From patchwork Wed Oct 3 00:42:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ronnie Sahlberg X-Patchwork-Id: 10624201 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 67D3C15E8 for ; Wed, 3 Oct 2018 00:42:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 548E528567 for ; Wed, 3 Oct 2018 00:42:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4899D2858B; Wed, 3 Oct 2018 00:42:18 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 29DF328567 for ; Wed, 3 Oct 2018 00:42:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726138AbeJCH2P (ORCPT ); Wed, 3 Oct 2018 03:28:15 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37944 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726120AbeJCH2P (ORCPT ); Wed, 3 Oct 2018 03:28:15 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 706E0307D911; Wed, 3 Oct 2018 00:42:14 +0000 (UTC) Received: from test1135.test.redhat.com (vpn2-54-29.bne.redhat.com [10.64.54.29]) by smtp.corp.redhat.com (Postfix) with ESMTP id 767DD60F97; Wed, 3 Oct 2018 00:42:13 +0000 (UTC) From: Ronnie Sahlberg To: linux-cifs Cc: Steve French Subject: [PATCH] smbinfo: add a utility to display smb specific information about objects Date: Wed, 3 Oct 2018 10:42:03 +1000 Message-Id: <20181003004203.5840-3-lsahlber@redhat.com> In-Reply-To: <20181003004203.5840-1-lsahlber@redhat.com> References: <20181003004203.5840-1-lsahlber@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Wed, 03 Oct 2018 00:42:14 +0000 (UTC) Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP For example smbinfo secdesc will print the security descriptor smbinfo quota will print the quotas for the volume Signed-off-by: Aurelien Aptel Signed-off-by: Ronnie Sahlberg --- Makefile.am | 6 ++ configure.ac | 6 ++ smbinfo.c | 305 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ smbinfo.rst | 81 ++++++++++++++++ 4 files changed, 398 insertions(+) create mode 100644 smbinfo.c create mode 100644 smbinfo.rst diff --git a/Makefile.am b/Makefile.am index 30658e3..3e60d8d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -79,6 +79,12 @@ setcifsacl.rst: setcifsacl.rst.in $(SED) 's,[@]pluginpath@,$(pluginpath),' $(srcdir)/$@.in > $@-t && mv $@-t $@ endif +if CONFIG_SMBINFO +bin_PROGRAMS += smbinfo +smbinfo_SOURCES = smbinfo.c +rst_man_pages += smbinfo.1 +endif + if CONFIG_PLUGIN plugindir = $(pkglibdir) plugin_PROGRAMS = idmapwb.so diff --git a/configure.ac b/configure.ac index b0bc2b9..ad87bb3 100644 --- a/configure.ac +++ b/configure.ac @@ -40,6 +40,11 @@ AC_ARG_ENABLE(cifsacl, enable_cifsacl=$enableval, enable_cifsacl="maybe") +AC_ARG_ENABLE(smbinfo, + [AS_HELP_STRING([--enable-smbinfo],[Create smbinfo binary @<:@default=yes@@])], + enable_smbinfo=$enableval, + enable_smbinfo="maybe") + AC_ARG_ENABLE(pam, [AS_HELP_STRING([--enable-pam],[Create cifscreds PAM module @<:@default=yes@:>@])], enable_pam=$enableval, @@ -275,6 +280,7 @@ AM_CONDITIONAL(CONFIG_CIFSUPCALL, [test "$enable_cifsupcall" != "no"]) AM_CONDITIONAL(CONFIG_CIFSCREDS, [test "$enable_cifscreds" != "no"]) AM_CONDITIONAL(CONFIG_CIFSIDMAP, [test "$enable_cifsidmap" != "no"]) AM_CONDITIONAL(CONFIG_CIFSACL, [test "$enable_cifsacl" != "no"]) +AM_CONDITIONAL(CONFIG_SMBINFO, [test "$enable_smbinfo" != "no"]) AM_CONDITIONAL(CONFIG_PAM, [test "$enable_pam" != "no"]) AM_CONDITIONAL(CONFIG_PLUGIN, [test "$enable_cifsidmap" != "no" -o "$enable_cifsacl" != "no"]) diff --git a/smbinfo.c b/smbinfo.c new file mode 100644 index 0000000..c678445 --- /dev/null +++ b/smbinfo.c @@ -0,0 +1,305 @@ +/* + * smbinfo + * + * Copyright (C) Ronnie Sahlberg (lsahlberg@redhat.com) 2018 + * Copyright (C) Aurelien Aptel (aaptel@suse.com) 2018 + * + * Display SMB-specific file information using cifs IOCTL + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define CIFS_IOCTL_MAGIC 0xCF +struct smb_query_info { + uint32_t info_type; + uint32_t file_info_class; + uint32_t additional_information; + uint32_t flags; + uint32_t input_buffer_length; + uint32_t output_buffer_length; + /* char buffer[]; */ +} __packed; + +#define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info) +#define INPUT_BUFFER_LENGTH 16384 + +static void +usage(char *name) +{ + fprintf(stderr, "Usage: %s \n" + "Commands are\n" + " secdesc:\n" + " Prints the security descriptor for a cifs file.\n" + " quota:\n" + " Prints the quota for a cifs file.\n", + name); + exit(1); +} + +static void +print_sid(unsigned char *sd) +{ + int i; + uint32_t subauth; + uint64_t idauth; + + if (sd[0] != 1) { + fprintf(stderr, "Unknown SID revision\n"); + return; + } + + idauth = 0; + for (i = 0; i < 6; i++) + idauth = (idauth << 8) | sd[2 + i]; + + printf("S-1-%" PRIu64, idauth); + for (i = 0; i < sd[1]; i++) { + memcpy(&subauth, &sd[8 + 4 * i], 4); + subauth = le32toh(subauth); + printf("-%d", subauth); + } +} + +static void +print_acl(unsigned char *sd) +{ + int i, j, off; + uint16_t count, size; + + if (sd[0] != 2) { + fprintf(stderr, "Unknown ACL revision\n"); + return; + } + + memcpy(&count, &sd[4], 2); + count = le16toh(count); + off = 8; + for (i = 0; i < count; i++) { + printf("Type:%02x Flags:%02x ", sd[off], sd[off + 1]); + memcpy(&size, &sd[off + 2], 2); + size = le16toh(size); + + for (j = 0; j < size; j++) + printf("%02x", sd[off + 4 + j]); + + off += size; + printf("\n"); + } +} + +static void +print_sd(uint8_t *sd) +{ + int offset_owner, offset_group, offset_dacl; + + printf("Revision:%d\n", sd[0]); + if (sd[0] != 1) { + fprintf(stderr, "Unknown SD revision\n"); + exit(1); + } + + printf("Control: %02x%02x\n", sd[2], sd[3]); + + memcpy(&offset_owner, &sd[4], 4); + offset_owner = le32toh(offset_owner); + memcpy(&offset_group, &sd[8], 4); + offset_group = le32toh(offset_group); + memcpy(&offset_dacl, &sd[16], 4); + offset_dacl = le32toh(offset_dacl); + + if (offset_owner) { + printf("Owner: "); + print_sid(&sd[offset_owner]); + printf("\n"); + } + if (offset_group) { + printf("Group: "); + print_sid(&sd[offset_group]); + printf("\n"); + } + if (offset_dacl) { + printf("DACL:\n"); + print_acl(&sd[offset_dacl]); + } +} + +void secdesc(int f) { + struct smb_query_info *qi; + + qi = malloc(sizeof(struct smb_query_info) + INPUT_BUFFER_LENGTH); + qi->info_type = 0x03; + qi->file_info_class = 0; + qi->additional_information = 0x00000007; /* Owner, Group, Dacl */ + qi->input_buffer_length = INPUT_BUFFER_LENGTH; + + if (ioctl(f, CIFS_QUERY_INFO, qi) < 0) { + fprintf(stderr, "ioctl failed with %s\n", strerror(errno)); + exit(1); + } + + print_sd((uint8_t *)(&qi[1])); +} + +void +win_to_timeval(uint64_t smb2_time, struct timeval *tv) +{ + tv->tv_usec = (smb2_time / 10) % 1000000; + tv->tv_sec = (smb2_time - 116444736000000000) / 10000000; +} + +static void +print_quota(unsigned char *sd) +{ + uint32_t u32, neo; + uint64_t u64; + struct timeval tv; + struct tm; + int i, off = 0; + + one_more: + memcpy(&u32, &sd[off], 4); + neo = le32toh(u32); + + memcpy(&u32, &sd[off + 4], 4); + u32 = le32toh(u32); + printf("SID Length %d\n", u32); + + memcpy(&u64, &sd[off + 8], 8); + win_to_timeval(le64toh(u64), &tv); + printf("Change Time %s", ctime(&tv.tv_sec)); + + memcpy(&u64, &sd[off + 16], 8); + u64 = le32toh(u64); + printf("Quota Used %" PRIu64 "\n", u64); + + memcpy(&u64, &sd[off + 24], 8); + u64 = le64toh(u64); + if (u64 == 0xffffffffffffffff) { + printf("Quota Threshold NO THRESHOLD\n"); + } else { + printf("Quota Threshold %" PRIu64 "\n", u64); + } + + memcpy(&u64, &sd[off + 32], 8); + u64 = le64toh(u64); + if (u64 == 0xffffffffffffffff) { + printf("Quota Limit NO LIMIT\n"); + } else { + printf("Quota Limit %" PRIu64 "\n", u64); + } + + printf("SID: S-1"); + u64 = 0; + for (i = 0; i < 6; i++) + u64 = (u64 << 8) | sd[off + 42 + i]; + printf("-%" PRIu64, u64); + + for (i = 0; i < sd[off + 41]; i++) { + memcpy(&u32, &sd[off + 48 + 4 * i], 4); + u32 = le32toh(u32); + printf("-%u", u32); + } + printf("\n\n"); + off += neo; + + if (neo != 0) { + goto one_more; + } +} + +void quota(int f) { + struct smb_query_info *qi; + char *buf; + int i; + + qi = malloc(sizeof(struct smb_query_info) + 16384); + memset(qi, 0, sizeof(struct smb_query_info) + 16384); + qi->info_type = 0x04; + qi->file_info_class = 0; + qi->additional_information = 0; /* Owner, Group, Dacl */ + qi->input_buffer_length = 16384; + + buf = (char *)&qi[1]; + buf[0] = 0; /* return single */ + buf[1] = 1; /* restart scan */ + + /* sid list length */ + i = 0; + memcpy(&buf[4], &i, 4); + + qi->output_buffer_length = 16; + + if (ioctl(f, CIFS_QUERY_INFO, qi) < 0) { + fprintf(stderr, "ioctl failed with %s\n", strerror(errno)); + exit(1); + } + + print_quota((unsigned char *)(&qi[1])); +} + +int main(int argc, char *argv[]) +{ + int c; + int f; + + while ((c = getopt_long(argc, argv, "v", NULL, NULL)) != -1) { + switch (c) { + case 'v': + printf("smbinfo version %s\n", VERSION); + return 0; + default: + usage(argv[0]); + } + } + + if (optind >= argc - 1) + usage(argv[0]); + + if ((f = open(argv[optind + 1], O_RDONLY)) < 0) { + fprintf(stderr, "Failed to open %s\n", argv[optind + 1]); + exit(1); + } + + + if (!strcmp(argv[1], "secdesc")) { + secdesc(f); + } else if (!strcmp(argv[1], "quota")) { + quota(f); + } else { + fprintf(stderr, "Unknown command %s\n", argv[optind]); + exit(1); + } + + + close(f); + return 0; +} diff --git a/smbinfo.rst b/smbinfo.rst new file mode 100644 index 0000000..e37c709 --- /dev/null +++ b/smbinfo.rst @@ -0,0 +1,81 @@ +============ +smbinfo +============ + +----------------------------------------------------------------------------------------------------- +Userspace helper to display SMB-specific file information for the Linux SMB client file system (CIFS) +----------------------------------------------------------------------------------------------------- +:Manual section: 1 + +******** +SYNOPSIS +******** + + smbinfo [-v] {command} {file system object} + +*********** +DESCRIPTION +*********** + +This tool is part of the cifs-utils suite. + +`smbinfo` is a userspace helper program for the Linux SMB +client file system (CIFS). It is intended to display SMB-specific file +informations such as Security Descriptors and Quota. + +This tool works by making an CIFS_QUERY_INFO IOCTL call to the Linux +SMB client which in turn issues a SMB Query Info request and returns +the result. This differs from `getcifsacl` which uses extended file +attributes. + +******* +OPTIONS +******* + +-v + Print version number and exit. + +******* +COMMAND +******* + +`secdesc`: Print the security descriptor in the form +- Revision +- Control +- Owner SID +- Group SID +- ACL +- File types +- File flags + +`quota`: Print the quota for the volume in the form +- SID Length +- Change Time +- Quota Used +- Quota Threshold +- Quota Limit +- SID + +***** +NOTES +***** + +Kernel support for smbinfo utilities requires the CIFS_QUERY_INFO +IOCTL which was initially introduced in the XXX kernel and is only +implemented for mount points using SMB2 or above (see mount.cifs(8) +`vers` option). + +******** +SEE ALSO +******** + +mount.cifs(8), getcifsacl(1) + +****** +AUTHOR +****** + +Ronnie Sahlberg wrote the smbinfo program. + +The Linux CIFS Mailing list is the preferred place to ask questions +regarding these programs.