[SMB3] Display security information (encrypted/signed) more accurately in /proc/fs/cifs/DebugData
diff mbox series

Message ID CAH2r5mtRcrwx03ZV0X99-zC4rRdughAt=AoJeWw+oBFmePVOoA@mail.gmail.com
State New
Headers show
Series
  • [SMB3] Display security information (encrypted/signed) more accurately in /proc/fs/cifs/DebugData
Related show

Commit Message

Steve French March 10, 2019, 12:22 a.m. UTC
We could also update /proc/mounts with additional flags for the mount,
but since these are often autonegotiated rather than specified on the
mount, it may be more important to dump the accurate debug information
in /proc/fs/cifs/DebugData (distinct from what was specified on the
mount e.g. "seal")

Patch
diff mbox series

From 59d7bfe5a36dd5299d35ff2cdeb55953df271518 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Sat, 9 Mar 2019 18:12:18 -0600
Subject: [PATCH] smb3: display security information in /proc/fs/cifs/DebugData
 more accurately

When the server required encryption (but we didn't connect to it with the
"seal" mount option) we weren't displaying in /proc/fs/cifs/DebugData that
the tcon for that share was encrypted. Similarly we were not displaying
that signing was required when ses->sign was enabled (we only
checked ses->server->sign).  This makes it easier to debug when in
fact the connection is signed (or sealed), whether for performance
or security questions.

Signed-off-by: Steve French <stfrench@microsoft.com>
---
 fs/cifs/cifs_debug.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
index e92a2fee3c57..f417b2b7c9e5 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
@@ -115,7 +115,9 @@  static void cifs_debug_tcon(struct seq_file *m, struct cifs_tcon *tcon)
 		seq_puts(m, " type: CDROM ");
 	else
 		seq_printf(m, " type: %d ", dev_type);
-	if (tcon->seal)
+	if ((tcon->seal) ||
+	    (tcon->ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA) ||
+	    (tcon->share_flags & SHI1005_FLAGS_ENCRYPT_DATA))
 		seq_printf(m, " Encrypted");
 	if (tcon->nocase)
 		seq_printf(m, " nocase");
@@ -371,6 +373,10 @@  static int cifs_debug_data_proc_show(struct seq_file *m, void *v)
 				atomic_read(&server->in_send),
 				atomic_read(&server->num_waiters));
 #endif
+			if (ses->session_flags & SMB2_SESSION_FLAG_ENCRYPT_DATA)
+				seq_puts(m, " encrypted");
+			if (ses->sign)
+				seq_puts(m, " signed");
 
 			seq_puts(m, "\n\tShares:");
 			j = 0;
-- 
2.17.1