[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Nov 10 23:24:04 UTC 2015
The branch, master has been updated
via 42d5b06 vfs: Remove smb_traffic_analyzer
via 2d6dca8 smbstatus: always initialize a messaing context
via c701e46 lib: Fix CID 1338432 Unchecked return value
from 609a923 dns_server: Fix a clang warning
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 42d5b06d7ab2226598e98ebf3df94723f2f9b093
Author: Volker Lendecke <vl at samba.org>
Date: Mon Nov 9 10:14:26 2015 +0100
vfs: Remove smb_traffic_analyzer
Holger Hetterich told me in a personal email that he does not have
time to care about this project anymore and that he is fine to
remove it from Samba.
Why the removal? It contains homegrown crypto that would need to
be thoroughly audited and/or fixed. And if it's neither maintained
nor widely used I'd rather have it removed.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 11 00:23:35 CET 2015 on sn-devel-104
commit 2d6dca8797afb02083c86ec7d8d220fa6a60d333
Author: Ralph Boehme <slow at samba.org>
Date: Tue Nov 10 17:59:09 2015 +0100
smbstatus: always initialize a messaing context
Recent changes (b542ce7db394de3023b95288b0c40c4533c02cb1) to serverid
code made serverid_exists() call messaging_dgm_get_unique() which means
we depend on a valid messaging context that initializes
global_dgm_context.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c701e46431782fd7843fb25256418f6690a09da9
Author: Volker Lendecke <vl at samba.org>
Date: Tue Nov 10 09:56:56 2015 +0100
lib: Fix CID 1338432 Unchecked return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/smbta-util.8.xml | 115 ---
docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml | 299 -------
docs-xml/wscript_build | 2 -
lib/crypto/REQUIREMENTS | 3 -
packaging/RHEL-CTDB/samba.spec.tmpl | 3 -
packaging/RHEL/samba.spec.tmpl | 2 -
source3/lib/pthreadpool/pthreadpool.c | 11 +-
source3/modules/vfs_smb_traffic_analyzer.c | 947 -----------------------
source3/modules/vfs_smb_traffic_analyzer.h | 157 ----
source3/modules/wscript_build | 8 -
source3/utils/smbta-util.c | 211 -----
source3/utils/status.c | 31 +-
source3/wscript | 2 +-
source3/wscript_build | 7 -
14 files changed, 20 insertions(+), 1778 deletions(-)
delete mode 100644 docs-xml/manpages/smbta-util.8.xml
delete mode 100644 docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
delete mode 100644 source3/modules/vfs_smb_traffic_analyzer.c
delete mode 100644 source3/modules/vfs_smb_traffic_analyzer.h
delete mode 100644 source3/utils/smbta-util.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/smbta-util.8.xml b/docs-xml/manpages/smbta-util.8.xml
deleted file mode 100644
index 83abfe9..0000000
--- a/docs-xml/manpages/smbta-util.8.xml
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-<refentry id="smbta-util.8">
-
-<refmeta>
- <refentrytitle>smbta-util</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">4.3</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>smbta-util</refname>
- <refpurpose>control encryption in VFS smb_traffic_analyzer</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-
- <cmdsynopsis>
- <command>smbta-util</command>
- <arg rep="repeat" choice="opt">
- <replaceable>COMMANDS</replaceable>
- </arg>
- </cmdsynopsis>
-
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
-
- <para>This tool is part of the
- <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry> suite.</para>
-
- <para><command>smbta-util</command> is a tool to ease the
- configuration of the vfs_smb_traffic_analyzer module regarding
- data encryption.</para>
- <para>The user can generate a key, install a key (activating
- encryption), or uninstall a key (deactivating encryption).
- Any operation that installs a key will create a File containing
- the key. This file can be used by smbta-tool on other machines
- to install the same key from the file.</para>
-
-
-</refsect1>
-
-
-<refsect1>
- <title>COMMANDS</title>
-
- <variablelist>
-
- <varlistentry>
- <term><option>-h</option></term>
- <listitem><para>Show a short help text on the command line.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-f</option>
- <replaceable>KEYFILE</replaceable></term>
- <listitem><para>Open an existing keyfile, read the key from
- the file, and install the key, activating encryption.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-g</option>
- <replaceable>KEYFILE</replaceable></term>
- <listitem><para>Generate a new random key, install the key,
- activate encryption, and store the key into the file KEYFILE.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-u</option></term>
- <listitem><para>Uninstall the key, deactivating encryption.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-s</option></term>
- <listitem><para>Check if a key is installed.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-c</option>
- <replaceable>KEYFILE</replaceable></term>
- <listitem><para>Create a KEYFILE from an installed key.
- </para></listitem>
- </varlistentry>
-
-
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>VERSION</title>
- <para>This man page is correct for version 3.4 of the Samba suite.</para>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
- <para> The original version of smbta-util was created by Holger Hetterich.
- </para>
- <para> The original Samba software and related utilities were
- created by Andrew Tridgell. Samba is now developed by the
- Samba Team as an Open Source project similar to the way the
- Linux kernel is developed.</para>
-</refsect1>
-
-</refentry>
diff --git a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
deleted file mode 100644
index f441a36..0000000
--- a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
+++ /dev/null
@@ -1,299 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="vfs_smb_traffic_analyzer.8">
-
-<refmeta>
- <refentrytitle>smb_traffic_analyzer</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">4.3</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>vfs_smb_traffic_analyzer</refname>
- <refpurpose>log Samba VFS read and write operations through a socket
- to a helper application</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <cmdsynopsis>
- <command>vfs objects = smb_traffic_analyzer</command>
- </cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
-
- <para>This VFS module is part of the
- <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>7</manvolnum></citerefentry> suite.</para>
-
- <para>The <command>vfs_smb_traffic_analyzer</command> VFS module logs
- client file operations on a Samba server and sends this data
- over a socket to a helper program (in the following the "Receiver"),
- which feeds a SQL database. More
- information on the helper programs can be obtained from the
- homepage of the project at:
- http://holger123.wordpress.com/smb-traffic-analyzer/
- Since the VFS module depends on a receiver that is doing something with
- the data, it is evolving in it's development. Therefore, the module
- works with different protocol versions, and the receiver has to be able
- to decode the protocol that is used. The protocol version 1 was
- introduced to Samba at September 25, 2008. It was a very simple
- protocol, supporting only a small list of VFS operations, and had
- several drawbacks. The protocol version 2 is a try to solve the
- problems version 1 had while at the same time adding new features.
- With the release of Samba 4.0.0, the module will run protocol version 2
- by default.
- </para>
-</refsect1>
-
-<refsect1>
- <title>Protocol version 1 documentation</title>
- <para><command>vfs_smb_traffic_analyzer</command> protocol version 1 is aware
- of the following VFS operations:</para>
-
- <simplelist>
- <member>write</member>
- <member>pwrite</member>
- <member>read</member>
- <member>pread</member>
- </simplelist>
-
- <para><command>vfs_smb_traffic_analyzer</command> sends the following data
- in a fixed format separated by a comma through either an internet or a
- unix domain socket:</para>
- <programlisting>
- BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
- </programlisting>
-
- <para>Description of the records:
-
- <itemizedlist>
- <listitem><para><command>BYTES</command> - the length in bytes of the VFS operation</para></listitem>
- <listitem><para><command>USER</command> - the user who initiated the operation</para></listitem>
- <listitem><para><command>DOMAIN</command> - the domain of the user</para></listitem>
- <listitem><para><command>READ/WRITE</command> - either "W" for a write operation or "R" for read</para></listitem>
- <listitem><para><command>SHARE</command> - the name of the share on which the VFS operation occurred</para></listitem>
- <listitem><para><command>FILENAME</command> - the name of the file that was used by the VFS operation</para></listitem>
- <listitem><para><command>TIMESTAMP</command> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occurred</para></listitem>
- <listitem><para><command>IP</command> - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.</para></listitem>
- </itemizedlist>
-
- </para>
-
- <para>This module is stackable.</para>
-
-</refsect1>
-
-<refsect1>
- <title>Drawbacks of protocol version 1</title>
- <para>Several drawbacks have been seen with protocol version 1 over time.</para>
- <itemizedlist>
- <listitem>
- <para>
- <command>Problematic parsing - </command>
- Protocol version 1 uses hyphen and comma to separate blocks of data. Once there is a
- filename with a hyphen, you will run into problems because the receiver decodes the
- data in a wrong way.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>Insecure network transfer - </command>
- Protocol version 1 sends all it's data as plaintext over the network.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>Limited set of supported VFS operations - </command>
- Protocol version 1 supports only four VFS operations.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>No subreleases of the protocol - </command>
- Protocol version 1 is fixed on it's version, making it unable to introduce new
- features or bugfixes through compatible sub-releases.
- </para>
- </listitem>
- </itemizedlist>
-</refsect1>
-<refsect1>
- <title>Version 2 of the protocol</title>
- <para>Protocol version 2 is an approach to solve the problems introduced with protocol v1.
- From the users perspective, the following changes are most prominent among other enhancements:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- The data from the module may be send encrypted, with a key stored in secrets.tdb. The
- Receiver then has to use the same key. The module does AES block encryption over the
- data to send.
- </para>
- </listitem>
- <listitem>
- <para>
- The module now can identify itself against the receiver with a sub-release number, where
- the receiver may run with a different sub-release number than the module. However, as
- long as both run on the V2.x protocol, the receiver will not crash, even if the module
- uses features only implemented in the newer subrelease. Ultimately, if the module uses
- a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
- ignoring the functionality. Of course it is best to have both the receiver and the module
- running the same subrelease of the protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the
- data packages in a proper way.
- </para>
- </listitem>
- <listitem>
- <para>
- The module now potentially has the ability to create data on every VFS function. As of
- protocol V2.0, there is support for 8 VFS functions, namely write,read,pread,pwrite,
- rename,chdir,mkdir and rmdir. Supporting more VFS functions is one of the targets for the
- upcoming sub-releases.
- </para>
- </listitem>
- </itemizedlist>
- <para>
- To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS).
- </para>
-
-</refsect1>
-
-<refsect1>
- <title>OPTIONS with protocol V1 and V2.x</title>
-
- <variablelist>
-
- <varlistentry>
- <term>smb_traffic_analyzer:mode = STRING</term>
- <listitem>
- <para>If STRING matches to "unix_domain_socket", the module will
- use a unix domain socket located at /var/tmp/stadsocket, if
- STRING contains an different string or is not defined, the module will
- use an internet domain socket for data transfer.</para>
-
- </listitem>
- </varlistentry>
-
-
- <varlistentry>
- <term>smb_traffic_analyzer:host = STRING</term>
- <listitem>
- <para>The module will send the data to the system named with
- the hostname STRING.</para>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>smb_traffic_analyzer:port = STRING</term>
- <listitem>
- <para>The module will send the data using the TCP port given
- in STRING.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>smb_traffic_analyzer:anonymize_prefix = STRING</term>
- <listitem>
- <para>The module will replace the user names with a prefix
- given by STRING and a simple hash number. In version 2.x
- of the protocol, the users SID will also be anonymized.
- </para>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>smb_traffic_analyzer:total_anonymization = STRING</term>
- <listitem>
- <para>If STRING matches to 'yes', the module will replace
- any user name with the string given by the option
- smb_traffic_analyzer:anonymize_prefix, without generating
- an additional hash number. This means that any transfer data
- will be mapped to a single user, leading to a total
- anonymization of user related data. In version 2.x of the
- protocol, the users SID will also be anonymized.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>smb_traffic_analyzer:protocol_version = STRING</term>
- <listitem>
- <para>If STRING matches to V1, the module will use version 1 of the
- protocol. If STRING is not given, the module will use version 2 of the
- protocol, which is the default.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
- <para>Running protocol V2 on share "example_share", using an internet socket.</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs_objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
- </programlisting>
-
- <para>The module running on share "example_share", using a unix domain socket</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:mode">unix_domain_socket</smbconfoption>
- </programlisting>
-
- <para>The module running on share "example_share", using an internet socket,
- connecting to host "examplehost" on port 3491.</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
- </programlisting>
-
- <para>The module running on share "example_share", using an internet socket,
- connecting to host "examplehost" on port 3491, anonymizing user names with
- the prefix "User".</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:anonymize_prefix">User</smbconfoption>
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>VERSION</title>
- <para>This man page is correct for version 3.3 of the Samba suite.
- </para>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.</para>
-
- <para>The original version of the VFS module and the
- helper tools were created by Holger Hetterich.</para>
-</refsect1>
-</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index b327a3e..d0e1051 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -39,7 +39,6 @@ manpages='''
manpages/smbpasswd.8
manpages/smbspool.8
manpages/smbstatus.1
- manpages/smbta-util.8
manpages/smbtar.1
manpages/smbtree.1
manpages/testparm.1
@@ -77,7 +76,6 @@ manpages='''
manpages/vfs_shadow_copy.8
manpages/vfs_shadow_copy2.8
manpages/vfs_shell_snap.8
- manpages/vfs_smb_traffic_analyzer.8
manpages/vfs_snapper.8
manpages/vfs_streams_depot.8
manpages/vfs_streams_xattr.8
diff --git a/lib/crypto/REQUIREMENTS b/lib/crypto/REQUIREMENTS
index 4b1e21a..351c2bb 100644
--- a/lib/crypto/REQUIREMENTS
+++ b/lib/crypto/REQUIREMENTS
@@ -35,9 +35,6 @@ AES CFB8
- SCHANNEL
- NETLOGON SamLogon session keys
-AES 128
- - SMB VFS traffic analyzer
-
# NETTLE (AES-NI available)
AES128 CCM
diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl b/packaging/RHEL-CTDB/samba.spec.tmpl
index e76137e..0d8b5a6 100644
--- a/packaging/RHEL-CTDB/samba.spec.tmpl
+++ b/packaging/RHEL-CTDB/samba.spec.tmpl
@@ -420,7 +420,6 @@ exit 0
%{_libarchdir}/samba/vfs/recycle.so
%{_libarchdir}/samba/vfs/shadow_copy.so
%{_libarchdir}/samba/vfs/shadow_copy2.so
-%{_libarchdir}/samba/vfs/smb_traffic_analyzer.so
%{_libarchdir}/samba/vfs/streams_depot.so
%{_libarchdir}/samba/vfs/streams_xattr.so
%{_libarchdir}/samba/vfs/syncops.so
@@ -444,7 +443,6 @@ exit 0
%{_mandir}/man8/smbd.8*
%{_mandir}/man8/eventlogadm.8*
%{_mandir}/man8/vfs_*.8*
-%{_mandir}/man8/smbta-util.8*
##########
@@ -492,7 +490,6 @@ exit 0
%{_bindir}/smbtar
%{_bindir}/smbtree
%{_bindir}/sharesec
-%{_bindir}/smbta-util
%{_mandir}/man8/smbspool.8*
%{_mandir}/man1/smbget.1*
diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl
index 0f51c4e..bb8ff11 100644
--- a/packaging/RHEL/samba.spec.tmpl
+++ b/packaging/RHEL/samba.spec.tmpl
@@ -337,7 +337,6 @@ fi
%{_bindir}/mksmbpasswd.sh
%{_bindir}/smbcontrol
%{_bindir}/smbstatus
-%{_bindir}/smbta-util
%{_bindir}/tdbbackup
%{_bindir}/tdbtool
%{_bindir}/tdbdump
--
Samba Shared Repository
More information about the samba-cvs
mailing list