summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHolger Hetterich <hhetter@novell.com>2009-12-14 20:43:15 +0100
committerJim McDonough <jmcd@samba.org>2010-03-16 09:52:09 -0400
commit541fb436cc3d69c154dcd90d2e6b22c273baa501 (patch)
treebfb9121ec23a33e1245e6808c683d9dc3c7006f6
parent7bff1eabe5af297f115dbe7e815a006bfd78b19e (diff)
downloadsamba-541fb436cc3d69c154dcd90d2e6b22c273baa501.tar.gz
samba-541fb436cc3d69c154dcd90d2e6b22c273baa501.tar.bz2
samba-541fb436cc3d69c154dcd90d2e6b22c273baa501.zip
Enable AES encryption of the data if a key was found in secrets.tdb.
-rw-r--r--source3/modules/vfs_smb_traffic_analyzer.c25
1 files changed, 22 insertions, 3 deletions
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 5af230a9c2..68a4991e0f 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -20,9 +20,9 @@
*/
#include "includes.h"
+#include "../lib/crypto/crypto.h"
/* abstraction for the send_over_network function */
-
enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET};
#define LOCAL_PATHNAME "/var/tmp/stadsocket"
@@ -400,8 +400,27 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
len = strlen(str);
- DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n",
- str));
+ DEBUG(10, ("smb_traffic_analyzer_send_data_socket: going to send "
+ "%s\n", str));
+ /* If configured, optain the key and run AES encryption */
+ /* over the data. */
+ size_t size;
+ char *akey = secrets_fetch("smb_traffic_analyzer_key", &size);
+ if ( akey != NULL ) {
+ char *crypted;
+ DEBUG(10, ("smb_traffic_analyzer: a key was found, encrypting "
+ "data!"));
+ AES_KEY *key;
+ samba_AES_set_encrypt_key(akey, 128, key);
+ samba_AES_encrypt( str, crypted, key );
+ len = strlen( crypted );
+ if (write_data(rf_sock->sock, crypted, len) != len) {
+ DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
+ "error sending crypted data to socket!\n"));
+ free( crypted );
+ return ;
+ }
+ }
if (write_data(rf_sock->sock, str, len) != len) {
DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
"error sending data to socket!\n"));