[linux-cifs-client] Re: [PATCH] cifs: show per mount security
mode in /proc/mounts (try #3)
Suresh Jayaraman
sjayaraman at suse.de
Wed Mar 11 17:13:51 GMT 2009
Steve French wrote:
> On Wed, Mar 11, 2009 at 7:18 AM, Suresh Jayaraman <sjayaraman at suse.de> wrote:
>
>> + ý ý ý for (i = 0; i < ARRAY_SIZE(sec_flags); i++) {
>> + ý ý ý ý ý ý ý if (sec_flags[i].sec == flag)
>> + ý ý ý ý ý ý ý ý ý ý ý break;
>> + ý ý ý }
>> +
>> + ý ý ý return sec_flags[i].flavor;
>
> This seems better, but won't it oops if there is no match on sec_flags
> (since i is one greater than array size).
>
Oops, good catch. I think I relied on the SMBNegotiate code to do
all the error checking which may not be a good idea. How does this
look?
(BTW, any idea how did those extra characters(ý ý) come from? I
did run checkpatch.pl and it didn't complain)
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 13ea532..67029d9 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -331,6 +331,51 @@ cifs_destroy_inode(struct inode *inode)
}
/*
+ * Map auth info
+ */
+static const char *map_auth_info(enum securityEnum type, char mode)
+{
+ unsigned int flag = 0;
+ static const struct {
+ unsigned int sec;
+ const char *flavor;
+ } sec_flags[] = {
+ { CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN, "krb5i"},
+ { CIFSSEC_MAY_KRB5, "krb5"},
+ { CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN, "ntlmv2i"},
+ { CIFSSEC_MAY_NTLMV2, "ntlmv2"},
+ { CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN, "ntlmi"},
+ { CIFSSEC_MAY_NTLM, "ntlm"},
+ { CIFSSEC_MAY_LANMAN, "lanman"},
+ { UINT_MAX, NULL}
+ };
+ int i;
+
+ cFYI(1, ("secType=%d secMode=0x%x\n", type, mode));
+ if (type == NTLMv2)
+ flag |= CIFSSEC_MAY_NTLMV2;
+ else if (type == NTLM)
+ flag |= CIFSSEC_MAY_NTLM;
+ else if (type == Kerberos || type == MSKerberos)
+ flag |= CIFSSEC_MAY_KRB5;
+ else if (type == LANMAN)
+ flag |= CIFSSEC_MAY_LANMAN;
+
+ if (mode & SECMODE_SIGN_REQUIRED)
+ flag |= CIFSSEC_MUST_SIGN;
+ else if (mode & SECMODE_SIGN_ENABLED)
+ flag |= CIFSSEC_MAY_SIGN;
+
+
+ for (i = 0; i < ARRAY_SIZE(sec_flags); i++) {
+ if (sec_flags[i].sec == flag)
+ break;
+ }
+
+ return sec_flags[i].flavor;
+}
+
+/*
* cifs_show_options() is for displaying mount options in /proc/mounts.
* Not all settable options are displayed but most of the important
* ones are.
@@ -341,6 +386,7 @@ cifs_show_options(struct seq_file *s, struct vfsmount *m)
struct cifs_sb_info *cifs_sb;
struct cifsTconInfo *tcon;
struct TCP_Server_Info *server;
+ const char *flavor;
cifs_sb = CIFS_SB(m->mnt_sb);
@@ -369,6 +415,11 @@ cifs_show_options(struct seq_file *s, struct vfsmount *m)
&server->addr.sockAddr.sin_addr.s_addr);
break;
}
+ flavor = map_auth_info(server->secType,
+ server->secMode);
+ if (flavor != NULL)
+ seq_printf(s, ",sec=%s",
+ flavor);
}
}
if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_OVERR_UID) ||
More information about the linux-cifs-client
mailing list