Actions
Feature #1525
closed
Need an easier way to see SIDs in cred_t
Start date:
2011-09-16
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:
Description
Here are some mdb features I've long wanted:
> ::help cred NAME cred - display a credential SYNOPSIS addr ::cred [-v] ATTRIBUTES Target: kvm Module: genunix Interface Stability: Unstable > ::help credgrp NAME credgrp - display a cred_t groups SYNOPSIS addr ::credgrp [-v] ATTRIBUTES Target: kvm Module: genunix Interface Stability: Unstable > ::help credsid NAME credsid - display a cred_t kSIDs SYNOPSIS addr ::credsid [-v] ATTRIBUTES Target: kvm Module: genunix Interface Stability: Unstable
There's also a new "walker" named "ksidlist" which walks the ksidlist_t added to cred_t for smbsrv user sessions. This is the key bit: we can finally print out the SIDs for a logged on CIFS user!
Here's some sample output with a CIFS credential:
> ::smblist
SERVER ZONE STATE
ffffff02f92d3000 0 RUNNING
SESSION CLIENT_IP_ADDR LOCAL_IP_ADDR STATE
ffffff031a567da8 127.0.0.1 127.0.0.1 NEGOTIATED
USER UID ACCOUNT
ffffff0320c5f908 1 NT Authority\Anonymous
ffffff031a567008 127.0.0.1 127.0.0.1 NEGOTIATED
USER UID ACCOUNT
ffffff0320c5fa28 1 DELL6300GWR\gwr
TREE TID SHARE NAME RESOURCE
ffffff031a565b68 1 junk /tank/home/junk
> ffffff0320c5fa28 ::smbuser -v
SMB user information (ffffff0320c5fa28):
UID: 1
State: 0 (LOGGED_IN)
Flags: 0x00000000
Privileges: 0x00000000
Credential: ffffff030a15c8f8
Reference Count: 0
User Account: DELL6300GWR\gwr
> ffffff030a15c8f8 ::cred -v
{
cr_ref = 0x1
cr_uid = 0x13e8e
cr_gid = 0xa
cr_ruid = 0x13e8e
cr_rgid = 0xa
cr_suid = 0x13e8e
cr_sgid = 0xa
cr_priv = {
crprivs = [
{
pbits = [ 0x14820, 0x7100000, 0 ]
},
{
pbits = [ 0x14820, 0x7100000, 0 ]
},
{
pbits = [ 0x14820, 0x7100000, 0 ]
},
{
pbits = [ 0xffffffff, 0xffffffff, 0xffffffff ]
},
]
crpriv_flags = 0x10
}
cr_projid = 0
cr_zone = zone0
cr_label = 0
cr_klpd = 0
cr_ksid = 0xffffff02ed789f40
cr_grps = 0xffffff030826e568
}
cr_grps:
ref = 0x1, ngroups = 0x1, groups:
0xffffff030826e570: 10
cr_ksid:
kr_ref = 0x1
user: S-1-5-21-2957573041-3731278081-2656425425-82550
group: S-1-5-21-2957573041-3731278081-2656425425-2147483658
owner: S-1-5-21-2957573041-3731278081-2656425425-82550
count: S-1-5-21-2957573041-3731278081-2656425425-82550
kr_sidlist = ffffff03055697e0
S-1-5-21-2957573041-3731278081-2656425425-2147483658
S-1-5-2
S-1-5-11
>
Updated by Gordon Ross almost 12 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
changeset: 13471:40b0439235e8
tag: tip
user: Gordon Ross <gwr@nexenta.com>
date: Wed Sep 28 13:44:24 2011 -0400
description:
1525 Need an easier way to see SIDs in cred_t
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Eric Schrock <eric.schrock@delphix.com>
Approved by: Garrett D'Amore <garrett@nexenta.com>
modified:
usr/src/cmd/mdb/common/modules/genunix/Makefile.files
usr/src/cmd/mdb/common/modules/genunix/genunix.c
usr/src/uts/common/os/cred.c
usr/src/uts/common/sys/cred_impl.h
added:
usr/src/cmd/mdb/common/modules/genunix/cred.c
usr/src/cmd/mdb/common/modules/genunix/cred.h
Actions