs_ceph_new.8.xml
@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="iso-8859-1"?>
 <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="vfs_ceph.8">
+<refentry id="vfs_ceph_new.8">
 
 <refmeta>
-	<refentrytitle>vfs_ceph</refentrytitle>
+	<refentrytitle>vfs_ceph_new</refentrytitle>
 	<manvolnum>8</manvolnum>
 	<refmiscinfo class="source">Samba</refmiscinfo>
 	<refmiscinfo class="manual">System Administration tools</refmiscinfo>
@@ -12,15 +12,15 @@
 
 
 <refnamediv>
-	<refname>vfs_ceph</refname>
+	<refname>vfs_ceph_new</refname>
 	<refpurpose>
-		Utilize features provided by CephFS
+		Utilize features provided by libcephfs low-level APIs
 	</refpurpose>
 </refnamediv>
 
 <refsynopsisdiv>
 	<cmdsynopsis>
-		<command>vfs objects = ceph</command>
+		<command>vfs objects = ceph_new</command>
 	</cmdsynopsis>
 </refsynopsisdiv>
 
@@ -32,7 +32,7 @@
 	<manvolnum>8</manvolnum></citerefentry> suite.</para>
 
 	<para>
-		The <command>vfs_ceph</command> VFS module exposes
+		The <command>vfs_ceph_new</command> VFS module exposes
 		CephFS specific features for use by Samba.
 	</para>
 
@@ -51,37 +51,47 @@
 	</para>
 
 	<para>
-		<command>vfs_ceph</command> performs mapping between Windows and
-		POSIX Access Control Lists (ACLs). To ensure correct processing
-		and enforcement of POSIX ACLs, the following Ceph configuration
-		parameters are automatically applied:
+		<command>vfs_ceph_new</command> performs mapping between Windows
+		and POSIX Access Control Lists (ACLs). To ensure correct
+		processing and enforcement of POSIX ACLs, the following Ceph
+		configuration parameters are automatically applied:
 	</para>
 	<programlisting>
 		<command>client acl type = posix_acl</command>
 		<command>fuse default permissions = false</command>
 	</programlisting>
+
+	<para>
+	<emphasis role="strong">NOTE</emphasis>:
+	This is a second implementation of a ceph module which uses libcephfs
+	low-level APIs (compared to the original
+	<citerefentry><refentrytitle>vfs_ceph</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry> module which uses path-based
+	APIs). Using the low-level API allows more optimized and fine-grained
+	access to the Ceph storage layer.
+	</para>
 </refsect1>
 
 <refsect1>
 	<title>CONFIGURATION</title>
 
 	<para>
-		<command>vfs_ceph</command> requires that the underlying share
-		path is a Ceph filesystem.
+		<command>vfs_ceph_new</command> requires that the underlying
+		share path is a Ceph filesystem.
 	</para>
 
 	<programlisting>
 		<smbconfsection name="[share]"/>
-		<smbconfoption name="vfs objects">ceph</smbconfoption>
+		<smbconfoption name="vfs objects">ceph_new</smbconfoption>
 		<smbconfoption name="path">/non-mounted/cephfs/path</smbconfoption>
 		<smbconfoption name="kernel share modes">no</smbconfoption>
 	</programlisting>
 
 	<para>
-		Since <command>vfs_ceph</command> does not require a filesystem
-		mount, the share <command>path</command> is treated differently:
-		it is interpreted as an absolute path within the Ceph filesystem
-		on the attached Ceph cluster.
+		Since <command>vfs_ceph_new</command> does not require a
+		filesystem mount, the share <command>path</command> is treated
+		differently: it is interpreted as an absolute path within the
+		Ceph filesystem on the attached Ceph cluster.
 		In a ctdb cluster environment where ctdb manages Samba,
 		<command>CTDB_SAMBA_SKIP_SHARE_CHECK=yes</command> must be
 		configured to disable local share path checks, otherwise ctdb
@@ -101,20 +111,20 @@
 	<variablelist>
 
 		<varlistentry>
-		<term>ceph:config_file = path</term>
+		<term>ceph_new:config_file = path</term>
 		<listitem>
 		<para>
 			Allows one to define a ceph configfile to use. Empty by default.
 		</para>
 		<para>
-			Example: ceph:config_file =
+			Example: ceph_new:config_file =
 			/etc/ceph/ceph.conf
 		</para>
 		</listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>ceph:user_id = name</term>
+		<term>ceph_new:user_id = name</term>
 		<listitem>
 		<para>
 			Allows one to explicitly set the client ID used for the
@@ -122,22 +132,22 @@
 			client default).
 		</para>
 		<para>
-			Example: ceph:user_id = samba
+			Example: ceph_new:user_id = samba
 		</para>
 		</listitem>
 		</varlistentry>
 
 		<varlistentry>
-		<term>ceph:filesystem = fs_name</term>
+		<term>ceph_new:filesystem = fs_name</term>
 		<listitem>
 		<para>
 			Allows one to explicitly select the CephFS file system
 			to use when the Ceph cluster supports more than one
-			file system. Empty by default (use the default file system
-			of the Ceph cluster).
+			file system. Empty by default (use the default file
+			system of the Ceph cluster).
 		</para>
 		<para>
-			Example: ceph:filesystem = myfs2
+			Example: ceph_new:filesystem = myfs2
 		</para>
 		</listitem>
 		</varlistentry>
diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml
index b7cd988cd19..c9d70580c59 100644
--- a/docs-xml/smbdotconf/security/kerberosmethod.xml
+++ b/docs-xml/smbdotconf/security/kerberosmethod.xml
@@ -35,6 +35,12 @@
 	  <smbconfoption name="dedicated keytab file"/> must be set to
 	  specify the location of the keytab file.
 	</para>
+
+	<para>
+	Suggested configuration is to use the default value 'secrets only' together with the
+	<smbconfoption name="sync machine password to keytab"/> option.
+	</para>
+
 </description>
 <related>dedicated keytab file</related>
 <value type="default">default</value>
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
index 341613372f5..9a7731930d5 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
@@ -8,8 +8,19 @@
 	This is the full pathname to a script that will be run by
         <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> when a machine account password is updated.
 	</para>
+
+    <para>
+    If keytabs should be generated in clustered environments it is recommended to update them on all nodes.
+    You can set the config option to &pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering case.
+    It is also needed to activate the <constant>46.update-keytabs.script</constant> in ctdb,
+    it re-creates the keytab during the ctdb recovered event:
+    <programlisting>
+    onnode all ctdb event script enable legacy 46.update-keytabs.script
+    </programlisting>
+    </para>
+
 </description>
 
 <value type="default"/>
-<value type="example">/usr/sbin/sync_machine_password</value>
+<value type="example">&pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
 </samba:parameter>
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
index b749ecb5c66..4cad9da73f2 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
@@ -67,10 +67,19 @@ Example:
 "/path/to/keytab7:spns=wurst/brot at REALM,wurst2/brot at REALM:sync_kvno:machine_password"
 </programlisting>
 If sync_etypes or sync_kvno or sync_spns is present then winbind connects to DC. For "offline domain join" it might be useful not to use these options.
+</para>
 
+<para>
 If no value is present, winbind uses value <programlisting>/path/to/keytab:sync_spns:sync_kvno:machine_password</programlisting>
 where the path to the keytab is obtained either from the krb5 library or from <smbconfoption name="dedicated keytab file"/>
 </para>
 
+<para>
+    Suggested configuration is together with <smbconfoption name="kerberos method"/> set to the default value 'secrets only'.
+</para>
+
+<para>
+    In clustered environments it is recommended to set <smbconfoption name="sync machine password script"/> to update the machine password on all nodes.
+</para>
 </description>
 </samba:parameter>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 434afacaf1e..967e18a6596 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -78,6 +78,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
                        'vfs_cap',
                        'vfs_catia',
                        'vfs_ceph',
+                       'vfs_ceph_new',
                        'vfs_ceph_snapshots',
                        'vfs_commit',
                        'vfs_crossrename',
diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 1dd136e569b..fd450af16c2 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -66,7 +66,6 @@ static inline int status_code(int ret)
 		errno = -ret;
 		return -1;
 	}
-	errno = 0;
 	return ret;
 }
 
@@ -76,7 +75,6 @@ static inline ssize_t lstatus_code(intmax_t ret)
 		errno = -((int)ret);
 		return -1;
 	}
-	errno = 0;
 	return (ssize_t)ret;
 }
 
diff --git a/source3/modules/vfs_ceph_new.c b/source3/modules/vfs_ceph_new.c
new file mode 100644
index 00000000000..25e78444fb5
--- /dev/null
+++ b/source3/modules/vfs_ceph_new.c
@@ -0,0 +1,3100 @@
+/*
+   Unix SMB/CIFS implementation.
+   Wrap disk only vfs functions to sidestep dodgy compilers.
+   Copyright (C) Tim Potter 1998
+   Copyright (C) Jeremy Allison 2007
+   Copyright (C) Brian Chrisman 2011 <bchrisman at gmail.com>
+   Copyright (C) Richard Sharpe 2011 <realrichardsharpe at gmail.com>
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or


-- 
Samba Shared Repository



More information about the samba-cvs mailing list