diff options
| author | Steve French <sfrench@us.ibm.com> | 2008-01-09 11:21:36 -0500 |
|---|---|---|
| committer | Steve French <sfrench@us.ibm.com> | 2008-01-09 11:21:36 -0500 |
| commit | 6103335de8afa5d780dcd512abe85c696af7b040 (patch) | |
| tree | 92940053ea0bef4b5c821ed84aa265c496724391 | |
| parent | f6d09982197c4163c70f6af0cf15bb78674105c0 (diff) | |
[CIFS] DNS name resolution helper upcall for cifs
Adds additional option CIFS_DFS_UPCALL to fs/Kconfig for enabling
DFS support. Resolved IP address is saved as a string in the
key payload.
Igor has a series of related patches that will follow which finish up
CIFS DFS support
Acked-by: Igor Mammedov <niallain@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
| -rw-r--r-- | fs/Kconfig | 39 | ||||
| -rw-r--r-- | fs/cifs/Makefile | 2 | ||||
| -rw-r--r-- | fs/cifs/cifsfs.c | 15 |
3 files changed, 42 insertions, 14 deletions
diff --git a/fs/Kconfig b/fs/Kconfig index 487236c65837..18cd22149466 100644 --- a/fs/Kconfig +++ b/fs/Kconfig | |||
| @@ -1905,13 +1905,15 @@ config CIFS | |||
| 1905 | file servers such as Windows 2000 (including Windows 2003, NT 4 | 1905 | file servers such as Windows 2000 (including Windows 2003, NT 4 |
| 1906 | and Windows XP) as well by Samba (which provides excellent CIFS | 1906 | and Windows XP) as well by Samba (which provides excellent CIFS |
| 1907 | server support for Linux and many other operating systems). Limited | 1907 | server support for Linux and many other operating systems). Limited |
| 1908 | support for OS/2 and Windows ME and similar servers is provided as well. | 1908 | support for OS/2 and Windows ME and similar servers is provided as |
| 1909 | 1909 | well. | |
| 1910 | The intent of the cifs module is to provide an advanced | 1910 | |
| 1911 | network file system client for mounting to CIFS compliant servers, | 1911 | The cifs module provides an advanced network file system |
| 1912 | including support for dfs (hierarchical name space), secure per-user | 1912 | client for mounting to CIFS compliant servers. It includes |
| 1913 | session establishment, safe distributed caching (oplock), optional | 1913 | support for DFS (hierarchical name space), secure per-user |
| 1914 | packet signing, Unicode and other internationalization improvements. | 1914 | session establishment via Kerberos or NTLM or NTLMv2, |
| 1915 | safe distributed caching (oplock), optional packet | ||
| 1916 | signing, Unicode and other internationalization improvements. | ||
| 1915 | If you need to mount to Samba or Windows from this machine, say Y. | 1917 | If you need to mount to Samba or Windows from this machine, say Y. |
| 1916 | 1918 | ||
| 1917 | config CIFS_STATS | 1919 | config CIFS_STATS |
| @@ -1943,7 +1945,8 @@ config CIFS_WEAK_PW_HASH | |||
| 1943 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) | 1945 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) |
| 1944 | security mechanisms. These hash the password more securely | 1946 | security mechanisms. These hash the password more securely |
| 1945 | than the mechanisms used in the older LANMAN version of the | 1947 | than the mechanisms used in the older LANMAN version of the |
| 1946 | SMB protocol needed to establish sessions with old SMB servers. | 1948 | SMB protocol but LANMAN based authentication is needed to |
| 1949 | establish sessions with some old SMB servers. | ||
| 1947 | 1950 | ||
| 1948 | Enabling this option allows the cifs module to mount to older | 1951 | Enabling this option allows the cifs module to mount to older |
| 1949 | LANMAN based servers such as OS/2 and Windows 95, but such | 1952 | LANMAN based servers such as OS/2 and Windows 95, but such |
| @@ -1951,8 +1954,8 @@ config CIFS_WEAK_PW_HASH | |||
| 1951 | security mechanisms if you are on a public network. Unless you | 1954 | security mechanisms if you are on a public network. Unless you |
| 1952 | have a need to access old SMB servers (and are on a private | 1955 | have a need to access old SMB servers (and are on a private |
| 1953 | network) you probably want to say N. Even if this support | 1956 | network) you probably want to say N. Even if this support |
| 1954 | is enabled in the kernel build, they will not be used | 1957 | is enabled in the kernel build, LANMAN authentication will not be |
| 1955 | automatically. At runtime LANMAN mounts are disabled but | 1958 | used automatically. At runtime LANMAN mounts are disabled but |
| 1956 | can be set to required (or optional) either in | 1959 | can be set to required (or optional) either in |
| 1957 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an | 1960 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an |
| 1958 | option on the mount command. This support is disabled by | 1961 | option on the mount command. This support is disabled by |
| @@ -2018,12 +2021,22 @@ config CIFS_UPCALL | |||
| 2018 | depends on CIFS_EXPERIMENTAL | 2021 | depends on CIFS_EXPERIMENTAL |
| 2019 | depends on KEYS | 2022 | depends on KEYS |
| 2020 | help | 2023 | help |
| 2021 | Enables an upcall mechanism for CIFS which will be used to contact | 2024 | Enables an upcall mechanism for CIFS which accesses |
| 2022 | userspace helper utilities to provide SPNEGO packaged Kerberos | 2025 | userspace helper utilities to provide SPNEGO packaged (RFC 4178) |
| 2023 | tickets which are needed to mount to certain secure servers | 2026 | Kerberos tickets which are needed to mount to certain secure servers |
| 2024 | (for which more secure Kerberos authentication is required). If | 2027 | (for which more secure Kerberos authentication is required). If |
| 2025 | unsure, say N. | 2028 | unsure, say N. |
| 2026 | 2029 | ||
| 2030 | config CIFS_DFS_UPCALL | ||
| 2031 | bool "DFS feature support (EXPERIMENTAL)" | ||
| 2032 | depends on CIFS_EXPERIMENTAL | ||
| 2033 | depends on KEYS | ||
| 2034 | help | ||
| 2035 | Enables an upcall mechanism for CIFS which contacts userspace | ||
| 2036 | helper utilities to provide server name resolution (host names to | ||
| 2037 | IP addresses) which is needed for implicit mounts of DFS junction | ||
| 2038 | points. If unsure, say N. | ||
| 2039 | |||
| 2027 | config NCP_FS | 2040 | config NCP_FS |
| 2028 | tristate "NCP file system support (to mount NetWare volumes)" | 2041 | tristate "NCP file system support (to mount NetWare volumes)" |
| 2029 | depends on IPX!=n || INET | 2042 | depends on IPX!=n || INET |
diff --git a/fs/cifs/Makefile b/fs/cifs/Makefile index 45e42fb97c19..09898b8dc69b 100644 --- a/fs/cifs/Makefile +++ b/fs/cifs/Makefile | |||
| @@ -9,3 +9,5 @@ cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \ | |||
| 9 | readdir.o ioctl.o sess.o export.o cifsacl.o | 9 | readdir.o ioctl.o sess.o export.o cifsacl.o |
| 10 | 10 | ||
| 11 | cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o | 11 | cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o |
| 12 | |||
| 13 | cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o | ||
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 093beaa3900d..000b4a5d3219 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c | |||
| @@ -44,6 +44,7 @@ | |||
| 44 | #include "cifs_fs_sb.h" | 44 | #include "cifs_fs_sb.h" |
| 45 | #include <linux/mm.h> | 45 | #include <linux/mm.h> |
| 46 | #include <linux/key-type.h> | 46 | #include <linux/key-type.h> |
| 47 | #include "dns_resolve.h" | ||
| 47 | #include "cifs_spnego.h" | 48 | #include "cifs_spnego.h" |
| 48 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ | 49 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ |
| 49 | 50 | ||
| @@ -1015,11 +1016,16 @@ init_cifs(void) | |||
| 1015 | if (rc) | 1016 | if (rc) |
| 1016 | goto out_unregister_filesystem; | 1017 | goto out_unregister_filesystem; |
| 1017 | #endif | 1018 | #endif |
| 1019 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
| 1020 | rc = register_key_type(&key_type_dns_resolver); | ||
| 1021 | if (rc) | ||
| 1022 | goto out_unregister_key_type; | ||
| 1023 | #endif | ||
| 1018 | oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd"); | 1024 | oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd"); |
| 1019 | if (IS_ERR(oplockThread)) { | 1025 | if (IS_ERR(oplockThread)) { |
| 1020 | rc = PTR_ERR(oplockThread); | 1026 | rc = PTR_ERR(oplockThread); |
| 1021 | cERROR(1, ("error %d create oplock thread", rc)); | 1027 | cERROR(1, ("error %d create oplock thread", rc)); |
| 1022 | goto out_unregister_key_type; | 1028 | goto out_unregister_dfs_key_type; |
| 1023 | } | 1029 | } |
| 1024 | 1030 | ||
| 1025 | dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd"); | 1031 | dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd"); |
| @@ -1033,7 +1039,11 @@ init_cifs(void) | |||
| 1033 | 1039 | ||
| 1034 | out_stop_oplock_thread: | 1040 | out_stop_oplock_thread: |
| 1035 | kthread_stop(oplockThread); | 1041 | kthread_stop(oplockThread); |
| 1042 | out_unregister_dfs_key_type: | ||
| 1043 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
| 1044 | unregister_key_type(&key_type_dns_resolver); | ||
| 1036 | out_unregister_key_type: | 1045 | out_unregister_key_type: |
| 1046 | #endif | ||
| 1037 | #ifdef CONFIG_CIFS_UPCALL | 1047 | #ifdef CONFIG_CIFS_UPCALL |
| 1038 | unregister_key_type(&cifs_spnego_key_type); | 1048 | unregister_key_type(&cifs_spnego_key_type); |
| 1039 | out_unregister_filesystem: | 1049 | out_unregister_filesystem: |
| @@ -1059,6 +1069,9 @@ exit_cifs(void) | |||
| 1059 | #ifdef CONFIG_PROC_FS | 1069 | #ifdef CONFIG_PROC_FS |
| 1060 | cifs_proc_clean(); | 1070 | cifs_proc_clean(); |
| 1061 | #endif | 1071 | #endif |
| 1072 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
| 1073 | unregister_key_type(&key_type_dns_resolver); | ||
| 1074 | #endif | ||
| 1062 | #ifdef CONFIG_CIFS_UPCALL | 1075 | #ifdef CONFIG_CIFS_UPCALL |
| 1063 | unregister_key_type(&cifs_spnego_key_type); | 1076 | unregister_key_type(&cifs_spnego_key_type); |
| 1064 | #endif | 1077 | #endif |