[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-954-gbb7e6f0

Andrew Bartlett abartlet at samba.org
Tue Feb 17 23:56:30 MST 2009 

On Wed, 2009-02-18 at 00:37 -0600, Andrew Tridgell wrote:
> The branch, master has been updated
>        via  bb7e6f0f51a91e461c18efd392af3e4fc6174c34 (commit)
>       from  b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302 (commit)
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log -----------------------------------------------------------------
> commit bb7e6f0f51a91e461c18efd392af3e4fc6174c34
> Author: Andrew Tridgell <tridge at samba.org>
> Date:   Wed Feb 18 17:37:45 2009 +1100
> 
>     Worked around a problem with select/poll/epoll and gnutls
>     
>     Our packet layer relies on the event system reliably telling us when a
>     packet is available. When we are using a socket layer like TLS then
>     things get a bit trickier, as there may be bytes in the encryption
>     buffer which could be read even if there are no bytes at the socket
>     level. The GNUTLS library is supposed to prevent this happening by
>     always leaving some data at the socket level when there is data to be
>     processed in its buffers, but it seems that this is not always
>     reliable.
>     
>     To work around this I have added a new packet option
>     packet_set_unreliable_select() which tells the packet layer to not
>     assume that the socket layer has a reliable select, and to instead
>     keep trying to read from the socket until it gets back no data. This
>     option is set for the ldap client and server when TLS is negotiated.
>     
>     This seems to fix the problems with the ldaps tests.

The funny thing about this is that the SASL wrapped socket had the same
problem, and the fix I used there was to schedule a timed event for
'now' to re-run the read.  I have to say, the 'unreliable select' is
simpler, and perhaps the SASL code can move to that. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090218/3de7995d/attachment.bin

More information about the samba-technical mailing list