Print this page
NEX-15125 It's time to require SMB signing by default
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-15581 SMB keep-alive feature is just noise
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-15581 SMB keep-alive feature is just noise
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-5665 SMB2 oplock leases
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-9497 SMB should bypass ACL traverse checking
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-10019 SMB server min_protocol setting
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
NEX-9723 SMB2 open delays with exclusive oplocks
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Matt Barden <matt.barden@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
NEX-5273 SMB 3 Encryption
Reviewed by: Gordon Ross <gordon.ross@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Roman Strashkin <roman.strashkin@nexenta.com>
NEX-3611 CLONE NEX-3550 Replace smb2_enable with max_protocol
Reviewed by: Yuri Pankov <Yuri.Pankov@nexenta.com>
SMB2 should be disabled by default
NEX-2781 SMB2 credit handling needs work
NEX-2314 SMB server debug logging needs improvement
SUP-866 smbd lwps stuck in libsocket recv() for no apparent reason (try 2)
NEX-2036 SMB signing should be enabled by default
NEX-1050 enable_smb2 should be smb2_enable
NEX-1022 SMB2 should be enabled by default
SMB-50 User-mode SMB server
Includes work by these authors:
Thomas Keiser <thomas.keiser@nexenta.com>
Albert Lee <trisk@nexenta.com>
SMB-65 SMB server in non-global zones (data structure changes)
Many things move to the smb_server_t object, and
many functions gain an sv arg (which server).
re #13470 rb4432 Sync some SMB differences from illumos
re #6813 rb1757 port 2976 Child folder visibility through shares
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/smbsrv/smbd/server.xml
+++ new/usr/src/cmd/smbsrv/smbd/server.xml
1 1 <?xml version="1.0"?>
2 2 <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
3 3 <!--
4 4
5 5 CDDL HEADER START
6 6
7 7 The contents of this file are subject to the terms of the
8 8 Common Development and Distribution License (the "License").
9 9 You may not use this file except in compliance with the License.
10 10
11 11 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
12 12 or http://www.opensolaris.org/os/licensing.
13 13 See the License for the specific language governing permissions
14 14 and limitations under the License.
|
↓ open down ↓ |
14 lines elided |
↑ open up ↑ |
15 15
16 16 When distributing Covered Code, include this CDDL HEADER in each
17 17 file and include the License file at usr/src/OPENSOLARIS.LICENSE.
18 18 If applicable, add the following below this CDDL HEADER, with the
19 19 fields enclosed by brackets "[]" replaced with your own identifying
20 20 information: Portions Copyright [yyyy] [name of copyright owner]
21 21
22 22 CDDL HEADER END
23 23
24 24 Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
25 -Copyright 2015 Nexenta Systems, Inc. All rights reserved.
26 25 Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
26 +Copyright 2018 Nexenta Systems, Inc. All rights reserved.
27 27
28 28 NOTE: This service manifest is not editable; its contents will
29 29 be overwritten by package or patch operations, including
30 30 operating system upgrade. Make customizations in a different
31 31 file.
32 32
33 33 -->
34 34
35 35 <service_bundle type='manifest' name='SUNWsmbsr:smb-server'>
36 36
37 37 <!-- 1. Name the service to 'network/smb/server' -->
38 38 <service
39 39 name='network/smb/server'
40 40 type='service'
41 - version='1'>
41 + version='2'>
42 42
43 43 <!-- 2. Create default service instance. -->
44 44 <create_default_instance enabled='false' />
45 45
46 46 <!-- 3. Service has single instance -->
47 47 <single_instance/>
48 48
49 49 <!-- 4. Identify dependencies -->
50 50
51 51 <dependency name='network'
52 52 grouping='require_any'
53 53 restart_on='error'
54 54 type='service'>
55 55 <service_fmri value='svc:/milestone/network'/>
56 56 </dependency>
57 57
58 58 <!-- Must have all local filesystems mounted before we share them -->
59 59 <dependency name='filesystem-local'
60 60 grouping='require_all'
61 61 restart_on='error'
62 62 type='service'>
63 63 <service_fmri value='svc:/system/filesystem/local'/>
64 64 </dependency>
65 65
66 66 <!-- Must have idmap service started -->
67 67 <dependency name='idmap'
68 68 grouping='require_all'
69 69 restart_on='none'
70 70 type='service'>
71 71 <service_fmri value='svc:/system/idmap:default'/>
72 72 </dependency>
73 73
74 74 <!-- Must have SMB client service started -->
75 75 <dependency name='smb-client'
76 76 grouping='require_all'
77 77 restart_on='none'
78 78 type='service'>
79 79 <service_fmri value='svc:/network/smb/client:default'/>
80 80 </dependency>
81 81
82 82 <!--
83 83 Want to make sure that the network/shares/group service
84 84 starts after the smb/server service. It needs to be
85 85 optional in order to not cause failure if smb is
86 86 disabled.
87 87 -->
88 88 <dependent name='groups'
89 89 grouping="optional_all"
90 90 restart_on='error' >
91 91 <service_fmri value='svc:/network/shares/group'/>
92 92 </dependent>
93 93
94 94 <!-- 5. Identify start/stop/refresh methods -->
95 95 <exec_method
96 96 type='method'
97 97 name='start'
98 98 exec='/usr/lib/smbsrv/smbd %m'
99 99 timeout_seconds='60' >
100 100 <!-- XXX: need method_context? -->
101 101 </exec_method>
102 102
103 103 <exec_method
104 104 type='method'
105 105 name='stop'
106 106 exec=':kill'
107 107 timeout_seconds='60' />
108 108
109 109 <exec_method
110 110 type='method'
111 111 name='refresh'
112 112 exec=':kill -HUP'
113 113 timeout_seconds='60' />
114 114
115 115 <property_group name='general' type='framework'>
116 116 <!-- To Start/Stop/Refresh the service -->
117 117 <propval name='action_authorization' type='astring'
118 118 value='solaris.smf.manage.smb' />
119 119 <propval name='value_authorization' type='astring'
120 120 value='solaris.smf.manage.smb' />
121 121 </property_group>
122 122
123 123 <property_group name='firewall_context' type='com.sun,fw_definition'>
124 124 <propval name='ipf_method' type='astring'
125 125 value='/lib/svc/method/svc-smbd ipfilter' />
126 126 </property_group>
127 127
128 128 <property_group name='firewall_config' type='com.sun,fw_configuration'>
129 129 <propval name='policy' type='astring' value='use_global' />
130 130 <propval name='block_policy' type='astring'
131 131 value='use_global' />
132 132 <propval name='apply_to' type='astring' value='' />
133 133 <propval name='apply_to_6' type='astring' value='' />
134 134 <propval name='exceptions' type='astring' value='' />
135 135 <propval name='exceptions_6' type='astring' value='' />
136 136 <propval name='target' type='astring' value='' />
137 137 <propval name='target_6' type='astring' value='' />
138 138 <propval name='value_authorization' type='astring'
139 139 value='solaris.smf.value.firewall.config' />
140 140 </property_group>
141 141
142 142 <property_group name='read' type='application'>
143 143 <!-- To read protected parameters -->
144 144 <propval name='read_authorization' type='astring'
145 145 value='solaris.smf.read.smb' />
146 146 <propval name='value_authorization' type='astring'
147 147 value='solaris.smf.value.smb' />
148 148 <propval name='machine_passwd' type='astring' value='' />
149 149 </property_group>
|
↓ open down ↓ |
98 lines elided |
↑ open up ↑ |
150 150
151 151 <!-- SMB service-specific general configuration defaults -->
152 152 <property_group name='smbd' type='application'>
153 153 <stability value='Evolving' />
154 154 <propval name='value_authorization' type='astring'
155 155 value='solaris.smf.value.smb' />
156 156 <propval name='oplock_enable' type='boolean'
157 157 value='true' override='true'/>
158 158 <propval name='autohome_map' type='astring'
159 159 value='/etc' override='true'/>
160 + <propval name='bypass_traverse_checking' type='boolean'
161 + value='true' override='true'/>
160 162 <propval name='debug' type='integer'
161 163 value='0' override='true'/>
162 164 <propval name='domain_sid' type='astring'
163 165 value='' override='true'/>
164 166 <propval name='domain_member' type='boolean'
165 167 value='false' override='true'/>
166 168 <propval name='domain_name' type='astring'
167 169 value='WORKGROUP' override='true'/>
168 170 <propval name='fqdn' type='astring'
169 171 value='' override='true'/>
170 172 <propval name='forest' type='astring'
171 173 value='' override='true'/>
172 174 <propval name='domain_guid' type='astring'
173 175 value='' override='true'/>
174 176 <propval name='pdc' type='astring'
175 177 value='' override='true'/>
176 178 <propval name='wins_server_1' type='astring'
|
↓ open down ↓ |
7 lines elided |
↑ open up ↑ |
177 179 value='' override='true'/>
178 180 <propval name='wins_server_2' type='astring'
179 181 value='' override='true'/>
180 182 <propval name='wins_exclude' type='astring'
181 183 value='' override='true'/>
182 184 <propval name='max_workers' type='integer'
183 185 value='1024' override='true'/>
184 186 <propval name='max_connections' type='integer'
185 187 value='100000' override='true'/>
186 188 <propval name='keep_alive' type='integer'
187 - value='5400' override='true'/>
189 + value='0' override='true'/>
188 190 <propval name='restrict_anonymous' type='boolean'
189 191 value='false' override='true'/>
190 192 <propval name='signing_enabled' type='boolean'
191 193 value='true' override='true'/>
192 194 <propval name='signing_required' type='boolean'
193 - value='false' override='true'/>
194 - <propval name='signing_check' type='boolean'
195 - value='false' override='true'/>
195 + value='true' override='true'/>
196 196 <propval name='sync_enable' type='boolean'
197 197 value='false' override='true'/>
198 198 <propval name='security' type='astring'
199 199 value='workgroup' override='true'/>
200 200 <propval name='netbios_enable' type='boolean'
201 201 value='false' override='true'/>
202 202 <propval name='netbios_scope' type='astring'
203 203 value='' override='true'/>
204 204 <propval name='system_comment' type='astring'
205 205 value='' override='true'/>
206 206 <propval name='lmauth_level' type='integer'
207 207 value='4' override='true'/>
208 208 <propval name='ads_site' type='astring'
209 209 value='' override='true'/>
210 210 <propval name='ddns_enable' type='boolean'
211 211 value='false' override='true'/>
212 212 <propval name='kpasswd_server' type='astring'
213 213 value='' override='true'/>
214 214 <propval name='kpasswd_domain' type='astring'
215 215 value='' override='true'/>
216 216 <propval name='kpasswd_seqnum' type='integer'
217 217 value='0' override='true'/>
218 218 <propval name='netlogon_seqnum' type='integer'
219 219 value='0' override='true'/>
220 220 <propval name='ipv6_enable' type='boolean'
221 221 value='false' override='true'/>
|
↓ open down ↓ |
16 lines elided |
↑ open up ↑ |
222 222 <propval name='sv_version' type='astring'
223 223 value='5.0' override='true'/>
224 224 <propval name='dfs_stdroot_num' type='integer'
225 225 value='0' override='true'/>
226 226 <propval name='print_enable' type='boolean'
227 227 value='false' override='true'/>
228 228 <propval name='traverse_mounts' type='boolean'
229 229 value='true' override='true'/>
230 230 <propval name='max_protocol' type='astring'
231 231 value='' override='true'/>
232 + <propval name='min_protocol' type='astring'
233 + value='' override='true'/>
234 + <propval name='encrypt' type='astring'
235 + value='disabled' override='true'/>
232 236 <propval name='initial_credits' type='integer'
233 237 value='20' override='true'/>
234 238 <propval name='maximum_credits' type='integer'
235 239 value='1000' override='true'/>
236 240 </property_group>
237 241
238 242 <!-- SMB service-specific shares exec configuration defaults -->
239 243 <property_group name='exec' type='application'>
240 244 <stability value='Evolving' />
241 245 <propval name='map' type='astring'
242 246 value='' override='true'/>
243 247 <propval name='unmap' type='astring'
244 248 value='' override='true'/>
245 249 <propval name='disposition' type='astring'
246 250 value='' override='true'/>
247 251 </property_group>
248 252
249 253 <!-- 6. Identify faults to be ignored. -->
250 254 <!-- 7. Identify service model. Default service model is 'contract' -->
251 255 <!-- 8. Identify dependents.
252 256 For Solaris NAS, we may want to have the smbd service start,
253 257 before it reaches the svc:/milestone/multi-user-server
254 258 milestone.
255 259 <dependent
256 260 name='smb-server_multi-user-server'
257 261 grouping='optional_all'
258 262 restart_on='none'>
259 263 <service_fmri value=
260 264 'svc:/milestone/multi-user-server'/>
261 265 </dependent>
262 266 -->
263 267 <!-- 9. Insert service milestones. None. -->
264 268
265 269 <stability value='Evolving' />
266 270
267 271 <!-- 10. Create Service Template information -->
268 272 <template>
269 273 <common_name>
270 274 <loctext xml:lang='C'> smbd daemon</loctext>
271 275 </common_name>
272 276 <documentation>
273 277 <manpage title='smbd' section='1M'
274 278 manpath='/usr/share/man' />
275 279 </documentation>
276 280 </template>
277 281
278 282 </service>
279 283
280 284 </service_bundle>
|
↓ open down ↓ |
39 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX