From 6437df7d2ceedeb26be82e050b300ad55839a721 Mon Sep 17 00:00:00 2001
From: Holger Hetterich <hhetter@novell.com>
Date: Fri, 29 Jan 2010 21:34:27 +0100
Subject: Implement AES encryption of the data block.

First try. This runs on 16 bytes long AES block size, and enlarges the
data block with 16 bytes, to make sure all bytes are in. The added
bytes are filled with '.'. It then creates a header featuring the new
length to be send, and finally sends the data block, then returns.

This code is untested, as creating the receiver will be my next step.

To simplify traffic_analyzer's code, this code should run as a function.
It's on the do-to-list.
---
 source3/modules/vfs_smb_traffic_analyzer.c | 46 +++++++++++++++++++++---------
 1 file changed, 33 insertions(+), 13 deletions(-)

(limited to 'source3')

diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index e09b6f34fc..9bc0d2ef73 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -531,34 +531,54 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
 	 * over the data.
 	 */
 	size_t size;
-	char *akey = secrets_fetch("smb_traffic_analyzer_key", &size);
+	become_root();
+	char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
+	unbecome_root();
 	if ( akey != NULL ) {
-		char *crypted;
+		char crypted[18], *filler, *output;
+		int h,d,s1,s2;
 		state_flags[2] = 'E';
-		DEBUG(10, ("smb_traffic_analyzer: a key was found, encrypting "
-			"data!"));
-		AES_KEY *key;
-		samba_AES_set_encrypt_key(akey, 128, key);
-		samba_AES_encrypt( str, crypted, key );
-		len = strlen( crypted );
+		DEBUG(10, ("smb_traffic_analyzer_send_data_socket: a key was"
+			" found, encrypting data!\n"));
+		AES_KEY key;
+		samba_AES_set_encrypt_key(akey, 128, &key);
+		s1 = strlen(str) / 16;
+		s2 = strlen(str) % 16;
+		DEBUG(10, ("smb_traffic_analyzer_send_data_socket: found %i"
+			" blocks, %i missing bytes.\n",
+			s1,s2));
+		filler = talloc_asprintf( talloc_tos(), "................" );
+		for (h = 0; h < s2; h++) {
+			*(filler+h)=*(str+(s1*16)+h);
+		}
+		DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s"
+			" as filling block.\n", filler));
+		output = talloc_array(talloc_tos(), char, (s1*16)+17 );
+		d=0;
+		for (h = 0; h < s1; h++) {
+			samba_AES_encrypt(str+(16*h), crypted, &key);
+			for (d = 0; d<16; d++) output[d+(16*h)]=crypted[d];
+		}
+		samba_AES_encrypt( str+(16*h), filler, &key );
+		for (d = 0;d < 16; d++) output[d+(16*h)]=*(filler+d);
+		len = (s1*16)+16;
 		header = talloc_asprintf( talloc_tos(), "V2.%s%017u",
 						state_flags, len);
 
 		DEBUG(10, ("smb_traffic_analyzer_send_data_socket:"
-			" header created for crypted data: %s", header));
+			" header created for crypted data: %s\n", header));
 		len = strlen(header);
 		if (write_data(rf_sock->sock, header, len) != len) {
 			DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
 						"error sending the header"
 						 " over the socket!\n"));
 		}
-		len = strlen(crypted);
-		if (write_data(rf_sock->sock, crypted, len) != len) {
+		len = (s1*16)+16;
+		if (write_data(rf_sock->sock, output, len) != len) {
 			DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
 				"error sending crypted data to socket!\n"));
-		free( crypted );
-		return ;
 		}
+	return;
 	}
 
         len = strlen(str);
-- 
cgit