6473a559c3
disabled. Also set mode, uid, gid better on mkdir and create for the case when Unix Extensions is not enabled and setuids is enabled. This is necessary to fix the hole in which chown could be allowed for non-root users in some cases if root mounted, and also to display the mode and uid properly in some cases. Signed-off-by: Steve French <sfrench@us.ibm.com>
130 lines
5.2 KiB
Text
130 lines
5.2 KiB
Text
Version 1.39 November 30, 2005
|
|
|
|
A Partial List of Missing Features
|
|
==================================
|
|
|
|
Contributions are welcome. There are plenty of opportunities
|
|
for visible, important contributions to this module. Here
|
|
is a partial list of the known problems and missing features:
|
|
|
|
a) Support for SecurityDescriptors(Windows/CIFS ACLs) for chmod/chgrp/chown
|
|
so that these operations can be supported to Windows servers
|
|
|
|
b) Mapping POSIX ACLs (and eventually NFSv4 ACLs) to CIFS
|
|
SecurityDescriptors
|
|
|
|
c) Better pam/winbind integration (e.g. to handle uid mapping
|
|
better)
|
|
|
|
d) Kerberos/SPNEGO session setup support - (started)
|
|
|
|
e) NTLMv2 authentication (mostly implemented)
|
|
|
|
f) MD5-HMAC signing SMB PDUs when SPNEGO style SessionSetup
|
|
used (Kerberos or NTLMSSP). Signing alreadyimplemented for NTLM
|
|
and raw NTLMSSP already. This is important when enabling
|
|
extended security and mounting to Windows 2003 Servers
|
|
|
|
f) Directory entry caching relies on a 1 second timer, rather than
|
|
using FindNotify or equivalent. - (started)
|
|
|
|
g) A few byte range testcases fail due to POSIX vs. Windows/CIFS
|
|
style byte range lock differences. Save byte range locks so
|
|
reconnect can replay them.
|
|
|
|
h) Support unlock all (unlock 0,MAX_OFFSET)
|
|
by unlocking all known byte range locks that we locked on the file.
|
|
|
|
i) quota support (needs minor kernel change since quota calls
|
|
to make it to network filesystems or deviceless filesystems)
|
|
|
|
j) investigate sync behavior (including syncpage) and check
|
|
for proper behavior of intr/nointr
|
|
|
|
k) hook lower into the sockets api (as NFS/SunRPC does) to avoid the
|
|
extra copy in/out of the socket buffers in some cases.
|
|
|
|
l) finish support for IPv6. This is mostly complete but
|
|
needs a simple conversion of ipv6 to sin6_addr from the
|
|
address in string representation.
|
|
|
|
m) Better optimize open (and pathbased setfilesize) to reduce the
|
|
oplock breaks coming from windows srv. Piggyback identical file
|
|
opens on top of each other by incrementing reference count rather
|
|
than resending (helps reduce server resource utilization and avoid
|
|
spurious oplock breaks).
|
|
|
|
o) Improve performance of readpages by sending more than one read
|
|
at a time when 8 pages or more are requested. In conjuntion
|
|
add support for async_cifs_readpages.
|
|
|
|
p) Add support for storing symlink info to Windows servers
|
|
in the Extended Attribute format their SFU clients would recognize.
|
|
|
|
q) Finish fcntl D_NOTIFY support so kde and gnome file list windows
|
|
will autorefresh (partially complete by Asser). Needs minor kernel
|
|
vfs change to support removing D_NOTIFY on a file.
|
|
|
|
r) Add GUI tool to configure /proc/fs/cifs settings and for display of
|
|
the CIFS statistics (started)
|
|
|
|
s) implement support for security and trusted categories of xattrs
|
|
(requires minor protocol extension) to enable better support for SELINUX
|
|
|
|
t) Implement O_DIRECT flag on open (already supported on mount)
|
|
|
|
u) Create UID mapping facility so server UIDs can be mapped on a per
|
|
mount or a per server basis to client UIDs or nobody if no mapping
|
|
exists. This is helpful when Unix extensions are negotiated to
|
|
allow better permission checking when UIDs differ on the server
|
|
and client. Add new protocol request to the CIFS protocol
|
|
standard for asking the server for the corresponding name of a
|
|
particular uid.
|
|
|
|
v) Add support for CIFS Unix and also the newer POSIX extensions to the
|
|
server side for Samba 4.
|
|
|
|
w) Finish up the dos time conversion routines needed to return old server
|
|
time to the client (default time, of now or time 0 is used now for these
|
|
very old servers)
|
|
|
|
x) Add support for OS/2 (LANMAN 1.2 and LANMAN2.1 based SMB servers)
|
|
|
|
y) Finish testing of Windows 9x/Windows ME server support (started).
|
|
|
|
KNOWN BUGS (updated April 29, 2005)
|
|
====================================
|
|
See http://bugzilla.samba.org - search on product "CifsVFS" for
|
|
current bug list.
|
|
|
|
1) existing symbolic links (Windows reparse points) are recognized but
|
|
can not be created remotely. They are implemented for Samba and those that
|
|
support the CIFS Unix extensions, although earlier versions of Samba
|
|
overly restrict the pathnames.
|
|
2) follow_link and readdir code does not follow dfs junctions
|
|
but recognizes them
|
|
3) create of new files to FAT partitions on Windows servers can
|
|
succeed but still return access denied (appears to be Windows
|
|
server not cifs client problem) and has not been reproduced recently.
|
|
NTFS partitions do not have this problem.
|
|
4) debug connectathon lock test case 10 which fails against
|
|
Samba (may be unmappable due to POSIX to Windows lock model
|
|
differences but worth investigating). Also debug Samba to
|
|
see why lock test case 7 takes longer to complete to Samba
|
|
than to Windows.
|
|
|
|
Misc testing to do
|
|
==================
|
|
1) check out max path names and max path name components against various server
|
|
types. Try nested symlinks (8 deep). Return max path name in stat -f information
|
|
|
|
2) Modify file portion of ltp so it can run against a mounted network
|
|
share and run it against cifs vfs.
|
|
|
|
3) Additional performance testing and optimization using iozone and similar -
|
|
there are some easy changes that can be done to parallelize sequential writes,
|
|
and when signing is disabled to request larger read sizes (larger than
|
|
negotiated size) and send larger write sizes to modern servers.
|
|
|
|
4) More exhaustively test against less common servers. More testing
|
|
against Windows 9x, Windows ME servers.
|