summaryrefslogtreecommitdiff
path: root/source4/lib/socket/socket.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r22602: s/HAVE_SOCKET_IPV6/HAVE_IPV6/ to match the define used by Heimdal.Jelmer Vernooij1-1/+1
(This used to be commit 5ff665b6531fdb4c7e56c49b7f923546d93b384c)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett1-13/+12
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r17168: Now that TLS (and soon SASL) is below the socket layer, we need toAndrew Bartlett1-11/+23
make the testnonblock skip some things. The socket *under* the tls socket is still tested. Andrew Bartlett (This used to be commit 9c33c6a20a77e3f15eac3d62488117517afad940)
2007-10-10r15854: more talloc_set_destructor() typesafe fixesAndrew Tridgell1-2/+1
(This used to be commit 61c6100617589ac6df4f527877241464cacbf8b3)
2007-10-10r15400: Move the TLS code behind the socket interface.Andrew Bartlett1-3/+3
This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-10/+10
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r15349: Integrate set_socket_options() into the socket libraryJelmer Vernooij1-0/+108
(This used to be commit 598ea173cd718dad0df24505796ca50cb728a2e9)
2007-10-10r13956: make more functions publicStefan Metzmacher1-39/+39
metze (This used to be commit d099282d4956e7dc1134abf0632b01c40160e114)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett1-34/+69
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r9705: r9685@blu: tridge | 2005-08-27 19:43:44 +1000Andrew Tridgell1-0/+1
set the backend_name on socket_accept() too (This used to be commit 10ac2732881ac73dd9cb8162beb1efd741bfe3d2)
2007-10-10r8408: its quite common in our code to free up a connection when we get anAndrew Tridgell1-0/+27
error, but sometimes a socket option may then happen on the NULL socket. This has been handled by the individual libraries up to now, but its cleaner to centralise it here (This used to be commit d9864e1f9aac1fb19f054c2da996a5099e90941e)
2007-10-10r7626: a new ldap client library. Main features are:Andrew Tridgell1-4/+1
- hooked into events system, so requests can be truly async and won't interfere with other processing happening at the same time - uses NTSTATUS codes for errors (previously errors were mostly ignored). In a similar fashion to the DOS error handling, I have reserved a range of the NTSTATUS code 32 bit space for LDAP error codes, so a function can return a LDAP error code in a NTSTATUS - much cleaner packet handling (This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)
2007-10-10r7476: ensure dgram sockets are created non-blocking. As they usually skipAndrew Tridgell1-0/+6
the connect() stage, we were missing this (This used to be commit f5102b886c10fead0f6bcdc4460584ae53912ebc)
2007-10-10r7227: added a socket_pending() call to abstract away the FIONREAD ioctl. ItAndrew Tridgell1-0/+16
will be interesting to see if this causes any portability problems, as it is a less commonly used call. (This used to be commit f6993db31d93059c70b44a23005ba444e205870f)
2007-10-10r6795: Make some functions static and remove some unused ones.Jelmer Vernooij1-6/+0
(This used to be commit 46509eb89980bfe6dabd71264d570ea356ee5a22)
2007-10-10r6562: added support for datagram unix domain sockets in the socket libraryAndrew Tridgell1-1/+2
(This used to be commit 23b2046dcb5c4593cba6964f400a2e5246fb35f7)
2007-10-10r5304: removed lib/socket/socket.h from includes.hAndrew Tridgell1-0/+5
(This used to be commit b902ea546d2d1327b23f40ddaeeaa8e7e3662454)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-0/+1
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r4831: added udp support to our generic sockets library.Andrew Tridgell1-22/+47
I decided to incorporate the udp support into the socket_ipv4.c backend (and later in socket_ipv6.c) rather than doing a separate backend, as so much of the code is shareable. Basically this adds a socket_sendto() and a socket_recvfrom() call and not much all. For udp servers, I decided to keep the call as socket_listen(), even though dgram servers don't actually call listen(). This keeps the API consistent. I also added a simple local sockets testsuite in smbtorture, LOCAL-SOCKET (This used to be commit 9f12a45a05c5c447fb4ec18c8dd28f70e90e32a5)
2007-10-10r4753: added the ability for the generic socket library to handle asyncAndrew Tridgell1-0/+8
connect(). This required a small API change (the addition of a socket_connect_complete() method) (This used to be commit b787dd166f5cca82b3710802eefb41e0a8851fc3)
2007-10-10r4686: cerate a function to create a socket by specifying an socket_ops structStefan Metzmacher1-8/+16
metze (This used to be commit 894f402b01c8d4e0bef9c29697b8d13e5b9ea150)
2007-10-10r3450: portability fixesAndrew Tridgell1-29/+29
- fix rep_inet_ntoa() for IRIX - lib/signal.c needs system/wait.h - some systems define a macro "accept", which breaks the lib/socket/ structures. use fn_ as a prefix for the structure elements to avoid the problem (This used to be commit ced1a0fcdc8d8e47755ce4391c19f8b12862eb60)
2007-10-10r3356: in the standard process model we need to make sure we close allAndrew Tridgell1-0/+22
listening sockets after the fork to prevent the child still listening on incoming requests. I have also added an optimisation where we use dup()/close() to lower the file descriptor number of the new socket to the lowest possible after closing our listening sockets. This keeps the max fd num passed to select() low, which makes a difference to the speed of select(). (This used to be commit f2a9bbc317ba86ebe87c3ca27a3a0192de91014d)
2007-10-10r3334: Allow disabling IPv6 support using socket:noipv6Jelmer Vernooij1-0/+4
(This used to be commit 9c13f42c1fd489a6a663f614a41c59730c18a054)
2007-10-10r3333: added configure tests for ipv6 supportAndrew Tridgell1-0/+2
(This used to be commit 9794570c6d0646cc34147bf8128802b181f658f0)
2007-10-10r3329: Add support for IPv6Jelmer Vernooij1-0/+4
(This used to be commit d8298901243ca4ce2ec420fa523c8e1407e72513)
2007-10-10r3318: generate random STATUS_MORE_ENTRIES errors (1 in 10 packets) as wellAndrew Tridgell1-2/+10
as randomly short recv/send when socket:testnonblock is enabled (This used to be commit 718175a265d34bfdbcbf0cc6b55dbf6b389f3194)
2007-10-10r3314: added a option "socket:testnonblock" to the generic socket code. IfAndrew Tridgell1-2/+20
you set this option (either on the command line using --option or in smb.conf) then every socket recv or send will return short by random amounts. This allows you to test that the non-blocking socket logic in your code works correctly. I also removed the flags argument to socket_accept(), and instead made the new socket inherit the flags of the old socket, which makes more sense to me. (This used to be commit 406d356e698da01c84e8aa5b7894752b4403f63c)
2007-10-10r3304: changed the API to lib/socket/ a little.Andrew Tridgell1-6/+6
The main change is to make socket_recv() take a pre-allocated buffer, rather than allocating one itself. This allows non-blocking users of this API to avoid a memcpy(). As a result our messaging code is now about 10% faster, and the ncacn_ip_tcp and ncalrpc code is also faster. The second change was to remove the unused mem_ctx argument from socket_send(). Having it there implied that memory could be allocated, which meant the caller had to worry about freeing that memory (if for example it is sending in a tight loop using the same memory context). Removing that unused argument keeps life simpler for users. (This used to be commit a16e4756cd68ca8aab4ffc59d4d9db0b6e44dbd1)
2007-10-10r3278: - rewrote the client side rpc connection code to use lib/socket/Andrew Tridgell1-1/+1
rather than doing everything itself. This greatly simplifies the code, although I really don't like the socket_recv() interface (it always allocates memory for you, which means an extra memcpy in this code) - fixed several bugs in the socket_ipv4.c code, in particular client side code used a non-blocking connect but didn't handle EINPROGRESS, so it had no chance of working. Also fixed the error codes, using map_nt_error_from_unix() - cleaned up and expanded map_nt_error_from_unix() - changed interpret_addr2() to not take a mem_ctx. It makes absolutely no sense to allocate a fixed size 4 byte structure like this. Dozens of places in the code were also using interpret_addr2() incorrectly (precisely because the allocation made no sense) (This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
2007-10-10r3015: fixed typo noticed by abartlettAndrew Tridgell1-3/+4
(This used to be commit b367209a9f94e471efed233639467babbb2b99d7)
2007-10-10r3013: added support for unix domain sockets in the generic socket library. IAndrew Tridgell1-0/+4
will shortly be using this for a rewrite of the intra-smbd messaging library, which is needed to get lock timeouts working properly (and share modes, oplocks etc) (This used to be commit 6f4926d846965a901e40d24546eab356c4a537c7)
2007-10-10r2646: - use a talloc destructor to ensure that sockets from the new socketAndrew Tridgell1-6/+26
library are closed on abnormal termination - convert the service.h structures to the new talloc methods (This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d)
2007-10-10r2581: added "hosts allow" and "hosts deny" checking in smbd. I needed thisAndrew Tridgell1-0/+9
as my box keeps getting hit by viruses spreading on my companies internal network, which screws up my debug log badly (sigh). metze, I'm not sure if you think access.c should go in the socket library or not. It is closely tied to the socket functions, but you may prefer it separate. The access.c code is a port from Samba3, but with some cleanups to make it (slighly) less ugly. (This used to be commit 058b2fd99e3957d7d2a9544fd27071f1122eab68)
2007-10-10r2439: - function that return just an int don't need a TALLOC_CTXStefan Metzmacher1-9/+9
- fix some return and state bugs metze (This used to be commit 2757c593ab746b9dd7090f2cf5fcc31686adf67f)
2007-10-10r2343: - make socket_get_*_addr() return char * not const char *Stefan Metzmacher1-2/+2
- add some error mappings - use some flags SOCKET_FLAG_PEEK ans SOCKET_FLAG_BLOCK metze (This used to be commit a375c6b0b1ec4d63251f63993f7798c1f2e7c717)
2007-10-10r2328: add the start of a new system and protocolStefan Metzmacher1-0/+215
independent socket library. this is not used, but compiled currently there're maybe some api changes later... metze (This used to be commit de4447d7a57c614b80d0ac00dca900ea7e1c21ea)