diff options
Diffstat (limited to 'source3/modules')
-rw-r--r-- | source3/modules/vfs_smb_traffic_analyzer.c | 27 | ||||
-rw-r--r-- | source3/modules/vfs_smb_traffic_analyzer.h | 16 |
2 files changed, 33 insertions, 10 deletions
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 7d7332e1b9..1718185c35 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -170,19 +170,25 @@ static char *smb_traffic_analyzer_create_string( struct tm *tm, \ /* * first create the data that is transfered with any VFS op * These are, in the following order: - * number of data to come [6 in v2.0] + *(0) number of data to come [6 in v2.0] * 1.vfs_operation identifier * 2.username * 3.user-SID - * 4.affected file + full path + * 4.affected share * 5.domain * 6.timestamp */ - opstr = talloc_asprintf(talloc_tos(), "%i", vfs_operation); + /* number of common data blocks to come */ + opstr = talloc_asprintf(talloc_tos(), "%i", SMBTA_COMMON_DATA_COUNT); len = strlen(opstr); buf = talloc_asprintf(talloc_tos(), "%04u%s", len, opstr); + /* vfs operation identifier */ + opstr = talloc_asprintf(talloc_tos(), "%i", vfs_operation); + len = strlen(opstr); + buf = talloc_asprintf_append(talloc_tos(), "%04u%s", len, opstr); + /* * Handle anonymization. In protocol v2, we have to anonymize * both the SID and the username. @@ -215,16 +221,21 @@ static char *smb_traffic_analyzer_create_string( struct tm *tm, \ sidstr = usersid; } + /* username */ len = strlen( userstr ); buf = talloc_asprintf_append(buf, "%04u%s", len, userstr); + /* user SID */ len = strlen( sidstr ); buf = talloc_asprintf_append(buf, "%04u%s", len, sidstr); + /* affected share */ len = strlen( handle->conn->connectpath ); buf = talloc_asprintf_append( buf, "%04u%s", len, \ handle->conn->connectpath ); + /* user's domain */ len = strlen( pdb_get_domain(handle->conn->server_info->sam_account) ); buf = talloc_asprintf_append( buf, "%04u%s", len, \ pdb_get_domain(handle->conn->server_info->sam_account) ); + /* time stamp */ timestr = talloc_asprintf(talloc_tos(), \ "%04d-%02d-%02d %02d:%02d:%02d.%03d", \ tm->tm_year+1900, \ @@ -236,7 +247,8 @@ static char *smb_traffic_analyzer_create_string( struct tm *tm, \ (int)seconds); len = strlen( timestr ); buf = talloc_asprintf_append( buf, "%04u%s", len, timestr); - + + /* data blocks depending on the VFS function */ va_start( ap, count ); while ( count-- ) { arg = va_arg( ap, char * ); @@ -270,6 +282,13 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, const char *protocol_version = NULL; bool Write = false; size_t len; + + /* + * The state flags are part of the header + * and are descripted in the protocol description + * in vfs_smb_traffic_analyzer.h. They begin at byte + * 03 of the header. + */ char state_flags[9] = "000000\0"; SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return); diff --git a/source3/modules/vfs_smb_traffic_analyzer.h b/source3/modules/vfs_smb_traffic_analyzer.h index 7a3c358a0e..f3d902754e 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.h +++ b/source3/modules/vfs_smb_traffic_analyzer.h @@ -19,12 +19,6 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ - -/* - * Protocol V2.0 definition - * -/ - /** * Protocol version 2.0 description * @@ -82,6 +76,16 @@ * */ +/* Protocol subrelease number */ +#define SMBTA_SUBRELEASE 0 + +/* + * Every data block sends a number of blocks sending common data + * we send the number of "common data blocks" to come very first + * so that if the receiver is using an older version of the protocol + * it knows which blocks it can ignore. + */ +#define SMBTA_COMMON_DATA_COUNT 6 /* * VFS Functions identifier table. In protocol version 2, every vfs |