1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

71 Commits

Author SHA1 Message Date
Andrew Bartlett
6aa12fcb30 build: Remove SMB_OFF_T, replace with off_t
Now that we always require a 64 bit off_t, we no longer need SMB_OFF_T.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr  6 01:47:43 CEST 2012 on sn-devel-104
2012-04-06 01:47:43 +02:00
Matthieu Patou
9e6675e8d0 s3: improve the code in the AES encryption.
Remove looping replace them by memcpy.

Fix bug #8674 (Buffer overflow in vfs_smb_traffic_analyzer).

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 25 03:12:14 CET 2012 on sn-devel-104
2012-01-25 03:12:14 +01:00
Jeremy Allison
fb235a3be6 s3: Fix bug #8674.
Buffer overflow issue with AES encryption in samba traffic analyzer.
2012-01-25 01:38:06 +01:00
Richard Sharpe
422494a8e6 vfs: Make function pointer names consistent. They all end in _fn
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Mon Dec 12 04:58:40 CET 2011 on sn-devel-104
2011-12-12 04:58:40 +01:00
Andrew Bartlett
128ae06a61 s3-auth use auth_user_info not netr_SamInfo3 in auth3_session_info
This makes auth3_session_info identical to auth_session_info

The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:13 +10:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Andreas Schneider
c0f1c179b9 s3-vfs: Replace client_id in smbta.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2011-07-04 18:28:32 +10:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero()
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
2011-06-09 12:40:08 +02:00
Holger Hetterich
13d20faa1d Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue May 24 21:23:22 CEST 2011 on sn-devel-104
2011-05-24 21:23:22 +02:00
Holger Hetterich
eb57d4719f Make protocol version 2 the default protocol, and only run on version 1 if V1 is explcitly given as a module option.
I haven't received a single line of feedback on protocol v1
for at least 1 1/2 years, whereas protocol v2 has an active
userbase and more people developing around it.

This patch includes a manpage update, describing the new
version handling, as well as documenting the recent changes
making the module transfer the IP address of the client machine
as submitted with
464c69609a.

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 18 21:36:44 CEST 2011 on sn-devel-104
2011-05-18 21:36:44 +02:00
Jeremy Allison
7d6ebe0de7 More const fixes. Remove CONST_DISCARD. 2011-05-06 01:44:07 +02:00
Günther Deschner
c7073f8b54 s3-vfs: rename open function to open_fn.
This should finally fix the AIX build and allow to remove AIX specific ifdefs.

Guenther

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 21 02:01:20 CEST 2011 on sn-devel-104
2011-04-21 02:01:20 +02:00
Holger Hetterich
cf5ed92bb7 SMBTA: make vfs_smb_traffic_analyzer aware of the sendfile and recvfile functionality and store the results as common read/write results. 2011-03-30 18:01:19 -07:00
Günther Deschner
bd471d3004 s3-auth: vfs modules need auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
45364f5e69 s3-vfs: include smbd/smbd.h in vfs modules.
Guenther
2011-03-30 01:13:08 +02:00
Volker Lendecke
7e6030a495 s3: Fix Coverity ID 2226: RESOURCE_LEAK
Holger, please check!
2011-03-27 22:22:11 +02:00
Jelmer Vernooij
59a077d8f5 Fix some types
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-28 23:30:06 +01:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Holger Hetterich
464c69609a vfs_smb_traffic_analyzer shall also transfer the clients IP address.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 19 01:53:18 CET 2011 on sn-devel-104
2011-02-19 01:53:18 +01:00
Andrew Bartlett
2b05ba77b4 s3-auth Rename cryptic 'ptok' to security_token
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.

Adnrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10 06:51:06 +01:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Andrew Bartlett
8c15cf54ae s3-auth Rename NT_USER_TOKEN user_sids -> sids
This is closer to the struct security_token from security.idl
2010-08-31 10:20:14 +10:00
Björn Jacke
a8d8cf00ea vfs_smb_traffic_analyzer: fix off by a second bug
convert_timespec_to_time_t is rounding but here we keep track of milliseconds
here - so we should use plain the tv_sec.
2010-08-30 19:52:10 +02:00
Günther Deschner
0f8e032628 s3-netlogon: remove global include of netlogon.h.
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.

Guenther
2010-08-06 15:46:16 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Günther Deschner
bcd4077be6 s3: remove unused librpc/ndr/sid.c.
Guenther
2010-06-03 01:07:17 +02:00
Holger Hetterich
b81f8b131c s3-vfs: Send the share name instead of the path in smb_traffic_analyzer.
In protocol v2, the name of the service should be sent instead of the
path.

Signed-off-by: Andreas Schneider <asn@samba.org>
2010-06-01 22:10:52 +02:00
Simo Sorce
d9cffc01be s3:auth use info3 in auth_serversupplied_info
Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-28 00:55:53 +02:00
Holger Hetterich
dd895e526c vfs_smb_traffic_analyzer.c: set the len variable when running protocol v1.
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-05-27 10:27:07 +02:00
Holger Hetterich
462322f6e8 s3: vfs_smb_traffic_analyzer.c: remove warnings from developer build
This patch should remove all warnings coming up when compiling
traffic analyzer with configure.developer.

Re-activate the smb_traffic_analyzer_rmdir function by adding it's
vfs_fn_pointer to vfs_smb_traffic_analyzer_fns.

Copy the mode_t used in smb_traffic_analyzer_open to the corresponding
data structure.
2010-03-25 15:12:30 -07:00
Günther Deschner
f48fb0d908 s3-vfs: fix some buildwarnings in traffic analyzer, there are many more.
Holger, please check.

Guenther
2010-03-16 23:03:51 +01:00
Jim McDonough
287304e59e Update copyright 2010-03-16 10:05:38 -04:00
Holger Hetterich
a0e2632e11 s3: vfs_smb_traffic_analyzer.c: add VFS functions for file open and close 2010-03-16 09:52:10 -04:00
Holger Hetterich
f6ae16e318 smb_traffic_analyzer.c: optimize marshalling function and document
Collect all data that is needed, and use only one talloc_asprintf
operation to create the string of common data. This simplifies
the code a bit and is most probably faster than the old method.

Also, #define SMBTA_COMMON_DATA_COUNT as a complete string,
speeding things up because we know the value at compile time.
2010-03-16 09:52:10 -04:00
Holger Hetterich
002193d34b vfs_smb_traffic_analyzer.c: added function
static char *smb_traffic_analyzer_anonymize

This takes a lot of code out of the main functions,
and makes it a bit simpler. Do the anonymization in a function.
Since we already anonymized the username we don't need to do
this a second time in the v2 marshalling function.
2010-03-16 09:52:10 -04:00
Holger Hetterich
c1fb55caa5 Simplify the code a bit by creating the functions:
smb_traffic_analyzer_encrypt - doing the encryption of a data block,
smb_traffic_analyzer_create_header - create the protocol header,
smb_traffic_analyzer_write_data - actually write the data to the
socket.
2010-03-16 09:52:10 -04:00
Holger Hetterich
69d7d6c01a Add the number of common data blocks to the protocol.
Always send the number of common data blocks first. This way, we
can make the protocol backwards compatible. A receiver running with
an older subprotocol can just ignore if a newer sender sends more
common data.

Add a few remarks to the marshalling function. Add two #define lines
defining the protocol subrelease number and the number of common
data blocks to the header file.
2010-03-16 09:52:10 -04:00
Holger Hetterich
4940da2e99 Put all the protocol stuff into a separate header file.
All the structures and the vfs function identifier list is required
by the receiver. It's therefore very handy to have this in an extra
header file.
2010-03-16 09:52:10 -04:00
Holger Hetterich
5b7179d2a3 Add smbta-util to manage the encryption key.
This program allows the administrator to enable or disable AES
encryption when using vfs_smb_traffic_analyzer. It also generates new
keys, stores them to a file, so that the file can be reused on another
client or server.
2010-03-16 09:52:10 -04:00
Holger Hetterich
6437df7d2c Implement AES encryption of the data block.
First try. This runs on 16 bytes long AES block size, and enlarges the
data block with 16 bytes, to make sure all bytes are in. The added
bytes are filled with '.'. It then creates a header featuring the new
length to be send, and finally sends the data block, then returns.

This code is untested, as creating the receiver will be my next step.

To simplify traffic_analyzer's code, this code should run as a function.
It's on the do-to-list.
2010-03-16 09:52:10 -04:00
Holger Hetterich
3f5f2d82bd Implement anonymization for protocol v2.
Since we need to care for the SID too, do the anonymization in the
marshalling function and anonymize both the username and the SID.

Remove the 'A' status flag from the header definition. A listener
could see from the unencrypted header if the module is anonymizing
or not, which is certainly not wanted.
2010-03-16 09:52:09 -04:00
Holger Hetterich
b745730161 Make all remarks compatible to the linux kernel coding styleguide. 2010-03-16 09:52:09 -04:00
Holger Hetterich
81c6b878b1 Added an exact description of the V2 protocol.
I don't think it should have it's place the man page, because this is
developer information.
2010-03-16 09:52:09 -04:00
Holger Hetterich
a45db59480 Move the creation of the header.
Since the header block of the protocol contains the number of bytes to
come, we always send the header itself unmodified.
If we compress or crypt the data we are about to send, the length of the
data to send may change. Therefore, we no longer create the header in
smb_traffic_analyzer_create_string, but shortly before we send the data.
For both cases, encryption and normal, we create our own header, and
send it before the actual data.

In case of protocol v1, we don't need to create an extra header.
Just send the data, and return from the function.
Change a debug message to say that the header for crypted data has
been created.

Add a status flags consisting of 6 bytes to the header. Their function
will be descriped in one of the next patches, which is descriping
the header in a longer comment.
When anonymization and/or encryption is used, set the flags accordingly.
2010-03-16 09:52:09 -04:00
Holger Hetterich
9702dcfa91 Fetch the SID of the user we are running as and send with the common
data.
2010-03-16 09:52:09 -04:00
Holger Hetterich
654cff4cc3 Additionally send the vfs function id with the protocol. 2010-03-16 09:52:09 -04:00
Holger Hetterich
27f4f51d56 According to the linux kernel coding styleguide, it's better to
align the switch and it's case statements in the same column.
This saves us one indentation level.
2010-03-16 09:52:09 -04:00
Holger Hetterich
cdd1906728 Don't use typedefs on the VFS function data structures as
typedefs are evil according to the linux kernel coding
styleguide.
2010-03-16 09:52:09 -04:00
Holger Hetterich
8cb5bac9ee Add read,pread,write,pwrite support to the V2 protocol. 2010-03-16 09:52:09 -04:00
Holger Hetterich
541fb436cc Enable AES encryption of the data if a key was found in secrets.tdb. 2010-03-16 09:52:09 -04:00