2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 12 aug 96: Erik.Devriendt@te6.siemens.be
22 added support for shared memory implementation of share mode locking
24 21-Jul-1998: rsharpe@ns.aus.com (Richard Sharpe)
25 Added -L (locks only) -S (shares only) flags and code
30 * This program reports current SMB connections
34 #include "lib/util/server_id.h"
35 #include "smbd/globals.h"
36 #include "system/filesys.h"
37 #include "popt_common.h"
38 #include "dbwrap/dbwrap.h"
39 #include "dbwrap/dbwrap_open.h"
40 #include "../libcli/security/security.h"
42 #include "locking/proto.h"
44 #include "librpc/gen_ndr/open_files.h"
45 #include "smbd/smbd.h"
46 #include "librpc/gen_ndr/notify.h"
49 #include "status_profile.h"
50 #include "smbd/notifyd/notifyd.h"
51 #include "cmdline_contexts.h"
52 #include "locking/leases_db.h"
54 #define SMB_MAXPIDS 2048
55 static uid_t Ucrit_uid = 0; /* added by OH */
56 static struct server_id Ucrit_pid[SMB_MAXPIDS]; /* Ugly !!! */ /* added by OH */
57 static int Ucrit_MaxPid=0; /* added by OH */
58 static unsigned int Ucrit_IsActive = 0; /* added by OH */
60 static bool verbose, brief;
61 static bool shares_only; /* Added by RJS */
62 static bool locks_only; /* Added by RJS */
63 static bool processes_only;
65 static bool numeric_only;
66 static bool do_checks = true;
68 const char *username = NULL;
71 static void Ucrit_addUid(uid_t uid)
77 static unsigned int Ucrit_checkUid(uid_t uid)
79 if ( !Ucrit_IsActive )
82 if ( uid == Ucrit_uid )
88 static unsigned int Ucrit_checkPid(struct server_id pid)
92 if ( !Ucrit_IsActive )
95 for (i=0;i<Ucrit_MaxPid;i++) {
96 if (serverid_equal(&pid, &Ucrit_pid[i])) {
104 static bool Ucrit_addPid( struct server_id pid )
106 if ( !Ucrit_IsActive )
109 if ( Ucrit_MaxPid >= SMB_MAXPIDS ) {
110 d_printf("ERROR: More than %d pids for user %s!\n",
111 SMB_MAXPIDS, uidtoname(Ucrit_uid));
116 Ucrit_pid[Ucrit_MaxPid++] = pid;
121 static int print_share_mode(struct file_id fid,
122 const struct share_mode_data *d,
123 const struct share_mode_entry *e,
126 bool resolve_uids = *((bool *)private_data);
129 if (do_checks && !is_valid_share_mode_entry(e)) {
134 d_printf("Locked files:\n");
135 d_printf("Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time\n");
136 d_printf("--------------------------------------------------------------------------------------------------\n");
140 if (do_checks && !serverid_exists(&e->pid)) {
141 /* the process for this entry does not exist any more */
145 if (Ucrit_checkPid(e->pid)) {
146 struct server_id_buf tmp;
147 d_printf("%-11s ", server_id_str_buf(e->pid, &tmp));
149 d_printf("%-14s ", uidtoname(e->uid));
151 d_printf("%-9u ", (unsigned int)e->uid);
153 switch (map_share_mode_to_deny_mode(e->share_access,
154 e->private_options)) {
155 case DENY_NONE: d_printf("DENY_NONE "); break;
156 case DENY_ALL: d_printf("DENY_ALL "); break;
157 case DENY_DOS: d_printf("DENY_DOS "); break;
158 case DENY_READ: d_printf("DENY_READ "); break;
159 case DENY_WRITE:printf("DENY_WRITE "); break;
160 case DENY_FCB: d_printf("DENY_FCB "); break;
162 d_printf("unknown-please report ! "
163 "e->share_access = 0x%x, "
164 "e->private_options = 0x%x\n",
165 (unsigned int)e->share_access,
166 (unsigned int)e->private_options );
170 d_printf("0x%-8x ",(unsigned int)e->access_mask);
171 if ((e->access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))==
172 (FILE_READ_DATA|FILE_WRITE_DATA)) {
174 } else if (e->access_mask & FILE_WRITE_DATA) {
180 if((e->op_type & (EXCLUSIVE_OPLOCK|BATCH_OPLOCK)) ==
181 (EXCLUSIVE_OPLOCK|BATCH_OPLOCK)) {
182 d_printf("EXCLUSIVE+BATCH ");
183 } else if (e->op_type & EXCLUSIVE_OPLOCK) {
184 d_printf("EXCLUSIVE ");
185 } else if (e->op_type & BATCH_OPLOCK) {
187 } else if (e->op_type & LEVEL_II_OPLOCK) {
188 d_printf("LEVEL_II ");
189 } else if (e->op_type == LEASE_OPLOCK) {
193 status = leases_db_get(
197 &lstate, /* current_state */
199 NULL, /* breaking_to_requested */
200 NULL, /* breaking_to_required */
201 NULL, /* lease_version */
204 if (NT_STATUS_IS_OK(status)) {
205 d_printf("LEASE(%s%s%s)%s%s%s ",
206 (lstate & SMB2_LEASE_READ)?"R":"",
207 (lstate & SMB2_LEASE_WRITE)?"W":"",
208 (lstate & SMB2_LEASE_HANDLE)?"H":"",
209 (lstate & SMB2_LEASE_READ)?"":" ",
210 (lstate & SMB2_LEASE_WRITE)?"":" ",
211 (lstate & SMB2_LEASE_HANDLE)?"":" ");
213 d_printf("LEASE STATE UNKNOWN");
219 d_printf(" %s %s%s %s",
220 d->servicepath, d->base_name,
221 (d->stream_name != NULL) ? d->stream_name : "",
222 time_to_asc((time_t)e->time.tv_sec));
228 static void print_brl(struct file_id id,
229 struct server_id pid,
230 enum brl_type lock_type,
231 enum brl_flavour lock_flav,
238 static const struct {
239 enum brl_type lock_type;
244 { PENDING_READ_LOCK, "PR" },
245 { PENDING_WRITE_LOCK, "PW" },
248 const char *desc="X";
249 const char *sharepath = "";
251 struct share_mode_lock *share_mode;
252 struct server_id_buf tmp;
255 d_printf("Byte range locks:\n");
256 d_printf("Pid dev:inode R/W start size SharePath Name\n");
257 d_printf("--------------------------------------------------------------------------------\n");
261 share_mode = fetch_share_mode_unlocked(NULL, id);
263 bool has_stream = share_mode->data->stream_name != NULL;
265 fname = talloc_asprintf(NULL, "%s%s%s",
266 share_mode->data->base_name,
267 has_stream ? ":" : "",
269 share_mode->data->stream_name :
272 fname = talloc_strdup(NULL, "");
278 for (i=0;i<ARRAY_SIZE(lock_types);i++) {
279 if (lock_type == lock_types[i].lock_type) {
280 desc = lock_types[i].desc;
284 d_printf("%-10s %-15s %-4s %-9jd %-9jd %-24s %-24s\n",
285 server_id_str_buf(pid, &tmp), file_id_string_tos(&id),
287 (intmax_t)start, (intmax_t)size,
291 TALLOC_FREE(share_mode);
294 static const char *session_dialect_str(uint16_t dialect)
296 static fstring unkown_dialect;
299 case SMB2_DIALECT_REVISION_000:
301 case SMB2_DIALECT_REVISION_202:
303 case SMB2_DIALECT_REVISION_210:
305 case SMB2_DIALECT_REVISION_222:
307 case SMB2_DIALECT_REVISION_224:
309 case SMB3_DIALECT_REVISION_300:
311 case SMB3_DIALECT_REVISION_302:
313 case SMB3_DIALECT_REVISION_310:
315 case SMB3_DIALECT_REVISION_311:
319 fstr_sprintf(unkown_dialect, "Unknown (0x%04x)", dialect);
320 return unkown_dialect;
323 static int traverse_connections(const struct connections_key *key,
324 const struct connections_data *crec,
327 TALLOC_CTX *mem_ctx = (TALLOC_CTX *)private_data;
328 struct server_id_buf tmp;
329 char *timestr = NULL;
331 const char *encryption = "-";
332 const char *signing = "-";
334 if (crec->cnum == TID_FIELD_INVALID)
338 (!process_exists(crec->pid) || !Ucrit_checkUid(crec->uid))) {
342 timestr = timestring(mem_ctx, crec->start);
343 if (timestr == NULL) {
347 if (smbXsrv_is_encrypted(crec->encryption_flags)) {
348 switch (crec->cipher) {
349 case SMB_ENCRYPTION_GSSAPI:
350 encryption = "GSSAPI";
352 case SMB2_ENCRYPTION_AES128_CCM:
353 encryption = "AES-128-CCM";
355 case SMB2_ENCRYPTION_AES128_GCM:
356 encryption = "AES-128-GCM";
365 if (smbXsrv_is_signed(crec->signing_flags)) {
366 if (crec->dialect >= SMB3_DIALECT_REVISION_302) {
367 signing = "AES-128-CMAC";
368 } else if (crec->dialect >= SMB2_DIALECT_REVISION_202) {
369 signing = "HMAC-SHA256";
371 signing = "HMAC-MD5";
375 d_printf("%-12s %-7s %-13s %-32s %-12s %-12s\n",
376 crec->servicename, server_id_str_buf(crec->pid, &tmp),
382 TALLOC_FREE(timestr);
387 static int traverse_sessionid(const char *key, struct sessionid *session,
390 TALLOC_CTX *mem_ctx = (TALLOC_CTX *)private_data;
392 struct server_id_buf tmp;
393 char *machine_hostname = NULL;
395 const char *encryption = "-";
396 const char *signing = "-";
399 (!process_exists(session->pid) ||
400 !Ucrit_checkUid(session->uid))) {
404 Ucrit_addPid(session->pid);
407 fstr_sprintf(uid_gid_str, "%-12u %-12u",
408 (unsigned int)session->uid,
409 (unsigned int)session->gid);
411 if (session->uid == -1 && session->gid == -1) {
413 * The session is not fully authenticated yet.
415 fstrcpy(uid_gid_str, "(auth in progress)");
418 * In theory it should not happen that one of
419 * session->uid and session->gid is valid (ie != -1)
420 * while the other is not (ie = -1), so we a check for
421 * that case that bails out would be reasonable.
423 const char *uid_name = "-1";
424 const char *gid_name = "-1";
426 if (session->uid != -1) {
427 uid_name = uidtoname(session->uid);
428 if (uid_name == NULL) {
432 if (session->gid != -1) {
433 gid_name = gidtoname(session->gid);
434 if (gid_name == NULL) {
438 fstr_sprintf(uid_gid_str, "%-12s %-12s",
443 machine_hostname = talloc_asprintf(mem_ctx, "%s (%s)",
444 session->remote_machine,
446 if (machine_hostname == NULL) {
450 if (smbXsrv_is_encrypted(session->encryption_flags)) {
451 switch (session->cipher) {
452 case SMB2_ENCRYPTION_AES128_CCM:
453 encryption = "AES-128-CCM";
455 case SMB2_ENCRYPTION_AES128_GCM:
456 encryption = "AES-128-GCM";
463 } else if (smbXsrv_is_partially_encrypted(session->encryption_flags)) {
464 switch (session->cipher) {
465 case SMB_ENCRYPTION_GSSAPI:
466 encryption = "partial(GSSAPI)";
468 case SMB2_ENCRYPTION_AES128_CCM:
469 encryption = "partial(AES-128-CCM)";
471 case SMB2_ENCRYPTION_AES128_GCM:
472 encryption = "partial(AES-128-GCM)";
481 if (smbXsrv_is_signed(session->signing_flags)) {
482 if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
483 signing = "AES-128-CMAC";
484 } else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
485 signing = "HMAC-SHA256";
487 signing = "HMAC-MD5";
489 } else if (smbXsrv_is_partially_signed(session->signing_flags)) {
490 if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
491 signing = "partial(AES-128-CMAC)";
492 } else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
493 signing = "partial(HMAC-SHA256)";
495 signing = "partial(HMAC-MD5)";
500 d_printf("%-7s %-25s %-41s %-17s %-20s %-21s\n",
501 server_id_str_buf(session->pid, &tmp),
504 session_dialect_str(session->connection_dialect),
508 TALLOC_FREE(machine_hostname);
514 static bool print_notify_rec(const char *path, struct server_id server,
515 const struct notify_instance *instance,
518 struct server_id_buf idbuf;
520 d_printf("%s\\%s\\%x\\%x\n", path, server_id_str_buf(server, &idbuf),
521 (unsigned)instance->filter,
522 (unsigned)instance->subdir_filter);
528 OPT_RESOLVE_UIDS = 1000,
531 int main(int argc, const char *argv[])
534 int profile_only = 0;
535 bool show_processes, show_locks, show_shares;
536 bool show_notify = false;
537 bool resolve_uids = false;
539 struct poptOption long_options[] = {
542 .longName = "processes",
544 .argInfo = POPT_ARG_NONE,
547 .descrip = "Show processes only",
550 .longName = "verbose",
552 .argInfo = POPT_ARG_NONE,
555 .descrip = "Be verbose",
560 .argInfo = POPT_ARG_NONE,
563 .descrip = "Show locks only",
566 .longName = "shares",
568 .argInfo = POPT_ARG_NONE,
571 .descrip = "Show shares only",
574 .longName = "notify",
576 .argInfo = POPT_ARG_NONE,
579 .descrip = "Show notifies",
584 .argInfo = POPT_ARG_STRING,
587 .descrip = "Switch to user",
592 .argInfo = POPT_ARG_NONE,
595 .descrip = "Be brief",
598 .longName = "profile",
600 .argInfo = POPT_ARG_NONE,
603 .descrip = "Do profiling",
606 .longName = "profile-rates",
608 .argInfo = POPT_ARG_NONE,
611 .descrip = "Show call rates",
614 .longName = "byterange",
616 .argInfo = POPT_ARG_NONE,
619 .descrip = "Include byte range locks"
622 .longName = "numeric",
624 .argInfo = POPT_ARG_NONE,
627 .descrip = "Numeric uid/gid"
632 .argInfo = POPT_ARG_NONE,
635 .descrip = "Skip checks if processes still exist"
638 .longName = "resolve-uids",
640 .argInfo = POPT_ARG_NONE,
642 .val = OPT_RESOLVE_UIDS,
643 .descrip = "Try to resolve UIDs to usernames"
648 TALLOC_CTX *frame = talloc_stackframe();
650 struct messaging_context *msg_ctx = NULL;
657 setup_logging(argv[0], DEBUG_STDERR);
658 lp_set_cmdline("log level", "0");
660 if (getuid() != geteuid()) {
661 d_printf("smbstatus should not be run setuid\n");
667 d_printf("smbstatus only works as root!\n");
673 pc = poptGetContext(NULL, argc, argv, long_options,
674 POPT_CONTEXT_KEEP_FIRST);
676 while ((c = poptGetNextOpt(pc)) != -1) {
679 processes_only = true;
697 Ucrit_addUid(nametouid(poptGetOptArg(pc)));
712 case OPT_RESOLVE_UIDS:
718 /* setup the flags based on the possible combincations */
720 show_processes = !(shares_only || locks_only || profile_only) || processes_only;
721 show_locks = !(shares_only || processes_only || profile_only) || locks_only;
722 show_shares = !(processes_only || locks_only || profile_only) || shares_only;
725 Ucrit_addUid( nametouid(username) );
728 d_printf("using configfile = %s\n", get_dyn_CONFIGFILE());
731 msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
732 if (msg_ctx == NULL) {
733 fprintf(stderr, "Could not initialize messaging, not root?\n");
738 if (!lp_load_global(get_dyn_CONFIGFILE())) {
739 fprintf(stderr, "Can't load %s - run testparm to debug it\n",
740 get_dyn_CONFIGFILE());
745 switch (profile_only) {
747 /* Dump profile data */
748 ok = status_profile_dump(verbose);
751 /* Continuously display rate-converted data */
752 ok = status_profile_rates(verbose);
758 if ( show_processes ) {
759 d_printf("\nSamba version %s\n",samba_version_string());
760 d_printf("%-7s %-12s %-12s %-41s %-17s %-20s %-21s\n", "PID", "Username", "Group", "Machine", "Protocol Version", "Encryption", "Signing");
761 d_printf("----------------------------------------------------------------------------------------------------------------------------------------\n");
763 sessionid_traverse_read(traverse_sessionid, frame);
765 if (processes_only) {
775 d_printf("\n%-12s %-7s %-13s %-32s %-12s %-12s\n", "Service", "pid", "Machine", "Connected at", "Encryption", "Signing");
776 d_printf("---------------------------------------------------------------------------------------------\n");
778 connections_forall_read(traverse_connections, frame);
789 struct db_context *db;
791 db_path = lock_path(talloc_tos(), "locking.tdb");
792 if (db_path == NULL) {
793 d_printf("Out of memory - exiting\n");
798 db = db_open(NULL, db_path, 0,
799 TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, O_RDONLY, 0,
800 DBWRAP_LOCK_ORDER_1, DBWRAP_FLAG_NONE);
803 d_printf("%s not initialised\n", db_path);
804 d_printf("This is normal if an SMB client has never "
805 "connected to your server.\n");
806 TALLOC_FREE(db_path);
810 TALLOC_FREE(db_path);
813 if (!locking_init_readonly()) {
814 d_printf("Can't initialise locking module - exiting\n");
819 result = share_entry_forall(print_share_mode, &resolve_uids);
822 d_printf("No locked files\n");
823 } else if (result < 0) {
824 d_printf("locked file list truncated\n");
830 brl_forall(print_brl, NULL);
837 struct notify_context *n;
839 n = notify_init(talloc_tos(), msg_ctx,
844 notify_walk(n, print_notify_rec, NULL);