root/source3/modules/vfs_smb_traffic_analyzer.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. smb_traffic_analyzer_connMode
  2. smb_traffic_analyzer_connect_inet_socket
  3. smb_traffic_analyzer_connect_unix_socket
  4. smb_traffic_analyzer_send_data
  5. smb_traffic_analyzer_free_data
  6. smb_traffic_analyzer_connect
  7. smb_traffic_analyzer_read
  8. smb_traffic_analyzer_pread
  9. smb_traffic_analyzer_write
  10. smb_traffic_analyzer_pwrite
  11. vfs_smb_traffic_analyzer_init

   1 /*
   2  * traffic-analyzer VFS module. Measure the smb traffic users create
   3  * on the net.
   4  *
   5  * Copyright (C) Holger Hetterich, 2008
   6  * Copyright (C) Jeremy Allison, 2008
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 3 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  20  */
  21 
  22 #include "includes.h"
  23 
  24 /* abstraction for the send_over_network function */
  25 
  26 enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET};
  27 
  28 #define LOCAL_PATHNAME "/var/tmp/stadsocket"
  29 
  30 static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
  31 
  32 static enum sock_type smb_traffic_analyzer_connMode(vfs_handle_struct *handle)
     /* [<][>][^][v][top][bottom][index][help] */
  33 {
  34         connection_struct *conn = handle->conn;
  35         const char *Mode;
  36         Mode=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer","mode", \
  37                         "internet_socket");
  38         if (strstr(Mode,"unix_domain_socket")) {
  39                 return UNIX_DOMAIN_SOCKET;
  40         } else {
  41                 return INTERNET_SOCKET;
  42         }
  43 }
  44 
  45 
  46 /* Connect to an internet socket */
  47 
  48 static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
  49                                         const char *name, uint16_t port)
  50 {
  51         /* Create a streaming Socket */
  52         int sockfd = -1;
  53         struct addrinfo hints;
  54         struct addrinfo *ailist = NULL;
  55         struct addrinfo *res = NULL;
  56         int ret;
  57 
  58         ZERO_STRUCT(hints);
  59         /* By default make sure it supports TCP. */
  60         hints.ai_socktype = SOCK_STREAM;
  61         hints.ai_flags = AI_ADDRCONFIG;
  62 
  63         ret = getaddrinfo(name,
  64                         NULL,
  65                         &hints,
  66                         &ailist);
  67 
  68         if (ret) {
  69                 DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: "
  70                         "getaddrinfo failed for name %s [%s]\n",
  71                         name,
  72                         gai_strerror(ret) ));
  73                 return -1;
  74         }
  75 
  76         DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s,"
  77                 "Port: %i\n", name, port));
  78 
  79         for (res = ailist; res; res = res->ai_next) {
  80                 struct sockaddr_storage ss;
  81                 NTSTATUS status;
  82 
  83                 if (!res->ai_addr || res->ai_addrlen == 0) {
  84                         continue;
  85                 }
  86 
  87                 ZERO_STRUCT(ss);
  88                 memcpy(&ss, res->ai_addr, res->ai_addrlen);
  89 
  90                 status = open_socket_out(&ss, port, 10000, &sockfd);
  91                 if (NT_STATUS_IS_OK(status)) {
  92                         break;
  93                 }
  94         }
  95 
  96         if (ailist) {
  97                 freeaddrinfo(ailist);
  98         }
  99 
 100         if (sockfd == -1) {
 101                 DEBUG(1, ("smb_traffic_analyzer: unable to create "
 102                         "socket, error is %s",
 103                         strerror(errno)));
 104                 return -1;
 105         }
 106 
 107         return sockfd;
 108 }
 109 
 110 /* Connect to a unix domain socket */
 111 
 112 static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 113                                                 const char *name)
 114 {
 115         /* Create the socket to stad */
 116         int len, sock;
 117         struct sockaddr_un remote;
 118 
 119         DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: "
 120                         "Unix domain socket mode. Using %s\n",
 121                         name ));
 122 
 123         if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
 124                 DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
 125                         "Couldn't create socket, "
 126                         "make sure stad is running!\n"));
 127                 return -1;
 128         }
 129         remote.sun_family = AF_UNIX;
 130         strlcpy(remote.sun_path, name,
 131                     sizeof(remote.sun_path));
 132         len=strlen(remote.sun_path) + sizeof(remote.sun_family);
 133         if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) {
 134                 DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: "
 135                         "Could not connect to "
 136                         "socket, make sure\nstad is running!\n"));
 137                 close(sock);
 138                 return -1;
 139         }
 140         return sock;
 141 }
 142 
 143 /* Private data allowing shared connection sockets. */
 144 
 145 struct refcounted_sock {
 146         struct refcounted_sock *next, *prev;
 147         char *name;
 148         uint16_t port;
 149         int sock;
 150         unsigned int ref_count;
 151 };
 152 
 153 /* Send data over a socket */
 154 
 155 static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 156                                         ssize_t result,
 157                                         const char *file_name,
 158                                         bool Write)
 159 {
 160         struct refcounted_sock *rf_sock = NULL;
 161         struct timeval tv;
 162         time_t tv_sec;
 163         struct tm *tm = NULL;
 164         int seconds;
 165         char *str = NULL;
 166         char *username = NULL;
 167         const char *anon_prefix = NULL;
 168         const char *total_anonymization = NULL;
 169         size_t len;
 170 
 171         SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return);
 172 
 173         if (rf_sock == NULL || rf_sock->sock == -1) {
 174                 DEBUG(1, ("smb_traffic_analyzer_send_data: socket is "
 175                         "closed\n"));
 176                 return;
 177         }
 178 
 179         GetTimeOfDay(&tv);
 180         tv_sec = convert_timespec_to_time_t(convert_timeval_to_timespec(tv));
 181         tm = localtime(&tv_sec);
 182         if (!tm) {
 183                 return;
 184         }
 185         seconds=(float) (tv.tv_usec / 1000);
 186 
 187         /* check if anonymization is required */
 188 
 189         total_anonymization=lp_parm_const_string(SNUM(handle->conn),"smb_traffic_analyzer",
 190                                         "total_anonymization", NULL);
 191 
 192         anon_prefix=lp_parm_const_string(SNUM(handle->conn),"smb_traffic_analyzer",\
 193                                         "anonymize_prefix", NULL );
 194         if (anon_prefix!=NULL) {
 195                 if (total_anonymization!=NULL) {
 196                         username = talloc_asprintf(talloc_tos(),
 197                                 "%s",
 198                                 anon_prefix);
 199                 } else {
 200                         username = talloc_asprintf(talloc_tos(),
 201                                 "%s%i",
 202                                 anon_prefix,
 203                                 str_checksum(
 204                                         handle->conn->server_info->sanitized_username ) ); 
 205                 }
 206 
 207         } else {
 208                 username = handle->conn->server_info->sanitized_username;
 209         }
 210 
 211         if (!username) {
 212                 return;
 213         }
 214 
 215         str = talloc_asprintf(talloc_tos(),
 216                         "V1,%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\","
 217                         "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n",
 218                         (unsigned int)result,
 219                         username,
 220                         pdb_get_domain(handle->conn->server_info->sam_account),
 221                         Write ? 'W' : 'R',
 222                         handle->conn->connectpath,
 223                         file_name,
 224                         tm->tm_year+1900,
 225                         tm->tm_mon+1,
 226                         tm->tm_mday,
 227                         tm->tm_hour,
 228                         tm->tm_min,
 229                         tm->tm_sec,
 230                         (int)seconds);
 231 
 232         if (!str) {
 233                 return;
 234         }
 235 
 236         len = strlen(str);
 237 
 238         DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n",
 239                         str));
 240         if (write_data(rf_sock->sock, str, len) != len) {
 241                 DEBUG(1, ("smb_traffic_analyzer_send_data_socket: "
 242                         "error sending data to socket!\n"));
 243                 return ;
 244         }
 245 }
 246 
 247 static struct refcounted_sock *sock_list;
 248 
 249 static void smb_traffic_analyzer_free_data(void **pptr)
     /* [<][>][^][v][top][bottom][index][help] */
 250 {
 251         struct refcounted_sock *rf_sock = *(struct refcounted_sock **)pptr;
 252         if (rf_sock == NULL) {
 253                 return;
 254         }
 255         rf_sock->ref_count--;
 256         if (rf_sock->ref_count != 0) {
 257                 return;
 258         }
 259         if (rf_sock->sock != -1) {
 260                 close(rf_sock->sock);
 261         }
 262         DLIST_REMOVE(sock_list, rf_sock);
 263         TALLOC_FREE(rf_sock);
 264 }
 265 
 266 static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 267                          const char *service,
 268                          const char *user)
 269 {
 270         connection_struct *conn = handle->conn;
 271         enum sock_type st = smb_traffic_analyzer_connMode(handle);
 272         struct refcounted_sock *rf_sock = NULL;
 273         const char *name = (st == UNIX_DOMAIN_SOCKET) ? LOCAL_PATHNAME :
 274                                 lp_parm_const_string(SNUM(conn),
 275                                         "smb_traffic_analyzer",
 276                                 "host", "localhost");
 277         uint16_t port = (st == UNIX_DOMAIN_SOCKET) ? 0 :
 278                                 atoi( lp_parm_const_string(SNUM(conn),
 279                                 "smb_traffic_analyzer", "port", "9430"));
 280 
 281         /* Are we already connected ? */
 282         for (rf_sock = sock_list; rf_sock; rf_sock = rf_sock->next) {
 283                 if (port == rf_sock->port &&
 284                                 (strcmp(name, rf_sock->name) == 0)) {
 285                         break;
 286                 }
 287         }
 288 
 289         /* If we're connected already, just increase the
 290          * reference count. */
 291         if (rf_sock) {
 292                 rf_sock->ref_count++;
 293         } else {
 294                 /* New connection. */
 295                 rf_sock = TALLOC_ZERO_P(NULL, struct refcounted_sock);
 296                 if (rf_sock == NULL) {
 297                         errno = ENOMEM;
 298                         return -1;
 299                 }
 300                 rf_sock->name = talloc_strdup(rf_sock, name);
 301                 if (rf_sock->name == NULL) {
 302                         TALLOC_FREE(rf_sock);
 303                         errno = ENOMEM;
 304                         return -1;
 305                 }
 306                 rf_sock->port = port;
 307                 rf_sock->ref_count = 1;
 308 
 309                 if (st == UNIX_DOMAIN_SOCKET) {
 310                         rf_sock->sock = smb_traffic_analyzer_connect_unix_socket(handle,
 311                                                         name);
 312                 } else {
 313 
 314                         rf_sock->sock = smb_traffic_analyzer_connect_inet_socket(handle,
 315                                                         name,
 316                                                         port);
 317                 }
 318                 if (rf_sock->sock == -1) {
 319                         TALLOC_FREE(rf_sock);
 320                         return -1;
 321                 }
 322                 DLIST_ADD(sock_list, rf_sock);
 323         }
 324 
 325         /* Store the private data. */
 326         SMB_VFS_HANDLE_SET_DATA(handle, rf_sock, smb_traffic_analyzer_free_data,
 327                                 struct refcounted_sock, return -1);
 328         return SMB_VFS_NEXT_CONNECT(handle, service, user);
 329 }
 330 
 331 /* VFS Functions: write, read, pread, pwrite for now */
 332 
 333 static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \
     /* [<][>][^][v][top][bottom][index][help] */
 334                                 files_struct *fsp, void *data, size_t n)
 335 {
 336         ssize_t result;
 337 
 338         result = SMB_VFS_NEXT_READ(handle, fsp, data, n);
 339         DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp->fsp_name ));
 340 
 341         smb_traffic_analyzer_send_data(handle,
 342                         result,
 343                         fsp->fsp_name,
 344                         false);
 345         return result;
 346 }
 347 
 348 
 349 static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \
     /* [<][>][^][v][top][bottom][index][help] */
 350                 files_struct *fsp, void *data, size_t n, SMB_OFF_T offset)
 351 {
 352         ssize_t result;
 353 
 354         result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
 355 
 356         DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n", fsp->fsp_name ));
 357 
 358         smb_traffic_analyzer_send_data(handle,
 359                         result,
 360                         fsp->fsp_name,
 361                         false);
 362 
 363         return result;
 364 }
 365 
 366 static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \
     /* [<][>][^][v][top][bottom][index][help] */
 367                         files_struct *fsp, const void *data, size_t n)
 368 {
 369         ssize_t result;
 370 
 371         result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n);
 372 
 373         DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n", fsp->fsp_name ));
 374 
 375         smb_traffic_analyzer_send_data(handle,
 376                         result,
 377                         fsp->fsp_name,
 378                         true);
 379         return result;
 380 }
 381 
 382 static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \
     /* [<][>][^][v][top][bottom][index][help] */
 383              files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset)
 384 {
 385         ssize_t result;
 386 
 387         result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
 388 
 389         DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", fsp->fsp_name ));
 390 
 391         smb_traffic_analyzer_send_data(handle,
 392                         result,
 393                         fsp->fsp_name,
 394                         true);
 395         return result;
 396 }
 397 
 398 /* VFS operations we use */
 399 
 400 static vfs_op_tuple smb_traffic_analyzer_tuples[] = {
 401 
 402         {SMB_VFS_OP(smb_traffic_analyzer_connect), SMB_VFS_OP_CONNECT,
 403          SMB_VFS_LAYER_LOGGER},
 404         {SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ,
 405          SMB_VFS_LAYER_LOGGER},
 406         {SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD,
 407          SMB_VFS_LAYER_LOGGER},
 408         {SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE,
 409          SMB_VFS_LAYER_LOGGER},
 410         {SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE,
 411          SMB_VFS_LAYER_LOGGER},
 412         {SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP}
 413 };
 414 
 415 /* Module initialization */
 416 
 417 NTSTATUS vfs_smb_traffic_analyzer_init(void)
     /* [<][>][^][v][top][bottom][index][help] */
 418 {
 419         NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \
 420                 "smb_traffic_analyzer", smb_traffic_analyzer_tuples);
 421 
 422         if (!NT_STATUS_IS_OK(ret)) {
 423                 return ret;
 424         }
 425 
 426         vfs_smb_traffic_analyzer_debug_level =
 427                 debug_add_class("smb_traffic_analyzer");
 428 
 429         if (vfs_smb_traffic_analyzer_debug_level == -1) {
 430                 vfs_smb_traffic_analyzer_debug_level = DBGC_VFS;
 431                 DEBUG(1, ("smb_traffic_analyzer_init: Couldn't register custom"
 432                          "debugging class!\n"));
 433         } else {
 434                 DEBUG(3, ("smb_traffic_analyzer_init: Debug class number of"
 435                         "'smb_traffic_analyzer': %d\n", \
 436                         vfs_smb_traffic_analyzer_debug_level));
 437         }
 438 
 439         return ret;
 440 }

/* [<][>][^][v][top][bottom][index][help] */