smbd: add option "smb3 directory leases"

By default enabled on non-clustered Samba, disabled on clustered Samba, the
reason being the expected additional load caused by forcing strict rename to be
enabled.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

docs-xml/smbdotconf/locking/smb3directoryleases.xml

@@ -0,0 +1,40 @@
+<samba:parameter name="smb3 directory leases"
+                 context="G"
+                 type="enum"
+                 enumlist="enum_bool_auto"
+		 function="_smb3_directory_leases"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+  <para>
+    This is an enumerated type that controls <command
+    moreinfo="none">smbd</command> whether SMB3 directory leases are
+    enabled. Directory Leasing is an SMB3-only feature which allows
+    clients to cache directories.
+  </para>
+  <para>
+    Possible values for <smbconfoption name="smb3 directory leases"/>
+    are <constant>yes</constant>, <constant>no</constant> and
+    <constant>auto</constant>, <constant>auto</constant> being the
+    default.
+  </para>
+  <para>
+    When set to <constant>auto</constant>, the effective value depends on the
+    option <smbconfoption name="clustering"/>. If <smbconfoption
+    name="clustering"/> is enabled, <smbconfoption name="smb3 directory
+    leases"/> are disabled and the other way around.
+  </para>
+  <para>
+    <smbconfoption name="smb3 directory leases"/> are only available
+    with <smbconfoption name="smb2 leases">yes</smbconfoption>,
+    <smbconfoption name="oplocks">yes</smbconfoption> and
+    <smbconfoption name="kernel oplocks">no</smbconfoption>.
+  </para>
+  <para>
+    Enabling <smbconfoption name="smb3 directory leases"/> implicitly enables
+    <smbconfoption name="strict rename"/>.
+  </para>
+</description>
+
+<related>smb2 leases</related>
+<value type="default">auto</value>
+</samba:parameter>

docs-xml/smbdotconf/tuning/strictrename.xml

@@ -1,6 +1,7 @@
 <samba:parameter name="strict rename"
                  context="S"
                  type="boolean"
+		 function="_strict_rename"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
     <para>By default a Windows SMB server prevents directory
@@ -28,6 +29,9 @@
     pathnames) then renames are always allowed and this parameter
     has no effect.</para>
 
+    <para>Enabling <smbconfoption name="smb3 directory leases"/> implicitly
+    enables <smbconfoption name="strict rename"/>.</para>
+
 </description>
 
 <value type="default">no</value>

lib/param/loadparm.c

@@ -3077,6 +3077,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
 	lpcfg_do_global_parameter(lp_ctx, "smb2 leases", "yes");
 
+	lpcfg_do_global_parameter(lp_ctx, "smb3 directory leases", "Auto");
+
 	lpcfg_do_global_parameter(lp_ctx, "server multi channel support", "yes");
 
 	lpcfg_do_global_parameter(lp_ctx, "kerberos encryption types", "all");

source3/param/loadparm.c

@@ -215,7 +215,7 @@ static const struct loadparm_service _sDefault =
 	.follow_symlinks = true,
 	.sync_always = false,
 	.strict_allocate = false,
-	.strict_rename = false,
+	._strict_rename = false,
 	.strict_sync = true,
 	.mangling_char = '~',
 	.copymap = NULL,
@@ -879,6 +879,7 @@ void loadparm_s3_init_globals(struct loadparm_context *lp_ctx,
 	Globals.smb2_max_trans = DEFAULT_SMB2_MAX_TRANSACT;
 	Globals.smb2_max_credits = DEFAULT_SMB2_MAX_CREDITS;
 	Globals.smb2_leases = true;
+	Globals._smb3_directory_leases = Auto;
 	Globals.server_multi_channel_support = true;
 
 	lpcfg_string_set(Globals.ctx, &Globals.ncalrpc_dir,
@@ -4921,3 +4922,25 @@ uint32_t lp_get_async_dns_timeout(void)
 	 */
 	return MAX(Globals.async_dns_timeout, 1);
 }
+
+bool lp_strict_rename(int snum)
+{
+	if (lp_smb3_directory_leases()){
+		return true;
+	}
+	return lp__strict_rename(snum);
+}
+
+int lp_smb3_directory_leases(void)
+{
+	bool dirleases = lp__smb3_directory_leases();
+
+	if (lp__smb3_directory_leases() == Auto) {
+		dirleases &= !lp_clustering();
+	}
+
+	dirleases &= lp_smb2_leases();
+	dirleases &= lp_oplocks(GLOBAL_SECTION_SNUM);
+	dirleases &= !lp_kernel_oplocks(GLOBAL_SECTION_SNUM);
+	return dirleases;
+}

source3/param/loadparm.h

@@ -69,6 +69,8 @@ int lp_rpc_high_port(void);
 const char *lp_dns_hostname(void);
 bool lp_lanman_auth(void);
 enum samba_weak_crypto lp_weak_crypto(void);
+bool lp_strict_rename(int snum);
+int lp_smb3_directory_leases(void);
 
 int lp_wi_scan_global_parametrics(
 	const char *regex, size_t max_matches,

source3/smbd/smb2_negprot.c

@@ -414,6 +414,13 @@ NTSTATUS smbd_smb2_request_process_negprot(struct smbd_smb2_request *req)
 		capabilities |= SMB2_CAP_ENCRYPTION;
 	}
 
+	if (protocol >= PROTOCOL_SMB3_00 &&
+	    in_capabilities & SMB2_CAP_DIRECTORY_LEASING &&
+	    lp_smb3_directory_leases())
+	{
+		capabilities |= SMB2_CAP_DIRECTORY_LEASING;
+	}
+
 	/*
 	 * 0x10000 (65536) is the maximum allowed message size
 	 * for SMB 2.0