Commit | Line | Data |
---|---|---|
bb26b963 | 1 | config CIFS |
2a38e120 | 2 | tristate "SMB3 and CIFS support (advanced network filesystem)" |
bb26b963 AD |
3 | depends on INET |
4 | select NLS | |
d2b91521 | 5 | select CRYPTO |
f855f6cb | 6 | select CRYPTO_MD4 |
d2b91521 | 7 | select CRYPTO_MD5 |
5b454a64 BG |
8 | select CRYPTO_SHA256 |
9 | select CRYPTO_CMAC | |
362d3129 | 10 | select CRYPTO_HMAC |
d2b91521 | 11 | select CRYPTO_ARC4 |
5b454a64 BG |
12 | select CRYPTO_AEAD2 |
13 | select CRYPTO_CCM | |
5f0b23ee | 14 | select CRYPTO_ECB |
5b454a64 | 15 | select CRYPTO_AES |
43988d76 | 16 | select CRYPTO_DES |
bb26b963 | 17 | help |
2a38e120 SF |
18 | This is the client VFS module for the SMB3 family of NAS protocols, |
19 | as well as for earlier dialects such as SMB2.1, SMB2 and the | |
20 | Common Internet File System (CIFS) protocol. CIFS was the successor | |
21 | to the original dialect, the Server Message Block (SMB) protocol, the | |
22 | native file sharing mechanism for most early PC operating systems. | |
23 | ||
24 | The SMB3 protocol is supported by most modern operating systems and | |
25 | NAS appliances (e.g. Samba, Windows 8, Windows 2012, MacOS). | |
26 | The older CIFS protocol was included in Windows NT4, 2000 and XP (and | |
27 | later) as well by Samba (which provides excellent CIFS and SMB3 | |
bb26b963 | 28 | server support for Linux and many other operating systems). Limited |
2a38e120 SF |
29 | support for OS/2 and Windows ME and similar very old servers is |
30 | provided as well. | |
bb26b963 | 31 | |
2a38e120 SF |
32 | The cifs module provides an advanced network file system client |
33 | for mounting to SMB3 (and CIFS) compliant servers. It includes | |
bb26b963 AD |
34 | support for DFS (hierarchical name space), secure per-user |
35 | session establishment via Kerberos or NTLM or NTLMv2, | |
36 | safe distributed caching (oplock), optional packet | |
37 | signing, Unicode and other internationalization improvements. | |
2a38e120 SF |
38 | |
39 | In general, the default dialects, SMB3 and later, enable better | |
40 | performance, security and features, than would be possible with CIFS. | |
41 | Note that when mounting to Samba, due to the CIFS POSIX extensions, | |
42 | CIFS mounts can provide slightly better POSIX compatibility | |
43 | than SMB3 mounts. SMB2/SMB3 mount options are also | |
44 | slightly simpler (compared to CIFS) due to protocol improvements. | |
45 | ||
46 | If you need to mount to Samba, Macs or Windows from this machine, say Y. | |
bb26b963 AD |
47 | |
48 | config CIFS_STATS | |
49 | bool "CIFS statistics" | |
50 | depends on CIFS | |
51 | help | |
52 | Enabling this option will cause statistics for each server share | |
53 | mounted by the cifs client to be displayed in /proc/fs/cifs/Stats | |
54 | ||
55 | config CIFS_STATS2 | |
56 | bool "Extended statistics" | |
57 | depends on CIFS_STATS | |
58 | help | |
59 | Enabling this option will allow more detailed statistics on SMB | |
60 | request timing to be displayed in /proc/fs/cifs/DebugData and also | |
61 | allow optional logging of slow responses to dmesg (depending on the | |
62 | value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details). | |
63 | These additional statistics may have a minor effect on performance | |
64 | and memory utilization. | |
65 | ||
66 | Unless you are a developer or are doing network performance analysis | |
67 | or tuning, say N. | |
68 | ||
69 | config CIFS_WEAK_PW_HASH | |
70 | bool "Support legacy servers which use weaker LANMAN security" | |
71 | depends on CIFS | |
72 | help | |
73 | Modern CIFS servers including Samba and most Windows versions | |
74 | (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos) | |
75 | security mechanisms. These hash the password more securely | |
76 | than the mechanisms used in the older LANMAN version of the | |
77 | SMB protocol but LANMAN based authentication is needed to | |
78 | establish sessions with some old SMB servers. | |
79 | ||
80 | Enabling this option allows the cifs module to mount to older | |
81 | LANMAN based servers such as OS/2 and Windows 95, but such | |
82 | mounts may be less secure than mounts using NTLM or more recent | |
83 | security mechanisms if you are on a public network. Unless you | |
84 | have a need to access old SMB servers (and are on a private | |
85 | network) you probably want to say N. Even if this support | |
86 | is enabled in the kernel build, LANMAN authentication will not be | |
87 | used automatically. At runtime LANMAN mounts are disabled but | |
88 | can be set to required (or optional) either in | |
89 | /proc/fs/cifs (see fs/cifs/README for more detail) or via an | |
90 | option on the mount command. This support is disabled by | |
91 | default in order to reduce the possibility of a downgrade | |
92 | attack. | |
93 | ||
94 | If unsure, say N. | |
95 | ||
96 | config CIFS_UPCALL | |
1a4240f4 WL |
97 | bool "Kerberos/SPNEGO advanced session setup" |
98 | depends on CIFS && KEYS | |
99 | select DNS_RESOLVER | |
100 | help | |
101 | Enables an upcall mechanism for CIFS which accesses userspace helper | |
102 | utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets | |
103 | which are needed to mount to certain secure servers (for which more | |
2a38e120 | 104 | secure Kerberos authentication is required). If unsure, say Y. |
bb26b963 AD |
105 | |
106 | config CIFS_XATTR | |
107 | bool "CIFS extended attributes" | |
108 | depends on CIFS | |
109 | help | |
110 | Extended attributes are name:value pairs associated with inodes by | |
111 | the kernel or by users (see the attr(5) manual page, or visit | |
112 | <http://acl.bestbits.at/> for details). CIFS maps the name of | |
113 | extended attributes beginning with the user namespace prefix | |
114 | to SMB/CIFS EAs. EAs are stored on Windows servers without the | |
115 | user namespace prefix, but their names are seen by Linux cifs clients | |
116 | prefaced by the user namespace prefix. The system namespace | |
117 | (used by some filesystems to store ACLs) is not supported at | |
118 | this time. | |
119 | ||
2a38e120 | 120 | If unsure, say Y. |
bb26b963 AD |
121 | |
122 | config CIFS_POSIX | |
123 | bool "CIFS POSIX Extensions" | |
124 | depends on CIFS_XATTR | |
125 | help | |
126 | Enabling this option will cause the cifs client to attempt to | |
127 | negotiate a newer dialect with servers, such as Samba 3.0.5 | |
128 | or later, that optionally can handle more POSIX like (rather | |
129 | than Windows like) file behavior. It also enables | |
130 | support for POSIX ACLs (getfacl and setfacl) to servers | |
131 | (such as Samba 3.10 and later) which can negotiate | |
132 | CIFS POSIX ACL support. If unsure, say N. | |
133 | ||
1d4ab907 SF |
134 | config CIFS_ACL |
135 | bool "Provide CIFS ACL support" | |
136 | depends on CIFS_XATTR && KEYS | |
137 | help | |
138 | Allows fetching CIFS/NTFS ACL from the server. The DACL blob | |
ca5d13fc | 139 | is handed over to the application/caller. See the man |
2a38e120 | 140 | page for getcifsacl for more information. If unsure, say Y. |
1d4ab907 | 141 | |
471b1f98 JP |
142 | config CIFS_DEBUG |
143 | bool "Enable CIFS debugging routines" | |
144 | default y | |
145 | depends on CIFS | |
146 | help | |
147 | Enabling this option adds helpful debugging messages to | |
148 | the cifs code which increases the size of the cifs module. | |
149 | If unsure, say Y. | |
bb26b963 AD |
150 | config CIFS_DEBUG2 |
151 | bool "Enable additional CIFS debugging routines" | |
471b1f98 | 152 | depends on CIFS_DEBUG |
bb26b963 AD |
153 | help |
154 | Enabling this option adds a few more debugging routines | |
155 | to the cifs code which slightly increases the size of | |
156 | the cifs module and can cause additional logging of debug | |
157 | messages in some error paths, slowing performance. This | |
158 | option can be turned off unless you are debugging | |
159 | cifs problems. If unsure, say N. | |
160 | ||
d38de3c6 AA |
161 | config CIFS_DEBUG_DUMP_KEYS |
162 | bool "Dump encryption keys for offline decryption (Unsafe)" | |
2a38e120 | 163 | depends on CIFS_DEBUG |
d38de3c6 AA |
164 | help |
165 | Enabling this will dump the encryption and decryption keys | |
166 | used to communicate on an encrypted share connection on the | |
167 | console. This allows Wireshark to decrypt and dissect | |
168 | encrypted network captures. Enable this carefully. | |
2a38e120 | 169 | If unsure, say N. |
d38de3c6 | 170 | |
10e70afa SF |
171 | config CIFS_DFS_UPCALL |
172 | bool "DFS feature support" | |
173 | depends on CIFS && KEYS | |
1a4240f4 | 174 | select DNS_RESOLVER |
10e70afa SF |
175 | help |
176 | Distributed File System (DFS) support is used to access shares | |
177 | transparently in an enterprise name space, even if the share | |
178 | moves to a different server. This feature also enables | |
179 | an upcall mechanism for CIFS which contacts userspace helper | |
180 | utilities to provide server name resolution (host names to | |
181 | IP addresses) which is needed for implicit mounts of DFS junction | |
2a38e120 | 182 | points. If unsure, say Y. |
10e70afa | 183 | |
25720873 | 184 | config CIFS_NFSD_EXPORT |
00f3616b KC |
185 | bool "Allow nfsd to export CIFS file system" |
186 | depends on CIFS && BROKEN | |
bb26b963 | 187 | help |
25720873 | 188 | Allows NFS server to export a CIFS mounted share (nfsd over cifs) |
675f36fb | 189 | |
5f7fbf73 SF |
190 | config CIFS_SMB311 |
191 | bool "SMB3.1.1 network file system support (Experimental)" | |
2a38e120 | 192 | depends on CIFS |
5f7fbf73 SF |
193 | |
194 | help | |
195 | This enables experimental support for the newest, SMB3.1.1, dialect. | |
196 | This dialect includes improved security negotiation features. | |
197 | If unsure, say N | |
198 | ||
1d4ab907 SF |
199 | config CIFS_FSCACHE |
200 | bool "Provide CIFS client caching support" | |
201 | depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y | |
202 | help | |
203 | Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data | |
204 | to be cached locally on disk through the general filesystem cache | |
205 | manager. If unsure, say N. | |
206 |