[SCM] Samba Shared Repository - branch v4-21-test updated
Stefan Metzmacher
metze at samba.org
Tue Aug 13 16:56:02 UTC 2024
The branch, v4-21-test has been updated
via cf4feb17783 VERSION: Bump version up to Samba 4.21.0rc3...
via 8e440c0a96a VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.
via ac02a513c8f WHATSNEW: Add release notes for Samba 4.21.0rc2.
via 2552df221d4 WHATSNEW: update the "Automatic keytab update after machine password change" section
via 8c0820a9199 docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
via 5129858389d docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
via 4643ddbb7c7 docs:smbdotconf: Improve documentation for 'sync machine password script'
via ed391186250 s3:script: Install winbind_ctdb_updatekeytab.sh
via 5730327bef6 s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
via 80db72bdb3f docs: Add examples to net.8 that use 'sync machine password to keytab'
via 4b6e24cba7b Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
via 7477658193e docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
via ab1db57e9a7 vfs_ceph_new: use 'ceph_new' for config-param prefix
via 0edfc053743 vfs_ceph_new: handle errno properly for 'readdir'
via 7872fbd907b vfs_ceph{_new}: do not set errno upon successful call to libcephfs
via 0d03161324c vfs_ceph_new: Unconditionally use ceph_select_filesystem
via ff2ecedd6f9 docs-xml/manpages: add entry for vfs_ceph_new
via fe3471eb5b2 vfs_ceph_new: common prefix to debug-log messages
via 9de33d3442c vfs_ceph_new: debug-log upon libcephfs low-level calls
via ec119531a4f vfs_ceph_new: use low-level APIs for xattr ops
via e0d2953a847 vfs_ceph_new: use low-level APIs for mknodat
via 9109ed18720 vfs_ceph_new: use low-level APIs for renameat
via 6af3cb81a00 vfs_ceph_new: use low-level APIs for linkat
via 2b1c65948c3 vfs_ceph_new: use low-level APIs for ftruncate/fallocate
via dc207c281cd vfs_ceph_new: use low-level APIs for fsync
via f429baca5cf vfs_ceph_new: use low-level APIs for lseek
via ddb5fcb2faf vfs_ceph_new: use low-level APIs for read/write
via 69b671dcbfe vfs_ceph_new: use low-level APIs for symlink/readlink
via 9278e661146 vfs_ceph_new: use low-level APIs for unlinkat
via 2b660aaf9ed vfs_ceph_new: use low-level APIs for fntimes
via 7780114ab02 vfs_ceph_new: use low-level APIs for fchown/fchmod
via 26851f16fc2 vfs_ceph_new: proper error handling to readdir
via 9fd6c5b41f4 vfs_ceph_new: use low-level APIs for readdir ops
via 5eaa8749468 vfs_ceph_new: use low-level APIs for mkdirat
via 34c848251cd vfs_ceph_new: use low-level APIs for fdopendir
via 655e7a1508c vfs_ceph_new: use low-level APIs for fstatat
via 6fdf1922a99 vfs_ceph_new: use low-level APIs for fstat
via 62a43faa114 vfs_ceph_new: use low-level APIs for open/close
via f3e5d7237be vfs_ceph_new: ref cephmount_cached entry in handle->data
via 7bb3f5f251a vfs_ceph_new: use low-level APIs for lchown
via be427077ce8 vfs_ceph_new: use low-level APIs for statfs
via 8e28065f560 vfs_ceph_new: use low-level APIs for lstat
via 9f68daaccc5 vfs_ceph_new: use low-level APIs for stat
via 5a7f6e4610e vfs_ceph_new: use low-level APIs for disk_free
via 74524c438b7 vfs_ceph_new: next iteration of samba-to-cephfs bridge
from b375043d62c script/autobuild.py: do some basic testing using --without-winbind
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit cf4feb177837b396bef40e3ff15adb9f11273f6e
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 13 17:35:36 2024 +0200
VERSION: Bump version up to Samba 4.21.0rc3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Tue Aug 13 16:55:05 UTC 2024 on atb-devel-224
commit 8e440c0a96aad8274435727812e89924559aeeff
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 13 17:34:52 2024 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit ac02a513c8f52f435997df5630401f9bef2177bd
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Aug 13 17:10:01 2024 +0200
WHATSNEW: Add release notes for Samba 4.21.0rc2.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 2552df221d4786782940683f3d2f2389ef56f519
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 6 08:42:34 2024 +0200
WHATSNEW: update the "Automatic keytab update after machine password change" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
commit 8c0820a9199ed837bc0f9a96e582f67f1a8366fe
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 12 11:49:14 2024 +0200
docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 13 15:27:26 UTC 2024 on atb-devel-224
(cherry picked from commit 9e4074d4268e34cf93f79cd1108e7dc661ad3845)
commit 5129858389d5b1e9f40b36e0c09f0655e435b182
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 12 11:49:14 2024 +0200
docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2dd81ec2bea46ad6caa6e40194eae4340f4acc7d)
commit 4643ddbb7c76fc8348928685fb5adfb84a780eb3
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 12 11:49:14 2024 +0200
docs:smbdotconf: Improve documentation for 'sync machine password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ca7acec952b0e6154927b28b1afa3e9318f22035)
commit ed391186250aea6f9e74d80c064d3810971368ce
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 12 10:44:19 2024 +0200
s3:script: Install winbind_ctdb_updatekeytab.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9f0183a9f55e52b09c6ae9f6c8badad6ba85bb64)
commit 5730327bef615c0c934ce84152a3bd74a1542970
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Mon Aug 12 11:49:35 2024 +0200
s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit adcad1b537ce2e2e213b72131517233a8d2d91fd)
commit 80db72bdb3f55776f5b871e3055d0ad477aacace
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 6 23:31:21 2024 +0200
docs: Add examples to net.8 that use 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit cb774a74c4e1cc03ad0267cc68b93c06738e2ce6)
commit 4b6e24cba7bb2a4464056aad7bdc4d1f4a4265ea
Author: Pavel Filipenský <pfilipensky at samba.org>
Date: Tue Aug 6 23:22:42 2024 +0200
Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
This reverts commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 51784e80f2bdf84c296badba2caea800ce3813db)
commit 7477658193eb6e310c631a2ad39082cafb284843
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Aug 5 19:12:29 2024 +0300
docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
With 'ceph_new' prefix used by vfs_ceph_new for config parameters,
update the relevant man-page accordingly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Aug 8 13:54:34 UTC 2024 on atb-devel-224
(cherry picked from commit 68f0835c8e1c5029cd831c267b75c02185b206c7)
commit ab1db57e9a775c958831ec112bbcc1244c643036
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Aug 5 16:21:10 2024 +0300
vfs_ceph_new: use 'ceph_new' for config-param prefix
Use explicit 'ceph_new' prefix to each of the ceph specific config
parameters to avoid confusion with legacy 'vfs_ceph' module. Hence,
users will have in their smb.conf a format similar to:
...
[smbshare]
vfs objects = ceph_new
ceph_new: config_file = /etc/ceph/ceph.conf
ceph_new: user_id = user1
ceph_new: filesystem = fs1
...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit aca4cf8327dcaef782dedd98a63a020469c45cdb)
commit 0edfc053743ef929784824a67749e1eb683e5dc2
Author: Shachar Sharon <ssharon at redhat.com>
Date: Tue Jul 30 17:36:09 2024 +0300
vfs_ceph_new: handle errno properly for 'readdir'
Take special care for readdir errno setting: in case of error, update
errno by libcephfs (and protect from possible over-write by debug
logging); in the case of successful result or end-of-stream restore
errno to its previous value before calling the readdir_fn VFS hook.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Aug 7 14:20:02 UTC 2024 on atb-devel-224
(cherry picked from commit aa043a5808b73fc272de585c1446372fa3f21d08)
commit 7872fbd907b6917e1863a3df9fb50b0b6139ea2e
Author: Shachar Sharon <ssharon at redhat.com>
Date: Tue Jul 30 09:55:44 2024 +0300
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
There is code in Samba that expects errno from a previous system call
to be preserved through a subsequent system call. Thus, avoid setting
"errno = 0" in status_code() and lstatus_code() upon successful return
from libcephfs API call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a7f4e2bd47c7f4728f3ac8d90af693156a69c557)
commit 0d03161324ce7d89606c75bb957cf78bbb81c3b6
Author: Anoop C S <anoopcs at samba.org>
Date: Fri Aug 2 11:10:28 2024 +0530
vfs_ceph_new: Unconditionally use ceph_select_filesystem
Currently we don't have an explicit check for the presence of
ceph_select_filesystem() libcephfs API as it is always found to
be present with the minimum ceph version that is supported with
Samba right now. Therefore under this assumption directly call
ceph_select_filesystem() without any #ifdefs. Please note that
this change is already part of vfs_ceph via ef0068cd.
ref: https://gitlab.com/samba-team/samba/-/merge_requests/3715
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Aug 5 16:06:47 UTC 2024 on atb-devel-224
(cherry picked from commit de2f76fa47e6e672ce353ea9d3dc4019965c6491)
commit ff2ecedd6f9fd9fa8b2b6278e9a0339c9d8b03b0
Author: Shachar Sharon <ssharon at redhat.com>
Date: Tue Feb 20 19:37:45 2024 +0200
docs-xml/manpages: add entry for vfs_ceph_new
Create man entry for the newly added vfs_ceph_new module: almost
identical to existing vfs_ceph, except to the configuration entry:
[sharename]
vfs objects = ceph_new
...
Adds a bit of info for the motivation behind this new module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d8c84a2993b84ebb69011c33c1b5d44801c15363)
commit fe3471eb5b293547ad1c3342f71f445e08f8f6ae
Author: Shachar Sharon <ssharon at redhat.com>
Date: Tue Jul 16 14:33:16 2024 +0300
vfs_ceph_new: common prefix to debug-log messages
Keep logging consistent: add "[CEPH] " prefix to DBG_DEBUG log messages
where missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Jul 29 15:58:15 UTC 2024 on atb-devel-224
(cherry picked from commit 3bb6d441bf047bef6d95675057cecd3865a25540)
commit 9de33d3442c93dfd8bb81d1ac0d8888065a91f0f
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 26 17:24:37 2024 +0300
vfs_ceph_new: debug-log upon libcephfs low-level calls
Add developer's debug-logging upon each call to libcephfs' low-level
APIs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d00f20f30f4e77463e82d202099682b7ef68260f)
commit ec119531a4f386c32aa4d5d06521a15d1ffb7702
Author: Shachar Sharon <ssharon at redhat.com>
Date: Sun Jun 23 14:57:10 2024 +0300
vfs_ceph_new: use low-level APIs for xattr ops
Implement extended-attributes operations using libcephfs' low-level
APIs. Whenever possible, use the open file-handle from fsp-extension to
resolve inode-reference and user-permissions. Otherwise, resolve both
on-the-fly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 0a8445e891c64d703d44258b2eef85296265c55f)
commit e0d2953a847b784b2157cf0a48b4c25036b1a53a
Author: Shachar Sharon <ssharon at redhat.com>
Date: Sun Jun 23 13:08:25 2024 +0300
vfs_ceph_new: use low-level APIs for mknodat
Implement mknodat operations using libcephfs' low-level APIs. Requires
parent directory to have valid inode-ref associated with its fsp
extension.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e714e5ddc50a771e743f5e63f686c106abe33b75)
commit 9109ed18720972474816fa192f52f9f743deb20d
Author: Shachar Sharon <ssharon at redhat.com>
Date: Sun Jun 23 12:47:19 2024 +0300
vfs_ceph_new: use low-level APIs for renameat
Implement renameat operations using libcephfs' low-level APIs. Requires
both directories to have valid inode-ref associated with their fsp
extension.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 83011357fb834e92505f17d6f65d5f32e3d37ec0)
commit 6af3cb81a00c50c4d1b2a812ef1a6d02c8ec0b1a
Author: Shachar Sharon <ssharon at redhat.com>
Date: Thu Jun 20 22:46:52 2024 +0300
vfs_ceph_new: use low-level APIs for linkat
Implement link operations using libcephfs' low-level APIs. Requires two
phase operation: resolve (by-lookup) reference to inode and then do the
actual (hard) link operation using parent dir-inode reference to the
locally-cached inode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 9a70bd606728110ad91cab547a4e31350010bb68)
commit 2b1c65948c3b9d31adbbd283382c5bf88f08e436
Author: Shachar Sharon <ssharon at redhat.com>
Date: Thu Jun 20 14:58:34 2024 +0300
vfs_ceph_new: use low-level APIs for ftruncate/fallocate
Implement ftruncate/fallocate operations using libcephfs' low-level
APIs. Requires open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit b536bf1fa87fb794e2992ab5368f41fdba80e3ad)
commit dc207c281cde80429d80232c7791b71e34d5e013
Author: Shachar Sharon <ssharon at redhat.com>
Date: Thu Jun 20 12:43:39 2024 +0300
vfs_ceph_new: use low-level APIs for fsync
Implement fsync operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e15586fc6097565208011c556282d83eeec2230b)
commit f429baca5cf070581de37ba372f001f6bcae2186
Author: Shachar Sharon <ssharon at redhat.com>
Date: Thu Jun 20 12:23:03 2024 +0300
vfs_ceph_new: use low-level APIs for lseek
Implement lseek operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 30c1a613fee3f625c0559e49e037af9fad04c3b8)
commit ddb5fcb2faf4085ce4d613df18ca6435cf93c310
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 19 17:52:45 2024 +0300
vfs_ceph_new: use low-level APIs for read/write
Implement read/write IO operations using libcephfs' low-level APIs.
Requires open ceph Fh* associated with fsp (extension) to complete both
pread/pwrite as well as async I/O operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 29bbe0f52d4ffae9dbb070ffc525acf99203444b)
commit 69b671dcbfe7f933efe2addbe5f3d66203839506
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 26 13:46:54 2024 +0300
vfs_ceph_new: use low-level APIs for symlink/readlink
Implement unlinkat using libcephfs low-level APIs. For readlink
operation need to resolve child inode by-lookup and then used the inode
reference for the actual low-level readlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 53c9269b219a54236500d22d8a4c7f2ed582faaf)
commit 9278e661146d89df128b6b9728b21fcc88b1a0b2
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 19 14:27:24 2024 +0300
vfs_ceph_new: use low-level APIs for unlinkat
Implement unlinkat using libcephfs low-level APIs. Operate using parent
directory's open file-handle. When flags has AT_REMOVEDIR bit set call
low-level rmdir; otherwise, do normal unlink.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 362a7cf8664270145bff815347e447797cc1a643)
commit 2b660aaf9ed39fd32ff5cee9063865f7a94aef7f
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 19 13:59:53 2024 +0300
vfs_ceph_new: use low-level APIs for fntimes
Implement fntimes hook using libcephfs' low-level APIs. Convert
smb_file_time to ceph_statx plus proper field mask on-the-fly upon
issuing low-level call to libcephfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 20b7d2bfe06beefb5e7f091eb317ad18cb53f8a9)
commit 7780114ab028c9cbf20a832b28eed75619afef91
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 19 12:48:14 2024 +0300
vfs_ceph_new: use low-level APIs for fchown/fchmod
Use libcephfs' low-level APIs to implement 'fchown' and 'fchmod' using
open file-handle. If fsp does not have an open cephfs Fh reference,
set errno to EBADF and return -1 to VFS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit cb14d3630d8c110405c2a43bef15aa31ec4a0fba)
commit 26851f16fc2fb0e373871eece566a47b3d8e9a8b
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jul 17 11:41:13 2024 +0300
vfs_ceph_new: proper error handling to readdir
Error handling in the case of 'ceph_readdir' is done by setting 'errno'
deep within libcephfs code. In case of error, emit proper debug message
and re-update errno to avoid possible over-write by logging mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 24a3423949e127177c019a0d126c6f7523e61984)
commit 9fd6c5b41f4cff0671aed7d786624ac35e495fcd
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Jun 24 13:33:05 2024 +0300
vfs_ceph_new: use low-level APIs for readdir ops
Implement readdir and rewinddir operations using libcephfs' low-level
APIs. Casts the opaque DIR pointer into struct vfs_ceph_dirp (the first
member of struct vfs_ceph_fh) to resolve the ceph_dir_result pointer
which libcephfs expects for readdir operations.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 99c7179e5da6d201f03b1a04dbe2a6722090783d)
commit 5eaa87494688c8c647ad723e335a198376a030e8
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 19 11:55:27 2024 +0300
vfs_ceph_new: use low-level APIs for mkdirat
Implement 'mkdirat' hook using libcephfs' low-level APIs, via the open
file-handle reference to parent directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit bd955af86e71fa6c87648e578890ea6f4d490d4b)
commit 34c848251cd61fc8eef1bfb7238c5944ae8e8545
Author: Shachar Sharon <ssharon at redhat.com>
Date: Tue Jun 18 17:20:59 2024 +0300
vfs_ceph_new: use low-level APIs for fdopendir
Implement fdopendir using libcephfs low-level API and cached (via fsp)
open file-handle. Embed the result within cached vfs_ceph_fh so it may
be used properly by closedir.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a8a7339c6b7a6866399fd6c409228267a585740f)
commit 655e7a1508cd2f8a4dd4c698f38f2af0a0af126a
Author: Shachar Sharon <ssharon at redhat.com>
Date: Wed Jun 19 12:35:11 2024 +0300
vfs_ceph_new: use low-level APIs for fstatat
Use libcephfs' low-level APIs to do lookup-by-name via parent's open
reference followed by getattr on the inode itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 13671cefffb268d84c973583669681318a2ce3bb)
commit 6fdf1922a99becf6b03d6a5f5049d7d8ccdd2470
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Jun 24 11:39:43 2024 +0300
vfs_ceph_new: use low-level APIs for fstat
Use libcephfs' low-level APIs and apply the same logic as stat, but
via explicit inode-reference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit f16183f90abba3c2d3d26262926f1454275a9d3f)
commit 62a43faa114fb18365c9f720ffc75570c2fb126d
Author: Shachar Sharon <ssharon at redhat.com>
Date: Tue Jun 18 15:02:52 2024 +0300
vfs_ceph_new: use low-level APIs for open/close
Implement openat, close and closedir and hooks using libcephfs'
low-level APIs. Cache the open Fh* from libcephfs and its related
meta-data using VFS fsp-extension mechanism.
Upon open-create of new vfs_ceph_fh store the caller credentials
(ceph's UserPerm*) within the same context object for subsequent calls.
In addition, provide a "pseudo" fd numbering which is reported back to
VFS layer and used as debugging hints.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 491676846458980944b76d1693726627a9a32503)
commit f3e5d7237bea4e7fa1935c18f185cb76730d1160
Author: Shachar Sharon <ssharon at redhat.com>
Date: Tue Jun 18 12:58:52 2024 +0300
vfs_ceph_new: ref cephmount_cached entry in handle->data
Allow direct access to ceph-mount cached-entry via 'handle->data'
private pointer. Required in order to allow more complex cached-state
with each cephfs mount. Users should now use the local-helper function
'cmount_of' to access the underlying ceph_mount_info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 31085c7efc3572bd6200d3d8e49c1e554cdbfbcc)
commit 7bb3f5f251a0158195dcc6a7ec826ccdbd70e04d
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Jun 17 16:59:05 2024 +0300
vfs_ceph_new: use low-level APIs for lchown
Use libcephfs' low-level API ceph_ll_setattr to implement VFS lchown_fn
hook. Use to standard pattern of iget/iput to allow operation by Inode
reference.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit beb21324c9a554f50d8d99af2a1b7fe8a17c8ebb)
commit be427077ce8e19ee2fa2e6f481ae40c321e1cb20
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Jun 17 18:02:07 2024 +0300
vfs_ceph_new: use low-level APIs for statfs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 47224fbdeb55100cf8a7ee75e13b954ab71fc158)
commit 8e28065f560d611a35a182d5ceef426110b3dbbf
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Jun 17 15:57:42 2024 +0300
vfs_ceph_new: use low-level APIs for lstat
Use libcephfs' low-level APIs and apply the same logic as stat, but
using AT_SYMLINK_NOFOLLOW flags.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 93d786b14358db5664e13b1aa43f3f03e7cf0be3)
commit 9f68daaccc5cfc3a448b0cb1500f98cf0a13b078
Author: Shachar Sharon <ssharon at redhat.com>
Date: Mon Jun 17 12:11:18 2024 +0300
vfs_ceph_new: use low-level APIs for stat
Start migrating to libcephfs' low-level APIs, using explicit Inode*
reference. Implement the VFS 'stat' hook using a ceph_ll_getattr
function, encapsulated with a pair of iget/iput to hold a
pinned-to-cache Inode* instance.
Upon calling to libcephfs this new code crates and destroys on-the-fly
a Ceph UserPerm instance based on the uig, gid and groups from
'handle->conn->session_info->unix_token'. This logic ensures that the
correct caller-credentials are passed-on to cephfs (instead of those
set upon connection-creation in legacy 'vfs_ceph.c').
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 1b78d79663c48aa4b6810a875427de85ae49a2e8)
commit 5a7f6e4610e6abe2b39b453534fe3e417e3771ba
Author: Shachar Sharon <ssharon at redhat.com>
Date: Sun Jun 16 14:50:08 2024 +0300
vfs_ceph_new: use low-level APIs for disk_free
Start using libcephfs low-level APIs: get reference to root inode and
use it to query statfs. Requires an explicit put-inode to avoid resource
leakage by libcephfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 192b0cf8717d79197b985539c9db8ca07a89c570)
commit 74524c438b7da962c352d1f5150a813c62942c9a
Author: Shachar Sharon <ssharon at redhat.com>
Date: Thu Jun 13 15:54:48 2024 +0300
vfs_ceph_new: next iteration of samba-to-cephfs bridge
Defined new module 'vfs_ceph_new.c' which serves as a place holder for
the next development phase of the bridge between samba's VFS layer and
libcephfs. Begin with a module which is almost identical to existing
'vfs_ceph.c', except for hooks-names prefix which is 'vfs_ceph_' in
order to make clear distinction from existing code base. Following
commits will also switch to low-level APIs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 3720452720b4760509875f0d2a8ed0d104bb1844)
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 46 +-
docs-xml/manpages/net.8.xml | 131 +
.../{vfs_ceph.8.xml => vfs_ceph_new.8.xml} | 60 +-
docs-xml/smbdotconf/security/kerberosmethod.xml | 6 +
.../security/syncmachinepasswordscript.xml | 13 +-
.../security/syncmachinepasswordtokeytab.xml | 9 +
docs-xml/wscript_build | 1 +
source3/modules/vfs_ceph.c | 2 -
source3/modules/vfs_ceph_new.c | 3100 ++++++++++++++++++++
source3/modules/wscript_build | 10 +
...pdatekeytab.sh => winbind_ctdb_updatekeytab.sh} | 0
source3/script/wscript_build | 1 +
source3/wscript | 1 +
14 files changed, 3348 insertions(+), 34 deletions(-)
copy docs-xml/manpages/{vfs_ceph.8.xml => vfs_ceph_new.8.xml} (66%)
create mode 100644 source3/modules/vfs_ceph_new.c
rename source3/script/{updatekeytab.sh => winbind_ctdb_updatekeytab.sh} (100%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 697f19e0685..f238be6253e 100644
--- a/VERSION
+++ b/VERSION
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9d5c0bac515..c42c8cdb142 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the first release candidate of Samba 4.21. This is *not*
+This is the second release candidate of Samba 4.21. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -231,11 +231,13 @@ keytab' as in these examples:
A new parameter 'sync machine password script' allows to specify external script
-that will be triggered after the automatic keytab update. Example of such script
-that can be used in a cluster environment with ctdb is
-source3/script/updatekeytab.sh
+that will be triggered after the automatic keytab update. If keytabs should be
+generated in clustered environments it is recommended to update them on all
+nodes. Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and
+46.update-keytabs.script in section 'sync machine password script' for details.
+
+For detailed information check the smb.conf(5) and net(8) manpages.
-For detailed information check the smb.conf(5) manpage.
REMOVED FEATURES
================
@@ -268,6 +270,40 @@ smb.conf changes
sync machine password script script
+CHANGES SINCE 4.21.0rc1
+=======================
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+o Anoop C S <anoopcs at samba.org>
+ * BUG 15686: Add new vfs_ceph module (based on low level API)
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+o Jo Sutton <josutton at catalyst.net.nz>
+ * BUG 15690: ldb_version.h is missing from ldb public library
+
+o Pavel Filipenský <pfilipensky at samba.org>
+ * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
+
+o Shachar Sharon <ssharon at redhat.com>
+ * BUG 15686: Add new vfs_ceph module (based on low level API)
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+ * BUG 15687: undefined reference to winbind_lookup_name_ex
+ * BUG 15688: per user veto and hide file syntax is to complex
+ * BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15688: per user veto and hide file syntax is to complex
+
+
KNOWN ISSUES
============
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 61a1e6362ce..e633c8c7c6a 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1557,6 +1557,137 @@ are made to the computer AD account.
</para>
</refsect2>
+<refsect2>
+<title>(Removed!) ADS KEYTAB <replaceable>ADD</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+
+<para>
+This command is no longer available in Samba 4.21.0 and newer. See <smbconfoption name="sync machine password to keytab"/> for replacement.
+</para>
+
+To replace e.g. call of
+<programlisting>
+net ads keytab add wurst/brot at REALM
+</programlisting>
+Add to smb.conf:
+<programlisting>
+sync machine password to keytab = /path/to/keytab1:spns=wurst/brot at REALM:machine_password
+</programlisting>
+and run:
+<programlisting>
+net ads keytab create
+</programlisting>
+
+<para>
+Original description of this command:
+</para>
+<para>
+Adds a new keytab entry, the entry can be either;
+ <variablelist>
+ <varlistentry><term>kerberos principal</term>
+ <listitem><para>
+ A kerberos principal (identified by the presence of '@') is just
+ added to the keytab file.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry><term>machinename</term>
+ <listitem><para>
+ A machinename (identified by the trailing '$') is used to create a
+ a kerberos principal 'machinename at realm' which is added to the
+ keytab file.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry><term>serviceclass</term>
+ <listitem><para>
+ A serviceclass (such as 'cifs', 'html' etc.) is used to create a pair
+ of kerberos principals 'serviceclass/fully_qualified_dns_name at realm' &
+ 'serviceclass/netbios_name at realm' which are added to the keytab file.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry><term>Windows SPN</term>
+ <listitem><para>
+ A Windows SPN is of the format 'serviceclass/host:port', it is used to
+ create a kerberos principal 'serviceclass/host at realm' which will
+ be written to the keytab file.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</para>
+<para>
+Unlike old versions no computer AD objects are modified by this command. To
+preserve the behaviour of older clients 'net ads keytab ad_update_ads' is
+available.
+</para>
+</refsect2>
+
+<refsect2>
+<title>(Removed!) ADS KEYTAB <replaceable>DELETE</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+
+<para>
+This command is no longer available in Samba 4.21.0 and newer. See <smbconfoption name="sync machine password to keytab"/> for replacement.
+</para>
+
+<para>
+To replace e.g. call of
+<programlisting>
+net ads keytab delete wurst/brot at REALM
+</programlisting>
+Delete from <smbconfoption name="sync machine password to keytab"/> principal "wurst/brot at REALM" and run:
+<programlisting>
+net ads keytab create
+</programlisting>
+
+</para>
+</refsect2>
+
+<refsect2>
+<title>(Removed!) ADS KEYTAB <replaceable>ADD_UPDATE_ADS</replaceable> <replaceable>(principal | machine | serviceclass | windows SPN</replaceable></title>
+<para>
+This command is no longer available in Samba 4.21.0 and newer. See <smbconfoption name="sync machine password to keytab"/> for replacement.
+</para>
+
+To replace e.g. call of
+<programlisting>
+net ads keytab add_update_ads wurst/brot at REALM
+</programlisting>
+Add to smb.conf:
+<programlisting>
+sync machine password to keytab = /path/to/keytab2:sync_spns:machine_password
+</programlisting>
+and run:
+<programlisting>
+net ads setspn add wurst/brot at REALM
+net ads keytab create
+</programlisting>
+
+<para>
+Original description of this command:
+</para>
+
+<para>
+Adds a new keytab entry (see section for net ads keytab add). In addition to
+adding entries to the keytab file corresponding Windows SPNs are created
+from the entry passed to this command. These SPN(s) added to the AD computer
+account object associated with the client machine running this command for
+the following entry types;
+ <variablelist>
+ <varlistentry><term>serviceclass</term>
+ <listitem><para>
+ A serviceclass (such as 'cifs', 'html' etc.) is used to create a
+ pair of Windows SPN(s) 'param/full_qualified_dns' &
+ 'param/netbios_name' which are added to the AD computer account object
+ for this client.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry><term>Windows SPN</term>
+ <listitem><para>
+ A Windows SPN is of the format 'serviceclass/host:port', it is
+ added as passed to the AD computer account object for this client.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</para>
+</refsect2>
+
<refsect2>
<title>ADS setspn <replaceable>SETSPN LIST [machine]</replaceable></title>
diff --git a/docs-xml/manpages/vfs_ceph.8.xml b/docs-xml/manpages/vfs_ceph_new.8.xml
similarity index 66%
copy from docs-xml/manpages/vfs_ceph.8.xml
copy to docs-xml/manpages/vfs_ceph_new.8.xml
index 47b5523b9a1..b0640a591a5 100644
--- a/docs-xml/manpages/vfs_ceph.8.xml
+++ b/docs-xml/manpages/vfs_ceph_new.8.xml
@@ -1,9 +1,9 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="vfs_ceph.8">
+<refentry id="vfs_ceph_new.8">
<refmeta>
- <refentrytitle>vfs_ceph</refentrytitle>
+ <refentrytitle>vfs_ceph_new</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
@@ -12,15 +12,15 @@
<refnamediv>
- <refname>vfs_ceph</refname>
+ <refname>vfs_ceph_new</refname>
<refpurpose>
- Utilize features provided by CephFS
+ Utilize features provided by libcephfs low-level APIs
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
- <command>vfs objects = ceph</command>
+ <command>vfs objects = ceph_new</command>
</cmdsynopsis>
</refsynopsisdiv>
@@ -32,7 +32,7 @@
<manvolnum>8</manvolnum></citerefentry> suite.</para>
<para>
- The <command>vfs_ceph</command> VFS module exposes
+ The <command>vfs_ceph_new</command> VFS module exposes
CephFS specific features for use by Samba.
</para>
@@ -51,37 +51,47 @@
</para>
<para>
- <command>vfs_ceph</command> performs mapping between Windows and
- POSIX Access Control Lists (ACLs). To ensure correct processing
- and enforcement of POSIX ACLs, the following Ceph configuration
- parameters are automatically applied:
+ <command>vfs_ceph_new</command> performs mapping between Windows
+ and POSIX Access Control Lists (ACLs). To ensure correct
+ processing and enforcement of POSIX ACLs, the following Ceph
+ configuration parameters are automatically applied:
</para>
<programlisting>
<command>client acl type = posix_acl</command>
<command>fuse default permissions = false</command>
</programlisting>
+
+ <para>
+ <emphasis role="strong">NOTE</emphasis>:
+ This is a second implementation of a ceph module which uses libcephfs
+ low-level APIs (compared to the original
+ <citerefentry><refentrytitle>vfs_ceph</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> module which uses path-based
+ APIs). Using the low-level API allows more optimized and fine-grained
+ access to the Ceph storage layer.
+ </para>
</refsect1>
<refsect1>
<title>CONFIGURATION</title>
<para>
- <command>vfs_ceph</command> requires that the underlying share
- path is a Ceph filesystem.
+ <command>vfs_ceph_new</command> requires that the underlying
+ share path is a Ceph filesystem.
</para>
<programlisting>
<smbconfsection name="[share]"/>
- <smbconfoption name="vfs objects">ceph</smbconfoption>
+ <smbconfoption name="vfs objects">ceph_new</smbconfoption>
<smbconfoption name="path">/non-mounted/cephfs/path</smbconfoption>
<smbconfoption name="kernel share modes">no</smbconfoption>
</programlisting>
<para>
- Since <command>vfs_ceph</command> does not require a filesystem
- mount, the share <command>path</command> is treated differently:
- it is interpreted as an absolute path within the Ceph filesystem
- on the attached Ceph cluster.
+ Since <command>vfs_ceph_new</command> does not require a
+ filesystem mount, the share <command>path</command> is treated
+ differently: it is interpreted as an absolute path within the
+ Ceph filesystem on the attached Ceph cluster.
In a ctdb cluster environment where ctdb manages Samba,
<command>CTDB_SAMBA_SKIP_SHARE_CHECK=yes</command> must be
configured to disable local share path checks, otherwise ctdb
@@ -101,20 +111,20 @@
<variablelist>
<varlistentry>
- <term>ceph:config_file = path</term>
+ <term>ceph_new:config_file = path</term>
<listitem>
<para>
Allows one to define a ceph configfile to use. Empty by default.
</para>
<para>
- Example: ceph:config_file =
+ Example: ceph_new:config_file =
/etc/ceph/ceph.conf
</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>ceph:user_id = name</term>
+ <term>ceph_new:user_id = name</term>
<listitem>
<para>
Allows one to explicitly set the client ID used for the
@@ -122,22 +132,22 @@
client default).
</para>
<para>
- Example: ceph:user_id = samba
+ Example: ceph_new:user_id = samba
</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>ceph:filesystem = fs_name</term>
+ <term>ceph_new:filesystem = fs_name</term>
<listitem>
<para>
Allows one to explicitly select the CephFS file system
to use when the Ceph cluster supports more than one
- file system. Empty by default (use the default file system
- of the Ceph cluster).
+ file system. Empty by default (use the default file
+ system of the Ceph cluster).
</para>
<para>
- Example: ceph:filesystem = myfs2
+ Example: ceph_new:filesystem = myfs2
</para>
</listitem>
</varlistentry>
diff --git a/docs-xml/smbdotconf/security/kerberosmethod.xml b/docs-xml/smbdotconf/security/kerberosmethod.xml
index b7cd988cd19..c9d70580c59 100644
--- a/docs-xml/smbdotconf/security/kerberosmethod.xml
+++ b/docs-xml/smbdotconf/security/kerberosmethod.xml
@@ -35,6 +35,12 @@
<smbconfoption name="dedicated keytab file"/> must be set to
specify the location of the keytab file.
</para>
+
+ <para>
+ Suggested configuration is to use the default value 'secrets only' together with the
+ <smbconfoption name="sync machine password to keytab"/> option.
+ </para>
+
</description>
<related>dedicated keytab file</related>
<value type="default">default</value>
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
index 341613372f5..9a7731930d5 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordscript.xml
@@ -8,8 +8,19 @@
This is the full pathname to a script that will be run by
<citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> when a machine account password is updated.
</para>
+
+ <para>
+ If keytabs should be generated in clustered environments it is recommended to update them on all nodes.
+ You can set the config option to &pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh in clustering case.
+ It is also needed to activate the <constant>46.update-keytabs.script</constant> in ctdb,
+ it re-creates the keytab during the ctdb recovered event:
+ <programlisting>
+ onnode all ctdb event script enable legacy 46.update-keytabs.script
+ </programlisting>
+ </para>
+
</description>
<value type="default"/>
-<value type="example">/usr/sbin/sync_machine_password</value>
+<value type="example">&pathconfig.SAMBA_DATADIR;/scripts/winbind_ctdb_updatekeytab.sh</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
index b749ecb5c66..4cad9da73f2 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
@@ -67,10 +67,19 @@ Example:
"/path/to/keytab7:spns=wurst/brot at REALM,wurst2/brot at REALM:sync_kvno:machine_password"
</programlisting>
If sync_etypes or sync_kvno or sync_spns is present then winbind connects to DC. For "offline domain join" it might be useful not to use these options.
+</para>
+<para>
If no value is present, winbind uses value <programlisting>/path/to/keytab:sync_spns:sync_kvno:machine_password</programlisting>
where the path to the keytab is obtained either from the krb5 library or from <smbconfoption name="dedicated keytab file"/>
</para>
+<para>
+ Suggested configuration is together with <smbconfoption name="kerberos method"/> set to the default value 'secrets only'.
+</para>
+
+<para>
+ In clustered environments it is recommended to set <smbconfoption name="sync machine password script"/> to update the machine password on all nodes.
+</para>
</description>
</samba:parameter>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 434afacaf1e..967e18a6596 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -78,6 +78,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
'vfs_cap',
'vfs_catia',
'vfs_ceph',
+ 'vfs_ceph_new',
'vfs_ceph_snapshots',
'vfs_commit',
'vfs_crossrename',
diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 1dd136e569b..fd450af16c2 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -66,7 +66,6 @@ static inline int status_code(int ret)
errno = -ret;
return -1;
}
- errno = 0;
return ret;
}
@@ -76,7 +75,6 @@ static inline ssize_t lstatus_code(intmax_t ret)
errno = -((int)ret);
return -1;
}
- errno = 0;
return (ssize_t)ret;
}
diff --git a/source3/modules/vfs_ceph_new.c b/source3/modules/vfs_ceph_new.c
new file mode 100644
index 00000000000..25e78444fb5
--- /dev/null
+++ b/source3/modules/vfs_ceph_new.c
@@ -0,0 +1,3100 @@
+/*
+ Unix SMB/CIFS implementation.
+ Wrap disk only vfs functions to sidestep dodgy compilers.
+ Copyright (C) Tim Potter 1998
+ Copyright (C) Jeremy Allison 2007
+ Copyright (C) Brian Chrisman 2011 <bchrisman at gmail.com>
+ Copyright (C) Richard Sharpe 2011 <realrichardsharpe at gmail.com>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
--
Samba Shared Repository
More information about the samba-cvs
mailing list