2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1994-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 12 aug 96: Erik.Devriendt@te6.siemens.be
22 added support for shared memory implementation of share mode locking
24 21-Jul-1998: rsharpe@ns.aus.com (Richard Sharpe)
25 Added -L (locks only) -S (shares only) flags and code
30 * This program reports current SMB connections
34 #include "lib/util/server_id.h"
35 #include "smbd/globals.h"
36 #include "system/filesys.h"
37 #include "popt_common.h"
38 #include "dbwrap/dbwrap.h"
39 #include "dbwrap/dbwrap_open.h"
40 #include "../libcli/security/security.h"
42 #include "locking/proto.h"
44 #include "librpc/gen_ndr/open_files.h"
45 #include "smbd/smbd.h"
46 #include "librpc/gen_ndr/notify.h"
47 #include "lib/conn_tdb.h"
49 #include "status_profile.h"
50 #include "smbd/notifyd/notifyd.h"
52 #define SMB_MAXPIDS 2048
53 static uid_t Ucrit_uid
= 0; /* added by OH */
54 static struct server_id Ucrit_pid
[SMB_MAXPIDS
]; /* Ugly !!! */ /* added by OH */
55 static int Ucrit_MaxPid
=0; /* added by OH */
56 static unsigned int Ucrit_IsActive
= 0; /* added by OH */
58 static bool verbose
, brief
;
59 static bool shares_only
; /* Added by RJS */
60 static bool locks_only
; /* Added by RJS */
61 static bool processes_only
;
63 static bool numeric_only
;
64 static bool do_checks
= true;
66 const char *username
= NULL
;
69 static void Ucrit_addUid(uid_t uid
)
75 static unsigned int Ucrit_checkUid(uid_t uid
)
77 if ( !Ucrit_IsActive
)
80 if ( uid
== Ucrit_uid
)
86 static unsigned int Ucrit_checkPid(struct server_id pid
)
90 if ( !Ucrit_IsActive
)
93 for (i
=0;i
<Ucrit_MaxPid
;i
++) {
94 if (serverid_equal(&pid
, &Ucrit_pid
[i
])) {
102 static bool Ucrit_addPid( struct server_id pid
)
104 if ( !Ucrit_IsActive
)
107 if ( Ucrit_MaxPid
>= SMB_MAXPIDS
) {
108 d_printf("ERROR: More than %d pids for user %s!\n",
109 SMB_MAXPIDS
, uidtoname(Ucrit_uid
));
114 Ucrit_pid
[Ucrit_MaxPid
++] = pid
;
119 static int print_share_mode(const struct share_mode_entry
*e
,
120 const char *sharepath
,
127 if (do_checks
&& !is_valid_share_mode_entry(e
)) {
132 d_printf("Locked files:\n");
133 d_printf("Pid Uid DenyMode Access R/W Oplock SharePath Name Time\n");
134 d_printf("--------------------------------------------------------------------------------------------------\n");
138 if (do_checks
&& !serverid_exists(&e
->pid
)) {
139 /* the process for this entry does not exist any more */
143 if (Ucrit_checkPid(e
->pid
)) {
144 struct server_id_buf tmp
;
145 d_printf("%-11s ", server_id_str_buf(e
->pid
, &tmp
));
146 d_printf("%-9u ", (unsigned int)e
->uid
);
147 switch (map_share_mode_to_deny_mode(e
->share_access
,
148 e
->private_options
)) {
149 case DENY_NONE
: d_printf("DENY_NONE "); break;
150 case DENY_ALL
: d_printf("DENY_ALL "); break;
151 case DENY_DOS
: d_printf("DENY_DOS "); break;
152 case DENY_READ
: d_printf("DENY_READ "); break;
153 case DENY_WRITE
:printf("DENY_WRITE "); break;
154 case DENY_FCB
: d_printf("DENY_FCB "); break;
156 d_printf("unknown-please report ! "
157 "e->share_access = 0x%x, "
158 "e->private_options = 0x%x\n",
159 (unsigned int)e
->share_access
,
160 (unsigned int)e
->private_options
);
164 d_printf("0x%-8x ",(unsigned int)e
->access_mask
);
165 if ((e
->access_mask
& (FILE_READ_DATA
|FILE_WRITE_DATA
))==
166 (FILE_READ_DATA
|FILE_WRITE_DATA
)) {
168 } else if (e
->access_mask
& FILE_WRITE_DATA
) {
174 if((e
->op_type
& (EXCLUSIVE_OPLOCK
|BATCH_OPLOCK
)) ==
175 (EXCLUSIVE_OPLOCK
|BATCH_OPLOCK
)) {
176 d_printf("EXCLUSIVE+BATCH ");
177 } else if (e
->op_type
& EXCLUSIVE_OPLOCK
) {
178 d_printf("EXCLUSIVE ");
179 } else if (e
->op_type
& BATCH_OPLOCK
) {
181 } else if (e
->op_type
& LEVEL_II_OPLOCK
) {
182 d_printf("LEVEL_II ");
183 } else if (e
->op_type
== LEASE_OPLOCK
) {
184 uint32_t lstate
= e
->lease
->current_state
;
185 d_printf("LEASE(%s%s%s)%s%s%s ",
186 (lstate
& SMB2_LEASE_READ
)?"R":"",
187 (lstate
& SMB2_LEASE_WRITE
)?"W":"",
188 (lstate
& SMB2_LEASE_HANDLE
)?"H":"",
189 (lstate
& SMB2_LEASE_READ
)?"":" ",
190 (lstate
& SMB2_LEASE_WRITE
)?"":" ",
191 (lstate
& SMB2_LEASE_HANDLE
)?"":" ");
196 d_printf(" %s %s%s %s",
199 time_to_asc((time_t)e
->time
.tv_sec
));
205 static void print_brl(struct file_id id
,
206 struct server_id pid
,
207 enum brl_type lock_type
,
208 enum brl_flavour lock_flav
,
215 static const struct {
216 enum brl_type lock_type
;
221 { PENDING_READ_LOCK
, "PR" },
222 { PENDING_WRITE_LOCK
, "PW" },
225 const char *desc
="X";
226 const char *sharepath
= "";
228 struct share_mode_lock
*share_mode
;
229 struct server_id_buf tmp
;
232 d_printf("Byte range locks:\n");
233 d_printf("Pid dev:inode R/W start size SharePath Name\n");
234 d_printf("--------------------------------------------------------------------------------\n");
238 share_mode
= fetch_share_mode_unlocked(NULL
, id
);
240 bool has_stream
= share_mode
->data
->stream_name
!= NULL
;
242 fname
= talloc_asprintf(NULL
, "%s%s%s",
243 share_mode
->data
->base_name
,
244 has_stream
? ":" : "",
246 share_mode
->data
->stream_name
:
249 fname
= talloc_strdup(NULL
, "");
255 for (i
=0;i
<ARRAY_SIZE(lock_types
);i
++) {
256 if (lock_type
== lock_types
[i
].lock_type
) {
257 desc
= lock_types
[i
].desc
;
261 d_printf("%-10s %-15s %-4s %-9jd %-9jd %-24s %-24s\n",
262 server_id_str_buf(pid
, &tmp
), file_id_string_tos(&id
),
264 (intmax_t)start
, (intmax_t)size
,
268 TALLOC_FREE(share_mode
);
271 static const char *session_dialect_str(uint16_t dialect
)
273 static fstring unkown_dialect
;
276 case SMB2_DIALECT_REVISION_000
:
278 case SMB2_DIALECT_REVISION_202
:
280 case SMB2_DIALECT_REVISION_210
:
282 case SMB2_DIALECT_REVISION_222
:
284 case SMB2_DIALECT_REVISION_224
:
286 case SMB3_DIALECT_REVISION_300
:
288 case SMB3_DIALECT_REVISION_302
:
290 case SMB3_DIALECT_REVISION_310
:
292 case SMB3_DIALECT_REVISION_311
:
296 fstr_sprintf(unkown_dialect
, "Unknown (0x%04x)", dialect
);
297 return unkown_dialect
;
300 static int traverse_connections(const struct connections_key
*key
,
301 const struct connections_data
*crec
,
304 TALLOC_CTX
*mem_ctx
= (TALLOC_CTX
*)private_data
;
305 struct server_id_buf tmp
;
306 char *timestr
= NULL
;
308 const char *encryption
= "-";
309 const char *signing
= "-";
311 if (crec
->cnum
== TID_FIELD_INVALID
)
315 (!process_exists(crec
->pid
) || !Ucrit_checkUid(crec
->uid
))) {
319 timestr
= timestring(mem_ctx
, crec
->start
);
320 if (timestr
== NULL
) {
324 if (smbXsrv_is_encrypted(crec
->encryption_flags
)) {
325 switch (crec
->cipher
) {
326 case SMB_ENCRYPTION_GSSAPI
:
327 encryption
= "GSSAPI";
329 case SMB2_ENCRYPTION_AES128_CCM
:
330 encryption
= "AES-128-CCM";
332 case SMB2_ENCRYPTION_AES128_GCM
:
333 encryption
= "AES-128-GCM";
342 if (smbXsrv_is_signed(crec
->signing_flags
)) {
343 if (crec
->dialect
>= SMB3_DIALECT_REVISION_302
) {
344 signing
= "AES-128-CMAC";
345 } else if (crec
->dialect
>= SMB2_DIALECT_REVISION_202
) {
346 signing
= "HMAC-SHA256";
348 signing
= "HMAC-MD5";
352 d_printf("%-12s %-7s %-13s %-32s %-12s %-12s\n",
353 crec
->servicename
, server_id_str_buf(crec
->pid
, &tmp
),
359 TALLOC_FREE(timestr
);
364 static int traverse_sessionid(const char *key
, struct sessionid
*session
,
367 TALLOC_CTX
*mem_ctx
= (TALLOC_CTX
*)private_data
;
368 fstring uid_str
, gid_str
;
369 struct server_id_buf tmp
;
370 char *machine_hostname
= NULL
;
372 const char *encryption
= "-";
373 const char *signing
= "-";
376 (!process_exists(session
->pid
) ||
377 !Ucrit_checkUid(session
->uid
))) {
381 Ucrit_addPid(session
->pid
);
383 fstrcpy(uid_str
, "-1");
385 if (session
->uid
!= -1) {
387 fstr_sprintf(uid_str
, "%u", (unsigned int)session
->uid
);
389 fstrcpy(uid_str
, uidtoname(session
->uid
));
393 fstrcpy(gid_str
, "-1");
395 if (session
->gid
!= -1) {
397 fstr_sprintf(gid_str
, "%u", (unsigned int)session
->gid
);
399 fstrcpy(gid_str
, gidtoname(session
->gid
));
403 machine_hostname
= talloc_asprintf(mem_ctx
, "%s (%s)",
404 session
->remote_machine
,
406 if (machine_hostname
== NULL
) {
410 if (smbXsrv_is_encrypted(session
->encryption_flags
)) {
411 switch (session
->cipher
) {
412 case SMB2_ENCRYPTION_AES128_CCM
:
413 encryption
= "AES-128-CCM";
415 case SMB2_ENCRYPTION_AES128_GCM
:
416 encryption
= "AES-128-GCM";
423 } else if (smbXsrv_is_partially_encrypted(session
->encryption_flags
)) {
424 switch (session
->cipher
) {
425 case SMB_ENCRYPTION_GSSAPI
:
426 encryption
= "partial(GSSAPI)";
428 case SMB2_ENCRYPTION_AES128_CCM
:
429 encryption
= "partial(AES-128-CCM)";
431 case SMB2_ENCRYPTION_AES128_GCM
:
432 encryption
= "partial(AES-128-GCM)";
441 if (smbXsrv_is_signed(session
->signing_flags
)) {
442 if (session
->connection_dialect
>= SMB3_DIALECT_REVISION_302
) {
443 signing
= "AES-128-CMAC";
444 } else if (session
->connection_dialect
>= SMB2_DIALECT_REVISION_202
) {
445 signing
= "HMAC-SHA256";
447 signing
= "HMAC-MD5";
449 } else if (smbXsrv_is_partially_signed(session
->signing_flags
)) {
450 if (session
->connection_dialect
>= SMB3_DIALECT_REVISION_302
) {
451 signing
= "partial(AES-128-CMAC)";
452 } else if (session
->connection_dialect
>= SMB2_DIALECT_REVISION_202
) {
453 signing
= "partial(HMAC-SHA256)";
455 signing
= "partial(HMAC-MD5)";
460 d_printf("%-7s %-12s %-12s %-41s %-17s %-20s %-21s\n",
461 server_id_str_buf(session
->pid
, &tmp
),
464 session_dialect_str(session
->connection_dialect
),
468 TALLOC_FREE(machine_hostname
);
474 static bool print_notify_rec(const char *path
, struct server_id server
,
475 const struct notify_instance
*instance
,
478 struct server_id_buf idbuf
;
480 d_printf("%s\\%s\\%x\\%x\n", path
, server_id_str_buf(server
, &idbuf
),
481 (unsigned)instance
->filter
,
482 (unsigned)instance
->subdir_filter
);
487 int main(int argc
, const char *argv
[])
490 int profile_only
= 0;
491 bool show_processes
, show_locks
, show_shares
;
492 bool show_notify
= false;
494 struct poptOption long_options
[] = {
496 {"processes", 'p', POPT_ARG_NONE
, NULL
, 'p', "Show processes only" },
497 {"verbose", 'v', POPT_ARG_NONE
, NULL
, 'v', "Be verbose" },
498 {"locks", 'L', POPT_ARG_NONE
, NULL
, 'L', "Show locks only" },
499 {"shares", 'S', POPT_ARG_NONE
, NULL
, 'S', "Show shares only" },
500 {"notify", 'N', POPT_ARG_NONE
, NULL
, 'N', "Show notifies" },
501 {"user", 'u', POPT_ARG_STRING
, &username
, 'u', "Switch to user" },
502 {"brief", 'b', POPT_ARG_NONE
, NULL
, 'b', "Be brief" },
503 {"profile", 'P', POPT_ARG_NONE
, NULL
, 'P', "Do profiling" },
504 {"profile-rates", 'R', POPT_ARG_NONE
, NULL
, 'R', "Show call rates" },
505 {"byterange", 'B', POPT_ARG_NONE
, NULL
, 'B', "Include byte range locks"},
506 {"numeric", 'n', POPT_ARG_NONE
, NULL
, 'n', "Numeric uid/gid"},
507 {"fast", 'f', POPT_ARG_NONE
, NULL
, 'f', "Skip checks if processes still exist"},
511 TALLOC_CTX
*frame
= talloc_stackframe();
513 struct messaging_context
*msg_ctx
= NULL
;
520 setup_logging(argv
[0], DEBUG_STDERR
);
521 lp_set_cmdline("log level", "0");
523 if (getuid() != geteuid()) {
524 d_printf("smbstatus should not be run setuid\n");
530 d_printf("smbstatus only works as root!\n");
536 pc
= poptGetContext(NULL
, argc
, argv
, long_options
,
537 POPT_CONTEXT_KEEP_FIRST
);
539 while ((c
= poptGetNextOpt(pc
)) != -1) {
542 processes_only
= true;
560 Ucrit_addUid(nametouid(poptGetOptArg(pc
)));
578 /* setup the flags based on the possible combincations */
580 show_processes
= !(shares_only
|| locks_only
|| profile_only
) || processes_only
;
581 show_locks
= !(shares_only
|| processes_only
|| profile_only
) || locks_only
;
582 show_shares
= !(processes_only
|| locks_only
|| profile_only
) || shares_only
;
585 Ucrit_addUid( nametouid(username
) );
588 d_printf("using configfile = %s\n", get_dyn_CONFIGFILE());
591 if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
592 fprintf(stderr
, "Can't load %s - run testparm to debug it\n",
593 get_dyn_CONFIGFILE());
600 * This implicitly initializes the global ctdbd connection,
601 * usable by the db_open() calls further down.
603 msg_ctx
= messaging_init(NULL
, samba_tevent_context_init(NULL
));
604 if (msg_ctx
== NULL
) {
605 fprintf(stderr
, "messaging_init failed\n");
610 if (!lp_load_global(get_dyn_CONFIGFILE())) {
611 fprintf(stderr
, "Can't load %s - run testparm to debug it\n",
612 get_dyn_CONFIGFILE());
617 switch (profile_only
) {
619 /* Dump profile data */
620 ok
= status_profile_dump(verbose
);
623 /* Continuously display rate-converted data */
624 ok
= status_profile_rates(verbose
);
630 if ( show_processes
) {
631 d_printf("\nSamba version %s\n",samba_version_string());
632 d_printf("%-7s %-12s %-12s %-41s %-17s %-20s %-21s\n", "PID", "Username", "Group", "Machine", "Protocol Version", "Encryption", "Signing");
633 d_printf("----------------------------------------------------------------------------------------------------------------------------------------\n");
635 sessionid_traverse_read(traverse_sessionid
, frame
);
637 if (processes_only
) {
647 d_printf("\n%-12s %-7s %-13s %-32s %-12s %-12s\n", "Service", "pid", "Machine", "Connected at", "Encryption", "Signing");
648 d_printf("---------------------------------------------------------------------------------------------\n");
650 connections_forall_read(traverse_connections
, frame
);
661 struct db_context
*db
;
663 db_path
= lock_path("locking.tdb");
664 if (db_path
== NULL
) {
665 d_printf("Out of memory - exiting\n");
670 db
= db_open(NULL
, db_path
, 0,
671 TDB_CLEAR_IF_FIRST
|TDB_INCOMPATIBLE_HASH
, O_RDONLY
, 0,
672 DBWRAP_LOCK_ORDER_1
, DBWRAP_FLAG_NONE
);
675 d_printf("%s not initialised\n", db_path
);
676 d_printf("This is normal if an SMB client has never "
677 "connected to your server.\n");
678 TALLOC_FREE(db_path
);
682 TALLOC_FREE(db_path
);
685 if (!locking_init_readonly()) {
686 d_printf("Can't initialise locking module - exiting\n");
691 result
= share_entry_forall(print_share_mode
, NULL
);
694 d_printf("No locked files\n");
695 } else if (result
< 0) {
696 d_printf("locked file list truncated\n");
702 brl_forall(print_brl
, NULL
);
709 struct notify_context
*n
;
711 n
= notify_init(talloc_tos(), msg_ctx
,
712 messaging_tevent_context(msg_ctx
),
717 notify_walk(n
, print_notify_rec
, NULL
);