summaryrefslogtreecommitdiff
path: root/source3/modules
AgeCommit message (Collapse)AuthorFilesLines
2010-03-16smb_traffic_analyzer.c: optimize marshalling function and documentHolger Hetterich2-34/+54
Collect all data that is needed, and use only one talloc_asprintf operation to create the string of common data. This simplifies the code a bit and is most probably faster than the old method. Also, #define SMBTA_COMMON_DATA_COUNT as a complete string, speeding things up because we know the value at compile time.
2010-03-16vfs_smb_traffic_analyzer.c: added functionHolger Hetterich1-63/+58
static char *smb_traffic_analyzer_anonymize This takes a lot of code out of the main functions, and makes it a bit simpler. Do the anonymization in a function. Since we already anonymized the username we don't need to do this a second time in the v2 marshalling function.
2010-03-16Simplify the code a bit by creating the functions:Holger Hetterich1-84/+123
smb_traffic_analyzer_encrypt - doing the encryption of a data block, smb_traffic_analyzer_create_header - create the protocol header, smb_traffic_analyzer_write_data - actually write the data to the socket.
2010-03-16Add the number of common data blocks to the protocol.Holger Hetterich2-10/+33
Always send the number of common data blocks first. This way, we can make the protocol backwards compatible. A receiver running with an older subprotocol can just ignore if a newer sender sends more common data. Add a few remarks to the marshalling function. Add two #define lines defining the protocol subrelease number and the number of common data blocks to the header file.
2010-03-16Put all the protocol stuff into a separate header file.Holger Hetterich2-114/+152
All the structures and the vfs function identifier list is required by the receiver. It's therefore very handy to have this in an extra header file.
2010-03-16Add smbta-util to manage the encryption key.Holger Hetterich1-0/+1
This program allows the administrator to enable or disable AES encryption when using vfs_smb_traffic_analyzer. It also generates new keys, stores them to a file, so that the file can be reused on another client or server.
2010-03-16Implement AES encryption of the data block.Holger Hetterich1-13/+33
First try. This runs on 16 bytes long AES block size, and enlarges the data block with 16 bytes, to make sure all bytes are in. The added bytes are filled with '.'. It then creates a header featuring the new length to be send, and finally sends the data block, then returns. This code is untested, as creating the receiver will be my next step. To simplify traffic_analyzer's code, this code should run as a function. It's on the do-to-list.
2010-03-16Implement anonymization for protocol v2.Holger Hetterich1-14/+53
Since we need to care for the SID too, do the anonymization in the marshalling function and anonymize both the username and the SID. Remove the 'A' status flag from the header definition. A listener could see from the unencrypted header if the module is anonymizing or not, which is certainly not wanted.
2010-03-16Make all remarks compatible to the linux kernel coding styleguide.Holger Hetterich1-27/+33
2010-03-16Added an exact description of the V2 protocol.Holger Hetterich1-0/+62
I don't think it should have it's place the man page, because this is developer information.
2010-03-16Move the creation of the header.Holger Hetterich1-11/+37
Since the header block of the protocol contains the number of bytes to come, we always send the header itself unmodified. If we compress or crypt the data we are about to send, the length of the data to send may change. Therefore, we no longer create the header in smb_traffic_analyzer_create_string, but shortly before we send the data. For both cases, encryption and normal, we create our own header, and send it before the actual data. In case of protocol v1, we don't need to create an extra header. Just send the data, and return from the function. Change a debug message to say that the header for crypted data has been created. Add a status flags consisting of 6 bytes to the header. Their function will be descriped in one of the next patches, which is descriping the header in a longer comment. When anonymization and/or encryption is used, set the flags accordingly.
2010-03-16Fetch the SID of the user we are running as and send with the commonHolger Hetterich1-2/+5
data.
2010-03-16Additionally send the vfs function id with the protocol.Holger Hetterich1-7/+11
2010-03-16According to the linux kernel coding styleguide, it's better toHolger Hetterich1-46/+46
align the switch and it's case statements in the same column. This saves us one indentation level.
2010-03-16Don't use typedefs on the VFS function data structures asHolger Hetterich1-27/+27
typedefs are evil according to the linux kernel coding styleguide.
2010-03-16Add read,pread,write,pwrite support to the V2 protocol.Holger Hetterich1-3/+14
2010-03-16Enable AES encryption of the data if a key was found in secrets.tdb.Holger Hetterich1-3/+22
2010-03-16Add rmdir, chdir, and rename as supported VFS functionsHolger Hetterich1-9/+87
2010-03-16The format of data we are sending over the network will be flexible when ↵Holger Hetterich1-4/+74
sending over the network in protocol v2. To be able to do this, we create a new va-list function that is creating the buffer to send. Also it makes it easier for the receiver to parse the data; it sends an initial header containing the full length of the buffer to be send. For the individual strings, it sends sub headers containing the length of the upcoming substring to be send. With the header-data-header-data [..] structure we don't need to quote the sub strings finally enabling having all possible character sets in filenames etc.. In the sending function, implement mkdir to actually send it's data for testing.
2010-03-16Create structs carrying the data of individual VFS functions, and hand those ↵Holger Hetterich1-33/+47
over to the send function, which then casts the void pointer to the struct required by looking at the id. This allows us to return different result data depending on the VFS function that is running. Make the protocol v1 sender compatible to this. Adapt the existing VFS functions to use the new data structures. Make use of the new functionality and extend the mkdir VFS logger function to return the creation mode additionally.
2010-03-16Introduce smb_traffic_analyzer protocol v2.Holger Hetterich1-7/+62
From Holger: Make smb_traffic_analyzer differ the protocol versions to enable the development of version 2 of the protocol. To do this, a new parameter "protocol_version" has been introduced, which can be set to "V1", "V2", or nothing. If protocol_version is not set, V1 will be chosen automatically. Created an enum for identifying VFS functions in the upcoming protocol v2. Converted the existing VFS functions to use the identifier, and set the read/write bool used in protocol v1 accordingly, also ignore any other VFS functions except read/write/pread/pwrite in v1. Added a first new VFS function for mkdir, which I use for testing and implementing both the sender and receiver for v2.
2010-03-15Remove the bool admin_user from conn struct. We no longer look at this to ↵Jeremy Allison1-1/+0
make access decisions. Jeremy.
2010-03-15Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison1-1/+1
"current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
2010-03-15Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison1-1/+1
struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
2010-03-12Missed a couple more uses of conn->server_info->ptok that need to be ↵Jeremy Allison1-7/+9
get_current_nttok(conn) Centralize the root check into smb1_file_se_access_check() so this is used by modules/vfs_acl_common.c also. Jeremy.
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison1-1/+1
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2010-03-10vfs_netatalk: Segfault if hide files or veto files has no ".AppleDouble"SATOH Fumiyasu1-1/+1
2010-03-08s3: add vfs_crossrenameBjörn Jacke1-0/+200
this module adds optional server-side support for limited rename operations beyond filesystem boundaries, which was the previously the default.
2010-03-08s3: remove cross-device rename support from vfs_defaultBjörn Jacke1-116/+0
cross-device rename support has some major limitations: - on huge files clients will timeout or hang - ACLs and EA information is not retained Usually a client will have to handle this. A Windows Server with a reparse point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by default do the same. I will add a vfs module which will restore the old cross-device renames.
2010-03-05Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.Jeremy Allison5-10/+24
Ensure we don't use any of the create_options for Samba private use. Add a new parameter to the VFS_CREATE call (private_flags) which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code). Rev. the VFS interface to version 28. Jeremy.
2010-03-02s3:vfs_aixacl2: add missing semicolonBjörn Jacke1-1/+1
fixes #7197. Thanks to William Jojo for the correction.
2010-02-28s3: vfs_full_audit.c: implement negated vfs_ops in the success/failure listHolger Hetterich1-24/+31
Supports negated arguments in configuration like: full_audit:success = all !readdir !telldir !closedir Update the manpage accordingly. Part of BSO#4025
2010-02-18s3-modules: fix get_acl_blob in the acl_tdb VFS module.Günther Deschner1-1/+1
Shuttle-reviewed by jra :) Guenther
2010-02-14s3-vfs: use TYPESAFE_QSORT() in s3 VFS modulesAndrew Tridgell2-8/+6
2010-02-10Fix bad use when freeing linked list. Todd Stecher (Original author) please ↵Jeremy Allison1-6/+8
check ! Jeremy.
2010-02-10s3-perfcount: update to use new DLIST macrosAndrew Tridgell2-3/+2
(cherry picked from commit a13b507f2d8be7f90c8872094cd0732926a6fcbb)
2010-02-09vfs_catia: fix return type warningsBjörn Jacke1-2/+2
2010-02-08Fix bug #6876 for acl_tdb module.Jeremy Allison1-2/+1
As pointed out by bj@sernet.de, the rmdir module initializer was duplicated. Fix this properly. Jeremy.
2010-02-07s3: fix build issue on Tru64Björn Jacke1-7/+7
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it to acltype. This fixes #7103.
2010-02-04Fix bug 7075 - bug in vfs_scannedonly rmdir implementation.Jeremy Allison1-1/+5
Check for NULL on opendir, correctly call next rmdir. Jeremy.
2010-02-04s3:vfs_scannedonly: fix build on HP-UXBjörn Jacke1-0/+6
2010-02-03s3: Simplify the code a bit: Catch (len==0) earlyVolker Lendecke1-7/+4
2010-02-02Fix bug 7081 - vfs_expand_msdfs doesn't work correctly (with fix identified)Jeremy Allison1-3/+16
Fix inspired by idea from Eric Horst <erich@cac.washington.edu>. Jeremy.
2010-01-29AIX doesn't have MSG_DONTWAITolivier1-1/+1
2010-01-21Add localtime parameter to shadow_copy2.Ed Plese1-0/+22
2010-01-21Add format parameter to shadow_copy2.Ed Plese1-11/+73
2010-01-21Add sort parameter to shadow_copy2.Ed Plese1-0/+62
2010-01-16Modification of fix for bug 6876 - Delete of an object whose parent folder ↵Jeremy Allison1-8/+5
does not have delete rights fails even if the delete right is set on the object Suggested by Volker. Reduce the surface area of the become_root() unbecome_root() code to reduce the chance of errors. Jeremy.
2010-01-14Part 4 of bug #7028 - include scannedonly VFS moduleOlivier Sessink1-13/+8
Fix some issues with handling names ending in '/'.
2010-01-12Fix bug #7034 - vfs_cap causes signal 11 (SIGSEGV)SASAJIMA Toshihiro1-1/+2