SoC/2017: Difference between revisions
Line 12: | Line 12: | ||
== Project Information == |
=== Project Information === |
||
-------------------------------------------------------- |
|||
==== Client-side DNS call handling with GSS-TSIG ==== |
|||
Line 27: | Line 27: | ||
'''About''' |
'''About''' |
||
-------------------------------------------------------- |
-------------------------------------------------------- |
||
For the Samba AD DC, libcli/dns is a library that allows the handling of DNS |
For the Samba AD DC, libcli/dns is a library that allows the handling of DNS |
||
calls (send/receive requests) and generates GSS-TSIG type encryption signature |
calls (send/receive requests) and generates GSS-TSIG type encryption signature |
||
for signed packets, to accomodate encrypted client-server communication. |
for signed packets, to accomodate encrypted client-server communication. |
||
The project goal was to enhance client-server communication, by implementing |
|||
TCP request send/receive handling and sign client-side packets with GSS-TSIG |
|||
signatures, to provide security. |
|||
It consists of its respective function and structure libraries, that provide |
It consists of its respective function and structure libraries, that provide |
||
definitions for client-side functionality. |
definitions for client-side functionality. |
||
Test suites are also available, that inspect individual features of cli_dns.c |
|||
'''Project libcli/dns structure:''' |
|||
* cli-fn/ |
|||
** README.md |
|||
** client_crypto.c |
|||
** dns_tcp.c |
|||
** dns_udp.c |
|||
* cmocka-tests/ |
|||
** test-fn |
|||
*** cli_crypto_test.c |
|||
*** dns_tcp_test.c |
|||
*** dns_udp_test.c |
|||
*** wscript |
|||
** README.md |
|||
** cli_tests.c |
|||
** wscript_build |
|||
* README.md |
|||
* cli_dns.c |
|||
* dns.h |
|||
* libtcp.h |
|||
* libudp.h |
|||
* libtsig.h |
|||
* libwrap.h |
|||
* wrap_cli.c |
|||
* wscript_build |
|||
For more information on the project goals, read the GSoC proposal [https://summerofcode.withgoogle.com/projects/#6642229069217792 here]. |
For more information on the project goals, read the GSoC proposal [https://summerofcode.withgoogle.com/projects/#6642229069217792 here]. |
||
Line 45: | Line 74: | ||
'''Repositories''' |
'''Repositories''' |
||
* |
* Individual project repository (requires Samba source code for integration - NOT STANDALONE): [https://github.com/dimgrav/Samba-GSOC2017 link] |
||
* Samba GitHub mirror: [https://github.com/samba-team/samba link] |
* Samba GitHub mirror: [https://github.com/samba-team/samba link] |
||
* Personal samba-team/samba fork: [https://github.com/dimgrav/samba link] |
* Personal samba-team/samba fork with integrated changes in libcli/dns: [https://github.com/dimgrav/samba link] |
||
Line 53: | Line 82: | ||
'''DNS Client (with wrapper support)''' |
'''DNS Client (with wrapper support)''' |
||
-------------------------------------------------------- |
-------------------------------------------------------- |
||
Handles TCP and UDP requests. |
Handles TCP and UDP requests. |
||
Line 73: | Line 101: | ||
'''Wrapping''' |
'''Wrapping''' |
||
-------------------------------------------------------- |
-------------------------------------------------------- |
||
wrap_cli.c provides multiple wrapping of the above functionality, to hide buffer |
wrap_cli.c provides multiple wrapping of the above functionality, to hide buffer |
||
Line 83: | Line 110: | ||
-------------------------------------------------------- |
-------------------------------------------------------- |
||
cli_tests.c provides a test suite for |
In cmocka-tests, cli_tests.c provides a test suite for the complete client-side functionality, |
||
the functions in libcli/dns/cli_dns.c. The API used for unit testing is |
as defined by the functions in libcli/dns/cli_dns.c. The API used for unit testing is |
||
Cmocka. |
|||
In cmocka-tests/test-fn, there are individual unit tests for every feature library in libcli/dns. All of these tests are incorporated in cmocka-tests/cli_tests.c These tests |
|||
can be built by using waf-samba and the intended configuration in cmocka-tests/test-fn/wscript. |
|||
The purpose of these test suites is to facilitate future additions and features in Samba |
|||
client-side code, without the necessity to integrate them directly to cli_dns.c, thus |
|||
making changes easier to test and encourage future contributions. |
Revision as of 13:46, 26 August 2017
Improve libcli/dns
Samba comes with its own asynchronous DNS parser framework developed for the internal DNS server. Basic calls have been implemented for a client-side library as well, but a more fleshed out implementation would be needed. The goal of this project is to implement more high-level calls handling DNS requests, such as UDP/TCP switchover and client-side GSS-TSIG cryptography. A test suite excercising all the functions is required and can be used to cross-check and complement the existing DNS server tests already shipped by Samba. This testsuite should use cmocka.
- Difficulty: Medium
- Language(s): C
- Mentors: Kai Blin, David Disseldorp
- Student: Dimitris Gravanis
Project Information
Client-side DNS call handling with GSS-TSIG
Unix SMB/CIFS implementation
Dimitrios Gravanis (C) 2017
Based on the existing work by Samba Team
About
For the Samba AD DC, libcli/dns is a library that allows the handling of DNS calls (send/receive requests) and generates GSS-TSIG type encryption signature for signed packets, to accomodate encrypted client-server communication.
The project goal was to enhance client-server communication, by implementing TCP request send/receive handling and sign client-side packets with GSS-TSIG signatures, to provide security.
It consists of its respective function and structure libraries, that provide definitions for client-side functionality.
Project libcli/dns structure:
- cli-fn/
- README.md
- client_crypto.c
- dns_tcp.c
- dns_udp.c
- cmocka-tests/
- test-fn
- cli_crypto_test.c
- dns_tcp_test.c
- dns_udp_test.c
- wscript
- README.md
- cli_tests.c
- wscript_build
- test-fn
- README.md
- cli_dns.c
- dns.h
- libtcp.h
- libudp.h
- libtsig.h
- libwrap.h
- wrap_cli.c
- wscript_build
For more information on the project goals, read the GSoC proposal here.
The project timeline and development journal is documented in its dedicated blogspot.
Repositories
- Individual project repository (requires Samba source code for integration - NOT STANDALONE): link
- Samba GitHub mirror: link
- Personal samba-team/samba fork with integrated changes in libcli/dns: link
DNS Client (with wrapper support)
Handles TCP and UDP requests.
The client may use either TCP or UDP protocols to send a DNS name request to the server, then handle the reception of the appropriate server response.
Features:
- UDP request send/receive
- TCP request send/receive
- GSS-TSIG generation
- DNS name packet parsing and signing
The library consists of cli_dns.c, that includes functions, and dns.h, libtcp.h, libtsig.h, libudp.h, that provide declarations, definitions and structures.
Wrapping
wrap_cli.c provides multiple wrapping of the above functionality, to hide buffer creation, DNS packet parsing and signature generation. Definitions of the wrapped functions are provided in libwrap.h.
Test suite
In cmocka-tests, cli_tests.c provides a test suite for the complete client-side functionality, as defined by the functions in libcli/dns/cli_dns.c. The API used for unit testing is Cmocka.
In cmocka-tests/test-fn, there are individual unit tests for every feature library in libcli/dns. All of these tests are incorporated in cmocka-tests/cli_tests.c These tests can be built by using waf-samba and the intended configuration in cmocka-tests/test-fn/wscript. The purpose of these test suites is to facilitate future additions and features in Samba client-side code, without the necessity to integrate them directly to cli_dns.c, thus making changes easier to test and encourage future contributions.