Question about secrets.tdb

[Holger Hetterich]

Hi,

I am currently implementing AES encryption support in 
vfs_smb_traffic_analyzer.

I need to store a 128bit key which the module can read at runtime.
Nothing complex, because it's going to be simple symmetric
AES encryption, the module and the receiver is going to use the same
key, there's no real authentification, it's just based on machine trust.

Now I would like to store the key in the secrets.tdb, for the module to fetch.
The administrator would have to inject the key into the secrets.tdb, by
using a helper script, and if the module finds the key, it automatically
enables encryption. If not, it's going to run in the normal mode.

My main question is, would that be acceptable for the samba team?

Storing the key directly in smb.conf is no option. Too easily it could be
readable by a user, and it's not a place for secret data by definition.

Originally I wanted to store the key in a file, which has been installed 
with the correct permissions somewhere on the filesystem, and the
path would have been given in smb.conf.

However, I don't see where I can get a conn number while I am in the
init function of the module, and therefore cannot open the file at the
module's startup, because I can't read the modules configuration at this
moment in smb.conf. I would need to open the file, and read the key at
every socket connection. 

I found the idea to store the key in secrets.tdb not as that bad. I can 
easily read it while I am in the module. It can be made easy for the
administrator, by adding a script to the traffic analyzer package, installing
the key. Although secrets.tdb is described as to contain "generated secret
data", I still believe it could fit for this case too.

What do you think?

Holger

-- 
Holger Hetterich, hhetter at novell.com, 
  SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
   Maxfeldstr. 5, 90409 Nürnberg, Germany