4 files changed, 29 insertions, 14 deletions
diff --git a/source4/lib/socket/socket.c b/source4/lib/socket/socket.c
index e1f8bb4d86..ac64bc4ddc 100644
--- a/source4/lib/socket/socket.c
+++ b/source4/lib/socket/socket.c
@@ -66,6 +66,7 @@ _PUBLIC_ NTSTATUS socket_create_with_ops(TALLOC_CTX *mem_ctx, const struct socke
 	/* by enabling "testnonblock" mode, all socket receive and
 	   send calls on non-blocking sockets will randomly recv/send
 	   less data than requested */
+
 	if (!(flags & SOCKET_FLAG_BLOCK) &&
 	    type == SOCKET_TYPE_STREAM &&
 	    lp_parm_bool(-1, "socket", "testnonblock", False)) {
@@ -185,14 +186,21 @@ _PUBLIC_ NTSTATUS socket_recv(struct socket_context *sock, void *buf,
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
 
-	if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK) && wantlen > 1) {
-		if (random() % 10 == 0) {
-			*nread = 0;
-			return STATUS_MORE_ENTRIES;
+	if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK) 
+	    && wantlen > 1) {
+
+		/* The returning of 0 and MORE_ENTRIES is incompatible
+		   with TLS and SASL sockets, as there is not a
+		   constant event source to re-trigger the reads */
+
+		if (!(sock->flags & SOCKET_FLAG_FAKE)) {
+			if (random() % 10 == 0) {
+				*nread = 0;
+				return STATUS_MORE_ENTRIES;
+			}
 		}
 		return sock->ops->fn_recv(sock, buf, 1+(random() % wantlen), nread);
 	}
-
 	return sock->ops->fn_recv(sock, buf, wantlen, nread);
 }
 
@@ -229,17 +237,21 @@ _PUBLIC_ NTSTATUS socket_send(struct socket_context *sock,
 	if (!sock->ops->fn_send) {
 		return NT_STATUS_NOT_IMPLEMENTED;
 	}
-
-	if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK) && blob->length > 1) {
-		DATA_BLOB blob2 = *blob;
+	
+	if ((sock->flags & SOCKET_FLAG_TESTNONBLOCK)
+	    && blob->length > 1) {
 		if (random() % 10 == 0) {
 			*sendlen = 0;
 			return STATUS_MORE_ENTRIES;
 		}
-		blob2.length = 1+(random() % blob2.length);
-		return sock->ops->fn_send(sock, &blob2, sendlen);
+		/* The variable size sends are incompatilbe with TLS and SASL
+		 * sockets, which require re-sends to be consistant */
+		if (!(sock->flags & SOCKET_FLAG_FAKE)) {
+			DATA_BLOB blob2 = *blob;
+			blob2.length = 1+(random() % blob2.length);
+			return sock->ops->fn_send(sock, &blob2, sendlen);
+		}
 	}
-
 	return sock->ops->fn_send(sock, blob, sendlen);
 }
 
diff --git a/source4/lib/socket/socket.h b/source4/lib/socket/socket.h
index fefa999e08..c0cf429887 100644
--- a/source4/lib/socket/socket.h
+++ b/source4/lib/socket/socket.h
@@ -102,6 +102,7 @@ enum socket_state {
 #define SOCKET_FLAG_BLOCK        0x00000001
 #define SOCKET_FLAG_PEEK         0x00000002
 #define SOCKET_FLAG_TESTNONBLOCK 0x00000004
+#define SOCKET_FLAG_FAKE         0x00000008 /* This is an implementation not directly on top of a real socket */
 
 struct socket_context {
 	enum socket_type type;
diff --git a/source4/lib/tls/config.mk b/source4/lib/tls/config.mk
index 2ab296049b..f75c613e73 100644
--- a/source4/lib/tls/config.mk
+++ b/source4/lib/tls/config.mk
@@ -5,7 +5,7 @@ OBJ_FILES = \
 		tls.o \
 		tlscert.o
 PUBLIC_DEPENDENCIES = \
-		LIBTALLOC GNUTLS LIBSAMBA-CONFIG
+		LIBTALLOC GNUTLS LIBSAMBA-CONFIG samba-socket
 #
 # End SUBSYSTEM LIBTLS
 ################################################
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index 936c18c0c6..1ba8ae9779 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -443,7 +443,8 @@ struct socket_context *tls_init_server(struct tls_params *params,
 	NTSTATUS nt_status;
 	
 	nt_status = socket_create_with_ops(socket, &tls_socket_ops, &new_sock, 
-					   SOCKET_TYPE_STREAM, 0);
+					   SOCKET_TYPE_STREAM, 
+					   socket->flags | SOCKET_FLAG_FAKE);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		return NULL;
 	}
@@ -522,7 +523,8 @@ struct socket_context *tls_init_client(struct socket_context *socket,
 	NTSTATUS nt_status;
 	
 	nt_status = socket_create_with_ops(socket, &tls_socket_ops, &new_sock, 
-					   SOCKET_TYPE_STREAM, 0);
+					   SOCKET_TYPE_STREAM, 
+					   socket->flags | SOCKET_FLAG_FAKE);
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		return NULL;
 	}