aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2008-05-15 12:44:38 -0400
committerSteve French <sfrench@us.ibm.com>2008-05-15 12:44:38 -0400
commit95b1cb90b79896c4bf5ea484bee2b41d7d293f43 (patch)
tree5a21dabb3706540cacfe1a9304f35eb1f602089c
parentc2cf07d591ef7bc25c220249822d9bdf0f44c75c (diff)
[CIFS] enable parsing for transport encryption mount parm
Samba now supports transport encryption on particular exports (mounted tree ids can be encrypted for servers which support the unix extensions). This adds parsing support to cifs mount option parsing for this. Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/README5
-rw-r--r--fs/cifs/cifsglob.h1
-rw-r--r--fs/cifs/connect.c25
3 files changed, 23 insertions, 8 deletions
diff --git a/fs/cifs/README b/fs/cifs/README
index 621aa1a8597..2bd6fe556f8 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -483,6 +483,11 @@ A partial list of the supported mount options follows:
483 sign Must use packet signing (helps avoid unwanted data modification 483 sign Must use packet signing (helps avoid unwanted data modification
484 by intermediate systems in the route). Note that signing 484 by intermediate systems in the route). Note that signing
485 does not work with lanman or plaintext authentication. 485 does not work with lanman or plaintext authentication.
486 seal Must seal (encrypt) all data on this mounted share before
487 sending on the network. Requires support for Unix Extensions.
488 Note that this differs from the sign mount option in that it
489 causes encryption of data sent over this mounted share but other
490 shares mounted to the same server are unaffected.
486 sec Security mode. Allowed values are: 491 sec Security mode. Allowed values are:
487 none attempt to connection as a null user (no name) 492 none attempt to connection as a null user (no name)
488 krb5 Use Kerberos version 5 authentication 493 krb5 Use Kerberos version 5 authentication
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
index b7d9f698e63..08914053242 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
@@ -281,6 +281,7 @@ struct cifsTconInfo {
281 bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */ 281 bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */
282 bool retry:1; 282 bool retry:1;
283 bool nocase:1; 283 bool nocase:1;
284 bool seal:1; /* transport encryption for this mounted share */
284 bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol 285 bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol
285 for this mount even if server would support */ 286 for this mount even if server would support */
286 /* BB add field for back pointer to sb struct(s)? */ 287 /* BB add field for back pointer to sb struct(s)? */
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index c397fcfd9f1..023434f72c1 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -60,7 +60,7 @@ struct smb_vol {
60 char *domainname; 60 char *domainname;
61 char *UNC; 61 char *UNC;
62 char *UNCip; 62 char *UNCip;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */ 63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */ 64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */ 65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ 66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
@@ -82,13 +82,14 @@ struct smb_vol {
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/ 82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */ 83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
84 bool direct_io:1; 84 bool direct_io:1;
85 bool remap:1; /* set to remap seven reserved chars in filenames */ 85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */ 86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
87 bool no_linux_ext:1; 87 bool no_linux_ext:1;
88 bool sfu_emul:1; 88 bool sfu_emul:1;
89 bool nullauth:1; /* attempt to authenticate with null user */ 89 bool nullauth:1; /* attempt to authenticate with null user */
90 unsigned nocase; /* request case insensitive filenames */ 90 bool nocase:1; /* request case insensitive filenames */
91 unsigned nobrl; /* disable sending byte range locks to srv */ 91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
92 unsigned int rsize; 93 unsigned int rsize;
93 unsigned int wsize; 94 unsigned int wsize;
94 unsigned int sockopt; 95 unsigned int sockopt;
@@ -1273,8 +1274,12 @@ cifs_parse_mount_options(char *options, const char *devname,
1273 vol->no_psx_acl = 1; 1274 vol->no_psx_acl = 1;
1274 } else if (strnicmp(data, "sign", 4) == 0) { 1275 } else if (strnicmp(data, "sign", 4) == 0) {
1275 vol->secFlg |= CIFSSEC_MUST_SIGN; 1276 vol->secFlg |= CIFSSEC_MUST_SIGN;
1276/* } else if (strnicmp(data, "seal",4) == 0) { 1277 } else if (strnicmp(data, "seal", 4) == 0) {
1277 vol->secFlg |= CIFSSEC_MUST_SEAL; */ 1278 /* we do not do the following in secFlags because seal
1279 is a per tree connection (mount) not a per socket
1280 or per-smb connection option in the protocol */
1281 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1282 vol->seal = 1;
1278 } else if (strnicmp(data, "direct", 6) == 0) { 1283 } else if (strnicmp(data, "direct", 6) == 0) {
1279 vol->direct_io = 1; 1284 vol->direct_io = 1;
1280 } else if (strnicmp(data, "forcedirectio", 13) == 0) { 1285 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
@@ -2126,6 +2131,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2126 for the retry flag is used */ 2131 for the retry flag is used */
2127 tcon->retry = volume_info.retry; 2132 tcon->retry = volume_info.retry;
2128 tcon->nocase = volume_info.nocase; 2133 tcon->nocase = volume_info.nocase;
2134 if (tcon->seal != volume_info.seal)
2135 cERROR(1, ("transport encryption setting "
2136 "conflicts with existing tid"));
2129 } else { 2137 } else {
2130 tcon = tconInfoAlloc(); 2138 tcon = tconInfoAlloc();
2131 if (tcon == NULL) 2139 if (tcon == NULL)
@@ -2159,6 +2167,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
2159 atomic_inc(&pSesInfo->inUse); 2167 atomic_inc(&pSesInfo->inUse);
2160 tcon->retry = volume_info.retry; 2168 tcon->retry = volume_info.retry;
2161 tcon->nocase = volume_info.nocase; 2169 tcon->nocase = volume_info.nocase;
2170 tcon->seal = volume_info.seal;
2162 } 2171 }
2163 } 2172 }
2164 } 2173 }