Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6

Version 1.52

------------

Fix oops on second mount to server when null auth is used.

Enable experimental Kerberos support.  Return writebehind errors on flush

and sync so that events like out of disk space get reported properly on

cached files.

Version 1.51

------------

Restrictions

============

Servers must support the NTLM SMB dialect (which is the most recent, supported 

by Samba and Windows NT version 4, 2000 and XP and many other SMB/CIFS servers) 

Servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC 

1001/1002 support for "Netbios-Over-TCP/IP." Neither of these is likely to be a 

problem as most servers support this.  IPv6 support is planned for the future,

and is almost complete.

1001/1002 support for "Netbios-Over-TCP/IP." This is not likely to be a 

problem as most servers support this.

Valid filenames differ between Windows and Linux.  Windows typically restricts

filenames which contain certain reserved characters (e.g.the character : 

		byte range locks).

 remount        remount the share (often used to change from ro to rw mounts

	        or vice versa)

 cifsacl        Report mode bits (e.g. on stat) based on the Windows ACL for

	        the file. (EXPERIMENTAL)

 servern        Specify the server 's netbios name (RFC1001 name) to use

		when attempting to setup a session to the server.  This is

		This is needed for mounting to some older servers (such

			performance enhancement was disabled when

			signing turned on in case buffer was modified

			just before it was sent, also this flag will

			be used to use the new experimental sessionsetup

			code).

			be used to use the new experimental directory change 

			notification code).

These experimental features and tracing can be enabled by changing flags in 

/proc/fs/cifs (after the cifs module has been installed or built into the 

Two other experimental features are under development. To test these

requires enabling CONFIG_CIFS_EXPERIMENTAL

	ipv6 enablement

	cifsacl support needed to retrieve approximated mode bits based on

		the contents on the CIFS ACL.

	DNOTIFY fcntl: needed for support of directory change 

			    notification and perhaps later for file leases)

returned success.

Also note that "cat /proc/fs/cifs/DebugData" will display information about 

the active sessions and the shares that are mounted.  Note: NTLMv2 enablement 

will not work since its implementation is not quite complete yet. Do not alter

the ExtendedSecurity configuration value unless you are doing specific testing.

Enabling extended security works to Windows 2000 Workstations and XP but not to 

Windows 2000 server or Samba since it does not usually send "raw NTLMSSP" 

(instead it sends NTLMSSP encapsulated in SPNEGO/GSSAPI, which support is not 

complete in the CIFS VFS yet).  

the active sessions and the shares that are mounted.

Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is enabled

but requires a user space helper (from the Samba project). NTLM and NTLMv2 and

LANMAN support do not require this helpr.

c) Better pam/winbind integration (e.g. to handle uid mapping

better)

d) Kerberos/SPNEGO session setup support - (started)

d) Verify that Kerberos signing works

e) Cleanup now unneeded SessSetup code in

fs/cifs/connect.c and add back in NTLMSSP code if any servers

	.describe	= user_describe,

};

#define MAX_VER_STR_LEN   9 /* length of longest version string e.g.

				strlen(";ver=0xFF") */

#define MAX_MECH_STR_LEN 13 /* length of longest security mechanism name, eg

			       in future could have strlen(";sec=ntlmsspi") */

#define MAX_IPV6_ADDR_LEN 42 /* eg FEDC:BA98:7654:3210:FEDC:BA98:7654:3210/60 */

/* get a key struct with a SPNEGO security blob, suitable for session setup */

struct key *

cifs_get_spnego_key(struct cifsSesInfo *sesInfo, const char *hostname)

cifs_get_spnego_key(struct cifsSesInfo *sesInfo)

{

	struct TCP_Server_Info *server = sesInfo->server;

	char *description, *dp;

	size_t desc_len;

	struct key *spnego_key;

	const char *hostname = server->hostname;

	/* version + ;ip{4|6}= + address + ;host=hostname +

		;sec= + ;uid= + NULL */

	desc_len = 4 + 5 + 32 + 1 + 5 + strlen(hostname) +

		   strlen(";sec=krb5") + 7 + sizeof(uid_t)*2 + 1;

	/* BB: come up with better scheme for determining length */

	/* length of fields (with semicolons): ver=0xyz ipv4= ipaddress host=

	   hostname sec=mechanism uid=0x uid */

	desc_len = MAX_VER_STR_LEN + 5 + MAX_IPV6_ADDR_LEN + 1 + 6 +

		  strlen(hostname) + MAX_MECH_STR_LEN + 8 + (sizeof(uid_t) * 2);

	spnego_key = ERR_PTR(-ENOMEM);

	description = kzalloc(desc_len, GFP_KERNEL);

	if (description == NULL)

	dp = description;

	/* start with version and hostname portion of UNC string */

	spnego_key = ERR_PTR(-EINVAL);

	sprintf(dp, "0x%2.2x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION,

	sprintf(dp, "ver=0x%x;host=%s;", CIFS_SPNEGO_UPCALL_VERSION,

		hostname);

	dp = description + strlen(description);

#ifdef __KERNEL__

extern struct key_type cifs_spnego_key_type;

extern struct key *cifs_get_spnego_key(struct cifsSesInfo *sesInfo);

#endif /* KERNEL */

#endif /* _CIFS_SPNEGO_H */