[linux-cifs-client] [PATCH] cifs: show per mount security mode in /proc/mounts

Tue Mar 10 11:18:33 GMT 2009

Currently, /proc/mounts does not display security mode of the cifs
mounts. With the availability multiple security modes including
kerberos security, it might be vital to display security mode as well.

Signed-off-by: Suresh Jayaraman <sjayaraman at suse.de>
---

 fs/cifs/cifs_fs_sb.h |    1 +
 fs/cifs/cifsfs.c     |   32 ++++++++++++++++++++++++++++++++
 fs/cifs/connect.c    |    5 +++++
 3 files changed, 38 insertions(+), 0 deletions(-)

diff --git a/fs/cifs/cifs_fs_sb.h b/fs/cifs/cifs_fs_sb.h
index c4c306f..08b525a 100644
--- a/fs/cifs/cifs_fs_sb.h
+++ b/fs/cifs/cifs_fs_sb.h
@@ -39,6 +39,7 @@ struct cifs_sb_info {
 	struct nls_table *local_nls;
 	unsigned int rsize;
 	unsigned int wsize;
+	unsigned int sec_flag;
 	uid_t	mnt_uid;
 	gid_t	mnt_gid;
 	mode_t	mnt_file_mode;
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 13ea532..9c48c46 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -331,6 +331,33 @@ cifs_destroy_inode(struct inode *inode)
 }
 
 /*
+ * Map the security flags to the corresponding mode 
+ */
+static const char *secflags_to_mode(unsigned int secflag)
+{
+	static const struct {
+		unsigned int flag;
+		const char *mode;
+	} sec_modes[] = {
+		{ CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN, "krb5i"},
+	        { CIFSSEC_MAY_KRB5, "krb5"},
+		{ CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN, "ntlmv2i"},
+		{ CIFSSEC_MAY_NTLMV2, "ntlmv2"},
+		{ CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN, "ntlm"},
+		{ CIFSSEC_MAY_NTLM, "ntlm"},
+		{ CIFSSEC_MAY_LANMAN, "lanman"}
+	};
+	int i;
+
+	for (i = 0; i < ARRAY_SIZE(sec_modes); i++) {
+		if (sec_modes[i].flag == secflag)
+			break;
+	}
+
+	return sec_modes[i].mode;
+}
+
+/*
  * cifs_show_options() is for displaying mount options in /proc/mounts.
  * Not all settable options are displayed but most of the important
  * ones are.
@@ -411,6 +438,11 @@ cifs_show_options(struct seq_file *s, struct vfsmount *m)
 			seq_printf(s, ",cifsacl");
 		if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_DYNPERM)
 			seq_printf(s, ",dynperm");
+		if (cifs_sb->sec_flag)
+			seq_printf(s, ",sec=%s",
+					secflags_to_mode(cifs_sb->sec_flag));
+		else
+			seq_printf(s, ",sec=none");
 		if (m->mnt_sb->s_flags & MS_POSIXACL)
 			seq_printf(s, ",acl");
 
diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
index da0f4ff..23e628e 100644
--- a/fs/cifs/connect.c
+++ b/fs/cifs/connect.c
@@ -2174,6 +2174,11 @@ static void setup_cifs_sb(struct smb_vol *pvolume_info,
 		cFYI(1, ("mounting share using direct i/o"));
 		cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
 	}
+	/* sec flags */
+	if (pvolume_info->nullauth)
+		cifs_sb->sec_flag = 0;
+	else
+		cifs_sb->sec_flag = pvolume_info->secFlg;

 
 	if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
 		cERROR(1, ("mount option dynperm ignored if cifsacl "
