Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6103335d authored by Steve French's avatar Steve French
Browse files

[CIFS] DNS name resolution helper upcall for cifs 



	Adds additional option CIFS_DFS_UPCALL to fs/Kconfig for enabling
        DFS support.  Resolved IP address is saved as a string in the
	key payload.

	Igor has a series of related patches that will follow which finish up
	CIFS DFS support

Acked-by: default avatarIgor Mammedov <niallain@gmail.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent f6d09982

fs/Kconfig

+26 −13
Original line number Diff line number Diff line
@@ -1905,13 +1905,15 @@ config CIFS 
	  file servers such as Windows 2000 (including Windows 2003, NT 4  

	  and Windows XP) as well by Samba (which provides excellent CIFS

	  server support for Linux and many other operating systems). Limited

	  support for OS/2 and Windows ME and similar servers is provided as well.



	  The intent of the cifs module is to provide an advanced

	  network file system client for mounting to CIFS compliant servers,

	  including support for dfs (hierarchical name space), secure per-user

	  session establishment, safe distributed caching (oplock), optional

	  packet signing, Unicode and other internationalization improvements. 

	  support for OS/2 and Windows ME and similar servers is provided as

	  well.



	  The cifs module provides an advanced network file system

	  client for mounting to CIFS compliant servers.  It includes

	  support for DFS (hierarchical name space), secure per-user

	  session establishment via Kerberos or NTLM or NTLMv2,

	  safe distributed caching (oplock), optional packet

	  signing, Unicode and other internationalization improvements.

	  If you need to mount to Samba or Windows from this machine, say Y.



config CIFS_STATS
@@ -1943,7 +1945,8 @@ config CIFS_WEAK_PW_HASH 
	  (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)

	  security mechanisms. These hash the password more securely

	  than the mechanisms used in the older LANMAN version of the

          SMB protocol needed to establish sessions with old SMB servers.

	  SMB protocol but LANMAN based authentication is needed to

	  establish sessions with some old SMB servers.



	  Enabling this option allows the cifs module to mount to older

	  LANMAN based servers such as OS/2 and Windows 95, but such
@@ -1951,8 +1954,8 @@ config CIFS_WEAK_PW_HASH 
	  security mechanisms if you are on a public network.  Unless you

	  have a need to access old SMB servers (and are on a private 

	  network) you probably want to say N.  Even if this support

	  is enabled in the kernel build, they will not be used

	  automatically. At runtime LANMAN mounts are disabled but

	  is enabled in the kernel build, LANMAN authentication will not be

	  used automatically. At runtime LANMAN mounts are disabled but

	  can be set to required (or optional) either in

	  /proc/fs/cifs (see fs/cifs/README for more detail) or via an

	  option on the mount command. This support is disabled by
@@ -2018,12 +2021,22 @@ config CIFS_UPCALL 
	  depends on CIFS_EXPERIMENTAL

	  depends on KEYS

	  help

	    Enables an upcall mechanism for CIFS which will be used to contact

	    userspace helper utilities to provide SPNEGO packaged Kerberos

	    tickets which are needed to mount to certain secure servers

	    Enables an upcall mechanism for CIFS which accesses

	    userspace helper utilities to provide SPNEGO packaged (RFC 4178)

	    Kerberos tickets which are needed to mount to certain secure servers

	    (for which more secure Kerberos authentication is required). If

	    unsure, say N.



config CIFS_DFS_UPCALL

	  bool "DFS feature support (EXPERIMENTAL)"

	  depends on CIFS_EXPERIMENTAL

	  depends on KEYS

	  help

	    Enables an upcall mechanism for CIFS which contacts userspace

	    helper utilities to provide server name resolution (host names to

	    IP addresses) which is needed for implicit mounts of DFS junction

	    points. If unsure, say N.



config NCP_FS

	tristate "NCP file system support (to mount NetWare volumes)"

	depends on IPX!=n || INET

fs/cifs/Makefile

+2 −0
Original line number Diff line number Diff line
@@ -9,3 +9,5 @@ cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \ 
	  readdir.o ioctl.o sess.o export.o cifsacl.o



cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o



cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o

fs/cifs/cifsfs.c

+14 −1
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ 
#include "cifs_fs_sb.h"

#include <linux/mm.h>

#include <linux/key-type.h>

#include "dns_resolve.h"

#include "cifs_spnego.h"

#define CIFS_MAGIC_NUMBER 0xFF534D42	/* the first four bytes of SMB PDUs */
@@ -1014,12 +1015,17 @@ init_cifs(void) 
	rc = register_key_type(&cifs_spnego_key_type);

	if (rc)

		goto out_unregister_filesystem;

#endif

#ifdef CONFIG_CIFS_DFS_UPCALL

	rc = register_key_type(&key_type_dns_resolver);

	if (rc)

		goto out_unregister_key_type;

#endif

	oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");

	if (IS_ERR(oplockThread)) {

		rc = PTR_ERR(oplockThread);

		cERROR(1, ("error %d create oplock thread", rc));

		goto out_unregister_key_type;

		goto out_unregister_dfs_key_type;

	}



	dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
@@ -1033,7 +1039,11 @@ init_cifs(void) 


 out_stop_oplock_thread:

	kthread_stop(oplockThread);

 out_unregister_dfs_key_type:

#ifdef CONFIG_CIFS_DFS_UPCALL

	unregister_key_type(&key_type_dns_resolver);

 out_unregister_key_type:

#endif

#ifdef CONFIG_CIFS_UPCALL

	unregister_key_type(&cifs_spnego_key_type);

 out_unregister_filesystem:
@@ -1059,6 +1069,9 @@ exit_cifs(void) 
#ifdef CONFIG_PROC_FS

	cifs_proc_clean();

#endif

#ifdef CONFIG_CIFS_DFS_UPCALL

	unregister_key_type(&key_type_dns_resolver);

#endif

#ifdef CONFIG_CIFS_UPCALL

	unregister_key_type(&cifs_spnego_key_type);

#endif