[CIFS] DNS name resolution helper upcall for cifs
Adds additional option CIFS_DFS_UPCALL to fs/Kconfig for enabling DFS support. Resolved IP address is saved as a string in the key payload. Igor has a series of related patches that will follow which finish up CIFS DFS support Acked-by: Igor Mammedov <niallain@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
This commit is contained in:
parent
f6d0998219
commit
6103335de8
37
fs/Kconfig
37
fs/Kconfig
@ -1905,13 +1905,15 @@ config CIFS
|
||||
file servers such as Windows 2000 (including Windows 2003, NT 4
|
||||
and Windows XP) as well by Samba (which provides excellent CIFS
|
||||
server support for Linux and many other operating systems). Limited
|
||||
support for OS/2 and Windows ME and similar servers is provided as well.
|
||||
support for OS/2 and Windows ME and similar servers is provided as
|
||||
well.
|
||||
|
||||
The intent of the cifs module is to provide an advanced
|
||||
network file system client for mounting to CIFS compliant servers,
|
||||
including support for dfs (hierarchical name space), secure per-user
|
||||
session establishment, safe distributed caching (oplock), optional
|
||||
packet signing, Unicode and other internationalization improvements.
|
||||
The cifs module provides an advanced network file system
|
||||
client for mounting to CIFS compliant servers. It includes
|
||||
support for DFS (hierarchical name space), secure per-user
|
||||
session establishment via Kerberos or NTLM or NTLMv2,
|
||||
safe distributed caching (oplock), optional packet
|
||||
signing, Unicode and other internationalization improvements.
|
||||
If you need to mount to Samba or Windows from this machine, say Y.
|
||||
|
||||
config CIFS_STATS
|
||||
@ -1943,7 +1945,8 @@ config CIFS_WEAK_PW_HASH
|
||||
(since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
|
||||
security mechanisms. These hash the password more securely
|
||||
than the mechanisms used in the older LANMAN version of the
|
||||
SMB protocol needed to establish sessions with old SMB servers.
|
||||
SMB protocol but LANMAN based authentication is needed to
|
||||
establish sessions with some old SMB servers.
|
||||
|
||||
Enabling this option allows the cifs module to mount to older
|
||||
LANMAN based servers such as OS/2 and Windows 95, but such
|
||||
@ -1951,8 +1954,8 @@ config CIFS_WEAK_PW_HASH
|
||||
security mechanisms if you are on a public network. Unless you
|
||||
have a need to access old SMB servers (and are on a private
|
||||
network) you probably want to say N. Even if this support
|
||||
is enabled in the kernel build, they will not be used
|
||||
automatically. At runtime LANMAN mounts are disabled but
|
||||
is enabled in the kernel build, LANMAN authentication will not be
|
||||
used automatically. At runtime LANMAN mounts are disabled but
|
||||
can be set to required (or optional) either in
|
||||
/proc/fs/cifs (see fs/cifs/README for more detail) or via an
|
||||
option on the mount command. This support is disabled by
|
||||
@ -2018,12 +2021,22 @@ config CIFS_UPCALL
|
||||
depends on CIFS_EXPERIMENTAL
|
||||
depends on KEYS
|
||||
help
|
||||
Enables an upcall mechanism for CIFS which will be used to contact
|
||||
userspace helper utilities to provide SPNEGO packaged Kerberos
|
||||
tickets which are needed to mount to certain secure servers
|
||||
Enables an upcall mechanism for CIFS which accesses
|
||||
userspace helper utilities to provide SPNEGO packaged (RFC 4178)
|
||||
Kerberos tickets which are needed to mount to certain secure servers
|
||||
(for which more secure Kerberos authentication is required). If
|
||||
unsure, say N.
|
||||
|
||||
config CIFS_DFS_UPCALL
|
||||
bool "DFS feature support (EXPERIMENTAL)"
|
||||
depends on CIFS_EXPERIMENTAL
|
||||
depends on KEYS
|
||||
help
|
||||
Enables an upcall mechanism for CIFS which contacts userspace
|
||||
helper utilities to provide server name resolution (host names to
|
||||
IP addresses) which is needed for implicit mounts of DFS junction
|
||||
points. If unsure, say N.
|
||||
|
||||
config NCP_FS
|
||||
tristate "NCP file system support (to mount NetWare volumes)"
|
||||
depends on IPX!=n || INET
|
||||
|
@ -9,3 +9,5 @@ cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \
|
||||
readdir.o ioctl.o sess.o export.o cifsacl.o
|
||||
|
||||
cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o
|
||||
|
||||
cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o
|
||||
|
@ -44,6 +44,7 @@
|
||||
#include "cifs_fs_sb.h"
|
||||
#include <linux/mm.h>
|
||||
#include <linux/key-type.h>
|
||||
#include "dns_resolve.h"
|
||||
#include "cifs_spnego.h"
|
||||
#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
|
||||
|
||||
@ -1014,12 +1015,17 @@ init_cifs(void)
|
||||
rc = register_key_type(&cifs_spnego_key_type);
|
||||
if (rc)
|
||||
goto out_unregister_filesystem;
|
||||
#endif
|
||||
#ifdef CONFIG_CIFS_DFS_UPCALL
|
||||
rc = register_key_type(&key_type_dns_resolver);
|
||||
if (rc)
|
||||
goto out_unregister_key_type;
|
||||
#endif
|
||||
oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");
|
||||
if (IS_ERR(oplockThread)) {
|
||||
rc = PTR_ERR(oplockThread);
|
||||
cERROR(1, ("error %d create oplock thread", rc));
|
||||
goto out_unregister_key_type;
|
||||
goto out_unregister_dfs_key_type;
|
||||
}
|
||||
|
||||
dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
|
||||
@ -1033,7 +1039,11 @@ init_cifs(void)
|
||||
|
||||
out_stop_oplock_thread:
|
||||
kthread_stop(oplockThread);
|
||||
out_unregister_dfs_key_type:
|
||||
#ifdef CONFIG_CIFS_DFS_UPCALL
|
||||
unregister_key_type(&key_type_dns_resolver);
|
||||
out_unregister_key_type:
|
||||
#endif
|
||||
#ifdef CONFIG_CIFS_UPCALL
|
||||
unregister_key_type(&cifs_spnego_key_type);
|
||||
out_unregister_filesystem:
|
||||
@ -1059,6 +1069,9 @@ exit_cifs(void)
|
||||
#ifdef CONFIG_PROC_FS
|
||||
cifs_proc_clean();
|
||||
#endif
|
||||
#ifdef CONFIG_CIFS_DFS_UPCALL
|
||||
unregister_key_type(&key_type_dns_resolver);
|
||||
#endif
|
||||
#ifdef CONFIG_CIFS_UPCALL
|
||||
unregister_key_type(&cifs_spnego_key_type);
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user