Skip to content

Commit

Permalink
smbstatus: show signing state of sessions and tcons
Browse files Browse the repository at this point in the history 
Show the signing state of sesssions tcons in smbstatus. This is SMB2/3
only. SMB1 support will be added in a later commit.

Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
  • Loading branch information
@slowfranklin
slowfranklin committed Jan 22, 2016
1 parent 8d8af47 commit 1e60a3f
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 8 deletions.
1 change: 1 addition & 0 deletions source3/include/session.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,6 @@ struct sessionid {
uint16_t connection_dialect;
uint8_t encryption_flags;
uint16_t cipher;
uint8_t signing_flags;
};

3 changes: 3 additions & 0 deletions source3/lib/conn_tdb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ struct connections_forall_session {
fstring addr;
uint16_t cipher;
uint16_t dialect;
uint8_t signing_flags;
};

static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
Expand All @@ -66,6 +67,7 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
fstrcpy(sess.addr, global->channels[0].remote_address);
sess.cipher = global->channels[0].encryption_cipher;
sess.dialect = global->connection_dialect;
sess.signing_flags = global->signing_flags;

status = dbwrap_store(state->session_by_pid,
make_tdb_data((void*)&id, sizeof(id)),
Expand Down Expand Up @@ -130,6 +132,7 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
data.encryption_flags = global->encryption_flags;
data.cipher = sess.cipher;
data.dialect = sess.dialect;
data.signing_flags = global->signing_flags;

state->count++;

Expand Down
1 change: 1 addition & 0 deletions source3/lib/conn_tdb.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ struct connections_data {
uint8_t encryption_flags;
uint16_t cipher;
uint16_t dialect;
uint8_t signing_flags;
};

/* The following definitions come from lib/conn_tdb.c */
Expand Down
1 change: 1 addition & 0 deletions source3/lib/sessionid_tdb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,

session.encryption_flags = global->encryption_flags;
session.cipher = global->channels[0].encryption_cipher;
session.signing_flags = global->signing_flags;

return state->fn(NULL, &session, state->private_data);
}
Expand Down
43 changes: 35 additions & 8 deletions source3/utils/status.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,7 @@ static int traverse_connections(const struct connections_key *key,
char *timestr = NULL;
int result = 0;
const char *encryption = "-";
const char *signing = "-";

if (crec->cnum == TID_FIELD_INVALID)
return 0;
Expand Down Expand Up @@ -334,11 +335,20 @@ static int traverse_connections(const struct connections_key *key,
}
}

d_printf("%-12s %-7s %-13s %-32s %-10s\n",
if (smbXsrv_is_signed(crec->signing_flags)) {
if (crec->dialect >= SMB3_DIALECT_REVISION_302) {
signing = "AES-128-CMAC";
} else if (crec->dialect >= SMB2_DIALECT_REVISION_202) {
signing = "HMAC-SHA256";
}
}

d_printf("%-12s %-7s %-13s %-32s %-12s %-12s\n",
crec->servicename, server_id_str_buf(crec->pid, &tmp),
crec->machine,
timestr,
encryption);
encryption,
signing);

TALLOC_FREE(timestr);

Expand All @@ -354,6 +364,7 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
char *machine_hostname = NULL;
int result = 0;
const char *encryption = "-";
const char *signing = "-";

if (do_checks &&
(!process_exists(session->pid) ||
Expand Down Expand Up @@ -418,12 +429,28 @@ static int traverse_sessionid(const char *key, struct sessionid *session,
}
}

d_printf("%-7s %-12s %-12s %-41s %-17s %-20s\n",
if (smbXsrv_is_signed(session->signing_flags)) {
if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
signing = "AES-128-CMAC";
} else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
signing = "HMAC-SHA256";
}
} else if (smbXsrv_is_partially_signed(session->signing_flags)) {
if (session->connection_dialect >= SMB3_DIALECT_REVISION_302) {
signing = "partial(AES-128-CMAC)";
} else if (session->connection_dialect >= SMB2_DIALECT_REVISION_202) {
signing = "partial(HMAC-SHA256)";
}
}


d_printf("%-7s %-12s %-12s %-41s %-17s %-20s %-21s\n",
server_id_str_buf(session->pid, &tmp),
uid_str, gid_str,
machine_hostname,
session_dialect_str(session->connection_dialect),
encryption);
encryption,
signing);

TALLOC_FREE(machine_hostname);

Expand Down Expand Up @@ -589,8 +616,8 @@ int main(int argc, const char *argv[])

if ( show_processes ) {
d_printf("\nSamba version %s\n",samba_version_string());
d_printf("%-7s %-12s %-12s %-41s %-17s %-20s\n", "PID", "Username", "Group", "Machine", "Protocol Version", "Encryption");
d_printf("------------------------------------------------------------------------------------------------------------------\n");
d_printf("%-7s %-12s %-12s %-41s %-17s %-20s %-21s\n", "PID", "Username", "Group", "Machine", "Protocol Version", "Encryption", "Signing");
d_printf("----------------------------------------------------------------------------------------------------------------------------------------\n");

sessionid_traverse_read(traverse_sessionid, frame);

Expand All @@ -604,8 +631,8 @@ int main(int argc, const char *argv[])
goto done;
}

d_printf("\n%-12s %-7s %-13s %-32s %-10s\n", "Service", "pid", "Machine", "Connected at", "Encryption");
d_printf("---------------------------------------------------------------------------------\n");
d_printf("\n%-12s %-7s %-13s %-32s %-12s %-12s\n", "Service", "pid", "Machine", "Connected at", "Encryption", "Signing");
d_printf("---------------------------------------------------------------------------------------------\n");

connections_forall_read(traverse_connections, frame);

Expand Down

0 comments on commit 1e60a3f

Please sign in to comment.