Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6

config CIFS_UPCALL

	  bool "Kerberos/SPNEGO advanced session setup (EXPERIMENTAL)"

	  depends on CIFS_EXPERIMENTAL

	  depends on KEYS

	  help

	    Enables an upcall mechanism for CIFS which accesses

on EAGAIN from the socket too quickly on large writes).

Cifs_mkdir and cifs_create now respect the setgid bit on parent dir.

Fix endian problems in acl (mode from/to cifs acl) on bigendian

architectures.

architectures.  Fix problems with preserving timestamps on copying open

files (e.g. "cp -a") to Windows servers.  For mkdir and create honor setgid bit

on parent directory when server supports Unix Extensions but not POSIX

create. Update cifs.upcall version to handle new Kerberos sec flags

(this requires update of cifs.upcall program from Samba).

Version 1.53

------------

Also note that "cat /proc/fs/cifs/DebugData" will display information about

the active sessions and the shares that are mounted.

Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is

on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and

LANMAN support do not require this helper.

Enabling Kerberos (extended security) works but requires version 1.2 or later

of the helper program cifs.upcall to be present and to be configured in the

/etc/request-key.conf file.  The cifs.upcall helper program is from the Samba

project(http://www.samba.org). NTLM and NTLMv2 and LANMAN support do not

require this helper. Note that NTLMv2 security (which does not require the

cifs.upcall helper program), instead of using Kerberos, is sufficient for

some use cases.

Enabling DFS support (used to access shares transparently in an MS-DFS

global name space) requires that CONFIG_CIFS_EXPERIMENTAL be enabled.  In

addition, DFS support for target shares which are specified as UNC

names which begin with host names (rather than IP addresses) requires

a user space helper (such as cifs.upcall) to be present in order to

translate host names to ip address, and the user space helper must also

be configured in the file /etc/request-key.conf

To use cifs Kerberos and DFS support, the Linux keyutils package should be

installed and something like the following lines should be added to the

/etc/request-key.conf file:

create cifs.spnego * * /usr/local/sbin/cifs.upcall %k

create dns_resolver * * /usr/local/sbin/cifs.upcall %k

	unsigned int cls, con, tag, oidlen, rc;

	bool use_ntlmssp = false;

	bool use_kerberos = false;

	bool use_mskerberos = false;

	*secType = NTLM; /* BB eventually make Kerberos or NLTMSSP the default*/

					 *(oid + 1), *(oid + 2), *(oid + 3)));

				if (compare_oid(oid, oidlen, MSKRB5_OID,

						MSKRB5_OID_LEN))

					use_kerberos = true;

						MSKRB5_OID_LEN) &&

						!use_kerberos)

					use_mskerberos = true;

				else if (compare_oid(oid, oidlen, KRB5_OID,

						     KRB5_OID_LEN))

						     KRB5_OID_LEN) &&

						     !use_mskerberos)

					use_kerberos = true;

				else if (compare_oid(oid, oidlen, NTLMSSP_OID,

						     NTLMSSP_OID_LEN))

	if (use_kerberos)

		*secType = Kerberos;

	else if (use_mskerberos)

		*secType = MSKerberos;

	else if (use_ntlmssp)

		*secType = NTLMSSP;

	dp = description + strlen(description);

	/* for now, only sec=krb5 is valid */

	/* for now, only sec=krb5 and sec=mskrb5 are valid */

	if (server->secType == Kerberos)

		sprintf(dp, ";sec=krb5");

	else if (server->secType == MSKerberos)

		sprintf(dp, ";sec=mskrb5");

	else

		goto out;