samba.git/source4/lib/stream/packet.h, branch talloc-2.1.2 Unnamed repository; edit this file 'description' to name the repository. s4 dns: Fix TCP handling in the DNS server 2012-03-06T20:17:18+00:00 Kai Blin kai@samba.org 2012-03-06T07:49:16+00:00 c7f67142c0693e73355e1a5748f729fad04415e0 Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Tue Mar 6 21:17:19 CET 2012 on sn-devel-104 
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Tue Mar  6 21:17:19 CET 2012 on sn-devel-104
s4: Fix a few warnings. 2010-01-21T03:15:11+00:00 Jelmer Vernooij jelmer@samba.org 2010-01-20T03:27:38+00:00 f679def4f2c4d878c8fac49ea248cfadb665168c 






Worked around a problem with select/poll/epoll and gnutls 
2009-02-18T06:37:45+00:00

Andrew Tridgell
tridge@samba.org

2009-02-18T06:37:45+00:00

bb7e6f0f51a91e461c18efd392af3e4fc6174c34

Our packet layer relies on the event system reliably telling us when a
packet is available. When we are using a socket layer like TLS then
things get a bit trickier, as there may be bytes in the encryption
buffer which could be read even if there are no bytes at the socket
level. The GNUTLS library is supposed to prevent this happening by
always leaving some data at the socket level when there is data to be
processed in its buffers, but it seems that this is not always
reliable.

To work around this I have added a new packet option
packet_set_unreliable_select() which tells the packet layer to not
assume that the socket layer has a reliable select, and to instead
keep trying to read from the socket until it gets back no data. This
option is set for the ldap client and server when TLS is negotiated.

This seems to fix the problems with the ldaps tests.





Our packet layer relies on the event system reliably telling us when a
packet is available. When we are using a socket layer like TLS then
things get a bit trickier, as there may be bytes in the encryption
buffer which could be read even if there are no bytes at the socket
level. The GNUTLS library is supposed to prevent this happening by
always leaving some data at the socket level when there is data to be
processed in its buffers, but it seems that this is not always
reliable.

To work around this I have added a new packet option
packet_set_unreliable_select() which tells the packet layer to not
assume that the socket layer has a reliable select, and to instead
keep trying to read from the socket until it gets back no data. This
option is set for the ldap client and server when TLS is negotiated.

This seems to fix the problems with the ldaps tests.







s4:lib/stream: s/private/private_data
2009-02-02T12:08:26+00:00

Stefan Metzmacher
metze@samba.org

2009-02-02T07:22:01+00:00

79ae2de00135b3047dcb835c14a3afac6eb168eb

metze





metze







s4:lib/tevent: rename structs
2008-12-29T19:46:40+00:00

Stefan Metzmacher
metze@samba.org

2008-12-29T19:24:57+00:00

183c379fe58ca60f5ef2d1f2033d035d4117ac8f

list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze





list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze







s4: fix LIBEVENTS dependencies and use more forward declarations
2008-12-17T10:04:45+00:00

Stefan Metzmacher
metze@samba.org

2008-12-16T23:06:34+00:00

081f8883bafc11ca7c08f868ec19f1ea32071837

We should only include events.h where we really need it
and prefer forward declarations of 'struct event_context'

metze





We should only include events.h where we really need it
and prefer forward declarations of 'struct event_context'

metze







r23792: convert Samba4 to GPLv3
2007-10-10T19:59:12+00:00

Andrew Tridgell
tridge@samba.org

2007-07-10T02:07:03+00:00

0479a2f1cbae51fcd8dbdc3c148c808421fb4d25

There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)





There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)







r17197: This patch moves the encryption of bulk data on SASL negotiated security
2007-10-10T19:10:18+00:00

Andrew Bartlett
abartlet@samba.org

2006-07-23T02:50:08+00:00

ba07fa43d0b0090f5e686d8c1822468049f52416

contexts from the application layer into the socket layer.

This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets.  It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default.  It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.

This patch mirrors the earlier work done to move TLS into the socket
layer.

Unusual in this pstch is the extra read callback argument I take.  As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data.  This would leave the system without an event
to restart the read (as the socket is dry).

As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop.  I believe that
the TLS code does require a similar callback.

In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:

+-----------------+---------------------+
| SASL  Packet #1 | SASL Packet #2      |
----------------------------------------+
| LDAP Packet #1       | LDAP Packet #2 |
----------------------------------------+

In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP.  Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.

Without data on the socket, read events stop.  That is why I add timed
events, until the SASL buffer is drained.

Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).

In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code.  The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length.  (1 + n/2).  This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.

Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)





contexts from the application layer into the socket layer.

This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets.  It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default.  It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.

This patch mirrors the earlier work done to move TLS into the socket
layer.

Unusual in this pstch is the extra read callback argument I take.  As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data.  This would leave the system without an event
to restart the read (as the socket is dry).

As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop.  I believe that
the TLS code does require a similar callback.

In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:

+-----------------+---------------------+
| SASL  Packet #1 | SASL Packet #2      |
----------------------------------------+
| LDAP Packet #1       | LDAP Packet #2 |
----------------------------------------+

In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP.  Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.

Without data on the socket, read events stop.  That is why I add timed
events, until the SASL buffer is drained.

Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).

In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code.  The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length.  (1 + n/2).  This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.

Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)







r15400: Move the TLS code behind the socket interface.
2007-10-10T19:05:32+00:00

Andrew Bartlett
abartlet@samba.org

2006-05-02T20:15:47+00:00

742c110cd67f4995639822981e8bfcb1f652f2c4

This reduces caller complexity, because the TLS code is now called
just like any other socket.  (A new socket context is returned by the
tls_init_server and tls_init_client routines).

When TLS is not available, the original socket is returned.

Andrew Bartlett
(This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)





This reduces caller complexity, because the TLS code is now called
just like any other socket.  (A new socket context is returned by the
tls_init_server and tls_init_client routines).

When TLS is not available, the original socket is returned.

Andrew Bartlett
(This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)







r11713: separate out the setting of the fde in the packet context from the
2007-10-10T18:46:17+00:00

Andrew Tridgell
tridge@samba.org

2005-11-14T03:45:57+00:00

614950aed35353854019db5cccec5b3154643ca3

enabling of packet serialisation
(This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb)





enabling of packet serialisation
(This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb)