Difference between revisions of "SoC/2017"

(Project Information)
(Project Information)
Line 12: Line 12:
  
  
== Project Information ==
+
=== Project Information ===
 +
--------------------------------------------------------
  
 
+
==== Client-side DNS call handling with GSS-TSIG ====
'''Client-side DNS call handling with GSS-TSIG'''
 
  
  
Line 27: Line 27:
 
'''About'''
 
'''About'''
 
--------------------------------------------------------
 
--------------------------------------------------------
 
  
 
For the Samba AD DC, libcli/dns is a library that allows the handling of DNS  
 
For the Samba AD DC, libcli/dns is a library that allows the handling of DNS  
 
calls (send/receive requests) and generates GSS-TSIG type encryption signature  
 
calls (send/receive requests) and generates GSS-TSIG type encryption signature  
 
for signed packets, to accomodate encrypted client-server communication.
 
for signed packets, to accomodate encrypted client-server communication.
 +
 +
The project goal was to enhance client-server communication, by implementing
 +
TCP request send/receive handling and sign client-side packets with GSS-TSIG
 +
signatures, to provide security.
  
 
It consists of its respective function and structure libraries, that provide  
 
It consists of its respective function and structure libraries, that provide  
 
definitions for client-side functionality.
 
definitions for client-side functionality.
  
Test suites are also available, that inspect individual features of cli_dns.c
+
 
 +
'''Project libcli/dns structure:'''
 +
 
 +
* cli-fn/
 +
** README.md
 +
** client_crypto.c
 +
** dns_tcp.c
 +
** dns_udp.c
 +
* cmocka-tests/
 +
** test-fn
 +
*** cli_crypto_test.c
 +
*** dns_tcp_test.c
 +
*** dns_udp_test.c
 +
*** wscript
 +
** README.md
 +
** cli_tests.c
 +
** wscript_build
 +
* README.md
 +
* cli_dns.c
 +
* dns.h
 +
* libtcp.h
 +
* libudp.h
 +
* libtsig.h
 +
* libwrap.h
 +
* wrap_cli.c
 +
* wscript_build
 +
 
  
 
For more information on the project goals, read the GSoC proposal [https://summerofcode.withgoogle.com/projects/#6642229069217792 here].
 
For more information on the project goals, read the GSoC proposal [https://summerofcode.withgoogle.com/projects/#6642229069217792 here].
Line 45: Line 74:
 
'''Repositories'''
 
'''Repositories'''
  
* Stand-alone repository (requires Samba source code for integration): [https://github.com/dimgrav/Samba-GSOC2017 link]
+
* Individual project repository (requires Samba source code for integration - NOT STANDALONE): [https://github.com/dimgrav/Samba-GSOC2017 link]
 
* Samba GitHub mirror: [https://github.com/samba-team/samba link]
 
* Samba GitHub mirror: [https://github.com/samba-team/samba link]
* Personal samba-team/samba fork: [https://github.com/dimgrav/samba link]
+
* Personal samba-team/samba fork with integrated changes in libcli/dns: [https://github.com/dimgrav/samba link]
  
  
Line 53: Line 82:
 
'''DNS Client (with wrapper support)'''
 
'''DNS Client (with wrapper support)'''
 
--------------------------------------------------------
 
--------------------------------------------------------
 
  
 
Handles TCP and UDP requests.
 
Handles TCP and UDP requests.
Line 73: Line 101:
 
'''Wrapping'''
 
'''Wrapping'''
 
--------------------------------------------------------
 
--------------------------------------------------------
 
  
 
wrap_cli.c provides multiple wrapping of the above functionality, to hide buffer
 
wrap_cli.c provides multiple wrapping of the above functionality, to hide buffer
Line 83: Line 110:
 
--------------------------------------------------------
 
--------------------------------------------------------
  
cli_tests.c provides a test suite for all client-side functionality, as defined by  
+
In cmocka-tests, cli_tests.c provides a test suite for the complete client-side functionality,  
the functions in libcli/dns/cli_dns.c. The API used for unit testing is Cmocka.
+
as defined by the functions in libcli/dns/cli_dns.c. The API used for unit testing is  
 +
Cmocka.
 +
 
 +
In cmocka-tests/test-fn, there are individual unit tests for every feature library in libcli/dns. All of these tests are incorporated in cmocka-tests/cli_tests.c These tests
 +
can be built by using waf-samba and the intended configuration in cmocka-tests/test-fn/wscript.
 +
The purpose of these test suites is to facilitate future additions and features in Samba
 +
client-side code, without the necessity to integrate them directly to cli_dns.c, thus
 +
making changes easier to test and encourage future contributions.

Revision as of 13:46, 26 August 2017

Improve libcli/dns

Samba comes with its own asynchronous DNS parser framework developed for the internal DNS server. Basic calls have been implemented for a client-side library as well, but a more fleshed out implementation would be needed. The goal of this project is to implement more high-level calls handling DNS requests, such as UDP/TCP switchover and client-side GSS-TSIG cryptography. A test suite excercising all the functions is required and can be used to cross-check and complement the existing DNS server tests already shipped by Samba. This testsuite should use cmocka.

  • Difficulty: Medium
  • Language(s): C
  • Mentors: Kai Blin, David Disseldorp
  • Student: Dimitris Gravanis



Project Information


Client-side DNS call handling with GSS-TSIG

Unix SMB/CIFS implementation

Dimitrios Gravanis (C) 2017

Based on the existing work by Samba Team


About


For the Samba AD DC, libcli/dns is a library that allows the handling of DNS calls (send/receive requests) and generates GSS-TSIG type encryption signature for signed packets, to accomodate encrypted client-server communication.

The project goal was to enhance client-server communication, by implementing TCP request send/receive handling and sign client-side packets with GSS-TSIG signatures, to provide security.

It consists of its respective function and structure libraries, that provide definitions for client-side functionality.


Project libcli/dns structure:

  • cli-fn/
    • README.md
    • client_crypto.c
    • dns_tcp.c
    • dns_udp.c
  • cmocka-tests/
    • test-fn
      • cli_crypto_test.c
      • dns_tcp_test.c
      • dns_udp_test.c
      • wscript
    • README.md
    • cli_tests.c
    • wscript_build
  • README.md
  • cli_dns.c
  • dns.h
  • libtcp.h
  • libudp.h
  • libtsig.h
  • libwrap.h
  • wrap_cli.c
  • wscript_build


For more information on the project goals, read the GSoC proposal here.

The project timeline and development journal is documented in its dedicated blogspot.


Repositories

  • Individual project repository (requires Samba source code for integration - NOT STANDALONE): link
  • Samba GitHub mirror: link
  • Personal samba-team/samba fork with integrated changes in libcli/dns: link


DNS Client (with wrapper support)


Handles TCP and UDP requests.

The client may use either TCP or UDP protocols to send a DNS name request to the server, then handle the reception of the appropriate server response.

Features:

  • UDP request send/receive
  • TCP request send/receive
  • GSS-TSIG generation
  • DNS name packet parsing and signing

The library consists of cli_dns.c, that includes functions, and dns.h, libtcp.h, libtsig.h, libudp.h, that provide declarations, definitions and structures.


Wrapping


wrap_cli.c provides multiple wrapping of the above functionality, to hide buffer creation, DNS packet parsing and signature generation. Definitions of the wrapped functions are provided in libwrap.h.


Test suite


In cmocka-tests, cli_tests.c provides a test suite for the complete client-side functionality, as defined by the functions in libcli/dns/cli_dns.c. The API used for unit testing is Cmocka.

In cmocka-tests/test-fn, there are individual unit tests for every feature library in libcli/dns. All of these tests are incorporated in cmocka-tests/cli_tests.c These tests can be built by using waf-samba and the intended configuration in cmocka-tests/test-fn/wscript. The purpose of these test suites is to facilitate future additions and features in Samba client-side code, without the necessity to integrate them directly to cli_dns.c, thus making changes easier to test and encourage future contributions.