sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
Code
53d8744554
samba-mirror/source4/lib/stream/packet.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

66 lines
2.7 KiB
C
Raw Normal View History

r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
/*
Fix a comment typo copied around Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-09 17:14:02 +03:00
Unix SMB/CIFS Implementation.
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
helper layer for breaking up streams into discrete requests
Copyright (C) Andrew Tridgell 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
the Free Software Foundation; either version 3 of the License, or
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
*/
s4: fix LIBEVENTS dependencies and use more forward declarations We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
2008-12-17 02:06:34 +03:00
struct packet_context;
s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-29 22:24:57 +03:00
struct tevent_context;
struct tevent_fd;
s4: Fix a few warnings.
2010-01-20 06:27:38 +03:00
struct socket_context;
s4: fix LIBEVENTS dependencies and use more forward declarations We should only include events.h where we really need it and prefer forward declarations of 'struct event_context' metze
2008-12-17 02:06:34 +03:00
s4:lib/stream: s/private/private_data metze
2009-02-02 10:22:01 +03:00
typedef NTSTATUS (*packet_full_request_fn_t)(void *private_data,
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
DATA_BLOB blob, size_t *packet_size);
s4:lib/stream: s/private/private_data metze
2009-02-02 10:22:01 +03:00
typedef NTSTATUS (*packet_callback_fn_t)(void *private_data, DATA_BLOB blob);
r17197: This patch moves the encryption of bulk data on SASL negotiated security contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2006-07-23 06:50:08 +04:00
/* Used to notify that a packet has been sent, and is on the wire */
s4:lib/stream: s/private/private_data metze
2009-02-02 10:22:01 +03:00
typedef void (*packet_send_callback_fn_t)(void *private_data);
typedef void (*packet_error_handler_fn_t)(void *private_data, NTSTATUS status);
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
struct packet_context *packet_init(TALLOC_CTX *mem_ctx);
void packet_set_callback(struct packet_context *pc, packet_callback_fn_t callback);
void packet_set_error_handler(struct packet_context *pc, packet_error_handler_fn_t handler);
s4:lib/stream: s/private/private_data metze
2009-02-02 10:22:01 +03:00
void packet_set_private(struct packet_context *pc, void *private_data);
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t callback);
void packet_set_socket(struct packet_context *pc, struct socket_context *sock);
s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-29 22:24:57 +03:00
void packet_set_event_context(struct packet_context *pc, struct tevent_context *ev);
void packet_set_fde(struct packet_context *pc, struct tevent_fd *fde);
r11713: separate out the setting of the fde in the packet context from the enabling of packet serialisation (This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb)
2005-11-14 06:45:57 +03:00
void packet_set_serialise(struct packet_context *pc);
r11627: give the caller much more control over the stream to packet process, allowing it to specify the initial read size (thus preventing over-reading) and to stop the recv process when needed. This is used by the dcerpc socket code, which relies on not getting packets when it isn't ready for them (This used to be commit f869fd674ec4b148dc9a264e94d19ce79d35131d)
2005-11-10 07:26:00 +03:00
void packet_set_initial_read(struct packet_context *pc, uint32_t initial_read);
r11636: a bit neater solution to the nt_cancel problem (This used to be commit ba7864b07eebecd4d4eb2ce515412a49964ae179)
2005-11-10 14:10:40 +03:00
void packet_set_nofree(struct packet_context *pc);
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
void packet_recv(struct packet_context *pc);
r11627: give the caller much more control over the stream to packet process, allowing it to specify the initial read size (thus preventing over-reading) and to stop the recv process when needed. This is used by the dcerpc socket code, which relies on not getting packets when it isn't ready for them (This used to be commit f869fd674ec4b148dc9a264e94d19ce79d35131d)
2005-11-10 07:26:00 +03:00
void packet_recv_disable(struct packet_context *pc);
void packet_recv_enable(struct packet_context *pc);
Worked around a problem with select/poll/epoll and gnutls Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
2009-02-18 09:37:45 +03:00
void packet_set_unreliable_select(struct packet_context *pc);
r11605: added handling of the send queue to the generic packet handling code (This used to be commit f98d499b2ef93cf2d060acafbc424754add322a8)
2005-11-09 16:33:53 +03:00
NTSTATUS packet_send(struct packet_context *pc, DATA_BLOB blob);
r17197: This patch moves the encryption of bulk data on SASL negotiated security contexts from the application layer into the socket layer. This improves a number of correctness aspects, as we now allow LDAP packets to cross multiple SASL packets. It should also make it much easier to write async LDAP tests from windows clients, as they use SASL by default. It is also vital to allowing OpenLDAP clients to use GSSAPI against Samba4, as it negotiates a rather small SASL buffer size. This patch mirrors the earlier work done to move TLS into the socket layer. Unusual in this pstch is the extra read callback argument I take. As SASL is a layer on top of a socket, it is entirely possible for the SASL layer to drain a socket dry, but for the caller not to have read all the decrypted data. This would leave the system without an event to restart the read (as the socket is dry). As such, I re-invoke the read handler from a timed callback, which should trigger on the next running of the event loop. I believe that the TLS code does require a similar callback. In trying to understand why this is required, imagine a SASL-encrypted LDAP packet in the following formation: +-----------------+---------------------+ | SASL Packet #1 | SASL Packet #2 | ----------------------------------------+ | LDAP Packet #1 | LDAP Packet #2 | ----------------------------------------+ In the old code, this was illegal, but it is perfectly standard SASL-encrypted LDAP. Without the callback, we would read and process the first LDAP packet, and the SASL code would have read the second SASL packet (to decrypt enough data for the LDAP packet), and no data would remain on the socket. Without data on the socket, read events stop. That is why I add timed events, until the SASL buffer is drained. Another approach would be to add a hack to the event system, to have it pretend there remained data to read off the network (but that is ugly). In improving the code, to handle more real-world cases, I've been able to remove almost all the special-cases in the testnonblock code. The only special case is that we must use a deterministic partial packet when calling send, rather than a random length. (1 + n/2). This is needed because of the way the SASL and TLS code works, and the 'resend on failure' requirements. Andrew Bartlett (This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
2006-07-23 06:50:08 +04:00
NTSTATUS packet_send_callback(struct packet_context *pc, DATA_BLOB blob,
packet_send_callback_fn_t send_callback,
s4:lib/stream: s/private/private_data metze
2009-02-02 10:22:01 +03:00
void *private_data);
r11605: added handling of the send queue to the generic packet handling code (This used to be commit f98d499b2ef93cf2d060acafbc424754add322a8)
2005-11-09 16:33:53 +03:00
void packet_queue_run(struct packet_context *pc);
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
/*
pre-canned handlers
*/
s4:lib/stream: s/private/private_data metze
2009-02-02 10:22:01 +03:00
NTSTATUS packet_full_request_nbt(void *private_data, DATA_BLOB blob, size_t *size);
NTSTATUS packet_full_request_u32(void *private_data, DATA_BLOB blob, size_t *size);
r11618: added a generic '32 bit length prefix' full packet helper to the packet code (This used to be commit b4dbe55105cc2807a17d7e5bf8db9756cc526a3b)
2005-11-10 03:25:57 +03:00
r11595: added a helper layer to parse streams into individual packets. This is something that Andrew Bartlett has been asking for for a while, and when I started having to re-invent this packet parsing code yet again for SMB2 I decided it was time to do it generically you use it by providing a "is this a full packet yet?" helper function to the packet_*() functions, which then handle all the logic of partial packet buffering. This also goes to great lengths to operate efficiently, minimising the number of recv system calls. (This used to be commit e6c47b954a6f09c53ea419800ce873295fcd0be9)
2005-11-09 11:11:50 +03:00
Copy Permalink