diff options
author | Steve French <sfrench@us.ibm.com> | 2008-01-09 11:21:36 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2008-01-09 11:21:36 -0500 |
commit | 6103335de8afa5d780dcd512abe85c696af7b040 (patch) | |
tree | 92940053ea0bef4b5c821ed84aa265c496724391 | |
parent | f6d09982197c4163c70f6af0cf15bb78674105c0 (diff) |
[CIFS] DNS name resolution helper upcall for cifs
Adds additional option CIFS_DFS_UPCALL to fs/Kconfig for enabling
DFS support. Resolved IP address is saved as a string in the
key payload.
Igor has a series of related patches that will follow which finish up
CIFS DFS support
Acked-by: Igor Mammedov <niallain@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r-- | fs/Kconfig | 39 | ||||
-rw-r--r-- | fs/cifs/Makefile | 2 | ||||
-rw-r--r-- | fs/cifs/cifsfs.c | 15 |
3 files changed, 42 insertions, 14 deletions
diff --git a/fs/Kconfig b/fs/Kconfig index 487236c65837..18cd22149466 100644 --- a/fs/Kconfig +++ b/fs/Kconfig | |||
@@ -1905,13 +1905,15 @@ config CIFS | |||
1905 | file servers such as Windows 2000 (including Windows 2003, NT 4 | 1905 | file servers such as Windows 2000 (including Windows 2003, NT 4 |
1906 | and Windows XP) as well by Samba (which provides excellent CIFS | 1906 | and Windows XP) as well by Samba (which provides excellent CIFS |
1907 | server support for Linux and many other operating systems). Limited | 1907 | server support for Linux and many other operating systems). Limited |
1908 | support for OS/2 and Windows ME and similar servers is provided as well. | 1908 | support for OS/2 and Windows ME and similar servers is provided as |
1909 | 1909 | well. | |
1910 | The intent of the cifs module is to provide an advanced | 1910 | |
1911 | network file system client for mounting to CIFS compliant servers, | 1911 | The cifs module provides an advanced network file system |
1912 | including support for dfs (hierarchical name space), secure per-user | 1912 | client for mounting to CIFS compliant servers. It includes |
1913 | session establishment, safe distributed caching (oplock), optional | 1913 | support for DFS (hierarchical name space), secure per-user |
1914 | packet signing, Unicode and other internationalization improvements. | 1914 | session establishment via Kerberos or NTLM or NTLMv2, |
1915 | safe distributed caching (oplock), optional packet | ||
1916 | signing, Unicode and other internationalization improvements. | ||
1915 | If you need to mount to Samba or Windows from this machine, say Y. | 1917 | If you need to mount to Samba or Windows from this machine, say Y. |
1916 | 1918 | ||
1917 | config CIFS_STATS | 1919 | config CIFS_STATS |
@@ -1943,7 +1945,8 @@ config CIFS_WEAK_PW_HASH | |||
1943 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) | 1945 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) |
1944 | security mechanisms. These hash the password more securely | 1946 | security mechanisms. These hash the password more securely |
1945 | than the mechanisms used in the older LANMAN version of the | 1947 | than the mechanisms used in the older LANMAN version of the |
1946 | SMB protocol needed to establish sessions with old SMB servers. | 1948 | SMB protocol but LANMAN based authentication is needed to |
1949 | establish sessions with some old SMB servers. | ||
1947 | 1950 | ||
1948 | Enabling this option allows the cifs module to mount to older | 1951 | Enabling this option allows the cifs module to mount to older |
1949 | LANMAN based servers such as OS/2 and Windows 95, but such | 1952 | LANMAN based servers such as OS/2 and Windows 95, but such |
@@ -1951,8 +1954,8 @@ config CIFS_WEAK_PW_HASH | |||
1951 | security mechanisms if you are on a public network. Unless you | 1954 | security mechanisms if you are on a public network. Unless you |
1952 | have a need to access old SMB servers (and are on a private | 1955 | have a need to access old SMB servers (and are on a private |
1953 | network) you probably want to say N. Even if this support | 1956 | network) you probably want to say N. Even if this support |
1954 | is enabled in the kernel build, they will not be used | 1957 | is enabled in the kernel build, LANMAN authentication will not be |
1955 | automatically. At runtime LANMAN mounts are disabled but | 1958 | used automatically. At runtime LANMAN mounts are disabled but |
1956 | can be set to required (or optional) either in | 1959 | can be set to required (or optional) either in |
1957 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an | 1960 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an |
1958 | option on the mount command. This support is disabled by | 1961 | option on the mount command. This support is disabled by |
@@ -2018,12 +2021,22 @@ config CIFS_UPCALL | |||
2018 | depends on CIFS_EXPERIMENTAL | 2021 | depends on CIFS_EXPERIMENTAL |
2019 | depends on KEYS | 2022 | depends on KEYS |
2020 | help | 2023 | help |
2021 | Enables an upcall mechanism for CIFS which will be used to contact | 2024 | Enables an upcall mechanism for CIFS which accesses |
2022 | userspace helper utilities to provide SPNEGO packaged Kerberos | 2025 | userspace helper utilities to provide SPNEGO packaged (RFC 4178) |
2023 | tickets which are needed to mount to certain secure servers | 2026 | Kerberos tickets which are needed to mount to certain secure servers |
2024 | (for which more secure Kerberos authentication is required). If | 2027 | (for which more secure Kerberos authentication is required). If |
2025 | unsure, say N. | 2028 | unsure, say N. |
2026 | 2029 | ||
2030 | config CIFS_DFS_UPCALL | ||
2031 | bool "DFS feature support (EXPERIMENTAL)" | ||
2032 | depends on CIFS_EXPERIMENTAL | ||
2033 | depends on KEYS | ||
2034 | help | ||
2035 | Enables an upcall mechanism for CIFS which contacts userspace | ||
2036 | helper utilities to provide server name resolution (host names to | ||
2037 | IP addresses) which is needed for implicit mounts of DFS junction | ||
2038 | points. If unsure, say N. | ||
2039 | |||
2027 | config NCP_FS | 2040 | config NCP_FS |
2028 | tristate "NCP file system support (to mount NetWare volumes)" | 2041 | tristate "NCP file system support (to mount NetWare volumes)" |
2029 | depends on IPX!=n || INET | 2042 | depends on IPX!=n || INET |
diff --git a/fs/cifs/Makefile b/fs/cifs/Makefile index 45e42fb97c19..09898b8dc69b 100644 --- a/fs/cifs/Makefile +++ b/fs/cifs/Makefile | |||
@@ -9,3 +9,5 @@ cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \ | |||
9 | readdir.o ioctl.o sess.o export.o cifsacl.o | 9 | readdir.o ioctl.o sess.o export.o cifsacl.o |
10 | 10 | ||
11 | cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o | 11 | cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o |
12 | |||
13 | cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o | ||
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 093beaa3900d..000b4a5d3219 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c | |||
@@ -44,6 +44,7 @@ | |||
44 | #include "cifs_fs_sb.h" | 44 | #include "cifs_fs_sb.h" |
45 | #include <linux/mm.h> | 45 | #include <linux/mm.h> |
46 | #include <linux/key-type.h> | 46 | #include <linux/key-type.h> |
47 | #include "dns_resolve.h" | ||
47 | #include "cifs_spnego.h" | 48 | #include "cifs_spnego.h" |
48 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ | 49 | #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ |
49 | 50 | ||
@@ -1015,11 +1016,16 @@ init_cifs(void) | |||
1015 | if (rc) | 1016 | if (rc) |
1016 | goto out_unregister_filesystem; | 1017 | goto out_unregister_filesystem; |
1017 | #endif | 1018 | #endif |
1019 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
1020 | rc = register_key_type(&key_type_dns_resolver); | ||
1021 | if (rc) | ||
1022 | goto out_unregister_key_type; | ||
1023 | #endif | ||
1018 | oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd"); | 1024 | oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd"); |
1019 | if (IS_ERR(oplockThread)) { | 1025 | if (IS_ERR(oplockThread)) { |
1020 | rc = PTR_ERR(oplockThread); | 1026 | rc = PTR_ERR(oplockThread); |
1021 | cERROR(1, ("error %d create oplock thread", rc)); | 1027 | cERROR(1, ("error %d create oplock thread", rc)); |
1022 | goto out_unregister_key_type; | 1028 | goto out_unregister_dfs_key_type; |
1023 | } | 1029 | } |
1024 | 1030 | ||
1025 | dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd"); | 1031 | dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd"); |
@@ -1033,7 +1039,11 @@ init_cifs(void) | |||
1033 | 1039 | ||
1034 | out_stop_oplock_thread: | 1040 | out_stop_oplock_thread: |
1035 | kthread_stop(oplockThread); | 1041 | kthread_stop(oplockThread); |
1042 | out_unregister_dfs_key_type: | ||
1043 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
1044 | unregister_key_type(&key_type_dns_resolver); | ||
1036 | out_unregister_key_type: | 1045 | out_unregister_key_type: |
1046 | #endif | ||
1037 | #ifdef CONFIG_CIFS_UPCALL | 1047 | #ifdef CONFIG_CIFS_UPCALL |
1038 | unregister_key_type(&cifs_spnego_key_type); | 1048 | unregister_key_type(&cifs_spnego_key_type); |
1039 | out_unregister_filesystem: | 1049 | out_unregister_filesystem: |
@@ -1059,6 +1069,9 @@ exit_cifs(void) | |||
1059 | #ifdef CONFIG_PROC_FS | 1069 | #ifdef CONFIG_PROC_FS |
1060 | cifs_proc_clean(); | 1070 | cifs_proc_clean(); |
1061 | #endif | 1071 | #endif |
1072 | #ifdef CONFIG_CIFS_DFS_UPCALL | ||
1073 | unregister_key_type(&key_type_dns_resolver); | ||
1074 | #endif | ||
1062 | #ifdef CONFIG_CIFS_UPCALL | 1075 | #ifdef CONFIG_CIFS_UPCALL |
1063 | unregister_key_type(&cifs_spnego_key_type); | 1076 | unregister_key_type(&cifs_spnego_key_type); |
1064 | #endif | 1077 | #endif |