From patchwork Sun Mar 10 00:22:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 10846045 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C9CB21390 for ; Sun, 10 Mar 2019 00:23:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 97CDF28DAC for ; Sun, 10 Mar 2019 00:23:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7120128F40; Sun, 10 Mar 2019 00:23:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E3E4128DAC for ; Sun, 10 Mar 2019 00:23:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726344AbfCJAXN (ORCPT ); Sat, 9 Mar 2019 19:23:13 -0500 Received: from mail-pf1-f169.google.com ([209.85.210.169]:41600 "EHLO mail-pf1-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726332AbfCJAXN (ORCPT ); Sat, 9 Mar 2019 19:23:13 -0500 Received: by mail-pf1-f169.google.com with SMTP id d25so925226pfn.8 for ; Sat, 09 Mar 2019 16:23:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=KJj/pPkmQoATCB7b4zJnVbAJtRQifucpkxu2p3DaKK0=; b=Bpdf6FeB1bAURACJ0DZPiown+HGUV36ZMVerWuprYzEtBlkEIKZxBAeYt/Bq+jbqWt dBbMHu0RE9sVAi7eVguQigW/N7P+OMsdRlNiEynYoOsqLodQb4SL7nIOs19jq9zD3gRK YF+mDbgoQqoFeXYPEdFvS4q7yzj0N/V8SDtLJc6MHgjZcDlNguITltO9rjPKOfXwl1J3 wDCFerxZ1kdB+NUT8SutAeDsJiIWc99/6Q9g1hioZvTfFrdaqTA5V6Gh4jI+kH92l6q/ 6a9iOZWPhVDC9DlnUDsPqbN8aEk0HvtJoJ8okJg1Oebah4Mtn67dfzfntOqnV/sJxcbC WDBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=KJj/pPkmQoATCB7b4zJnVbAJtRQifucpkxu2p3DaKK0=; b=ecUeHvkG1QpzmRtb3LUxz26uAyve/O/J0P2SjH9XQxEKApaPYOenITyGZ9cHbY3NNR FwPvwDr2E/V27Ze+Eq56ckAUMQVObU4uB2dXbc/WOB/NWxdoZspp2+2yUAVh4SmUbCob Ue0P9bxeAkQWQLKIT7gtAsCVKzxY/St8yv80J5vsIV6ZfzMFv1tIa0uRgIjDNwXPFLWX oMUknNk+uPcJv1+48wgnxUFcHThguHLK9eyJ9aooqyA2mbTKBmxKQ5UcV4UoqmLLpDvz d2C8ZNMfbjbZvaLabNv2lE98z0g8YlPEK4BGNXXj2egUG7kwB0RxQP1myLDmf+HC2xjA Sg5Q== X-Gm-Message-State: APjAAAVacCCH0cCyUdOWc4yvDUqranAT934B4cNh7Uhc3bFZAJjXSfmn 5w8HIOxQPxLOWRnvfot9XcxKvfFUuPteYs377bo= X-Google-Smtp-Source: APXvYqyDRL306DppNVNGHc08qSx9VAD0A2B7hu1uxJLsdaQUTOL/hykZ65rWrdxzILND23egz/UIMj9wE9H9hiJ7C/w= X-Received: by 2002:a63:1053:: with SMTP id 19mr23700229pgq.55.1552177391747; Sat, 09 Mar 2019 16:23:11 -0800 (PST) MIME-Version: 1.0 From: Steve French Date: Sat, 9 Mar 2019 18:22:59 -0600 Message-ID: Subject: [PATCH][SMB3] Display security information (encrypted/signed) more accurately in /proc/fs/cifs/DebugData To: Pavel Shilovsky , CIFS Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP We could also update /proc/mounts with additional flags for the mount, but since these are often autonegotiated rather than specified on the mount, it may be more important to dump the accurate debug information in /proc/fs/cifs/DebugData (distinct from what was specified on the mount e.g. "seal") From 59d7bfe5a36dd5299d35ff2cdeb55953df271518 Mon Sep 17 00:00:00 2001 From: Steve French Date: Sat, 9 Mar 2019 18:12:18 -0600 Subject: [PATCH] smb3: display security information in /proc/fs/cifs/DebugData more accurately When the server required encryption (but we didn't connect to it with the "seal" mount option) we weren't displaying in /proc/fs/cifs/DebugData that the tcon for that share was encrypted. Similarly we were not displaying that signing was required when ses->sign was enabled (we only checked ses->server->sign). This makes it easier to debug when in fact the connection is signed (or sealed), whether for performance or security questions. Signed-off-by: Steve French --- fs/cifs/cifs_debug.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c index e92a2fee3c57..f417b2b7c9e5 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -115,7 +115,9 @@ static void cifs_debug_tcon(struct seq_file *m, struct cifs_tcon *tcon) seq_puts(m, " type: CDROM "); else seq_printf(m, " type: %d ", dev_type); - if (tcon->seal) + if ((tcon->seal) || + (tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) || + (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA)) seq_printf(m, " Encrypted"); if (tcon->nocase) seq_printf(m, " nocase"); @@ -371,6 +373,10 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) atomic_read(&server->in_send), atomic_read(&server->num_waiters)); #endif + if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) + seq_puts(m, " encrypted"); + if (ses->sign) + seq_puts(m, " signed"); seq_puts(m, "\n\tShares:"); j = 0; -- 2.17.1