diff options
Diffstat (limited to 'fs/cifs')
-rw-r--r-- | fs/cifs/Kconfig | 142 | ||||
-rw-r--r-- | fs/cifs/cifsfs.c | 10 | ||||
-rw-r--r-- | fs/cifs/file.c | 4 |
3 files changed, 151 insertions, 5 deletions
diff --git a/fs/cifs/Kconfig b/fs/cifs/Kconfig new file mode 100644 index 000000000000..341a98965bd0 --- /dev/null +++ b/fs/cifs/Kconfig | |||
@@ -0,0 +1,142 @@ | |||
1 | config CIFS | ||
2 | tristate "CIFS support (advanced network filesystem, SMBFS successor)" | ||
3 | depends on INET | ||
4 | select NLS | ||
5 | help | ||
6 | This is the client VFS module for the Common Internet File System | ||
7 | (CIFS) protocol which is the successor to the Server Message Block | ||
8 | (SMB) protocol, the native file sharing mechanism for most early | ||
9 | PC operating systems. The CIFS protocol is fully supported by | ||
10 | file servers such as Windows 2000 (including Windows 2003, NT 4 | ||
11 | and Windows XP) as well by Samba (which provides excellent CIFS | ||
12 | server support for Linux and many other operating systems). Limited | ||
13 | support for OS/2 and Windows ME and similar servers is provided as | ||
14 | well. | ||
15 | |||
16 | The cifs module provides an advanced network file system | ||
17 | client for mounting to CIFS compliant servers. It includes | ||
18 | support for DFS (hierarchical name space), secure per-user | ||
19 | session establishment via Kerberos or NTLM or NTLMv2, | ||
20 | safe distributed caching (oplock), optional packet | ||
21 | signing, Unicode and other internationalization improvements. | ||
22 | If you need to mount to Samba or Windows from this machine, say Y. | ||
23 | |||
24 | config CIFS_STATS | ||
25 | bool "CIFS statistics" | ||
26 | depends on CIFS | ||
27 | help | ||
28 | Enabling this option will cause statistics for each server share | ||
29 | mounted by the cifs client to be displayed in /proc/fs/cifs/Stats | ||
30 | |||
31 | config CIFS_STATS2 | ||
32 | bool "Extended statistics" | ||
33 | depends on CIFS_STATS | ||
34 | help | ||
35 | Enabling this option will allow more detailed statistics on SMB | ||
36 | request timing to be displayed in /proc/fs/cifs/DebugData and also | ||
37 | allow optional logging of slow responses to dmesg (depending on the | ||
38 | value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). | ||
39 | These additional statistics may have a minor effect on performance | ||
40 | and memory utilization. | ||
41 | |||
42 | Unless you are a developer or are doing network performance analysis | ||
43 | or tuning, say N. | ||
44 | |||
45 | config CIFS_WEAK_PW_HASH | ||
46 | bool "Support legacy servers which use weaker LANMAN security" | ||
47 | depends on CIFS | ||
48 | help | ||
49 | Modern CIFS servers including Samba and most Windows versions | ||
50 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) | ||
51 | security mechanisms. These hash the password more securely | ||
52 | than the mechanisms used in the older LANMAN version of the | ||
53 | SMB protocol but LANMAN based authentication is needed to | ||
54 | establish sessions with some old SMB servers. | ||
55 | |||
56 | Enabling this option allows the cifs module to mount to older | ||
57 | LANMAN based servers such as OS/2 and Windows 95, but such | ||
58 | mounts may be less secure than mounts using NTLM or more recent | ||
59 | security mechanisms if you are on a public network. Unless you | ||
60 | have a need to access old SMB servers (and are on a private | ||
61 | network) you probably want to say N. Even if this support | ||
62 | is enabled in the kernel build, LANMAN authentication will not be | ||
63 | used automatically. At runtime LANMAN mounts are disabled but | ||
64 | can be set to required (or optional) either in | ||
65 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an | ||
66 | option on the mount command. This support is disabled by | ||
67 | default in order to reduce the possibility of a downgrade | ||
68 | attack. | ||
69 | |||
70 | If unsure, say N. | ||
71 | |||
72 | config CIFS_UPCALL | ||
73 | bool "Kerberos/SPNEGO advanced session setup" | ||
74 | depends on CIFS && KEYS | ||
75 | help | ||
76 | Enables an upcall mechanism for CIFS which accesses | ||
77 | userspace helper utilities to provide SPNEGO packaged (RFC 4178) | ||
78 | Kerberos tickets which are needed to mount to certain secure servers | ||
79 | (for which more secure Kerberos authentication is required). If | ||
80 | unsure, say N. | ||
81 | |||
82 | config CIFS_XATTR | ||
83 | bool "CIFS extended attributes" | ||
84 | depends on CIFS | ||
85 | help | ||
86 | Extended attributes are name:value pairs associated with inodes by | ||
87 | the kernel or by users (see the attr(5) manual page, or visit | ||
88 | <http://acl.bestbits.at/> for details). CIFS maps the name of | ||
89 | extended attributes beginning with the user namespace prefix | ||
90 | to SMB/CIFS EAs. EAs are stored on Windows servers without the | ||
91 | user namespace prefix, but their names are seen by Linux cifs clients | ||
92 | prefaced by the user namespace prefix. The system namespace | ||
93 | (used by some filesystems to store ACLs) is not supported at | ||
94 | this time. | ||
95 | |||
96 | If unsure, say N. | ||
97 | |||
98 | config CIFS_POSIX | ||
99 | bool "CIFS POSIX Extensions" | ||
100 | depends on CIFS_XATTR | ||
101 | help | ||
102 | Enabling this option will cause the cifs client to attempt to | ||
103 | negotiate a newer dialect with servers, such as Samba 3.0.5 | ||
104 | or later, that optionally can handle more POSIX like (rather | ||
105 | than Windows like) file behavior. It also enables | ||
106 | support for POSIX ACLs (getfacl and setfacl) to servers | ||
107 | (such as Samba 3.10 and later) which can negotiate | ||
108 | CIFS POSIX ACL support. If unsure, say N. | ||
109 | |||
110 | config CIFS_DEBUG2 | ||
111 | bool "Enable additional CIFS debugging routines" | ||
112 | depends on CIFS | ||
113 | help | ||
114 | Enabling this option adds a few more debugging routines | ||
115 | to the cifs code which slightly increases the size of | ||
116 | the cifs module and can cause additional logging of debug | ||
117 | messages in some error paths, slowing performance. This | ||
118 | option can be turned off unless you are debugging | ||
119 | cifs problems. If unsure, say N. | ||
120 | |||
121 | config CIFS_EXPERIMENTAL | ||
122 | bool "CIFS Experimental Features (EXPERIMENTAL)" | ||
123 | depends on CIFS && EXPERIMENTAL | ||
124 | help | ||
125 | Enables cifs features under testing. These features are | ||
126 | experimental and currently include DFS support and directory | ||
127 | change notification ie fcntl(F_DNOTIFY), as well as the upcall | ||
128 | mechanism which will be used for Kerberos session negotiation | ||
129 | and uid remapping. Some of these features also may depend on | ||
130 | setting a value of 1 to the pseudo-file /proc/fs/cifs/Experimental | ||
131 | (which is disabled by default). See the file fs/cifs/README | ||
132 | for more details. If unsure, say N. | ||
133 | |||
134 | config CIFS_DFS_UPCALL | ||
135 | bool "DFS feature support (EXPERIMENTAL)" | ||
136 | depends on CIFS_EXPERIMENTAL | ||
137 | depends on KEYS | ||
138 | help | ||
139 | Enables an upcall mechanism for CIFS which contacts userspace | ||
140 | helper utilities to provide server name resolution (host names to | ||
141 | IP addresses) which is needed for implicit mounts of DFS junction | ||
142 | points. If unsure, say N. | ||
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c index 76919c25acc7..ac5915d61dca 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c | |||
@@ -275,9 +275,12 @@ static int cifs_permission(struct inode *inode, int mask) | |||
275 | 275 | ||
276 | cifs_sb = CIFS_SB(inode->i_sb); | 276 | cifs_sb = CIFS_SB(inode->i_sb); |
277 | 277 | ||
278 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM) | 278 | if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NO_PERM) { |
279 | return 0; | 279 | if ((mask & MAY_EXEC) && !execute_ok(inode)) |
280 | else /* file mode might have been restricted at mount time | 280 | return -EACCES; |
281 | else | ||
282 | return 0; | ||
283 | } else /* file mode might have been restricted at mount time | ||
281 | on the client (above and beyond ACL on servers) for | 284 | on the client (above and beyond ACL on servers) for |
282 | servers which do not support setting and viewing mode bits, | 285 | servers which do not support setting and viewing mode bits, |
283 | so allowing client to check permissions is useful */ | 286 | so allowing client to check permissions is useful */ |
@@ -801,6 +804,7 @@ const struct file_operations cifs_dir_ops = { | |||
801 | .dir_notify = cifs_dir_notify, | 804 | .dir_notify = cifs_dir_notify, |
802 | #endif /* CONFIG_CIFS_EXPERIMENTAL */ | 805 | #endif /* CONFIG_CIFS_EXPERIMENTAL */ |
803 | .unlocked_ioctl = cifs_ioctl, | 806 | .unlocked_ioctl = cifs_ioctl, |
807 | .llseek = generic_file_llseek, | ||
804 | }; | 808 | }; |
805 | 809 | ||
806 | static void | 810 | static void |
diff --git a/fs/cifs/file.c b/fs/cifs/file.c index c4a8a0605125..62d8bd8f14c0 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c | |||
@@ -1791,7 +1791,7 @@ static void cifs_copy_cache_pages(struct address_space *mapping, | |||
1791 | SetPageUptodate(page); | 1791 | SetPageUptodate(page); |
1792 | unlock_page(page); | 1792 | unlock_page(page); |
1793 | if (!pagevec_add(plru_pvec, page)) | 1793 | if (!pagevec_add(plru_pvec, page)) |
1794 | __pagevec_lru_add(plru_pvec); | 1794 | __pagevec_lru_add_file(plru_pvec); |
1795 | data += PAGE_CACHE_SIZE; | 1795 | data += PAGE_CACHE_SIZE; |
1796 | } | 1796 | } |
1797 | return; | 1797 | return; |
@@ -1925,7 +1925,7 @@ static int cifs_readpages(struct file *file, struct address_space *mapping, | |||
1925 | bytes_read = 0; | 1925 | bytes_read = 0; |
1926 | } | 1926 | } |
1927 | 1927 | ||
1928 | pagevec_lru_add(&lru_pvec); | 1928 | pagevec_lru_add_file(&lru_pvec); |
1929 | 1929 | ||
1930 | /* need to free smb_read_data buf before exit */ | 1930 | /* need to free smb_read_data buf before exit */ |
1931 | if (smb_read_data) { | 1931 | if (smb_read_data) { |