[SCM] Samba Shared Repository - branch master updated -
release-4-0-0alpha6-954-gbb7e6f0
Stefan (metze) Metzmacher
metze at samba.org
Wed Feb 18 06:06:02 MST 2009
Andrew Bartlett schrieb:
> On Wed, 2009-02-18 at 00:37 -0600, Andrew Tridgell wrote:
>> The branch, master has been updated
>> via bb7e6f0f51a91e461c18efd392af3e4fc6174c34 (commit)
>> from b1ff79dbb246e717fc4a62c7a615ca7ce9ccc302 (commit)
>>
>> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>>
>>
>> - Log -----------------------------------------------------------------
>> commit bb7e6f0f51a91e461c18efd392af3e4fc6174c34
>> Author: Andrew Tridgell <tridge at samba.org>
>> Date: Wed Feb 18 17:37:45 2009 +1100
>>
>> Worked around a problem with select/poll/epoll and gnutls
>>
>> Our packet layer relies on the event system reliably telling us when a
>> packet is available. When we are using a socket layer like TLS then
>> things get a bit trickier, as there may be bytes in the encryption
>> buffer which could be read even if there are no bytes at the socket
>> level. The GNUTLS library is supposed to prevent this happening by
>> always leaving some data at the socket level when there is data to be
>> processed in its buffers, but it seems that this is not always
>> reliable.
>>
>> To work around this I have added a new packet option
>> packet_set_unreliable_select() which tells the packet layer to not
>> assume that the socket layer has a reliable select, and to instead
>> keep trying to read from the socket until it gets back no data. This
>> option is set for the ldap client and server when TLS is negotiated.
>>
>> This seems to fix the problems with the ldaps tests.
>
> The funny thing about this is that the SASL wrapped socket had the same
> problem, and the fix I used there was to schedule a timed event for
> 'now' to re-run the read. I have to say, the 'unreliable select' is
> simpler, and perhaps the SASL code can move to that.
I'm in progress to fix the whole problem correctly, by fixing the socket
abstraction. The function socket_get_fd() is stupid and breaks the
abstraction.
The caller should give a tevent_context to the socket layer and
callbacks for read and write, it's up to the socket layer how to trigger
them. The packet.c code will also be obsoleted by a generic
tsocket_send[to]_queue_send/recv() and tsocket_recv_pkt_send/recv() code.
The tsocket abstraction could also be used to wrap the pipe between
samba3's winbind parent and child.
See lib/tsocket in this branch
http://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-cldap
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.samba.org/archive/samba-technical/attachments/20090218/afd20621/signature.bin
More information about the samba-technical
mailing list