[PATCH] vfs: Remove smb_traffic_analyzer
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Nov 9 13:59:02 UTC 2015
Hi!
During the crypto lib discussion a few months ago I found
that SMBTA does crypto using basic AES. Instead of acquiring
the right skills to properly audit that code I asked Holger
about the current status of SMBTA. I also found some dead
documentation links, and Holger confirmed that SMBTA is not
actively maintained anymore due to missing time on his side.
He told me he's okay with the VFS module to be removed from
Samba.
Comments?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
Besuchen Sie uns vom 10.-11.11.15 auf der ISSE!
Information Security Solutions Europe Conference
Hotel Palace Berlin, 20%-Rabattcode: "ISSE15SP"
Meet us at Information Security Conference ISSE!
November 10th - 11th 2015 in Hotel Palace Berlin
For 20% discount take voucher code: "ISSE15SP"
-------------- next part --------------
From 0de4560e90f354383db1fccc71084a9d5d4d41e1 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 9 Nov 2015 10:14:26 +0100
Subject: [PATCH] vfs: Remove smb_traffic_analyzer
Holger Hetterich told me in a personal email that he does not have
time to care about this project anymore and that he is fine to
remove it from Samba.
Why the removal? It contains homegrown crypto that would need to
be thoroughly audited and/or fixed. And if it's neither maintained
nor widely used I'd rather have it removed.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
docs-xml/manpages/smbta-util.8.xml | 115 ---
docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml | 299 -------
docs-xml/wscript_build | 2 -
packaging/RHEL-CTDB/samba.spec.tmpl | 3 -
packaging/RHEL/samba.spec.tmpl | 2 -
source3/modules/vfs_smb_traffic_analyzer.c | 947 -----------------------
source3/modules/wscript_build | 8 -
source3/utils/smbta-util.c | 211 -----
source3/wscript | 2 +-
source3/wscript_build | 7 -
10 files changed, 1 insertion(+), 1595 deletions(-)
delete mode 100644 docs-xml/manpages/smbta-util.8.xml
delete mode 100644 docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
delete mode 100644 source3/modules/vfs_smb_traffic_analyzer.c
delete mode 100644 source3/utils/smbta-util.c
diff --git a/docs-xml/manpages/smbta-util.8.xml b/docs-xml/manpages/smbta-util.8.xml
deleted file mode 100644
index 83abfe9..0000000
--- a/docs-xml/manpages/smbta-util.8.xml
+++ /dev/null
@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-<refentry id="smbta-util.8">
-
-<refmeta>
- <refentrytitle>smbta-util</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">4.3</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>smbta-util</refname>
- <refpurpose>control encryption in VFS smb_traffic_analyzer</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-
- <cmdsynopsis>
- <command>smbta-util</command>
- <arg rep="repeat" choice="opt">
- <replaceable>COMMANDS</replaceable>
- </arg>
- </cmdsynopsis>
-
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
-
- <para>This tool is part of the
- <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>1</manvolnum></citerefentry> suite.</para>
-
- <para><command>smbta-util</command> is a tool to ease the
- configuration of the vfs_smb_traffic_analyzer module regarding
- data encryption.</para>
- <para>The user can generate a key, install a key (activating
- encryption), or uninstall a key (deactivating encryption).
- Any operation that installs a key will create a File containing
- the key. This file can be used by smbta-tool on other machines
- to install the same key from the file.</para>
-
-
-</refsect1>
-
-
-<refsect1>
- <title>COMMANDS</title>
-
- <variablelist>
-
- <varlistentry>
- <term><option>-h</option></term>
- <listitem><para>Show a short help text on the command line.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-f</option>
- <replaceable>KEYFILE</replaceable></term>
- <listitem><para>Open an existing keyfile, read the key from
- the file, and install the key, activating encryption.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-g</option>
- <replaceable>KEYFILE</replaceable></term>
- <listitem><para>Generate a new random key, install the key,
- activate encryption, and store the key into the file KEYFILE.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-u</option></term>
- <listitem><para>Uninstall the key, deactivating encryption.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-s</option></term>
- <listitem><para>Check if a key is installed.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>-c</option>
- <replaceable>KEYFILE</replaceable></term>
- <listitem><para>Create a KEYFILE from an installed key.
- </para></listitem>
- </varlistentry>
-
-
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>VERSION</title>
- <para>This man page is correct for version 3.4 of the Samba suite.</para>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
- <para> The original version of smbta-util was created by Holger Hetterich.
- </para>
- <para> The original Samba software and related utilities were
- created by Andrew Tridgell. Samba is now developed by the
- Samba Team as an Open Source project similar to the way the
- Linux kernel is developed.</para>
-</refsect1>
-
-</refentry>
diff --git a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
deleted file mode 100644
index f441a36..0000000
--- a/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml
+++ /dev/null
@@ -1,299 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="vfs_smb_traffic_analyzer.8">
-
-<refmeta>
- <refentrytitle>smb_traffic_analyzer</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">4.3</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>vfs_smb_traffic_analyzer</refname>
- <refpurpose>log Samba VFS read and write operations through a socket
- to a helper application</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <cmdsynopsis>
- <command>vfs objects = smb_traffic_analyzer</command>
- </cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
-
- <para>This VFS module is part of the
- <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>7</manvolnum></citerefentry> suite.</para>
-
- <para>The <command>vfs_smb_traffic_analyzer</command> VFS module logs
- client file operations on a Samba server and sends this data
- over a socket to a helper program (in the following the "Receiver"),
- which feeds a SQL database. More
- information on the helper programs can be obtained from the
- homepage of the project at:
- http://holger123.wordpress.com/smb-traffic-analyzer/
- Since the VFS module depends on a receiver that is doing something with
- the data, it is evolving in it's development. Therefore, the module
- works with different protocol versions, and the receiver has to be able
- to decode the protocol that is used. The protocol version 1 was
- introduced to Samba at September 25, 2008. It was a very simple
- protocol, supporting only a small list of VFS operations, and had
- several drawbacks. The protocol version 2 is a try to solve the
- problems version 1 had while at the same time adding new features.
- With the release of Samba 4.0.0, the module will run protocol version 2
- by default.
- </para>
-</refsect1>
-
-<refsect1>
- <title>Protocol version 1 documentation</title>
- <para><command>vfs_smb_traffic_analyzer</command> protocol version 1 is aware
- of the following VFS operations:</para>
-
- <simplelist>
- <member>write</member>
- <member>pwrite</member>
- <member>read</member>
- <member>pread</member>
- </simplelist>
-
- <para><command>vfs_smb_traffic_analyzer</command> sends the following data
- in a fixed format separated by a comma through either an internet or a
- unix domain socket:</para>
- <programlisting>
- BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP
- </programlisting>
-
- <para>Description of the records:
-
- <itemizedlist>
- <listitem><para><command>BYTES</command> - the length in bytes of the VFS operation</para></listitem>
- <listitem><para><command>USER</command> - the user who initiated the operation</para></listitem>
- <listitem><para><command>DOMAIN</command> - the domain of the user</para></listitem>
- <listitem><para><command>READ/WRITE</command> - either "W" for a write operation or "R" for read</para></listitem>
- <listitem><para><command>SHARE</command> - the name of the share on which the VFS operation occurred</para></listitem>
- <listitem><para><command>FILENAME</command> - the name of the file that was used by the VFS operation</para></listitem>
- <listitem><para><command>TIMESTAMP</command> - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occurred</para></listitem>
- <listitem><para><command>IP</command> - The IP Address (v4 or v6) of the client machine that initiated the VFS operation.</para></listitem>
- </itemizedlist>
-
- </para>
-
- <para>This module is stackable.</para>
-
-</refsect1>
-
-<refsect1>
- <title>Drawbacks of protocol version 1</title>
- <para>Several drawbacks have been seen with protocol version 1 over time.</para>
- <itemizedlist>
- <listitem>
- <para>
- <command>Problematic parsing - </command>
- Protocol version 1 uses hyphen and comma to separate blocks of data. Once there is a
- filename with a hyphen, you will run into problems because the receiver decodes the
- data in a wrong way.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>Insecure network transfer - </command>
- Protocol version 1 sends all it's data as plaintext over the network.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>Limited set of supported VFS operations - </command>
- Protocol version 1 supports only four VFS operations.
- </para>
- </listitem>
- <listitem>
- <para>
- <command>No subreleases of the protocol - </command>
- Protocol version 1 is fixed on it's version, making it unable to introduce new
- features or bugfixes through compatible sub-releases.
- </para>
- </listitem>
- </itemizedlist>
-</refsect1>
-<refsect1>
- <title>Version 2 of the protocol</title>
- <para>Protocol version 2 is an approach to solve the problems introduced with protocol v1.
- From the users perspective, the following changes are most prominent among other enhancements:
- </para>
- <itemizedlist>
- <listitem>
- <para>
- The data from the module may be send encrypted, with a key stored in secrets.tdb. The
- Receiver then has to use the same key. The module does AES block encryption over the
- data to send.
- </para>
- </listitem>
- <listitem>
- <para>
- The module now can identify itself against the receiver with a sub-release number, where
- the receiver may run with a different sub-release number than the module. However, as
- long as both run on the V2.x protocol, the receiver will not crash, even if the module
- uses features only implemented in the newer subrelease. Ultimately, if the module uses
- a new feature from a newer subrelease, and the receiver runs an older protocol, it is just
- ignoring the functionality. Of course it is best to have both the receiver and the module
- running the same subrelease of the protocol.
- </para>
- </listitem>
- <listitem>
- <para>
- The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the
- data packages in a proper way.
- </para>
- </listitem>
- <listitem>
- <para>
- The module now potentially has the ability to create data on every VFS function. As of
- protocol V2.0, there is support for 8 VFS functions, namely write,read,pread,pwrite,
- rename,chdir,mkdir and rmdir. Supporting more VFS functions is one of the targets for the
- upcoming sub-releases.
- </para>
- </listitem>
- </itemizedlist>
- <para>
- To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS).
- </para>
-
-</refsect1>
-
-<refsect1>
- <title>OPTIONS with protocol V1 and V2.x</title>
-
- <variablelist>
-
- <varlistentry>
- <term>smb_traffic_analyzer:mode = STRING</term>
- <listitem>
- <para>If STRING matches to "unix_domain_socket", the module will
- use a unix domain socket located at /var/tmp/stadsocket, if
- STRING contains an different string or is not defined, the module will
- use an internet domain socket for data transfer.</para>
-
- </listitem>
- </varlistentry>
-
-
- <varlistentry>
- <term>smb_traffic_analyzer:host = STRING</term>
- <listitem>
- <para>The module will send the data to the system named with
- the hostname STRING.</para>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>smb_traffic_analyzer:port = STRING</term>
- <listitem>
- <para>The module will send the data using the TCP port given
- in STRING.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>smb_traffic_analyzer:anonymize_prefix = STRING</term>
- <listitem>
- <para>The module will replace the user names with a prefix
- given by STRING and a simple hash number. In version 2.x
- of the protocol, the users SID will also be anonymized.
- </para>
-
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>smb_traffic_analyzer:total_anonymization = STRING</term>
- <listitem>
- <para>If STRING matches to 'yes', the module will replace
- any user name with the string given by the option
- smb_traffic_analyzer:anonymize_prefix, without generating
- an additional hash number. This means that any transfer data
- will be mapped to a single user, leading to a total
- anonymization of user related data. In version 2.x of the
- protocol, the users SID will also be anonymized.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>smb_traffic_analyzer:protocol_version = STRING</term>
- <listitem>
- <para>If STRING matches to V1, the module will use version 1 of the
- protocol. If STRING is not given, the module will use version 2 of the
- protocol, which is the default.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
- <para>Running protocol V2 on share "example_share", using an internet socket.</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs_objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
- </programlisting>
-
- <para>The module running on share "example_share", using a unix domain socket</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:mode">unix_domain_socket</smbconfoption>
- </programlisting>
-
- <para>The module running on share "example_share", using an internet socket,
- connecting to host "examplehost" on port 3491.</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
- </programlisting>
-
- <para>The module running on share "example_share", using an internet socket,
- connecting to host "examplehost" on port 3491, anonymizing user names with
- the prefix "User".</para>
- <programlisting>
- <smbconfsection name="[example_share]"/>
- <smbconfoption name="path">/data/example</smbconfoption>
- <smbconfoption name="vfs objects">smb_traffic_analyzer</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:host">examplehost</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:port">3491</smbconfoption>
- <smbconfoption name="smb_traffic_analyzer:anonymize_prefix">User</smbconfoption>
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>VERSION</title>
- <para>This man page is correct for version 3.3 of the Samba suite.
- </para>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.</para>
-
- <para>The original version of the VFS module and the
- helper tools were created by Holger Hetterich.</para>
-</refsect1>
-</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index b327a3e..d0e1051 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -39,7 +39,6 @@ manpages='''
manpages/smbpasswd.8
manpages/smbspool.8
manpages/smbstatus.1
- manpages/smbta-util.8
manpages/smbtar.1
manpages/smbtree.1
manpages/testparm.1
@@ -77,7 +76,6 @@ manpages='''
manpages/vfs_shadow_copy.8
manpages/vfs_shadow_copy2.8
manpages/vfs_shell_snap.8
- manpages/vfs_smb_traffic_analyzer.8
manpages/vfs_snapper.8
manpages/vfs_streams_depot.8
manpages/vfs_streams_xattr.8
diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl b/packaging/RHEL-CTDB/samba.spec.tmpl
index e76137e..0d8b5a6 100644
--- a/packaging/RHEL-CTDB/samba.spec.tmpl
+++ b/packaging/RHEL-CTDB/samba.spec.tmpl
@@ -420,7 +420,6 @@ exit 0
%{_libarchdir}/samba/vfs/recycle.so
%{_libarchdir}/samba/vfs/shadow_copy.so
%{_libarchdir}/samba/vfs/shadow_copy2.so
-%{_libarchdir}/samba/vfs/smb_traffic_analyzer.so
%{_libarchdir}/samba/vfs/streams_depot.so
%{_libarchdir}/samba/vfs/streams_xattr.so
%{_libarchdir}/samba/vfs/syncops.so
@@ -444,7 +443,6 @@ exit 0
%{_mandir}/man8/smbd.8*
%{_mandir}/man8/eventlogadm.8*
%{_mandir}/man8/vfs_*.8*
-%{_mandir}/man8/smbta-util.8*
##########
@@ -492,7 +490,6 @@ exit 0
%{_bindir}/smbtar
%{_bindir}/smbtree
%{_bindir}/sharesec
-%{_bindir}/smbta-util
%{_mandir}/man8/smbspool.8*
%{_mandir}/man1/smbget.1*
diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl
index 0f51c4e..bb8ff11 100644
--- a/packaging/RHEL/samba.spec.tmpl
+++ b/packaging/RHEL/samba.spec.tmpl
@@ -337,7 +337,6 @@ fi
%{_bindir}/mksmbpasswd.sh
%{_bindir}/smbcontrol
%{_bindir}/smbstatus
-%{_bindir}/smbta-util
%{_bindir}/tdbbackup
%{_bindir}/tdbtool
%{_bindir}/tdbdump
@@ -492,7 +491,6 @@ fi
%{_mandir}/man8/smbpasswd.8*
%{_mandir}/man5/pam_winbind.conf.5.*
%{_mandir}/man7/libsmbclient.7*
-%{_mandir}/man8/smbta-util.8*
%{_mandir}/man8/pam_winbind.8*
%changelog
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
deleted file mode 100644
index f5c39ad..0000000
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ /dev/null
@@ -1,947 +0,0 @@
-/*
- * traffic-analyzer VFS module. Measure the smb traffic users create
- * on the net.
- *
- * Copyright (C) Holger Hetterich, 2008-2010
- * Copyright (C) Jeremy Allison, 2008
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-#include "smbd/smbd.h"
-#include "../smbd/globals.h"
-#include "../lib/crypto/crypto.h"
-#include "vfs_smb_traffic_analyzer.h"
-#include "../libcli/security/security.h"
-#include "secrets.h"
-#include "../librpc/gen_ndr/ndr_netlogon.h"
-#include "auth.h"
-#include "../lib/tsocket/tsocket.h"
-#include "lib/util/sys_rw_data.h"
-
-/* abstraction for the send_over_network function */
-enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET};
-
-#define LOCAL_PATHNAME "/var/tmp/stadsocket"
-
-static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
-
-static enum sock_type smb_traffic_analyzer_connMode(vfs_handle_struct *handle)
-{
- connection_struct *conn = handle->conn;
- const char *Mode;
- Mode=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer","mode", \
- "internet_socket");
- if (strstr(Mode,"unix_domain_socket")) {
- return UNIX_DOMAIN_SOCKET;
- } else {
- return INTERNET_SOCKET;
- }
-}
-
-
-/* Connect to an internet socket */
-static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle,
- const char *name, uint16_t port)
-{
- /* Create a streaming Socket */
- int sockfd = -1;
- struct addrinfo hints;
- struct addrinfo *ailist = NULL;
- struct addrinfo *res = NULL;
- int ret;
-
- ZERO_STRUCT(hints);
- /* By default make sure it supports TCP. */
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_ADDRCONFIG;
-
- ret = getaddrinfo(name,
- NULL,
- &hints,
- &ailist);
-
- if (ret) {
- DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: "
- "getaddrinfo failed for name %s [%s]\n",
- name,
- gai_strerror(ret) ));
- return -1;
- }
-
- DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s,"
- "Port: %i\n", name, port));
-
- for (res = ailist; res; res = res->ai_next) {
- struct sockaddr_storage ss;
- NTSTATUS status;
-
- if (!res->ai_addr || res->ai_addrlen == 0) {
- continue;
- }
-
- ZERO_STRUCT(ss);
- memcpy(&ss, res->ai_addr, res->ai_addrlen);
-
- status = open_socket_out(&ss, port, 10000, &sockfd);
- if (NT_STATUS_IS_OK(status)) {
- break;
- }
- }
-
- if (ailist) {
- freeaddrinfo(ailist);
- }
-
- if (sockfd == -1) {
- DEBUG(1, ("smb_traffic_analyzer: unable to create "
- "socket, error is %s",
- strerror(errno)));
- return -1;
- }
-
- return sockfd;
-}
-
-/* Connect to a unix domain socket */
-static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle,
- const char *name)
-{
- /* Create the socket to stad */
- int len, sock;
- struct sockaddr_un remote;
-
- DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: "
- "Unix domain socket mode. Using %s\n",
- name ));
-
- if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
- DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
- "Couldn't create socket, "
- "make sure stad is running!\n"));
- return -1;
- }
- remote.sun_family = AF_UNIX;
- strlcpy(remote.sun_path, name,
- sizeof(remote.sun_path));
- len=strlen(remote.sun_path) + sizeof(remote.sun_family);
- if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) {
- DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
- "Could not connect to "
- "socket, make sure\nstad is running!\n"));
- close(sock);
- return -1;
- }
- return sock;
-}
-
-/* Private data allowing shared connection sockets. */
-struct refcounted_sock {
- struct refcounted_sock *next, *prev;
- char *name;
- uint16_t port;
- int sock;
- unsigned int ref_count;
-};
-
-
-/**
- * Encryption of a data block with AES
- * TALLOC_CTX *ctx Talloc context to work on
- * const char *akey 128bit key for the encryption
- * const char *str Data buffer to encrypt, \0 terminated
- * int *len Will be set to the length of the
- * resulting data block
- * The caller has to take care for the memory
- * allocated on the context.
- */
-static char *smb_traffic_analyzer_encrypt( TALLOC_CTX *ctx,
- const char *akey, const char *str, size_t *len)
-{
- int s1,s2,h;
- AES_KEY key;
- unsigned char filler[17]= "................";
- char *output;
- if (akey == NULL) return NULL;
- AES_set_encrypt_key((const unsigned char *) akey, 128, &key);
- s1 = strlen(str) / 16;
- s2 = strlen(str) % 16;
- memcpy(filler, str + (s1*16), s2);
- DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s"
- " as filling block.\n", filler));
-
- *len = ((s1 + 1)*16);
- output = talloc_array(ctx, char, *len);
- for (h = 0; h < s1; h++) {
- AES_encrypt((const unsigned char *) str+(16*h), (unsigned char *)output+16*h,
- &key);
- }
- AES_encrypt(filler, (unsigned char *)(output+(16*h)), &key);
- *len = (s1*16)+16;
- return output;
-}
-
-/**
- * Create a v2 header.
- * TALLLOC_CTX *ctx Talloc context to work on
- * const char *state_flags State flag string
- * int len length of the data block
- */
-static char *smb_traffic_analyzer_create_header( TALLOC_CTX *ctx,
- const char *state_flags, size_t data_len)
-{
- char *header = talloc_asprintf( ctx, "V2.%s%017u",
- state_flags, (unsigned int) data_len);
- DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created Header:\n"));
- dump_data(10, (uint8_t *)header, strlen(header));
- return header;
-}
-
-
-/**
- * Actually send header and data over the network
- * char *header Header data
- * char *data Data Block
- * int dlength Length of data block
- * int socket
- */
-static void smb_traffic_analyzer_write_data( char *header, char *data,
- int dlength, int _socket)
-{
- int len = strlen(header);
- if (write_data( _socket, header, len) != len) {
- DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
- "error sending the header"
- " over the socket!\n"));
- }
- DEBUG(10,("smb_traffic_analyzer_write_data: sending data:\n"));
- dump_data( 10, (uint8_t *)data, dlength);
-
- if (write_data( _socket, data, dlength) != dlength) {
- DEBUG(1, ("smb_traffic_analyzer_write_data: "
- "error sending crypted data to socket!\n"));
- }
-}
-
-
-/*
- * Anonymize a string if required.
- * TALLOC_CTX *ctx The talloc context to work on
- * const char *str The string to anonymize
- * vfs_handle_struct *handle The handle struct to work on
- *
- * Returns a newly allocated string, either the anonymized one,
- * or a copy of const char *str. The caller has to take care for
- * freeing the allocated memory.
- */
-static char *smb_traffic_analyzer_anonymize( TALLOC_CTX *ctx,
- const char *str,
- vfs_handle_struct *handle )
-{
- const char *total_anonymization;
- const char *anon_prefix;
- char *output;
- total_anonymization=lp_parm_const_string(SNUM(handle->conn),
- "smb_traffic_analyzer",
- "total_anonymization", NULL);
-
- anon_prefix=lp_parm_const_string(SNUM(handle->conn),
- "smb_traffic_analyzer",
- "anonymize_prefix", NULL );
- if (anon_prefix != NULL) {
- if (total_anonymization != NULL) {
- output = talloc_asprintf(ctx, "%s",
- anon_prefix);
- } else {
- output = talloc_asprintf(ctx, "%s%i", anon_prefix,
- str_checksum(str));
- }
- } else {
- output = talloc_asprintf(ctx, "%s", str);
- }
-
- return output;
-}
-
-
-/**
- * The marshalling function for protocol v2.
- * TALLOC_CTX *ctx Talloc context to work on
- * struct tm *tm tm struct for the timestamp
- * int seconds milliseconds of the timestamp
- * vfs_handle_struct *handle vfs_handle_struct
- * char *username Name of the user
- * int vfs_operation VFS operation identifier
- * int count Number of the common data blocks
- * [...] variable args data blocks taken from the individual
- * VFS data structures
- *
- * Returns the complete data block to send. The caller has to
- * take care for freeing the allocated buffer.
- */
-static char *smb_traffic_analyzer_create_string( TALLOC_CTX *ctx,
- struct tm *tm, int seconds, vfs_handle_struct *handle, \
- char *username, int vfs_operation, int count, ... )
-{
-
- va_list ap;
- char *arg = NULL;
- int len;
- char *common_data_count_str = NULL;
- char *timestr = NULL;
- char *sidstr = NULL;
- char *usersid = NULL;
- char *raddr = NULL;
- char *buf = NULL;
- char *vfs_operation_str = NULL;
- const char *service_name = lp_const_servicename(handle->conn->params->service);
-
- /*
- * first create the data that is transfered with any VFS op
- * These are, in the following order:
- *(0) number of data to come [6 in v2.0]
- * 1.vfs_operation identifier
- * 2.username
- * 3.user-SID
- * 4.affected share
- * 5.domain
- * 6.timestamp
- * 7.IP Addresss of client
- */
-
- /*
- * number of common data blocks to come,
- * this is a #define in vfs_smb_traffic_anaylzer.h,
- * it's length is known at compile time
- */
- common_data_count_str = talloc_strdup( ctx, SMBTA_COMMON_DATA_COUNT);
- /* vfs operation identifier */
- vfs_operation_str = talloc_asprintf( common_data_count_str, "%i",
- vfs_operation);
- /*
- * Handle anonymization. In protocol v2, we have to anonymize
- * both the SID and the username. The name is already
- * anonymized if needed, by the calling function.
- */
- usersid = dom_sid_string( common_data_count_str,
- &handle->conn->session_info->security_token->sids[0]);
-
- sidstr = smb_traffic_analyzer_anonymize(
- common_data_count_str,
- usersid,
- handle);
-
- raddr = tsocket_address_inet_addr_string(handle->conn->sconn->remote_address,
- ctx);
- if (raddr == NULL) {
- return NULL;
- }
-
- /* time stamp */
- timestr = talloc_asprintf( common_data_count_str, \
- "%04d-%02d-%02d %02d:%02d:%02d.%03d", \
- tm->tm_year+1900, \
- tm->tm_mon+1, \
- tm->tm_mday, \
- tm->tm_hour, \
- tm->tm_min, \
- tm->tm_sec, \
- (int)seconds);
- len = strlen( timestr );
- /* create the string of common data */
- buf = talloc_asprintf(ctx,
- "%s%04u%s%04u%s%04u%s%04u%s%04u%s%04u%s%04u%s",
- common_data_count_str,
- (unsigned int) strlen(vfs_operation_str),
- vfs_operation_str,
- (unsigned int) strlen(username),
- username,
- (unsigned int) strlen(sidstr),
- sidstr,
- (unsigned int) strlen(service_name),
- service_name,
- (unsigned int)
- strlen(handle->conn->session_info->info->domain_name),
- handle->conn->session_info->info->domain_name,
- (unsigned int) strlen(timestr),
- timestr,
- (unsigned int) strlen(raddr),
- raddr);
-
- talloc_free(common_data_count_str);
-
- /* data blocks depending on the VFS function */
- va_start( ap, count );
- while ( count-- ) {
- arg = va_arg( ap, char * );
- /*
- * protocol v2 sends a four byte string
- * as a header to each block, including
- * the numbers of bytes to come in the
- * next string.
- */
- len = strlen( arg );
- buf = talloc_asprintf_append( buf, "%04u%s", len, arg);
- }
- va_end( ap );
- return buf;
-}
-
-static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
- void *data,
- enum vfs_id vfs_operation )
-{
- struct refcounted_sock *rf_sock = NULL;
- struct timeval tv;
- time_t tv_sec;
- struct tm *tm = NULL;
- int seconds;
- char *str = NULL;
- char *username = NULL;
- char *header = NULL;
- const char *protocol_version = NULL;
- bool Write = false;
- size_t len;
- size_t size;
- char *akey, *output;
-
- /*
- * The state flags are part of the header
- * and are descripted in the protocol description
- * in vfs_smb_traffic_analyzer.h. They begin at byte
- * 03 of the header.
- */
- char state_flags[9] = "000000\0";
-
- /**
- * The first byte of the state flag string represents
- * the modules protocol subversion number, defined
- * in smb_traffic_analyzer.h. smbtatools/smbtad are designed
- * to handle not yet implemented protocol enhancements
- * by ignoring them. By recognizing the SMBTA_SUBRELEASE
- * smbtatools can tell the user to update the client
- * software.
- */
- state_flags[0] = SMBTA_SUBRELEASE;
-
- SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return);
-
- if (rf_sock == NULL || rf_sock->sock == -1) {
- DEBUG(1, ("smb_traffic_analyzer_send_data: socket is "
- "closed\n"));
- return;
- }
-
- GetTimeOfDay(&tv);
- tv_sec = tv.tv_sec;
- tm = localtime(&tv_sec);
- if (!tm) {
- return;
- }
- seconds=(float) (tv.tv_usec / 1000);
-
- /*
- * Check if anonymization is required, and if yes do this only for
- * the username here, needed vor protocol version 1. In v2 we
- * additionally anonymize the SID, which is done in it's marshalling
- * function.
- */
- username = smb_traffic_analyzer_anonymize( talloc_tos(),
- handle->conn->session_info->unix_info->sanitized_username,
- handle);
-
- if (!username) {
- return;
- }
-
- protocol_version = lp_parm_const_string(SNUM(handle->conn),
- "smb_traffic_analyzer",
- "protocol_version", NULL );
-
-
- if (protocol_version != NULL && strcmp(protocol_version,"V1") == 0) {
-
- struct rw_data *s_data = (struct rw_data *) data;
-
- /*
- * in case of protocol v1, ignore any vfs operations
- * except read,pread,write,pwrite, and set the "Write"
- * bool accordingly, send data and return.
- */
- if ( vfs_operation > vfs_id_pwrite ) return;
-
- if ( vfs_operation <= vfs_id_pread ) Write=false;
- else Write=true;
-
- str = talloc_asprintf(talloc_tos(),
- "V1,%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\","
- "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n",
- (unsigned int) s_data->len,
- username,
- handle->conn->session_info->info->domain_name,
- Write ? 'W' : 'R',
- handle->conn->cwd,
- s_data->filename,
- tm->tm_year+1900,
- tm->tm_mon+1,
- tm->tm_mday,
- tm->tm_hour,
- tm->tm_min,
- tm->tm_sec,
- (int)seconds);
- len = strlen(str);
- if (write_data(rf_sock->sock, str, len) != len) {
- DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
- "error sending V1 protocol data to socket!\n"));
- return;
- }
-
- } else {
- /**
- * Protocol 2 is used by default.
- */
-
- switch( vfs_operation ) {
- case vfs_id_open: ;
- str = smb_traffic_analyzer_create_string( talloc_tos(),
- tm, seconds, handle, username, vfs_id_open,
- 3, ((struct open_data *) data)->filename,
- talloc_asprintf( talloc_tos(), "%u",
- (unsigned int)((struct open_data *) data)->mode),
- talloc_asprintf( talloc_tos(), "%u",
- ((struct open_data *) data)->result));
- break;
- case vfs_id_close: ;
- str = smb_traffic_analyzer_create_string( talloc_tos(),
- tm, seconds, handle, username, vfs_id_close,
- 2, ((struct close_data *) data)->filename,
- talloc_asprintf( talloc_tos(), "%u",
- ((struct close_data *) data)->result));
- break;
- case vfs_id_mkdir: ;
- str = smb_traffic_analyzer_create_string( talloc_tos(),
- tm, seconds, handle, username, vfs_id_mkdir, \
- 3, ((struct mkdir_data *) data)->path, \
- talloc_asprintf( talloc_tos(), "%u", \
- (unsigned int)((struct mkdir_data *) data)->mode), \
- talloc_asprintf( talloc_tos(), "%u", \
- ((struct mkdir_data *) data)->result ));
- break;
- case vfs_id_rmdir: ;
- str = smb_traffic_analyzer_create_string( talloc_tos(),
- tm, seconds, handle, username, vfs_id_rmdir,
- 2, ((struct rmdir_data *) data)->path, \
- talloc_asprintf( talloc_tos(), "%u", \
- ((struct rmdir_data *) data)->result ));
- break;
- case vfs_id_rename: ;
- str = smb_traffic_analyzer_create_string( talloc_tos(),
- tm, seconds, handle, username, vfs_id_rename,
- 3, ((struct rename_data *) data)->src, \
- ((struct rename_data *) data)->dst,
- talloc_asprintf(talloc_tos(), "%u", \
- ((struct rename_data *) data)->result));
- break;
- case vfs_id_chdir: ;
- str = smb_traffic_analyzer_create_string( talloc_tos(),
- tm, seconds, handle, username, vfs_id_chdir,
- 2, ((struct chdir_data *) data)->path, \
- talloc_asprintf(talloc_tos(), "%u", \
- ((struct chdir_data *) data)->result));
- break;
-
- case vfs_id_write:
- case vfs_id_pwrite:
- case vfs_id_read:
- case vfs_id_pread: ;
- str = smb_traffic_analyzer_create_string( talloc_tos(),
- tm, seconds, handle, username, vfs_operation,
- 2, ((struct rw_data *) data)->filename, \
- talloc_asprintf(talloc_tos(), "%u", \
- (unsigned int)
- ((struct rw_data *) data)->len));
- break;
- default:
- DEBUG(1, ("smb_traffic_analyzer: error! "
- "wrong VFS operation id detected!\n"));
- return;
- }
-
- }
-
- if (!str) {
- DEBUG(1, ("smb_traffic_analyzer_send_data: "
- "unable to create string to send!\n"));
- return;
- }
-
-
- /*
- * If configured, optain the key and run AES encryption
- * over the data.
- */
- become_root();
- akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
- unbecome_root();
- if ( akey != NULL ) {
- state_flags[2] = 'E';
- DEBUG(10, ("smb_traffic_analyzer_send_data_socket: a key was"
- " found, encrypting data!\n"));
- output = smb_traffic_analyzer_encrypt( talloc_tos(),
- akey, str, &len);
- SAFE_FREE(akey);
- header = smb_traffic_analyzer_create_header( talloc_tos(),
- state_flags, len);
-
- DEBUG(10, ("smb_traffic_analyzer_send_data_socket:"
- " header created for crypted data: %s\n", header));
- smb_traffic_analyzer_write_data(header, output, len,
- rf_sock->sock);
- return;
-
- }
-
- len = strlen(str);
- header = smb_traffic_analyzer_create_header( talloc_tos(),
- state_flags, len);
- smb_traffic_analyzer_write_data(header, str, strlen(str),
- rf_sock->sock);
-
-}
-
-static struct refcounted_sock *sock_list;
-
-static void smb_traffic_analyzer_free_data(void **pptr)
-{
- struct refcounted_sock *rf_sock = *(struct refcounted_sock **)pptr;
- if (rf_sock == NULL) {
- return;
- }
- rf_sock->ref_count--;
- if (rf_sock->ref_count != 0) {
- return;
- }
- if (rf_sock->sock != -1) {
- close(rf_sock->sock);
- }
- DLIST_REMOVE(sock_list, rf_sock);
- TALLOC_FREE(rf_sock);
-}
-
-static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle,
- const char *service,
- const char *user)
-{
- connection_struct *conn = handle->conn;
- enum sock_type st = smb_traffic_analyzer_connMode(handle);
- struct refcounted_sock *rf_sock = NULL;
- const char *name = (st == UNIX_DOMAIN_SOCKET) ? LOCAL_PATHNAME :
- lp_parm_const_string(SNUM(conn),
- "smb_traffic_analyzer",
- "host", "localhost");
- uint16_t port = (st == UNIX_DOMAIN_SOCKET) ? 0 :
- atoi( lp_parm_const_string(SNUM(conn),
- "smb_traffic_analyzer", "port", "9430"));
- int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
-
- if (ret < 0) {
- return ret;
- }
-
- /* Are we already connected ? */
- for (rf_sock = sock_list; rf_sock; rf_sock = rf_sock->next) {
- if (port == rf_sock->port &&
- (strcmp(name, rf_sock->name) == 0)) {
- break;
- }
- }
-
- /* If we're connected already, just increase the
- * reference count. */
- if (rf_sock) {
- rf_sock->ref_count++;
- } else {
- /* New connection. */
- rf_sock = talloc_zero(NULL, struct refcounted_sock);
- if (rf_sock == NULL) {
- SMB_VFS_NEXT_DISCONNECT(handle);
- errno = ENOMEM;
- return -1;
- }
- rf_sock->name = talloc_strdup(rf_sock, name);
- if (rf_sock->name == NULL) {
- SMB_VFS_NEXT_DISCONNECT(handle);
- TALLOC_FREE(rf_sock);
- errno = ENOMEM;
- return -1;
- }
- rf_sock->port = port;
- rf_sock->ref_count = 1;
-
- if (st == UNIX_DOMAIN_SOCKET) {
- rf_sock->sock = smb_traffic_analyzer_connect_unix_socket(handle,
- name);
- } else {
-
- rf_sock->sock = smb_traffic_analyzer_connect_inet_socket(handle,
- name,
- port);
- }
- if (rf_sock->sock == -1) {
- SMB_VFS_NEXT_DISCONNECT(handle);
- TALLOC_FREE(rf_sock);
- return -1;
- }
- DLIST_ADD(sock_list, rf_sock);
- }
-
- /* Store the private data. */
- SMB_VFS_HANDLE_SET_DATA(handle, rf_sock, smb_traffic_analyzer_free_data,
- struct refcounted_sock, return -1);
- return 0;
-}
-
-/* VFS Functions */
-static int smb_traffic_analyzer_chdir(vfs_handle_struct *handle, \
- const char *path)
-{
- struct chdir_data s_data;
- s_data.result = SMB_VFS_NEXT_CHDIR(handle, path);
- s_data.path = path;
- DEBUG(10, ("smb_traffic_analyzer_chdir: CHDIR: %s\n", path));
- smb_traffic_analyzer_send_data(handle, &s_data, vfs_id_chdir);
- return s_data.result;
-}
-
-static int smb_traffic_analyzer_rename(vfs_handle_struct *handle, \
- const struct smb_filename *smb_fname_src,
- const struct smb_filename *smb_fname_dst)
-{
- struct rename_data s_data;
- s_data.result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, \
- smb_fname_dst);
- s_data.src = smb_fname_src->base_name;
- s_data.dst = smb_fname_dst->base_name;
- DEBUG(10, ("smb_traffic_analyzer_rename: RENAME: %s / %s\n",
- smb_fname_src->base_name,
- smb_fname_dst->base_name));
- smb_traffic_analyzer_send_data(handle, &s_data, vfs_id_rename);
- return s_data.result;
-}
-
-static int smb_traffic_analyzer_rmdir(vfs_handle_struct *handle, \
- const char *path)
-{
- struct rmdir_data s_data;
- s_data.result = SMB_VFS_NEXT_RMDIR(handle, path);
- s_data.path = path;
- DEBUG(10, ("smb_traffic_analyzer_rmdir: RMDIR: %s\n", path));
- smb_traffic_analyzer_send_data(handle, &s_data, vfs_id_rmdir);
- return s_data.result;
-}
-
-static int smb_traffic_analyzer_mkdir(vfs_handle_struct *handle, \
- const char *path, mode_t mode)
-{
- struct mkdir_data s_data;
- s_data.result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
- s_data.path = path;
- s_data.mode = mode;
- DEBUG(10, ("smb_traffic_analyzer_mkdir: MKDIR: %s\n", path));
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_mkdir);
- return s_data.result;
-}
-
-static ssize_t smb_traffic_analyzer_sendfile(vfs_handle_struct *handle,
- int tofd,
- files_struct *fromfsp,
- const DATA_BLOB *hdr,
- off_t offset,
- size_t n)
-{
- struct rw_data s_data;
- s_data.len = SMB_VFS_NEXT_SENDFILE(handle,
- tofd, fromfsp, hdr, offset, n);
- s_data.filename = fromfsp->fsp_name->base_name;
- DEBUG(10, ("smb_traffic_analyzer_sendfile: sendfile(r): %s\n",
- fsp_str_dbg(fromfsp)));
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_read);
- return s_data.len;
-}
-
-static ssize_t smb_traffic_analyzer_recvfile(vfs_handle_struct *handle,
- int fromfd,
- files_struct *tofsp,
- off_t offset,
- size_t n)
-{
- struct rw_data s_data;
- s_data.len = SMB_VFS_NEXT_RECVFILE(handle,
- fromfd, tofsp, offset, n);
- s_data.filename = tofsp->fsp_name->base_name;
- DEBUG(10, ("smb_traffic_analyzer_recvfile: recvfile(w): %s\n",
- fsp_str_dbg(tofsp)));
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_write);
- return s_data.len;
-}
-
-
-static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \
- files_struct *fsp, void *data, size_t n)
-{
- struct rw_data s_data;
-
- s_data.len = SMB_VFS_NEXT_READ(handle, fsp, data, n);
- s_data.filename = fsp->fsp_name->base_name;
- DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp_str_dbg(fsp)));
-
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_read);
- return s_data.len;
-}
-
-
-static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \
- files_struct *fsp, void *data, size_t n, off_t offset)
-{
- struct rw_data s_data;
-
- s_data.len = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
- s_data.filename = fsp->fsp_name->base_name;
- DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n",
- fsp_str_dbg(fsp)));
-
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_pread);
-
- return s_data.len;
-}
-
-static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \
- files_struct *fsp, const void *data, size_t n)
-{
- struct rw_data s_data;
-
- s_data.len = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
- s_data.filename = fsp->fsp_name->base_name;
- DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n",
- fsp_str_dbg(fsp)));
-
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_write);
- return s_data.len;
-}
-
-static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \
- files_struct *fsp, const void *data, size_t n, off_t offset)
-{
- struct rw_data s_data;
-
- s_data.len = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
- s_data.filename = fsp->fsp_name->base_name;
- DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", \
- fsp_str_dbg(fsp)));
-
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_pwrite);
- return s_data.len;
-}
-
-static int smb_traffic_analyzer_open(vfs_handle_struct *handle, \
- struct smb_filename *smb_fname, files_struct *fsp,\
- int flags, mode_t mode)
-{
- struct open_data s_data;
-
- s_data.result = SMB_VFS_NEXT_OPEN( handle, smb_fname, fsp,
- flags, mode);
- DEBUG(10,("smb_traffic_analyzer_open: OPEN: %s\n",
- fsp_str_dbg(fsp)));
- s_data.filename = fsp->fsp_name->base_name;
- s_data.mode = mode;
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_open);
- return s_data.result;
-}
-
-static int smb_traffic_analyzer_close(vfs_handle_struct *handle, \
- files_struct *fsp)
-{
- struct close_data s_data;
- s_data.result = SMB_VFS_NEXT_CLOSE(handle, fsp);
- DEBUG(10,("smb_traffic_analyzer_close: CLOSE: %s\n",
- fsp_str_dbg(fsp)));
- s_data.filename = fsp->fsp_name->base_name;
- smb_traffic_analyzer_send_data(handle,
- &s_data,
- vfs_id_close);
- return s_data.result;
-}
-
-
-static struct vfs_fn_pointers vfs_smb_traffic_analyzer_fns = {
- .connect_fn = smb_traffic_analyzer_connect,
- .read_fn = smb_traffic_analyzer_read,
- .pread_fn = smb_traffic_analyzer_pread,
- .write_fn = smb_traffic_analyzer_write,
- .pwrite_fn = smb_traffic_analyzer_pwrite,
- .mkdir_fn = smb_traffic_analyzer_mkdir,
- .rename_fn = smb_traffic_analyzer_rename,
- .chdir_fn = smb_traffic_analyzer_chdir,
- .open_fn = smb_traffic_analyzer_open,
- .rmdir_fn = smb_traffic_analyzer_rmdir,
- .close_fn = smb_traffic_analyzer_close,
- .sendfile_fn = smb_traffic_analyzer_sendfile,
- .recvfile_fn = smb_traffic_analyzer_recvfile
-};
-
-/* Module initialization */
-static_decl_vfs;
-NTSTATUS vfs_smb_traffic_analyzer_init(void)
-{
- NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
- "smb_traffic_analyzer",
- &vfs_smb_traffic_analyzer_fns);
-
- if (!NT_STATUS_IS_OK(ret)) {
- return ret;
- }
-
- vfs_smb_traffic_analyzer_debug_level =
- debug_add_class("smb_traffic_analyzer");
-
- if (vfs_smb_traffic_analyzer_debug_level == -1) {
- vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
- DEBUG(1, ("smb_traffic_analyzer_init: Couldn't register custom"
- "debugging class!\n"));
- } else {
- DEBUG(3, ("smb_traffic_analyzer_init: Debug class number of"
- "'smb_traffic_analyzer': %d\n", \
- vfs_smb_traffic_analyzer_debug_level));
- }
-
- return ret;
-}
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index be1de50..635b780 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -369,14 +369,6 @@ bld.SAMBA3_MODULE('vfs_acl_tdb',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_tdb'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_tdb'))
-bld.SAMBA3_MODULE('vfs_smb_traffic_analyzer',
- subsystem='vfs',
- source='vfs_smb_traffic_analyzer.c',
- deps='samba-util',
- init_function='',
- internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_smb_traffic_analyzer'),
- enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_smb_traffic_analyzer'))
-
bld.SAMBA3_MODULE('vfs_dirsort',
subsystem='vfs',
source='vfs_dirsort.c',
diff --git a/source3/utils/smbta-util.c b/source3/utils/smbta-util.c
deleted file mode 100644
index 7cc0a6e..0000000
--- a/source3/utils/smbta-util.c
+++ /dev/null
@@ -1,211 +0,0 @@
-/*
- smbta-util: tool for controlling encryption with
- vfs_smb_traffic_analyzer
- Copyright (C) 2010 Holger Hetterich <hhetter at novell.com>
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>. */
-
-#include "includes.h"
-#include "secrets.h"
-
-static void delete_key(void);
-
-
-static void help(void)
-{
-printf("-h print this help message.\n");
-printf("-f <file> install the key from a file and activate\n");
-printf(" encryption.\n");
-printf("-g <file> generate a key, save it to a file, and activate encryption.\n");
-printf("-u uninstall a key, and deactivate encryption.\n");
-printf("-c <file> create a file from an installed key.\n");
-printf("-s check if a key is installed, and print the key to stdout.\n");
-printf("\n");
-}
-
-static void check_key(void)
-{ size_t size;
- char *akey;
- if (!secrets_init()) {
- printf("Error opening secrets database.");
- exit(1);
- }
- akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
- if (akey != NULL) {
- printf("A key is installed: %s\n",akey);
- printf("Encryption activated.\n");
- free(akey);
- exit(0);
- } else printf("No key is installed.\n");
- exit(1);
-}
-
-static void create_keyfile(char *filename, char *key)
-{
- FILE *keyfile;
- keyfile = fopen(filename, "w");
- if (keyfile == NULL) {
- printf("error creating the keyfile!\n");
- exit(1);
- }
- fprintf(keyfile, "%s", key);
- fclose(keyfile);
- printf("File '%s' has been created.\n", filename);
-}
-
-/**
- * Load a key from a file. The caller has to free the
- * returned string.
- */
-static void load_key_from_file(char *filename, char *key)
-{
- FILE *keyfile;
- int l;
- keyfile = fopen(filename, "r");
- if (keyfile == NULL) {
- printf("Error opening the keyfile!\n");
- exit(1);
- }
- l = fscanf(keyfile, "%s", key);
- if (l != 1 || strlen(key) != 16) {
- printf("Key file in wrong format\n");
- fclose(keyfile);
- exit(1);
- }
- fclose(keyfile);
-}
-
-static void create_file_from_key(char *filename)
-{
- size_t size;
- char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
- if (akey == NULL) {
- printf("No key is installed! Can't create file.\n");
- exit(1);
- }
- create_keyfile(filename, akey);
- free(akey);
-}
-
-/**
- * Generate a random key. The user has to free the returned
- * string.
- */
-static void generate_key(char *key)
-{
- int f;
- srand( (unsigned)time( NULL ) );
- for ( f = 0; f < 16; f++) {
- *(key+f) = (rand() % 128) +32;
- }
- *(key+16)='\0';
- printf("Random key generated.\n");
-}
-
-static void create_new_key_and_activate( char *filename )
-{
- char key[17] = {0};
-
- if (!secrets_init()) {
- printf("Error opening secrets database.");
- exit(1);
- }
-
- generate_key(key);
- delete_key();
- secrets_store("smb_traffic_analyzer_key", key, strlen(key)+1 );
- printf("Key installed, encryption activated.\n");
- create_file_from_key(filename);
-}
-
-static void delete_key(void)
-{
- size_t size;
- char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
- if (akey != NULL) {
- free(akey);
- secrets_delete("smb_traffic_analyzer_key");
- printf("Removed installed key. Encryption deactivated.\n");
- } else {
- printf("No key is installed.\n");
- }
-}
-
-
-static void load_key_from_file_and_activate( char *filename)
-{
- char key[17] = {0};
- char *akey;
- size_t size;
- load_key_from_file(filename, key);
- printf("Loaded key from %s.\n",filename);
- akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
- if (akey != NULL) {
- printf("Removing the old key.\n");
- delete_key();
- SAFE_FREE(akey);
- }
- printf("Installing the key from file %s\n",filename);
- secrets_store("smb_traffic_analyzer_key", key, strlen(key)+1);
-}
-
-static void process_arguments(int argc, char **argv)
-{
- char co;
- while ((co = getopt(argc, argv, "hf:g:uc:s")) != EOF) {
- switch(co) {
- case 'h':
- help();
- exit(0);
- case 's':
- check_key();
- break;
- case 'g':
- create_new_key_and_activate(optarg);
- break;
- case 'u':
- delete_key();
- break;
- case 'c':
- create_file_from_key(optarg);
- break;
- case 'f':
- load_key_from_file_and_activate(optarg);
- break;
- default:
- help();
- break;
- }
- }
-}
-
-int main(int argc, char **argv)
-{
- sec_init();
- smb_init_locale();
-
- if (!lp_load_initial_only(get_dyn_CONFIGFILE())) {
- fprintf(stderr, "Can't load %s - run testparm to debug it\n",
- get_dyn_CONFIGFILE());
- exit(1);
- }
-
- if (argc == 1) {
- help();
- exit(1);
- }
-
- process_arguments(argc, argv);
- exit(0);
-}
diff --git a/source3/wscript b/source3/wscript
index 2f2c1db..82cb858 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1596,7 +1596,7 @@ main() {
vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2
vfs_readahead vfs_xattr_tdb vfs_posix_eadb
vfs_streams_xattr vfs_streams_depot vfs_acl_xattr vfs_acl_tdb
- vfs_smb_traffic_analyzer vfs_preopen vfs_catia
+ vfs_preopen vfs_catia
vfs_media_harmony vfs_unityed_media vfs_fruit vfs_shell_snap
vfs_commit vfs_worm vfs_crossrename vfs_linux_xfs_sgid
vfs_time_audit vfs_offline
diff --git a/source3/wscript_build b/source3/wscript_build
index e28fe30..4c6390e 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -1187,13 +1187,6 @@ bld.SAMBA3_BINARY('testparm',
param
popt_samba3''')
-bld.SAMBA3_BINARY('smbta-util',
- source='utils/smbta-util.c',
- deps='''
- talloc
- secrets3
- param''')
-
smbstatus_source = 'utils/status.c smbd/notify_msg.c'
if bld.CONFIG_GET("WITH_PROFILE"):
--
1.9.1
More information about the samba-technical
mailing list