Age | Commit message (Collapse) | Author | Files | Lines |
|
static char *smb_traffic_analyzer_anonymize
This takes a lot of code out of the main functions,
and makes it a bit simpler. Do the anonymization in a function.
Since we already anonymized the username we don't need to do
this a second time in the v2 marshalling function.
|
|
smb_traffic_analyzer_encrypt - doing the encryption of a data block,
smb_traffic_analyzer_create_header - create the protocol header,
smb_traffic_analyzer_write_data - actually write the data to the
socket.
|
|
Always send the number of common data blocks first. This way, we
can make the protocol backwards compatible. A receiver running with
an older subprotocol can just ignore if a newer sender sends more
common data.
Add a few remarks to the marshalling function. Add two #define lines
defining the protocol subrelease number and the number of common
data blocks to the header file.
|
|
All the structures and the vfs function identifier list is required
by the receiver. It's therefore very handy to have this in an extra
header file.
|
|
This program allows the administrator to enable or disable AES
encryption when using vfs_smb_traffic_analyzer. It also generates new
keys, stores them to a file, so that the file can be reused on another
client or server.
|
|
First try. This runs on 16 bytes long AES block size, and enlarges the
data block with 16 bytes, to make sure all bytes are in. The added
bytes are filled with '.'. It then creates a header featuring the new
length to be send, and finally sends the data block, then returns.
This code is untested, as creating the receiver will be my next step.
To simplify traffic_analyzer's code, this code should run as a function.
It's on the do-to-list.
|
|
Since we need to care for the SID too, do the anonymization in the
marshalling function and anonymize both the username and the SID.
Remove the 'A' status flag from the header definition. A listener
could see from the unencrypted header if the module is anonymizing
or not, which is certainly not wanted.
|
|
|
|
I don't think it should have it's place the man page, because this is
developer information.
|
|
Since the header block of the protocol contains the number of bytes to
come, we always send the header itself unmodified.
If we compress or crypt the data we are about to send, the length of the
data to send may change. Therefore, we no longer create the header in
smb_traffic_analyzer_create_string, but shortly before we send the data.
For both cases, encryption and normal, we create our own header, and
send it before the actual data.
In case of protocol v1, we don't need to create an extra header.
Just send the data, and return from the function.
Change a debug message to say that the header for crypted data has
been created.
Add a status flags consisting of 6 bytes to the header. Their function
will be descriped in one of the next patches, which is descriping
the header in a longer comment.
When anonymization and/or encryption is used, set the flags accordingly.
|
|
data.
|
|
|
|
align the switch and it's case statements in the same column.
This saves us one indentation level.
|
|
typedefs are evil according to the linux kernel coding
styleguide.
|
|
|
|
|
|
|
|
sending over the network in protocol v2. To be able to do this, we create a new va-list function that is creating the buffer to send. Also it makes it easier for the receiver to parse the data; it sends an initial header containing the full length of the buffer to be send. For the individual strings, it sends sub headers containing the length of the upcoming substring to be send. With the header-data-header-data [..] structure we don't need to quote the sub strings finally enabling having all possible character sets in filenames etc..
In the sending function, implement mkdir to actually send it's data
for testing.
|
|
over to the send function, which then casts the void pointer to the struct required by looking at the id. This allows us to return different result data depending on the VFS function that is running. Make the protocol v1 sender compatible to this. Adapt the existing VFS functions to use the new data structures. Make use of the new functionality and extend the mkdir VFS logger function to return the creation mode additionally.
|
|
From Holger:
Make smb_traffic_analyzer differ the protocol versions to enable the development of version 2 of the protocol. To do this, a new parameter "protocol_version" has been introduced, which can be set to "V1", "V2", or nothing. If protocol_version is not set, V1 will be chosen automatically.
Created an enum for identifying VFS functions in the upcoming protocol v2. Converted the existing VFS functions to use the identifier, and set the read/write bool used in protocol v1 accordingly, also ignore any other VFS functions except read/write/pread/pwrite in v1. Added a first new VFS function for mkdir, which I use for testing and implementing both the sender and receiver for v2.
|
|
|
|
regkey_open_internal()
Michael
|
|
Michael
|
|
Found by Laurent Gaffie <laurent.gaffie@gmail.com>
Thanks for that,
Volker
|
|
make access decisions.
Jeremy.
|
|
Make ea data checks identical for trans2open and trans2mkdir.
Jeremy.
|
|
We use (uid_t)0 here not sec_initial_uid() as make test uses a single user context.
I will revisit this when all the uid check changes are complete.
Jeremy.
|
|
conn token is uid 0.
This simplifies change_to_user() and removes special processing of the assignments
we pass to set_sec_ctx().
Jeremy.
|
|
Jeremy.
|
|
"current_user.XXX"
Will allow me to replace them with accessor functions.
Jeremy.
|
|
Jeremy.
|
|
it should already be pointing to a token with uid == 0.
Jeremy.
|
|
struct current_user current_user;"."
As requested by Volker, split this into smaller commits.
Jeremy.
|
|
metze
|
|
Guenther
|
|
|
|
First, this immediately gave me the warning that TDB_ERR_NESTING was not
covered and second, this saved 48 bytes in the .o :-)
|
|
|
|
|
|
|
|
This hides the use of talloc_reference from the caller, making it impossible to
wrongly call talloc_free() on the result.
|
|
This removes some dependencies to registry code.
Guenther
|
|
get_current_nttok(conn)
Centralize the root check into smb1_file_se_access_check()
so this is used by modules/vfs_acl_common.c also.
Jeremy.
|
|
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
|
|
A convenience function to increment a DWORD value under a (cluster-wide) lock
|
|
|
|
|
|
|
|
|
|
NULL domain.
Thanks to Marc Muehlfeld <muehlfeld@medizinische-genetik.de>.
Guenther
|