Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf820679 authored by Steve French's avatar Steve French
Browse files

[CIFS] Kerberos and CIFS ACL support part 1 



Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent 83451879

fs/cifs/README

+11 −1
Original line number Diff line number Diff line
@@ -436,6 +436,16 @@ A partial list of the supported mount options follows: 
		SFU does).  In the future the bottom 9 bits of the mode

		mode also will be emulated using queries of the security

		descriptor (ACL).

sec		Security mode.  Allowed values are:

			none	attempt to connection as a null user (no name)

			krb5    Use Kerberos version 5 authentication

			krb5i   Use Kerberos authentication and packet signing

			ntlm    Use NTLM password hashing (default)

			ntlmi   Use NTLM password hashing with signing (if

				/proc/fs/cifs/PacketSigningEnabled on or if

				server requires signing also can be the default) 

			ntlmv2  Use NTLMv2 password hashing      

			ntlmv2i Use NTLMv2 password hashing with packet signing



The mount.cifs mount helper also accepts a few mount options before -o

including:

fs/cifs/cifsacl.h

0 → 100644
+36 −0
Original line number Diff line number Diff line 
/*

 *   fs/cifs/cifsacl.h

 *

 *   Copyright (c) International Business Machines  Corp., 2005

 *   Author(s): Steve French (sfrench@us.ibm.com)

 *

 *   This library is free software; you can redistribute it and/or modify

 *   it under the terms of the GNU Lesser General Public License as published

 *   by the Free Software Foundation; either version 2.1 of the License, or

 *   (at your option) any later version.

 *

 *   This library is distributed in the hope that it will be useful,

 *   but WITHOUT ANY WARRANTY; without even the implied warranty of

 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See

 *   the GNU Lesser General Public License for more details.

 *

 *   You should have received a copy of the GNU Lesser General Public License

 *   along with this library; if not, write to the Free Software

 *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

 */



#ifndef _CIFSACL_H

#define _CIFSACL_H



struct cifs_sid {

	__u8 revision; /* revision level */

	__u8 num_subauths;

	__u8 authority[6];

	__u8 sub_auth[4];

	/* next sub_auth if any ... */

} __attribute__((packed));



/* everyone */

const cifs_sid sid_everyone = {1, 1, {0, 0, 0, 0, 0, 0}, {0, 0, 0, 0}};

/* group users */

const cifs_sid sid_user = {1, 2 , {0, 0, 0, 0, 0, 5}, {32, 545, 0, 0}};

fs/cifs/cifspdu.h

+1 −1
Original line number Diff line number Diff line 
/*

 *   fs/cifs/cifspdu.h

 *

 *   Copyright (c) International Business Machines  Corp., 2002

 *   Copyright (c) International Business Machines  Corp., 2002,2005

 *   Author(s): Steve French (sfrench@us.ibm.com)

 *

 *   This library is free software; you can redistribute it and/or modify

fs/cifs/connect.c

+46 −7
Original line number Diff line number Diff line
@@ -82,6 +82,12 @@ struct smb_vol { 
	unsigned remap:1;   /* set to remap seven reserved chars in filenames */

	unsigned posix_paths:1;   /* unset to not ask for posix pathnames. */

	unsigned sfu_emul:1;

	unsigned krb5:1;

	unsigned ntlm:1;

	unsigned ntlmv2:1;

	unsigned nullauth:1; /* attempt to authenticate with null user */

	unsigned sign:1;

	unsigned seal:1;     /* encrypt */

	unsigned nocase;     /* request case insensitive filenames */

	unsigned nobrl;      /* disable sending byte range locks to srv */

	unsigned int rsize;
@@ -777,7 +783,7 @@ cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol) 


	/* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */

	vol->rw = TRUE;



	vol->ntlm = TRUE;

	/* default is always to request posix paths. */

	vol->posix_paths = 1;
@@ -903,6 +909,39 @@ cifs_parse_mount_options(char *options, const char *devname,struct smb_vol *vol) 
				printk(KERN_WARNING "CIFS: ip address too long\n");

				return 1;

			}

                } else if (strnicmp(data, "sec", 3) == 0) { 

                        if (!value || !*value) {

				cERROR(1,("no security value specified"));

                                continue;

                        } else if (strnicmp(value, "krb5i", 5) == 0) {

				vol->sign = 1;

				vol->krb5 = 1;

			} else if (strnicmp(value, "krb5p", 5) == 0) {

				/* vol->seal = 1; 

				   vol->krb5 = 1; */

				cERROR(1,("Krb5 cifs privacy not supported"));

				return 1;

			} else if (strnicmp(value, "krb5", 4) == 0) {

				vol->krb5 = 1;

			} else if (strnicmp(value, "ntlmv2i", 7) == 0) {

				vol->ntlmv2 = 1;

				vol->sign = 1;

			} else if (strnicmp(value, "ntlmv2", 6) == 0) {

				vol->ntlmv2 = 1;

			} else if (strnicmp(value, "ntlmi", 5) == 0) {

				vol->ntlm = 1;

				vol->sign = 1;

			} else if (strnicmp(value, "ntlm", 4) == 0) {

				/* ntlm is default so can be turned off too */

				vol->ntlm = 1;

			} else if (strnicmp(value, "nontlm", 6) == 0) {

				vol->ntlm = 0;

			} else if (strnicmp(value, "none", 4) == 0) {

				vol->nullauth = 1; 

                        } else {

                                cERROR(1,("bad security option: %s", value));

                                return 1;

                        }

		} else if ((strnicmp(data, "unc", 3) == 0)

			   || (strnicmp(data, "target", 6) == 0)

			   || (strnicmp(data, "path", 4) == 0)) {