diff options
author | Holger Hetterich <hhetter@novell.com> | 2009-12-14 20:43:15 +0100 |
---|---|---|
committer | Jim McDonough <jmcd@samba.org> | 2010-03-16 09:52:09 -0400 |
commit | 541fb436cc3d69c154dcd90d2e6b22c273baa501 (patch) | |
tree | bfb9121ec23a33e1245e6808c683d9dc3c7006f6 | |
parent | 7bff1eabe5af297f115dbe7e815a006bfd78b19e (diff) | |
download | samba-541fb436cc3d69c154dcd90d2e6b22c273baa501.tar.gz samba-541fb436cc3d69c154dcd90d2e6b22c273baa501.tar.bz2 samba-541fb436cc3d69c154dcd90d2e6b22c273baa501.zip |
Enable AES encryption of the data if a key was found in secrets.tdb.
-rw-r--r-- | source3/modules/vfs_smb_traffic_analyzer.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 5af230a9c2..68a4991e0f 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -20,9 +20,9 @@ */ #include "includes.h" +#include "../lib/crypto/crypto.h" /* abstraction for the send_over_network function */ - enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET}; #define LOCAL_PATHNAME "/var/tmp/stadsocket" @@ -400,8 +400,27 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, len = strlen(str); - DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n", - str)); + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: going to send " + "%s\n", str)); + /* If configured, optain the key and run AES encryption */ + /* over the data. */ + size_t size; + char *akey = secrets_fetch("smb_traffic_analyzer_key", &size); + if ( akey != NULL ) { + char *crypted; + DEBUG(10, ("smb_traffic_analyzer: a key was found, encrypting " + "data!")); + AES_KEY *key; + samba_AES_set_encrypt_key(akey, 128, key); + samba_AES_encrypt( str, crypted, key ); + len = strlen( crypted ); + if (write_data(rf_sock->sock, crypted, len) != len) { + DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " + "error sending crypted data to socket!\n")); + free( crypted ); + return ; + } + } if (write_data(rf_sock->sock, str, len) != len) { DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " "error sending data to socket!\n")); |