From 780743d1b28d92352fa91322f9a14dc86055ea08 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Mon, 9 Nov 2015 17:26:51 +0100 Subject: [PATCH] smbstatus: show encrpytion state of tree connects Show the encrpytion state of tcons in smbstatus. This is SMB3 only. CIFS UNIX extensions encryption will be added in a later commit. Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Reviewed-by: Jeremy Allison --- source3/lib/conn_tdb.c | 4 ++++ source3/lib/conn_tdb.h | 2 ++ source3/utils/status.c | 29 ++++++++++++++++++++++++----- 3 files changed, 30 insertions(+), 5 deletions(-) diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c index bf66d7d7b66..8eca0a0271d 100644 --- a/source3/lib/conn_tdb.c +++ b/source3/lib/conn_tdb.c @@ -41,6 +41,7 @@ struct connections_forall_session { gid_t gid; fstring machine; fstring addr; + uint16_t cipher; }; static int collect_sessions_fn(struct smbXsrv_session_global0 *global, @@ -62,6 +63,7 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global, } fstrcpy(sess.machine, global->channels[0].remote_name); fstrcpy(sess.addr, global->channels[0].remote_address); + sess.cipher = global->channels[0].encryption_cipher; status = dbwrap_store(state->session_by_pid, make_tdb_data((void*)&id, sizeof(id)), @@ -123,6 +125,8 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global, fstrcpy(data.addr, sess.addr); fstrcpy(data.machine, sess.machine); data.start = nt_time_to_unix(global->creation_time); + data.encryption_flags = global->encryption_flags; + data.cipher = sess.cipher; state->count++; diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h index 217814faa54..b57fef8b79e 100644 --- a/source3/lib/conn_tdb.h +++ b/source3/lib/conn_tdb.h @@ -33,6 +33,8 @@ struct connections_data { fstring addr; fstring machine; time_t start; + uint8_t encryption_flags; + uint16_t cipher; }; /* The following definitions come from lib/conn_tdb.c */ diff --git a/source3/utils/status.c b/source3/utils/status.c index f92c84fd40a..fd5522ceb61 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -303,6 +303,8 @@ static int traverse_connections(const struct connections_key *key, TALLOC_CTX *mem_ctx = (TALLOC_CTX *)private_data; struct server_id_buf tmp; char *timestr = NULL; + int result = 0; + const char *encryption = "-"; if (crec->cnum == TID_FIELD_INVALID) return 0; @@ -317,13 +319,30 @@ static int traverse_connections(const struct connections_key *key, return -1; } - d_printf("%-12s %-7s %-13s %-32s\n", + if (smbXsrv_is_encrypted(crec->encryption_flags)) { + switch (crec->cipher) { + case SMB2_ENCRYPTION_AES128_CCM: + encryption = "AES-128-CCM"; + break; + case SMB2_ENCRYPTION_AES128_GCM: + encryption = "AES-128-GCM"; + break; + default: + encryption = "???"; + result = -1; + break; + } + } + + d_printf("%-12s %-7s %-13s %-32s %-10s\n", crec->servicename, server_id_str_buf(crec->pid, &tmp), - crec->machine, timestr); + crec->machine, + timestr, + encryption); TALLOC_FREE(timestr); - return 0; + return result; } static int traverse_sessionid(const char *key, struct sessionid *session, @@ -585,8 +604,8 @@ int main(int argc, const char *argv[]) goto done; } - d_printf("\n%-12s %-7s %-13s %-32s\n", "Service", "pid", "machine", "Connected at"); - d_printf("-------------------------------------------------------------\n"); + d_printf("\n%-12s %-7s %-13s %-32s %-10s\n", "Service", "pid", "Machine", "Connected at", "Encryption"); + d_printf("---------------------------------------------------------------------------------\n"); connections_forall_read(traverse_connections, frame);