diff options
author | Steve French <sfrench@us.ibm.com> | 2008-05-15 12:44:38 -0400 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-05-15 12:44:38 -0400 |
commit | 95b1cb90b79896c4bf5ea484bee2b41d7d293f43 (patch) | |
tree | 5a21dabb3706540cacfe1a9304f35eb1f602089c | |
parent | c2cf07d591ef7bc25c220249822d9bdf0f44c75c (diff) |
[CIFS] enable parsing for transport encryption mount parm
Samba now supports transport encryption on particular exports
(mounted tree ids can be encrypted for servers which support the
unix extensions). This adds parsing support to cifs mount
option parsing for this.
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/cifs/README | 5 | ||||
-rw-r--r-- | fs/cifs/cifsglob.h | 1 | ||||
-rw-r--r-- | fs/cifs/connect.c | 25 |
3 files changed, 23 insertions, 8 deletions
diff --git a/fs/cifs/README b/fs/cifs/README index 621aa1a8597..2bd6fe556f8 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
@@ -483,6 +483,11 @@ A partial list of the supported mount options follows: | |||
483 | sign Must use packet signing (helps avoid unwanted data modification | 483 | sign Must use packet signing (helps avoid unwanted data modification |
484 | by intermediate systems in the route). Note that signing | 484 | by intermediate systems in the route). Note that signing |
485 | does not work with lanman or plaintext authentication. | 485 | does not work with lanman or plaintext authentication. |
486 | seal Must seal (encrypt) all data on this mounted share before | ||
487 | sending on the network. Requires support for Unix Extensions. | ||
488 | Note that this differs from the sign mount option in that it | ||
489 | causes encryption of data sent over this mounted share but other | ||
490 | shares mounted to the same server are unaffected. | ||
486 | sec Security mode. Allowed values are: | 491 | sec Security mode. Allowed values are: |
487 | none attempt to connection as a null user (no name) | 492 | none attempt to connection as a null user (no name) |
488 | krb5 Use Kerberos version 5 authentication | 493 | krb5 Use Kerberos version 5 authentication |
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h index b7d9f698e63..08914053242 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h | |||
@@ -281,6 +281,7 @@ struct cifsTconInfo { | |||
281 | bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */ | 281 | bool ipc:1; /* set if connection to IPC$ eg for RPC/PIPES */ |
282 | bool retry:1; | 282 | bool retry:1; |
283 | bool nocase:1; | 283 | bool nocase:1; |
284 | bool seal:1; /* transport encryption for this mounted share */ | ||
284 | bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol | 285 | bool unix_ext:1; /* if false disable Linux extensions to CIFS protocol |
285 | for this mount even if server would support */ | 286 | for this mount even if server would support */ |
286 | /* BB add field for back pointer to sb struct(s)? */ | 287 | /* BB add field for back pointer to sb struct(s)? */ |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c397fcfd9f1..023434f72c1 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -60,7 +60,7 @@ struct smb_vol { | |||
60 | char *domainname; | 60 | char *domainname; |
61 | char *UNC; | 61 | char *UNC; |
62 | char *UNCip; | 62 | char *UNCip; |
63 | char *in6_addr; /* ipv6 address as human readable form of in6_addr */ | 63 | char *in6_addr; /* ipv6 address as human readable form of in6_addr */ |
64 | char *iocharset; /* local code page for mapping to and from Unicode */ | 64 | char *iocharset; /* local code page for mapping to and from Unicode */ |
65 | char source_rfc1001_name[16]; /* netbios name of client */ | 65 | char source_rfc1001_name[16]; /* netbios name of client */ |
66 | char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ | 66 | char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */ |
@@ -82,13 +82,14 @@ struct smb_vol { | |||
82 | bool no_xattr:1; /* set if xattr (EA) support should be disabled*/ | 82 | bool no_xattr:1; /* set if xattr (EA) support should be disabled*/ |
83 | bool server_ino:1; /* use inode numbers from server ie UniqueId */ | 83 | bool server_ino:1; /* use inode numbers from server ie UniqueId */ |
84 | bool direct_io:1; | 84 | bool direct_io:1; |
85 | bool remap:1; /* set to remap seven reserved chars in filenames */ | 85 | bool remap:1; /* set to remap seven reserved chars in filenames */ |
86 | bool posix_paths:1; /* unset to not ask for posix pathnames. */ | 86 | bool posix_paths:1; /* unset to not ask for posix pathnames. */ |
87 | bool no_linux_ext:1; | 87 | bool no_linux_ext:1; |
88 | bool sfu_emul:1; | 88 | bool sfu_emul:1; |
89 | bool nullauth:1; /* attempt to authenticate with null user */ | 89 | bool nullauth:1; /* attempt to authenticate with null user */ |
90 | unsigned nocase; /* request case insensitive filenames */ | 90 | bool nocase:1; /* request case insensitive filenames */ |
91 | unsigned nobrl; /* disable sending byte range locks to srv */ | 91 | bool nobrl:1; /* disable sending byte range locks to srv */ |
92 | bool seal:1; /* request transport encryption on share */ | ||
92 | unsigned int rsize; | 93 | unsigned int rsize; |
93 | unsigned int wsize; | 94 | unsigned int wsize; |
94 | unsigned int sockopt; | 95 | unsigned int sockopt; |
@@ -1273,8 +1274,12 @@ cifs_parse_mount_options(char *options, const char *devname, | |||
1273 | vol->no_psx_acl = 1; | 1274 | vol->no_psx_acl = 1; |
1274 | } else if (strnicmp(data, "sign", 4) == 0) { | 1275 | } else if (strnicmp(data, "sign", 4) == 0) { |
1275 | vol->secFlg |= CIFSSEC_MUST_SIGN; | 1276 | vol->secFlg |= CIFSSEC_MUST_SIGN; |
1276 | /* } else if (strnicmp(data, "seal",4) == 0) { | 1277 | } else if (strnicmp(data, "seal", 4) == 0) { |
1277 | vol->secFlg |= CIFSSEC_MUST_SEAL; */ | 1278 | /* we do not do the following in secFlags because seal |
1279 | is a per tree connection (mount) not a per socket | ||
1280 | or per-smb connection option in the protocol */ | ||
1281 | /* vol->secFlg |= CIFSSEC_MUST_SEAL; */ | ||
1282 | vol->seal = 1; | ||
1278 | } else if (strnicmp(data, "direct", 6) == 0) { | 1283 | } else if (strnicmp(data, "direct", 6) == 0) { |
1279 | vol->direct_io = 1; | 1284 | vol->direct_io = 1; |
1280 | } else if (strnicmp(data, "forcedirectio", 13) == 0) { | 1285 | } else if (strnicmp(data, "forcedirectio", 13) == 0) { |
@@ -2126,6 +2131,9 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
2126 | for the retry flag is used */ | 2131 | for the retry flag is used */ |
2127 | tcon->retry = volume_info.retry; | 2132 | tcon->retry = volume_info.retry; |
2128 | tcon->nocase = volume_info.nocase; | 2133 | tcon->nocase = volume_info.nocase; |
2134 | if (tcon->seal != volume_info.seal) | ||
2135 | cERROR(1, ("transport encryption setting " | ||
2136 | "conflicts with existing tid")); | ||
2129 | } else { | 2137 | } else { |
2130 | tcon = tconInfoAlloc(); | 2138 | tcon = tconInfoAlloc(); |
2131 | if (tcon == NULL) | 2139 | if (tcon == NULL) |
@@ -2159,6 +2167,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
2159 | atomic_inc(&pSesInfo->inUse); | 2167 | atomic_inc(&pSesInfo->inUse); |
2160 | tcon->retry = volume_info.retry; | 2168 | tcon->retry = volume_info.retry; |
2161 | tcon->nocase = volume_info.nocase; | 2169 | tcon->nocase = volume_info.nocase; |
2170 | tcon->seal = volume_info.seal; | ||
2162 | } | 2171 | } |
2163 | } | 2172 | } |
2164 | } | 2173 | } |