Commit 6103335d authored by Steve French's avatar Steve French

[CIFS] DNS name resolution helper upcall for cifs

	Adds additional option CIFS_DFS_UPCALL to fs/Kconfig for enabling
        DFS support.  Resolved IP address is saved as a string in the
	key payload.

	Igor has a series of related patches that will follow which finish up
	CIFS DFS support
Acked-by: default avatarIgor Mammedov <niallain@gmail.com>
Signed-off-by: default avatarSteve French <sfrench@us.ibm.com>
parent f6d09982
...@@ -1905,13 +1905,15 @@ config CIFS ...@@ -1905,13 +1905,15 @@ config CIFS
file servers such as Windows 2000 (including Windows 2003, NT 4 file servers such as Windows 2000 (including Windows 2003, NT 4
and Windows XP) as well by Samba (which provides excellent CIFS and Windows XP) as well by Samba (which provides excellent CIFS
server support for Linux and many other operating systems). Limited server support for Linux and many other operating systems). Limited
support for OS/2 and Windows ME and similar servers is provided as well. support for OS/2 and Windows ME and similar servers is provided as
well.
The intent of the cifs module is to provide an advanced
network file system client for mounting to CIFS compliant servers, The cifs module provides an advanced network file system
including support for dfs (hierarchical name space), secure per-user client for mounting to CIFS compliant servers. It includes
session establishment, safe distributed caching (oplock), optional support for DFS (hierarchical name space), secure per-user
packet signing, Unicode and other internationalization improvements. session establishment via Kerberos or NTLM or NTLMv2,
safe distributed caching (oplock), optional packet
signing, Unicode and other internationalization improvements.
If you need to mount to Samba or Windows from this machine, say Y. If you need to mount to Samba or Windows from this machine, say Y.
config CIFS_STATS config CIFS_STATS
...@@ -1943,7 +1945,8 @@ config CIFS_WEAK_PW_HASH ...@@ -1943,7 +1945,8 @@ config CIFS_WEAK_PW_HASH
(since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
security mechanisms. These hash the password more securely security mechanisms. These hash the password more securely
than the mechanisms used in the older LANMAN version of the than the mechanisms used in the older LANMAN version of the
SMB protocol needed to establish sessions with old SMB servers. SMB protocol but LANMAN based authentication is needed to
establish sessions with some old SMB servers.
Enabling this option allows the cifs module to mount to older Enabling this option allows the cifs module to mount to older
LANMAN based servers such as OS/2 and Windows 95, but such LANMAN based servers such as OS/2 and Windows 95, but such
...@@ -1951,8 +1954,8 @@ config CIFS_WEAK_PW_HASH ...@@ -1951,8 +1954,8 @@ config CIFS_WEAK_PW_HASH
security mechanisms if you are on a public network. Unless you security mechanisms if you are on a public network. Unless you
have a need to access old SMB servers (and are on a private have a need to access old SMB servers (and are on a private
network) you probably want to say N. Even if this support network) you probably want to say N. Even if this support
is enabled in the kernel build, they will not be used is enabled in the kernel build, LANMAN authentication will not be
automatically. At runtime LANMAN mounts are disabled but used automatically. At runtime LANMAN mounts are disabled but
can be set to required (or optional) either in can be set to required (or optional) either in
/proc/fs/cifs (see fs/cifs/README for more detail) or via an /proc/fs/cifs (see fs/cifs/README for more detail) or via an
option on the mount command. This support is disabled by option on the mount command. This support is disabled by
...@@ -2018,12 +2021,22 @@ config CIFS_UPCALL ...@@ -2018,12 +2021,22 @@ config CIFS_UPCALL
depends on CIFS_EXPERIMENTAL depends on CIFS_EXPERIMENTAL
depends on KEYS depends on KEYS
help help
Enables an upcall mechanism for CIFS which will be used to contact Enables an upcall mechanism for CIFS which accesses
userspace helper utilities to provide SPNEGO packaged Kerberos userspace helper utilities to provide SPNEGO packaged (RFC 4178)
tickets which are needed to mount to certain secure servers Kerberos tickets which are needed to mount to certain secure servers
(for which more secure Kerberos authentication is required). If (for which more secure Kerberos authentication is required). If
unsure, say N. unsure, say N.
config CIFS_DFS_UPCALL
bool "DFS feature support (EXPERIMENTAL)"
depends on CIFS_EXPERIMENTAL
depends on KEYS
help
Enables an upcall mechanism for CIFS which contacts userspace
helper utilities to provide server name resolution (host names to
IP addresses) which is needed for implicit mounts of DFS junction
points. If unsure, say N.
config NCP_FS config NCP_FS
tristate "NCP file system support (to mount NetWare volumes)" tristate "NCP file system support (to mount NetWare volumes)"
depends on IPX!=n || INET depends on IPX!=n || INET
......
...@@ -9,3 +9,5 @@ cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \ ...@@ -9,3 +9,5 @@ cifs-y := cifsfs.o cifssmb.o cifs_debug.o connect.o dir.o file.o inode.o \
readdir.o ioctl.o sess.o export.o cifsacl.o readdir.o ioctl.o sess.o export.o cifsacl.o
cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o
cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o
...@@ -44,6 +44,7 @@ ...@@ -44,6 +44,7 @@
#include "cifs_fs_sb.h" #include "cifs_fs_sb.h"
#include <linux/mm.h> #include <linux/mm.h>
#include <linux/key-type.h> #include <linux/key-type.h>
#include "dns_resolve.h"
#include "cifs_spnego.h" #include "cifs_spnego.h"
#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */ #define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
...@@ -1014,12 +1015,17 @@ init_cifs(void) ...@@ -1014,12 +1015,17 @@ init_cifs(void)
rc = register_key_type(&cifs_spnego_key_type); rc = register_key_type(&cifs_spnego_key_type);
if (rc) if (rc)
goto out_unregister_filesystem; goto out_unregister_filesystem;
#endif
#ifdef CONFIG_CIFS_DFS_UPCALL
rc = register_key_type(&key_type_dns_resolver);
if (rc)
goto out_unregister_key_type;
#endif #endif
oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd"); oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");
if (IS_ERR(oplockThread)) { if (IS_ERR(oplockThread)) {
rc = PTR_ERR(oplockThread); rc = PTR_ERR(oplockThread);
cERROR(1, ("error %d create oplock thread", rc)); cERROR(1, ("error %d create oplock thread", rc));
goto out_unregister_key_type; goto out_unregister_dfs_key_type;
} }
dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd"); dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
...@@ -1033,7 +1039,11 @@ init_cifs(void) ...@@ -1033,7 +1039,11 @@ init_cifs(void)
out_stop_oplock_thread: out_stop_oplock_thread:
kthread_stop(oplockThread); kthread_stop(oplockThread);
out_unregister_dfs_key_type:
#ifdef CONFIG_CIFS_DFS_UPCALL
unregister_key_type(&key_type_dns_resolver);
out_unregister_key_type: out_unregister_key_type:
#endif
#ifdef CONFIG_CIFS_UPCALL #ifdef CONFIG_CIFS_UPCALL
unregister_key_type(&cifs_spnego_key_type); unregister_key_type(&cifs_spnego_key_type);
out_unregister_filesystem: out_unregister_filesystem:
...@@ -1059,6 +1069,9 @@ exit_cifs(void) ...@@ -1059,6 +1069,9 @@ exit_cifs(void)
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
cifs_proc_clean(); cifs_proc_clean();
#endif #endif
#ifdef CONFIG_CIFS_DFS_UPCALL
unregister_key_type(&key_type_dns_resolver);
#endif
#ifdef CONFIG_CIFS_UPCALL #ifdef CONFIG_CIFS_UPCALL
unregister_key_type(&cifs_spnego_key_type); unregister_key_type(&cifs_spnego_key_type);
#endif #endif
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment