[linux-cifs-client] Re: [PATCH] cifs: show per mount security mode
in /proc/mounts
Steve French
smfrench at gmail.com
Tue Mar 10 12:57:57 GMT 2009
On Tue, Mar 10, 2009 at 6:18 AM, Suresh Jayaraman <sjayaraman at suse.de> wrote:
> Currently, /proc/mounts does not display security mode of the cifs
> mounts. With the availability multiple security modes including
> kerberos security, it might be vital to display security mode as well.
The actual security used is not per superblock but per session, and it
would be misleading to leave out the global settings for extended
security flags. The actual security flags that are used during negotiation
are the default flags (set in proc) and flags which are overridden on mount
See below:
/* if any of auth flags (ie not sign or seal) are overriden use them */
if (ses->overrideSecFlg & (~(CIFSSEC_MUST_SIGN | CIFSSEC_MUST_SEAL)))
secFlags = ses->overrideSecFlg; /* BB FIXME fix sign flags? */
else /* if override flags set only sign/seal OR them with global auth */
secFlags = extended_security | ses->overrideSecFlg;
But these security flags don't tell us which mechanism finally ended up
negotiated with the server - for this you need secType and secMode out
of the session structure to be displayed instead of a per-mount new variable.
We do display secMode in /proc (which indicates whether signing is required)
but might be useful to display this more clearly, and it would be useful to
display secType (which indicates what authentication mechanism was negotiated)
--
Thanks,
Steve
More information about the linux-cifs-client
mailing list