2 * traffic-analyzer VFS module. Measure the smb traffic users create
5 * Copyright (C) Holger Hetterich, 2008
6 * Copyright (C) Jeremy Allison, 2008
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <http://www.gnu.org/licenses/>.
23 #include "../lib/crypto/crypto.h"
24 #include "vfs_smb_traffic_analyzer.h"
26 /* abstraction for the send_over_network function */
27 enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET};
29 #define LOCAL_PATHNAME "/var/tmp/stadsocket"
31 static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
33 static enum sock_type smb_traffic_analyzer_connMode(vfs_handle_struct *handle)
35 connection_struct *conn = handle->conn;
37 Mode=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer","mode", \
39 if (strstr(Mode,"unix_domain_socket")) {
40 return UNIX_DOMAIN_SOCKET;
42 return INTERNET_SOCKET;
47 /* Connect to an internet socket */
48 static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle,
49 const char *name, uint16_t port)
51 /* Create a streaming Socket */
53 struct addrinfo hints;
54 struct addrinfo *ailist = NULL;
55 struct addrinfo *res = NULL;
59 /* By default make sure it supports TCP. */
60 hints.ai_socktype = SOCK_STREAM;
61 hints.ai_flags = AI_ADDRCONFIG;
63 ret = getaddrinfo(name,
69 DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: "
70 "getaddrinfo failed for name %s [%s]\n",
76 DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s,"
77 "Port: %i\n", name, port));
79 for (res = ailist; res; res = res->ai_next) {
80 struct sockaddr_storage ss;
83 if (!res->ai_addr || res->ai_addrlen == 0) {
88 memcpy(&ss, res->ai_addr, res->ai_addrlen);
90 status = open_socket_out(&ss, port, 10000, &sockfd);
91 if (NT_STATUS_IS_OK(status)) {
101 DEBUG(1, ("smb_traffic_analyzer: unable to create "
102 "socket, error is %s",
110 /* Connect to a unix domain socket */
111 static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle,
114 /* Create the socket to stad */
116 struct sockaddr_un remote;
118 DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: "
119 "Unix domain socket mode. Using %s\n",
122 if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
123 DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
124 "Couldn't create socket, "
125 "make sure stad is running!\n"));
128 remote.sun_family = AF_UNIX;
129 strlcpy(remote.sun_path, name,
130 sizeof(remote.sun_path));
131 len=strlen(remote.sun_path) + sizeof(remote.sun_family);
132 if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) {
133 DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
134 "Could not connect to "
135 "socket, make sure\nstad is running!\n"));
142 /* Private data allowing shared connection sockets. */
143 struct refcounted_sock {
144 struct refcounted_sock *next, *prev;
148 unsigned int ref_count;
153 * Encryption of a data block with AES
154 * TALLOC_CTX *ctx Talloc context to work on
155 * const char *akey 128bit key for the encryption
156 * const char *str Data buffer to encrypt, \0 terminated
157 * int *len Will be set to the length of the
158 * resulting data block
159 * The caller has to take care for the memory
160 * allocated on the context.
162 static char *smb_traffic_analyzer_encrypt( TALLOC_CTX *ctx,
163 const char *akey, const char *str, size_t *len)
167 char filler[17]= "................";
170 if (akey == NULL) return NULL;
171 samba_AES_set_encrypt_key(akey, 128, &key);
172 s1 = strlen(str) / 16;
173 s2 = strlen(str) % 16;
174 for (h = 0; h < s2; h++) *(filler+h)=*(str+(s1*16)+h);
175 DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created %s"
176 " as filling block.\n", filler));
177 output = talloc_array(ctx, char, (s1*16)+17 );
179 for (h = 0; h < s1; h++) {
180 samba_AES_encrypt(str+(16*h), crypted, &key);
181 for (d = 0; d<16; d++) output[d+(16*h)]=crypted[d];
183 samba_AES_encrypt( str+(16*h), filler, &key );
184 for (d = 0;d < 16; d++) output[d+(16*h)]=*(filler+d);
190 * Create a v2 header.
191 * TALLLOC_CTX *ctx Talloc context to work on
192 * const char *state_flags State flag string
193 * int len length of the data block
195 static char *smb_traffic_analyzer_create_header( TALLOC_CTX *ctx,
196 const char *state_flags, size_t data_len)
198 char *header = talloc_asprintf( ctx, "V2.%s%017u",
199 state_flags, data_len);
200 DEBUG(10, ("smb_traffic_analyzer_send_data_socket: created Header:\n"));
201 dump_data(10, header, strlen(header));
207 * Actually send header and data over the network
208 * char *header Header data
209 * char *data Data Block
210 * int dlength Length of data block
213 static void smb_traffic_analyzer_write_data( char *header, char *data,
214 int dlength, int socket)
216 int len = strlen(header);
217 if (write_data( socket, header, len) != len) {
218 DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
219 "error sending the header"
220 " over the socket!\n"));
222 DEBUG(10,("smb_traffic_analyzer_write_data: sending data:\n"));
223 dump_data( 10, data, dlength);
225 if (write_data( socket, data, dlength) != dlength) {
226 DEBUG(1, ("smb_traffic_analyzer_write_data: "
227 "error sending crypted data to socket!\n"));
233 * Anonymize a string if required.
234 * TALLOC_CTX *ctx The talloc context to work on
235 * const char *str The string to anonymize
236 * vfs_handle_struct *handle The handle struct to work on
238 * Returns a newly allocated string, either the anonymized one,
239 * or a copy of const char *str. The caller has to take care for
240 * freeing the allocated memory.
242 static char *smb_traffic_analyzer_anonymize( TALLOC_CTX *ctx,
244 vfs_handle_struct *handle )
246 const char *total_anonymization;
247 const char *anon_prefix;
249 total_anonymization=lp_parm_const_string(SNUM(handle->conn),
250 "smb_traffic_analyzer",
251 "total_anonymization", NULL);
253 anon_prefix=lp_parm_const_string(SNUM(handle->conn),
254 "smb_traffic_analyzer",
255 "anonymize_prefix", NULL );
256 if (anon_prefix != NULL) {
257 if (total_anonymization != NULL) {
258 output = talloc_asprintf(ctx, "%s",
261 output = talloc_asprintf(ctx, "%s%i", anon_prefix,
265 output = talloc_asprintf(ctx, "%s", str);
272 /* The marshaller for the protocol version 2. */
273 static char *smb_traffic_analyzer_create_string( TALLOC_CTX *ctx,
274 struct tm *tm, int seconds, vfs_handle_struct *handle, \
275 char *username, int vfs_operation, int count, ... )
283 char *timestr = NULL;
286 char *usersid = NULL;
288 * first create the data that is transfered with any VFS op
289 * These are, in the following order:
290 *(0) number of data to come [6 in v2.0]
291 * 1.vfs_operation identifier
299 /* number of common data blocks to come */
300 opstr = talloc_asprintf( ctx, "%i", SMBTA_COMMON_DATA_COUNT);
302 buf = talloc_asprintf( ctx, "%04u%s", len, opstr);
304 /* vfs operation identifier */
305 opstr = talloc_asprintf( ctx, "%i", vfs_operation);
307 buf = talloc_asprintf_append( buf, "%04u%s", len, opstr);
310 * Handle anonymization. In protocol v2, we have to anonymize
311 * both the SID and the username. The name is already
312 * anonymized if needed, by the calling function.
314 usersid = dom_sid_string( ctx,
315 &handle->conn->server_info->ptok->user_sids[0]);
316 sidstr = smb_traffic_analyzer_anonymize(ctx, usersid, handle);
317 talloc_free(usersid);
319 len = strlen( username );
320 buf = talloc_asprintf_append(buf, "%04u%s", len, username);
322 len = strlen( sidstr );
323 buf = talloc_asprintf_append(buf, "%04u%s", len, sidstr);
326 len = strlen( handle->conn->connectpath );
327 buf = talloc_asprintf_append( buf, "%04u%s", len, \
328 handle->conn->connectpath );
330 len = strlen( pdb_get_domain(handle->conn->server_info->sam_account) );
331 buf = talloc_asprintf_append( buf, "%04u%s", len, \
332 pdb_get_domain(handle->conn->server_info->sam_account) );
334 timestr = talloc_asprintf( ctx, \
335 "%04d-%02d-%02d %02d:%02d:%02d.%03d", \
343 len = strlen( timestr );
344 buf = talloc_asprintf_append( buf, "%04u%s", len, timestr);
345 talloc_free(timestr);
346 /* data blocks depending on the VFS function */
347 va_start( ap, count );
349 arg = va_arg( ap, char * );
351 * protocol v2 sends a four byte string
352 * as a header to each block, including
353 * the numbers of bytes to come in the
357 buf = talloc_asprintf_append( buf, "%04u%s", len, arg);
363 static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
365 enum vfs_id vfs_operation )
367 struct refcounted_sock *rf_sock = NULL;
370 struct tm *tm = NULL;
373 char *username = NULL;
375 const char *protocol_version = NULL;
380 * The state flags are part of the header
381 * and are descripted in the protocol description
382 * in vfs_smb_traffic_analyzer.h. They begin at byte
385 char state_flags[9] = "000000\0";
387 SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return);
389 if (rf_sock == NULL || rf_sock->sock == -1) {
390 DEBUG(1, ("smb_traffic_analyzer_send_data: socket is "
396 tv_sec = convert_timespec_to_time_t(convert_timeval_to_timespec(tv));
397 tm = localtime(&tv_sec);
401 seconds=(float) (tv.tv_usec / 1000);
404 * Check if anonymization is required, and if yes do this only for
405 * the username here, needed vor protocol version 1. In v2 we
406 * additionally anonymize the SID, which is done in it's marshalling
409 username = smb_traffic_analyzer_anonymize( talloc_tos(),
410 handle->conn->server_info->sanitized_username,
417 protocol_version = lp_parm_const_string(SNUM(handle->conn),
418 "smb_traffic_analyzer",
419 "protocol_version", NULL );
422 if ( protocol_version == NULL || strcmp( protocol_version,"V1") == 0) {
424 struct rw_data *s_data = (struct rw_data *) data;
427 * in case of protocol v1, ignore any vfs operations
428 * except read,pread,write,pwrite, and set the "Write"
429 * bool accordingly, send data and return.
431 if ( vfs_operation > vfs_id_pwrite ) return;
433 if ( vfs_operation <= vfs_id_pread ) Write=false;
436 str = talloc_asprintf(talloc_tos(),
437 "V1,%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\","
438 "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n",
439 (unsigned int) s_data->len,
441 pdb_get_domain(handle->conn->server_info->sam_account),
443 handle->conn->connectpath,
452 if (write_data(rf_sock->sock, str, len) != len) {
453 DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
454 "error sending V1 protocol data to socket!\n"));
458 } else if ( strcmp( protocol_version, "V2") == 0) {
460 switch( vfs_operation ) {
462 str = smb_traffic_analyzer_create_string( talloc_tos(),
463 tm, seconds, handle, username, vfs_id_mkdir, \
464 3, ((struct mkdir_data *) data)->path, \
465 talloc_asprintf( talloc_tos(), "%u", \
466 ((struct mkdir_data *) data)->mode), \
467 talloc_asprintf( talloc_tos(), "%u", \
468 ((struct mkdir_data *) data)->result ));
471 str = smb_traffic_analyzer_create_string( talloc_tos(),
472 tm, seconds, handle, username, vfs_id_rmdir,
473 2, ((struct rmdir_data *) data)->path, \
474 talloc_asprintf( talloc_tos(), "%u", \
475 ((struct rmdir_data *) data)->result ));
477 case vfs_id_rename: ;
478 str = smb_traffic_analyzer_create_string( talloc_tos(),
479 tm, seconds, handle, username, vfs_id_rename,
480 3, ((struct rename_data *) data)->src, \
481 ((struct rename_data *) data)->dst,
482 talloc_asprintf(talloc_tos(), "%u", \
483 ((struct rename_data *) data)->result));
486 str = smb_traffic_analyzer_create_string( talloc_tos(),
487 tm, seconds, handle, username, vfs_id_chdir,
488 2, ((struct chdir_data *) data)->path, \
489 talloc_asprintf(talloc_tos(), "%u", \
490 ((struct chdir_data *) data)->result));
497 str = smb_traffic_analyzer_create_string( talloc_tos(),
498 tm, seconds, handle, username, vfs_operation,
499 2, ((struct rw_data *) data)->filename, \
500 talloc_asprintf(talloc_tos(), "%u", \
501 ((struct rw_data *) data)->len));
504 DEBUG(1, ("smb_traffic_analyzer: error! "
505 "wrong VFS operation id detected!\n"));
510 DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
511 "error, unkown protocol given!\n"));
516 DEBUG(1, ("smb_traffic_analyzer_send_data: "
517 "unable to create string to send!\n"));
523 * If configured, optain the key and run AES encryption
528 char *akey = (char *) secrets_fetch("smb_traffic_analyzer_key", &size);
530 if ( akey != NULL ) {
531 state_flags[2] = 'E';
532 DEBUG(10, ("smb_traffic_analyzer_send_data_socket: a key was"
533 " found, encrypting data!\n"));
534 char *output = smb_traffic_analyzer_encrypt( talloc_tos(),
536 header = smb_traffic_analyzer_create_header( talloc_tos(),
539 DEBUG(10, ("smb_traffic_analyzer_send_data_socket:"
540 " header created for crypted data: %s\n", header));
541 smb_traffic_analyzer_write_data(header, output, len,
548 header = smb_traffic_analyzer_create_header( talloc_tos(),
550 smb_traffic_analyzer_write_data(header, str, strlen(str),
555 static struct refcounted_sock *sock_list;
557 static void smb_traffic_analyzer_free_data(void **pptr)
559 struct refcounted_sock *rf_sock = *(struct refcounted_sock **)pptr;
560 if (rf_sock == NULL) {
563 rf_sock->ref_count--;
564 if (rf_sock->ref_count != 0) {
567 if (rf_sock->sock != -1) {
568 close(rf_sock->sock);
570 DLIST_REMOVE(sock_list, rf_sock);
571 TALLOC_FREE(rf_sock);
574 static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle,
578 connection_struct *conn = handle->conn;
579 enum sock_type st = smb_traffic_analyzer_connMode(handle);
580 struct refcounted_sock *rf_sock = NULL;
581 const char *name = (st == UNIX_DOMAIN_SOCKET) ? LOCAL_PATHNAME :
582 lp_parm_const_string(SNUM(conn),
583 "smb_traffic_analyzer",
584 "host", "localhost");
585 uint16_t port = (st == UNIX_DOMAIN_SOCKET) ? 0 :
586 atoi( lp_parm_const_string(SNUM(conn),
587 "smb_traffic_analyzer", "port", "9430"));
588 int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
594 /* Are we already connected ? */
595 for (rf_sock = sock_list; rf_sock; rf_sock = rf_sock->next) {
596 if (port == rf_sock->port &&
597 (strcmp(name, rf_sock->name) == 0)) {
602 /* If we're connected already, just increase the
603 * reference count. */
605 rf_sock->ref_count++;
607 /* New connection. */
608 rf_sock = TALLOC_ZERO_P(NULL, struct refcounted_sock);
609 if (rf_sock == NULL) {
610 SMB_VFS_NEXT_DISCONNECT(handle);
614 rf_sock->name = talloc_strdup(rf_sock, name);
615 if (rf_sock->name == NULL) {
616 SMB_VFS_NEXT_DISCONNECT(handle);
617 TALLOC_FREE(rf_sock);
621 rf_sock->port = port;
622 rf_sock->ref_count = 1;
624 if (st == UNIX_DOMAIN_SOCKET) {
625 rf_sock->sock = smb_traffic_analyzer_connect_unix_socket(handle,
629 rf_sock->sock = smb_traffic_analyzer_connect_inet_socket(handle,
633 if (rf_sock->sock == -1) {
634 SMB_VFS_NEXT_DISCONNECT(handle);
635 TALLOC_FREE(rf_sock);
638 DLIST_ADD(sock_list, rf_sock);
641 /* Store the private data. */
642 SMB_VFS_HANDLE_SET_DATA(handle, rf_sock, smb_traffic_analyzer_free_data,
643 struct refcounted_sock, return -1);
648 static int smb_traffic_analyzer_chdir(vfs_handle_struct *handle, \
651 struct chdir_data s_data;
652 s_data.result = SMB_VFS_NEXT_CHDIR(handle, path);
654 DEBUG(10, ("smb_traffic_analyzer_chdir: CHDIR: %s\n", path));
655 smb_traffic_analyzer_send_data(handle, &s_data, vfs_id_chdir);
656 return s_data.result;
659 static int smb_traffic_analyzer_rename(vfs_handle_struct *handle, \
660 const struct smb_filename *smb_fname_src,
661 const struct smb_filename *smb_fname_dst)
663 struct rename_data s_data;
664 s_data.result = SMB_VFS_NEXT_RENAME(handle, smb_fname_src, \
666 s_data.src = smb_fname_src->base_name;
667 s_data.dst = smb_fname_dst->base_name;
668 DEBUG(10, ("smb_traffic_analyzer_rename: RENAME: %s / %s\n",
669 smb_fname_src->base_name,
670 smb_fname_dst->base_name));
671 smb_traffic_analyzer_send_data(handle, &s_data, vfs_id_rename);
672 return s_data.result;
675 static int smb_traffic_analyzer_rmdir(vfs_handle_struct *handle, \
678 struct rmdir_data s_data;
679 s_data.result = SMB_VFS_NEXT_RMDIR(handle, path);
681 DEBUG(10, ("smb_traffic_analyzer_rmdir: RMDIR: %s\n", path));
682 smb_traffic_analyzer_send_data(handle, &s_data, vfs_id_rmdir);
683 return s_data.result;
686 static int smb_traffic_analyzer_mkdir(vfs_handle_struct *handle, \
687 const char *path, mode_t mode)
689 struct mkdir_data s_data;
690 s_data.result = SMB_VFS_NEXT_MKDIR(handle, path, mode);
693 DEBUG(10, ("smb_traffic_analyzer_mkdir: MKDIR: %s\n", path));
694 smb_traffic_analyzer_send_data(handle,
697 return s_data.result;
700 static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \
701 files_struct *fsp, void *data, size_t n)
703 struct rw_data s_data;
705 s_data.len = SMB_VFS_NEXT_READ(handle, fsp, data, n);
706 s_data.filename = fsp->fsp_name->base_name;
707 DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp_str_dbg(fsp)));
709 smb_traffic_analyzer_send_data(handle,
716 static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \
717 files_struct *fsp, void *data, size_t n, SMB_OFF_T offset)
719 struct rw_data s_data;
721 s_data.len = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
722 s_data.filename = fsp->fsp_name->base_name;
723 DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n",
726 smb_traffic_analyzer_send_data(handle,
733 static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \
734 files_struct *fsp, const void *data, size_t n)
736 struct rw_data s_data;
738 s_data.len = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
739 s_data.filename = fsp->fsp_name->base_name;
740 DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n",
743 smb_traffic_analyzer_send_data(handle,
749 static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \
750 files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset)
752 struct rw_data s_data;
754 s_data.len = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
755 s_data.filename = fsp->fsp_name->base_name;
756 DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", \
759 smb_traffic_analyzer_send_data(handle,
765 static struct vfs_fn_pointers vfs_smb_traffic_analyzer_fns = {
766 .connect_fn = smb_traffic_analyzer_connect,
767 .vfs_read = smb_traffic_analyzer_read,
768 .pread = smb_traffic_analyzer_pread,
769 .write = smb_traffic_analyzer_write,
770 .pwrite = smb_traffic_analyzer_pwrite,
771 .mkdir = smb_traffic_analyzer_mkdir,
772 .rename = smb_traffic_analyzer_rename,
773 .chdir = smb_traffic_analyzer_chdir
776 /* Module initialization */
777 NTSTATUS vfs_smb_traffic_analyzer_init(void)
779 NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
780 "smb_traffic_analyzer",
781 &vfs_smb_traffic_analyzer_fns);
783 if (!NT_STATUS_IS_OK(ret)) {
787 vfs_smb_traffic_analyzer_debug_level =
788 debug_add_class("smb_traffic_analyzer");
790 if (vfs_smb_traffic_analyzer_debug_level == -1) {
791 vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
792 DEBUG(1, ("smb_traffic_analyzer_init: Couldn't register custom"
793 "debugging class!\n"));
795 DEBUG(3, ("smb_traffic_analyzer_init: Debug class number of"
796 "'smb_traffic_analyzer': %d\n", \
797 vfs_smb_traffic_analyzer_debug_level));
git.samba.org / ira / wip.git / blob