mirror of
https://github.com/FEX-Emu/linux.git
synced 2025-01-07 01:51:42 +00:00
2442421b17
Have CIFS_SessSetup call cifs_get_spnego_key when Kerberos is negotiated. Use the info in the key payload to build a session setup request packet. Also clean up how the request buffer in the function is freed on error. With appropriate user space helper (in samba/source/client). Kerberos support (secure session establishment can be done now via Kerberos, previously users would have to use NTLMv2 instead for more secure session setup). Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
131 lines
5.3 KiB
Plaintext
131 lines
5.3 KiB
Plaintext
Version 1.49 April 26, 2007
|
|
|
|
A Partial List of Missing Features
|
|
==================================
|
|
|
|
Contributions are welcome. There are plenty of opportunities
|
|
for visible, important contributions to this module. Here
|
|
is a partial list of the known problems and missing features:
|
|
|
|
a) Support for SecurityDescriptors(Windows/CIFS ACLs) for chmod/chgrp/chown
|
|
so that these operations can be supported to Windows servers
|
|
|
|
b) Mapping POSIX ACLs (and eventually NFSv4 ACLs) to CIFS
|
|
SecurityDescriptors
|
|
|
|
c) Better pam/winbind integration (e.g. to handle uid mapping
|
|
better)
|
|
|
|
d) Verify that Kerberos signing works
|
|
|
|
e) Cleanup now unneeded SessSetup code in
|
|
fs/cifs/connect.c and add back in NTLMSSP code if any servers
|
|
need it
|
|
|
|
f) MD5-HMAC signing SMB PDUs when SPNEGO style SessionSetup
|
|
used (Kerberos or NTLMSSP). Signing alreadyimplemented for NTLM
|
|
and raw NTLMSSP already. This is important when enabling
|
|
extended security and mounting to Windows 2003 Servers
|
|
|
|
g) Directory entry caching relies on a 1 second timer, rather than
|
|
using FindNotify or equivalent. - (started)
|
|
|
|
h) quota support (needs minor kernel change since quota calls
|
|
to make it to network filesystems or deviceless filesystems)
|
|
|
|
i) investigate sync behavior (including syncpage) and check
|
|
for proper behavior of intr/nointr
|
|
|
|
j) hook lower into the sockets api (as NFS/SunRPC does) to avoid the
|
|
extra copy in/out of the socket buffers in some cases.
|
|
|
|
k) Better optimize open (and pathbased setfilesize) to reduce the
|
|
oplock breaks coming from windows srv. Piggyback identical file
|
|
opens on top of each other by incrementing reference count rather
|
|
than resending (helps reduce server resource utilization and avoid
|
|
spurious oplock breaks).
|
|
|
|
l) Improve performance of readpages by sending more than one read
|
|
at a time when 8 pages or more are requested. In conjuntion
|
|
add support for async_cifs_readpages.
|
|
|
|
m) Add support for storing symlink info to Windows servers
|
|
in the Extended Attribute format their SFU clients would recognize.
|
|
|
|
n) Finish fcntl D_NOTIFY support so kde and gnome file list windows
|
|
will autorefresh (partially complete by Asser). Needs minor kernel
|
|
vfs change to support removing D_NOTIFY on a file.
|
|
|
|
o) Add GUI tool to configure /proc/fs/cifs settings and for display of
|
|
the CIFS statistics (started)
|
|
|
|
p) implement support for security and trusted categories of xattrs
|
|
(requires minor protocol extension) to enable better support for SELINUX
|
|
|
|
q) Implement O_DIRECT flag on open (already supported on mount)
|
|
|
|
r) Create UID mapping facility so server UIDs can be mapped on a per
|
|
mount or a per server basis to client UIDs or nobody if no mapping
|
|
exists. This is helpful when Unix extensions are negotiated to
|
|
allow better permission checking when UIDs differ on the server
|
|
and client. Add new protocol request to the CIFS protocol
|
|
standard for asking the server for the corresponding name of a
|
|
particular uid.
|
|
|
|
s) Add support for CIFS Unix and also the newer POSIX extensions to the
|
|
server side for Samba 4.
|
|
|
|
t) In support for OS/2 (LANMAN 1.2 and LANMAN2.1 based SMB servers)
|
|
need to add ability to set time to server (utimes command)
|
|
|
|
u) DOS attrs - returned as pseudo-xattr in Samba format (check VFAT and NTFS for this too)
|
|
|
|
v) mount check for unmatched uids
|
|
|
|
w) Add support for new vfs entry points for setlease and fallocate
|
|
|
|
x) Fix Samba 3 server to handle Linux kernel aio so dbench with lots of
|
|
processes can proceed better in parallel (on the server)
|
|
|
|
y) Fix Samba 3 to handle reads/writes over 127K (and remove the cifs mount
|
|
restriction of wsize max being 127K)
|
|
|
|
KNOWN BUGS (updated April 24, 2007)
|
|
====================================
|
|
See http://bugzilla.samba.org - search on product "CifsVFS" for
|
|
current bug list.
|
|
|
|
1) existing symbolic links (Windows reparse points) are recognized but
|
|
can not be created remotely. They are implemented for Samba and those that
|
|
support the CIFS Unix extensions, although earlier versions of Samba
|
|
overly restrict the pathnames.
|
|
2) follow_link and readdir code does not follow dfs junctions
|
|
but recognizes them
|
|
3) create of new files to FAT partitions on Windows servers can
|
|
succeed but still return access denied (appears to be Windows
|
|
server not cifs client problem) and has not been reproduced recently.
|
|
NTFS partitions do not have this problem.
|
|
4) Unix/POSIX capabilities are reset after reconnection, and affect
|
|
a few fields in the tree connection but we do do not know which
|
|
superblocks to apply these changes to. We should probably walk
|
|
the list of superblocks to set these. Also need to check the
|
|
flags on the second mount to the same share, and see if we
|
|
can do the same trick that NFS does to remount duplicate shares.
|
|
|
|
Misc testing to do
|
|
==================
|
|
1) check out max path names and max path name components against various server
|
|
types. Try nested symlinks (8 deep). Return max path name in stat -f information
|
|
|
|
2) Modify file portion of ltp so it can run against a mounted network
|
|
share and run it against cifs vfs in automated fashion.
|
|
|
|
3) Additional performance testing and optimization using iozone and similar -
|
|
there are some easy changes that can be done to parallelize sequential writes,
|
|
and when signing is disabled to request larger read sizes (larger than
|
|
negotiated size) and send larger write sizes to modern servers.
|
|
|
|
4) More exhaustively test against less common servers. More testing
|
|
against Windows 9x, Windows ME servers.
|
|
|