From patchwork Wed Mar 11 17:13:51 2009
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Suresh Jayaraman <sjayaraman@suse.de>
X-Patchwork-Id: 11175
Received: from lists.samba.org (mail.samba.org [66.70.73.150])
	by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n2BHEsRg011522
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Wed, 11 Mar 2009 17:14:54 GMT
Received: from dp.samba.org (localhost [127.0.0.1])
	by lists.samba.org (Postfix) with ESMTP id 1AF94163D53
	for <patchwork-cifs-client@patchwork.kernel.org>;
	Wed, 11 Mar 2009 17:14:40 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on dp.samba.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.5 required=3.8 tests=AWL, BAYES_00 autolearn=ham
	version=3.1.7
X-Original-To: linux-cifs-client@lists.samba.org
Delivered-To: linux-cifs-client@lists.samba.org
Received: from victor.provo.novell.com (victor.provo.novell.com
	[137.65.250.26])
	by lists.samba.org (Postfix) with ESMTP id BF9BE163C92
	for <linux-cifs-client@lists.samba.org>;
	Wed, 11 Mar 2009 17:14:11 +0000 (GMT)
Received: from [192.168.2.102] (prv-ext-foundry1.gns.novell.com
	[137.65.251.240])
	by victor.provo.novell.com with ESMTP (TLS encrypted);
	Wed, 11 Mar 2009 11:14:08 -0600
Message-ID: <49B7F14F.8020404@suse.de>
Date: Wed, 11 Mar 2009 22:43:51 +0530
From: Suresh Jayaraman <sjayaraman@suse.de>
User-Agent: Thunderbird 2.0.0.19 (X11/20081227)
MIME-Version: 1.0
To: Steve French <smfrench@gmail.com>
Subject: Re: [linux-cifs-client] Re: [PATCH] cifs: show per mount security
	mode in /proc/mounts (try #3)
References: <49B64C89.10407@suse.de>
	<524f69650903100557o2e01fb5ci892e6db5acc23619@mail.gmail.com>
	<49B7AC15.3000302@suse.de>
	<524f69650903110824k586d690fyc855b157c7c22fb2@mail.gmail.com>
In-Reply-To: <524f69650903110824k586d690fyc855b157c7c22fb2@mail.gmail.com>
X-Enigmail-Version: 0.95.7
Cc: "linux-cifs-client@lists.samba.org" <linux-cifs-client@lists.samba.org>,
	Steve French <smfrench@austin.rr.com>
X-BeenThere: linux-cifs-client@lists.samba.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: The Linux CIFS VFS client <linux-cifs-client.lists.samba.org>
List-Unsubscribe: 
 <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=unsubscribe>
List-Archive: <http://lists.samba.org/archive/linux-cifs-client>
List-Post: <mailto:linux-cifs-client@lists.samba.org>
List-Help: <mailto:linux-cifs-client-request@lists.samba.org?subject=help>
List-Subscribe: <https://lists.samba.org/mailman/listinfo/linux-cifs-client>,
	<mailto:linux-cifs-client-request@lists.samba.org?subject=subscribe>
Sender: 
 linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org
Errors-To: 
 linux-cifs-client-bounces+patchwork-cifs-client=patchwork.kernel.org@lists.samba.org

Steve French wrote:
> On Wed, Mar 11, 2009 at 7:18 AM, Suresh Jayaraman <sjayaraman@suse.de> wrote:
> 
>> + ý ý ý for (i = 0; i < ARRAY_SIZE(sec_flags); i++) {
>> + ý ý ý ý ý ý ý if (sec_flags[i].sec == flag)
>> + ý ý ý ý ý ý ý ý ý ý ý break;
>> + ý ý ý }
>> +
>> + ý ý ý return sec_flags[i].flavor;
> 
> This seems better, but won't it oops if there is no match on sec_flags
> (since i is one greater than array size).
> 

Oops, good catch. I think I relied on the SMBNegotiate code to do
all the error checking which may not be a good idea. How does this
look?

(BTW, any idea how did those extra characters(ý ý) come from? I
did run checkpatch.pl and it didn't complain)

diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
index 13ea532..67029d9 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
@@ -331,6 +331,51 @@ cifs_destroy_inode(struct inode *inode)
 }
 
 /*
+ * Map auth info
+ */
+static const char *map_auth_info(enum securityEnum type, char mode)
+{
+	unsigned int flag = 0;
+	static const struct {
+		unsigned int sec;
+		const char *flavor;
+	} sec_flags[] = {
+		{ CIFSSEC_MAY_KRB5 | CIFSSEC_MUST_SIGN, "krb5i"},
+		{ CIFSSEC_MAY_KRB5, "krb5"},
+		{ CIFSSEC_MAY_NTLMV2 | CIFSSEC_MUST_SIGN, "ntlmv2i"},
+		{ CIFSSEC_MAY_NTLMV2, "ntlmv2"},
+		{ CIFSSEC_MAY_NTLM | CIFSSEC_MUST_SIGN, "ntlmi"},
+		{ CIFSSEC_MAY_NTLM, "ntlm"},
+		{ CIFSSEC_MAY_LANMAN, "lanman"},
+		{ UINT_MAX, NULL}
+	};
+	int i;
+
+	cFYI(1, ("secType=%d secMode=0x%x\n", type, mode));
+	if (type == NTLMv2)
+		flag |= CIFSSEC_MAY_NTLMV2;
+	else if (type == NTLM)
+		flag |= CIFSSEC_MAY_NTLM;
+	else if (type == Kerberos || type == MSKerberos)
+		flag |= CIFSSEC_MAY_KRB5;
+	else if (type == LANMAN)
+		flag |= CIFSSEC_MAY_LANMAN;
+
+	if (mode & SECMODE_SIGN_REQUIRED)
+		flag |= CIFSSEC_MUST_SIGN;
+	else if (mode & SECMODE_SIGN_ENABLED)
+		flag |= CIFSSEC_MAY_SIGN;
+
+
+	for (i = 0; i < ARRAY_SIZE(sec_flags); i++) {
+		if (sec_flags[i].sec == flag)
+			break;
+	}
+
+	return sec_flags[i].flavor;
+}
+
+/*
  * cifs_show_options() is for displaying mount options in /proc/mounts.
  * Not all settable options are displayed but most of the important
  * ones are.
@@ -341,6 +386,7 @@ cifs_show_options(struct seq_file *s, struct vfsmount *m)
 	struct cifs_sb_info *cifs_sb;
 	struct cifsTconInfo *tcon;
 	struct TCP_Server_Info *server;
+	const char *flavor;
 
 	cifs_sb = CIFS_SB(m->mnt_sb);
 
@@ -369,6 +415,11 @@ cifs_show_options(struct seq_file *s, struct vfsmount *m)
 							   &server->addr.sockAddr.sin_addr.s_addr);
 						break;
 					}
+					flavor = map_auth_info(server->secType,
+							       server->secMode);
+					if (flavor != NULL)
+						seq_printf(s, ",sec=%s",
+							   flavor);
 				}
 			}
 			if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_OVERR_UID) ||