Age | Commit message (Collapse) | Author | Files | Lines |
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
make the testnonblock skip some things. The socket *under* the tls
socket is still tested.
Andrew Bartlett
(This used to be commit 9c33c6a20a77e3f15eac3d62488117517afad940)
|
|
(This used to be commit 61c6100617589ac6df4f527877241464cacbf8b3)
|
|
(This used to be commit dea82fa615e33115e42ef04c8d2a54788aa38e9a)
|
|
Split of system/locale.h header from system/iconv.h
Previously, iconv wasn't being used on these systems
(This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
|
|
This reduces caller complexity, because the TLS code is now called
just like any other socket. (A new socket context is returned by the
tls_init_server and tls_init_client routines).
When TLS is not available, the original socket is returned.
Andrew Bartlett
(This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
|
|
in pkg-config files for now as
they break external projects.
(This used to be commit f919fd6655f00361691e676d260bd40e0b8ddcc7)
|
|
(This used to be commit 49bac12767ca59095ad6609a3826f7f17ddb601c)
|
|
-lsocket on SUN
boxes.
(This used to be commit c95ad11307dc89384c10bd5919817bf12d9c1ed9)
|
|
This is in preperation for making TLS a socket library.
Andrew Bartlett
(This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
|
|
(This used to be commit 598ea173cd718dad0df24505796ca50cb728a2e9)
|
|
(This used to be commit 7113a16309a83225f3ab6ccbfe48778ae8fc52e8)
|
|
Use inet_ntop to convert IPv6 names to strings. Don't do a reverse
lookup.
Andrew Bartlett
(This used to be commit bf57b213c2c4c835037456deea7d522f2fc905e6)
|
|
on most systems.
(This used to be commit c0ab0f4ed49d88807d07b1504574ca35542e2943)
|
|
(This used to be commit f0afe9e2ff16515df1b3226b479b19ea3e9c3d0c)
|
|
system - these should be removed later on.
(This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
|
|
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
|
|
Move unistr-specific code to lib/charset/. Remove _m from some places where it's not needed.
(This used to be commit 03224e112424968fc3f547c6159c7ccae2d1aa5b)
|
|
with local
(empty) libpopt.a overriding global one
(This used to be commit 2f06305e53478e5030c24550954f221a9a97c83f)
|
|
(This used to be commit 8de11ec2445ce414b37938b07937fdd7837f89a2)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
|
|
(This used to be commit e017246f1052f3344b90500e04c73277923baa20)
|
|
metze
(This used to be commit d099282d4956e7dc1134abf0632b01c40160e114)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
(This used to be commit d98948716f237c3a501b283a0bbc3837bb3fd3c8)
|
|
metze
(This used to be commit 8fc2b68aa8d1a6bb3a828b3a1ab5f2a4f354f6f7)
|
|
metze
(This used to be commit e70ca698cea901a66f7201c16bb3ba1faa7e7289)
|
|
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
|
|
It needs work to not dump defaults from loadparm.c, but otherwise it works.
Andrew Bartlett
(This used to be commit 1260fcf46579d708a406625f548add9be9fdc6fb)
|
|
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
events,
we need to initialy ask for read events too, otherwise we'll never get an
error back from socket_connect()
metze
(This used to be commit 7d94054d0fc954e6d810573430f2c5d35b73125d)
|
|
instead make the normal composite_done() and composite_error()
functions automatically trigger a delayed callback if the caller has
had no opportunity to setup a async callback
this removes one of the common mistakes in writing a composite function
(This used to be commit f9413ce792ded682e05134b66d433eeec293e6f1)
|
|
this fixes a valgrind error
(This used to be commit db9c0887bd24de4d81b5afa2ff096b3ba65c9720)
|
|
socket_connect_send() rather than the lower level socket code. Also
simplified the state structures a fair bit, and added name resolution,
fixing a bug where the multi-port connect code did a separate name
resolution for each port being tried.
(This used to be commit 3e6888156c1b2d24fe0d46940773560d219498b3)
|
|
a bit more consistent
(This used to be commit 4b6e9c7c978dfca54c05ed2d8995d1333ed21b02)
|
|
- removed the duplicate calls to socket_connect(), instead creating a
common function socket_send_connect() used by both code paths
- fixed some NULL ptr checks (probably was cut-and-paste bugs)
- ensure we use the result of the name resolution
- added a few comments
- use 'fde' for the file description event. The variable name
'connect_ev' immediately made me think of an event context, not a
fde. Using common variable name conventions makes code a bit easier
to read
(This used to be commit 37b73521b4c858c78013279daaa71352c704551d)
|
|
to the
resolve_name if it's not used?
I know this is my code, but I don't understand why it breaks tests.
Volker
(This used to be commit 577a5639d3fc008480e988864bb4fb59939bc2d8)
|
|
(This used to be commit 95bd3ffaf7efb117206c83f7c75c302b54e6d059)
|
|
Make MODULE handling a bit more like BINARY, LIBRARY and SUBSYSTEM
Add some more PUBLIC_HEADERS
(This used to be commit 875eb8f4cc658e6aebab070029fd499a726ad520)
|
|
sequence, with a 2-millisecond timeout between firing the syn packets. Build
smbcli_sock_connect_send upon that.
Volker
(This used to be commit 5718df44d90d113304c5deed1e2e7f82ff9e928f)
|
|
properly, make
socket_connect and ldap_connect properly async.
Volker
(This used to be commit bcc71fc1deeed443d7cf00220ce264011ddf588d)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
before the bad merge
metze
(This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
|
|
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
|