summaryrefslogtreecommitdiff
path: root/source3/modules/vfs_smb_traffic_analyzer.c
AgeCommit message (Collapse)AuthorFilesLines
2012-01-25s3: improve the code in the AES encryption.Matthieu Patou1-8/+8
Remove looping replace them by memcpy. Fix bug #8674 (Buffer overflow in vfs_smb_traffic_analyzer). Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 25 03:12:14 CET 2012 on sn-devel-104
2012-01-25s3: Fix bug #8674.Jeremy Allison1-2/+1
Buffer overflow issue with AES encryption in samba traffic analyzer.
2011-12-12vfs: Make function pointer names consistent. They all end in _fnRichard Sharpe1-11/+11
Autobuild-User: Richard Sharpe <sharpe@samba.org> Autobuild-Date: Mon Dec 12 04:58:40 CET 2011 on sn-devel-104
2011-07-20s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_infoAndrew Bartlett1-3/+3
This makes auth3_session_info identical to auth_session_info The logic to convert the info3 to a struct auth_user_info is essentially moved up the stack from the named pipe proxy in source3/rpc_server to create_local_token(). Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-1/+1
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-04s3-vfs: Replace client_id in smbta.Andreas Schneider1-3/+11
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-06-09s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
2011-05-24Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. ↵Holger Hetterich1-0/+11
This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue May 24 21:23:22 CEST 2011 on sn-devel-104
2011-05-18Make protocol version 2 the default protocol, and only run on version 1 if ↵Holger Hetterich1-6/+5
V1 is explcitly given as a module option. I haven't received a single line of feedback on protocol v1 for at least 1 1/2 years, whereas protocol v2 has an active userbase and more people developing around it. This patch includes a manpage update, describing the new version handling, as well as documenting the recent changes making the module transfer the IP address of the client machine as submitted with 464c69609aa7e582f484c1d357b7c6d3eb2bcbe3. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 18 21:36:44 CEST 2011 on sn-devel-104
2011-05-06More const fixes. Remove CONST_DISCARD.Jeremy Allison1-3/+3
2011-04-21s3-vfs: rename open function to open_fn.Günther Deschner1-1/+1
This should finally fix the AIX build and allow to remove AIX specific ifdefs. Guenther Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Apr 21 02:01:20 CEST 2011 on sn-devel-104
2011-03-30SMBTA: make vfs_smb_traffic_analyzer aware of the sendfile and recvfile ↵Holger Hetterich1-1/+41
functionality and store the results as common read/write results.
2011-03-30s3-auth: vfs modules need auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3-vfs: include smbd/smbd.h in vfs modules.Günther Deschner1-0/+1
Guenther
2011-03-27s3: Fix Coverity ID 2226: RESOURCE_LEAKVolker Lendecke1-0/+1
Holger, please check!
2011-02-28Fix some typesJelmer Vernooij1-1/+1
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-5/+5
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-19vfs_smb_traffic_analyzer shall also transfer the clients IP address.Holger Hetterich1-3/+6
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 19 01:53:18 CET 2011 on sn-devel-104
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-1/+1
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-1/+1
This is closer to the struct security_token from security.idl
2010-08-30vfs_smb_traffic_analyzer: fix off by a second bugBjörn Jacke1-1/+1
convert_timespec_to_time_t is rounding but here we keep track of milliseconds here - so we should use plain the tv_sec.
2010-08-06s3-netlogon: remove global include of netlogon.h.Günther Deschner1-0/+1
This reduces precompiled headers by another 4 MB and also slightly speeds up the build. Guenther
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-0/+1
Guenther
2010-06-03s3: remove unused librpc/ndr/sid.c.Günther Deschner1-0/+1
Guenther
2010-06-01s3-vfs: Send the share name instead of the path in smb_traffic_analyzer.Holger Hetterich1-2/+5
In protocol v2, the name of the service should be sent instead of the path. Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-28s3:auth use info3 in auth_serversupplied_infoSimo Sorce1-3/+3
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-27vfs_smb_traffic_analyzer.c: set the len variable when running protocol v1.Holger Hetterich1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-03-25s3: vfs_smb_traffic_analyzer.c: remove warnings from developer buildHolger Hetterich1-14/+16
This patch should remove all warnings coming up when compiling traffic analyzer with configure.developer. Re-activate the smb_traffic_analyzer_rmdir function by adding it's vfs_fn_pointer to vfs_smb_traffic_analyzer_fns. Copy the mode_t used in smb_traffic_analyzer_open to the corresponding data structure.
2010-03-16s3-vfs: fix some buildwarnings in traffic analyzer, there are many more.Günther Deschner1-9/+11
Holger, please check. Guenther
2010-03-16Update copyrightJim McDonough1-1/+1
2010-03-16s3: vfs_smb_traffic_analyzer.c: add VFS functions for file open and closeHolger Hetterich1-1/+51
2010-03-16smb_traffic_analyzer.c: optimize marshalling function and documentHolger Hetterich1-33/+53
Collect all data that is needed, and use only one talloc_asprintf operation to create the string of common data. This simplifies the code a bit and is most probably faster than the old method. Also, #define SMBTA_COMMON_DATA_COUNT as a complete string, speeding things up because we know the value at compile time.
2010-03-16vfs_smb_traffic_analyzer.c: added functionHolger Hetterich1-63/+58
static char *smb_traffic_analyzer_anonymize This takes a lot of code out of the main functions, and makes it a bit simpler. Do the anonymization in a function. Since we already anonymized the username we don't need to do this a second time in the v2 marshalling function.
2010-03-16Simplify the code a bit by creating the functions:Holger Hetterich1-84/+123
smb_traffic_analyzer_encrypt - doing the encryption of a data block, smb_traffic_analyzer_create_header - create the protocol header, smb_traffic_analyzer_write_data - actually write the data to the socket.
2010-03-16Add the number of common data blocks to the protocol.Holger Hetterich1-4/+23
Always send the number of common data blocks first. This way, we can make the protocol backwards compatible. A receiver running with an older subprotocol can just ignore if a newer sender sends more common data. Add a few remarks to the marshalling function. Add two #define lines defining the protocol subrelease number and the number of common data blocks to the header file.
2010-03-16Put all the protocol stuff into a separate header file.Holger Hetterich1-114/+12
All the structures and the vfs function identifier list is required by the receiver. It's therefore very handy to have this in an extra header file.
2010-03-16Add smbta-util to manage the encryption key.Holger Hetterich1-0/+1
This program allows the administrator to enable or disable AES encryption when using vfs_smb_traffic_analyzer. It also generates new keys, stores them to a file, so that the file can be reused on another client or server.
2010-03-16Implement AES encryption of the data block.Holger Hetterich1-13/+33
First try. This runs on 16 bytes long AES block size, and enlarges the data block with 16 bytes, to make sure all bytes are in. The added bytes are filled with '.'. It then creates a header featuring the new length to be send, and finally sends the data block, then returns. This code is untested, as creating the receiver will be my next step. To simplify traffic_analyzer's code, this code should run as a function. It's on the do-to-list.
2010-03-16Implement anonymization for protocol v2.Holger Hetterich1-14/+53
Since we need to care for the SID too, do the anonymization in the marshalling function and anonymize both the username and the SID. Remove the 'A' status flag from the header definition. A listener could see from the unencrypted header if the module is anonymizing or not, which is certainly not wanted.
2010-03-16Make all remarks compatible to the linux kernel coding styleguide.Holger Hetterich1-27/+33
2010-03-16Added an exact description of the V2 protocol.Holger Hetterich1-0/+62
I don't think it should have it's place the man page, because this is developer information.
2010-03-16Move the creation of the header.Holger Hetterich1-11/+37
Since the header block of the protocol contains the number of bytes to come, we always send the header itself unmodified. If we compress or crypt the data we are about to send, the length of the data to send may change. Therefore, we no longer create the header in smb_traffic_analyzer_create_string, but shortly before we send the data. For both cases, encryption and normal, we create our own header, and send it before the actual data. In case of protocol v1, we don't need to create an extra header. Just send the data, and return from the function. Change a debug message to say that the header for crypted data has been created. Add a status flags consisting of 6 bytes to the header. Their function will be descriped in one of the next patches, which is descriping the header in a longer comment. When anonymization and/or encryption is used, set the flags accordingly.
2010-03-16Fetch the SID of the user we are running as and send with the commonHolger Hetterich1-2/+5
data.
2010-03-16Additionally send the vfs function id with the protocol.Holger Hetterich1-7/+11
2010-03-16According to the linux kernel coding styleguide, it's better toHolger Hetterich1-46/+46
align the switch and it's case statements in the same column. This saves us one indentation level.
2010-03-16Don't use typedefs on the VFS function data structures asHolger Hetterich1-27/+27
typedefs are evil according to the linux kernel coding styleguide.
2010-03-16Add read,pread,write,pwrite support to the V2 protocol.Holger Hetterich1-3/+14
2010-03-16Enable AES encryption of the data if a key was found in secrets.tdb.Holger Hetterich1-3/+22
2010-03-16Add rmdir, chdir, and rename as supported VFS functionsHolger Hetterich1-9/+87