search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Rewrite torture_samba3_rpc_sharesec() to use a non-privileged user for share security...
[Samba/bb.git] / source3 / utils / status.c
blob0cb46a5f536540022e3167d9442631ee0f10d88e
1 /*
2 Unix SMB/CIFS implementation.
3 status reporting
4 Copyright (C) Andrew Tridgell 1994-1998
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18
19 Revision History:
20
21 12 aug 96: Erik.Devriendt@te6.siemens.be
22 added support for shared memory implementation of share mode locking
23
24 21-Jul-1998: rsharpe@ns.aus.com (Richard Sharpe)
25 Added -L (locks only) -S (shares only) flags and code
26
27 */
28
29 /*
30 * This program reports current SMB connections
31 */
32
33 #include "includes.h"
34 #include "system/filesys.h"
35 #include "popt_common.h"
36 #include "dbwrap/dbwrap.h"
37 #include "dbwrap/dbwrap_open.h"
38 #include "../libcli/security/security.h"
39 #include "session.h"
40 #include "locking/proto.h"
41 #include "messages.h"
42 #include "librpc/gen_ndr/open_files.h"
43 #include "smbd/smbd.h"
44 #include "librpc/gen_ndr/notify.h"
45 #include "lib/conn_tdb.h"
46
47 #define SMB_MAXPIDS 2048
48 static uid_t Ucrit_uid = 0; /* added by OH */
49 static struct server_id Ucrit_pid[SMB_MAXPIDS]; /* Ugly !!! */ /* added by OH */
50 static int Ucrit_MaxPid=0; /* added by OH */
51 static unsigned int Ucrit_IsActive = 0; /* added by OH */
52
53 static bool verbose, brief;
54 static bool shares_only; /* Added by RJS */
55 static bool locks_only; /* Added by RJS */
56 static bool processes_only;
57 static bool show_brl;
58 static bool numeric_only;
59 static bool do_checks = true;
60
61 const char *username = NULL;
62
63 extern bool status_profile_dump(bool be_verbose);
64 extern bool status_profile_rates(bool be_verbose);
65
66 /* added by OH */
67 static void Ucrit_addUid(uid_t uid)
68 {
69 Ucrit_uid = uid;
70 Ucrit_IsActive = 1;
71 }
72
73 static unsigned int Ucrit_checkUid(uid_t uid)
74 {
75 if ( !Ucrit_IsActive )
76 return 1;
77
78 if ( uid == Ucrit_uid )
79 return 1;
80
81 return 0;
82 }
83
84 static unsigned int Ucrit_checkPid(struct server_id pid)
85 {
86 int i;
87
88 if ( !Ucrit_IsActive )
89 return 1;
90
91 for (i=0;i<Ucrit_MaxPid;i++) {
92 if (serverid_equal(&pid, &Ucrit_pid[i])) {
93 return 1;
94 }
95 }
96
97 return 0;
98 }
99
100 static bool Ucrit_addPid( struct server_id pid )
101 {
102 if ( !Ucrit_IsActive )
103 return True;
104
105 if ( Ucrit_MaxPid >= SMB_MAXPIDS ) {
106 d_printf("ERROR: More than %d pids for user %s!\n",
107 SMB_MAXPIDS, uidtoname(Ucrit_uid));
108
109 return False;
110 }
111
112 Ucrit_pid[Ucrit_MaxPid++] = pid;
113
114 return True;
115 }
116
117 static void print_share_mode(const struct share_mode_entry *e,
118 const char *sharepath,
119 const char *fname,
120 void *dummy)
121 {
122 static int count;
123
124 if (do_checks && !is_valid_share_mode_entry(e)) {
125 return;
126 }
127
128 if (count==0) {
129 d_printf("Locked files:\n");
130 d_printf("Pid Uid DenyMode Access R/W Oplock SharePath Name Time\n");
131 d_printf("--------------------------------------------------------------------------------------------------\n");
132 }
133 count++;
134
135 if (Ucrit_checkPid(e->pid)) {
136 d_printf("%-11s ",procid_str_static(&e->pid));
137 d_printf("%-9u ", (unsigned int)e->uid);
138 switch (map_share_mode_to_deny_mode(e->share_access,
139 e->private_options)) {
140 case DENY_NONE: d_printf("DENY_NONE "); break;
141 case DENY_ALL: d_printf("DENY_ALL "); break;
142 case DENY_DOS: d_printf("DENY_DOS "); break;
143 case DENY_READ: d_printf("DENY_READ "); break;
144 case DENY_WRITE:printf("DENY_WRITE "); break;
145 case DENY_FCB: d_printf("DENY_FCB "); break;
146 default: {
147 d_printf("unknown-please report ! "
148 "e->share_access = 0x%x, "
149 "e->private_options = 0x%x\n",
150 (unsigned int)e->share_access,
151 (unsigned int)e->private_options );
152 break;
153 }
154 }
155 d_printf("0x%-8x ",(unsigned int)e->access_mask);
156 if ((e->access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))==
157 (FILE_READ_DATA|FILE_WRITE_DATA)) {
158 d_printf("RDWR ");
159 } else if (e->access_mask & FILE_WRITE_DATA) {
160 d_printf("WRONLY ");
161 } else {
162 d_printf("RDONLY ");
163 }
164
165 if((e->op_type & (EXCLUSIVE_OPLOCK|BATCH_OPLOCK)) ==
166 (EXCLUSIVE_OPLOCK|BATCH_OPLOCK)) {
167 d_printf("EXCLUSIVE+BATCH ");
168 } else if (e->op_type & EXCLUSIVE_OPLOCK) {
169 d_printf("EXCLUSIVE ");
170 } else if (e->op_type & BATCH_OPLOCK) {
171 d_printf("BATCH ");
172 } else if (e->op_type & LEVEL_II_OPLOCK) {
173 d_printf("LEVEL_II ");
174 } else {
175 d_printf("NONE ");
176 }
177
178 d_printf(" %s %s %s",sharepath, fname, time_to_asc((time_t)e->time.tv_sec));
179 }
180 }
181
182 static void print_brl(struct file_id id,
183 struct server_id pid,
184 enum brl_type lock_type,
185 enum brl_flavour lock_flav,
186 br_off start,
187 br_off size,
188 void *private_data)
189 {
190 static int count;
191 unsigned int i;
192 static const struct {
193 enum brl_type lock_type;
194 const char *desc;
195 } lock_types[] = {
196 { READ_LOCK, "R" },
197 { WRITE_LOCK, "W" },
198 { PENDING_READ_LOCK, "PR" },
199 { PENDING_WRITE_LOCK, "PW" },
200 { UNLOCK_LOCK, "U" }
201 };
202 const char *desc="X";
203 const char *sharepath = "";
204 char *fname = NULL;
205 struct share_mode_lock *share_mode;
206
207 if (count==0) {
208 d_printf("Byte range locks:\n");
209 d_printf("Pid dev:inode R/W start size SharePath Name\n");
210 d_printf("--------------------------------------------------------------------------------\n");
211 }
212 count++;
213
214 share_mode = fetch_share_mode_unlocked(NULL, id);
215 if (share_mode) {
216 bool has_stream = share_mode->data->stream_name != NULL;
217
218 fname = talloc_asprintf(NULL, "%s%s%s",
219 share_mode->data->base_name,
220 has_stream ? ":" : "",
221 has_stream ?
222 share_mode->data->stream_name :
223 "");
224 } else {
225 fname = talloc_strdup(NULL, "");
226 if (fname == NULL) {
227 return;
228 }
229 }
230
231 for (i=0;i<ARRAY_SIZE(lock_types);i++) {
232 if (lock_type == lock_types[i].lock_type) {
233 desc = lock_types[i].desc;
234 }
235 }
236
237 d_printf("%-10s %-15s %-4s %-9.0f %-9.0f %-24s %-24s\n",
238 procid_str_static(&pid), file_id_string_tos(&id),
239 desc,
240 (double)start, (double)size,
241 sharepath, fname);
242
243 TALLOC_FREE(fname);
244 TALLOC_FREE(share_mode);
245 }
246
247 static int traverse_connections(const struct connections_key *key,
248 const struct connections_data *crec,
249 void *state)
250 {
251 if (crec->cnum == TID_FIELD_INVALID)
252 return 0;
253
254 if (do_checks &&
255 (!process_exists(crec->pid) || !Ucrit_checkUid(crec->uid))) {
256 return 0;
257 }
258
259 d_printf("%-10s %s %-12s %s",
260 crec->servicename,procid_str_static(&crec->pid),
261 crec->machine,
262 time_to_asc(crec->start));
263
264 return 0;
265 }
266
267 static int traverse_sessionid(const char *key, struct sessionid *session,
268 void *private_data)
269 {
270 fstring uid_str, gid_str;
271
272 if (do_checks &&
273 (!process_exists(session->pid) ||
274 !Ucrit_checkUid(session->uid))) {
275 return 0;
276 }
277
278 Ucrit_addPid(session->pid);
279
280 fstr_sprintf(uid_str, "%u", (unsigned int)session->uid);
281 fstr_sprintf(gid_str, "%u", (unsigned int)session->gid);
282
283 d_printf("%-7s %-12s %-12s %-12s (%s)\n",
284 procid_str_static(&session->pid),
285 numeric_only ? uid_str : uidtoname(session->uid),
286 numeric_only ? gid_str : gidtoname(session->gid),
287 session->remote_machine, session->hostname);
288
289 return 0;
290 }
291
292
293 static void print_notify_recs(const char *path,
294 struct notify_db_entry *entries,
295 size_t num_entries,
296 time_t deleted_time, void *private_data)
297 {
298 size_t i;
299 d_printf("%s\n", path);
300
301 if (num_entries == 0) {
302 d_printf("deleted %s\n", time_to_asc(deleted_time));
303 }
304
305 for (i=0; i<num_entries; i++) {
306 struct notify_db_entry *e = &entries[i];
307 char *str;
308
309 str = server_id_str(talloc_tos(), &e->server);
310 printf("%s %x %x\n", str, (unsigned)e->filter,
311 (unsigned)e->subdir_filter);
312 TALLOC_FREE(str);
313 }
314 printf("\n");
315 }
316
317 int main(int argc, char *argv[])
318 {
319 int c;
320 int profile_only = 0;
321 bool show_processes, show_locks, show_shares;
322 bool show_notify = false;
323 poptContext pc;
324 struct poptOption long_options[] = {
325 POPT_AUTOHELP
326 {"processes", 'p', POPT_ARG_NONE, NULL, 'p', "Show processes only" },
327 {"verbose", 'v', POPT_ARG_NONE, NULL, 'v', "Be verbose" },
328 {"locks", 'L', POPT_ARG_NONE, NULL, 'L', "Show locks only" },
329 {"shares", 'S', POPT_ARG_NONE, NULL, 'S', "Show shares only" },
330 {"notify", 'N', POPT_ARG_NONE, NULL, 'N', "Show notifies" },
331 {"user", 'u', POPT_ARG_STRING, &username, 'u', "Switch to user" },
332 {"brief", 'b', POPT_ARG_NONE, NULL, 'b', "Be brief" },
333 {"profile", 'P', POPT_ARG_NONE, NULL, 'P', "Do profiling" },
334 {"profile-rates", 'R', POPT_ARG_NONE, NULL, 'R', "Show call rates" },
335 {"byterange", 'B', POPT_ARG_NONE, NULL, 'B', "Include byte range locks"},
336 {"numeric", 'n', POPT_ARG_NONE, NULL, 'n', "Numeric uid/gid"},
337 {"fast", 'f', POPT_ARG_NONE, NULL, 'f', "Skip checks if processes still exist"},
338 POPT_COMMON_SAMBA
339 POPT_TABLEEND
340 };
341 TALLOC_CTX *frame = talloc_stackframe();
342 int ret = 0;
343 struct messaging_context *msg_ctx;
344
345 sec_init();
346 load_case_tables();
347
348 setup_logging(argv[0], DEBUG_STDERR);
349
350 if (getuid() != geteuid()) {
351 d_printf("smbstatus should not be run setuid\n");
352 ret = 1;
353 goto done;
354 }
355
356 pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
357 POPT_CONTEXT_KEEP_FIRST);
358
359 while ((c = poptGetNextOpt(pc)) != -1) {
360 switch (c) {
361 case 'p':
362 processes_only = true;
363 break;
364 case 'v':
365 verbose = true;
366 break;
367 case 'L':
368 locks_only = true;
369 break;
370 case 'S':
371 shares_only = true;
372 break;
373 case 'N':
374 show_notify = true;
375 break;
376 case 'b':
377 brief = true;
378 break;
379 case 'u':
380 Ucrit_addUid(nametouid(poptGetOptArg(pc)));
381 break;
382 case 'P':
383 case 'R':
384 profile_only = c;
385 break;
386 case 'B':
387 show_brl = true;
388 break;
389 case 'n':
390 numeric_only = true;
391 break;
392 case 'f':
393 do_checks = false;
394 break;
395 }
396 }
397
398 /* setup the flags based on the possible combincations */
399
400 show_processes = !(shares_only || locks_only || profile_only) || processes_only;
401 show_locks = !(shares_only || processes_only || profile_only) || locks_only;
402 show_shares = !(processes_only || locks_only || profile_only) || shares_only;
403
404 if ( username )
405 Ucrit_addUid( nametouid(username) );
406
407 if (verbose) {
408 d_printf("using configfile = %s\n", get_dyn_CONFIGFILE());
409 }
410
411 if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
412 fprintf(stderr, "Can't load %s - run testparm to debug it\n",
413 get_dyn_CONFIGFILE());
414 ret = -1;
415 goto done;
416 }
417
418
419 if (lp_clustering()) {
420 /*
421 * This implicitly initializes the global ctdbd
422 * connection, usable by the db_open() calls further
423 * down.
424 */
425 msg_ctx = messaging_init(NULL, event_context_init(NULL));
426 if (msg_ctx == NULL) {
427 fprintf(stderr, "messaging_init failed\n");
428 ret = -1;
429 goto done;
430 }
431 }
432
433 if (!lp_load_global(get_dyn_CONFIGFILE())) {
434 fprintf(stderr, "Can't load %s - run testparm to debug it\n",
435 get_dyn_CONFIGFILE());
436 ret = -1;
437 goto done;
438 }
439
440 switch (profile_only) {
441 case 'P':
442 /* Dump profile data */
443 return status_profile_dump(verbose);
444 case 'R':
445 /* Continuously display rate-converted data */
446 return status_profile_rates(verbose);
447 default:
448 break;
449 }
450
451 if ( show_processes ) {
452 d_printf("\nSamba version %s\n",samba_version_string());
453 d_printf("PID Username Group Machine \n");
454 d_printf("-------------------------------------------------------------------\n");
455
456 sessionid_traverse_read(traverse_sessionid, NULL);
457
458 if (processes_only) {
459 goto done;
460 }
461 }
462
463 if ( show_shares ) {
464 if (verbose) {
465 d_printf("Opened %s\n", lock_path("connections.tdb"));
466 }
467
468 if (brief) {
469 goto done;
470 }
471
472 d_printf("\nService pid machine Connected at\n");
473 d_printf("-------------------------------------------------------\n");
474
475 connections_forall_read(traverse_connections, NULL);
476
477 d_printf("\n");
478
479 if ( shares_only ) {
480 goto done;
481 }
482 }
483
484 if ( show_locks ) {
485 int result;
486 struct db_context *db;
487 db = db_open(NULL, lock_path("locking.tdb"), 0,
488 TDB_CLEAR_IF_FIRST|TDB_INCOMPATIBLE_HASH, O_RDONLY, 0,
489 DBWRAP_LOCK_ORDER_1);
490
491 if (!db) {
492 d_printf("%s not initialised\n",
493 lock_path("locking.tdb"));
494 d_printf("This is normal if an SMB client has never "
495 "connected to your server.\n");
496 exit(0);
497 } else {
498 TALLOC_FREE(db);
499 }
500
501 if (!locking_init_readonly()) {
502 d_printf("Can't initialise locking module - exiting\n");
503 ret = 1;
504 goto done;
505 }
506
507 result = share_mode_forall(print_share_mode, NULL);
508
509 if (result == 0) {
510 d_printf("No locked files\n");
511 } else if (result < 0) {
512 d_printf("locked file list truncated\n");
513 }
514
515 d_printf("\n");
516
517 if (show_brl) {
518 brl_forall(print_brl, NULL);
519 }
520
521 locking_end();
522 }
523
524 if (show_notify) {
525 struct notify_context *n;
526
527 n = notify_init(talloc_tos(), NULL, NULL);
528 if (n == NULL) {
529 goto done;
530 }
531 notify_walk(n, print_notify_recs, NULL);
532 TALLOC_FREE(n);
533 }
534
535 done:
536 TALLOC_FREE(frame);
537 return ret;
538 }