smbstatus: show encrpytion state of tree connects

Show the encrpytion state of tcons in smbstatus. This is SMB3 only. CIFS
UNIX extensions encryption will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index bf66d7d7b66c5251e6715eb3e4aa3c95bf01b94e..8eca0a0271d989b75ec6a109273cecbda0aebcd8 100644 (file)
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -41,6 +41,7 @@ struct connections_forall_session {
        gid_t gid;
        fstring machine;
        fstring addr;
+       uint16_t cipher;
 };
 
 static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
@@ -62,6 +63,7 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
        }
        fstrcpy(sess.machine, global->channels[0].remote_name);
        fstrcpy(sess.addr, global->channels[0].remote_address);
+       sess.cipher = global->channels[0].encryption_cipher;
 
        status = dbwrap_store(state->session_by_pid,
                              make_tdb_data((void*)&id, sizeof(id)),
@@ -123,6 +125,8 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
        fstrcpy(data.addr, sess.addr);
        fstrcpy(data.machine, sess.machine);
        data.start = nt_time_to_unix(global->creation_time);
+       data.encryption_flags = global->encryption_flags;
+       data.cipher = sess.cipher;
 
        state->count++;
 

diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h
index 217814faa5423834c8e3318a18546e74822eb863..b57fef8b79ebd87175cff60a76292f58e2bfba39 100644 (file)
--- a/source3/lib/conn_tdb.h
+++ b/source3/lib/conn_tdb.h
@@ -33,6 +33,8 @@ struct connections_data {
        fstring addr;
        fstring machine;
        time_t start;
+       uint8_t encryption_flags;
+       uint16_t cipher;
 };
 
 /* The following definitions come from lib/conn_tdb.c  */

diff --git a/source3/utils/status.c b/source3/utils/status.c
index f92c84fd40afaa0849930709e2c9efb298e2ade0..fd5522ceb61e78b0e07145a0ac28a9b26902b1c7 100644 (file)
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -303,6 +303,8 @@ static int traverse_connections(const struct connections_key *key,
        TALLOC_CTX *mem_ctx = (TALLOC_CTX *)private_data;
        struct server_id_buf tmp;
        char *timestr = NULL;
+       int result = 0;
+       const char *encryption = "-";
 
        if (crec->cnum == TID_FIELD_INVALID)
                return 0;
@@ -317,13 +319,30 @@ static int traverse_connections(const struct connections_key *key,
                return -1;
        }
 
-       d_printf("%-12s %-7s %-13s %-32s\n",
+       if (smbXsrv_is_encrypted(crec->encryption_flags)) {
+               switch (crec->cipher) {
+               case SMB2_ENCRYPTION_AES128_CCM:
+                       encryption = "AES-128-CCM";
+                       break;
+               case SMB2_ENCRYPTION_AES128_GCM:
+                       encryption = "AES-128-GCM";
+                       break;
+               default:
+                       encryption = "???";
+                       result = -1;
+                       break;
+               }
+       }
+
+       d_printf("%-12s %-7s %-13s %-32s %-10s\n",
                 crec->servicename, server_id_str_buf(crec->pid, &tmp),
-                crec->machine, timestr);
+                crec->machine,
+                timestr,
+                encryption);
 
        TALLOC_FREE(timestr);
 
-       return 0;
+       return result;
 }
 
 static int traverse_sessionid(const char *key, struct sessionid *session,
@@ -585,8 +604,8 @@ int main(int argc, const char *argv[])
                        goto done;
                }
 
-               d_printf("\n%-12s %-7s %-13s %-32s\n", "Service", "pid", "machine", "Connected at");
-               d_printf("-------------------------------------------------------------\n");
+               d_printf("\n%-12s %-7s %-13s %-32s %-10s\n", "Service", "pid", "Machine", "Connected at", "Encryption");
+               d_printf("---------------------------------------------------------------------------------\n");
 
                connections_forall_read(traverse_connections, frame);