Status of SMB2 and SMB3 development in Samba SDC 2012 Michael Adam - - PowerPoint PPT Presentation

Status of SMB2 and SMB3 development in Samba SDC 2012

Michael Adam

• bnox@samba.org

Samba Team / SerNet

2012-09-17

Hi there!

Oh ... ... please interrupt with questions!

Michael Adam SMB2+ in Samba (3 / 20)

SMB2 in Samba

◮ Only SMB 2.0 supported in currently

released code

◮ experimental support in version 3.5 ◮ SMB 2.0 officially supported in Samba

3.6

◮ Missing feature: durable file handles Michael Adam SMB2+ in Samba (4 / 20)

SMB2 in Samba

◮ Only SMB 2.0 supported in currently

released code

◮ experimental support in version 3.5 ◮ SMB 2.0 officially supported in Samba

3.6

◮ Missing feature: durable file handles Michael Adam SMB2+ in Samba (4 / 20)

SMB2 in Samba

◮ Only SMB 2.0 supported in currently

released code

◮ experimental support in version 3.5 ◮ SMB 2.0 officially supported in Samba

3.6

◮ Missing feature: durable file handles Michael Adam SMB2+ in Samba (4 / 20)

SMB2 in Samba

◮ Only SMB 2.0 supported in currently

released code

◮ experimental support in version 3.5 ◮ SMB 2.0 officially supported in Samba

3.6

◮ Missing feature: durable file handles Michael Adam SMB2+ in Samba (4 / 20)

SMB2 in Samba

◮ Only SMB 2.0 supported in currently

released code

◮ experimental support in version 3.5 ◮ SMB 2.0 officially supported in Samba

3.6

◮ Missing feature: durable file handles Michael Adam SMB2+ in Samba (4 / 20)

SMB2+

◮ SMB 2.0:

◮ durable file handles

◮ SMB 2.1:

◮ multi-credit / large mtu ◮ dynamic reauthentication ◮ leasing ◮ resilient file handles

◮ SMB 3.0 (tpfka SMB 2.2):

◮ new crypto (sign/encrypt) ◮ secure negotiation ◮ durable handles v2 ◮ persistent file handles ◮ multi-channel ◮ SMB direct ◮ cluster features ◮ ...

Michael Adam SMB2+ in Samba (5 / 20)

SMB2+

◮ SMB 2.0:

◮ durable file handles

◮ SMB 2.1:

◮ multi-credit / large mtu ◮ dynamic reauthentication ◮ leasing ◮ resilient file handles

◮ SMB 3.0 (tpfka SMB 2.2):

◮ new crypto (sign/encrypt) ◮ secure negotiation ◮ durable handles v2 ◮ persistent file handles ◮ multi-channel ◮ SMB direct ◮ cluster features ◮ ...

Michael Adam SMB2+ in Samba (5 / 20)

SMB2+

◮ SMB 2.0:

◮ durable file handles

◮ SMB 2.1:

◮ multi-credit / large mtu ◮ dynamic reauthentication ◮ leasing ◮ resilient file handles

◮ SMB 3.0 (tpfka SMB 2.2):

◮ new crypto (sign/encrypt) ◮ secure negotiation ◮ durable handles v2 ◮ persistent file handles ◮ multi-channel ◮ SMB direct ◮ cluster features ◮ ...

Michael Adam SMB2+ in Samba (5 / 20)

SMB2+

◮ SMB 2.0:

◮ durable file handles

◮ SMB 2.1:

◮ multi-credit / large mtu ◮ dynamic reauthentication ◮ leasing ◮ resilient file handles

◮ SMB 3.0 (tpfka SMB 2.2):

◮ new crypto (sign/encrypt) ◮ secure negotiation ◮ durable handles v2 ◮ persistent file handles ◮ multi-channel ◮ SMB direct ◮ cluster features ◮ ...

Michael Adam SMB2+ in Samba (5 / 20)

SMB2+

◮ SMB 2.0:

◮ durable file handles [(almost)DONE]

◮ SMB 2.1:

◮ multi-credit / large mtu [DONE] ◮ dynamic reauthentication [DONE] ◮ leasing [TODO] ◮ resilient file handles [TODO]

◮ SMB 3.0 (tpfka SMB 2.2):

◮ new crypto (sign/encrypt) [DONE] ◮ secure negotiation [DONE] ◮ durable handles v2 [WIP] ◮ persistent file handles [BEGUN] ◮ multi-channel [TODO] ◮ SMB direct [TODO] ◮ cluster features [TODO] ◮ ...

Michael Adam SMB2+ in Samba (5 / 20)

The Construction Squad ...

Michael Adam SMB2+ in Samba (6 / 20)

The Construction Squad ...

◮ Jeremy Allison ◮ Stefan Metzmacher ◮ Michael Adam ◮ Volker Lendecke ◮ Christian Ambach ◮ Gregor Beck ◮ Bj¨

• rn Baumbach

◮ + ... Michael Adam SMB2+ in Samba (6 / 20)

Durable Handles

Michael Adam SMB2+ in Samba (7 / 20)

Durable Handles

◮ target: short network outages ◮ client reconnects session (cleanup) ◮ then reconnects durable handle ◮ threaded file server keeps disconnected handle

• pen

Michael Adam SMB2+ in Samba (7 / 20)

Durable Handles

◮ target: short network outages ◮ client reconnects session (cleanup) ◮ then reconnects durable handle ◮ threaded file server keeps disconnected handle

• pen

Michael Adam SMB2+ in Samba (7 / 20)

Durable Handles

◮ target: short network outages ◮ client reconnects session (cleanup) ◮ then reconnects durable handle ◮ threaded file server keeps disconnected handle

• pen

Michael Adam SMB2+ in Samba (7 / 20)

Durable Handles

◮ target: short network outages ◮ client reconnects session (cleanup) ◮ then reconnects durable handle ◮ threaded file server keeps disconnected handle

• pen

Michael Adam SMB2+ in Samba (7 / 20)

Durable Handles And Samba

Michael Adam SMB2+ in Samba (8 / 20)

Durable Handles And Samba

◮ need to find old session by session-ID ◮ need to find file handle by persistent file ID ◮ threaded vs. multi-process:

keep files open vs. reopen files

◮ need to serialize state that had before been

in memory only

◮ new structures in samba:

separate smb-layer and file system layer

◮ ⇒ foundation for all further SMB2 work Michael Adam SMB2+ in Samba (8 / 20)

Durable Handles And Samba

◮ need to find old session by session-ID ◮ need to find file handle by persistent file ID ◮ threaded vs. multi-process:

keep files open vs. reopen files

◮ need to serialize state that had before been

in memory only

◮ new structures in samba:

separate smb-layer and file system layer

◮ ⇒ foundation for all further SMB2 work Michael Adam SMB2+ in Samba (8 / 20)

Durable Handles And Samba

◮ need to find old session by session-ID ◮ need to find file handle by persistent file ID ◮ threaded vs. multi-process:

keep files open vs. reopen files

◮ need to serialize state that had before been

in memory only

◮ new structures in samba:

separate smb-layer and file system layer

◮ ⇒ foundation for all further SMB2 work Michael Adam SMB2+ in Samba (8 / 20)

Durable Handles And Samba

◮ need to find old session by session-ID ◮ need to find file handle by persistent file ID ◮ threaded vs. multi-process:

keep files open vs. reopen files

◮ need to serialize state that had before been

in memory only

◮ new structures in samba:

separate smb-layer and file system layer

◮ ⇒ foundation for all further SMB2 work Michael Adam SMB2+ in Samba (8 / 20)

Durable Handles And Samba

◮ need to find old session by session-ID ◮ need to find file handle by persistent file ID ◮ threaded vs. multi-process:

keep files open vs. reopen files

◮ need to serialize state that had before been

in memory only

◮ new structures in samba:

separate smb-layer and file system layer

◮ ⇒ foundation for all further SMB2 work Michael Adam SMB2+ in Samba (8 / 20)

Durable Handles And Samba

◮ need to find old session by session-ID ◮ need to find file handle by persistent file ID ◮ threaded vs. multi-process:

keep files open vs. reopen files

◮ need to serialize state that had before been

in memory only

◮ new structures in samba:

separate smb-layer and file system layer

◮ ⇒ foundation for all further SMB2 work Michael Adam SMB2+ in Samba (8 / 20)

Preparations: tests and client libraries

◮ tests to explore protocol details: use client libraries ◮ we had 4 independed client libraries:

[smb1, smb2] × [source3, source4] (each incomplete and with its own problems)

◮ ⇒ created one low level library for smb1 and smb2

(the others are just wrappers now) libcli/smb/smbXcli base.h

◮ we have written a lot of new tests:

reauth, multi-credit, multi-channel, durable/persistent handles, ...

◮ tests still use the old interfaces

⇒ TODO: write a higher level protocol independed library for use in generic tests and client tools

Michael Adam SMB2+ in Samba (9 / 20)

Preparations: tests and client libraries

◮ tests to explore protocol details: use client libraries ◮ we had 4 independed client libraries:

[smb1, smb2] × [source3, source4] (each incomplete and with its own problems)

◮ ⇒ created one low level library for smb1 and smb2

(the others are just wrappers now) libcli/smb/smbXcli base.h

◮ we have written a lot of new tests:

reauth, multi-credit, multi-channel, durable/persistent handles, ...

◮ tests still use the old interfaces

⇒ TODO: write a higher level protocol independed library for use in generic tests and client tools

Michael Adam SMB2+ in Samba (9 / 20)

Preparations: tests and client libraries

◮ tests to explore protocol details: use client libraries ◮ we had 4 independed client libraries:

[smb1, smb2] × [source3, source4] (each incomplete and with its own problems)

◮ ⇒ created one low level library for smb1 and smb2

(the others are just wrappers now) libcli/smb/smbXcli base.h

◮ we have written a lot of new tests:

reauth, multi-credit, multi-channel, durable/persistent handles, ...

◮ tests still use the old interfaces

⇒ TODO: write a higher level protocol independed library for use in generic tests and client tools

Michael Adam SMB2+ in Samba (9 / 20)

Preparations: tests and client libraries

◮ tests to explore protocol details: use client libraries ◮ we had 4 independed client libraries:

[smb1, smb2] × [source3, source4] (each incomplete and with its own problems)

◮ ⇒ created one low level library for smb1 and smb2

(the others are just wrappers now) libcli/smb/smbXcli base.h

◮ we have written a lot of new tests:

reauth, multi-credit, multi-channel, durable/persistent handles, ...

◮ tests still use the old interfaces

⇒ TODO: write a higher level protocol independed library for use in generic tests and client tools

Michael Adam SMB2+ in Samba (9 / 20)

Preparations: tests and client libraries

◮ tests to explore protocol details: use client libraries ◮ we had 4 independed client libraries:

[smb1, smb2] × [source3, source4] (each incomplete and with its own problems)

◮ ⇒ created one low level library for smb1 and smb2

(the others are just wrappers now) libcli/smb/smbXcli base.h

◮ we have written a lot of new tests:

reauth, multi-credit, multi-channel, durable/persistent handles, ...

◮ tests still use the old interfaces

⇒ TODO: write a higher level protocol independed library for use in generic tests and client tools

Michael Adam SMB2+ in Samba (9 / 20)

Preparations: tests and client libraries

◮ tests to explore protocol details: use client libraries ◮ we had 4 independed client libraries:

[smb1, smb2] × [source3, source4] (each incomplete and with its own problems)

◮ ⇒ created one low level library for smb1 and smb2

(the others are just wrappers now) libcli/smb/smbXcli base.h

◮ we have written a lot of new tests:

reauth, multi-credit, multi-channel, durable/persistent handles, ...

◮ tests still use the old interfaces

⇒ TODO: write a higher level protocol independed library for use in generic tests and client tools

Michael Adam SMB2+ in Samba (9 / 20)

Preparations: tests and client libraries

◮ tests to explore protocol details: use client libraries ◮ we had 4 independed client libraries:

[smb1, smb2] × [source3, source4] (each incomplete and with its own problems)

◮ ⇒ created one low level library for smb1 and smb2

(the others are just wrappers now) libcli/smb/smbXcli base.h

◮ we have written a lot of new tests:

reauth, multi-credit, multi-channel, durable/persistent handles, ...

◮ tests still use the old interfaces

⇒ TODO: write a higher level protocol independed library for use in generic tests and client tools

Michael Adam SMB2+ in Samba (9 / 20)

Server: Improve Structures and Protocol Layer Mixup

Michael Adam SMB2+ in Samba (10 / 20)

Server: Improve Structures and Protocol Layer Mixup

◮ Old structures mix SMB1/2/3 layer with filesystem layers.

([MS-CIFS] [MS-SMB] [MS-SMB2]) ↔ [MS-FSA] ↔ SMB VFS/posix)

◮ Problem: structures are used by

different layers ⇒ can’t be changed easily to fix a problem in just one layer

◮ plan: split layers:

◮ SMB ◮ ntfsa vfs layer ◮ posix vfs layer as backend

◮ untangle create call Michael Adam SMB2+ in Samba (10 / 20)

Server: Improve Structures and Protocol Layer Mixup

◮ Old structures mix SMB1/2/3 layer with filesystem layers.

([MS-CIFS] [MS-SMB] [MS-SMB2]) ↔ [MS-FSA] ↔ SMB VFS/posix)

◮ Problem: structures are used by

different layers ⇒ can’t be changed easily to fix a problem in just one layer

◮ plan: split layers:

◮ SMB ◮ ntfsa vfs layer ◮ posix vfs layer as backend

◮ untangle create call Michael Adam SMB2+ in Samba (10 / 20)

Server: Improve Structures and Protocol Layer Mixup

◮ Old structures mix SMB1/2/3 layer with filesystem layers.

([MS-CIFS] [MS-SMB] [MS-SMB2]) ↔ [MS-FSA] ↔ SMB VFS/posix)

◮ Problem: structures are used by

different layers ⇒ can’t be changed easily to fix a problem in just one layer

◮ plan: split layers:

◮ SMB ◮ ntfsa vfs layer ◮ posix vfs layer as backend

◮ untangle create call Michael Adam SMB2+ in Samba (10 / 20)

Server: Improve Structures and Protocol Layer Mixup

◮ Old structures mix SMB1/2/3 layer with filesystem layers.

([MS-CIFS] [MS-SMB] [MS-SMB2]) ↔ [MS-FSA] ↔ SMB VFS/posix)

◮ Problem: structures are used by

different layers ⇒ can’t be changed easily to fix a problem in just one layer

◮ plan: split layers:

◮ SMB ◮ ntfsa vfs layer ◮ posix vfs layer as backend

◮ untangle create call Michael Adam SMB2+ in Samba (10 / 20)

Server: Improve Structures and Protocol Layer Mixup

◮ Old structures mix SMB1/2/3 layer with filesystem layers.

([MS-CIFS] [MS-SMB] [MS-SMB2]) ↔ [MS-FSA] ↔ SMB VFS/posix)

◮ Problem: structures are used by

different layers ⇒ can’t be changed easily to fix a problem in just one layer

◮ plan: split layers:

◮ SMB ◮ ntfsa vfs layer ◮ posix vfs layer as backend

◮ untangle create call Michael Adam SMB2+ in Samba (10 / 20)

existing server structures

the current structures in smbd (all in memory)

◮ struct smbd server connection

⇒ transport connection (one process per connection)

◮ struct user struct

⇒ user session (multiple per connection)

◮ struct connection struct

⇒ tree connect (multiple per connection)

◮ struct files struct

⇒ open file handle (multiple per connection)

Michael Adam SMB2+ in Samba (11 / 20)

existing server structures

the current structures in smbd (all in memory)

◮ struct smbd server connection

⇒ transport connection (one process per connection)

◮ struct user struct

⇒ user session (multiple per connection)

◮ struct connection struct

⇒ tree connect (multiple per connection)

◮ struct files struct

⇒ open file handle (multiple per connection)

Michael Adam SMB2+ in Samba (11 / 20)

existing server structures

the current structures in smbd (all in memory)

◮ struct smbd server connection

⇒ transport connection (one process per connection)

◮ struct user struct

⇒ user session (multiple per connection)

◮ struct connection struct

⇒ tree connect (multiple per connection)

◮ struct files struct

⇒ open file handle (multiple per connection)

Michael Adam SMB2+ in Samba (11 / 20)

existing server structures

the current structures in smbd (all in memory)

◮ struct smbd server connection

⇒ transport connection (one process per connection)

◮ struct user struct

⇒ user session (multiple per connection)

◮ struct connection struct

⇒ tree connect (multiple per connection)

◮ struct files struct

⇒ open file handle (multiple per connection)

Michael Adam SMB2+ in Samba (11 / 20)

existing server structures

the current structures in smbd (all in memory)

◮ struct smbd server connection

⇒ transport connection (one process per connection)

◮ struct user struct

⇒ user session (multiple per connection)

◮ struct connection struct

⇒ tree connect (multiple per connection)

◮ struct files struct

⇒ open file handle (multiple per connection)

Michael Adam SMB2+ in Samba (11 / 20)

existing server databases

the current global state databases

◮ sessionid.tdb

⇒ mostly only for debugging (smbstatus)

◮ connections.tdb

⇒ mostly only for debugging (smbstatus)

◮ locking.tdb

⇒ open file information

◮ brlock.tdb

⇒ byte range lock information

Michael Adam SMB2+ in Samba (12 / 20)

existing server databases

the current global state databases

◮ sessionid.tdb

⇒ mostly only for debugging (smbstatus)

◮ connections.tdb

⇒ mostly only for debugging (smbstatus)

◮ locking.tdb

⇒ open file information

◮ brlock.tdb

⇒ byte range lock information

Michael Adam SMB2+ in Samba (12 / 20)

existing server databases

the current global state databases

◮ sessionid.tdb

⇒ mostly only for debugging (smbstatus)

◮ connections.tdb

⇒ mostly only for debugging (smbstatus)

◮ locking.tdb

⇒ open file information

◮ brlock.tdb

⇒ byte range lock information

Michael Adam SMB2+ in Samba (12 / 20)

existing server databases

the current global state databases

◮ sessionid.tdb

⇒ mostly only for debugging (smbstatus)

◮ connections.tdb

⇒ mostly only for debugging (smbstatus)

◮ locking.tdb

⇒ open file information

◮ brlock.tdb

⇒ byte range lock information

Michael Adam SMB2+ in Samba (12 / 20)

existing server databases

the current global state databases

◮ sessionid.tdb

⇒ mostly only for debugging (smbstatus)

◮ connections.tdb

⇒ mostly only for debugging (smbstatus)

◮ locking.tdb

⇒ open file information

◮ brlock.tdb

⇒ byte range lock information

Michael Adam SMB2+ in Samba (12 / 20)

new smbXsrv structures and databases

Structures for the SMB1/2/3 server layer are the first step

◮ struct smbXsrv connection (per transport connection/in memory) ◮ struct smbXsrv session (per user session/in memory)

◮ struct smbXsrv session global

(in smbXsrv session global.tdb with 32bit index key)

◮ struct smbXsrv tcon (per tree connect/in memory)

◮ struct smbXsrv tcon global

(in smbXsrv tcon global.tdb with 32bit index key)

◮ struct smbXsrv open (per open file handle/in memory)

◮ struct smbXsrv open global

(in smbXsrv open global.tdb with 32bit index key)

◮ struct smbXsrv version global

(smbXsrv version global.tdb just one record) ⇒ an array with version information per node ⇒ maybe allows rolling code upgrades later

Michael Adam SMB2+ in Samba (13 / 20)

new smbXsrv structures and databases

Structures for the SMB1/2/3 server layer are the first step

◮ struct smbXsrv connection (per transport connection/in memory) ◮ struct smbXsrv session (per user session/in memory)

◮ struct smbXsrv session global

(in smbXsrv session global.tdb with 32bit index key)

◮ struct smbXsrv tcon (per tree connect/in memory)

◮ struct smbXsrv tcon global

(in smbXsrv tcon global.tdb with 32bit index key)

◮ struct smbXsrv open (per open file handle/in memory)

◮ struct smbXsrv open global

(in smbXsrv open global.tdb with 32bit index key)

◮ struct smbXsrv version global

(smbXsrv version global.tdb just one record) ⇒ an array with version information per node ⇒ maybe allows rolling code upgrades later

Michael Adam SMB2+ in Samba (13 / 20)

new smbXsrv structures and databases

Structures for the SMB1/2/3 server layer are the first step

◮ struct smbXsrv connection (per transport connection/in memory) ◮ struct smbXsrv session (per user session/in memory)

◮ struct smbXsrv session global

(in smbXsrv session global.tdb with 32bit index key)

◮ struct smbXsrv tcon (per tree connect/in memory)

◮ struct smbXsrv tcon global

(in smbXsrv tcon global.tdb with 32bit index key)

◮ struct smbXsrv open (per open file handle/in memory)

◮ struct smbXsrv open global

(in smbXsrv open global.tdb with 32bit index key)

◮ struct smbXsrv version global

(smbXsrv version global.tdb just one record) ⇒ an array with version information per node ⇒ maybe allows rolling code upgrades later

Michael Adam SMB2+ in Samba (13 / 20)

new smbXsrv structures and databases

Structures for the SMB1/2/3 server layer are the first step

◮ struct smbXsrv connection (per transport connection/in memory) ◮ struct smbXsrv session (per user session/in memory)

◮ struct smbXsrv session global

(in smbXsrv session global.tdb with 32bit index key)

◮ struct smbXsrv tcon (per tree connect/in memory)

◮ struct smbXsrv tcon global

(in smbXsrv tcon global.tdb with 32bit index key)

◮ struct smbXsrv open (per open file handle/in memory)

◮ struct smbXsrv open global

(in smbXsrv open global.tdb with 32bit index key)

◮ struct smbXsrv version global

(smbXsrv version global.tdb just one record) ⇒ an array with version information per node ⇒ maybe allows rolling code upgrades later

Michael Adam SMB2+ in Samba (13 / 20)

new smbXsrv structures and databases

Structures for the SMB1/2/3 server layer are the first step

◮ struct smbXsrv connection (per transport connection/in memory) ◮ struct smbXsrv session (per user session/in memory)

◮ struct smbXsrv session global

(in smbXsrv session global.tdb with 32bit index key)

◮ struct smbXsrv tcon (per tree connect/in memory)

◮ struct smbXsrv tcon global

(in smbXsrv tcon global.tdb with 32bit index key)

◮ struct smbXsrv open (per open file handle/in memory)

◮ struct smbXsrv open global

(in smbXsrv open global.tdb with 32bit index key)

◮ struct smbXsrv version global

(smbXsrv version global.tdb just one record) ⇒ an array with version information per node ⇒ maybe allows rolling code upgrades later

Michael Adam SMB2+ in Samba (13 / 20)

new smbXsrv structures and databases

Structures for the SMB1/2/3 server layer are the first step

◮ struct smbXsrv connection (per transport connection/in memory) ◮ struct smbXsrv session (per user session/in memory)

◮ struct smbXsrv session global

(in smbXsrv session global.tdb with 32bit index key)

◮ struct smbXsrv tcon (per tree connect/in memory)

◮ struct smbXsrv tcon global

(in smbXsrv tcon global.tdb with 32bit index key)

◮ struct smbXsrv open (per open file handle/in memory)

◮ struct smbXsrv open global

(in smbXsrv open global.tdb with 32bit index key)

◮ struct smbXsrv version global

(smbXsrv version global.tdb just one record) ⇒ an array with version information per node ⇒ maybe allows rolling code upgrades later

Michael Adam SMB2+ in Samba (13 / 20)

dynamic reauthentication

◮ with SMB1 and SMB 2.0, reauthentication was designed to

• nly happen when a kerberos ticket expired

⇒ when the server returns NT STATUS USER SESSION EXPIRED

◮ with SMB 2.1, clients can reauthentiate a session at anytime

⇒ which means we have to implement it.

◮ implementing dynamic reauth is much easier

using gensec and the new smbXsrv structures

◮ but it’s still not that easy as there might be code that

relies on pointers to the previous ’struct auth session info’ in memory during async operations.

Michael Adam SMB2+ in Samba (14 / 20)

dynamic reauthentication

◮ with SMB1 and SMB 2.0, reauthentication was designed to

• nly happen when a kerberos ticket expired

⇒ when the server returns NT STATUS USER SESSION EXPIRED

◮ with SMB 2.1, clients can reauthentiate a session at anytime

⇒ which means we have to implement it.

◮ implementing dynamic reauth is much easier

using gensec and the new smbXsrv structures

◮ but it’s still not that easy as there might be code that

relies on pointers to the previous ’struct auth session info’ in memory during async operations.

Michael Adam SMB2+ in Samba (14 / 20)

dynamic reauthentication

◮ with SMB1 and SMB 2.0, reauthentication was designed to

• nly happen when a kerberos ticket expired

⇒ when the server returns NT STATUS USER SESSION EXPIRED

◮ with SMB 2.1, clients can reauthentiate a session at anytime

⇒ which means we have to implement it.

◮ implementing dynamic reauth is much easier

using gensec and the new smbXsrv structures

◮ but it’s still not that easy as there might be code that

relies on pointers to the previous ’struct auth session info’ in memory during async operations.

Michael Adam SMB2+ in Samba (14 / 20)

dynamic reauthentication

◮ with SMB1 and SMB 2.0, reauthentication was designed to

• nly happen when a kerberos ticket expired

⇒ when the server returns NT STATUS USER SESSION EXPIRED

◮ with SMB 2.1, clients can reauthentiate a session at anytime

⇒ which means we have to implement it.

◮ implementing dynamic reauth is much easier

using gensec and the new smbXsrv structures

◮ but it’s still not that easy as there might be code that

relies on pointers to the previous ’struct auth session info’ in memory during async operations.

Michael Adam SMB2+ in Samba (14 / 20)

dynamic reauthentication

◮ with SMB1 and SMB 2.0, reauthentication was designed to

• nly happen when a kerberos ticket expired

⇒ when the server returns NT STATUS USER SESSION EXPIRED

◮ with SMB 2.1, clients can reauthentiate a session at anytime

⇒ which means we have to implement it.

◮ implementing dynamic reauth is much easier

using gensec and the new smbXsrv structures

◮ but it’s still not that easy as there might be code that

relies on pointers to the previous ’struct auth session info’ in memory during async operations.

Michael Adam SMB2+ in Samba (14 / 20)

session reconnect (handling previous session id)

◮ when a client reconnects to a server (after a network problem)

it tries to recreate the user sessions, tree connects and (durable) open file handles

◮ on the SMB2/3 session setup the clients sends the previous session id

⇒ the server closes all opens on the old session in case the server doesn’t noticed the network problem of the client.

◮ implementing this within samba was relatively easy

using the new smbXsrv structures and the new helpers

Michael Adam SMB2+ in Samba (15 / 20)

session reconnect (handling previous session id)

◮ when a client reconnects to a server (after a network problem)

it tries to recreate the user sessions, tree connects and (durable) open file handles

◮ on the SMB2/3 session setup the clients sends the previous session id

⇒ the server closes all opens on the old session in case the server doesn’t noticed the network problem of the client.

◮ implementing this within samba was relatively easy

using the new smbXsrv structures and the new helpers

Michael Adam SMB2+ in Samba (15 / 20)

session reconnect (handling previous session id)

◮ when a client reconnects to a server (after a network problem)

it tries to recreate the user sessions, tree connects and (durable) open file handles

◮ on the SMB2/3 session setup the clients sends the previous session id

⇒ the server closes all opens on the old session in case the server doesn’t noticed the network problem of the client.

◮ implementing this within samba was relatively easy

using the new smbXsrv structures and the new helpers

Michael Adam SMB2+ in Samba (15 / 20)

session reconnect (handling previous session id)

◮ when a client reconnects to a server (after a network problem)

it tries to recreate the user sessions, tree connects and (durable) open file handles

◮ on the SMB2/3 session setup the clients sends the previous session id

⇒ the server closes all opens on the old session in case the server doesn’t noticed the network problem of the client.

◮ implementing this within samba was relatively easy

using the new smbXsrv structures and the new helpers

Michael Adam SMB2+ in Samba (15 / 20)

SMB3 - Clustering

◮ SMB 3.0 Windows 8:

◮ client is fully aware of

clustering

◮ scale out (SO) shares ◮ continuously available (CA)

shares

◮ Samba:

◮ CTDB all-active clustering ◮ Windows client is unaware of

clustering

Michael Adam SMB2+ in Samba (16 / 20)

SMB3 - Clustering

◮ SMB 3.0 Windows 8:

◮ client is fully aware of

clustering

◮ scale out (SO) shares ◮ continuously available (CA)

shares

◮ Samba:

◮ CTDB all-active clustering ◮ Windows client is unaware of

clustering

Michael Adam SMB2+ in Samba (16 / 20)

SMB3 - Clustering

◮ SMB 3.0 Windows 8:

◮ client is fully aware of

clustering

◮ scale out (SO) shares ◮ continuously available (CA)

shares

◮ Samba:

◮ CTDB all-active clustering ◮ Windows client is unaware of

clustering

Michael Adam SMB2+ in Samba (16 / 20)

SMB3 - Clustering - Durable Handles

◮ node failure? ◮ smbd crash? Michael Adam SMB2+ in Samba (17 / 20)

SMB3 - Clustering - Durable Handles

◮ node failure? ◮ smbd crash? Michael Adam SMB2+ in Samba (17 / 20)

Durable Handles - Where are we?

Michael Adam SMB2+ in Samba (18 / 20)

Durable Handles - Where are we?

◮ DONE (Samba 4.0.0rc1):

◮ basic smbXsrv infrastructure ◮ session reconnect ◮ durable open: v1 and v2 ◮ durable reconnect: v1 and v2

with reopening files

◮ LIMITATIONS:

◮ no interop yet: ◮ ⇒ disabled when ”posix locking = yes” ◮ ⇒ disabled when ”kernel oplocks = yes” ◮ ⇒ disabled when ”kernel share modes = yes” ◮ no reconnect for delete-on-close

◮ TODO:

◮ fix scavenger ◮ delete on close

Michael Adam SMB2+ in Samba (18 / 20)

What is already working? - DEMO

Michael Adam SMB2+ in Samba (19 / 20)

What is already working? - DEMO

Michael Adam SMB2+ in Samba (19 / 20)

Questions? https://wiki.samba.org/index.php/Samba3/SMB2

Michael Adam SMB2+ in Samba (20 / 20)