From 8752e38c05779b6ff72bb0bf49940ef6afe55184 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 9 Nov 2005 08:11:50 +0000 Subject: r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9) --- source4/lib/stream/packet.h | 47 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 source4/lib/stream/packet.h (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h new file mode 100644 index 0000000000..6d29264a28 --- /dev/null +++ b/source4/lib/stream/packet.h @@ -0,0 +1,47 @@ +/* + Unix SMB/CIFS mplementation. + + helper layer for breaking up streams into discrete requests + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ + +#include "lib/tls/tls.h" + +typedef NTSTATUS (*packet_full_request_fn_t)(void *private, + DATA_BLOB blob, size_t *packet_size); +typedef NTSTATUS (*packet_callback_fn_t)(void *private, DATA_BLOB blob); +typedef void (*packet_error_handler_fn_t)(void *private, NTSTATUS status); + + + +struct packet_context *packet_init(TALLOC_CTX *mem_ctx); +void packet_set_callback(struct packet_context *pc, packet_callback_fn_t callback); +void packet_set_error_handler(struct packet_context *pc, packet_error_handler_fn_t handler); +void packet_set_private(struct packet_context *pc, void *private); +void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t callback); +void packet_set_tls(struct packet_context *pc, struct tls_context *tls); +void packet_set_socket(struct packet_context *pc, struct socket_context *sock); +void packet_set_event_context(struct packet_context *pc, struct event_context *ev); +void packet_recv(struct packet_context *pc); + +/* + pre-canned handlers +*/ +NTSTATUS packet_full_request_nbt(void *private, DATA_BLOB blob, size_t *packet_size); + -- cgit From a3fcb93df1571da51a0f525141c3010e7f2dcae6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 9 Nov 2005 10:50:39 +0000 Subject: r11602: added packet_set_serialise() to allow the generic packet layer to handle optional request serialisation (this is something that is commonly needed on stream connections) (This used to be commit d860eb795693d8c292eec2a639ece4793d28dc38) --- source4/lib/stream/packet.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index 6d29264a28..b6ed8d6598 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -38,6 +38,7 @@ void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t void packet_set_tls(struct packet_context *pc, struct tls_context *tls); void packet_set_socket(struct packet_context *pc, struct socket_context *sock); void packet_set_event_context(struct packet_context *pc, struct event_context *ev); +void packet_set_serialise(struct packet_context *pc, struct fd_event *fde); void packet_recv(struct packet_context *pc); /* -- cgit From fc5a11829d7a10f61b03e09a4880b540deb38a74 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 9 Nov 2005 13:33:53 +0000 Subject: r11605: added handling of the send queue to the generic packet handling code (This used to be commit f98d499b2ef93cf2d060acafbc424754add322a8) --- source4/lib/stream/packet.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index b6ed8d6598..196e20a378 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -40,6 +40,8 @@ void packet_set_socket(struct packet_context *pc, struct socket_context *sock); void packet_set_event_context(struct packet_context *pc, struct event_context *ev); void packet_set_serialise(struct packet_context *pc, struct fd_event *fde); void packet_recv(struct packet_context *pc); +NTSTATUS packet_send(struct packet_context *pc, DATA_BLOB blob); +void packet_queue_run(struct packet_context *pc); /* pre-canned handlers -- cgit From a9d0bf80459a574ac261a635ee9f68caf0e5f3b0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Nov 2005 00:25:57 +0000 Subject: r11618: added a generic '32 bit length prefix' full packet helper to the packet code (This used to be commit b4dbe55105cc2807a17d7e5bf8db9756cc526a3b) --- source4/lib/stream/packet.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index 196e20a378..bba8a1940f 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -46,5 +46,7 @@ void packet_queue_run(struct packet_context *pc); /* pre-canned handlers */ -NTSTATUS packet_full_request_nbt(void *private, DATA_BLOB blob, size_t *packet_size); +NTSTATUS packet_full_request_nbt(void *private, DATA_BLOB blob, size_t *size); +NTSTATUS packet_full_request_u32(void *private, DATA_BLOB blob, size_t *size); + -- cgit From 79b3a3afb51947437edbf6804a18a99526e3e281 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Nov 2005 04:26:00 +0000 Subject: r11627: give the caller much more control over the stream to packet process, allowing it to specify the initial read size (thus preventing over-reading) and to stop the recv process when needed. This is used by the dcerpc socket code, which relies on not getting packets when it isn't ready for them (This used to be commit f869fd674ec4b148dc9a264e94d19ce79d35131d) --- source4/lib/stream/packet.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index bba8a1940f..a8db89853c 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -39,7 +39,10 @@ void packet_set_tls(struct packet_context *pc, struct tls_context *tls); void packet_set_socket(struct packet_context *pc, struct socket_context *sock); void packet_set_event_context(struct packet_context *pc, struct event_context *ev); void packet_set_serialise(struct packet_context *pc, struct fd_event *fde); +void packet_set_initial_read(struct packet_context *pc, uint32_t initial_read); void packet_recv(struct packet_context *pc); +void packet_recv_disable(struct packet_context *pc); +void packet_recv_enable(struct packet_context *pc); NTSTATUS packet_send(struct packet_context *pc, DATA_BLOB blob); void packet_queue_run(struct packet_context *pc); -- cgit From 872b821fca36bf543f2c3baf1296f25d1cb7e5a7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Nov 2005 11:10:40 +0000 Subject: r11636: a bit neater solution to the nt_cancel problem (This used to be commit ba7864b07eebecd4d4eb2ce515412a49964ae179) --- source4/lib/stream/packet.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index a8db89853c..4a8c26a809 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -40,6 +40,7 @@ void packet_set_socket(struct packet_context *pc, struct socket_context *sock); void packet_set_event_context(struct packet_context *pc, struct event_context *ev); void packet_set_serialise(struct packet_context *pc, struct fd_event *fde); void packet_set_initial_read(struct packet_context *pc, uint32_t initial_read); +void packet_set_nofree(struct packet_context *pc); void packet_recv(struct packet_context *pc); void packet_recv_disable(struct packet_context *pc); void packet_recv_enable(struct packet_context *pc); -- cgit From 614950aed35353854019db5cccec5b3154643ca3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 14 Nov 2005 03:45:57 +0000 Subject: r11713: separate out the setting of the fde in the packet context from the enabling of packet serialisation (This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb) --- source4/lib/stream/packet.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index 4a8c26a809..79d4acacd0 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -38,7 +38,8 @@ void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t void packet_set_tls(struct packet_context *pc, struct tls_context *tls); void packet_set_socket(struct packet_context *pc, struct socket_context *sock); void packet_set_event_context(struct packet_context *pc, struct event_context *ev); -void packet_set_serialise(struct packet_context *pc, struct fd_event *fde); +void packet_set_fde(struct packet_context *pc, struct fd_event *fde); +void packet_set_serialise(struct packet_context *pc); void packet_set_initial_read(struct packet_context *pc, uint32_t initial_read); void packet_set_nofree(struct packet_context *pc); void packet_recv(struct packet_context *pc); -- cgit From 742c110cd67f4995639822981e8bfcb1f652f2c4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 2 May 2006 20:15:47 +0000 Subject: r15400: Move the TLS code behind the socket interface. This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497) --- source4/lib/stream/packet.h | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index 79d4acacd0..b7ee428186 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -21,8 +21,6 @@ */ -#include "lib/tls/tls.h" - typedef NTSTATUS (*packet_full_request_fn_t)(void *private, DATA_BLOB blob, size_t *packet_size); typedef NTSTATUS (*packet_callback_fn_t)(void *private, DATA_BLOB blob); @@ -35,7 +33,6 @@ void packet_set_callback(struct packet_context *pc, packet_callback_fn_t callbac void packet_set_error_handler(struct packet_context *pc, packet_error_handler_fn_t handler); void packet_set_private(struct packet_context *pc, void *private); void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t callback); -void packet_set_tls(struct packet_context *pc, struct tls_context *tls); void packet_set_socket(struct packet_context *pc, struct socket_context *sock); void packet_set_event_context(struct packet_context *pc, struct event_context *ev); void packet_set_fde(struct packet_context *pc, struct fd_event *fde); -- cgit From ba07fa43d0b0090f5e686d8c1822468049f52416 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 23 Jul 2006 02:50:08 +0000 Subject: r17197: This patch moves the encryption of bulk data on SASL negotiated security contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0) --- source4/lib/stream/packet.h | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index b7ee428186..0d875d777c 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -24,6 +24,9 @@ typedef NTSTATUS (*packet_full_request_fn_t)(void *private, DATA_BLOB blob, size_t *packet_size); typedef NTSTATUS (*packet_callback_fn_t)(void *private, DATA_BLOB blob); + +/* Used to notify that a packet has been sent, and is on the wire */ +typedef void (*packet_send_callback_fn_t)(void *private); typedef void (*packet_error_handler_fn_t)(void *private, NTSTATUS status); @@ -43,6 +46,9 @@ void packet_recv(struct packet_context *pc); void packet_recv_disable(struct packet_context *pc); void packet_recv_enable(struct packet_context *pc); NTSTATUS packet_send(struct packet_context *pc, DATA_BLOB blob); +NTSTATUS packet_send_callback(struct packet_context *pc, DATA_BLOB blob, + packet_send_callback_fn_t send_callback, + void *private); void packet_queue_run(struct packet_context *pc); /* -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/lib/stream/packet.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/lib/stream/packet.h') diff --git a/source4/lib/stream/packet.h b/source4/lib/stream/packet.h index 0d875d777c..45826c5f14 100644 --- a/source4/lib/stream/packet.h +++ b/source4/lib/stream/packet.h @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ -- cgit