From 541fb436cc3d69c154dcd90d2e6b22c273baa501 Mon Sep 17 00:00:00 2001
From: Holger Hetterich <hhetter@novell.com>
Date: Mon, 14 Dec 2009 20:43:15 +0100
Subject: Enable AES encryption of the data if a key was found in secrets.tdb.

---
 source3/modules/vfs_smb_traffic_analyzer.c | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 5af230a9c2..68a4991e0f 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -20,9 +20,9 @@
  */
 
 #include "includes.h"
+#include "../lib/crypto/crypto.h"
 
 /* abstraction for the send_over_network function */
-
 enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET};
 
 #define LOCAL_PATHNAME "/var/tmp/stadsocket"
@@ -400,8 +400,27 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
 
 	len = strlen(str);
 
-	DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n",
-			str));
+	DEBUG(10, ("smb_traffic_analyzer_send_data_socket: going to send "
+		"%s\n", str));
+	/* If configured, optain the key and run AES encryption	*/
+	/* over the data.					*/
+	size_t size;
+	char *akey = secrets_fetch("smb_traffic_analyzer_key", &size);
+	if ( akey != NULL ) {
+		char *crypted;
+		DEBUG(10, ("smb_traffic_analyzer: a key was found, encrypting "
+			"data!"));
+		AES_KEY *key;
+		samba_AES_set_encrypt_key(akey, 128, key);
+		samba_AES_encrypt( str, crypted, key );
+		len = strlen( crypted );
+		if (write_data(rf_sock->sock, crypted, len) != len) {
+			DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
+				"error sending crypted data to socket!\n"));
+		free( crypted );
+		return ;
+		}
+	}
 	if (write_data(rf_sock->sock, str, len) != len) {
 		DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
 			"error sending data to socket!\n"));
-- 
cgit