From: Pavel Shilovsky <piastryyy@gmail.com>
To: Ronnie Sahlberg <lsahlber@redhat.com>
Cc: linux-cifs <linux-cifs@vger.kernel.org>,
Steve French <smfrench@gmail.com>,
Pavel Shilovsky <pshilov@microsoft.com>
Subject: Re: [PATCH] smbinfo: decode the ACEs
Date: Fri, 8 Mar 2019 16:38:07 -0800 [thread overview]
Message-ID: <CAKywueSBhdzr9X1QUXvO8WeoPxZTW_N2+_Z8w-ZkrCZxXHmg=A@mail.gmail.com> (raw)
In-Reply-To: <20190301020558.16091-1-lsahlber@redhat.com>
чт, 28 февр. 2019 г. в 18:12, Ronnie Sahlberg <lsahlber@redhat.com>:
>
> Decode the most common ACE types and provide a [-V]erbose option
> to show the individual mask bits by name.
>
> Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
> ---
> smbinfo.c | 197 ++++++++++++++++++++++++++++++++++++++++++++++++++----------
> smbinfo.rst | 5 +-
> 2 files changed, 168 insertions(+), 34 deletions(-)
>
> diff --git a/smbinfo.c b/smbinfo.c
> index 02910c6..6b63f9d 100644
> --- a/smbinfo.c
> +++ b/smbinfo.c
> @@ -52,10 +52,13 @@ struct smb_query_info {
> #define CIFS_QUERY_INFO _IOWR(CIFS_IOCTL_MAGIC, 7, struct smb_query_info)
> #define INPUT_BUFFER_LENGTH 16384
>
> +int verbose;
> +
> static void
> usage(char *name)
> {
> - fprintf(stderr, "Usage: %s <command> <file>\n"
> + fprintf(stderr, "Usage: %s [-V] <command> <file>\n"
> + "-V for verbose output\n"
> "Commands are\n"
> " fileaccessinfo:\n"
> " Prints FileAccessInfo for a cifs file.\n"
> @@ -148,11 +151,22 @@ struct bit_string file_access_mask[] = {
> static void
> print_bits(uint32_t mask, struct bit_string *bs)
> {
> + int first = 1;
> +
> + if (!verbose) {
> + return;
> + }
> +
> while (bs->string) {
> - if (mask & bs->bit)
> - printf("%s ", bs->string);
> + if (mask & bs->bit) {
> + printf("%s%s", first?"":",", bs->string);
> + first = 0;
> + }
> bs++;
> }
> + if (!first) {
> + printf(" ");
> + }
> }
>
> static void
> @@ -591,17 +605,106 @@ print_sid(unsigned char *sd)
> for (i = 0; i < sd[1]; i++) {
> memcpy(&subauth, &sd[8 + 4 * i], 4);
> subauth = le32toh(subauth);
> - printf("-%d", subauth);
> + printf("-%u", subauth);
> }
> }
>
> static void
> -print_acl(unsigned char *sd)
> +print_ace_type(uint8_t t)
> +{
> + switch(t) {
> + case 0x00: printf("ALLOWED"); break;
> + case 0x01: printf("DENIED"); break;
> + case 0x02: printf("AUDIT"); break;
> + case 0x03: printf("ALARM"); break;
> + case 0x04: printf("ALLOWED_COMPOUND"); break;
> + case 0x05: printf("ALLOWED_OBJECT"); break;
> + case 0x06: printf("DENIED_OBJECT"); break;
> + case 0x07: printf("AUDIT_OBJECT"); break;
> + case 0x08: printf("ALARM_OBJECT"); break;
> + case 0x09: printf("ALLOWED_CALLBACK"); break;
> + case 0x0a: printf("DENIED_CALLBACK"); break;
> + case 0x0b: printf("ALLOWED_CALLBACK_OBJECT"); break;
> + case 0x0c: printf("DENIED_CALLBACK_OBJECT"); break;
> + case 0x0d: printf("AUDIT_CALLBACK"); break;
> + case 0x0e: printf("ALARM_CALLBACK"); break;
> + case 0x0f: printf("AUDIT_CALLBACK_OBJECT"); break;
> + case 0x10: printf("ALARM_CALLBACK_OBJECT"); break;
> + case 0x11: printf("MANDATORY_LABEL"); break;
> + case 0x12: printf("RESOURCE_ATTRIBUTE"); break;
> + case 0x13: printf("SCOPED_POLICY_ID"); break;
> + default: printf("<UNKNOWN>");
> + }
> + printf(" ");
> +}
> +
> +struct bit_string ace_flags_mask[] = {
> + { 0x80, "FAILED_ACCESS" },
> + { 0x40, "SUCCESSFUL_ACCESS" },
> + { 0x10, "INHERITED" },
> + { 0x08, "INHERIT_ONLY" },
> + { 0x04, "NO_PROPAGATE_INHERIT" },
> + { 0x02, "CONTAINER_INHERIT" },
> + { 0x01, "OBJECT_INHERIT" },
> + { 0, NULL }
> +};
> +
> +static void
> +print_mask_sid_ace(unsigned char *sd, int type)
> +{
> + uint32_t u32;
> +
> + memcpy(&u32, &sd[0], 4);
> + printf("Mask:0x%08x ", le32toh(u32));
> + if (type == S_IFDIR) {
> + print_bits(le32toh(u32), directory_access_mask);
> + } else {
> + print_bits(le32toh(u32), file_access_mask);
> + }
> + printf("SID:");
> + print_sid(&sd[4]);
> + printf("\n");
> +}
> +
> +static int
> +print_ace(unsigned char *sd, int type)
> +{
> + uint16_t size;
> + int i;
> +
> + printf("Type:0x%02x ", sd[0]);
> + if (verbose) {
> + print_ace_type(sd[0]);
> + }
> +
> + printf("Flags:0x%02x ", sd[1]);
> + print_bits(sd[1], ace_flags_mask);
> +
> + memcpy(&size, &sd[2], 2);
> + size = le16toh(size);
> +
> + switch (sd[0]) {
> + case 0x00:
> + case 0x01:
> + case 0x02:
> + print_mask_sid_ace(&sd[4], type);
> + break;
> + default:
> + for (i = 0; i < size; i++)
> + printf("%02x", sd[4 + i]);
> + }
> +
> + printf("\n");
> + return size;
> +}
> +
> +static void
> +print_acl(unsigned char *sd, int type)
> {
> - int i, j, off;
> - uint16_t count, size;
> + int i, off;
> + uint16_t count;
>
> - if (sd[0] != 2) {
> + if ((sd[0] != 2) && (sd[0] != 4)) {
> fprintf(stderr, "Unknown ACL revision\n");
> return;
> }
> @@ -610,22 +713,43 @@ print_acl(unsigned char *sd)
> count = le16toh(count);
> off = 8;
> for (i = 0; i < count; i++) {
> - printf("Type:%02x Flags:%02x ", sd[off], sd[off + 1]);
> - memcpy(&size, &sd[off + 2], 2);
> - size = le16toh(size);
> + off += print_ace(&sd[off], type);
> + }
> +}
>
> - for (j = 0; j < size; j++)
> - printf("%02x", sd[off + 4 + j]);
> +struct bit_string control_bits_mask[] = {
> + { 0x8000, "SR" },
> + { 0x4000, "RM" },
> + { 0x2000, "PS" },
> + { 0x1000, "PD" },
> + { 0x0800, "SI" },
> + { 0x0400, "DI" },
> + { 0x0200, "SC" },
> + { 0x0100, "DC" },
> + { 0x0080, "DT" },
> + { 0x0040, "SS" },
> + { 0x0020, "SD" },
> + { 0x0010, "SP" },
> + { 0x0008, "DD" },
> + { 0x0004, "DP" },
> + { 0x0002, "GD" },
> + { 0x0001, "OD" },
> + { 0, NULL }
> +};
>
> - off += size;
> - printf("\n");
> - }
> +static void
> +print_control(uint16_t c)
> +{
> + printf("Control: 0x%04x ", c);
> + print_bits(c, control_bits_mask);
> + printf("\n");
> }
>
> static void
> -print_sd(uint8_t *sd)
> +print_sd(uint8_t *sd, int type)
> {
> int offset_owner, offset_group, offset_dacl;
> + uint16_t u16;
>
> printf("Revision:%d\n", sd[0]);
> if (sd[0] != 1) {
> @@ -633,7 +757,8 @@ print_sd(uint8_t *sd)
> exit(1);
> }
>
> - printf("Control: %02x%02x\n", sd[2], sd[3]);
> + memcpy(&u16, &sd[2], 2);
> + print_control(le16toh(u16));
>
> memcpy(&offset_owner, &sd[4], 4);
> offset_owner = le32toh(offset_owner);
> @@ -654,7 +779,7 @@ print_sd(uint8_t *sd)
> }
> if (offset_dacl) {
> printf("DACL:\n");
> - print_acl(&sd[offset_dacl]);
> + print_acl(&sd[offset_dacl], type);
> }
> }
>
> @@ -662,6 +787,9 @@ static void
> secdesc(int f)
> {
> struct smb_query_info *qi;
> + struct stat st;
> +
> + fstat(f, &st);
>
> qi = malloc(sizeof(struct smb_query_info) + INPUT_BUFFER_LENGTH);
> memset(qi, 0, sizeof(qi) + INPUT_BUFFER_LENGTH);
> @@ -675,7 +803,7 @@ secdesc(int f)
> exit(1);
> }
>
> - print_sd((uint8_t *)(&qi[1]));
> + print_sd((uint8_t *)(&qi[1]), st.st_mode & S_IFMT);
> free(qi);
> }
>
> @@ -777,11 +905,14 @@ int main(int argc, char *argv[])
> int c;
> int f;
>
> - while ((c = getopt_long(argc, argv, "v", NULL, NULL)) != -1) {
> + while ((c = getopt_long(argc, argv, "vV", NULL, NULL)) != -1) {
> switch (c) {
> case 'v':
> printf("smbinfo version %s\n", VERSION);
> return 0;
> + case 'V':
> + verbose = 1;
> + break;
> default:
> usage(argv[0]);
> }
> @@ -796,29 +927,29 @@ int main(int argc, char *argv[])
> }
>
>
> - if (!strcmp(argv[1], "fileaccessinfo"))
> + if (!strcmp(argv[optind], "fileaccessinfo"))
> fileaccessinfo(f);
> - else if (!strcmp(argv[1], "filealigninfo"))
> + else if (!strcmp(argv[optind], "filealigninfo"))
> filealigninfo(f);
> - else if (!strcmp(argv[1], "fileallinfo"))
> + else if (!strcmp(argv[optind], "fileallinfo"))
> fileallinfo(f);
> - else if (!strcmp(argv[1], "filebasicinfo"))
> + else if (!strcmp(argv[optind], "filebasicinfo"))
> filebasicinfo(f);
> - else if (!strcmp(argv[1], "fileeainfo"))
> + else if (!strcmp(argv[optind], "fileeainfo"))
> fileeainfo(f);
> - else if (!strcmp(argv[1], "filefsfullsizeinfo"))
> + else if (!strcmp(argv[optind], "filefsfullsizeinfo"))
> filefsfullsizeinfo(f);
> - else if (!strcmp(argv[1], "fileinternalinfo"))
> + else if (!strcmp(argv[optind], "fileinternalinfo"))
> fileinternalinfo(f);
> - else if (!strcmp(argv[1], "filemodeinfo"))
> + else if (!strcmp(argv[optind], "filemodeinfo"))
> filemodeinfo(f);
> - else if (!strcmp(argv[1], "filepositioninfo"))
> + else if (!strcmp(argv[optind], "filepositioninfo"))
> filepositioninfo(f);
> - else if (!strcmp(argv[1], "filestandardinfo"))
> + else if (!strcmp(argv[optind], "filestandardinfo"))
> filestandardinfo(f);
> - else if (!strcmp(argv[1], "secdesc"))
> + else if (!strcmp(argv[optind], "secdesc"))
> secdesc(f);
> - else if (!strcmp(argv[1], "quota"))
> + else if (!strcmp(argv[optind], "quota"))
> quota(f);
> else {
> fprintf(stderr, "Unknown command %s\n", argv[optind]);
> diff --git a/smbinfo.rst b/smbinfo.rst
> index 5222a71..9bfd313 100644
> --- a/smbinfo.rst
> +++ b/smbinfo.rst
> @@ -11,7 +11,7 @@ Userspace helper to display SMB-specific file information for the Linux SMB clie
> SYNOPSIS
> ********
>
> - smbinfo [-v] {command} {file system object}
> + smbinfo [-v] [-V] {command} {file system object}
>
> ***********
> DESCRIPTION
> @@ -35,6 +35,9 @@ OPTIONS
> -v
> Print version number and exit.
>
> +-V
> + Verbose output.
> +
> *******
> COMMAND
> *******
> --
> 2.15.1
>
merged, thanks.
--
Best regards,
Pavel Shilovsky
prev parent reply other threads:[~2019-03-09 0:38 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-01 2:05 [PATCH] smbinfo: decode the ACEs Ronnie Sahlberg
2019-03-09 0:38 ` Pavel Shilovsky [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKywueSBhdzr9X1QUXvO8WeoPxZTW_N2+_Z8w-ZkrCZxXHmg=A@mail.gmail.com' \
--to=piastryyy@gmail.com \
--cc=linux-cifs@vger.kernel.org \
--cc=lsahlber@redhat.com \
--cc=pshilov@microsoft.com \
--cc=smfrench@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).