[linux-cifs-client] Re: [PATCH] cifs: show per mount security mode in /proc/mounts (try #3)
diff mbox

Message ID 49B7F14F.8020404@suse.de
State New, archived
Headers show

Commit Message

Suresh Jayaraman March 11, 2009, 5:13 p.m. UTC
Steve French wrote:
> On Wed, Mar 11, 2009 at 7:18 AM, Suresh Jayaraman <sjayaraman@suse.de> wrote:
> 
>> + ý ý ý for (i = 0; i < ARRAY_SIZE(sec_flags); i++) {
>> + ý ý ý ý ý ý ý if (sec_flags[i].sec == flag)
>> + ý ý ý ý ý ý ý ý ý ý ý break;
>> + ý ý ý }
>> +
>> + ý ý ý return sec_flags[i].flavor;
> 
> This seems better, but won't it oops if there is no match on sec_flags
> (since i is one greater than array size).
> 

Oops, good catch. I think I relied on the SMBNegotiate code to do
all the error checking which may not be a good idea. How does this
look?

(BTW, any idea how did those extra characters(ý ý) come from? I
did run checkpatch.pl and it didn't complain)

Patch
diff mbox

diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 13ea532..67029d9 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -331,6 +331,51 @@  cifs_destroy_inode(struct inode *inode)
 }
 
 /*
+ * Map auth info
+ */
+static const char *map_auth_info(enum securityEnum type, char mode)
+{
+	unsigned int flag = 0;
+	static const struct {
+		unsigned int sec;
+		const char *flavor;
+	} sec_flags[] = {
+		{ CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN, "krb5i"},
+		{ CIFSSEC_MAY_KRB5, "krb5"},
+		{ CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN, "ntlmv2i"},
+		{ CIFSSEC_MAY_NTLMV2, "ntlmv2"},
+		{ CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN, "ntlmi"},
+		{ CIFSSEC_MAY_NTLM, "ntlm"},
+		{ CIFSSEC_MAY_LANMAN, "lanman"},
+		{ UINT_MAX, NULL}
+	};
+	int i;
+
+	cFYI(1, ("secType=%d secMode=0x%x\n", type, mode));
+	if (type == NTLMv2)
+		flag |= CIFSSEC_MAY_NTLMV2;
+	else if (type == NTLM)
+		flag |= CIFSSEC_MAY_NTLM;
+	else if (type == Kerberos || type == MSKerberos)
+		flag |= CIFSSEC_MAY_KRB5;
+	else if (type == LANMAN)
+		flag |= CIFSSEC_MAY_LANMAN;
+
+	if (mode & SECMODE_SIGN_REQUIRED)
+		flag |= CIFSSEC_MUST_SIGN;
+	else if (mode & SECMODE_SIGN_ENABLED)
+		flag |= CIFSSEC_MAY_SIGN;
+
+
+	for (i = 0; i < ARRAY_SIZE(sec_flags); i++) {
+		if (sec_flags[i].sec == flag)
+			break;
+	}
+
+	return sec_flags[i].flavor;
+}
+
+/*
  * cifs_show_options() is for displaying mount options in /proc/mounts.
  * Not all settable options are displayed but most of the important
  * ones are.
@@ -341,6 +386,7 @@  cifs_show_options(struct seq_file *s, struct vfsmount *m)
 	struct cifs_sb_info *cifs_sb;
 	struct cifsTconInfo *tcon;
 	struct TCP_Server_Info *server;
+	const char *flavor;
 
 	cifs_sb = CIFS_SB(m->mnt_sb);
 
@@ -369,6 +415,11 @@  cifs_show_options(struct seq_file *s, struct vfsmount *m)
 							   &server->addr.sockAddr.sin_addr.s_addr);
 						break;
 					}
+					flavor = map_auth_info(server->secType,
+							       server->secMode);
+					if (flavor != NULL)
+						seq_printf(s, ",sec=%s",
+							   flavor);
 				}
 			}
 			if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_OVERR_UID) ||