Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6

	  file servers such as Windows 2000 (including Windows 2003, NT 4  

	  and Windows XP) as well by Samba (which provides excellent CIFS

	  server support for Linux and many other operating systems). Limited

	  support for OS/2 and Windows ME and similar servers is provided as well.

	  The intent of the cifs module is to provide an advanced

	  network file system client for mounting to CIFS compliant servers,

	  including support for dfs (hierarchical name space), secure per-user

	  session establishment, safe distributed caching (oplock), optional

	  packet signing, Unicode and other internationalization improvements. 

	  support for OS/2 and Windows ME and similar servers is provided as

	  well.

	  The cifs module provides an advanced network file system

	  client for mounting to CIFS compliant servers.  It includes

	  support for DFS (hierarchical name space), secure per-user

	  session establishment via Kerberos or NTLM or NTLMv2,

	  safe distributed caching (oplock), optional packet

	  signing, Unicode and other internationalization improvements.

	  If you need to mount to Samba or Windows from this machine, say Y.

config CIFS_STATS

	  (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)

	  security mechanisms. These hash the password more securely

	  than the mechanisms used in the older LANMAN version of the

          SMB protocol needed to establish sessions with old SMB servers.

	  SMB protocol but LANMAN based authentication is needed to

	  establish sessions with some old SMB servers.

	  Enabling this option allows the cifs module to mount to older

	  LANMAN based servers such as OS/2 and Windows 95, but such

	  security mechanisms if you are on a public network.  Unless you

	  have a need to access old SMB servers (and are on a private 

	  network) you probably want to say N.  Even if this support

	  is enabled in the kernel build, they will not be used

	  automatically. At runtime LANMAN mounts are disabled but

	  is enabled in the kernel build, LANMAN authentication will not be

	  used automatically. At runtime LANMAN mounts are disabled but

	  can be set to required (or optional) either in

	  /proc/fs/cifs (see fs/cifs/README for more detail) or via an

	  option on the mount command. This support is disabled by 

	  depends on CIFS_EXPERIMENTAL

	  depends on KEYS

	  help

	    Enables an upcall mechanism for CIFS which will be used to contact

	    userspace helper utilities to provide SPNEGO packaged Kerberos

	    tickets which are needed to mount to certain secure servers

	    Enables an upcall mechanism for CIFS which accesses

	    userspace helper utilities to provide SPNEGO packaged (RFC 4178)

	    Kerberos tickets which are needed to mount to certain secure servers

	    (for which more secure Kerberos authentication is required). If

	    unsure, say N.

config CIFS_DFS_UPCALL

	  bool "DFS feature support (EXPERIMENTAL)"

	  depends on CIFS_EXPERIMENTAL

	  depends on KEYS

	  help

	    Enables an upcall mechanism for CIFS which contacts userspace

	    helper utilities to provide server name resolution (host names to

	    IP addresses) which is needed for implicit mounts of DFS junction

	    points. If unsure, say N.

config NCP_FS

	tristate "NCP file system support (to mount NetWare volumes)"

	depends on IPX!=n || INET

Fix oops on second mount to server when null auth is used.

Enable experimental Kerberos support.  Return writebehind errors on flush

and sync so that events like out of disk space get reported properly on

cached files.

cached files. Fix setxattr failure to certain Samba versions. Fix mount

of second share to disconnected server session (autoreconnect on this).

Add ability to modify cifs acls for handling chmod (when mounted with

cifsacl flag).

Version 1.51

------------

	  readdir.o ioctl.o sess.o export.o cifsacl.o

cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o

cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o cifs_dfs_ref.o

similar files reside (usually /sbin).  Although the helper software is not  

required, mount.cifs is recommended.  Eventually the Samba 3.0 utility program 

"net" may also be helpful since it may someday provide easier mount syntax for

users who are used to Windows e.g.  net use <mount point> <UNC name or cifs URL>

users who are used to Windows e.g.

	net use <mount point> <UNC name or cifs URL>

Note that running the Winbind pam/nss module (logon service) on all of your

Linux clients is useful in mapping Uids and Gids consistently across the

domain to the proper network user.  The mount.cifs mount helper can be

		the CIFS session.

  password	The user password.  If the mount helper is

		installed, the user will be prompted for password

		if it is not supplied.

		if not supplied.

  ip		The ip address of the target server

  unc		The target server Universal Network Name (export) to 

		mount.	

		can be enabled by specifying file_mode and dir_mode on 

		the client.  Note that the mount.cifs helper must be

		at version 1.10 or higher to support specifying the uid

		(or gid) in non-numberic form.

		(or gid) in non-numeric form.

  gid		Set the default gid for inodes (similar to above).

  file_mode     If CIFS Unix extensions are not supported by the server

		this overrides the default mode for file inodes.

  acl   	Allow setfacl and getfacl to manage posix ACLs if server

		supports them.  (default)

  noacl 	Do not allow setfacl and getfacl calls on this mount

  user_xattr    Allow getting and setting user xattrs as OS/2 EAs (extended

		attributes) to the server (default) e.g. via setfattr 

		and getfattr utilities. 

  user_xattr    Allow getting and setting user xattrs (those attributes whose

		name begins with "user." or "os2.") as OS/2 EAs (extended

		attributes) to the server.  This allows support of the

		setfattr and getfattr utilities. (default)

  nouser_xattr  Do not allow getfattr/setfattr to get/set/list xattrs 

  mapchars      Translate six of the seven reserved characters (not backslash)

			*?<>|:

 nomapchars     Do not translate any of these seven characters (default).

 nocase         Request case insensitive path name matching (case

		sensitive is the default if the server suports it).

		(mount option "ignorecase" is identical to "nocase")

 posixpaths     If CIFS Unix extensions are supported, attempt to

		negotiate posix path name support which allows certain

		characters forbidden in typical CIFS filenames, without

			ntlmv2i Use NTLMv2 password hashing with packet signing

			lanman  (if configured in kernel config) use older

				lanman hash

hard		Retry file operations if server is not responding

soft		Limit retries to unresponsive servers (usually only

		one retry) before returning an error.  (default)

The mount.cifs mount helper also accepts a few mount options before -o

including:

			must use NTLM					0x02002

			may use NTLMv2					0x00004

			must use NTLMv2					0x04004

			may use Kerberos security (not implemented yet) 0x00008

			must use Kerberos (not implemented yet)         0x08008

			may use Kerberos security			0x00008

			must use Kerberos				0x08008

			may use lanman (weak) password hash  		0x00010

			must use lanman password hash			0x10010

			may use plaintext passwords    			0x00020

Also note that "cat /proc/fs/cifs/DebugData" will display information about 

the active sessions and the shares that are mounted.

Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is enabled

but requires a user space helper (from the Samba project). NTLM and NTLMv2 and

LANMAN support do not require this helpr.

Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is

on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and

LANMAN support do not require this helper.

Version 1.49 April 26, 2007

Version 1.52 January 3, 2008

A Partial List of Missing Features

==================================

c) Better pam/winbind integration (e.g. to handle uid mapping

better)

d) Verify that Kerberos signing works

e) Cleanup now unneeded SessSetup code in

d) Cleanup now unneeded SessSetup code in

fs/cifs/connect.c and add back in NTLMSSP code if any servers

need it

f) MD5-HMAC signing SMB PDUs when SPNEGO style SessionSetup 

used (Kerberos or NTLMSSP). Signing alreadyimplemented for NTLM

and raw NTLMSSP already. This is important when enabling

extended security and mounting to Windows 2003 Servers

e) ms-dfs and ms-dfs host name resolution cleanup

f) fix NTLMv2 signing when two mounts with different users to same

server.

g) Directory entry caching relies on a 1 second timer, rather than 

using FindNotify or equivalent.  - (started)