SMB2 and SMB3 in Samba: Durable File Handles and Beyond. sambaxp 2012

Similar documents
SMB3 Multi-Channel in Samba

CTDB + Samba: Scalable Network Storage For The Cloud. Storage Networking World Europe 2011

A new DCERPC infrastructure for Samba

A new DCERPC infrastructure for Samba

SNIA SDC 2018 Santa Clara

Running And Troubleshooting A Samba/CTDB Cluster. A Tutorial At sambaxp 2011

Clustered NAS For Everyone Clustering Samba With CTDB A Tutorial At sambaxp 2009

Clustered Samba Challenges and Directions. SDC 2016 Santa Clara

The workstation account, netlogon schannel and credentials. SambaXP Volker Lendecke Samba Team / SerNet

Clustering Samba With CTDB A Tutorial At sambaxp 2010

Clustering Samba With CTDB A Tutorial At sambaxp 2010

Clustered NAS For Everyone Clustering Samba With CTDB. NLUUG Spring Conference 2009 File Systems and Storage

SDC EMEA 2019 Tel Aviv

Samba. OpenLDAP Developer s Day. Volker Lendecke, Günther Deschner Samba Team

Samba in a cross protocol environment

Implementing Persistent Handles in Samba. Ralph Böhme, Samba Team, SerNet

Samba4 Progress - March Andrew Tridgell Samba Team

Implementing SMB2 in Samba. Opening Windows to a Wider. Jeremy Allison Samba Team/Google Open Source Programs Office

Samba4 Status - April Andrew Tridgell Samba Team

SerNet. Samba Status Update. SNIA SDC 2011 Santa Clara, CA. Volker Lendecke SerNet Samba Team

Badlock. One Year In Security Hell. Stefan Metzmacher Samba Team / SerNet

The CephFS Gateways Samba and NFS-Ganesha. David Disseldorp Supriti Singh

Windows Authentication With Multiple Domains and Forests

Windows Authentication With Multiple Domains and Forests

HANDLING PERSISTENT PROBLEMS: PERSISTENT HANDLES IN SAMBA. Ira Cooper Tech Lead / Red Hat Storage SMB Team May 20, 2015 SambaXP

Samba 4 Status Report

SDC 2015 Santa Clara

The State of Samba (June 2011) Jeremy Allison Samba Team/Google Open Source Programs Office

The Important Details Of Windows Authentication

Windows Authentication With Multiple Domains and Forests

Windows Authentication With Multiple Domains and Forests

Security Services for Samba4. Andrew Bartlett Samba Team

PLAYING NICE WITH OTHERS: Samba HA with Pacemaker

SMB3 and Linux Seamless POSIX file serving. Jeremy Allison Samba Team.

SerNet. Async Programming in Samba. Linuxkongress Oktober Volker Lendecke SerNet Samba Team. Network Service in a Service Network

CIFS ON OPENVMS. Tips and Hints. Paul Bakker, Hans Hosang. Platform Integration Competency Center.

SMB 2.1 & SMB 3 Protocol features, Status, Architecture, Implementation. Gordon Ross Nexenta Systems, Inc.

Jeremy Allison Samba Team

Azure File Service: Expectations vs. Reality on the Public Cloud David Goebel Microsoft

From an open storage solution to a clustered NAS appliance

Samba and Ceph. Release the Kraken! David Disseldorp

Experiences in Clustering CIFS for IBM Scale Out Network Attached Storage (SONAS)

WINS Replication. Stefan Metzmacher SerNet Service Network GmbH Samba Team

FreeIPA Cross Forest Trusts

Centralized configuration management using registry tdb in a CTDB cluster

CTDB Remix - Dreaming the Fantasy

Improving DCERPC Security Hardening

HPE Common Internet File System (CIFS) Server Release Notes Version B for HP-UX 11i v3

Using samba base libraries SSSD as an example application

GLOBAL CATALOG SERVICE IMPLEMENTATION IN FREEIPA. Alexander Bokovoy Red Hat Inc. May 4th, 2017

Pushing the Boundaries of SMB3: Status of the Linux Kernel client and interoperability with Samba

HOW I LEARNED TO LOVE PERF AND SYSTEMTAP

Distributed file systems

Simo Sorce Samba Team.

Developing Management Strategies and Tools for Samba. Jeffrey Bianchine

Clustered Samba Not just a hack any more

Improving DCERPC Security

SMB3: Bringing High Performance File Access to Linux: A Status Update. How do you use it? What works? What is coming soon?

Emulating Windows file serving on POSIX. Jeremy Allison Samba Team

RestFS. Fabrizio Manfredi Furuholmen" Beolink.org!

Building a Highly Scalable and Performant SMB Protocol Server

Gerald Carter Samba Team/HP

Implementing the Witness protocol in Samba

GlusterFS Cloud Storage. John Mark Walker Gluster Community Leader, RED HAT

Improving Azure File Service: Adding New Wings to a Plane in Mid-flight David Goebel Microsoft

Linux CIFS client year in review: From Nocturnal Monster Puppies to Funky Weasels

Implementing Witness service for various cluster failover scenarios Rafal Szczesniak EMC/Isilon

SMB 3.0 (Because 3 > 2) David Kruse Microsoft

Towards full NTFS semantics in Samba. Andrew Tridgell

RALPH BÖHME, SERNET, SAMBA TEAM UNDERSTANDING AND IMPROVING SAMBA FILESERVER PERFORMANCE HOW I FELL IN LOVE WITH SYSTEMTAP AND PERF

SMB Direct Update. Tom Talpey and Greg Kramer Microsoft Storage Developer Conference. Microsoft Corporation. All Rights Reserved.

DFS Replication A client implementation for Samba. Samuel Cabrero SUSE Labs Samba team

Lessons learned implementing a multithreaded SMB2 server in OneFS

NFS-Ganesha w/gpfs FSAL And Other Use Cases

Cross-realm trusts with FreeIPA v3

(including SMB 3.x) Tom Talpey Microsoft

NFS: Naming indirection, abstraction. Abstraction, abstraction, abstraction! Network File Systems: Naming, cache control, consistency

Copyright

SharkFest 16 Europe. Windows Filesharing De-Mystified: SMB with a Eureka! Effect. Eddi Blenkers. October 19th packethunter.

Services: Monitoring and Logging. 9/16/2018 IST346: Info Tech Management & Administration 1

Network-based File Sharing (1)

FaSST: Fast, Scalable, and Simple Distributed Transactions with Two-Sided (RDMA) Datagram RPCs

SMC 2.0. Fabrizio Manfredi Furuholmen Giuseppe Guarino. Beolink.org

SMB 2.2 : Bigger, Faster, Scalier (Part 1) David Kruse Mathew George Microsoft

Migrate Phones Between Secure Clusters

Lustre overview and roadmap to Exascale computing

Network File System (NFS)

Microsoft SMB Looking Forward. Tom Talpey Microsoft

NFS Version 4 Open Source Project. William A.(Andy) Adamson Center for Information Technology Integration University of Michigan

From last time. What is the maximum size of a file in bytes? What is the maximum total size of directories and files in a single disk partition?

ECE 598 Advanced Operating Systems Lecture 19

Status of the Linux NFS client

Samba4: War Stories. Andrew Bartlett Samba Team / Red Hat

SMB3.1.1 and beyond: Optimizing access from Linux Client to Samba, the Cloud and modern file servers

Beyond Technical Fulfillment

Programming with MPI

Distributed Systems. Hajussüsteemid MTAT Distributed File Systems. (slides: adopted from Meelis Roos DS12 course) 1/25

Nondisruptive Operations with SMB File Shares

BUILDING A SCALABLE MOBILE GAME BACKEND IN ELIXIR. Petri Kero CTO / Ministry of Games

The Samba-3: Overview, Authentication, Integration

Transcription:

SMB2 and SMB3 in Samba: Durable File Handles and Beyond sambaxp 2012 Michael Adam (obnox@samba.org) Stefan Metzmacher (metze@samba.org) Samba Team / SerNet 2012-05-09

Hi there!

Hey, who are you?... obnox / metze SMB2+ in Samba (3 / 21)

obnox / metze SMB2+ in Samba (4 / 21) Oh, and... please interrupt with questions!

obnox / metze SMB2+ in Samba (5 / 21) SMB2+ SMB 2.0: durable file handles SMB 2.1: multi-credit / large mtu dynamic reauthentication leasing resilient file handles SMB 2.2ˆHˆHˆH3.0: persistent file handles multi-channel SMB direct (SMB over RDMA) cluster features directory leases

obnox / metze SMB2+ in Samba (6 / 21) Durable Handles And Samba target: short network outages client reconnects session (cleanup) need to find old session by session id then reconnects durable handle needs to find file handle by persistent file ID multi-process vs threaded: keep files open vs reopen files need to serialze state that had been on memory only needs to be serialized new structures in samba: smb(2)-layer vs file system (fsa) layer Clustering! (ctdb vs SO and CA)

obnox / metze SMB2+ in Samba (7 / 21) The Construction Squad... Stefan Metzmacher Michael Adam Volker Lendecke Christian Ambach Gregor Beck Björn Baumbach +...

TODO: Improve Protocol Precision obnox / metze SMB2+ in Samba (8 / 21)

obnox / metze SMB2+ in Samba (9 / 21) TODO: Improve Structures and Protocol Layer Mixup mix of SMB and File System (FSA)/POSIX proposal: SMB ntfsa vfs layer posix vfs layer as backend untangle create call

obnox / metze SMB2+ in Samba (10 / 21) writing tests and client libraries tests to explore protocol details: use client libraries the existing client libraries had a limited functionality and it wasn t possible to test all protocol aspects we had 4 completely independed client libraries [smb1, smb2] x [source3, source4] (each with its own problems) the solution was to create just one low level library which is able to handle everything (the others are just wrappers now) libcli/smb/smbxcli base.h we now have a lot of new tests (reauth, multi-credit, multi-channel, durable/persistent handles) the tests still use the old interfaces TODO: write a higher level protocol independed library for usage in generic tests and client tools

obnox / metze SMB2+ in Samba (11 / 21) existing server structures the current structures in smbd (all in memory) struct smbd server connection transport connection (one process per connection) struct user struct user session (multiple per connection) struct connection struct tree connect (multiple per connection) struct files struct open file handle (multiple per connection)

obnox / metze SMB2+ in Samba (12 / 21) existing server databases the current global state databases sessionid.tdb mostly only for debugging (smbstatus) connections.tdb mostly only for debugging (smbstatus) locking.tdb open file information brlock.tdb byte range lock information

obnox / metze SMB2+ in Samba (13 / 21) problems with the current design regarding new features The current structures mix the SMB1/2/3 server layer with the filesystem layers [MS-CIFS], [MS-SMB] and [MS-SMB2] vs. [MS-FSA] vs. SMB VFS / posix layer As the structures public used by different layers they can t be changed easily in order to fix problem in just one of the layers

obnox / metze SMB2+ in Samba (14 / 21) cleanup work (gensec) backport the gensec code (as abstraction layer, but with the old code as implementation) this makes it possible to use the same authentiation code in all places (SMB, RPC, LDAP and other servers) (with the help of Andrew Bartlett) The SMB1/2 code was simplified a lot v3-6 vs. master source3 / smbd / sesssetup.c 1294 ++++++----------------------------------- source3 / smbd / smb2_sesssetup.c 627 ++------------------ 2 files changed, 226 insertions (+), 1695 deletions ( -)

obnox / metze SMB2+ in Samba (15 / 21) new smbxsrv structures and databases Structures for the SMB1/2/3 server layer are the first step struct smbxsrv connection (per transport connection/in memory) struct smbxsrv session (per user session/in memory) struct smbxsrv session global (in smbxsrv session global.tdb with 32bit index key) struct smbxsrv tcon (per tree connect/in memory) struct smbxsrv tcon global (in smbxsrv tcon global.tdb with 32bit index key) struct smbxsrv open (per open file handle/in memory) struct smbxsrv open global (in smbxsrv open global.tdb with 32bit index key) struct smbxsrv version global (smbxsrv version global.tdb just one record) an array with version information per node maybe allows rolling code upgrades later

obnox / metze SMB2+ in Samba (16 / 21) useful infrastructure dbwrap record watch send()/dbwrap record watch recv() (by Volker Lendecke) an easy way to get notified when a tdb record changed msg channel init(), msg read send()/msg read recv() (by Volker Lendecke) a tevent req based infrastructure to receive samba internal messages (Maybe) in future: (re)write and unify the source3 and source4 struct messaging context subsystems to have a way all samba components are able to talk to each other make IRPC (currently only in source4) available for the whole code base make it possible to do fd passing via IRPC

obnox / metze SMB2+ in Samba (17 / 21) dynamic reauthentication with SMB1 and SMB 2.0 reauthentication was designed to only happen when a kerberos ticket expired when the server returns NT STATUS USER SESSION EXPIRED with SMB 2.1 clients, clients can reauthentiate a session at anytime which means we have to implement it. implementing dynamic reauth is much easier using gensec and the new smbxsrv structures but it s still not that easy as there might be code that relies on pointers to the previous struct auth session info in memory during async operations.

obnox / metze SMB2+ in Samba (18 / 21) session reconnect (handling previous session id) when a client reconnects to a server (after a network problem) it tries to recreate the user sessions, tree connects and (durable) open file handles on the SMB2/3 session setup the clients sends the previous session id the server closes all opens on the old session in case the server doesn t noticed the network problem of the client. implementing this within samba was relatively easy using the new smbxsrv structures and the new helpers

What is already working? obnox / metze SMB2+ in Samba (19 / 21)

When will we get it??? obnox / metze SMB2+ in Samba (20 / 21)

obnox / metze SMB2+ in Samba (21 / 21) Questions? https://wiki.samba.org/index.php/samba3/smb2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback