Project

General

Profile

Feature #1525

Need an easier way to see SIDs in cred_t

Added by Gordon Ross almost 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Start date:
2011-09-16
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Here are some mdb features I've long wanted:

> ::help cred

NAME
  cred - display a credential

SYNOPSIS
  addr ::cred [-v]

ATTRIBUTES

  Target: kvm
  Module: genunix
  Interface Stability: Unstable

> ::help credgrp

NAME
  credgrp - display a cred_t groups

SYNOPSIS
  addr ::credgrp [-v]

ATTRIBUTES

  Target: kvm
  Module: genunix
  Interface Stability: Unstable

> ::help credsid

NAME
  credsid - display a cred_t kSIDs

SYNOPSIS
  addr ::credsid [-v]

ATTRIBUTES

  Target: kvm
  Module: genunix
  Interface Stability: Unstable

There's also a new "walker" named "ksidlist" which walks the ksidlist_t added to cred_t for smbsrv user sessions. This is the key bit: we can finally print out the SIDs for a logged on CIFS user!

Here's some sample output with a CIFS credential:

> ::smblist
SERVER           ZONE STATE                            
ffffff02f92d3000 0    RUNNING                          
  SESSION          CLIENT_IP_ADDR   LOCAL_IP_ADDR    STATE           
  ffffff031a567da8 127.0.0.1        127.0.0.1        NEGOTIATED
    USER             UID   ACCOUNT                         
    ffffff0320c5f908 1     NT Authority\Anonymous          
  ffffff031a567008 127.0.0.1        127.0.0.1        NEGOTIATED
    USER             UID   ACCOUNT                         
    ffffff0320c5fa28 1     DELL6300GWR\gwr                 
      TREE             TID   SHARE NAME       RESOURCE                        
      ffffff031a565b68 1     junk             /tank/home/junk                 
> ffffff0320c5fa28 ::smbuser -v
SMB user information (ffffff0320c5fa28):
UID: 1
State: 0 (LOGGED_IN)
Flags: 0x00000000
Privileges: 0x00000000
Credential: ffffff030a15c8f8
Reference Count: 0
User Account: DELL6300GWR\gwr

> ffffff030a15c8f8 ::cred -v
{
    cr_ref = 0x1
    cr_uid = 0x13e8e
    cr_gid = 0xa
    cr_ruid = 0x13e8e
    cr_rgid = 0xa
    cr_suid = 0x13e8e
    cr_sgid = 0xa
    cr_priv = {
        crprivs = [
            {
                pbits = [ 0x14820, 0x7100000, 0 ]
            },
            {
                pbits = [ 0x14820, 0x7100000, 0 ]
            },
            {
                pbits = [ 0x14820, 0x7100000, 0 ]
            },
            {
                pbits = [ 0xffffffff, 0xffffffff, 0xffffffff ]
            },
        ]
        crpriv_flags = 0x10           
    }
    cr_projid = 0
    cr_zone = zone0
    cr_label = 0
    cr_klpd = 0
    cr_ksid = 0xffffff02ed789f40
    cr_grps = 0xffffff030826e568
}
cr_grps:
    ref = 0x1, ngroups = 0x1, groups:
    0xffffff030826e570:         10              
cr_ksid:
    kr_ref = 0x1
    user:  S-1-5-21-2957573041-3731278081-2656425425-82550
    group: S-1-5-21-2957573041-3731278081-2656425425-2147483658
    owner: S-1-5-21-2957573041-3731278081-2656425425-82550
    count: S-1-5-21-2957573041-3731278081-2656425425-82550
    kr_sidlist = ffffff03055697e0
        S-1-5-21-2957573041-3731278081-2656425425-2147483658
        S-1-5-2
        S-1-5-11
> 

History

#1

Updated by Gordon Ross almost 8 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
changeset:   13471:40b0439235e8
tag:         tip
user:        Gordon Ross <gwr@nexenta.com>
date:        Wed Sep 28 13:44:24 2011 -0400

description:
       1525 Need an easier way to see SIDs in cred_t
       Reviewed by: Robert Mustacchi <rm@joyent.com>
       Reviewed by: Eric Schrock <eric.schrock@delphix.com>
       Approved by: Garrett D'Amore <garrett@nexenta.com>

modified:
  usr/src/cmd/mdb/common/modules/genunix/Makefile.files
  usr/src/cmd/mdb/common/modules/genunix/genunix.c
  usr/src/uts/common/os/cred.c
  usr/src/uts/common/sys/cred_impl.h
added:
  usr/src/cmd/mdb/common/modules/genunix/cred.c
  usr/src/cmd/mdb/common/modules/genunix/cred.h

Also available in: Atom PDF