summaryrefslogtreecommitdiff
path: root/source4/ldap_server
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-02-18 17:37:45 +1100
committerAndrew Tridgell <tridge@samba.org>2009-02-18 17:37:45 +1100
commitbb7e6f0f51a91e461c18efd392af3e4fc6174c34 (patch)
tree266d16a4c8fe1316f1c6c4bfa02f62cb85375bba /source4/ldap_server
parentb1ff79dbb246e717fc4a62c7a615ca7ce9ccc302 (diff)
downloadsamba-bb7e6f0f51a91e461c18efd392af3e4fc6174c34.tar.gz
Worked around a problem with select/poll/epoll and gnutls
Our packet layer relies on the event system reliably telling us when a packet is available. When we are using a socket layer like TLS then things get a bit trickier, as there may be bytes in the encryption buffer which could be read even if there are no bytes at the socket level. The GNUTLS library is supposed to prevent this happening by always leaving some data at the socket level when there is data to be processed in its buffers, but it seems that this is not always reliable. To work around this I have added a new packet option packet_set_unreliable_select() which tells the packet layer to not assume that the socket layer has a reliable select, and to instead keep trying to read from the socket until it gets back no data. This option is set for the ldap client and server when TLS is negotiated. This seems to fix the problems with the ldaps tests.
Diffstat (limited to 'source4/ldap_server')
-rw-r--r--source4/ldap_server/ldap_extended.c1
-rw-r--r--source4/ldap_server/ldap_server.c4
2 files changed, 5 insertions, 0 deletions
diff --git a/source4/ldap_server/ldap_extended.c b/source4/ldap_server/ldap_extended.c
index 4479eab560..66ab4eea32 100644
--- a/source4/ldap_server/ldap_extended.c
+++ b/source4/ldap_server/ldap_extended.c
@@ -38,6 +38,7 @@ static void ldapsrv_start_tls(void *private_data)
ctx->conn->sockets.tls = ctx->tls_socket;
ctx->conn->connection->socket = ctx->tls_socket;
packet_set_socket(ctx->conn->packet, ctx->conn->connection->socket);
+ packet_set_unreliable_select(ctx->conn->packet);
}
static NTSTATUS ldapsrv_StartTLS(struct ldapsrv_call *call,
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 61ff387152..da44c02aa8 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -386,6 +386,10 @@ static void ldapsrv_accept(struct stream_connection *c)
packet_set_event_context(conn->packet, c->event.ctx);
packet_set_fde(conn->packet, c->event.fde);
packet_set_serialise(conn->packet);
+
+ if (conn->sockets.tls) {
+ packet_set_unreliable_select(conn->packet);
+ }
/* Ensure we don't get packets until the database is ready below */
packet_recv_disable(conn->packet);