sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
2b6f1a8ee6
samba-mirror/source4/lib/tls/tls.h

106 lines
3.4 KiB
C
Raw Normal View History

r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
/*
Unix SMB/CIFS implementation.
transport layer security handling code
Copyright (C) Andrew Tridgell 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
the Free Software Foundation; either version 3 of the License, or
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
*/
r11596: switched the libcli/raw/ code over to using the lib/stream/ generic packet parsing code. This simplifies the logic in the raw client library a fair bit (This used to be commit f8d43f1f67876360e1295d85a3c3702d1d60ed7b)
2005-11-09 11:13:41 +03:00
#ifndef _TLS_H_
#define _TLS_H_
r15829: we need to include socket.h before we can use enum socket_type this fixes a compiler warning metze (This used to be commit dbf82fff10f1b5c3894b9600d98f81ee10e3d876)
2006-05-23 08:41:09 +04:00
#include "lib/socket/socket.h"
r26238: Add a loadparm context parameter to torture_context, remove more uses of global_loadparm. (This used to be commit a33a5530545086b81a3b205aa109dff11c546926)
2007-12-03 02:28:22 +03:00
struct loadparm_context;
s4:lib/tls: add tls_cert_generate() prototype to tls.h This avoids compiler warnings... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-18 23:42:19 +03:00
void tls_cert_generate(TALLOC_CTX *mem_ctx,
const char *hostname,
const char *keyfile, const char *certfile,
const char *cafile);
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
struct tstream_context;
struct tstream_tls_params;
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2015-12-23 18:17:04 +03:00
enum tls_verify_peer_state {
TLS_VERIFY_PEER_NO_CHECK = 0,
#define TLS_VERIFY_PEER_NO_CHECK_STRING "no_check"
TLS_VERIFY_PEER_CA_ONLY = 10,
#define TLS_VERIFY_PEER_CA_ONLY_STRING "ca_only"
TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE = 20,
#define TLS_VERIFY_PEER_CA_AND_NAME_IF_AVAILABLE_STRING \
"ca_and_name_if_available"
TLS_VERIFY_PEER_CA_AND_NAME = 30,
#define TLS_VERIFY_PEER_CA_AND_NAME_STRING "ca_and_name"
TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE = 9999,
#define TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE_STRING \
"as_strict_as_possible"
};
const char *tls_verify_peer_string(enum tls_verify_peer_state verify_peer);
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
const char *ca_file,
const char *crl_file,
lib/tls: Add new 'tls priority' option This adds a new option to the smb.conf to allow administrators to disable TLS protocols in GnuTLS without changing the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-07-20 02:22:46 +03:00
const char *tls_priority,
CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2015-12-23 18:17:04 +03:00
enum tls_verify_peer_state verify_peer,
const char *peer_name,
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
struct tstream_tls_params **_tlsp);
NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
const char *dns_host_name,
s4:lib/tls: fix enabled logic in tstream_tls_params_server() metze
2010-10-07 13:16:48 +04:00
bool enabled,
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
const char *key_file,
const char *cert_file,
const char *ca_file,
const char *crl_file,
const char *dhp_file,
lib/tls: Add new 'tls priority' option This adds a new option to the smb.conf to allow administrators to disable TLS protocols in GnuTLS without changing the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-07-20 02:22:46 +03:00
const char *tls_priority,
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
struct tstream_tls_params **_params);
bool tstream_tls_params_enabled(struct tstream_tls_params *params);
struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *plain_stream,
struct tstream_tls_params *tls_params,
const char *location);
s4:lib/tls: fix tstream_tls_connect_send() define Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-06-19 13:26:55 +03:00
#define tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params) \
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
_tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params, __location__)
int tstream_tls_connect_recv(struct tevent_req *req,
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **tls_stream);
struct tevent_req *_tstream_tls_accept_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *plain_stream,
struct tstream_tls_params *tls_params,
const char *location);
#define tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params) \
_tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params, __location__)
int tstream_tls_accept_recv(struct tevent_req *req,
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **tls_stream);
#endif /* _TLS_H_ */
Copy Permalink