forked from Minki/linux
4523cc3044
When CIFS Unix Extensions are negotiated we get the Unix uid and gid owners of the file from the server (on the Unix Query Path Info levels), but if the server's uids don't match the client uid's users were having to disable the Unix Extensions (which turned off features they still wanted). The changeset patch allows users to override uid and/or gid for file/directory owner with a default uid and/or gid specified at mount (as is often done when mounting from Linux cifs client to Windows server). This changeset also displays the uid and gid used by default in /proc/mounts (if applicable). Also cleans up code by adding some of the missing spaces after "if" keywords per-kernel style guidelines (as suggested by Randy Dunlap when he reviewed the patch). Signed-off-by: Steve French <sfrench@us.ibm.com>
126 lines
5.1 KiB
Plaintext
126 lines
5.1 KiB
Plaintext
Version 1.49 April 26, 2007
|
|
|
|
A Partial List of Missing Features
|
|
==================================
|
|
|
|
Contributions are welcome. There are plenty of opportunities
|
|
for visible, important contributions to this module. Here
|
|
is a partial list of the known problems and missing features:
|
|
|
|
a) Support for SecurityDescriptors(Windows/CIFS ACLs) for chmod/chgrp/chown
|
|
so that these operations can be supported to Windows servers
|
|
|
|
b) Mapping POSIX ACLs (and eventually NFSv4 ACLs) to CIFS
|
|
SecurityDescriptors
|
|
|
|
c) Better pam/winbind integration (e.g. to handle uid mapping
|
|
better)
|
|
|
|
d) Kerberos/SPNEGO session setup support - (started)
|
|
|
|
e) More testing of NTLMv2 authentication (mostly implemented - double check
|
|
that NTLMv2 signing works, also need to cleanup now unneeded SessSetup code in
|
|
fs/cifs/connect.c)
|
|
|
|
f) MD5-HMAC signing SMB PDUs when SPNEGO style SessionSetup
|
|
used (Kerberos or NTLMSSP). Signing alreadyimplemented for NTLM
|
|
and raw NTLMSSP already. This is important when enabling
|
|
extended security and mounting to Windows 2003 Servers
|
|
|
|
g) Directory entry caching relies on a 1 second timer, rather than
|
|
using FindNotify or equivalent. - (started)
|
|
|
|
h) quota support (needs minor kernel change since quota calls
|
|
to make it to network filesystems or deviceless filesystems)
|
|
|
|
i) investigate sync behavior (including syncpage) and check
|
|
for proper behavior of intr/nointr
|
|
|
|
j) hook lower into the sockets api (as NFS/SunRPC does) to avoid the
|
|
extra copy in/out of the socket buffers in some cases.
|
|
|
|
k) Better optimize open (and pathbased setfilesize) to reduce the
|
|
oplock breaks coming from windows srv. Piggyback identical file
|
|
opens on top of each other by incrementing reference count rather
|
|
than resending (helps reduce server resource utilization and avoid
|
|
spurious oplock breaks).
|
|
|
|
l) Improve performance of readpages by sending more than one read
|
|
at a time when 8 pages or more are requested. In conjuntion
|
|
add support for async_cifs_readpages.
|
|
|
|
m) Add support for storing symlink info to Windows servers
|
|
in the Extended Attribute format their SFU clients would recognize.
|
|
|
|
n) Finish fcntl D_NOTIFY support so kde and gnome file list windows
|
|
will autorefresh (partially complete by Asser). Needs minor kernel
|
|
vfs change to support removing D_NOTIFY on a file.
|
|
|
|
o) Add GUI tool to configure /proc/fs/cifs settings and for display of
|
|
the CIFS statistics (started)
|
|
|
|
p) implement support for security and trusted categories of xattrs
|
|
(requires minor protocol extension) to enable better support for SELINUX
|
|
|
|
q) Implement O_DIRECT flag on open (already supported on mount)
|
|
|
|
r) Create UID mapping facility so server UIDs can be mapped on a per
|
|
mount or a per server basis to client UIDs or nobody if no mapping
|
|
exists. This is helpful when Unix extensions are negotiated to
|
|
allow better permission checking when UIDs differ on the server
|
|
and client. Add new protocol request to the CIFS protocol
|
|
standard for asking the server for the corresponding name of a
|
|
particular uid.
|
|
|
|
s) Add support for CIFS Unix and also the newer POSIX extensions to the
|
|
server side for Samba 4.
|
|
|
|
t) In support for OS/2 (LANMAN 1.2 and LANMAN2.1 based SMB servers)
|
|
need to add ability to set time to server (utimes command)
|
|
|
|
u) DOS attrs - returned as pseudo-xattr in Samba format (check VFAT and NTFS for this too)
|
|
|
|
v) mount check for unmatched uids
|
|
|
|
w) Add mount option for Linux extension disable per mount, and partial
|
|
disable per mount (uid off, symlink/fifo/mknod on but what about posix acls?)
|
|
|
|
x) Fix Samba 3 server to handle Linux kernel aio so dbench with lots of
|
|
processes can proceed better in parallel (on the server)
|
|
|
|
y) Fix Samba 3 to handle reads/writes over 127K (and remove the cifs mount
|
|
restriction of wsize max being 127K)
|
|
|
|
KNOWN BUGS (updated April 24, 2007)
|
|
====================================
|
|
See http://bugzilla.samba.org - search on product "CifsVFS" for
|
|
current bug list.
|
|
|
|
1) existing symbolic links (Windows reparse points) are recognized but
|
|
can not be created remotely. They are implemented for Samba and those that
|
|
support the CIFS Unix extensions, although earlier versions of Samba
|
|
overly restrict the pathnames.
|
|
2) follow_link and readdir code does not follow dfs junctions
|
|
but recognizes them
|
|
3) create of new files to FAT partitions on Windows servers can
|
|
succeed but still return access denied (appears to be Windows
|
|
server not cifs client problem) and has not been reproduced recently.
|
|
NTFS partitions do not have this problem.
|
|
|
|
Misc testing to do
|
|
==================
|
|
1) check out max path names and max path name components against various server
|
|
types. Try nested symlinks (8 deep). Return max path name in stat -f information
|
|
|
|
2) Modify file portion of ltp so it can run against a mounted network
|
|
share and run it against cifs vfs in automated fashion.
|
|
|
|
3) Additional performance testing and optimization using iozone and similar -
|
|
there are some easy changes that can be done to parallelize sequential writes,
|
|
and when signing is disabled to request larger read sizes (larger than
|
|
negotiated size) and send larger write sizes to modern servers.
|
|
|
|
4) More exhaustively test against less common servers. More testing
|
|
against Windows 9x, Windows ME servers.
|
|
|