2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 12 aug 96: Erik.Devriendt@te6.siemens.be
22 added support for shared memory implementation of share mode locking
24 21-Jul-1998: rsharpe@ns.aus.com (Richard Sharpe)
25 Added -L (locks only) -S (shares only) flags and code
30 * This program reports current SMB connections
34 #include "lib/util/server_id.h"
35 #include "smbd/globals.h"
36 #include "system/filesys.h"
37 #include "popt_common.h"
38 #include "dbwrap/dbwrap.h"
39 #include "dbwrap/dbwrap_open.h"
40 #include "../libcli/security/security.h"
42 #include "locking/proto.h"
44 #include "librpc/gen_ndr/open_files.h"
45 #include "smbd/smbd.h"
46 #include "librpc/gen_ndr/notify.h"
49 #include "status_profile.h"
50 #include "smbd/notifyd/notifyd.h"
51 #include "cmdline_contexts.h"
52 #include "locking/leases_db.h"
54 #define SMB_MAXPIDS 2048
55 static uid_t Ucrit_uid
= 0; /* added by OH */
56 static struct server_id Ucrit_pid
[SMB_MAXPIDS
]; /* Ugly !!! */ /* added by OH */
57 static int Ucrit_MaxPid
=0; /* added by OH */
58 static unsigned int Ucrit_IsActive
= 0; /* added by OH */
60 static bool verbose
, brief
;
61 static bool shares_only
; /* Added by RJS */
62 static bool locks_only
; /* Added by RJS */
63 static bool processes_only
;
65 static bool numeric_only
;
66 static bool do_checks
= true;
68 const char *username
= NULL
;
71 static void Ucrit_addUid(uid_t uid
)
77 static unsigned int Ucrit_checkUid(uid_t uid
)
79 if ( !Ucrit_IsActive
)
82 if ( uid
== Ucrit_uid
)
88 static unsigned int Ucrit_checkPid(struct server_id pid
)
92 if ( !Ucrit_IsActive
)
95 for (i
=0;i
<Ucrit_MaxPid
;i
++) {
96 if (server_id_equal(&pid
, &Ucrit_pid
[i
])) {
104 static bool Ucrit_addPid( struct server_id pid
)
106 if ( !Ucrit_IsActive
)
109 if ( Ucrit_MaxPid
>= SMB_MAXPIDS
) {
110 d_printf("ERROR: More than %d pids for user %s!\n",
111 SMB_MAXPIDS
, uidtoname(Ucrit_uid
));
116 Ucrit_pid
[Ucrit_MaxPid
++] = pid
;
121 static int print_share_mode(struct file_id fid
,
122 const struct share_mode_data
*d
,
123 const struct share_mode_entry
*e
,
126 bool resolve_uids
= *((bool *)private_data
);
129 if (do_checks
&& !is_valid_share_mode_entry(e
)) {
134 d_printf("Locked files:\n");
135 d_printf("Pid User(ID) DenyMode Access R/W Oplock SharePath Name Time\n");
136 d_printf("--------------------------------------------------------------------------------------------------\n");
140 if (do_checks
&& !serverid_exists(&e
->pid
)) {
141 /* the process for this entry does not exist any more */
145 if (Ucrit_checkPid(e
->pid
)) {
146 struct server_id_buf tmp
;
147 d_printf("%-11s ", server_id_str_buf(e
->pid
, &tmp
));
149 d_printf("%-14s ", uidtoname(e
->uid
));
151 d_printf("%-9u ", (unsigned int)e
->uid
);
153 switch (map_share_mode_to_deny_mode(e
->share_access
,
154 e
->private_options
)) {
155 case DENY_NONE
: d_printf("DENY_NONE "); break;
156 case DENY_ALL
: d_printf("DENY_ALL "); break;
157 case DENY_DOS
: d_printf("DENY_DOS "); break;
158 case DENY_READ
: d_printf("DENY_READ "); break;
159 case DENY_WRITE
:d_printf("DENY_WRITE "); break;
160 case DENY_FCB
: d_printf("DENY_FCB "); break;
162 d_printf("unknown-please report ! "
163 "e->share_access = 0x%x, "
164 "e->private_options = 0x%x\n",
165 (unsigned int)e
->share_access
,
166 (unsigned int)e
->private_options
);
170 d_printf("0x%-8x ",(unsigned int)e
->access_mask
);
171 if ((e
->access_mask
& (FILE_READ_DATA
|FILE_WRITE_DATA
))==
172 (FILE_READ_DATA
|FILE_WRITE_DATA
)) {
174 } else if (e
->access_mask
& FILE_WRITE_DATA
) {
180 if((e
->op_type
& (EXCLUSIVE_OPLOCK
|BATCH_OPLOCK
)) ==
181 (EXCLUSIVE_OPLOCK
|BATCH_OPLOCK
)) {
182 d_printf("EXCLUSIVE+BATCH ");
183 } else if (e
->op_type
& EXCLUSIVE_OPLOCK
) {
184 d_printf("EXCLUSIVE ");
185 } else if (e
->op_type
& BATCH_OPLOCK
) {
187 } else if (e
->op_type
& LEVEL_II_OPLOCK
) {
188 d_printf("LEVEL_II ");
189 } else if (e
->op_type
== LEASE_OPLOCK
) {
193 status
= leases_db_get(
197 &lstate
, /* current_state */
199 NULL
, /* breaking_to_requested */
200 NULL
, /* breaking_to_required */
201 NULL
, /* lease_version */
204 if (NT_STATUS_IS_OK(status
)) {
205 d_printf("LEASE(%s%s%s)%s%s%s ",
206 (lstate
& SMB2_LEASE_READ
)?"R":"",
207 (lstate
& SMB2_LEASE_WRITE
)?"W":"",
208 (lstate
& SMB2_LEASE_HANDLE
)?"H":"",
209 (lstate
& SMB2_LEASE_READ
)?"":" ",
210 (lstate
& SMB2_LEASE_WRITE
)?"":" ",
211 (lstate
& SMB2_LEASE_HANDLE
)?"":" ");
213 d_printf("LEASE STATE UNKNOWN");
219 d_printf(" %s %s%s %s",
220 d
->servicepath
, d
->base_name
,
221 (d
->stream_name
!= NULL
) ? d
->stream_name
: "",
222 time_to_asc((time_t)e
->time
.tv_sec
));
228 static void print_brl(struct file_id id
,
229 struct server_id pid
,
230 enum brl_type lock_type
,
231 enum brl_flavour lock_flav
,
238 static const struct {
239 enum brl_type lock_type
;
246 const char *desc
="X";
247 const char *sharepath
= "";
249 struct share_mode_lock
*share_mode
;
250 struct server_id_buf tmp
;
251 struct file_id_buf ftmp
;
254 d_printf("Byte range locks:\n");
255 d_printf("Pid dev:inode R/W start size SharePath Name\n");
256 d_printf("--------------------------------------------------------------------------------\n");
260 share_mode
= fetch_share_mode_unlocked(NULL
, id
);
262 bool has_stream
= share_mode
->data
->stream_name
!= NULL
;
264 fname
= talloc_asprintf(NULL
, "%s%s%s",
265 share_mode
->data
->base_name
,
266 has_stream
? ":" : "",
268 share_mode
->data
->stream_name
:
271 fname
= talloc_strdup(NULL
, "");
277 for (i
=0;i
<ARRAY_SIZE(lock_types
);i
++) {
278 if (lock_type
== lock_types
[i
].lock_type
) {
279 desc
= lock_types
[i
].desc
;
283 d_printf("%-10s %-15s %-4s %-9jd %-9jd %-24s %-24s\n",
284 server_id_str_buf(pid
, &tmp
),
285 file_id_str_buf(id
, &ftmp
),
287 (intmax_t)start
, (intmax_t)size
,
291 TALLOC_FREE(share_mode
);
294 static const char *session_dialect_str(uint16_t dialect
)
296 static fstring unkown_dialect
;
299 case SMB2_DIALECT_REVISION_000
:
301 case SMB2_DIALECT_REVISION_202
:
303 case SMB2_DIALECT_REVISION_210
:
305 case SMB2_DIALECT_REVISION_222
:
307 case SMB2_DIALECT_REVISION_224
:
309 case SMB3_DIALECT_REVISION_300
:
311 case SMB3_DIALECT_REVISION_302
:
313 case SMB3_DIALECT_REVISION_310
:
315 case SMB3_DIALECT_REVISION_311
:
319 fstr_sprintf(unkown_dialect
, "Unknown (0x%04x)", dialect
);
320 return unkown_dialect
;
323 static int traverse_connections(const struct connections_key
*key
,
324 const struct connections_data
*crec
,
327 TALLOC_CTX
*mem_ctx
= (TALLOC_CTX
*)private_data
;
328 struct server_id_buf tmp
;
329 char *timestr
= NULL
;
331 const char *encryption
= "-";
332 const char *signing
= "-";
334 if (crec
->cnum
== TID_FIELD_INVALID
)
338 (!process_exists(crec
->pid
) || !Ucrit_checkUid(crec
->uid
))) {
342 timestr
= timestring(mem_ctx
, crec
->start
);
343 if (timestr
== NULL
) {
347 if (smbXsrv_is_encrypted(crec
->encryption_flags
)) {
348 switch (crec
->cipher
) {
349 case SMB_ENCRYPTION_GSSAPI
:
350 encryption
= "GSSAPI";
352 case SMB2_ENCRYPTION_AES128_CCM
:
353 encryption
= "AES-128-CCM";
355 case SMB2_ENCRYPTION_AES128_GCM
:
356 encryption
= "AES-128-GCM";
365 if (smbXsrv_is_signed(crec
->signing_flags
)) {
366 if (crec
->dialect
>= SMB3_DIALECT_REVISION_302
) {
367 signing
= "AES-128-CMAC";
368 } else if (crec
->dialect
>= SMB2_DIALECT_REVISION_202
) {
369 signing
= "HMAC-SHA256";
371 signing
= "HMAC-MD5";
375 d_printf("%-12s %-7s %-13s %-32s %-12s %-12s\n",
376 crec
->servicename
, server_id_str_buf(crec
->pid
, &tmp
),
382 TALLOC_FREE(timestr
);
387 static int traverse_sessionid(const char *key
, struct sessionid
*session
,
390 TALLOC_CTX
*mem_ctx
= (TALLOC_CTX
*)private_data
;
392 struct server_id_buf tmp
;
393 char *machine_hostname
= NULL
;
395 const char *encryption
= "-";
396 const char *signing
= "-";
399 (!process_exists(session
->pid
) ||
400 !Ucrit_checkUid(session
->uid
))) {
404 Ucrit_addPid(session
->pid
);
407 fstr_sprintf(uid_gid_str
, "%-12u %-12u",
408 (unsigned int)session
->uid
,
409 (unsigned int)session
->gid
);
411 if (session
->uid
== -1 && session
->gid
== -1) {
413 * The session is not fully authenticated yet.
415 fstrcpy(uid_gid_str
, "(auth in progress)");
418 * In theory it should not happen that one of
419 * session->uid and session->gid is valid (ie != -1)
420 * while the other is not (ie = -1), so we a check for
421 * that case that bails out would be reasonable.
423 const char *uid_name
= "-1";
424 const char *gid_name
= "-1";
426 if (session
->uid
!= -1) {
427 uid_name
= uidtoname(session
->uid
);
428 if (uid_name
== NULL
) {
432 if (session
->gid
!= -1) {
433 gid_name
= gidtoname(session
->gid
);
434 if (gid_name
== NULL
) {
438 fstr_sprintf(uid_gid_str
, "%-12s %-12s",
443 machine_hostname
= talloc_asprintf(mem_ctx
, "%s (%s)",
444 session
->remote_machine
,
446 if (machine_hostname
== NULL
) {
450 if (smbXsrv_is_encrypted(session
->encryption_flags
)) {
451 switch (session
->cipher
) {
452 case SMB2_ENCRYPTION_AES128_CCM
:
453 encryption
= "AES-128-CCM";
455 case SMB2_ENCRYPTION_AES128_GCM
:
456 encryption
= "AES-128-GCM";
463 } else if (smbXsrv_is_partially_encrypted(session
->encryption_flags
)) {
464 switch (session
->cipher
) {
465 case SMB_ENCRYPTION_GSSAPI
:
466 encryption
= "partial(GSSAPI)";
468 case SMB2_ENCRYPTION_AES128_CCM
:
469 encryption
= "partial(AES-128-CCM)";
471 case SMB2_ENCRYPTION_AES128_GCM
:
472 encryption
= "partial(AES-128-GCM)";
481 if (smbXsrv_is_signed(session
->signing_flags
)) {
482 if (session
->connection_dialect
>= SMB3_DIALECT_REVISION_302
) {
483 signing
= "AES-128-CMAC";
484 } else if (session
->connection_dialect
>= SMB2_DIALECT_REVISION_202
) {
485 signing
= "HMAC-SHA256";
487 signing
= "HMAC-MD5";
489 } else if (smbXsrv_is_partially_signed(session
->signing_flags
)) {
490 if (session
->connection_dialect
>= SMB3_DIALECT_REVISION_302
) {
491 signing
= "partial(AES-128-CMAC)";
492 } else if (session
->connection_dialect
>= SMB2_DIALECT_REVISION_202
) {
493 signing
= "partial(HMAC-SHA256)";
495 signing
= "partial(HMAC-MD5)";
500 d_printf("%-7s %-25s %-41s %-17s %-20s %-21s\n",
501 server_id_str_buf(session
->pid
, &tmp
),
504 session_dialect_str(session
->connection_dialect
),
508 TALLOC_FREE(machine_hostname
);
514 static bool print_notify_rec(const char *path
, struct server_id server
,
515 const struct notify_instance
*instance
,
518 struct server_id_buf idbuf
;
520 d_printf("%s\\%s\\%x\\%x\n", path
, server_id_str_buf(server
, &idbuf
),
521 (unsigned)instance
->filter
,
522 (unsigned)instance
->subdir_filter
);
528 OPT_RESOLVE_UIDS
= 1000,
531 int main(int argc
, const char *argv
[])
534 int profile_only
= 0;
535 bool show_processes
, show_locks
, show_shares
;
536 bool show_notify
= false;
537 bool resolve_uids
= false;
538 poptContext pc
= NULL
;
539 struct poptOption long_options
[] = {
542 .longName
= "processes",
544 .argInfo
= POPT_ARG_NONE
,
547 .descrip
= "Show processes only",
550 .longName
= "verbose",
552 .argInfo
= POPT_ARG_NONE
,
555 .descrip
= "Be verbose",
560 .argInfo
= POPT_ARG_NONE
,
563 .descrip
= "Show locks only",
566 .longName
= "shares",
568 .argInfo
= POPT_ARG_NONE
,
571 .descrip
= "Show shares only",
574 .longName
= "notify",
576 .argInfo
= POPT_ARG_NONE
,
579 .descrip
= "Show notifies",
584 .argInfo
= POPT_ARG_STRING
,
587 .descrip
= "Switch to user",
592 .argInfo
= POPT_ARG_NONE
,
595 .descrip
= "Be brief",
598 .longName
= "profile",
600 .argInfo
= POPT_ARG_NONE
,
603 .descrip
= "Do profiling",
606 .longName
= "profile-rates",
608 .argInfo
= POPT_ARG_NONE
,
611 .descrip
= "Show call rates",
614 .longName
= "byterange",
616 .argInfo
= POPT_ARG_NONE
,
619 .descrip
= "Include byte range locks"
622 .longName
= "numeric",
624 .argInfo
= POPT_ARG_NONE
,
627 .descrip
= "Numeric uid/gid"
632 .argInfo
= POPT_ARG_NONE
,
635 .descrip
= "Skip checks if processes still exist"
638 .longName
= "resolve-uids",
640 .argInfo
= POPT_ARG_NONE
,
642 .val
= OPT_RESOLVE_UIDS
,
643 .descrip
= "Try to resolve UIDs to usernames"
648 TALLOC_CTX
*frame
= talloc_stackframe();
650 struct messaging_context
*msg_ctx
= NULL
;
657 setup_logging(argv
[0], DEBUG_STDERR
);
658 lp_set_cmdline("log level", "0");
660 if (getuid() != geteuid()) {
661 d_printf("smbstatus should not be run setuid\n");
667 d_printf("smbstatus only works as root!\n");
673 pc
= poptGetContext(NULL
, argc
, argv
, long_options
,
674 POPT_CONTEXT_KEEP_FIRST
);
676 while ((c
= poptGetNextOpt(pc
)) != -1) {
679 processes_only
= true;
697 Ucrit_addUid(nametouid(poptGetOptArg(pc
)));
712 case OPT_RESOLVE_UIDS
:
718 /* setup the flags based on the possible combincations */
720 show_processes
= !(shares_only
|| locks_only
|| profile_only
) || processes_only
;
721 show_locks
= !(shares_only
|| processes_only
|| profile_only
) || locks_only
;
722 show_shares
= !(processes_only
|| locks_only
|| profile_only
) || shares_only
;
725 Ucrit_addUid( nametouid(username
) );
728 d_printf("using configfile = %s\n", get_dyn_CONFIGFILE());
731 msg_ctx
= cmdline_messaging_context(get_dyn_CONFIGFILE());
732 if (msg_ctx
== NULL
) {
733 fprintf(stderr
, "Could not initialize messaging, not root?\n");
738 if (!lp_load_global(get_dyn_CONFIGFILE())) {
739 fprintf(stderr
, "Can't load %s - run testparm to debug it\n",
740 get_dyn_CONFIGFILE());
745 switch (profile_only
) {
747 /* Dump profile data */
748 ok
= status_profile_dump(verbose
);
752 /* Continuously display rate-converted data */
753 ok
= status_profile_rates(verbose
);
760 if ( show_processes
) {
761 d_printf("\nSamba version %s\n",samba_version_string());
762 d_printf("%-7s %-12s %-12s %-41s %-17s %-20s %-21s\n", "PID", "Username", "Group", "Machine", "Protocol Version", "Encryption", "Signing");
763 d_printf("----------------------------------------------------------------------------------------------------------------------------------------\n");
765 sessionid_traverse_read(traverse_sessionid
, frame
);
767 if (processes_only
) {
777 d_printf("\n%-12s %-7s %-13s %-32s %-12s %-12s\n", "Service", "pid", "Machine", "Connected at", "Encryption", "Signing");
778 d_printf("---------------------------------------------------------------------------------------------\n");
780 connections_forall_read(traverse_connections
, frame
);
791 struct db_context
*db
;
793 db_path
= lock_path(talloc_tos(), "locking.tdb");
794 if (db_path
== NULL
) {
795 d_printf("Out of memory - exiting\n");
800 db
= db_open(NULL
, db_path
, 0,
801 TDB_CLEAR_IF_FIRST
|TDB_INCOMPATIBLE_HASH
, O_RDONLY
, 0,
802 DBWRAP_LOCK_ORDER_1
, DBWRAP_FLAG_NONE
);
805 d_printf("%s not initialised\n", db_path
);
806 d_printf("This is normal if an SMB client has never "
807 "connected to your server.\n");
808 TALLOC_FREE(db_path
);
812 TALLOC_FREE(db_path
);
815 if (!locking_init_readonly()) {
816 d_printf("Can't initialise locking module - exiting\n");
821 result
= share_entry_forall(print_share_mode
, &resolve_uids
);
824 d_printf("No locked files\n");
825 } else if (result
< 0) {
826 d_printf("locked file list truncated\n");
832 brl_forall(print_brl
, NULL
);
839 struct notify_context
*n
;
841 n
= notify_init(talloc_tos(), msg_ctx
,
846 notify_walk(n
, print_notify_rec
, NULL
);