Re: How this update has slipped in my batch was Re: [SCM] Samba Shared Repository - branch master updated

2010-10-05 Thread Stefan (metze) Metzmacher 
Hi Matthieu,

 On 05/10/2010 00:24, Matthieu Patou wrote:
 The branch, master has been updated
 via  d09cfc0 unittests: add a test to avoid regression on
 previous fix
 via  19f835d unittests: makes the unit tests for ldb.python
 back in order
 via  9dcad79 pyldb: test return code before trying to
 talloc_steal
 via  b53fbc7 s4:ldap_server: rewrite to socket layer to use
 tstream
 I'm wondering how this has arrived in the tree given the fact that on my
 private repo git rebase -i master gives me:
   1 pick ed2f6aa pyldb: test return code before trying to talloc_steal
   2 pick dd6c604 unittests: makes the unit tests for ldb.python back in
 order
   3 pick 6f95fec unittests: add a test to avoid regression on previous fix
 
 Should the latest patch be removed ?

gensec_tls only work with some gnutls version (others have bugs),
that means TLS/SSL support is broken, but we still offer it.

We should add configure checks to only allow TLS/SSL support if the
used gnutls version don't has the handshake bug.
See https://bugzilla.samba.org/show_bug.cgi?id=7218

metze



signature.asc
Description: OpenPGP digital signature

How this update has slipped in my batch was Re: [SCM] Samba Shared Repository - branch master updated

2010-10-04 Thread Matthieu Patou 

 Hi all,


On 05/10/2010 00:24, Matthieu Patou wrote:

The branch, master has been updated
via  d09cfc0 unittests: add a test to avoid regression on previous fix
via  19f835d unittests: makes the unit tests for ldb.python back in 
order
via  9dcad79 pyldb: test return code before trying to talloc_steal
via  b53fbc7 s4:ldap_server: rewrite to socket layer to use tstream
I'm wondering how this has arrived in the tree given the fact that on my 
private repo git rebase -i master gives me:

  1 pick ed2f6aa pyldb: test return code before trying to talloc_steal
  2 pick dd6c604 unittests: makes the unit tests for ldb.python back in 
order

  3 pick 6f95fec unittests: add a test to avoid regression on previous fix

Should the latest patch be removed ?


   from  b5f2633 dnsp: Add support for parsing HINFO records

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d09cfc04fb29222c39ca4f170982c033fdc8206c
Author: Matthieu Patoum...@matws.net
Date:   Mon Oct 4 22:56:20 2010 +0400

 unittests: add a test to avoid regression on previous fix

 Autobuild-User: Matthieu Patoum...@samba.org
 Autobuild-Date: Mon Oct  4 20:23:31 UTC 2010 on sn-devel-104

commit 19f835dd69e7ea3ecc10732ebb031f78f79ec9f5
Author: Matthieu Patoum...@matws.net
Date:   Mon Oct 4 22:54:46 2010 +0400

 unittests: makes the unit tests for ldb.python back in order

commit 9dcad792b6d5ff0481da467b1c6b4524cf462ba8
Author: Matthieu Patoum...@matws.net
Date:   Mon Oct 4 00:43:33 2010 +0400

 pyldb: test return code before trying to talloc_steal

 Otherwise you can have an error on the talloc_steal as the req can have
 been not talloced yet

commit b53fbc75acc525f2e2450370e704a62791271788
Author: Stefan Metzmacherme...@samba.org
Date:   Wed Sep 22 14:24:03 2010 +0200

 s4:ldap_server: rewrite to socket layer to use tstream

 This should make our sasl and tls handling much more robust
 against partial sent pdus.

 metze

---

Summary of changes:
  source4/ldap_server/ldap_bind.c |   99 --
  source4/ldap_server/ldap_extended.c |  105 -
  source4/ldap_server/ldap_server.c   |  766 ---
  source4/ldap_server/ldap_server.h   |   35 +-
  source4/lib/ldb/pyldb.c |4 +-
  source4/lib/ldb/tests/python/api.py |5 +
  source4/selftest/tests.py   |2 +-
  7 files changed, 705 insertions(+), 311 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index c97211c..5036353 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -25,7 +25,9 @@
  #include lib/ldb/include/ldb_errors.h
  #include dsdb/samdb/samdb.h
  #include auth/gensec/gensec.h
+#include auth/gensec/gensec_tstream.h
  #include param/param.h
+#include ../lib/util/tevent_ntstatus.h

  static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
  {
@@ -94,20 +96,42 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call 
*call)
return NT_STATUS_OK;
  }

-struct ldapsrv_sasl_context {
+struct ldapsrv_sasl_postprocess_context {
struct ldapsrv_connection *conn;
-   struct socket_context *sasl_socket;
+   struct tstream_context *sasl;
  };

-static void ldapsrv_set_sasl(void *private_data)
+struct ldapsrv_sasl_postprocess_state {
+   uint8_t dummy;
+};
+
+static struct tevent_req *ldapsrv_sasl_postprocess_send(TALLOC_CTX *mem_ctx,
+   struct tevent_context *ev,
+   void *private_data)
  {
-   struct ldapsrv_sasl_context *ctx = talloc_get_type(private_data, struct 
ldapsrv_sasl_context);
-   talloc_steal(ctx-conn-connection, ctx-sasl_socket);
-   talloc_unlink(ctx-conn-connection, ctx-conn-connection-socket);
+   struct ldapsrv_sasl_postprocess_context *context =
+   talloc_get_type_abort(private_data,
+   struct ldapsrv_sasl_postprocess_context);
+   struct tevent_req *req;
+   struct ldapsrv_sasl_postprocess_state *state;
+
+   req = tevent_req_create(mem_ctx,state,
+   struct ldapsrv_sasl_postprocess_state);
+   if (req == NULL) {
+   return NULL;
+   }

-   ctx-conn-sockets.sasl = ctx-sasl_socket;
-   ctx-conn-connection-socket = ctx-sasl_socket;
-   packet_set_socket(ctx-conn-packet, ctx-conn-connection-socket);
+   TALLOC_FREE(context-conn-sockets.sasl);
+   context-conn-sockets.sasl = talloc_move(context-conn,context-sasl);
+   context-conn-sockets.active = context-conn-sockets.sasl;
+
+   tevent_req_done(req);
+   return tevent_req_post(req, ev);
+}
+
+static NTSTATUS ldapsrv_sasl_postprocess_recv(struct tevent_req *req)
+{
+   return