From 964fb9f2492964472666cf10973e1abf6df6882c Mon Sep 17 00:00:00 2001 From: Holger Hetterich Date: Wed, 24 Sep 2008 19:01:00 -0400 Subject: SMB traffic analyzer vfs module from Holger Hetterich Used to gather data to feed to a database for live and historical analysis of usage per user, per share, etc. Helper apps to read the data still to come. This one still needs to be made ipv6 enabled (connection is made to the helper app). --- source3/modules/vfs_smb_traffic_analyzer.c | 352 +++++++++++++++++++++++++++++ 1 file changed, 352 insertions(+) create mode 100644 source3/modules/vfs_smb_traffic_analyzer.c (limited to 'source3/modules') diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c new file mode 100644 index 0000000000..4faa041c2f --- /dev/null +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -0,0 +1,352 @@ +/* + * traffic-analyzer VFS module. Measure the smb traffic users create + * on the net. + * + * Copyright (C) Holger Hetterich, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include "includes.h" +#include "safe_string.h" +#include +#include +#include + + +/* abstraction for the send_over_network function */ +#define UNIX_DOMAIN_SOCKET 1 +#define INTERNET_SOCKET 0 + + +/* Prototypes */ + +extern userdom_struct current_user_info; + +static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; + +NTSTATUS init_samba_module(void); + +static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, + files_struct *fsp, const void *data, size_t n); + +static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, + files_struct *fsp, void *data, size_t n); + +static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, + files_struct *fsp, const void *data, size_t n, + SMB_OFF_T offset); + +static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, + files_struct *fsp, void *data, size_t n, SMB_OFF_T offset); + + +/* VFS operations we use */ + +static vfs_op_tuple smb_traffic_analyzer_tuples[] = { + + {SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP} + + }; + + +/* Module initialization */ + +NTSTATUS init_samba_module(void) +{ + NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ + "smb_traffic_analyzer", smb_traffic_analyzer_tuples); + + if (!NT_STATUS_IS_OK(ret)) + return ret; + + vfs_smb_traffic_analyzer_debug_level = + debug_add_class("smb_traffic_analyzer"); + + if (vfs_smb_traffic_analyzer_debug_level == -1) { + vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; + DEBUG(1, ("smb_traffic_analyzer: Couldn't register custom" + "debugging class!\n")); + } else { + DEBUG(3, ("smb_traffic_analyzer: Debug class number of" + "'smb_traffic_analyzer': %d\n", \ + vfs_smb_traffic_analyzer_debug_level)); + } + + return ret; +} + +/* create the timestamp in sqlite compatible format */ +static void get_timestamp( char *String ) +{ + struct timeval tv; + struct timezone tz; + struct tm *tm; + int seconds; + + gettimeofday(&tv, &tz); + tm=localtime(&tv.tv_sec); + seconds=(float) (tv.tv_usec / 1000); + + fstr_sprintf(String,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ + tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, \ + tm->tm_hour, tm->tm_min, tm->tm_sec, (int)seconds); + +} + +static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) +{ + connection_struct *conn = handle->conn; + const char *Mode; + Mode=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer","mode", \ + "internet_socket"); + if (strstr(Mode,"unix_domain_socket")) { + return UNIX_DOMAIN_SOCKET; + } else { + return INTERNET_SOCKET; + } + +} + + + +/* Send data over a internet socket */ +static void smb_traffic_analyzer_send_data_inet_socket( char *String, + vfs_handle_struct *handle, const char *file_name, + bool Write) +{ + /* Create a streaming Socket */ + const char *Hostname; + int sockfd, result; + int port; + struct sockaddr_in their_addr; + struct hostent *hp; + char Sender[200]; + char TimeStamp[200]; + int yes = 1; + connection_struct *conn; + + if ((sockfd=socket(AF_INET, SOCK_STREAM,0)) == -1) { + DEBUG(1, ("unable to create socket, error is %s", + strerror(errno))); + return; + } + if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, \ + sizeof(int)) == -1) { + DEBUG(1, ("unable to set socket options, error is %s", + strerror(errno))); + return; + } + /* get port number, target system from the config parameters */ + conn=handle->conn; + + Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", + "host", "localhost"); + + port = atoi( lp_parm_const_string(SNUM(conn), + "smb_traffic_analyzer", "port", "9430")); + + hp = gethostbyname(Hostname); + if (hp == NULL) { + DEBUG(1, ("smb_traffic_analyzer: Unkown Hostname of" + "target system!\n")); + } + DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," + "Port: %i\n", Hostname, port)); + + their_addr.sin_family = AF_INET; + their_addr.sin_port = htons(port); + their_addr.sin_addr.s_addr = INADDR_ANY; + memset(their_addr.sin_zero, '\0', sizeof(their_addr.sin_zero)); + memcpy(hp->h_addr, &their_addr.sin_addr, hp->h_length); + their_addr.sin_port=htons(port); + result=connect( sockfd, &their_addr, sizeof( struct sockaddr_in)); + if ( result < 0 ) { + DEBUG(1, ("smb_traffic_analyzer: Couldn't connect to inet" + "socket!\n")); + } + safe_strcpy(Sender, String, sizeof(Sender) - 1); + safe_strcat(Sender, ",\"", sizeof(Sender) - 1); + safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + if (Write) + safe_strcat(Sender, "W", sizeof(Sender) - 1); + else + safe_strcat(Sender, "R", sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, file_name, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + get_timestamp(TimeStamp); + safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); + safe_strcat(Sender, "\");", sizeof(Sender) - 1); + DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); + if ( send(sockfd, Sender, strlen(Sender), 0) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer: error sending data to socket!\n")); + return ; + } + + /* one operation, close the socket */ + close(sockfd); +} + + + +/* Send data over a unix domain socket */ +static void smb_traffic_analyzer_send_data_unix_socket( char *String , + vfs_handle_struct *handle, const char *file_name, + bool Write) +{ + /* Create the socket to stad */ + int len, sock; + struct sockaddr_un remote; + char Sender[200]; + char TimeStamp[200]; + DEBUG(7, ("smb_traffic_analyzer: Unix domain socket mode. Using " + "/var/tmp/stadsocket\n")); + if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + DEBUG(1, ("smb_traffic_analyzer: Couldn create socket," + "make sure stad is running!\n")); + } + remote.sun_family = AF_UNIX; + safe_strcpy(remote.sun_path, "/var/tmp/stadsocket", + sizeof(remote.sun_path) - 1); + len=strlen(remote.sun_path) + sizeof(remote.sun_family); + if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer: Could not connect to" + "socket, make sure\nstad is running!\n")); + } + safe_strcpy(Sender, String, sizeof(Sender) - 1); + safe_strcat(Sender, ",\"", sizeof(Sender) - 1); + safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); + safe_strcat(Sender,"\",\"",sizeof(Sender) - 1); + safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + if (Write) + safe_strcat(Sender, "W", sizeof(Sender) - 1); + else + safe_strcat(Sender, "R", sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, file_name, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + get_timestamp(TimeStamp); + safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); + safe_strcat(Sender, "\");", sizeof(Sender) - 1); + + DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); + if ( send(sock, Sender, strlen(Sender), 0) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer: error sending data to" + "socket!\n")); + return; + } + + /* one operation, close the socket */ + close(sock); + + return; +} + +static void smb_traffic_analyzer_send_data( char *Buffer , vfs_handle_struct \ + *handle, char *file_name, bool Write, files_struct *fsp) +{ + + if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { + smb_traffic_analyzer_send_data_unix_socket(Buffer, handle, \ + fsp->fsp_name, Write); + } else { + smb_traffic_analyzer_send_data_inet_socket(Buffer, handle, \ + fsp->fsp_name, Write); + } +} + + + +/* VFS Functions: write, read, pread, pwrite for now */ + +static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ + files_struct *fsp, void *data, size_t n) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_READ(handle, fsp, data, n); + DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer, "%u", (uint) result); + + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + return result; +} + + +static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ + files_struct *fsp, void *data, size_t n, SMB_OFF_T offset) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); + + DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer,"%u", (uint) result); + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + + return result; +} + +static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ + files_struct *fsp, const void *data, size_t n) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); + + DEBUG(10, ("smb_traffic_analyzer: WRITE: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer, "%u", (uint) result); + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, \ + true, fsp ); + return result; +} + +static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ + files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); + + DEBUG(10, ("smb_traffic_analyzer: PWRITE: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer, "%u", (uint) result); + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, true, fsp); + return result; +} + -- cgit From a78ac8a46be3e7c1cf3004b85aa1ec4d0330e5d2 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 24 Sep 2008 20:47:03 -0400 Subject: Fix the new vfs_smb_traffic_analyzer build for static links --- source3/modules/vfs_smb_traffic_analyzer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 4faa041c2f..237859182b 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -36,7 +36,7 @@ extern userdom_struct current_user_info; static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -NTSTATUS init_samba_module(void); +NTSTATUS vfs_smb_traffic_analyzer_init(void); static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, files_struct *fsp, const void *data, size_t n); @@ -71,7 +71,7 @@ static vfs_op_tuple smb_traffic_analyzer_tuples[] = { /* Module initialization */ -NTSTATUS init_samba_module(void) +NTSTATUS vfs_smb_traffic_analyzer_init(void) { NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ "smb_traffic_analyzer", smb_traffic_analyzer_tuples); -- cgit From da6c7aa2a1ff658777d522077430f9bf410d58d3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 25 Sep 2008 12:02:22 -0700 Subject: Use IPv4/v6 independent calls. Change safe_strcpy/cat to strlcpy/cat (this needs changing to talloc_sprintf) and fix file descriptor resource leaks in error paths. Jim and Holger please check ! Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 181 ++++++++++++++++------------- 1 file changed, 97 insertions(+), 84 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 237859182b..9e4cf81638 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -19,11 +19,6 @@ */ #include "includes.h" -#include "safe_string.h" -#include -#include -#include - /* abstraction for the send_over_network function */ #define UNIX_DOMAIN_SOCKET 1 @@ -127,84 +122,99 @@ static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) } - - /* Send data over a internet socket */ static void smb_traffic_analyzer_send_data_inet_socket( char *String, vfs_handle_struct *handle, const char *file_name, bool Write) { - /* Create a streaming Socket */ - const char *Hostname; - int sockfd, result; - int port; - struct sockaddr_in their_addr; - struct hostent *hp; - char Sender[200]; - char TimeStamp[200]; - int yes = 1; - connection_struct *conn; + /* Create a streaming Socket */ + const char *Hostname; + int sockfd = -1; + uint16_t port; + struct addrinfo hints; + struct addrinfo *ailist = NULL; + struct addrinfo *res = NULL; + char Sender[200]; + char TimeStamp[200]; + connection_struct *conn = handle->conn; + int ret; - if ((sockfd=socket(AF_INET, SOCK_STREAM,0)) == -1) { - DEBUG(1, ("unable to create socket, error is %s", - strerror(errno))); - return; - } - if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, \ - sizeof(int)) == -1) { - DEBUG(1, ("unable to set socket options, error is %s", - strerror(errno))); - return; - } /* get port number, target system from the config parameters */ - conn=handle->conn; - Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", - "host", "localhost"); + "host", "localhost"); + + ZERO_STRUCT(hints); + /* By default make sure it supports TCP. */ + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_ADDRCONFIG; + + ret = getaddrinfo(Hostname, + NULL, + &hints, + &ailist); + + if (ret) { + DEBUG(3,("smb_traffic_analyzer_send_data_inet_socket: " + "getaddrinfo failed for name %s [%s]\n", + Hostname, + gai_strerror(ret) )); + return; + } port = atoi( lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", "port", "9430")); - hp = gethostbyname(Hostname); - if (hp == NULL) { - DEBUG(1, ("smb_traffic_analyzer: Unkown Hostname of" - "target system!\n")); - } DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," "Port: %i\n", Hostname, port)); - their_addr.sin_family = AF_INET; - their_addr.sin_port = htons(port); - their_addr.sin_addr.s_addr = INADDR_ANY; - memset(their_addr.sin_zero, '\0', sizeof(their_addr.sin_zero)); - memcpy(hp->h_addr, &their_addr.sin_addr, hp->h_length); - their_addr.sin_port=htons(port); - result=connect( sockfd, &their_addr, sizeof( struct sockaddr_in)); - if ( result < 0 ) { - DEBUG(1, ("smb_traffic_analyzer: Couldn't connect to inet" - "socket!\n")); + for (res = ailist; res; res = res->ai_next) { + struct sockaddr_storage ss; + + if (!res->ai_addr || res->ai_addrlen == 0) { + continue; + } + + ZERO_STRUCT(ss); + memcpy(&ss, res->ai_addr, res->ai_addrlen); + + sockfd = open_socket_out(SOCK_STREAM, &ss, port, 10000); + if (sockfd != -1) { + break; + } + } + + if (ailist) { + freeaddrinfo(ailist); + } + + if (sockfd == -1) { + DEBUG(1, ("smb_traffic_analyzer: unable to create socket, error is %s", + strerror(errno))); + return; } - safe_strcpy(Sender, String, sizeof(Sender) - 1); - safe_strcat(Sender, ",\"", sizeof(Sender) - 1); - safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + + strlcpy(Sender, String, sizeof(Sender)); + strlcat(Sender, ",\"", sizeof(Sender)); + strlcat(Sender, get_current_username(), sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, current_user_info.domain, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); if (Write) - safe_strcat(Sender, "W", sizeof(Sender) - 1); + strlcat(Sender, "W", sizeof(Sender)); else - safe_strcat(Sender, "R", sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, file_name, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, "R", sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, file_name, sizeof(Sender) - 1); + strlcat(Sender, "\",\"", sizeof(Sender) - 1); get_timestamp(TimeStamp); - safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); - safe_strcat(Sender, "\");", sizeof(Sender) - 1); + strlcat(Sender, TimeStamp, sizeof(Sender) - 1); + strlcat(Sender, "\");", sizeof(Sender) - 1); DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); if ( send(sockfd, Sender, strlen(Sender), 0) == -1 ) { DEBUG(1, ("smb_traffic_analyzer: error sending data to socket!\n")); + close(sockfd); return ; } @@ -224,49 +234,53 @@ static void smb_traffic_analyzer_send_data_unix_socket( char *String , struct sockaddr_un remote; char Sender[200]; char TimeStamp[200]; + DEBUG(7, ("smb_traffic_analyzer: Unix domain socket mode. Using " "/var/tmp/stadsocket\n")); + if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { DEBUG(1, ("smb_traffic_analyzer: Couldn create socket," "make sure stad is running!\n")); } remote.sun_family = AF_UNIX; - safe_strcpy(remote.sun_path, "/var/tmp/stadsocket", - sizeof(remote.sun_path) - 1); + strlcpy(remote.sun_path, "/var/tmp/stadsocket", + sizeof(remote.sun_path)); len=strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { DEBUG(1, ("smb_traffic_analyzer: Could not connect to" "socket, make sure\nstad is running!\n")); + close(sock); + return; } - safe_strcpy(Sender, String, sizeof(Sender) - 1); - safe_strcat(Sender, ",\"", sizeof(Sender) - 1); - safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); - safe_strcat(Sender,"\",\"",sizeof(Sender) - 1); - safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcpy(Sender, String, sizeof(Sender)); + strlcat(Sender, ",\"", sizeof(Sender)); + strlcat(Sender, get_current_username(), sizeof(Sender)); + strlcat(Sender,"\",\"",sizeof(Sender)); + strlcat(Sender, current_user_info.domain, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); if (Write) - safe_strcat(Sender, "W", sizeof(Sender) - 1); + strlcat(Sender, "W", sizeof(Sender)); else - safe_strcat(Sender, "R", sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, file_name, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, "R", sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, file_name, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); get_timestamp(TimeStamp); - safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); - safe_strcat(Sender, "\");", sizeof(Sender) - 1); + strlcat(Sender, TimeStamp, sizeof(Sender)); + strlcat(Sender, "\");", sizeof(Sender)); DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); if ( send(sock, Sender, strlen(Sender), 0) == -1 ) { DEBUG(1, ("smb_traffic_analyzer: error sending data to" "socket!\n")); + close(sock); return; } /* one operation, close the socket */ close(sock); - return; } @@ -291,7 +305,7 @@ static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_READ(handle, fsp, data, n); DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); @@ -307,7 +321,7 @@ static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); @@ -323,7 +337,7 @@ static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); @@ -339,7 +353,7 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); @@ -349,4 +363,3 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, true, fsp); return result; } - -- cgit From 321191d5e2ec1eaf22728dcee944e0a250a7725d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 15:13:19 -0700 Subject: Restructure the module so it connects to the remote data sink on connect, and closes the socket on client disconnect. This should make it much more efficient. Store the remote fd in a private data pointer off the handle. Finally we need to remove the fstrings and convert to allocated buffer storage. Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 306 +++++++++++++++-------------- 1 file changed, 156 insertions(+), 150 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 9e4cf81638..cd843e6ad4 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -31,67 +31,8 @@ extern userdom_struct current_user_info; static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -NTSTATUS vfs_smb_traffic_analyzer_init(void); - -static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, - files_struct *fsp, const void *data, size_t n); - -static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, - files_struct *fsp, void *data, size_t n); - -static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, - files_struct *fsp, const void *data, size_t n, - SMB_OFF_T offset); - -static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, - files_struct *fsp, void *data, size_t n, SMB_OFF_T offset); - - -/* VFS operations we use */ - -static vfs_op_tuple smb_traffic_analyzer_tuples[] = { - - {SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP} - - }; - - -/* Module initialization */ - -NTSTATUS vfs_smb_traffic_analyzer_init(void) -{ - NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ - "smb_traffic_analyzer", smb_traffic_analyzer_tuples); - - if (!NT_STATUS_IS_OK(ret)) - return ret; - - vfs_smb_traffic_analyzer_debug_level = - debug_add_class("smb_traffic_analyzer"); - - if (vfs_smb_traffic_analyzer_debug_level == -1) { - vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; - DEBUG(1, ("smb_traffic_analyzer: Couldn't register custom" - "debugging class!\n")); - } else { - DEBUG(3, ("smb_traffic_analyzer: Debug class number of" - "'smb_traffic_analyzer': %d\n", \ - vfs_smb_traffic_analyzer_debug_level)); - } - - return ret; -} - /* create the timestamp in sqlite compatible format */ -static void get_timestamp( char *String ) +static void get_timestamp(fstring str) { struct timeval tv; struct timezone tz; @@ -102,13 +43,13 @@ static void get_timestamp( char *String ) tm=localtime(&tv.tv_sec); seconds=(float) (tv.tv_usec / 1000); - fstr_sprintf(String,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ + fstr_sprintf(str,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, \ tm->tm_hour, tm->tm_min, tm->tm_sec, (int)seconds); } -static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) +static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) { connection_struct *conn = handle->conn; const char *Mode; @@ -122,10 +63,9 @@ static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) } -/* Send data over a internet socket */ -static void smb_traffic_analyzer_send_data_inet_socket( char *String, - vfs_handle_struct *handle, const char *file_name, - bool Write) +/* Connect to an internet socket */ + +static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) { /* Create a streaming Socket */ const char *Hostname; @@ -134,13 +74,11 @@ static void smb_traffic_analyzer_send_data_inet_socket( char *String, struct addrinfo hints; struct addrinfo *ailist = NULL; struct addrinfo *res = NULL; - char Sender[200]; - char TimeStamp[200]; connection_struct *conn = handle->conn; int ret; /* get port number, target system from the config parameters */ - Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", + Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", "host", "localhost"); ZERO_STRUCT(hints); @@ -154,14 +92,14 @@ static void smb_traffic_analyzer_send_data_inet_socket( char *String, &ailist); if (ret) { - DEBUG(3,("smb_traffic_analyzer_send_data_inet_socket: " + DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: " "getaddrinfo failed for name %s [%s]\n", Hostname, gai_strerror(ret) )); - return; + return -1; } - port = atoi( lp_parm_const_string(SNUM(conn), + port = atoi( lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", "port", "9430")); DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," @@ -188,116 +126,129 @@ static void smb_traffic_analyzer_send_data_inet_socket( char *String, } if (sockfd == -1) { - DEBUG(1, ("smb_traffic_analyzer: unable to create socket, error is %s", + DEBUG(1, ("smb_traffic_analyzer: unable to create " + "socket, error is %s", strerror(errno))); - return; + return -1; } - strlcpy(Sender, String, sizeof(Sender)); - strlcat(Sender, ",\"", sizeof(Sender)); - strlcat(Sender, get_current_username(), sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, current_user_info.domain, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - if (Write) - strlcat(Sender, "W", sizeof(Sender)); - else - strlcat(Sender, "R", sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - strlcat(Sender, file_name, sizeof(Sender) - 1); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - get_timestamp(TimeStamp); - strlcat(Sender, TimeStamp, sizeof(Sender) - 1); - strlcat(Sender, "\");", sizeof(Sender) - 1); - DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); - if ( send(sockfd, Sender, strlen(Sender), 0) == -1 ) { - DEBUG(1, ("smb_traffic_analyzer: error sending data to socket!\n")); - close(sockfd); - return ; - } - - /* one operation, close the socket */ - close(sockfd); + return sockfd; } +/* Connect to a unix domain socket */ - -/* Send data over a unix domain socket */ -static void smb_traffic_analyzer_send_data_unix_socket( char *String , - vfs_handle_struct *handle, const char *file_name, - bool Write) +static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) { /* Create the socket to stad */ int len, sock; struct sockaddr_un remote; - char Sender[200]; - char TimeStamp[200]; - DEBUG(7, ("smb_traffic_analyzer: Unix domain socket mode. Using " + DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: " + "Unix domain socket mode. Using " "/var/tmp/stadsocket\n")); if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { - DEBUG(1, ("smb_traffic_analyzer: Couldn create socket," + DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: " + "Couldn't create socket, " "make sure stad is running!\n")); } remote.sun_family = AF_UNIX; - strlcpy(remote.sun_path, "/var/tmp/stadsocket", + strlcpy(remote.sun_path, "/var/tmp/stadsocket", sizeof(remote.sun_path)); len=strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { - DEBUG(1, ("smb_traffic_analyzer: Could not connect to" + DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: " + "Could not connect to " "socket, make sure\nstad is running!\n")); close(sock); + return -1; + } + return sock; +} + +/* Send data over a socket */ + +static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, + char *str, + const char *file_name, + bool Write) +{ + int *psockfd = NULL; + char Sender[200]; + char TimeStamp[200]; + + SMB_VFS_HANDLE_GET_DATA(handle, psockfd, int, return); + + if (psockfd == NULL || *psockfd == -1) { + DEBUG(1, ("smb_traffic_analyzer_send_data: socket is " + "closed\n")); return; } - strlcpy(Sender, String, sizeof(Sender)); + + strlcpy(Sender, str, sizeof(Sender)); strlcat(Sender, ",\"", sizeof(Sender)); strlcat(Sender, get_current_username(), sizeof(Sender)); - strlcat(Sender,"\",\"",sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); strlcat(Sender, current_user_info.domain, sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); - if (Write) + if (Write) strlcat(Sender, "W", sizeof(Sender)); else strlcat(Sender, "R", sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, file_name, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - get_timestamp(TimeStamp); - strlcat(Sender, TimeStamp, sizeof(Sender)); - strlcat(Sender, "\");", sizeof(Sender)); - - DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); - if ( send(sock, Sender, strlen(Sender), 0) == -1 ) { - DEBUG(1, ("smb_traffic_analyzer: error sending data to" - "socket!\n")); - close(sock); - return; + strlcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, file_name, sizeof(Sender) - 1); + strlcat(Sender, "\",\"", sizeof(Sender) - 1); + get_timestamp(TimeStamp); + strlcat(Sender, TimeStamp, sizeof(Sender) - 1); + strlcat(Sender, "\");", sizeof(Sender) - 1); + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n", + Sender)); + if (send(*psockfd, Sender, strlen(Sender), 0) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " + "error sending data to socket!\n")); + return ; } +} - /* one operation, close the socket */ - close(sock); - return; +static void smb_traffic_analyzer_free_data(void **pptr) +{ + int *pfd = *(int **)pptr; + if(!pfd) { + return; + } + if (*pfd != -1) { + close(*pfd); + } + TALLOC_FREE(pfd); } -static void smb_traffic_analyzer_send_data( char *Buffer , vfs_handle_struct \ - *handle, char *file_name, bool Write, files_struct *fsp) +static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle, + const char *service, + const char *user) { + int *pfd = TALLOC_P(handle, int); - if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { - smb_traffic_analyzer_send_data_unix_socket(Buffer, handle, \ - fsp->fsp_name, Write); - } else { - smb_traffic_analyzer_send_data_inet_socket(Buffer, handle, \ - fsp->fsp_name, Write); - } -} + if (!pfd) { + errno = ENOMEM; + return -1; + } + if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { + *pfd = smb_traffic_analyzer_connect_unix_socket(handle); + } else { + *pfd = smb_traffic_analyzer_connect_inet_socket(handle); + } + if (*pfd == -1) { + return -1; + } + /* Store the private data. */ + SMB_VFS_HANDLE_SET_DATA(handle, pfd, smb_traffic_analyzer_free_data, + int, return -1); + return SMB_VFS_NEXT_CONNECT(handle, service, user); +} /* VFS Functions: write, read, pread, pwrite for now */ @@ -308,11 +259,14 @@ static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ fstring Buffer; result = SMB_VFS_NEXT_READ(handle, fsp, data, n); - DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + false); return result; } @@ -325,10 +279,13 @@ static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); - DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer,"%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + false); return result; } @@ -341,11 +298,13 @@ static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); - DEBUG(10, ("smb_traffic_analyzer: WRITE: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, \ - true, fsp ); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + true); return result; } @@ -357,9 +316,56 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); - DEBUG(10, ("smb_traffic_analyzer: PWRITE: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, true, fsp); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + true); return result; } + +/* VFS operations we use */ + +static vfs_op_tuple smb_traffic_analyzer_tuples[] = { + + {SMB_VFS_OP(smb_traffic_analyzer_connect), SMB_VFS_OP_CONNECT, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP} +}; + +/* Module initialization */ + +NTSTATUS vfs_smb_traffic_analyzer_init(void) +{ + NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ + "smb_traffic_analyzer", smb_traffic_analyzer_tuples); + + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + + vfs_smb_traffic_analyzer_debug_level = + debug_add_class("smb_traffic_analyzer"); + + if (vfs_smb_traffic_analyzer_debug_level == -1) { + vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; + DEBUG(1, ("smb_traffic_analyzer_init: Couldn't register custom" + "debugging class!\n")); + } else { + DEBUG(3, ("smb_traffic_analyzer_init: Debug class number of" + "'smb_traffic_analyzer': %d\n", \ + vfs_smb_traffic_analyzer_debug_level)); + } + + return ret; +} -- cgit From 4e6445a0720d7265f0bddff71cd2e17d6b2ac057 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 15:21:58 -0700 Subject: Remove current_user_info - not needed. Jeremy. --- source3/modules/vfs_expand_msdfs.c | 2 +- source3/modules/vfs_smb_traffic_analyzer.c | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index 0d09d213e1..c22ab66e14 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -147,7 +147,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, conn->connectpath, conn->server_info->utok.gid, conn->server_info->sanitized_username, - pdb_get_domain(conn->server_info->sam_account), + pdb_get_domain(handle->conn->server_info->sam_account), targethost); DEBUG(10, ("Expanded targethost to %s\n", targethost)); diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index cd843e6ad4..12c893fae7 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -27,8 +27,6 @@ /* Prototypes */ -extern userdom_struct current_user_info; - static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; /* create the timestamp in sqlite compatible format */ @@ -187,9 +185,9 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, strlcpy(Sender, str, sizeof(Sender)); strlcat(Sender, ",\"", sizeof(Sender)); - strlcat(Sender, get_current_username(), sizeof(Sender)); + strlcat(Sender, handle->conn->server_info->sanitized_username, sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, current_user_info.domain, sizeof(Sender)); + strlcat(Sender, pdb_get_domain(handle->conn->server_info->sam_account), sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); if (Write) strlcat(Sender, "W", sizeof(Sender)); -- cgit From 5d7d18b7e827930018ab30fc5e738b5a5cd90789 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 15:26:26 -0700 Subject: Revert erroneous commit. Jeremy. --- source3/modules/vfs_expand_msdfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index c22ab66e14..0d09d213e1 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -147,7 +147,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, conn->connectpath, conn->server_info->utok.gid, conn->server_info->sanitized_username, - pdb_get_domain(handle->conn->server_info->sam_account), + pdb_get_domain(conn->server_info->sam_account), targethost); DEBUG(10, ("Expanded targethost to %s\n", targethost)); -- cgit From c164ff2be5f9af7cc83e43d8c54b54186444fac0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 16:19:37 -0700 Subject: Convert to allocated strings. Use write_data(), not send as this doesn't correctly deal with EINTR. Jim and Holger please check this still works. Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 100 ++++++++++++----------------- 1 file changed, 42 insertions(+), 58 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 12c893fae7..3925424214 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -24,29 +24,8 @@ #define UNIX_DOMAIN_SOCKET 1 #define INTERNET_SOCKET 0 - -/* Prototypes */ - static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -/* create the timestamp in sqlite compatible format */ -static void get_timestamp(fstring str) -{ - struct timeval tv; - struct timezone tz; - struct tm *tm; - int seconds; - - gettimeofday(&tv, &tz); - tm=localtime(&tv.tv_sec); - seconds=(float) (tv.tv_usec / 1000); - - fstr_sprintf(str,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ - tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, \ - tm->tm_hour, tm->tm_min, tm->tm_sec, (int)seconds); - -} - static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) { connection_struct *conn = handle->conn; @@ -58,7 +37,6 @@ static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) } else { return INTERNET_SOCKET; } - } /* Connect to an internet socket */ @@ -167,13 +145,16 @@ static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) /* Send data over a socket */ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, - char *str, + ssize_t result, const char *file_name, bool Write) { int *psockfd = NULL; - char Sender[200]; - char TimeStamp[200]; + struct timeval tv; + struct tm *tm = NULL; + int seconds; + char *str = NULL; + size_t len; SMB_VFS_HANDLE_GET_DATA(handle, psockfd, int, return); @@ -183,27 +164,39 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, return; } - strlcpy(Sender, str, sizeof(Sender)); - strlcat(Sender, ",\"", sizeof(Sender)); - strlcat(Sender, handle->conn->server_info->sanitized_username, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, pdb_get_domain(handle->conn->server_info->sam_account), sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - if (Write) - strlcat(Sender, "W", sizeof(Sender)); - else - strlcat(Sender, "R", sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - strlcat(Sender, file_name, sizeof(Sender) - 1); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - get_timestamp(TimeStamp); - strlcat(Sender, TimeStamp, sizeof(Sender) - 1); - strlcat(Sender, "\");", sizeof(Sender) - 1); + GetTimeOfDay(&tv); + tm=localtime(&tv.tv_sec); + if (!tm) { + return; + } + seconds=(float) (tv.tv_usec / 1000); + + str = talloc_asprintf(talloc_tos(), + "%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\"," + "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\");", + (unsigned int)result, + handle->conn->server_info->sanitized_username, + pdb_get_domain(handle->conn->server_info->sam_account), + Write ? 'W' : 'R', + handle->conn->connectpath, + file_name, + tm->tm_year+1900, + tm->tm_mon+1, + tm->tm_mday, + tm->tm_hour, + tm->tm_min, + tm->tm_sec, + (int)seconds); + + if (!str) { + return; + } + + len = strlen(str); + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n", - Sender)); - if (send(*psockfd, Sender, strlen(Sender), 0) == -1 ) { + str)); + if (write_data(*psockfd, str, len) != len) { DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " "error sending data to socket!\n")); return ; @@ -254,15 +247,12 @@ static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_READ(handle, fsp, data, n); DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, false); return result; @@ -273,15 +263,13 @@ static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer,"%u", (uint) result); smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, false); @@ -292,15 +280,13 @@ static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer, "%u", (uint) result); smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, true); return result; @@ -310,15 +296,13 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer, "%u", (uint) result); smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, true); return result; -- cgit From 370cbe0060cb2670c7f65100954dac6c63030ca0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 1 Oct 2008 12:50:29 -0700 Subject: Turn the socket connections into a refcounted list - in the common case there'll now only be one socket per smbd. Changed the format of the wire data to (a) include a version number (V1) as the first element. (b) removed the ";)" at the end an replaced it with a "\n". Receiver can change back if needed, and now receiver can just log "as-is" to a text file (making testing easier). Added my (C). Sorry Holger, but I've changed quite a bit now. Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 139 ++++++++++++++++++++--------- 1 file changed, 95 insertions(+), 44 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 3925424214..ff61768495 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -3,6 +3,7 @@ * on the net. * * Copyright (C) Holger Hetterich, 2008 + * Copyright (C) Jeremy Allison, 2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,12 +22,14 @@ #include "includes.h" /* abstraction for the send_over_network function */ -#define UNIX_DOMAIN_SOCKET 1 -#define INTERNET_SOCKET 0 + +enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET}; + +#define LOCAL_PATHNAME "/var/tmp/stadsocket" static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) +static enum sock_type smb_traffic_analyzer_connMode(vfs_handle_struct *handle) { connection_struct *conn = handle->conn; const char *Mode; @@ -41,28 +44,22 @@ static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) /* Connect to an internet socket */ -static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) +static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle, + const char *name, uint16_t port) { /* Create a streaming Socket */ - const char *Hostname; int sockfd = -1; - uint16_t port; struct addrinfo hints; struct addrinfo *ailist = NULL; struct addrinfo *res = NULL; - connection_struct *conn = handle->conn; int ret; - /* get port number, target system from the config parameters */ - Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", - "host", "localhost"); - ZERO_STRUCT(hints); /* By default make sure it supports TCP. */ hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_ADDRCONFIG; - ret = getaddrinfo(Hostname, + ret = getaddrinfo(name, NULL, &hints, &ailist); @@ -70,16 +67,13 @@ static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) if (ret) { DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: " "getaddrinfo failed for name %s [%s]\n", - Hostname, + name, gai_strerror(ret) )); return -1; } - port = atoi( lp_parm_const_string(SNUM(conn), - "smb_traffic_analyzer", "port", "9430")); - DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," - "Port: %i\n", Hostname, port)); + "Port: %i\n", name, port)); for (res = ailist; res; res = res->ai_next) { struct sockaddr_storage ss; @@ -113,15 +107,16 @@ static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) /* Connect to a unix domain socket */ -static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) +static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle, + const char *name) { /* Create the socket to stad */ int len, sock; struct sockaddr_un remote; DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: " - "Unix domain socket mode. Using " - "/var/tmp/stadsocket\n")); + "Unix domain socket mode. Using %s\n", + name )); if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: " @@ -129,7 +124,7 @@ static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) "make sure stad is running!\n")); } remote.sun_family = AF_UNIX; - strlcpy(remote.sun_path, "/var/tmp/stadsocket", + strlcpy(remote.sun_path, name, sizeof(remote.sun_path)); len=strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { @@ -142,6 +137,16 @@ static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) return sock; } +/* Private data allowing shared connection sockets. */ + +struct refcounted_sock { + struct refcounted_sock *next, *prev; + char *name; + uint16_t port; + int sock; + unsigned int ref_count; +}; + /* Send data over a socket */ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, @@ -149,16 +154,16 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, const char *file_name, bool Write) { - int *psockfd = NULL; + struct refcounted_sock *rf_sock = NULL; struct timeval tv; struct tm *tm = NULL; int seconds; char *str = NULL; size_t len; - SMB_VFS_HANDLE_GET_DATA(handle, psockfd, int, return); + SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return); - if (psockfd == NULL || *psockfd == -1) { + if (rf_sock == NULL || rf_sock->sock == -1) { DEBUG(1, ("smb_traffic_analyzer_send_data: socket is " "closed\n")); return; @@ -172,8 +177,8 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, seconds=(float) (tv.tv_usec / 1000); str = talloc_asprintf(talloc_tos(), - "%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\"," - "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\");", + "V1,%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\"," + "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n", (unsigned int)result, handle->conn->server_info->sanitized_username, pdb_get_domain(handle->conn->server_info->sam_account), @@ -196,48 +201,94 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n", str)); - if (write_data(*psockfd, str, len) != len) { + if (write_data(rf_sock->sock, str, len) != len) { DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " "error sending data to socket!\n")); return ; } } +static struct refcounted_sock *sock_list; + static void smb_traffic_analyzer_free_data(void **pptr) { - int *pfd = *(int **)pptr; - if(!pfd) { + struct refcounted_sock *rf_sock = *(struct refcounted_sock **)pptr; + if (rf_sock == NULL) { return; } - if (*pfd != -1) { - close(*pfd); + rf_sock->ref_count--; + if (rf_sock->ref_count != 0) { + return; + } + if (rf_sock->sock != -1) { + close(rf_sock->sock); } - TALLOC_FREE(pfd); + DLIST_REMOVE(sock_list, rf_sock); + TALLOC_FREE(rf_sock); } static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle, const char *service, const char *user) { - int *pfd = TALLOC_P(handle, int); + connection_struct *conn = handle->conn; + enum sock_type st = smb_traffic_analyzer_connMode(handle); + struct refcounted_sock *rf_sock = NULL; + const char *name = (st == UNIX_DOMAIN_SOCKET) ? LOCAL_PATHNAME : + lp_parm_const_string(SNUM(conn), + "smb_traffic_analyzer", + "host", "localhost"); + uint16_t port = (st == UNIX_DOMAIN_SOCKET) ? 0 : + atoi( lp_parm_const_string(SNUM(conn), + "smb_traffic_analyzer", "port", "9430")); - if (!pfd) { - errno = ENOMEM; - return -1; + /* Are we already connected ? */ + for (rf_sock = sock_list; rf_sock; rf_sock = rf_sock->next) { + if (port == rf_sock->port && + (strcmp(name, rf_sock->name) == 0)) { + break; + } } - if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { - *pfd = smb_traffic_analyzer_connect_unix_socket(handle); + /* If we're connected already, just increase the + * reference count. */ + if (rf_sock) { + rf_sock->ref_count++; } else { - *pfd = smb_traffic_analyzer_connect_inet_socket(handle); - } - if (*pfd == -1) { - return -1; + /* New connection. */ + rf_sock = TALLOC_ZERO_P(NULL, struct refcounted_sock); + if (rf_sock == NULL) { + errno = ENOMEM; + return -1; + } + rf_sock->name = talloc_strdup(rf_sock, name); + if (rf_sock->name == NULL) { + TALLOC_FREE(rf_sock); + errno = ENOMEM; + return -1; + } + rf_sock->port = port; + rf_sock->ref_count = 1; + + if (st == UNIX_DOMAIN_SOCKET) { + rf_sock->sock = smb_traffic_analyzer_connect_unix_socket(handle, + name); + } else { + + rf_sock->sock = smb_traffic_analyzer_connect_inet_socket(handle, + name, + port); + } + if (rf_sock->sock == -1) { + TALLOC_FREE(rf_sock); + return -1; + } + DLIST_ADD(sock_list, rf_sock); } /* Store the private data. */ - SMB_VFS_HANDLE_SET_DATA(handle, pfd, smb_traffic_analyzer_free_data, - int, return -1); + SMB_VFS_HANDLE_SET_DATA(handle, rf_sock, smb_traffic_analyzer_free_data, + struct refcounted_sock, return -1); return SMB_VFS_NEXT_CONNECT(handle, service, user); } -- cgit From cde1b09d68e496f8f531336088433e9546b2864d Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 6 Oct 2008 17:09:48 -0700 Subject: Fixed build warning "passing arg from incompatible pointer type" The fix explicitly makes the conversion from timeval to time_t using the existing time utility functions. Compiling modules/vfs_smb_traffic_analyzer.c modules/vfs_smb_traffic_analyzer.c: In function `smb_traffic_analyzer_send_data': modules/vfs_smb_traffic_analyzer.c:173: warning: passing arg 1 of `localtime' from incompatible pointer type --- source3/modules/vfs_smb_traffic_analyzer.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index ff61768495..9b4c1b3e25 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -156,6 +156,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, { struct refcounted_sock *rf_sock = NULL; struct timeval tv; + time_t tv_sec; struct tm *tm = NULL; int seconds; char *str = NULL; @@ -170,7 +171,8 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, } GetTimeOfDay(&tv); - tm=localtime(&tv.tv_sec); + tv_sec = convert_timespec_to_time_t(convert_timeval_to_timespec(tv)); + tm = localtime(&tv_sec); if (!tm) { return; } -- cgit From 2024d87cf5ffa0633225ed189fa48f0f56151e7e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Oct 2008 14:43:42 -0700 Subject: Make map_errno_from_nt_status() a generic call, not just a cli specific one. Remove some unused calls from vfs_acl_xattr. Test for SD's on existing files. Jeremy. --- source3/modules/vfs_acl_xattr.c | 58 +++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 22 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index a2f3477b76..80e44e51fc 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -133,26 +133,6 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, return NT_STATUS_OK; } -static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) -{ - return SMB_VFS_NEXT_MKDIR(handle, path, mode); -} - -static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) -{ - return SMB_VFS_NEXT_RMDIR(handle, path); -} - -static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode) -{ - return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); -} - -static int unlink_acl_xattr(vfs_handle_struct *handle, const char *fname) -{ - return SMB_VFS_NEXT_UNLINK(handle, fname); -} - static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, files_struct *fsp, const char *name, @@ -198,6 +178,42 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, return status; } +static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) +{ + return SMB_VFS_NEXT_MKDIR(handle, path, mode); +} + +/********************************************************************* + * Currently this only works for existing files. Need to work on + * inheritance for new files. +*********************************************************************/ + +static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode) +{ + uint32_t access_granted = 0; + SEC_DESC *pdesc = NULL; + NTSTATUS status = get_nt_acl_xattr_internal(handle, + NULL, + fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &pdesc); + if (NT_STATUS_IS_OK(status)) { + /* See if we can access it. */ + if (!se_access_check(pdesc, + handle->conn->server_info->ptok, + fsp->access_mask, + &access_granted, + &status)) { + errno = map_errno_from_nt_status(status); + return -1; + } + } + + return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); +} + static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) { @@ -312,9 +328,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, static vfs_op_tuple skel_op_tuples[] = { {SMB_VFS_OP(mkdir_acl_xattr), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(rmdir_acl_xattr), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(open_acl_xattr), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(unlink_acl_xattr),SMB_VFS_OP_UNLINK,SMB_VFS_LAYER_TRANSPARENT}, /* NT File ACL operations */ -- cgit From ec5d09dbff94d909f5ef65fb30165672947455b8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Oct 2008 17:50:01 -0700 Subject: Update vfs version as I've added a const to the security_descriptor paramter in fset_nt_acl(). Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules. Jeremy. --- source3/modules/nfs4_acls.c | 10 +++------- source3/modules/vfs_acl_xattr.c | 4 ++-- source3/modules/vfs_afsacl.c | 10 +++++----- source3/modules/vfs_aixacl2.c | 4 ++-- source3/modules/vfs_default.c | 2 +- source3/modules/vfs_full_audit.c | 4 ++-- source3/modules/vfs_gpfs.c | 4 ++-- source3/modules/vfs_zfsacl.c | 4 ++-- 8 files changed, 19 insertions(+), 23 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 9e28db8b39..f1b8cfffce 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -44,10 +44,6 @@ typedef struct _SMB_ACL4_INT_T SMB_ACE4_INT_T *last; } SMB_ACL4_INT_T; -extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); -extern NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, - uint32 security_info_sent, SEC_DESC *psd); - static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *acl) { SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)acl; @@ -518,7 +514,7 @@ static bool smbacl4_fill_ace4( smbacl4_vfs_params *params, uid_t ownerUID, gid_t ownerGID, - SEC_ACE *ace_nt, /* input */ + const SEC_ACE *ace_nt, /* input */ SMB_ACE4PROP_T *ace_v4 /* output */ ) { @@ -650,7 +646,7 @@ static int smbacl4_MergeIgnoreReject( static SMB4ACL_T *smbacl4_win2nfs4( const char *filename, - SEC_ACL *dacl, + const SEC_ACL *dacl, smbacl4_vfs_params *pparams, uid_t ownerUID, gid_t ownerGID @@ -694,7 +690,7 @@ static SMB4ACL_T *smbacl4_win2nfs4( NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd, + const SEC_DESC *psd, set_nfs4acl_native_fn_t set_nfs4_native) { smbacl4_vfs_params params; diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 80e44e51fc..2b3fc2ebb2 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -238,7 +238,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, security_info, ppdesc); } -static NTSTATUS create_acl_blob(SEC_DESC *psd, DATA_BLOB *pblob) +static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; struct security_descriptor_timestamp sd_ts; @@ -307,7 +307,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp, } static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd) + uint32 security_info_sent, const SEC_DESC *psd) { NTSTATUS status; DATA_BLOB blob; diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 9409f3fa20..c78369ac13 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -717,12 +717,12 @@ static bool mappable_sid(const DOM_SID *sid) static bool nt_to_afs_acl(const char *filename, uint32 security_info_sent, - struct security_descriptor *psd, + const struct security_descriptor *psd, uint32 (*nt_to_afs_rights)(const char *filename, const SEC_ACE *ace), struct afs_acl *afs_acl) { - SEC_ACL *dacl; + const SEC_ACL *dacl; int i; /* Currently we *only* look at the dacl */ @@ -737,7 +737,7 @@ static bool nt_to_afs_acl(const char *filename, dacl = psd->dacl; for (i = 0; i < dacl->num_aces; i++) { - SEC_ACE *ace = &(dacl->aces[i]); + const SEC_ACE *ace = &(dacl->aces[i]); const char *dom_name, *name; enum lsa_SidType name_type; char *p; @@ -887,7 +887,7 @@ static void merge_unknown_aces(struct afs_acl *src, struct afs_acl *dst) static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - struct security_descriptor *psd) + const struct security_descriptor *psd) { struct afs_acl old_afs_acl, new_afs_acl; struct afs_acl dir_acl, file_acl; @@ -1040,7 +1040,7 @@ static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle, NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd) + const SEC_DESC *psd) { return afs_set_nt_acl(handle, fsp, security_info_sent, psd); } diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 23c4d88134..a078b9f9f6 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -371,7 +371,7 @@ static bool aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) return True; } -static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { acl_type_t acl_type_info; NTSTATUS result = NT_STATUS_ACCESS_DENIED; @@ -395,7 +395,7 @@ static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_inf return result; } -NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd); } diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 381aa18561..372cdf2d53 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1036,7 +1036,7 @@ static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle, return result; } -static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { NTSTATUS result; diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 1224ec3edb..9fadcd9e0c 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -202,7 +202,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, SEC_DESC **ppdesc); static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd); + const SEC_DESC *psd); static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode); static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, @@ -1582,7 +1582,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd) + const SEC_DESC *psd) { NTSTATUS result; diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 39d2bb6c38..29ea7f0abe 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -365,7 +365,7 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) return True; } -static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { struct gpfs_acl *acl; NTSTATUS result = NT_STATUS_ACCESS_DENIED; @@ -386,7 +386,7 @@ static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_i return result; } -static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd); } diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index e933e47317..3688b2386e 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -166,7 +166,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) */ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - struct security_descriptor *psd) + const struct security_descriptor *psd) { return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd, zfs_process_smbacl); @@ -207,7 +207,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd) + const SEC_DESC *psd) { return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } -- cgit From 859facda89ff3589e87c4cbe1708578769d7c535 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Oct 2008 17:56:32 -0700 Subject: Fix const warning. Jeremy. --- source3/modules/vfs_acl_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 2b3fc2ebb2..4a8f6fec01 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -257,7 +257,7 @@ static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob) xacl.version = 2; xacl.info.sd_ts = &sd_ts; - xacl.info.sd_ts->sd = psd; + xacl.info.sd_ts->sd = CONST_DISCARD(SEC_DESC *, psd); unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); ndr_err = ndr_push_struct_blob( -- cgit From 646df8bec618d78905f83779bf57d96141109d8f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Oct 2008 15:18:25 -0700 Subject: Deal with inheritance from parent directory when setting Windows ACLs. Jeremy. --- source3/modules/vfs_acl_xattr.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3/modules') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 4a8f6fec01..b641195fd7 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -317,6 +317,22 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return status; } + if ((security_info_sent & DACL_SECURITY_INFORMATION) && + psd->dacl != NULL && + (psd->type & (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ))== + (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ) ) { + SEC_DESC *new_psd = NULL; + status = append_parent_acl(fsp, psd, &new_psd); + if (!NT_STATUS_IS_OK(status)) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + psd = new_psd; + } + create_acl_blob(psd, &blob); store_acl_blob(fsp, &blob); -- cgit From 88a58ae0eeb553969c903a94e578375e109ad05a Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 7 Oct 2008 20:16:04 -0700 Subject: Fixed "might be uninitialized" warning --- source3/modules/vfs_acl_xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index b641195fd7..241751c6a6 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -89,7 +89,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, uint8_t *val = NULL; uint8_t *tmp; ssize_t sizeret; - int saved_errno; + int saved_errno = 0; ZERO_STRUCTP(pblob); @@ -277,7 +277,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp, DATA_BLOB *pblob) { int ret; - int saved_errno; + int saved_errno = 0; DEBUG(10,("store_acl_blob: storing blob length %u on file %s\n", (unsigned int)pblob->length, fsp->fsp_name)); -- cgit From 45b359a77f006a366837efa3ad51570942bc4faa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 9 Oct 2008 17:22:59 +0200 Subject: Make use of ZERO_STRUCT (the first memset was actually wrong) --- source3/modules/vfs_gpfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 29ea7f0abe..fa0b4e97a5 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -179,7 +179,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl) "who: %d\n", gace->aceType, gace->aceIFlags, gace->aceFlags, gace->aceMask, gace->aceWho)); - memset(&smbace, 0, sizeof(SMB4ACE_T)); + ZERO_STRUCT(smbace); if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) { smbace.flags |= SMB_ACE4_ID_SPECIAL; switch (gace->aceWho) { @@ -739,7 +739,7 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) if (haveAllowEntry[i]==True) continue; - memset(&ace, 0, sizeof(SMB_ACE4PROP_T)); + ZERO_STRUCT(ace); ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE; ace.flags |= SMB_ACE4_ID_SPECIAL; ace.who.special_id = i; @@ -761,7 +761,7 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) } /* don't add complementary DENY ACEs here */ - memset(&fake_fsp, 0, sizeof(struct files_struct)); + ZERO_STRUCT(fake_fsp); fake_fsp.fsp_name = (char *)path; /* no file_new is needed here */ /* put the acl */ -- cgit From e5692d4cbe70dc4f2aba88db4fa3b68c572c6142 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 9 Oct 2008 09:49:03 -0700 Subject: Remove SEC_ACCESS. It's a uint32_t. Jeremy. --- source3/modules/nfs4_acls.c | 4 ++-- source3/modules/vfs_afsacl.c | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'source3/modules') diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index f1b8cfffce..f411176590 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -221,7 +221,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */ } for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { - SEC_ACCESS mask; + uint32_t mask; DOM_SID sid; SMB_ACE4PROP_T *ace = &aceint->prop; @@ -256,7 +256,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */ DEBUG(10, ("mapped %d to %s\n", ace->who.id, sid_string_dbg(&sid))); - init_sec_access(&mask, ace->aceMask); + mask = ace->aceMask; init_sec_ace(&nt_ace_list[good_aces++], &sid, ace->aceType, mask, ace->aceFlags & 0xf); diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index c78369ac13..8c89d2fd9f 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -592,7 +592,6 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, { SEC_ACE *nt_ace_list; DOM_SID owner_sid, group_sid; - SEC_ACCESS mask; SEC_ACL *psa = NULL; int good_aces; size_t sd_size; @@ -616,7 +615,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, good_aces = 0; while (afs_ace != NULL) { - uint32 nt_rights; + uint32_t nt_rights; uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT; @@ -633,9 +632,8 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, else nt_rights = afs_to_nt_file_rights(afs_ace->rights); - init_sec_access(&mask, nt_rights); init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid), - SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag); + SEC_ACE_TYPE_ACCESS_ALLOWED, nt_rights, flag); afs_ace = afs_ace->next; } -- cgit