summaryrefslogtreecommitdiff
path: root/source4/lib/stream
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-2/+2
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17222: Change the function prototypes for the GENSEc and TLS socket creationAndrew Bartlett1-0/+25
routines to return an NTSTATUS. This should help track down errors. Use a bit of talloc_steal and talloc_unlink to get the real socket to be a child of the GENSEC or TLS socket. Always return a new socket, even for the 'pass-though' case. Andrew Bartlett (This used to be commit 003e2ab93c87267ba28cd67bd85975bad62a8ea2)
2007-10-10r17197: This patch moves the encryption of bulk data on SASL negotiated securityAndrew Bartlett2-4/+35
contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2007-10-10r15854: more talloc_set_destructor() typesafe fixesAndrew Tridgell1-3/+1
(This used to be commit 61c6100617589ac6df4f527877241464cacbf8b3)
2007-10-10r15400: Move the TLS code behind the socket interface.Andrew Bartlett2-30/+7
This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-2/+2
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r15295: Fix some dependenciesJelmer Vernooij1-2/+2
Move unistr-specific code to lib/charset/. Remove _m from some places where it's not needed. (This used to be commit 03224e112424968fc3f547c6159c7ccae2d1aa5b)
2007-10-10r14477: Remove the NOPROTO property - it's no longer used as proto.h is gone.Jelmer Vernooij1-1/+0
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
2007-10-10r13962: make functions publicStefan Metzmacher1-19/+19
metze (This used to be commit fd84583ab4a3afc484f220d1475b1e61b3f2fbc6)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-0/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-1/+1
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r11967: Fix more 64-bit warnings.Tim Potter1-2/+2
(This used to be commit 9c4436a124f874ae240feaf590141d48c33a635f)
2007-10-10r11870: fixed the problem volker reported with the RPX-XPLOGIN test. TheAndrew Tridgell1-1/+37
problem was caused by a callback destroying the packet processing context while that context was being used in packet_recv() This is the first time we have used the ability of talloc destructors to 'refuse' a free request. It works well in this case as it makes the composite API simpler to use for other code, and isolates the complexity of having callbacks destroying the packet context to the packet.c code. (This used to be commit b1b2d86541a376f1ef33fae897f750005c386ebe)
2007-10-10r11713: separate out the setting of the fde in the packet context from theAndrew Tridgell2-5/+14
enabling of packet serialisation (This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb)
2007-10-10r11712: avoid changing the fde flags unless really neededAndrew Tridgell1-6/+9
(This used to be commit 48e6424b0cce38f7d8f212d1e891ff8bbd5fec34)
2007-10-10r11642: add some error checksStefan Metzmacher1-2/+8
metze (This used to be commit 9d6406d8daeff0a9bde72ce7749d18fa61324e8a)
2007-10-10r11636: a bit neater solution to the nt_cancel problemAndrew Tridgell2-1/+18
(This used to be commit ba7864b07eebecd4d4eb2ce515412a49964ae179)
2007-10-10r11630: another fix for over-reading in the packet code. This time get theAndrew Tridgell1-4/+12
sign of the comparison right :-) (This used to be commit 7e40077aa793e29b5770aae2e07e964239e8249b)
2007-10-10r11629: fixed a bug found with the socket:testnonblock code. With randomisedAndrew Tridgell1-0/+1
under-reads we could end up supplying a buffer to the client that has an incorrect length (This used to be commit 9c95015b9cccc10a5ba1facd4b48c0fff34e9588)
2007-10-10r11627: give the caller much more control over the stream to packet process,Andrew Tridgell2-2/+46
allowing it to specify the initial read size (thus preventing over-reading) and to stop the recv process when needed. This is used by the dcerpc socket code, which relies on not getting packets when it isn't ready for them (This used to be commit f869fd674ec4b148dc9a264e94d19ce79d35131d)
2007-10-10r11618: added a generic '32 bit length prefix' full packet helper to the ↵Andrew Tridgell2-4/+21
packet code (This used to be commit b4dbe55105cc2807a17d7e5bf8db9756cc526a3b)
2007-10-10r11605: added handling of the send queue to the generic packet handling codeAndrew Tridgell2-0/+65
(This used to be commit f98d499b2ef93cf2d060acafbc424754add322a8)
2007-10-10r11602: added packet_set_serialise() to allow the generic packet layer toAndrew Tridgell2-0/+29
handle optional request serialisation (this is something that is commonly needed on stream connections) (This used to be commit d860eb795693d8c292eec2a639ece4793d28dc38)
2007-10-10r11595: added a helper layer to parse streams into individual packets. This isAndrew Tridgell3-0/+368
something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)