aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteve French <sfrench@us.ibm.com>2008-01-09 11:21:36 -0500
committerSteve French <sfrench@us.ibm.com>2008-01-09 11:21:36 -0500
commit6103335de8afa5d780dcd512abe85c696af7b040 (patch)
tree92940053ea0bef4b5c821ed84aa265c496724391
parentf6d09982197c4163c70f6af0cf15bb78674105c0 (diff)
[CIFS] DNS name resolution helper upcall for cifs
Adds additional option CIFS_DFS_UPCALL to fs/Kconfig for enabling DFS support. Resolved IP address is saved as a string in the key payload. Igor has a series of related patches that will follow which finish up CIFS DFS support Acked-by: Igor Mammedov <niallain@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-rw-r--r--fs/Kconfig39
-rw-r--r--fs/cifs/Makefile2
-rw-r--r--fs/cifs/cifsfs.c15
3 files changed, 42 insertions, 14 deletions
diff --git a/fs/Kconfig b/fs/Kconfig
index 487236c65837..18cd22149466 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -1905,13 +1905,15 @@ config CIFS
1905 file servers such as Windows 2000 (including Windows 2003, NT 4 1905 file servers such as Windows 2000 (including Windows 2003, NT 4
1906 and Windows XP) as well by Samba (which provides excellent CIFS 1906 and Windows XP) as well by Samba (which provides excellent CIFS
1907 server support for Linux and many other operating systems). Limited 1907 server support for Linux and many other operating systems). Limited
1908 support for OS/2 and Windows ME and similar servers is provided as well. 1908 support for OS/2 and Windows ME and similar servers is provided as
1909 1909 well.
1910 The intent of the cifs module is to provide an advanced 1910
1911 network file system client for mounting to CIFS compliant servers, 1911 The cifs module provides an advanced network file system
1912 including support for dfs (hierarchical name space), secure per-user 1912 client for mounting to CIFS compliant servers. It includes
1913 session establishment, safe distributed caching (oplock), optional 1913 support for DFS (hierarchical name space), secure per-user
1914 packet signing, Unicode and other internationalization improvements. 1914 session establishment via Kerberos or NTLM or NTLMv2,
1915 safe distributed caching (oplock), optional packet
1916 signing, Unicode and other internationalization improvements.
1915 If you need to mount to Samba or Windows from this machine, say Y. 1917 If you need to mount to Samba or Windows from this machine, say Y.
1916 1918
1917config CIFS_STATS 1919config CIFS_STATS
@@ -1943,7 +1945,8 @@ config CIFS_WEAK_PW_HASH
1943 (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) 1945 (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
1944 security mechanisms. These hash the password more securely 1946 security mechanisms. These hash the password more securely
1945 than the mechanisms used in the older LANMAN version of the 1947 than the mechanisms used in the older LANMAN version of the
1946 SMB protocol needed to establish sessions with old SMB servers. 1948 SMB protocol but LANMAN based authentication is needed to
1949 establish sessions with some old SMB servers.
1947 1950
1948 Enabling this option allows the cifs module to mount to older 1951 Enabling this option allows the cifs module to mount to older
1949 LANMAN based servers such as OS/2 and Windows 95, but such 1952 LANMAN based servers such as OS/2 and Windows 95, but such
@@ -1951,8 +1954,8 @@ config CIFS_WEAK_PW_HASH
1951 security mechanisms if you are on a public network. Unless you 1954 security mechanisms if you are on a public network. Unless you
1952 have a need to access old SMB servers (and are on a private 1955 have a need to access old SMB servers (and are on a private
1953 network) you probably want to say N. Even if this support 1956 network) you probably want to say N. Even if this support
1954 is enabled in the kernel build, they will not be used 1957 is enabled in the kernel build, LANMAN authentication will not be
1955 automatically. At runtime LANMAN mounts are disabled but 1958 used automatically. At runtime LANMAN mounts are disabled but
1956 can be set to required (or optional) either in 1959 can be set to required (or optional) either in
1957 /proc/fs/cifs (see fs/cifs/README for more detail) or via an 1960 /proc/fs/cifs (see fs/cifs/README for more detail) or via an
1958 option on the mount command. This support is disabled by 1961 option on the mount command. This support is disabled by
@@ -2018,12 +2021,22 @@ config CIFS_UPCALL
2018 depends on CIFS_EXPERIMENTAL 2021 depends on CIFS_EXPERIMENTAL
2019 depends on KEYS 2022 depends on KEYS
2020 help 2023 help
2021 Enables an upcall mechanism for CIFS which will be used to contact 2024 Enables an upcall mechanism for CIFS which accesses
2022 userspace helper utilities to provide SPNEGO packaged Kerberos 2025 userspace helper utilities to provide SPNEGO packaged (RFC 4178)
2023 tickets which are needed to mount to certain secure servers 2026 Kerberos tickets which are needed to mount to certain secure servers
2024 (for which more secure Kerberos authentication is required). If 2027 (for which more secure Kerberos authentication is required). If
2025 unsure, say N. 2028 unsure, say N.
2026 2029
2030config CIFS_DFS_UPCALL
2031 bool "DFS feature support (EXPERIMENTAL)"
2032 depends on CIFS_EXPERIMENTAL
2033 depends on KEYS
2034 help
2035 Enables an upcall mechanism for CIFS which contacts userspace
2036 helper utilities to provide server name resolution (host names to
2037 IP addresses) which is needed for implicit mounts of DFS junction
2038 points. If unsure, say N.
2039
2027config NCP_FS 2040config NCP_FS
2028 tristate "NCP file system support (to mount NetWare volumes)" 2041 tristate "NCP file system support (to mount NetWare volumes)"
2029 depends on IPX!=n || INET 2042 depends on IPX!=n || INET
diff --git a/fs/cifs/Makefile b/fs/cifs/Makefile
index 45e42fb97c19..09898b8dc69b 100644
--- a/fs/cifs/Makefile
+++ b/fs/cifs/Makefile
@@ -9,3 +9,5 @@ cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \
9 readdir.o ioctl.o sess.o export.o cifsacl.o 9 readdir.o ioctl.o sess.o export.o cifsacl.o
10 10
11cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o 11cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o
12
13cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 093beaa3900d..000b4a5d3219 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -44,6 +44,7 @@
44#include "cifs_fs_sb.h" 44#include "cifs_fs_sb.h"
45#include <linux/mm.h> 45#include <linux/mm.h>
46#include <linux/key-type.h> 46#include <linux/key-type.h>
47#include "dns_resolve.h"
47#include "cifs_spnego.h" 48#include "cifs_spnego.h"
48#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ 49#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
49 50
@@ -1015,11 +1016,16 @@ init_cifs(void)
1015 if (rc) 1016 if (rc)
1016 goto out_unregister_filesystem; 1017 goto out_unregister_filesystem;
1017#endif 1018#endif
1019#ifdef CONFIG_CIFS_DFS_UPCALL
1020 rc = register_key_type(&key_type_dns_resolver);
1021 if (rc)
1022 goto out_unregister_key_type;
1023#endif
1018 oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd"); 1024 oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");
1019 if (IS_ERR(oplockThread)) { 1025 if (IS_ERR(oplockThread)) {
1020 rc = PTR_ERR(oplockThread); 1026 rc = PTR_ERR(oplockThread);
1021 cERROR(1, ("error %d create oplock thread", rc)); 1027 cERROR(1, ("error %d create oplock thread", rc));
1022 goto out_unregister_key_type; 1028 goto out_unregister_dfs_key_type;
1023 } 1029 }
1024 1030
1025 dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd"); 1031 dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
@@ -1033,7 +1039,11 @@ init_cifs(void)
1033 1039
1034 out_stop_oplock_thread: 1040 out_stop_oplock_thread:
1035 kthread_stop(oplockThread); 1041 kthread_stop(oplockThread);
1042 out_unregister_dfs_key_type:
1043#ifdef CONFIG_CIFS_DFS_UPCALL
1044 unregister_key_type(&key_type_dns_resolver);
1036 out_unregister_key_type: 1045 out_unregister_key_type:
1046#endif
1037#ifdef CONFIG_CIFS_UPCALL 1047#ifdef CONFIG_CIFS_UPCALL
1038 unregister_key_type(&cifs_spnego_key_type); 1048 unregister_key_type(&cifs_spnego_key_type);
1039 out_unregister_filesystem: 1049 out_unregister_filesystem:
@@ -1059,6 +1069,9 @@ exit_cifs(void)
1059#ifdef CONFIG_PROC_FS 1069#ifdef CONFIG_PROC_FS
1060 cifs_proc_clean(); 1070 cifs_proc_clean();
1061#endif 1071#endif
1072#ifdef CONFIG_CIFS_DFS_UPCALL
1073 unregister_key_type(&key_type_dns_resolver);
1074#endif
1062#ifdef CONFIG_CIFS_UPCALL 1075#ifdef CONFIG_CIFS_UPCALL
1063 unregister_key_type(&cifs_spnego_key_type); 1076 unregister_key_type(&cifs_spnego_key_type);
1064#endif 1077#endif