Age | Commit message (Collapse) | Author | Files | Lines |
|
Commit the classic backwards compatible module which is the default one
(This used to be commit a89cc346b9296cb49929898d257a064a6c2bae86)
|
|
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
|
|
(This used to be commit 8d95bf14b93326b097884366a527753f8ad93d47)
|
|
(This used to be commit d72c5c8f755277eb22e1f6834d98202f00c09934)
|
|
system - these should be removed later on.
(This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
|
|
Recursive dependencies are now forbidden (the build system
will bail out if there are any).
I've split up auth_sam.c into auth_sam.c and sam.c. Andrew,
please rename sam.c / move its contents to whatever/wherever you think suits
best.
(This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
|
|
prototype
but --with-setproctitle wasn't used
metze
(This used to be commit 0754154f5154e8285608c7f17e15aa223f04adea)
|
|
with local
(empty) libpopt.a overriding global one
(This used to be commit 2f06305e53478e5030c24550954f221a9a97c83f)
|
|
metze
(This used to be commit 35936fd4743554bb4ba9b2f61ec3651762189bee)
|
|
the subsystems in question
(This used to be commit 2fbb4d91fa580ccb64e36f0b082f23af33123b13)
|
|
(This used to be commit 555ca1df1c57e5798e75b19f66b62b253a066e21)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
"." for "..". These express the intention better that strcmp or strequal
and improve searchability via cscope/ctags.
(This used to be commit 7e4ad7e8e5ec266b969e3075c4ad7f021571f24e)
|
|
metze
(This used to be commit 2b0ce388a4d955ce9bf0cdb00a13cd82f8acc87d)
|
|
(This used to be commit 3ebdae4217be9c00150ae4ceb76c94ba619bbf6a)
|
|
(This used to be commit 5f1d52f232051324082b840f29dd7719a9328bd5)
|
|
doesn't
work yet.
(This used to be commit d3106699dba7a4344511134dd2cf1bfa2f4bc7ab)
|
|
I don't know why this causes problems on my laptop today...
anyway we have done this change in smbtorture month ago...
metze
(This used to be commit ad84a69db276e3a655b2dc477214bbe0ed68411a)
|
|
- the process module subsystem should not know about smb_server.h
- the smb_server module should not know about process models
metze
(This used to be commit bac95bb8f4ad35a31ee666f5916ff9b2f292d964)
|
|
subsystems in case a library doesn't make sense.
(This used to be commit ed382873fd01457a53e0a1e1f5ba6753dfbc0646)
|
|
left now...
(This used to be commit e71cca7f0cec62357eba6ba02d13f1c3f04edaa7)
|
|
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
|
|
rebuilt when a header file is changed. It also means parallel builds work now.
It will take a minute or so to generate all the dependency information,
but there should be no need to rebuild that information later on, unless
a file changes.
This behaviour is only enabled when building in developer mode
(--enable-developer) and requires a GNU make (or compatible). In all other
cases, the file 'static_deps.mk' is included, which contains some basic
hardcoded dependency information.
(This used to be commit eb435386f015ce1d89eb6f7e7837622ebd9e1951)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
all this changes really help ccache to speed up the samba4 build:-)
metze
(This used to be commit 180a79d1036e54fc0c50572b820818e9aafa28e9)
|
|
metze
(This used to be commit defc9438d10d51f5f59a8ee69e6baf40b8d9278e)
|
|
--with-setproctitle enables it
metze
(This used to be commit fb9e7d176a3379d451bdbfad567426ddfb91a8bf)
|
|
(This used to be commit b6ffad3860ba2cf9d8f3423d65be91dcfc962ca2)
|
|
metze
(This used to be commit 63778a76be8212baad8f4668b0ffcc3b6732857e)
|
|
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections
metze
(This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
|
|
to fix the process_model standard
metze
(This used to be commit a465126e15490c5605064eb2387fb589d312db7b)
|
|
metze
(This used to be commit 8e9a69171a03a1f886fcff911e8a923368645a54)
|
|
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
|
|
(This used to be commit f87debeb12cebd734b47314554ab671c9e06237e)
|
|
(This used to be commit 2d655f05285a86bb1bbb882e4dd843def15c9dfa)
|
|
metze
(This used to be commit 7aabff829836580be8816f38a6e0ef5b7c3bb565)
|
|
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
Applications that use LDB modules will now have to run ldb_global_init()
before they can use LDB.
The next step will be adding support for loading LDB modules from .so
files. This will also allow us to use one LDB without difference between the
standalone and the Samba-specific build
(This used to be commit 52a235650514039bf8ffee99a784bbc1b6ae6b92)
|
|
(This used to be commit bca0e8054f6d9c7adc9d92e0c30d4323f994c9e9)
|
|
(This used to be commit cbcce3b5731d27e863c916731fe30acac0602c16)
|
|
metze
(This used to be commit 21bc072c7addafc6f692fb8e998bd4dd9ab88b49)
|
|
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
|
|
metze
(This used to be commit ed4fbfcf3e5b7133e73ee031ad5c68659690e2b1)
|
|
torture prototypes in seperate header
(This used to be commit 73610639b23ca3743077193fa0b1de7c7f65944d)
|
|
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force
specific modules to always be included
(This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
|
|
metze
(This used to be commit c563aefb429c4891958032d1ea1fad01cbf89e4a)
|
|
subsystems.
This allows Samba libraries to be used by other projects (and parts of
Samba to be built as shared libraries).
(This used to be commit 44f0aba715bfedc7e1ee3d07e9a101a91dbd84b3)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
commits some of these that I know to be correct in the kerberos area.
Andrew Bartlett
(This used to be commit 6787b3737c27f5136152b007b0ee2ae314efac3c)
|