diff -Naur smbtad/dist/smbtad smbtad-up/dist/smbtad --- smbtad/dist/smbtad 2015-02-05 18:22:54.213894990 +0100 +++ smbtad-up/dist/smbtad 2015-02-05 18:22:06.000000000 +0100 @@ -1,5 +1,6 @@ -#! /bin/sh +#!/bin/bash # Copyright (c) 2010 Holger Hetterich +# Debianized by Eida.cz 2015 # # Based on the smb script by Lars Müller # @@ -20,75 +21,89 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . # + +#!/bin/bash +# /etc/init.d/smbtad +# version 2015-02-05 + ### BEGIN INIT INFO -# Provides: smbtad +# Provides: smbtad # Required-Start: $network $syslog -# Should-Start: # Required-Stop: $network $syslog +# Should-Start: # Should-Stop: # Default-Start: 3 5 # Default-Stop: 0 1 2 6 -# Short-Description: SMB Traffic Analyzer Daemon -# Description: SMB Traffic Analyzer Daemon +# Short-Description: SMB Traffic Analyzer Daemon +# Description: SMB Traffic Analyzer Daemon ### END INIT INFO -SMBTAD_BIN="/usr/bin/smbtad" +# config +SMBTAD_BIN="$(which smbtad)" SMBTAD_CONF="/etc/smbtad.conf" -. /etc/rc.status -rc_reset - # Check for missing binary if [ ! -x ${SMBTAD_BIN} ]; then echo -n >&2 "SMB Traffic Analyzer daemon, ${SMBTAD_BIN} is not installed. " - rc_status -s exit 5 fi # be extra carefull cause connection fail if TMPDIR is not writeable export TMPDIR="/var/tmp" + + +#Start-Stop case "$1" in - start) - echo -n "Starting SMB Traffic Analyzer daemon " - if [ ! -f ${SMBTAD_CONF} ]; then - echo -n >&2 "smbtad configuration file, ${SMBTAD_CONF} does not exist. " - rc_status -s - exit 6 - fi - checkproc ${SMBTAD_BIN} - case $? in - 0) echo -n "- Warning: daemon already running. " ;; - esac - test -f /etc/sysconfig/language && \ - . /etc/sysconfig/language - export LC_ALL="$RC_LC_ALL" - export LC_CTYPE="$RC_LC_CTYPE" - export LANG="$RC_LANG" - startproc ${SMBTAD_BIN} -c ${SMBTAD_CONF} - unset LC_ALL LC_CTYPE LANG - rc_status -v - ;; - stop) - echo -n "Shutting down SMB Traffic Analyzer daemon " - checkproc ${SMBTAD_BIN} || \ - echo -n " Warning: daemon not running. " - killproc -t 10 ${SMBTAD_BIN} - rc_status -v - ;; - restart) - $0 stop - $0 start - rc_status - ;; - status) - echo -n "Checking for Samba SMB daemon " - checkproc ${SMBTAD_BIN} - rc_status -v - ;; - *) - echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; + start) + echo -n "Starting SMB Traffic Analyzer daemon " + + if [ ! -f ${SMBTAD_CONF} ]; then + echo -n >&2 "smbtad configuration file, ${SMBTAD_CONF} does not exist. " + exit 6 + fi + + if [ "$(pidof smbtad)” ] + then + echo "SMB Traffic Analyzer daemon is already running." + else + $SMBTAD_BIN -c $SMBTAD_CONF + fi + exit 1 + + ;; + stop) + + if [ "$(pidof smbtad)" ] + then + killall smbtad + else + echo "SMB Traffic Analyzer daemon is not running" + fi + + exit 1 + ;; + restart) + echo "Restarting SMB Traffic Analyzer daemon " + killall smbtad + $SMBTAD_BIN -c $SMBTAD_CONF + ;; + backup) + mc_backup + ;; + status) + if [ "$(pidof smbtad)" ] + then + echo "SMB Traffic Analyzer daemon is running" + else + echo "SMB Traffic Analyzer daemon is not running" + fi + ;; + + *) + echo "Usage: $0 {start|stop|status|restart}" + exit 1 + ;; esac -rc_exit + +exit 0 diff -Naur smbtad/include/cache.h smbtad-up/include/cache.h --- smbtad/include/cache.h 2015-02-05 18:22:54.233894985 +0100 +++ smbtad-up/include/cache.h 2015-02-05 15:51:14.000000000 +0100 @@ -33,6 +33,7 @@ char *username; char *domain; + char *clientip; // client IP char *share; char *timestamp; char *usersid; diff -Naur smbtad/include/monitor-list.h smbtad-up/include/monitor-list.h --- smbtad/include/monitor-list.h 2015-02-05 18:22:54.233894985 +0100 +++ smbtad-up/include/monitor-list.h 2015-02-05 15:33:42.000000000 +0100 @@ -49,6 +49,7 @@ char *share; char *file; char *domain; + char *clientip; /* client IP aaddress */ /* to be casted to a specific structure */ void *local_data; @@ -93,8 +94,10 @@ char *username, char *usersid, char *share, - char *file, - char *domain, unsigned long int data, char *montimestamp); + char *file, + char *domain, + char *clientip, + unsigned long int data, char *montimestamp); int monitor_list_delete_by_socket( int sock ); void monitor_list_set_init_result(char *res, int monitorid); diff -Naur smbtad/include/protocol.h smbtad-up/include/protocol.h --- smbtad/include/protocol.h 2015-02-05 18:22:54.233894985 +0100 +++ smbtad-up/include/protocol.h 2015-02-05 15:36:50.000000000 +0100 @@ -22,7 +22,7 @@ #include #define PROTOCOL_SUBRELEASE 0 -#define SMBTAD_COMMON_DATA_BLOCKS 6 +#define SMBTAD_COMMON_DATA_BLOCKS 7 // 6 + IP enum header_states { diff -Naur smbtad/include/vfs_smb_traffic_analyzer.h smbtad-up/include/vfs_smb_traffic_analyzer.h --- smbtad/include/vfs_smb_traffic_analyzer.h 2015-02-05 18:22:54.237894985 +0100 +++ smbtad-up/include/vfs_smb_traffic_analyzer.h 2015-02-05 16:00:56.000000000 +0100 @@ -77,7 +77,7 @@ */ /* Protocol subrelease number */ -#define SMBTA_SUBRELEASE 0 +#define SMBTA_SUBRELEASE '0' /* * Every data block sends a number of blocks sending common data @@ -85,7 +85,7 @@ * so that if the receiver is using an older version of the protocol * it knows which blocks it can ignore. */ -#define SMBTA_COMMON_DATA_COUNT "00016" +#define SMBTA_COMMON_DATA_COUNT "00017" /* * VFS Functions identifier table. In protocol version 2, every vfs diff -Naur smbtad/src/cache.c smbtad-up/src/cache.c --- smbtad/src/cache.c 2015-02-05 18:22:54.241894983 +0100 +++ smbtad-up/src/cache.c 2015-02-05 17:31:50.000000000 +0100 @@ -111,7 +111,9 @@ && strncmp(entry->username, gotr->username, strlen(entry->username)) == 0 && strncmp(entry->domain, - gotr->domain, strlen(entry->domain)) == 0) { + gotr->domain, strlen(entry->domain)) == 0 + && strncmp(entry->clientip, + gotr->clientip, strlen(entry->clientip)) == 0) { /* * entry fits, add the value */ @@ -209,6 +211,7 @@ entry->share, entry->filename, entry->domain, + entry->clientip, entry->len, entry->timestamp); } @@ -227,6 +230,7 @@ entry->share = NULL; entry->filename = NULL; entry->domain = NULL; + entry->clientip = NULL; entry->len = 0; entry->timestamp = NULL; @@ -264,6 +268,8 @@ entry->domain = protocol_get_single_data_block( data, &go_through ); /* timestamp */ entry->timestamp = protocol_get_single_data_block( data, &go_through ); + /* clientip */ + entry->clientip = protocol_get_single_data_block( data, &go_through ); /** * In case the protocol transfers more common data blocks @@ -271,7 +277,7 @@ * happened in the Samba master and 3.6.0 branch as we have * added support for the IP address of the client to the protocol */ - for ( t=0; t < common_blocks_num-6; t++) { + for ( t=0; t < common_blocks_num-7; t++) { dummy = protocol_get_single_data_block( data, &go_through); if (dummy == NULL) { syslog(LOG_DEBUG,"Fatal: Expected more common data but\n" @@ -341,6 +347,7 @@ char *username; char *share; char *domain; + char *clientip; char *timestamp; char *usersid; /* fn depending strings */ @@ -349,6 +356,7 @@ dbi_conn_quote_string_copy( conf->DBIconn, entry->username, &username); dbi_conn_quote_string_copy( conf->DBIconn, entry->share, &share); dbi_conn_quote_string_copy( conf->DBIconn, entry->domain, &domain); + dbi_conn_quote_string_copy( conf->DBIconn, entry->clientip, &clientip); dbi_conn_quote_string_copy( conf->DBIconn, entry->timestamp, ×tamp); dbi_conn_quote_string_copy( conf->DBIconn, entry->usersid, &usersid); switch( entry->op_id ) { @@ -361,11 +369,11 @@ &result); retstr = talloc_asprintf(ctx, "INSERT INTO data (" - "vfs_id, username, usersid, share, domain, timestamp," + "vfs_id, username, usersid, share, domain, timestamp, clientip," "string1, string2, result) VALUES (" - "%i, %s,%s,%s,%s," + "%i, %s,%s,%s,%s,%s," "%s,%s,%s,%s);", - entry->op_id,username,usersid,share,domain,timestamp, + entry->op_id,username,usersid,share,domain,timestamp,clientip, source,destination,result); free(source); free(destination); @@ -376,11 +384,11 @@ dbi_conn_quote_string_copy( conf->DBIconn, entry->result, &result); retstr = talloc_asprintf(ctx, "INSERT INTO data (" - "vfs_id, username, usersid, share, domain, timestamp," + "vfs_id, username, usersid, share, domain, timestamp, clientip," "string1, result) VALUES (" - "%i,%s,%s,%s,%s," + "%i,%s,%s,%s,%s,%s," "%s,%s,%s);", - entry->op_id,username,usersid,share,domain,timestamp, + entry->op_id,username,usersid,share,domain,timestamp,clientip, filename,result); free(result); free(filename); @@ -390,11 +398,11 @@ dbi_conn_quote_string_copy( conf->DBIconn, entry->mode, &mode); dbi_conn_quote_string_copy( conf->DBIconn, entry->result, &result); retstr = talloc_asprintf(ctx, "INSERT INTO data (" - "vfs_id, username, usersid, share, domain, timestamp," + "vfs_id, username, usersid, share, domain, timestamp, clientip," "string1, string2, result) VALUES (" - "%i,%s,%s,%s,%s," + "%i,%s,%s,%s,%s,%s," "%s,%s,%s,%s);", - entry->op_id,username,usersid,share,domain,timestamp, + entry->op_id,username,usersid,share,domain,timestamp,clientip, filename,mode,result); free(mode); free(result); @@ -405,11 +413,11 @@ dbi_conn_quote_string_copy( conf->DBIconn, entry->path, &path); dbi_conn_quote_string_copy( conf->DBIconn, entry->result, &result); retstr = talloc_asprintf( ctx, "INSERT INTO data (" - "vfs_id, username, usersid, share, domain, timestamp," + "vfs_id, username, usersid, share, domain, timestamp, clientip," "string1, result) VALUES (" - "%i,%s,%s,%s,%s," + "%i,%s,%s,%s,%s,%s," "%s,%s,%s);", - entry->op_id,username,usersid,share,domain,timestamp, + entry->op_id,username,usersid,share,domain,timestamp,clientip, path,result); free(path); free(result); @@ -419,11 +427,11 @@ dbi_conn_quote_string_copy( conf->DBIconn, entry->mode, &mode); dbi_conn_quote_string_copy( conf->DBIconn, entry->result, &result); retstr = talloc_asprintf(ctx, "INSERT INTO data (" - "vfs_id, username, usersid, share, domain, timestamp," + "vfs_id, username, usersid, share, domain, timestamp, clientip," "string1, string2, result) VALUES (" - "%i,%s,%s,%s,%s," + "%i,%s,%s,%s,%s,%s," "%s,%s,%s,%s);", - entry->op_id,username,usersid,share,domain,timestamp, + entry->op_id,username,usersid,share,domain,timestamp,clientip, path, mode, result); free(mode); free(result); @@ -437,11 +445,11 @@ } dbi_conn_quote_string_copy( conf->DBIconn, entry->filename, &filename); retstr = talloc_asprintf(ctx, "INSERT INTO data (" - "vfs_id, username, usersid, share, domain, timestamp," + "vfs_id, username, usersid, share, domain, timestamp, clientip," "string1, length) VALUES (" - "%i,%s,%s,%s,%s,%s," + "%i,%s,%s,%s,%s,%s,%s," "%s,%lu);", - vfs_id_write,username,usersid,share,domain,timestamp, + vfs_id_write,username,usersid,share,domain,timestamp,clientip, filename,entry->len); free(filename); break; @@ -453,11 +461,11 @@ } dbi_conn_quote_string_copy( conf->DBIconn, entry->filename, &filename); retstr = talloc_asprintf(ctx, "INSERT INTO data (" - "vfs_id, username, usersid, share, domain, timestamp," + "vfs_id, username, usersid, share, domain, timestamp, clientip," "string1, length) VALUES (" - "%i,%s,%s,%s,%s,%s," + "%i,%s,%s,%s,%s,%s,%s," "%s,%lu);", - vfs_id_read,username,usersid,share,domain,timestamp, + vfs_id_read,username,usersid,share,domain,timestamp,clientip, filename,entry->len); free(filename); break; @@ -468,6 +476,7 @@ free(share); free(domain); free(timestamp); + free(clientip); free(usersid); return retstr; } @@ -488,7 +497,7 @@ * Check if the connection is alive. We try ten times * to restore the connection if not */ - for (try = 0; try < 10; try++) { + for (try = 0; try < 5; try++) { rc = dbi_conn_ping( config->DBIconn ); if (rc == 1) { result = dbi_conn_query(config->DBIconn, dbstring); @@ -506,7 +515,7 @@ dbi_result_free(result); } -void cleanup_cache( TALLOC_CTX *ctx,struct configuration_data *config, +void cleanup_cache(TALLOC_CTX *ctx,struct configuration_data *config, struct cache_entry *entry) { char *dbstring; @@ -604,9 +613,9 @@ pthread_mutex_unlock(&cache_mutex); if (backup != NULL) { /* store all existing entries into the database */ - do_db(config,"BEGIN TRANSACTION;"); - cleanup_cache( dbpool,config,backup); - do_db(config,"COMMIT;"); + //do_db(config,"START TRANSACTION;"); + cleanup_cache(dbpool, config, backup); + //do_db(config,"COMMIT;"); } talloc_free(dbpool); @@ -614,7 +623,7 @@ char String[400]; char dbstring[300]; struct tm *tm; - do_db(config,"BEGIN TRANSACTION;"); + //do_db(config,"START TRANSACTION;"); time_t today=time(NULL); time_t delete_date=today - config->maint_run_time; tm = localtime ( &delete_date ); @@ -625,11 +634,11 @@ tm->tm_hour, tm->tm_min, tm->tm_sec); - strcpy(dbstring,"delete from data where timestamp < '"); + strcpy(dbstring,"DELETE FROM data WHERE timestamp < '"); strcat(dbstring,String); strcat(dbstring,"';"); do_db(config,dbstring); - do_db(config,"COMMIT;"); + //do_db(config,"COMMIT;"); maintenance_count = 0; } diff -Naur smbtad/src/database.c smbtad-up/src/database.c --- smbtad/src/database.c 2015-02-05 18:22:54.241894983 +0100 +++ smbtad-up/src/database.c 2015-02-05 15:26:37.000000000 +0100 @@ -20,7 +20,7 @@ */ #include "../include/includes.h" -#define CREATE_COMMONS "vfs_id integer,username varchar,usersid varchar,share varchar,domain varchar,timestamp timestamp," +#define CREATE_COMMONS "vfs_id int,username varchar(255),usersid varchar(255),share varchar(255),domain varchar(255),timestamp datetime,clientip varchar(128)," int database_create_tables( struct configuration_data *conf ); @@ -198,7 +198,7 @@ result = dbi_conn_query( conf->DBIconn, "CREATE TABLE data (" CREATE_COMMONS - "string1 varchar, length integer, result bigint, string2 varchar)"); + "string1 varchar(255), length int, result bigint, string2 varchar(255))"); if (result == NULL) { syslog(LOG_DEBUG,"create tables : could not create" "the data table!"); @@ -211,23 +211,23 @@ */ result = dbi_conn_query( conf->DBIconn, "CREATE TABLE status (" - "smbtad_control_entry varchar," - "smbtad_version varchar," - "smbtad_database_version varchar," - "smbtad_client_port integer," - "smbtad_unix_socket_clients integer," - "smbtad_dbname varchar," - "smbtad_dbhost varchar," - "smbtad_dbuser varchar," - "smbtad_dbdriver varchar," - "smbtad_maintenance_timer_str varchar," - "smbtad_maintenance_run_time integer," - "smbtad_debug_level integer," - "smbtad_precision integer," - "smbtad_daemon integer," - "smbtad_use_db integer," - "smbtad_config_file varchar," - "smbtad_ip varchar);"); + "smbtad_control_entry varchar(255)," + "smbtad_version varchar(255)," + "smbtad_database_version varchar(255)," + "smbtad_client_port int," + "smbtad_unix_socket_clients int," + "smbtad_dbname varchar(255)," + "smbtad_dbhost varchar(255)," + "smbtad_dbuser varchar(255)," + "smbtad_dbdriver varchar(255)," + "smbtad_maintenance_timer_str varchar(255)," + "smbtad_maintenance_run_time int," + "smbtad_debug_level int," + "smbtad_precision int," + "smbtad_daemon int," + "smbtad_use_db int," + "smbtad_config_file varchar(255)," + "smbtad_ip varchar(255));"); if (result == NULL) { syslog(LOG_DEBUG,"create tables: could not create" "the status table!"); @@ -260,9 +260,9 @@ */ result = dbi_conn_query( conf->DBIconn, "CREATE TABLE modules (" - "module_subrelease_number integer," - "module_common_blocks_overflow integer," - "module_ip_address varchar UNIQUE);"); + "module_subrelease_number int," + "module_common_blocks_overflow int," + "module_ip_address varchar(255) UNIQUE);"); if (result == NULL) { syslog(LOG_DEBUG,"create tables: could not create" "the modules table!"); diff -Naur smbtad/src/monitor-list.c smbtad-up/src/monitor-list.c --- smbtad/src/monitor-list.c 2015-02-05 18:22:54.241894983 +0100 +++ smbtad-up/src/monitor-list.c 2015-02-05 15:39:29.000000000 +0100 @@ -36,7 +36,7 @@ * adds an entry to the monitor list * returns -1 in case of an error */ -int monitor_list_add( char *data,int sock) { +int monitor_list_add(char *data, int sock) { struct monitor_item *entry; DEBUG(1) syslog(LOG_DEBUG,"Adding monitor Item %s ",data); if (monlist_start == NULL) { @@ -62,6 +62,7 @@ entry->function = 255; entry->share = NULL; entry->domain = NULL; + entry->clientip = NULL; // client IP entry->local_data = NULL; monitor_id ++; entry->state = MONITOR_IDENTIFY; @@ -85,6 +86,7 @@ entry->function = 255; entry->share = NULL; entry->domain = NULL; + entry->clientip = NULL; monitor_id++; entry->state = MONITOR_IDENTIFY; @@ -202,9 +204,11 @@ monitor_list_parse_argument( entry->data, &c); entry->domain = monitor_list_parse_argument( entry->data, &c); + entry->clientip = + monitor_list_parse_argument( entry->data, &c); DEBUG(8) syslog(LOG_DEBUG,"monitor_list_parse: parsed " "id %i, function = %i, param = %s, username = %s," - "usersid = %s, share = %s, file = %s, domain = %s", + "usersid = %s, share = %s, file = %s, domain = %s, clientip = %s", entry->id, entry->function, entry->param, @@ -212,7 +216,8 @@ entry->usersid, entry->share, entry->file, - entry->domain); + entry->domain, + entry->clientip); /* * initialize a memory block with the specific local data @@ -282,7 +287,8 @@ char *usersid, char *share, char *file, - char *domain) + char *domain, + char *clientip) { DEBUG(8) syslog(LOG_DEBUG, "monitor_list_apply: entry data:" @@ -290,18 +296,20 @@ "entry->usersid : |%s|vs|%s|, " "entry->share : %s, " "entry->file : %s, " - "entry->domain : %s. ", + "entry->domain : %s, " + "entry->clientip : %s. ", entry->username, username, entry->usersid, usersid, entry->share, entry->file, - entry->domain); + entry->domain, + entry->clientip); if (entry->username == NULL || entry->usersid == NULL || entry->share == NULL || entry->file == NULL - || entry->domain == NULL) return 0; + || entry->domain == NULL || entry->clientip == NULL) return 0; if (strcmp(entry->username,"*") != 0) { if (strcmp(entry->username, username)!=0) return 0; @@ -318,6 +326,9 @@ if (strcmp(entry->domain,"*") != 0) { if (strcmp(entry->domain, domain)!=0) return 0; } + if (strcmp(entry->clientip,"*") != 0) { + if (strcmp(entry->clientip, clientip)!=0) return 0; + } DEBUG(8) syslog(LOG_DEBUG, "monitor_list_apply: " "monitor applied succesfully."); return 1; @@ -422,7 +433,10 @@ char *usersid, char *share, char *file, - char *domain, unsigned long int data, char *montimestamp) + char *domain, + char *clientip, + unsigned long int data, + char *montimestamp) { char *fname; struct monitor_item *entry = monlist_start; @@ -433,7 +447,8 @@ usersid, share, file, - domain) == 1) { + domain, + clientip) == 1) { /* processing monitor */ switch(entry->function) { case MONITOR_ADD: ; @@ -476,12 +491,14 @@ */ if (file == NULL) fname=talloc_asprintf(NULL," "); else fname = file; - char *tres = talloc_asprintf(op_id_str,"%04i%s" // op id - "%04i%s" // username + char *tres = talloc_asprintf(op_id_str, + "%04i%s" // op id + "%04i%s" // username "%04i%s" // share "%04i%s" // filename "%04i%s" // domain - "%04i%s", // timestamp + "%04i%s" // timestamp + "%04i%s", // client IP (int) strlen(op_id_str), op_id_str, (int) strlen(username), @@ -493,7 +510,9 @@ (int) strlen(domain), domain, (int) strlen(montimestamp), - montimestamp); + montimestamp, + (int) strlen(clientip), + clientip); if (file == NULL) talloc_free(fname); if (tres == NULL) { // could'nd allocate talloc_free(op_id_str); diff -Naur smbtad/src/temp.c smbtad-up/src/temp.c --- smbtad/src/temp.c 2015-02-05 18:22:54.241894983 +0100 +++ smbtad-up/src/temp.c 2015-02-05 15:51:41.000000000 +0100 @@ -30,6 +30,8 @@ cache_en->domain = protocol_get_single_data_block( go_through ); /* timestamp */ cache_en->timestamp = protocol_get_single_data_block( go_through ); + /* clientip */ + cache_en->clientip = protocol_get_single_data_block( go_through ); /* now check if there are more common data blocks to come */ /* we will ignore them, if we don't handle more common data */