[PATCH][SAMBA4] Add a SASL socket layer

Andrew Bartlett abartlet at samba.org
Mon Jul 24 03:53:36 GMT 2006


On Fri, 2006-07-21 at 15:50 +1000, Andrew Bartlett wrote:
> On Fri, 2006-07-21 at 12:21 +1000, Andrew Bartlett wrote:
 
> > I would appreciate review of this patch, in particular the extra read
> > callback argument I take.  As SASL is a layer on top of a socket, it is
> > entirely possible for the SASL layer to drain a socket dry, but for the
> > caller not to have read all the decrypted data.  This would leave the
> > system without an event to restart the read (as the socket is dry). 
> > 
> > As such, I re-invoke the read handler from a timed callback, which
> > should trigger on the next running of the event loop.  I believe that
> > the TLS code does require a similar callback.
> 
> I've been talking with tridge about this on IRC, and I feel that this
> area requires further explaination:

...

> Without data on the socket, read events stop.  That is why I add timed
> events, until the SASL buffer is drained. 
> 
> Another approach would be to add a hack to the event system, to have it
> pretend there remained data to read off the network (but that is ugly).

On reading the gnutls source, this is actually how the GNU TLS code
works.  It leaves some data in the TCP socket, so that select() and
epoll continue to return events.

The SASL code doesn't have this, hence the need for the callbacks (which
I now won't add to lib/tls).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060724/87d1325a/attachment.bin


More information about the samba-technical mailing list