mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
ba07fa43d0
contexts from the application layer into the socket layer.
This improves a number of correctness aspects, as we now allow LDAP
packets to cross multiple SASL packets. It should also make it much
easier to write async LDAP tests from windows clients, as they use SASL
by default. It is also vital to allowing OpenLDAP clients to use GSSAPI
against Samba4, as it negotiates a rather small SASL buffer size.
This patch mirrors the earlier work done to move TLS into the socket
layer.
Unusual in this pstch is the extra read callback argument I take. As
SASL is a layer on top of a socket, it is entirely possible for the
SASL layer to drain a socket dry, but for the caller not to have read
all the decrypted data. This would leave the system without an event
to restart the read (as the socket is dry).
As such, I re-invoke the read handler from a timed callback, which
should trigger on the next running of the event loop. I believe that
the TLS code does require a similar callback.
In trying to understand why this is required, imagine a SASL-encrypted
LDAP packet in the following formation:
+-----------------+---------------------+
| SASL Packet #1 | SASL Packet #2 |
----------------------------------------+
| LDAP Packet #1 | LDAP Packet #2 |
----------------------------------------+
In the old code, this was illegal, but it is perfectly standard
SASL-encrypted LDAP. Without the callback, we would read and process
the first LDAP packet, and the SASL code would have read the second SASL
packet (to decrypt enough data for the LDAP packet), and no data would
remain on the socket.
Without data on the socket, read events stop. That is why I add timed
events, until the SASL buffer is drained.
Another approach would be to add a hack to the event system, to have it
pretend there remained data to read off the network (but that is ugly).
In improving the code, to handle more real-world cases, I've been able
to remove almost all the special-cases in the testnonblock code. The
only special case is that we must use a deterministic partial packet
when calling send, rather than a random length. (1 + n/2). This is
needed because of the way the SASL and TLS code works, and the 'resend
on failure' requirements.
Andrew Bartlett
(This used to be commit 5d7c9c12cb
)
61 lines
2.6 KiB
C
61 lines
2.6 KiB
C
/*
|
|
Unix SMB/CIFS mplementation.
|
|
|
|
helper layer for breaking up streams into discrete requests
|
|
|
|
Copyright (C) Andrew Tridgell 2005
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
*/
|
|
|
|
typedef NTSTATUS (*packet_full_request_fn_t)(void *private,
|
|
DATA_BLOB blob, size_t *packet_size);
|
|
typedef NTSTATUS (*packet_callback_fn_t)(void *private, DATA_BLOB blob);
|
|
|
|
/* Used to notify that a packet has been sent, and is on the wire */
|
|
typedef void (*packet_send_callback_fn_t)(void *private);
|
|
typedef void (*packet_error_handler_fn_t)(void *private, NTSTATUS status);
|
|
|
|
|
|
|
|
struct packet_context *packet_init(TALLOC_CTX *mem_ctx);
|
|
void packet_set_callback(struct packet_context *pc, packet_callback_fn_t callback);
|
|
void packet_set_error_handler(struct packet_context *pc, packet_error_handler_fn_t handler);
|
|
void packet_set_private(struct packet_context *pc, void *private);
|
|
void packet_set_full_request(struct packet_context *pc, packet_full_request_fn_t callback);
|
|
void packet_set_socket(struct packet_context *pc, struct socket_context *sock);
|
|
void packet_set_event_context(struct packet_context *pc, struct event_context *ev);
|
|
void packet_set_fde(struct packet_context *pc, struct fd_event *fde);
|
|
void packet_set_serialise(struct packet_context *pc);
|
|
void packet_set_initial_read(struct packet_context *pc, uint32_t initial_read);
|
|
void packet_set_nofree(struct packet_context *pc);
|
|
void packet_recv(struct packet_context *pc);
|
|
void packet_recv_disable(struct packet_context *pc);
|
|
void packet_recv_enable(struct packet_context *pc);
|
|
NTSTATUS packet_send(struct packet_context *pc, DATA_BLOB blob);
|
|
NTSTATUS packet_send_callback(struct packet_context *pc, DATA_BLOB blob,
|
|
packet_send_callback_fn_t send_callback,
|
|
void *private);
|
|
void packet_queue_run(struct packet_context *pc);
|
|
|
|
/*
|
|
pre-canned handlers
|
|
*/
|
|
NTSTATUS packet_full_request_nbt(void *private, DATA_BLOB blob, size_t *size);
|
|
NTSTATUS packet_full_request_u32(void *private, DATA_BLOB blob, size_t *size);
|
|
|
|
|