Loading...
1config CIFS
2 tristate "CIFS support (advanced network filesystem, SMBFS successor)"
3 depends on INET
4 select NLS
5 select CRYPTO
6 select CRYPTO_MD4
7 select CRYPTO_MD5
8 select CRYPTO_HMAC
9 select CRYPTO_ARC4
10 select CRYPTO_ECB
11 select CRYPTO_DES
12 select CRYPTO_SHA256
13 select CRYPTO_CMAC
14 help
15 This is the client VFS module for the Common Internet File System
16 (CIFS) protocol which is the successor to the Server Message Block
17 (SMB) protocol, the native file sharing mechanism for most early
18 PC operating systems. The CIFS protocol is fully supported by
19 file servers such as Windows 2000 (including Windows 2003, Windows 2008,
20 NT 4 and Windows XP) as well by Samba (which provides excellent CIFS
21 server support for Linux and many other operating systems). Limited
22 support for OS/2 and Windows ME and similar servers is provided as
23 well.
24
25 The cifs module provides an advanced network file system
26 client for mounting to CIFS compliant servers. It includes
27 support for DFS (hierarchical name space), secure per-user
28 session establishment via Kerberos or NTLM or NTLMv2,
29 safe distributed caching (oplock), optional packet
30 signing, Unicode and other internationalization improvements.
31 If you need to mount to Samba or Windows from this machine, say Y.
32
33config CIFS_STATS
34 bool "CIFS statistics"
35 depends on CIFS
36 help
37 Enabling this option will cause statistics for each server share
38 mounted by the cifs client to be displayed in /proc/fs/cifs/Stats
39
40config CIFS_STATS2
41 bool "Extended statistics"
42 depends on CIFS_STATS
43 help
44 Enabling this option will allow more detailed statistics on SMB
45 request timing to be displayed in /proc/fs/cifs/DebugData and also
46 allow optional logging of slow responses to dmesg (depending on the
47 value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details).
48 These additional statistics may have a minor effect on performance
49 and memory utilization.
50
51 Unless you are a developer or are doing network performance analysis
52 or tuning, say N.
53
54config CIFS_WEAK_PW_HASH
55 bool "Support legacy servers which use weaker LANMAN security"
56 depends on CIFS
57 help
58 Modern CIFS servers including Samba and most Windows versions
59 (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
60 security mechanisms. These hash the password more securely
61 than the mechanisms used in the older LANMAN version of the
62 SMB protocol but LANMAN based authentication is needed to
63 establish sessions with some old SMB servers.
64
65 Enabling this option allows the cifs module to mount to older
66 LANMAN based servers such as OS/2 and Windows 95, but such
67 mounts may be less secure than mounts using NTLM or more recent
68 security mechanisms if you are on a public network. Unless you
69 have a need to access old SMB servers (and are on a private
70 network) you probably want to say N. Even if this support
71 is enabled in the kernel build, LANMAN authentication will not be
72 used automatically. At runtime LANMAN mounts are disabled but
73 can be set to required (or optional) either in
74 /proc/fs/cifs (see fs/cifs/README for more detail) or via an
75 option on the mount command. This support is disabled by
76 default in order to reduce the possibility of a downgrade
77 attack.
78
79 If unsure, say N.
80
81config CIFS_UPCALL
82 bool "Kerberos/SPNEGO advanced session setup"
83 depends on CIFS && KEYS
84 select DNS_RESOLVER
85 help
86 Enables an upcall mechanism for CIFS which accesses userspace helper
87 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
88 which are needed to mount to certain secure servers (for which more
89 secure Kerberos authentication is required). If unsure, say N.
90
91config CIFS_XATTR
92 bool "CIFS extended attributes"
93 depends on CIFS
94 help
95 Extended attributes are name:value pairs associated with inodes by
96 the kernel or by users (see the attr(5) manual page, or visit
97 <http://acl.bestbits.at/> for details). CIFS maps the name of
98 extended attributes beginning with the user namespace prefix
99 to SMB/CIFS EAs. EAs are stored on Windows servers without the
100 user namespace prefix, but their names are seen by Linux cifs clients
101 prefaced by the user namespace prefix. The system namespace
102 (used by some filesystems to store ACLs) is not supported at
103 this time.
104
105 If unsure, say N.
106
107config CIFS_POSIX
108 bool "CIFS POSIX Extensions"
109 depends on CIFS_XATTR
110 help
111 Enabling this option will cause the cifs client to attempt to
112 negotiate a newer dialect with servers, such as Samba 3.0.5
113 or later, that optionally can handle more POSIX like (rather
114 than Windows like) file behavior. It also enables
115 support for POSIX ACLs (getfacl and setfacl) to servers
116 (such as Samba 3.10 and later) which can negotiate
117 CIFS POSIX ACL support. If unsure, say N.
118
119config CIFS_ACL
120 bool "Provide CIFS ACL support"
121 depends on CIFS_XATTR && KEYS
122 help
123 Allows fetching CIFS/NTFS ACL from the server. The DACL blob
124 is handed over to the application/caller.
125
126config CIFS_DEBUG
127 bool "Enable CIFS debugging routines"
128 default y
129 depends on CIFS
130 help
131 Enabling this option adds helpful debugging messages to
132 the cifs code which increases the size of the cifs module.
133 If unsure, say Y.
134config CIFS_DEBUG2
135 bool "Enable additional CIFS debugging routines"
136 depends on CIFS_DEBUG
137 help
138 Enabling this option adds a few more debugging routines
139 to the cifs code which slightly increases the size of
140 the cifs module and can cause additional logging of debug
141 messages in some error paths, slowing performance. This
142 option can be turned off unless you are debugging
143 cifs problems. If unsure, say N.
144
145config CIFS_DFS_UPCALL
146 bool "DFS feature support"
147 depends on CIFS && KEYS
148 select DNS_RESOLVER
149 help
150 Distributed File System (DFS) support is used to access shares
151 transparently in an enterprise name space, even if the share
152 moves to a different server. This feature also enables
153 an upcall mechanism for CIFS which contacts userspace helper
154 utilities to provide server name resolution (host names to
155 IP addresses) which is needed for implicit mounts of DFS junction
156 points. If unsure, say N.
157
158config CIFS_NFSD_EXPORT
159 bool "Allow nfsd to export CIFS file system"
160 depends on CIFS && BROKEN
161 help
162 Allows NFS server to export a CIFS mounted share (nfsd over cifs)
163
164config CIFS_SMB2
165 bool "SMB2 network file system support"
166 depends on CIFS && INET
167 select NLS
168 select KEYS
169 select FSCACHE
170 select DNS_RESOLVER
171
172 help
173 This enables experimental support for the SMB2 (Server Message Block
174 version 2) protocol. The SMB2 protocol is the successor to the
175 popular CIFS and SMB network file sharing protocols. SMB2 is the
176 native file sharing mechanism for recent versions of Windows
177 operating systems (since Vista). SMB2 enablement will eventually
178 allow users better performance, security and features, than would be
179 possible with cifs. Note that smb2 mount options also are simpler
180 (compared to cifs) due to protocol improvements.
181
182 Unless you are a developer or tester, say N.
183
184config CIFS_FSCACHE
185 bool "Provide CIFS client caching support"
186 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
187 help
188 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
189 to be cached locally on disk through the general filesystem cache
190 manager. If unsure, say N.
191
1# SPDX-License-Identifier: GPL-2.0-only
2config CIFS
3 tristate "SMB3 and CIFS support (advanced network filesystem)"
4 depends on INET
5 select NLS
6 select CRYPTO
7 select CRYPTO_MD4
8 select CRYPTO_MD5
9 select CRYPTO_SHA256
10 select CRYPTO_SHA512
11 select CRYPTO_CMAC
12 select CRYPTO_HMAC
13 select CRYPTO_LIB_ARC4
14 select CRYPTO_AEAD2
15 select CRYPTO_CCM
16 select CRYPTO_GCM
17 select CRYPTO_ECB
18 select CRYPTO_AES
19 select CRYPTO_LIB_DES
20 select KEYS
21 help
22 This is the client VFS module for the SMB3 family of NAS protocols,
23 (including support for the most recent, most secure dialect SMB3.1.1)
24 as well as for earlier dialects such as SMB2.1, SMB2 and the older
25 Common Internet File System (CIFS) protocol. CIFS was the successor
26 to the original dialect, the Server Message Block (SMB) protocol, the
27 native file sharing mechanism for most early PC operating systems.
28
29 The SMB3 protocol is supported by most modern operating systems
30 and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016,
31 MacOS) and even in the cloud (e.g. Microsoft Azure).
32 The older CIFS protocol was included in Windows NT4, 2000 and XP (and
33 later) as well by Samba (which provides excellent CIFS and SMB3
34 server support for Linux and many other operating systems). Use of
35 dialects older than SMB2.1 is often discouraged on public networks.
36 This module also provides limited support for OS/2 and Windows ME
37 and similar very old servers.
38
39 This module provides an advanced network file system client
40 for mounting to SMB3 (and CIFS) compliant servers. It includes
41 support for DFS (hierarchical name space), secure per-user
42 session establishment via Kerberos or NTLM or NTLMv2, RDMA
43 (smbdirect), advanced security features, per-share encryption,
44 directory leases, safe distributed caching (oplock), optional packet
45 signing, Unicode and other internationalization improvements.
46
47 In general, the default dialects, SMB3 and later, enable better
48 performance, security and features, than would be possible with CIFS.
49 Note that when mounting to Samba, due to the CIFS POSIX extensions,
50 CIFS mounts can provide slightly better POSIX compatibility
51 than SMB3 mounts. SMB2/SMB3 mount options are also
52 slightly simpler (compared to CIFS) due to protocol improvements.
53
54 If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y.
55
56config CIFS_STATS2
57 bool "Extended statistics"
58 depends on CIFS
59 help
60 Enabling this option will allow more detailed statistics on SMB
61 request timing to be displayed in /proc/fs/cifs/DebugData and also
62 allow optional logging of slow responses to dmesg (depending on the
63 value of /proc/fs/cifs/cifsFYI, see fs/cifs/README for more details).
64 These additional statistics may have a minor effect on performance
65 and memory utilization.
66
67 Unless you are a developer or are doing network performance analysis
68 or tuning, say N.
69
70config CIFS_ALLOW_INSECURE_LEGACY
71 bool "Support legacy servers which use less secure dialects"
72 depends on CIFS
73 default y
74 help
75 Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
76 additional security features, including protection against
77 man-in-the-middle attacks and stronger crypto hashes, so the use
78 of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
79
80 Disabling this option prevents users from using vers=1.0 or vers=2.0
81 on mounts with cifs.ko
82
83 If unsure, say Y.
84
85config CIFS_WEAK_PW_HASH
86 bool "Support legacy servers which use weaker LANMAN security"
87 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY
88 help
89 Modern CIFS servers including Samba and most Windows versions
90 (since 1997) support stronger NTLM (and even NTLMv2 and Kerberos)
91 security mechanisms. These hash the password more securely
92 than the mechanisms used in the older LANMAN version of the
93 SMB protocol but LANMAN based authentication is needed to
94 establish sessions with some old SMB servers.
95
96 Enabling this option allows the cifs module to mount to older
97 LANMAN based servers such as OS/2 and Windows 95, but such
98 mounts may be less secure than mounts using NTLM or more recent
99 security mechanisms if you are on a public network. Unless you
100 have a need to access old SMB servers (and are on a private
101 network) you probably want to say N. Even if this support
102 is enabled in the kernel build, LANMAN authentication will not be
103 used automatically. At runtime LANMAN mounts are disabled but
104 can be set to required (or optional) either in
105 /proc/fs/cifs (see fs/cifs/README for more detail) or via an
106 option on the mount command. This support is disabled by
107 default in order to reduce the possibility of a downgrade
108 attack.
109
110 If unsure, say N.
111
112config CIFS_UPCALL
113 bool "Kerberos/SPNEGO advanced session setup"
114 depends on CIFS
115 select DNS_RESOLVER
116 help
117 Enables an upcall mechanism for CIFS which accesses userspace helper
118 utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
119 which are needed to mount to certain secure servers (for which more
120 secure Kerberos authentication is required). If unsure, say Y.
121
122config CIFS_XATTR
123 bool "CIFS extended attributes"
124 depends on CIFS
125 help
126 Extended attributes are name:value pairs associated with inodes by
127 the kernel or by users (see the attr(5) manual page for details).
128 CIFS maps the name of extended attributes beginning with the user
129 namespace prefix to SMB/CIFS EAs. EAs are stored on Windows
130 servers without the user namespace prefix, but their names are
131 seen by Linux cifs clients prefaced by the user namespace prefix.
132 The system namespace (used by some filesystems to store ACLs) is
133 not supported at this time.
134
135 If unsure, say Y.
136
137config CIFS_POSIX
138 bool "CIFS POSIX Extensions"
139 depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
140 help
141 Enabling this option will cause the cifs client to attempt to
142 negotiate a newer dialect with servers, such as Samba 3.0.5
143 or later, that optionally can handle more POSIX like (rather
144 than Windows like) file behavior. It also enables
145 support for POSIX ACLs (getfacl and setfacl) to servers
146 (such as Samba 3.10 and later) which can negotiate
147 CIFS POSIX ACL support. If unsure, say N.
148
149config CIFS_DEBUG
150 bool "Enable CIFS debugging routines"
151 default y
152 depends on CIFS
153 help
154 Enabling this option adds helpful debugging messages to
155 the cifs code which increases the size of the cifs module.
156 If unsure, say Y.
157
158config CIFS_DEBUG2
159 bool "Enable additional CIFS debugging routines"
160 depends on CIFS_DEBUG
161 help
162 Enabling this option adds a few more debugging routines
163 to the cifs code which slightly increases the size of
164 the cifs module and can cause additional logging of debug
165 messages in some error paths, slowing performance. This
166 option can be turned off unless you are debugging
167 cifs problems. If unsure, say N.
168
169config CIFS_DEBUG_DUMP_KEYS
170 bool "Dump encryption keys for offline decryption (Unsafe)"
171 depends on CIFS_DEBUG
172 help
173 Enabling this will dump the encryption and decryption keys
174 used to communicate on an encrypted share connection on the
175 console. This allows Wireshark to decrypt and dissect
176 encrypted network captures. Enable this carefully.
177 If unsure, say N.
178
179config CIFS_DFS_UPCALL
180 bool "DFS feature support"
181 depends on CIFS
182 select DNS_RESOLVER
183 help
184 Distributed File System (DFS) support is used to access shares
185 transparently in an enterprise name space, even if the share
186 moves to a different server. This feature also enables
187 an upcall mechanism for CIFS which contacts userspace helper
188 utilities to provide server name resolution (host names to
189 IP addresses) which is needed in order to reconnect to
190 servers if their addresses change or for implicit mounts of
191 DFS junction points. If unsure, say Y.
192
193config CIFS_NFSD_EXPORT
194 bool "Allow nfsd to export CIFS file system"
195 depends on CIFS && BROKEN
196 help
197 Allows NFS server to export a CIFS mounted share (nfsd over cifs)
198
199config CIFS_SMB_DIRECT
200 bool "SMB Direct support"
201 depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
202 help
203 Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
204 SMB Direct allows transferring SMB packets over RDMA. If unsure,
205 say Y.
206
207config CIFS_FSCACHE
208 bool "Provide CIFS client caching support"
209 depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
210 help
211 Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
212 to be cached locally on disk through the general filesystem cache
213 manager. If unsure, say N.
214
215config CIFS_ROOT
216 bool "SMB root file system (Experimental)"
217 depends on CIFS=y && IP_PNP
218 help
219 Enables root file system support over SMB protocol.
220
221 Most people say N here.