[CIFS] DNS name resolution helper upcall for cifs
Adds additional option CIFS_DFS_UPCALL to fs/Kconfig for enabling
DFS support. Resolved IP address is saved as a string in the
key payload.
Igor has a series of related patches that will follow which finish up
CIFS DFS support
Acked-by: Igor Mammedov <niallain@gmail.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
diff --git a/fs/Kconfig b/fs/Kconfig
index 487236c..18cd221 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -1905,13 +1905,15 @@
file servers such as Windows 2000 (including Windows 2003, NT 4
and Windows XP) as well by Samba (which provides excellent CIFS
server support for Linux and many other operating systems). Limited
- support for OS/2 and Windows ME and similar servers is provided as well.
+ support for OS/2 and Windows ME and similar servers is provided as
+ well.
- The intent of the cifs module is to provide an advanced
- network file system client for mounting to CIFS compliant servers,
- including support for dfs (hierarchical name space), secure per-user
- session establishment, safe distributed caching (oplock), optional
- packet signing, Unicode and other internationalization improvements.
+ The cifs module provides an advanced network file system
+ client for mounting to CIFS compliant servers. It includes
+ support for DFS (hierarchical name space), secure per-user
+ session establishment via Kerberos or NTLM or NTLMv2,
+ safe distributed caching (oplock), optional packet
+ signing, Unicode and other internationalization improvements.
If you need to mount to Samba or Windows from this machine, say Y.
config CIFS_STATS
@@ -1943,7 +1945,8 @@
(since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
security mechanisms. These hash the password more securely
than the mechanisms used in the older LANMAN version of the
- SMB protocol needed to establish sessions with old SMB servers.
+ SMB protocol but LANMAN based authentication is needed to
+ establish sessions with some old SMB servers.
Enabling this option allows the cifs module to mount to older
LANMAN based servers such as OS/2 and Windows 95, but such
@@ -1951,8 +1954,8 @@
security mechanisms if you are on a public network. Unless you
have a need to access old SMB servers (and are on a private
network) you probably want to say N. Even if this support
- is enabled in the kernel build, they will not be used
- automatically. At runtime LANMAN mounts are disabled but
+ is enabled in the kernel build, LANMAN authentication will not be
+ used automatically. At runtime LANMAN mounts are disabled but
can be set to required (or optional) either in
/proc/fs/cifs (see fs/cifs/README for more detail) or via an
option on the mount command. This support is disabled by
@@ -2018,12 +2021,22 @@
depends on CIFS_EXPERIMENTAL
depends on KEYS
help
- Enables an upcall mechanism for CIFS which will be used to contact
- userspace helper utilities to provide SPNEGO packaged Kerberos
- tickets which are needed to mount to certain secure servers
+ Enables an upcall mechanism for CIFS which accesses
+ userspace helper utilities to provide SPNEGO packaged (RFC 4178)
+ Kerberos tickets which are needed to mount to certain secure servers
(for which more secure Kerberos authentication is required). If
unsure, say N.
+config CIFS_DFS_UPCALL
+ bool "DFS feature support (EXPERIMENTAL)"
+ depends on CIFS_EXPERIMENTAL
+ depends on KEYS
+ help
+ Enables an upcall mechanism for CIFS which contacts userspace
+ helper utilities to provide server name resolution (host names to
+ IP addresses) which is needed for implicit mounts of DFS junction
+ points. If unsure, say N.
+
config NCP_FS
tristate "NCP file system support (to mount NetWare volumes)"
depends on IPX!=n || INET
diff --git a/fs/cifs/Makefile b/fs/cifs/Makefile
index 45e42fb..09898b8 100644
--- a/fs/cifs/Makefile
+++ b/fs/cifs/Makefile
@@ -9,3 +9,5 @@
readdir.o ioctl.o sess.o export.o cifsacl.o
cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o
+
+cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 093beaa..000b4a5 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -44,6 +44,7 @@
#include "cifs_fs_sb.h"
#include <linux/mm.h>
#include <linux/key-type.h>
+#include "dns_resolve.h"
#include "cifs_spnego.h"
#define CIFS_MAGIC_NUMBER 0xFF534D42 /* the first four bytes of SMB PDUs */
@@ -1015,11 +1016,16 @@
if (rc)
goto out_unregister_filesystem;
#endif
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ rc = register_key_type(&key_type_dns_resolver);
+ if (rc)
+ goto out_unregister_key_type;
+#endif
oplockThread = kthread_run(cifs_oplock_thread, NULL, "cifsoplockd");
if (IS_ERR(oplockThread)) {
rc = PTR_ERR(oplockThread);
cERROR(1, ("error %d create oplock thread", rc));
- goto out_unregister_key_type;
+ goto out_unregister_dfs_key_type;
}
dnotifyThread = kthread_run(cifs_dnotify_thread, NULL, "cifsdnotifyd");
@@ -1033,7 +1039,11 @@
out_stop_oplock_thread:
kthread_stop(oplockThread);
+ out_unregister_dfs_key_type:
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ unregister_key_type(&key_type_dns_resolver);
out_unregister_key_type:
+#endif
#ifdef CONFIG_CIFS_UPCALL
unregister_key_type(&cifs_spnego_key_type);
out_unregister_filesystem:
@@ -1059,6 +1069,9 @@
#ifdef CONFIG_PROC_FS
cifs_proc_clean();
#endif
+#ifdef CONFIG_CIFS_DFS_UPCALL
+ unregister_key_type(&key_type_dns_resolver);
+#endif
#ifdef CONFIG_CIFS_UPCALL
unregister_key_type(&cifs_spnego_key_type);
#endif