aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2005-12-02 01:32:42 -0500
committerSteve French <sfrench@us.ibm.com>2005-12-02 01:32:42 -0500
commitbf8206791750854bc6668266b694e8fe2cacb924 (patch)
tree6fd0a4193b07e071e4a947d3df2bb62934b6bd93
parent83451879ab213e152c6fe5c743f257ba58d7acd1 (diff)
[CIFS] Kerberos and CIFS ACL support part 1
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/cifs/README12
-rw-r--r--fs/cifs/cifsacl.h36
-rw-r--r--fs/cifs/cifspdu.h2
-rw-r--r--fs/cifs/connect.c53
4 files changed, 94 insertions, 9 deletions
diff --git a/fs/cifs/README b/fs/cifs/README
index e5d09a2fc7a5..b0070d1b149d 100644
--- a/fs/cifs/README
+++ b/fs/cifs/README
@@ -436,7 +436,17 @@ A partial list of the supported mount options follows:
436 SFU does). In the future the bottom 9 bits of the mode 436 SFU does). In the future the bottom 9 bits of the mode
437 mode also will be emulated using queries of the security 437 mode also will be emulated using queries of the security
438 descriptor (ACL). 438 descriptor (ACL).
439 439sec Security mode. Allowed values are:
440 none attempt to connection as a null user (no name)
441 krb5 Use Kerberos version 5 authentication
442 krb5i Use Kerberos authentication and packet signing
443 ntlm Use NTLM password hashing (default)
444 ntlmi Use NTLM password hashing with signing (if
445 /proc/fs/cifs/PacketSigningEnabled on or if
446 server requires signing also can be the default)
447 ntlmv2 Use NTLMv2 password hashing
448 ntlmv2i Use NTLMv2 password hashing with packet signing
449
440The mount.cifs mount helper also accepts a few mount options before -o 450The mount.cifs mount helper also accepts a few mount options before -o
441including: 451including:
442 452
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h
new file mode 100644
index 000000000000..4cfcdf2e6304
--- /dev/null
+++ b/fs/cifs/cifsacl.h
@@ -0,0 +1,36 @@
1/*
2 * fs/cifs/cifsacl.h
3 *
4 * Copyright (c) International Business Machines Corp., 2005
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22#ifndef _CIFSACL_H
23#define _CIFSACL_H
24
25struct cifs_sid {
26 __u8 revision; /* revision level */
27 __u8 num_subauths;
28 __u8 authority[6];
29 __u8 sub_auth[4];
30 /* next sub_auth if any ... */
31} __attribute__((packed));
32
33/* everyone */
34const cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};
35/* group users */
36const cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};
diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h
index 33e1859fd2f6..5253e779b3aa 100644
--- a/fs/cifs/cifspdu.h
+++ b/fs/cifs/cifspdu.h
@@ -1,7 +1,7 @@
1/* 1/*
2 * fs/cifs/cifspdu.h 2 * fs/cifs/cifspdu.h
3 * 3 *
4 * Copyright (c) International Business Machines Corp., 2002 4 * Copyright (c) International Business Machines Corp., 2002,2005
5 * Author(s): Steve French (sfrench@us.ibm.com) 5 * Author(s): Steve French (sfrench@us.ibm.com)
6 * 6 *
7 * This library is free software; you can redistribute it and/or modify 7 * This library is free software; you can redistribute it and/or modify
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index c467de857610..651f3b6cebed 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -82,6 +82,12 @@ struct smb_vol {
82 unsigned remap:1; /* set to remap seven reserved chars in filenames */ 82 unsigned remap:1; /* set to remap seven reserved chars in filenames */
83 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */ 83 unsigned posix_paths:1; /* unset to not ask for posix pathnames. */
84 unsigned sfu_emul:1; 84 unsigned sfu_emul:1;
85 unsigned krb5:1;
86 unsigned ntlm:1;
87 unsigned ntlmv2:1;
88 unsigned nullauth:1; /* attempt to authenticate with null user */
89 unsigned sign:1;
90 unsigned seal:1; /* encrypt */
85 unsigned nocase; /* request case insensitive filenames */ 91 unsigned nocase; /* request case insensitive filenames */
86 unsigned nobrl; /* disable sending byte range locks to srv */ 92 unsigned nobrl; /* disable sending byte range locks to srv */
87 unsigned int rsize; 93 unsigned int rsize;
@@ -777,7 +783,7 @@ cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
777 783
778 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */ 784 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
779 vol->rw = TRUE; 785 vol->rw = TRUE;
780 786 vol->ntlm = TRUE;
781 /* default is always to request posix paths. */ 787 /* default is always to request posix paths. */
782 vol->posix_paths = 1; 788 vol->posix_paths = 1;
783 789
@@ -903,6 +909,39 @@ cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol)
903 printk(KERN_WARNING "CIFS: ip address too long\n"); 909 printk(KERN_WARNING "CIFS: ip address too long\n");
904 return 1; 910 return 1;
905 } 911 }
912 } else if (strnicmp(data, "sec", 3) == 0) {
913 if (!value || !*value) {
914 cERROR(1,("no security value specified"));
915 continue;
916 } else if (strnicmp(value, "krb5i", 5) == 0) {
917 vol->sign = 1;
918 vol->krb5 = 1;
919 } else if (strnicmp(value, "krb5p", 5) == 0) {
920 /* vol->seal = 1;
921 vol->krb5 = 1; */
922 cERROR(1,("Krb5 cifs privacy not supported"));
923 return 1;
924 } else if (strnicmp(value, "krb5", 4) == 0) {
925 vol->krb5 = 1;
926 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
927 vol->ntlmv2 = 1;
928 vol->sign = 1;
929 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
930 vol->ntlmv2 = 1;
931 } else if (strnicmp(value, "ntlmi", 5) == 0) {
932 vol->ntlm = 1;
933 vol->sign = 1;
934 } else if (strnicmp(value, "ntlm", 4) == 0) {
935 /* ntlm is default so can be turned off too */
936 vol->ntlm = 1;
937 } else if (strnicmp(value, "nontlm", 6) == 0) {
938 vol->ntlm = 0;
939 } else if (strnicmp(value, "none", 4) == 0) {
940 vol->nullauth = 1;
941 } else {
942 cERROR(1,("bad security option: %s", value));
943 return 1;
944 }
906 } else if ((strnicmp(data, "unc", 3) == 0) 945 } else if ((strnicmp(data, "unc", 3) == 0)
907 || (strnicmp(data, "target", 6) == 0) 946 || (strnicmp(data, "target", 6) == 0)
908 || (strnicmp(data, "path", 4) == 0)) { 947 || (strnicmp(data, "path", 4) == 0)) {
@@ -1546,7 +1585,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1546 cFYI(1, ("Username: %s ", volume_info.username)); 1585 cFYI(1, ("Username: %s ", volume_info.username));
1547 1586
1548 } else { 1587 } else {
1549 cifserror("No username specified "); 1588 cifserror("No username specified");
1550 /* In userspace mount helper we can get user name from alternate 1589 /* In userspace mount helper we can get user name from alternate
1551 locations such as env variables and files on disk */ 1590 locations such as env variables and files on disk */
1552 kfree(volume_info.UNC); 1591 kfree(volume_info.UNC);
@@ -1587,7 +1626,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1587 return -EINVAL; 1626 return -EINVAL;
1588 } else /* which servers DFS root would we conect to */ { 1627 } else /* which servers DFS root would we conect to */ {
1589 cERROR(1, 1628 cERROR(1,
1590 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified ")); 1629 ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified"));
1591 kfree(volume_info.UNC); 1630 kfree(volume_info.UNC);
1592 kfree(volume_info.password); 1631 kfree(volume_info.password);
1593 FreeXid(xid); 1632 FreeXid(xid);
@@ -1626,7 +1665,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1626 1665
1627 1666
1628 if (srvTcp) { 1667 if (srvTcp) {
1629 cFYI(1, ("Existing tcp session with server found ")); 1668 cFYI(1, ("Existing tcp session with server found"));
1630 } else { /* create socket */ 1669 } else { /* create socket */
1631 if(volume_info.port) 1670 if(volume_info.port)
1632 sin_server.sin_port = htons(volume_info.port); 1671 sin_server.sin_port = htons(volume_info.port);
@@ -1689,11 +1728,11 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1689 1728
1690 if (existingCifsSes) { 1729 if (existingCifsSes) {
1691 pSesInfo = existingCifsSes; 1730 pSesInfo = existingCifsSes;
1692 cFYI(1, ("Existing smb sess found ")); 1731 cFYI(1, ("Existing smb sess found"));
1693 kfree(volume_info.password); 1732 kfree(volume_info.password);
1694 /* volume_info.UNC freed at end of function */ 1733 /* volume_info.UNC freed at end of function */
1695 } else if (!rc) { 1734 } else if (!rc) {
1696 cFYI(1, ("Existing smb sess not found ")); 1735 cFYI(1, ("Existing smb sess not found"));
1697 pSesInfo = sesInfoAlloc(); 1736 pSesInfo = sesInfoAlloc();
1698 if (pSesInfo == NULL) 1737 if (pSesInfo == NULL)
1699 rc = -ENOMEM; 1738 rc = -ENOMEM;
@@ -1777,7 +1816,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1777 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC, 1816 find_unc(sin_server.sin_addr.s_addr, volume_info.UNC,
1778 volume_info.username); 1817 volume_info.username);
1779 if (tcon) { 1818 if (tcon) {
1780 cFYI(1, ("Found match on UNC path ")); 1819 cFYI(1, ("Found match on UNC path"));
1781 /* we can have only one retry value for a connection 1820 /* we can have only one retry value for a connection
1782 to a share so for resources mounted more than once 1821 to a share so for resources mounted more than once
1783 to the same server share the last value passed in 1822 to the same server share the last value passed in