summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/modules/vfs_smb_traffic_analyzer.c27
-rw-r--r--source3/modules/vfs_smb_traffic_analyzer.h16
2 files changed, 33 insertions, 10 deletions
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 7d7332e1b9..1718185c35 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -170,19 +170,25 @@ static char *smb_traffic_analyzer_create_string( struct tm *tm, \
/*
* first create the data that is transfered with any VFS op
* These are, in the following order:
- * number of data to come [6 in v2.0]
+ *(0) number of data to come [6 in v2.0]
* 1.vfs_operation identifier
* 2.username
* 3.user-SID
- * 4.affected file + full path
+ * 4.affected share
* 5.domain
* 6.timestamp
*/
- opstr = talloc_asprintf(talloc_tos(), "%i", vfs_operation);
+ /* number of common data blocks to come */
+ opstr = talloc_asprintf(talloc_tos(), "%i", SMBTA_COMMON_DATA_COUNT);
len = strlen(opstr);
buf = talloc_asprintf(talloc_tos(), "%04u%s", len, opstr);
+ /* vfs operation identifier */
+ opstr = talloc_asprintf(talloc_tos(), "%i", vfs_operation);
+ len = strlen(opstr);
+ buf = talloc_asprintf_append(talloc_tos(), "%04u%s", len, opstr);
+
/*
* Handle anonymization. In protocol v2, we have to anonymize
* both the SID and the username.
@@ -215,16 +221,21 @@ static char *smb_traffic_analyzer_create_string( struct tm *tm, \
sidstr = usersid;
}
+ /* username */
len = strlen( userstr );
buf = talloc_asprintf_append(buf, "%04u%s", len, userstr);
+ /* user SID */
len = strlen( sidstr );
buf = talloc_asprintf_append(buf, "%04u%s", len, sidstr);
+ /* affected share */
len = strlen( handle->conn->connectpath );
buf = talloc_asprintf_append( buf, "%04u%s", len, \
handle->conn->connectpath );
+ /* user's domain */
len = strlen( pdb_get_domain(handle->conn->server_info->sam_account) );
buf = talloc_asprintf_append( buf, "%04u%s", len, \
pdb_get_domain(handle->conn->server_info->sam_account) );
+ /* time stamp */
timestr = talloc_asprintf(talloc_tos(), \
"%04d-%02d-%02d %02d:%02d:%02d.%03d", \
tm->tm_year+1900, \
@@ -236,7 +247,8 @@ static char *smb_traffic_analyzer_create_string( struct tm *tm, \
(int)seconds);
len = strlen( timestr );
buf = talloc_asprintf_append( buf, "%04u%s", len, timestr);
-
+
+ /* data blocks depending on the VFS function */
va_start( ap, count );
while ( count-- ) {
arg = va_arg( ap, char * );
@@ -270,6 +282,13 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
const char *protocol_version = NULL;
bool Write = false;
size_t len;
+
+ /*
+ * The state flags are part of the header
+ * and are descripted in the protocol description
+ * in vfs_smb_traffic_analyzer.h. They begin at byte
+ * 03 of the header.
+ */
char state_flags[9] = "000000\0";
SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return);
diff --git a/source3/modules/vfs_smb_traffic_analyzer.h b/source3/modules/vfs_smb_traffic_analyzer.h
index 7a3c358a0e..f3d902754e 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.h
+++ b/source3/modules/vfs_smb_traffic_analyzer.h
@@ -19,12 +19,6 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-
-/*
- * Protocol V2.0 definition
- *
-/
-
/**
* Protocol version 2.0 description
*
@@ -82,6 +76,16 @@
*
*/
+/* Protocol subrelease number */
+#define SMBTA_SUBRELEASE 0
+
+/*
+ * Every data block sends a number of blocks sending common data
+ * we send the number of "common data blocks" to come very first
+ * so that if the receiver is using an older version of the protocol
+ * it knows which blocks it can ignore.
+ */
+#define SMBTA_COMMON_DATA_COUNT 6
/*
* VFS Functions identifier table. In protocol version 2, every vfs