smbstatus: show encrpytion state of sessions

Show the encrpytion state of sessions in smbstatus. This is SMB3
only. CIFS UNIX extensions encryption will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/include/session.h b/source3/include/session.h
index 92fc74f92a45609971668cd65ff3d2aab0cf6113..c73f9eefdfda2e156dc4370c4035eeeb622f8446 100644 (file)
--- a/source3/include/session.h
+++ b/source3/include/session.h
@@ -39,5 +39,7 @@ struct sessionid {
        fstring ip_addr_str;
        time_t connect_start;
        uint16_t connection_dialect;
+       uint8_t encryption_flags;
+       uint16_t cipher;
 };
 

diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 88a2ff2ce60157ab3c4a837e72f97cb9a2e26f15..02ed1386fe6774b72ae82f36bc85ef8453cf7b2c 100644 (file)
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -69,6 +69,9 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
                global->channels[0].remote_address,
                sizeof(fstring)-1);
 
+       session.encryption_flags = global->encryption_flags;
+       session.cipher = global->channels[0].encryption_cipher;
+
        return state->fn(NULL, &session, state->private_data);
 }
 

diff --git a/source3/utils/status.c b/source3/utils/status.c
index 1bf315a986d846eb1e82111e862f7a5b3c16c262..41438af2157c326100d0e1a1554a88b9e7667148 100644 (file)
--- a/source3/utils/status.c
+++ b/source3/utils/status.c
@@ -31,6 +31,7 @@
  */
 
 #include "includes.h"
+#include "smbd/globals.h"
 #include "system/filesys.h"
 #include "popt_common.h"
 #include "dbwrap/dbwrap.h"
@@ -325,6 +326,8 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
        fstring uid_str, gid_str;
        struct server_id_buf tmp;
        char *machine_hostname = NULL;
+       int result = 0;
+       const char *encryption = "-";
 
        if (do_checks &&
            (!process_exists(session->pid) ||
@@ -361,15 +364,44 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
                return -1;
        }
 
-       d_printf("%-7s %-12s %-12s %-41s %-17s\n",
+       if (smbXsrv_is_encrypted(session->encryption_flags)) {
+               switch (session->cipher) {
+               case SMB2_ENCRYPTION_AES128_CCM:
+                       encryption = "AES-128-CCM";
+                       break;
+               case SMB2_ENCRYPTION_AES128_GCM:
+                       encryption = "AES-128-GCM";
+                       break;
+               default:
+                       encryption = "???";
+                       result = -1;
+                       break;
+               }
+       } else if (smbXsrv_is_partially_encrypted(session->encryption_flags)) {
+               switch (session->cipher) {
+               case SMB2_ENCRYPTION_AES128_CCM:
+                       encryption = "partial(AES-128-CCM)";
+                       break;
+               case SMB2_ENCRYPTION_AES128_GCM:
+                       encryption = "partial(AES-128-GCM)";
+                       break;
+               default:
+                       encryption = "???";
+                       result = -1;
+                       break;
+               }
+       }
+
+       d_printf("%-7s %-12s %-12s %-41s %-17s %-20s\n",
                 server_id_str_buf(session->pid, &tmp),
                 uid_str, gid_str,
                 machine_hostname,
-                session_dialect_str(session->connection_dialect));
+                session_dialect_str(session->connection_dialect),
+                encryption);
 
        TALLOC_FREE(machine_hostname);
 
-       return 0;
+       return result;
 }
 
 
@@ -531,8 +563,8 @@ int main(int argc, const char *argv[])
 
        if ( show_processes ) {
                d_printf("\nSamba version %s\n",samba_version_string());
-               d_printf("%-7s %-12s %-12s %-41s %-17s\n", "PID", "Username", "Group", "Machine", "Protocol Version");
-               d_printf("--------------------------------------------------------------------------------------------\n");
+               d_printf("%-7s %-12s %-12s %-41s %-17s %-20s\n", "PID", "Username", "Group", "Machine", "Protocol Version", "Encryption");
+               d_printf("------------------------------------------------------------------------------------------------------------------\n");
 
                sessionid_traverse_read(traverse_sessionid, frame);