fs/cifs/Kconfig

   1 # SPDX-License-Identifier: GPL-2.0-only
   2 config CIFS
   3         tristate "SMB3 and CIFS support (advanced network filesystem)"
   4         depends on INET
   5         select NLS
   6         select CRYPTO
   7         select CRYPTO_MD4
   8         select CRYPTO_MD5
   9         select CRYPTO_SHA256
  10         select CRYPTO_SHA512
  11         select CRYPTO_CMAC
  12         select CRYPTO_HMAC
  13         select CRYPTO_AEAD2
  14         select CRYPTO_CCM
  15         select CRYPTO_GCM
  16         select CRYPTO_ECB
  17         select CRYPTO_AES
  18         select KEYS
  19         select DNS_RESOLVER
  20         select ASN1
  21         select OID_REGISTRY
  22         help
  23           This is the client VFS module for the SMB3 family of NAS protocols,
  24           (including support for the most recent, most secure dialect SMB3.1.1)
  25           as well as for earlier dialects such as SMB2.1, SMB2 and the older
  26           Common Internet File System (CIFS) protocol.  CIFS was the successor
  27           to the original dialect, the Server Message Block (SMB) protocol, the
  28           native file sharing mechanism for most early PC operating systems.
  29
  30           The SMB3 protocol is supported by most modern operating systems
  31           and NAS appliances (e.g. Samba, Windows 10, Windows Server 2016,
  32           MacOS) and even in the cloud (e.g. Microsoft Azure).
  33           The older CIFS protocol was included in Windows NT4, 2000 and XP (and
  34           later) as well by Samba (which provides excellent CIFS and SMB3
  35           server support for Linux and many other operating systems). Use of
  36           dialects older than SMB2.1 is often discouraged on public networks.
  37           This module also provides limited support for OS/2 and Windows ME
  38           and similar very old servers.
  39
  40           This module provides an advanced network file system client
  41           for mounting to SMB3 (and CIFS) compliant servers.  It includes
  42           support for DFS (hierarchical name space), secure per-user
  43           session establishment via Kerberos or NTLM or NTLMv2, RDMA
  44           (smbdirect), advanced security features, per-share encryption,
  45           directory leases, safe distributed caching (oplock), optional packet
  46           signing, Unicode and other internationalization improvements.
  47
  48           In general, the default dialects, SMB3 and later, enable better
  49           performance, security and features, than would be possible with CIFS.
  50           Note that when mounting to Samba, due to the CIFS POSIX extensions,
  51           CIFS mounts can provide slightly better POSIX compatibility
  52           than SMB3 mounts. SMB2/SMB3 mount options are also
  53           slightly simpler (compared to CIFS) due to protocol improvements.
  54
  55           If you need to mount to Samba, Azure, Macs or Windows from this machine, say Y.
  56
  57 config CIFS_STATS2
  58         bool "Extended statistics"
  59         depends on CIFS
  60         default y
  61         help
  62           Enabling this option will allow more detailed statistics on SMB
  63           request timing to be displayed in /proc/fs/cifs/DebugData and also
  64           allow optional logging of slow responses to dmesg (depending on the
  65           value of /proc/fs/cifs/cifsFYI). See Documentation/admin-guide/cifs/usage.rst
  66           for more details. These additional statistics may have a minor effect
  67           on performance and memory utilization.
  68
  69           If unsure, say Y.
  70
  71 config CIFS_ALLOW_INSECURE_LEGACY
  72         bool "Support legacy servers which use less secure dialects"
  73         depends on CIFS
  74         default y
  75         help
  76           Modern dialects, SMB2.1 and later (including SMB3 and 3.1.1), have
  77           additional security features, including protection against
  78           man-in-the-middle attacks and stronger crypto hashes, so the use
  79           of legacy dialects (SMB1/CIFS and SMB2.0) is discouraged.
  80
  81           Disabling this option prevents users from using vers=1.0 or vers=2.0
  82           on mounts with cifs.ko
  83
  84           If unsure, say Y.
  85
  86 config CIFS_UPCALL
  87         bool "Kerberos/SPNEGO advanced session setup"
  88         depends on CIFS
  89         help
  90           Enables an upcall mechanism for CIFS which accesses userspace helper
  91           utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets
  92           which are needed to mount to certain secure servers (for which more
  93           secure Kerberos authentication is required). If unsure, say Y.
  94
  95 config CIFS_XATTR
  96         bool "CIFS extended attributes"
  97         depends on CIFS
  98         help
  99           Extended attributes are name:value pairs associated with inodes by
 100           the kernel or by users (see the attr(5) manual page for details).
 101           CIFS maps the name of extended attributes beginning with the user
 102           namespace prefix to SMB/CIFS EAs.  EAs are stored on Windows
 103           servers without the user namespace prefix, but their names are
 104           seen by Linux cifs clients prefaced by the user namespace prefix.
 105           The system namespace (used by some filesystems to store ACLs) is
 106           not supported at this time.
 107
 108           If unsure, say Y.
 109
 110 config CIFS_POSIX
 111         bool "CIFS POSIX Extensions"
 112         depends on CIFS && CIFS_ALLOW_INSECURE_LEGACY && CIFS_XATTR
 113         help
 114           Enabling this option will cause the cifs client to attempt to
 115           negotiate a newer dialect with servers, such as Samba 3.0.5
 116           or later, that optionally can handle more POSIX like (rather
 117           than Windows like) file behavior.  It also enables
 118           support for POSIX ACLs (getfacl and setfacl) to servers
 119           (such as Samba 3.10 and later) which can negotiate
 120           CIFS POSIX ACL support.  If unsure, say N.
 121
 122 config CIFS_DEBUG
 123         bool "Enable CIFS debugging routines"
 124         default y
 125         depends on CIFS
 126         help
 127           Enabling this option adds helpful debugging messages to
 128           the cifs code which increases the size of the cifs module.
 129           If unsure, say Y.
 130
 131 config CIFS_DEBUG2
 132         bool "Enable additional CIFS debugging routines"
 133         depends on CIFS_DEBUG
 134         help
 135           Enabling this option adds a few more debugging routines
 136           to the cifs code which slightly increases the size of
 137           the cifs module and can cause additional logging of debug
 138           messages in some error paths, slowing performance. This
 139           option can be turned off unless you are debugging
 140           cifs problems.  If unsure, say N.
 141
 142 config CIFS_DEBUG_DUMP_KEYS
 143         bool "Dump encryption keys for offline decryption (Unsafe)"
 144         depends on CIFS_DEBUG
 145         help
 146           Enabling this will dump the encryption and decryption keys
 147           used to communicate on an encrypted share connection on the
 148           console. This allows Wireshark to decrypt and dissect
 149           encrypted network captures. Enable this carefully.
 150           If unsure, say N.
 151
 152 config CIFS_DFS_UPCALL
 153         bool "DFS feature support"
 154         depends on CIFS
 155         help
 156           Distributed File System (DFS) support is used to access shares
 157           transparently in an enterprise name space, even if the share
 158           moves to a different server.  This feature also enables
 159           an upcall mechanism for CIFS which contacts userspace helper
 160           utilities to provide server name resolution (host names to
 161           IP addresses) which is needed in order to reconnect to
 162           servers if their addresses change or for implicit mounts of
 163           DFS junction points. If unsure, say Y.
 164
 165 config CIFS_SWN_UPCALL
 166         bool "SWN feature support"
 167         depends on CIFS
 168         help
 169           The Service Witness Protocol (SWN) is used to get notifications
 170           from a highly available server of resource state changes. This
 171           feature enables an upcall mechanism for CIFS which contacts a
 172           userspace daemon to establish the DCE/RPC connection to retrieve
 173           the cluster available interfaces and resource change notifications.
 174           If unsure, say Y.
 175
 176 config CIFS_NFSD_EXPORT
 177         bool "Allow nfsd to export CIFS file system"
 178         depends on CIFS && BROKEN
 179         help
 180           Allows NFS server to export a CIFS mounted share (nfsd over cifs)
 181
 182 config CIFS_SMB_DIRECT
 183         bool "SMB Direct support"
 184         depends on CIFS=m && INFINIBAND && INFINIBAND_ADDR_TRANS || CIFS=y && INFINIBAND=y && INFINIBAND_ADDR_TRANS=y
 185         help
 186           Enables SMB Direct support for SMB 3.0, 3.02 and 3.1.1.
 187           SMB Direct allows transferring SMB packets over RDMA. If unsure,
 188           say Y.
 189
 190 config CIFS_FSCACHE
 191         bool "Provide CIFS client caching support"
 192         depends on CIFS=m && FSCACHE || CIFS=y && FSCACHE=y
 193         help
 194           Makes CIFS FS-Cache capable. Say Y here if you want your CIFS data
 195           to be cached locally on disk through the general filesystem cache
 196           manager. If unsure, say N.
 197
 198 config CIFS_ROOT
 199         bool "SMB root file system (Experimental)"
 200         depends on CIFS=y && IP_PNP
 201         help
 202           Enables root file system support over SMB protocol.
 203
 204           Most people say N here.