[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-954-gbb7e6f0

Stefan (metze) Metzmacher metze at samba.org
Wed Feb 18 06:06:02 MST 2009


Andrew Bartlett schrieb:
> On Wed, 2009-02-18 at 00:37 -0600, Andrew Tridgell wrote:
>> The branch, master has been updated
>>        via  bb7e6f0f51a91e461c18efd392af3e4fc6174c34 (commit)
>>       from  b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302 (commit)
>>
>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>>
>>
>> - Log -----------------------------------------------------------------
>> commit bb7e6f0f51a91e461c18efd392af3e4fc6174c34
>> Author: Andrew Tridgell <tridge at samba.org>
>> Date:   Wed Feb 18 17:37:45 2009 +1100
>>
>>     Worked around a problem with select/poll/epoll and gnutls
>>     
>>     Our packet layer relies on the event system reliably telling us when a
>>     packet is available. When we are using a socket layer like TLS then
>>     things get a bit trickier, as there may be bytes in the encryption
>>     buffer which could be read even if there are no bytes at the socket
>>     level. The GNUTLS library is supposed to prevent this happening by
>>     always leaving some data at the socket level when there is data to be
>>     processed in its buffers, but it seems that this is not always
>>     reliable.
>>     
>>     To work around this I have added a new packet option
>>     packet_set_unreliable_select() which tells the packet layer to not
>>     assume that the socket layer has a reliable select, and to instead
>>     keep trying to read from the socket until it gets back no data. This
>>     option is set for the ldap client and server when TLS is negotiated.
>>     
>>     This seems to fix the problems with the ldaps tests.
> 
> The funny thing about this is that the SASL wrapped socket had the same
> problem, and the fix I used there was to schedule a timed event for
> 'now' to re-run the read.  I have to say, the 'unreliable select' is
> simpler, and perhaps the SASL code can move to that. 

I'm in progress to fix the whole problem correctly, by fixing the socket
abstraction. The function socket_get_fd() is stupid and breaks the
abstraction.

The caller should give a tevent_context to the socket layer and
callbacks for read and write, it's up to the socket layer how to trigger
them. The packet.c code will also be obsoleted by a generic
tsocket_send[to]_queue_send/recv() and tsocket_recv_pkt_send/recv() code.

The tsocket abstraction could also be used to wrap the pipe between
samba3's winbind parent and child.

See lib/tsocket in this branch
http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-cldap

metze


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090218/afd20621/signature.bin


More information about the samba-technical mailing list