diff options
author | Steve French <sfrench@us.ibm.com> | 2005-12-02 01:32:42 -0500 |
---|---|---|
committer | Steve French <sfrench@us.ibm.com> | 2005-12-02 01:32:42 -0500 |
commit | bf8206791750854bc6668266b694e8fe2cacb924 (patch) | |
tree | 6fd0a4193b07e071e4a947d3df2bb62934b6bd93 /fs/cifs | |
parent | 83451879ab213e152c6fe5c743f257ba58d7acd1 (diff) |
[CIFS] Kerberos and CIFS ACL support part 1
Signed-off-by: Steve French <sfrench@us.ibm.com>
Diffstat (limited to 'fs/cifs')
-rw-r--r-- | fs/cifs/README | 12 | ||||
-rw-r--r-- | fs/cifs/cifsacl.h | 36 | ||||
-rw-r--r-- | fs/cifs/cifspdu.h | 2 | ||||
-rw-r--r-- | fs/cifs/connect.c | 53 |
4 files changed, 94 insertions, 9 deletions
diff --git a/fs/cifs/README b/fs/cifs/README index e5d09a2fc7a5..b0070d1b149d 100644 --- a/fs/cifs/README +++ b/fs/cifs/README | |||
@@ -436,7 +436,17 @@ A partial list of the supported mount options follows: | |||
436 | SFU does). In the future the bottom 9 bits of the mode | 436 | SFU does). In the future the bottom 9 bits of the mode |
437 | mode also will be emulated using queries of the security | 437 | mode also will be emulated using queries of the security |
438 | descriptor (ACL). | 438 | descriptor (ACL). |
439 | 439 | sec Security mode. Allowed values are: | |
440 | none attempt to connection as a null user (no name) | ||
441 | krb5 Use Kerberos version 5 authentication | ||
442 | krb5i Use Kerberos authentication and packet signing | ||
443 | ntlm Use NTLM password hashing (default) | ||
444 | ntlmi Use NTLM password hashing with signing (if | ||
445 | /proc/fs/cifs/PacketSigningEnabled on or if | ||
446 | server requires signing also can be the default) | ||
447 | ntlmv2 Use NTLMv2 password hashing | ||
448 | ntlmv2i Use NTLMv2 password hashing with packet signing | ||
449 | |||
440 | The mount.cifs mount helper also accepts a few mount options before -o | 450 | The mount.cifs mount helper also accepts a few mount options before -o |
441 | including: | 451 | including: |
442 | 452 | ||
diff --git a/fs/cifs/cifsacl.h b/fs/cifs/cifsacl.h new file mode 100644 index 000000000000..4cfcdf2e6304 --- /dev/null +++ b/fs/cifs/cifsacl.h | |||
@@ -0,0 +1,36 @@ | |||
1 | /* | ||
2 | * fs/cifs/cifsacl.h | ||
3 | * | ||
4 | * Copyright (c) International Business Machines Corp., 2005 | ||
5 | * Author(s): Steve French (sfrench@us.ibm.com) | ||
6 | * | ||
7 | * This library is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU Lesser General Public License as published | ||
9 | * by the Free Software Foundation; either version 2.1 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | * | ||
12 | * This library is distributed in the hope that it will be useful, | ||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See | ||
15 | * the GNU Lesser General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU Lesser General Public License | ||
18 | * along with this library; if not, write to the Free Software | ||
19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
20 | */ | ||
21 | |||
22 | #ifndef _CIFSACL_H | ||
23 | #define _CIFSACL_H | ||
24 | |||
25 | struct cifs_sid { | ||
26 | __u8 revision; /* revision level */ | ||
27 | __u8 num_subauths; | ||
28 | __u8 authority[6]; | ||
29 | __u8 sub_auth[4]; | ||
30 | /* next sub_auth if any ... */ | ||
31 | } __attribute__((packed)); | ||
32 | |||
33 | /* everyone */ | ||
34 | const cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}}; | ||
35 | /* group users */ | ||
36 | const cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}}; | ||
diff --git a/fs/cifs/cifspdu.h b/fs/cifs/cifspdu.h index 33e1859fd2f6..5253e779b3aa 100644 --- a/fs/cifs/cifspdu.h +++ b/fs/cifs/cifspdu.h | |||
@@ -1,7 +1,7 @@ | |||
1 | /* | 1 | /* |
2 | * fs/cifs/cifspdu.h | 2 | * fs/cifs/cifspdu.h |
3 | * | 3 | * |
4 | * Copyright (c) International Business Machines Corp., 2002 | 4 | * Copyright (c) International Business Machines Corp., 2002,2005 |
5 | * Author(s): Steve French (sfrench@us.ibm.com) | 5 | * Author(s): Steve French (sfrench@us.ibm.com) |
6 | * | 6 | * |
7 | * This library is free software; you can redistribute it and/or modify | 7 | * This library is free software; you can redistribute it and/or modify |
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c index c467de857610..651f3b6cebed 100644 --- a/fs/cifs/connect.c +++ b/fs/cifs/connect.c | |||
@@ -82,6 +82,12 @@ struct smb_vol { | |||
82 | unsigned remap:1; /* set to remap seven reserved chars in filenames */ | 82 | unsigned remap:1; /* set to remap seven reserved chars in filenames */ |
83 | unsigned posix_paths:1; /* unset to not ask for posix pathnames. */ | 83 | unsigned posix_paths:1; /* unset to not ask for posix pathnames. */ |
84 | unsigned sfu_emul:1; | 84 | unsigned sfu_emul:1; |
85 | unsigned krb5:1; | ||
86 | unsigned ntlm:1; | ||
87 | unsigned ntlmv2:1; | ||
88 | unsigned nullauth:1; /* attempt to authenticate with null user */ | ||
89 | unsigned sign:1; | ||
90 | unsigned seal:1; /* encrypt */ | ||
85 | unsigned nocase; /* request case insensitive filenames */ | 91 | unsigned nocase; /* request case insensitive filenames */ |
86 | unsigned nobrl; /* disable sending byte range locks to srv */ | 92 | unsigned nobrl; /* disable sending byte range locks to srv */ |
87 | unsigned int rsize; | 93 | unsigned int rsize; |
@@ -777,7 +783,7 @@ cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol) | |||
777 | 783 | ||
778 | /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */ | 784 | /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */ |
779 | vol->rw = TRUE; | 785 | vol->rw = TRUE; |
780 | 786 | vol->ntlm = TRUE; | |
781 | /* default is always to request posix paths. */ | 787 | /* default is always to request posix paths. */ |
782 | vol->posix_paths = 1; | 788 | vol->posix_paths = 1; |
783 | 789 | ||
@@ -903,6 +909,39 @@ cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol) | |||
903 | printk(KERN_WARNING "CIFS: ip address too long\n"); | 909 | printk(KERN_WARNING "CIFS: ip address too long\n"); |
904 | return 1; | 910 | return 1; |
905 | } | 911 | } |
912 | } else if (strnicmp(data, "sec", 3) == 0) { | ||
913 | if (!value || !*value) { | ||
914 | cERROR(1,("no security value specified")); | ||
915 | continue; | ||
916 | } else if (strnicmp(value, "krb5i", 5) == 0) { | ||
917 | vol->sign = 1; | ||
918 | vol->krb5 = 1; | ||
919 | } else if (strnicmp(value, "krb5p", 5) == 0) { | ||
920 | /* vol->seal = 1; | ||
921 | vol->krb5 = 1; */ | ||
922 | cERROR(1,("Krb5 cifs privacy not supported")); | ||
923 | return 1; | ||
924 | } else if (strnicmp(value, "krb5", 4) == 0) { | ||
925 | vol->krb5 = 1; | ||
926 | } else if (strnicmp(value, "ntlmv2i", 7) == 0) { | ||
927 | vol->ntlmv2 = 1; | ||
928 | vol->sign = 1; | ||
929 | } else if (strnicmp(value, "ntlmv2", 6) == 0) { | ||
930 | vol->ntlmv2 = 1; | ||
931 | } else if (strnicmp(value, "ntlmi", 5) == 0) { | ||
932 | vol->ntlm = 1; | ||
933 | vol->sign = 1; | ||
934 | } else if (strnicmp(value, "ntlm", 4) == 0) { | ||
935 | /* ntlm is default so can be turned off too */ | ||
936 | vol->ntlm = 1; | ||
937 | } else if (strnicmp(value, "nontlm", 6) == 0) { | ||
938 | vol->ntlm = 0; | ||
939 | } else if (strnicmp(value, "none", 4) == 0) { | ||
940 | vol->nullauth = 1; | ||
941 | } else { | ||
942 | cERROR(1,("bad security option: %s", value)); | ||
943 | return 1; | ||
944 | } | ||
906 | } else if ((strnicmp(data, "unc", 3) == 0) | 945 | } else if ((strnicmp(data, "unc", 3) == 0) |
907 | || (strnicmp(data, "target", 6) == 0) | 946 | || (strnicmp(data, "target", 6) == 0) |
908 | || (strnicmp(data, "path", 4) == 0)) { | 947 | || (strnicmp(data, "path", 4) == 0)) { |
@@ -1546,7 +1585,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
1546 | cFYI(1, ("Username: %s ", volume_info.username)); | 1585 | cFYI(1, ("Username: %s ", volume_info.username)); |
1547 | 1586 | ||
1548 | } else { | 1587 | } else { |
1549 | cifserror("No username specified "); | 1588 | cifserror("No username specified"); |
1550 | /* In userspace mount helper we can get user name from alternate | 1589 | /* In userspace mount helper we can get user name from alternate |
1551 | locations such as env variables and files on disk */ | 1590 | locations such as env variables and files on disk */ |
1552 | kfree(volume_info.UNC); | 1591 | kfree(volume_info.UNC); |
@@ -1587,7 +1626,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
1587 | return -EINVAL; | 1626 | return -EINVAL; |
1588 | } else /* which servers DFS root would we conect to */ { | 1627 | } else /* which servers DFS root would we conect to */ { |
1589 | cERROR(1, | 1628 | cERROR(1, |
1590 | ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified ")); | 1629 | ("CIFS mount error: No UNC path (e.g. -o unc=//192.168.1.100/public) specified")); |
1591 | kfree(volume_info.UNC); | 1630 | kfree(volume_info.UNC); |
1592 | kfree(volume_info.password); | 1631 | kfree(volume_info.password); |
1593 | FreeXid(xid); | 1632 | FreeXid(xid); |
@@ -1626,7 +1665,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
1626 | 1665 | ||
1627 | 1666 | ||
1628 | if (srvTcp) { | 1667 | if (srvTcp) { |
1629 | cFYI(1, ("Existing tcp session with server found ")); | 1668 | cFYI(1, ("Existing tcp session with server found")); |
1630 | } else { /* create socket */ | 1669 | } else { /* create socket */ |
1631 | if(volume_info.port) | 1670 | if(volume_info.port) |
1632 | sin_server.sin_port = htons(volume_info.port); | 1671 | sin_server.sin_port = htons(volume_info.port); |
@@ -1689,11 +1728,11 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
1689 | 1728 | ||
1690 | if (existingCifsSes) { | 1729 | if (existingCifsSes) { |
1691 | pSesInfo = existingCifsSes; | 1730 | pSesInfo = existingCifsSes; |
1692 | cFYI(1, ("Existing smb sess found ")); | 1731 | cFYI(1, ("Existing smb sess found")); |
1693 | kfree(volume_info.password); | 1732 | kfree(volume_info.password); |
1694 | /* volume_info.UNC freed at end of function */ | 1733 | /* volume_info.UNC freed at end of function */ |
1695 | } else if (!rc) { | 1734 | } else if (!rc) { |
1696 | cFYI(1, ("Existing smb sess not found ")); | 1735 | cFYI(1, ("Existing smb sess not found")); |
1697 | pSesInfo = sesInfoAlloc(); | 1736 | pSesInfo = sesInfoAlloc(); |
1698 | if (pSesInfo == NULL) | 1737 | if (pSesInfo == NULL) |
1699 | rc = -ENOMEM; | 1738 | rc = -ENOMEM; |
@@ -1777,7 +1816,7 @@ cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb, | |||
1777 | find_unc(sin_server.sin_addr.s_addr, volume_info.UNC, | 1816 | find_unc(sin_server.sin_addr.s_addr, volume_info.UNC, |
1778 | volume_info.username); | 1817 | volume_info.username); |
1779 | if (tcon) { | 1818 | if (tcon) { |
1780 | cFYI(1, ("Found match on UNC path ")); | 1819 | cFYI(1, ("Found match on UNC path")); |
1781 | /* we can have only one retry value for a connection | 1820 | /* we can have only one retry value for a connection |
1782 | to a share so for resources mounted more than once | 1821 | to a share so for resources mounted more than once |
1783 | to the same server share the last value passed in | 1822 | to the same server share the last value passed in |