projects / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| bb26b963 | 1 | config CIFS |
| 2a38e120 | 2 | tristate "SMB3 and CIFS support (advanced network filesystem)" |
| bb26b963 AD |
3 | depends on INET |
| 4 | select NLS | |
| d2b91521 | 5 | select CRYPTO |
| f855f6cb | 6 | select CRYPTO_MD4 |
| d2b91521 | 7 | select CRYPTO_MD5 |
| 5b454a64 | 8 | select CRYPTO_SHA256 |
| 5890184d | 9 | select CRYPTO_SHA512 |
| 5b454a64 | 10 | select CRYPTO_CMAC |
| 362d3129 | 11 | select CRYPTO_HMAC |
| d2b91521 | 12 | select CRYPTO_ARC4 |
| 5b454a64 BG |
13 | select CRYPTO_AEAD2 |
| 14 | select CRYPTO_CCM | |
| 5f0b23ee | 15 | select CRYPTO_ECB |
| 5b454a64 | 16 | select CRYPTO_AES |
| 43988d76 | 17 | select CRYPTO_DES |
| bb26b963 | 18 | help |
| 2a38e120 | 19 | This is the client VFS module for the SMB3 family of NAS protocols, |
| 0fdfef9a SF |
20 | (including support for the most recent, most secure dialect SMB3.1.1) |
| 21 | as well as for earlier dialects such as SMB2.1, SMB2 and the older | |
| 2a38e120 SF |
22 | Common Internet File System (CIFS) protocol. CIFS was the successor |
| 23 | to the original dialect, the Server Message Block (SMB) protocol, the | |
| 24 | native file sharing mechanism for most early PC operating systems. | |
| 25 | ||
| 0fdfef9a SF |
26 | The SMB3 protocol is supported by most modern operating systems |
| 27 | and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016, | |
| 28 | MacOS) and even in the cloud (e.g. Microsoft Azure). | |
| 2a38e120 SF |
29 | The older CIFS protocol was included in Windows NT4, 2000 and XP (and |
| 30 | later) as well by Samba (which provides excellent CIFS and SMB3 | |
| 0fdfef9a SF |
31 | server support for Linux and many other operating systems). Use of |
| 32 | dialects older than SMB2.1 is often discouraged on public networks. | |
| 33 | This module also provides limited support for OS/2 and Windows ME | |
| 34 | and similar very old servers. | |
| bb26b963 | 35 | |
| 0fdfef9a | 36 | This module provides an advanced network file system client |
| 2a38e120 | 37 | for mounting to SMB3 (and CIFS) compliant servers. It includes |
| bb26b963 | 38 | support for DFS (hierarchical name space), secure per-user |
| 0fdfef9a SF |
39 | session establishment via Kerberos or NTLM or NTLMv2, RDMA |
| 40 | (smbdirect), advanced security features, per-share encryption, | |
| 41 | directory leases, safe distributed caching (oplock), optional packet | |
| bb26b963 | 42 | signing, Unicode and other internationalization improvements. |
| 2a38e120 SF |
43 | |
| 44 | In general, the default dialects, SMB3 and later, enable better | |
| 45 | performance, security and features, than would be possible with CIFS. | |
| 46 | Note that when mounting to Samba, due to the CIFS POSIX extensions, | |
| 47 | CIFS mounts can provide slightly better POSIX compatibility | |
| 48 | than SMB3 mounts. SMB2/SMB3 mount options are also | |
| 49 | slightly simpler (compared to CIFS) due to protocol improvements. | |
| 50 | ||
| 0fdfef9a | 51 | If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y. |
| bb26b963 | 52 | |
| bb26b963 AD |
53 | config CIFS_STATS2 |
| 54 | bool "Extended statistics" | |
| fcabb892 | 55 | depends on CIFS |
| bb26b963 AD |
56 | help |
| 57 | Enabling this option will allow more detailed statistics on SMB | |
| 58 | request timing to be displayed in /proc/fs/cifs/DebugData and also | |
| 59 | allow optional logging of slow responses to dmesg (depending on the | |
| 60 | value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). | |
| 61 | These additional statistics may have a minor effect on performance | |
| 62 | and memory utilization. | |
| 63 | ||
| 64 | Unless you are a developer or are doing network performance analysis | |
| 65 | or tuning, say N. | |
| 66 | ||
| 7420451f SF |
67 | config CIFS_ALLOW_INSECURE_LEGACY |
| 68 | bool "Support legacy servers which use less secure dialects" | |
| 69 | depends on CIFS | |
| 70 | default y | |
| 71 | help | |
| 72 | Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have | |
| 73 | additional security features, including protection against | |
| 74 | man-in-the-middle attacks and stronger crypto hashes, so the use | |
| 75 | of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged. | |
| 76 | ||
| 77 | Disabling this option prevents users from using vers=1.0 or vers=2.0 | |
| 78 | on mounts with cifs.ko | |
| 79 | ||
| 80 | If unsure, say Y. | |
| 81 | ||
| bb26b963 AD |
82 | config CIFS_WEAK_PW_HASH |
| 83 | bool "Support legacy servers which use weaker LANMAN security" | |
| 7420451f | 84 | depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY |
| bb26b963 AD |
85 | help |
| 86 | Modern CIFS servers including Samba and most Windows versions | |
| 87 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) | |
| 88 | security mechanisms. These hash the password more securely | |
| 89 | than the mechanisms used in the older LANMAN version of the | |
| 90 | SMB protocol but LANMAN based authentication is needed to | |
| 91 | establish sessions with some old SMB servers. | |
| 92 | ||
| 93 | Enabling this option allows the cifs module to mount to older | |
| 94 | LANMAN based servers such as OS/2 and Windows 95, but such | |
| 95 | mounts may be less secure than mounts using NTLM or more recent | |
| 96 | security mechanisms if you are on a public network. Unless you | |
| 97 | have a need to access old SMB servers (and are on a private | |
| 98 | network) you probably want to say N. Even if this support | |
| 99 | is enabled in the kernel build, LANMAN authentication will not be | |
| 100 | used automatically. At runtime LANMAN mounts are disabled but | |
| 101 | can be set to required (or optional) either in | |
| 102 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an | |
| 103 | option on the mount command. This support is disabled by | |
| 104 | default in order to reduce the possibility of a downgrade | |
| 105 | attack. | |
| 106 | ||
| 107 | If unsure, say N. | |
| 108 | ||
| 109 | config CIFS_UPCALL | |
| 1a4240f4 WL |
110 | bool "Kerberos/SPNEGO advanced session setup" |
| 111 | depends on CIFS && KEYS | |
| 112 | select DNS_RESOLVER | |
| 113 | help | |
| 114 | Enables an upcall mechanism for CIFS which accesses userspace helper | |
| 115 | utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets | |
| 116 | which are needed to mount to certain secure servers (for which more | |
| 2a38e120 | 117 | secure Kerberos authentication is required). If unsure, say Y. |
| bb26b963 AD |
118 | |
| 119 | config CIFS_XATTR | |
| 120 | bool "CIFS extended attributes" | |
| 121 | depends on CIFS | |
| 122 | help | |
| 123 | Extended attributes are name:value pairs associated with inodes by | |
| 91581e4c AB |
124 | the kernel or by users (see the attr(5) manual page for details). |
| 125 | CIFS maps the name of extended attributes beginning with the user | |
| 126 | namespace prefix to SMB/CIFS EAs. EAs are stored on Windows | |
| 127 | servers without the user namespace prefix, but their names are | |
| 128 | seen by Linux cifs clients prefaced by the user namespace prefix. | |
| 129 | The system namespace (used by some filesystems to store ACLs) is | |
| 130 | not supported at this time. | |
| bb26b963 | 131 | |
| 2a38e120 | 132 | If unsure, say Y. |
| bb26b963 AD |
133 | |
| 134 | config CIFS_POSIX | |
| 135 | bool "CIFS POSIX Extensions" | |
| 136 | depends on CIFS_XATTR | |
| 137 | help | |
| 138 | Enabling this option will cause the cifs client to attempt to | |
| 139 | negotiate a newer dialect with servers, such as Samba 3.0.5 | |
| 140 | or later, that optionally can handle more POSIX like (rather | |
| 141 | than Windows like) file behavior. It also enables | |
| 142 | support for POSIX ACLs (getfacl and setfacl) to servers | |
| 143 | (such as Samba 3.10 and later) which can negotiate | |
| 144 | CIFS POSIX ACL support. If unsure, say N. | |
| 145 | ||
| 1d4ab907 SF |
146 | config CIFS_ACL |
| 147 | bool "Provide CIFS ACL support" | |
| 148 | depends on CIFS_XATTR && KEYS | |
| 149 | help | |
| 150 | Allows fetching CIFS/NTFS ACL from the server. The DACL blob | |
| ca5d13fc | 151 | is handed over to the application/caller. See the man |
| 2a38e120 | 152 | page for getcifsacl for more information. If unsure, say Y. |
| 1d4ab907 | 153 | |
| 471b1f98 JP |
154 | config CIFS_DEBUG |
| 155 | bool "Enable CIFS debugging routines" | |
| 156 | default y | |
| 157 | depends on CIFS | |
| 158 | help | |
| 159 | Enabling this option adds helpful debugging messages to | |
| 160 | the cifs code which increases the size of the cifs module. | |
| 161 | If unsure, say Y. | |
| bb26b963 AD |
162 | config CIFS_DEBUG2 |
| 163 | bool "Enable additional CIFS debugging routines" | |
| 471b1f98 | 164 | depends on CIFS_DEBUG |
| bb26b963 AD |
165 | help |
| 166 | Enabling this option adds a few more debugging routines | |
| 167 | to the cifs code which slightly increases the size of | |
| 168 | the cifs module and can cause additional logging of debug | |
| 169 | messages in some error paths, slowing performance. This | |
| 170 | option can be turned off unless you are debugging | |
| 171 | cifs problems. If unsure, say N. | |
| 172 | ||
| d38de3c6 AA |
173 | config CIFS_DEBUG_DUMP_KEYS |
| 174 | bool "Dump encryption keys for offline decryption (Unsafe)" | |
| 2a38e120 | 175 | depends on CIFS_DEBUG |
| d38de3c6 AA |
176 | help |
| 177 | Enabling this will dump the encryption and decryption keys | |
| 178 | used to communicate on an encrypted share connection on the | |
| 179 | console. This allows Wireshark to decrypt and dissect | |
| 180 | encrypted network captures. Enable this carefully. | |
| 2a38e120 | 181 | If unsure, say N. |
| d38de3c6 | 182 | |
| 10e70afa SF |
183 | config CIFS_DFS_UPCALL |
| 184 | bool "DFS feature support" | |
| 185 | depends on CIFS && KEYS | |
| 1a4240f4 | 186 | select DNS_RESOLVER |
| 10e70afa SF |
187 | help |
| 188 | Distributed File System (DFS) support is used to access shares | |
| 189 | transparently in an enterprise name space, even if the share | |
| 190 | moves to a different server. This feature also enables | |
| 191 | an upcall mechanism for CIFS which contacts userspace helper | |
| 192 | utilities to provide server name resolution (host names to | |
| 193 | IP addresses) which is needed for implicit mounts of DFS junction | |
| 2a38e120 | 194 | points. If unsure, say Y. |
| 10e70afa | 195 | |
| 25720873 | 196 | config CIFS_NFSD_EXPORT |
| 00f3616b KC |
197 | bool "Allow nfsd to export CIFS file system" |
| 198 | depends on CIFS && BROKEN | |
| bb26b963 | 199 | help |
| 25720873 | 200 | Allows NFS server to export a CIFS mounted share (nfsd over cifs) |
| 675f36fb | 201 | |
| 2b6ed880 LL |
202 | config CIFS_SMB_DIRECT |
| 203 | bool "SMB Direct support (Experimental)" | |
| 533d1dae | 204 | depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y |
| 2b6ed880 LL |
205 | help |
| 206 | Enables SMB Direct experimental support for SMB 3.0, 3.02 and 3.1.1. | |
| 207 | SMB Direct allows transferring SMB packets over RDMA. If unsure, | |
| 208 | say N. | |
| 209 | ||
| 1d4ab907 SF |
210 | config CIFS_FSCACHE |
| 211 | bool "Provide CIFS client caching support" | |
| 212 | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y | |
| 213 | help | |
| 214 | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data | |
| 215 | to be cached locally on disk through the general filesystem cache | |
| 216 | manager. If unsure, say N. | |
| 217 |