IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb2b39673172a357092b80cd814850b0)
make the testnonblock skip some things. The socket *under* the tls
socket is still tested.
Andrew Bartlett
(This used to be commit 9c33c6a20a77e3f15eac3d62488117517afad940)
This reduces caller complexity, because the TLS code is now called
just like any other socket. (A new socket context is returned by the
tls_init_server and tls_init_client routines).
When TLS is not available, the original socket is returned.
Andrew Bartlett
(This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
error, but sometimes a socket option may then happen on the NULL
socket. This has been handled by the individual libraries up to now,
but its cleaner to centralise it here
(This used to be commit d9864e1f9aac1fb19f054c2da996a5099e90941e)
- hooked into events system, so requests can be truly async and won't
interfere with other processing happening at the same time
- uses NTSTATUS codes for errors (previously errors were mostly
ignored). In a similar fashion to the DOS error handling, I have
reserved a range of the NTSTATUS code 32 bit space for LDAP error
codes, so a function can return a LDAP error code in a NTSTATUS
- much cleaner packet handling
(This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)
will be interesting to see if this causes any portability problems, as
it is a less commonly used call.
(This used to be commit f6993db31d93059c70b44a23005ba444e205870f)
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
I decided to incorporate the udp support into the socket_ipv4.c
backend (and later in socket_ipv6.c) rather than doing a separate
backend, as so much of the code is shareable. Basically this adds a
socket_sendto() and a socket_recvfrom() call and not much all.
For udp servers, I decided to keep the call as socket_listen(), even
though dgram servers don't actually call listen(). This keeps the API
consistent.
I also added a simple local sockets testsuite in smbtorture,
LOCAL-SOCKET
(This used to be commit 9f12a45a05c5c447fb4ec18c8dd28f70e90e32a5)
connect(). This required a small API change (the addition of
a socket_connect_complete() method)
(This used to be commit b787dd166f5cca82b3710802eefb41e0a8851fc3)
- fix rep_inet_ntoa() for IRIX
- lib/signal.c needs system/wait.h
- some systems define a macro "accept", which breaks the lib/socket/ structures.
use fn_ as a prefix for the structure elements to avoid the problem
(This used to be commit ced1a0fcdc8d8e47755ce4391c19f8b12862eb60)
listening sockets after the fork to prevent the child still listening
on incoming requests.
I have also added an optimisation where we use dup()/close() to lower
the file descriptor number of the new socket to the lowest possible
after closing our listening sockets. This keeps the max fd num passed
to select() low, which makes a difference to the speed of select().
(This used to be commit f2a9bbc317ba86ebe87c3ca27a3a0192de91014d)
you set this option (either on the command line using --option or in
smb.conf) then every socket recv or send will return short by random
amounts. This allows you to test that the non-blocking socket logic in
your code works correctly.
I also removed the flags argument to socket_accept(), and instead made
the new socket inherit the flags of the old socket, which makes more
sense to me.
(This used to be commit 406d356e698da01c84e8aa5b7894752b4403f63c)
The main change is to make socket_recv() take a pre-allocated buffer,
rather than allocating one itself. This allows non-blocking users of
this API to avoid a memcpy(). As a result our messaging code is now
about 10% faster, and the ncacn_ip_tcp and ncalrpc code is also
faster.
The second change was to remove the unused mem_ctx argument from
socket_send(). Having it there implied that memory could be allocated,
which meant the caller had to worry about freeing that memory (if for
example it is sending in a tight loop using the same memory
context). Removing that unused argument keeps life simpler for users.
(This used to be commit a16e4756cd68ca8aab4ffc59d4d9db0b6e44dbd1)
rather than doing everything itself. This greatly simplifies the
code, although I really don't like the socket_recv() interface (it
always allocates memory for you, which means an extra memcpy in this
code)
- fixed several bugs in the socket_ipv4.c code, in particular client
side code used a non-blocking connect but didn't handle EINPROGRESS,
so it had no chance of working. Also fixed the error codes, using
map_nt_error_from_unix()
- cleaned up and expanded map_nt_error_from_unix()
- changed interpret_addr2() to not take a mem_ctx. It makes absolutely
no sense to allocate a fixed size 4 byte structure like this. Dozens
of places in the code were also using interpret_addr2() incorrectly
(precisely because the allocation made no sense)
(This used to be commit 7f2c771b0e0e98c5c9e5cf662592d64d34ff1205)
will shortly be using this for a rewrite of the intra-smbd messaging
library, which is needed to get lock timeouts working properly (and
share modes, oplocks etc)
(This used to be commit 6f4926d846965a901e40d24546eab356c4a537c7)
library are closed on abnormal termination
- convert the service.h structures to the new talloc methods
(This used to be commit 2dc334a3284858eb1c7190f9687c9b6c879ecc9d)
as my box keeps getting hit by viruses spreading on my companies
internal network, which screws up my debug log badly (sigh).
metze, I'm not sure if you think access.c should go in the socket
library or not. It is closely tied to the socket functions, but you
may prefer it separate.
The access.c code is a port from Samba3, but with some cleanups to
make it (slighly) less ugly.
(This used to be commit 058b2fd99e3957d7d2a9544fd27071f1122eab68)
- add some error mappings
- use some flags SOCKET_FLAG_PEEK ans SOCKET_FLAG_BLOCK
metze
(This used to be commit a375c6b0b1ec4d63251f63993f7798c1f2e7c717)
independent socket library.
this is not used, but compiled currently
there're maybe some api changes later...
metze
(This used to be commit de4447d7a57c614b80d0ac00dca900ea7e1c21ea)
