From 56dfc0915c7a461fc53d32e9cbe29460a75c9b26 Mon Sep 17 00:00:00 2001 From: Holger Hetterich Date: Sat, 30 Jan 2010 17:43:50 +0100 Subject: Update the manpage of vfs_smb_traffic_analyzer and add smbta-util. --- docs-xml/manpages-3/smbta-util.8.xml | 119 +++++++++++++++++++ docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml | 126 +++++++++++++++++++-- 2 files changed, 237 insertions(+), 8 deletions(-) create mode 100644 docs-xml/manpages-3/smbta-util.8.xml (limited to 'docs-xml/manpages-3') diff --git a/docs-xml/manpages-3/smbta-util.8.xml b/docs-xml/manpages-3/smbta-util.8.xml new file mode 100644 index 0000000000..094fb9d833 --- /dev/null +++ b/docs-xml/manpages-3/smbta-util.8.xml @@ -0,0 +1,119 @@ + + + + + + smbta-tool + 8 + Samba + System Administration tools + 3.6 + + + + + smbta-tool + control encryption in VFS smb_traffic_analyzer + + + + + + smbta-tool + + + + smbta-tool + + COMMANDS + + + + + + + DESCRIPTION + + This tool is part of the + samba + 1 suite. + + smbta-tool is a tool to ease the + configuration of the vfs_smb_traffic_analyzer module regarding + data encryption. + The user can generate a key, install a key (activating + encryption), or uninstall a key (deactivating encryption). + Any operation that installs a key will create a File containing + the key. This file can be used by smbta-tool on other machines + to install the same key from the file. + + + + + + + COMMANDS + + + + + + Show a short help text on the command line. + + + + + + KEYFILE + Open an existing keyfile, read the key from + the file, and install the key, activating encryption. + + + + + + KEYFILE + Generate a new random key, install the key, + activate encryption, and store the key into the file KEYFILE. + + + + + + Uninstall the key, deactivating encryption. + + + + + + Check if a key is installed. + + + + + + KEYFILE + Create a KEYFILE from an installed key. + + + + + + + + + VERSION + This man page is correct for version 3.4 of the Samba suite. + + + + AUTHOR + The original version of smbta-util was created by Holger Hetterich. + + The original Samba software and related utilities were + created by Andrew Tridgell. Samba is now developed by the + Samba Team as an Open Source project similar to the way the + Linux kernel is developed. + + + diff --git a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml index 36b61a98f9..882ee6af3f 100644 --- a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml +++ b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml @@ -31,14 +31,27 @@ 7 suite. The vfs_smb_traffic_analyzer VFS module logs - client write and read operations on a Samba server and sends this data - over a socket to a helper program, which feeds a SQL database. More + client file operations on a Samba server and sends this data + over a socket to a helper program (in the following the "Receiver"), + which feeds a SQL database. More information on the helper programs can be obtained from the homepage of the project at: http://holger123.wordpress.com/smb-traffic-analyzer/ + Since the VFS module depends on a receiver that is doing something with + the data, it is evolving in it's development. Therefore, the module + works with different protocol versions, and the receiver has to be able + to decode the protocol that is used. The protocol version 1 was + introduced to Samba at September 25, 2008. It was a very simple + protocol, supporting only a small list of VFS operations, and had + several drawbacks. The protocol version 2 is a try to solve the + problems version 1 had while at the same time adding new features. - vfs_smb_traffic_analyzer currently is aware - of the following VFS operations: + + + + Protocol version 1 documentation + vfs_smb_traffic_analyzer protocol version 1 is aware + of the following VFS operations: write @@ -72,9 +85,86 @@ + + Drawbacks of protocol version 1 + Several drawbacks have been seen with protocol version 1 over time. + + + + Problematic parsing - + Protocol version 1 uses hyphen and comma to seperate blocks of data. Once there is a + filename with a hyphen, you will run into problems because the receiver decodes the + data in a wrong way. + + + + + Insecure network transfer - + Protocol version 1 sends all it's data as plaintext over the network. + + + + + Limited set of supported VFS operations - + Protocol version 1 supports only four VFS operations. + + + + + No subreleases of the protocol - + Protocol version 1 is fixed on it's version, making it unable to introduce new + features or bugfixes through compatible sub-releases. + + + + + + Version 2 of the protocol + Protocol version 2 is an approach to solve the problems introduced with protcol v1. + From the users perspective, the following changes are most prominent among other enhancements: + + + + + The data from the module may be send encrypted, with a key stored in secrets.tdb. The + Receiver then has to use the same key. The module does AES block encryption over the + data to send. + + + + + The module now can identify itself against the receiver with a sub-release number, where + the receiver may run with a different sub-release number than the module. However, as + long as both run on the V2.x protocol, the receiver will not crash, even if the module + uses features only implemented in the newer subrelease. Ultimativly, if the module uses + a new feature from a newer subrelease, and the receiver runs an older protocol, it is just + ignoring the functionality. Of course it is best to have both the receiver and the module + running the same subrelease of the protocol. + + + + + The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the + data packages in a proper way. + + + + + The module now potientially has the ability to create data on every VFS function. As of + protocol V2.0, there is support for 8 VFS functions, namely write,read,pread,pwrite, + rename,chdir,mkdir and rmdir. Supporting more VFS functions is one of the targets for the + upcoming sub-releases. + + + + + To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS). + + + - OPTIONS + OPTIONS with protocol V1 and V2.x @@ -111,7 +201,8 @@ smb_traffic_analyzer:anonymize_prefix = STRING The module will replace the user names with a prefix - given by STRING and a simple hash number. + given by STRING and a simple hash number. In version 2.x + of the protocol, the users SID will also be anonymized. @@ -125,7 +216,18 @@ smb_traffic_analyzer:anonymize_prefix, without generating an additional hash number. This means that any transfer data will be mapped to a single user, leading to a total - anonymization of user related data. + anonymization of user related data. In version 2.x of the + protocol, the users SID will also be anonymized. + + + + + smb_traffic_analyzer:protocol_version = STRING + + If STRING matches to V1 or is not given at all, the module + will use version 1 of the protocol. If STRING matches to "V2" + the module will use version 2 of the protocol. + @@ -134,6 +236,15 @@ EXAMPLES + Running protocol V2 on share "example_share", using an internet socket. + + + /data/example + smb_traffic_analyzer + V2 + examplehost + 3491 + The module running on share "example_share", using a unix domain socket @@ -183,5 +294,4 @@ The original version of the VFS module and the helper tools were created by Holger Hetterich. - -- cgit