sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00
Code
b5681c4125
samba-mirror/source4/lib/tls/tls.h

110 lines
3.5 KiB
C
Raw Normal View History

r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
/*
Unix SMB/CIFS implementation.
transport layer security handling code
Copyright (C) Andrew Tridgell 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
the Free Software Foundation; either version 3 of the License, or
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-07-10 06:07:03 +04:00
along with this program. If not, see <http://www.gnu.org/licenses/>.
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
*/
r11596: switched the libcli/raw/ code over to using the lib/stream/ generic packet parsing code. This simplifies the logic in the raw client library a fair bit (This used to be commit f8d43f1f67876360e1295d85a3c3702d1d60ed7b)
2005-11-09 11:13:41 +03:00
#ifndef _TLS_H_
#define _TLS_H_
r15829: we need to include socket.h before we can use enum socket_type this fixes a compiler warning metze (This used to be commit dbf82fff10f1b5c3894b9600d98f81ee10e3d876)
2006-05-23 08:41:09 +04:00
#include "lib/socket/socket.h"
r26238: Add a loadparm context parameter to torture_context, remove more uses of global_loadparm. (This used to be commit a33a5530545086b81a3b205aa109dff11c546926)
2007-12-03 02:28:22 +03:00
struct loadparm_context;
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
/*
call tls_initialise() once per task to startup the tls subsystem
*/
r26238: Add a loadparm context parameter to torture_context, remove more uses of global_loadparm. (This used to be commit a33a5530545086b81a3b205aa109dff11c546926)
2007-12-03 02:28:22 +03:00
struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
/*
call tls_init_server() on each new server connection
the 'plain_chars' parameter is a list of chars that when they occur
as the first character from the client on the connection tell the
tls code that this is a non-tls connection. This can be used to have
tls and non-tls servers on the same port. If this is NULL then only
tls connections will be allowed
*/
r15400: Move the TLS code behind the socket interface. This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
2006-05-03 00:15:47 +04:00
struct socket_context *tls_init_server(struct tls_params *parms,
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
struct socket_context *sock,
s4:lib/tevent: rename structs list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-29 22:24:57 +03:00
struct tevent_fd *fde,
r15400: Move the TLS code behind the socket interface. This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
2006-05-03 00:15:47 +04:00
const char *plain_chars);
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
s4:lib/tls: add tls_cert_generate() prototype to tls.h This avoids compiler warnings... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-18 23:42:19 +03:00
void tls_cert_generate(TALLOC_CTX *mem_ctx,
const char *hostname,
const char *keyfile, const char *certfile,
const char *cafile);
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
/*
return True if a connection used tls
*/
r24712: No longer expose the 'BOOL' data type in any interfaces. (This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
2007-08-27 22:10:19 +04:00
bool tls_enabled(struct socket_context *tls);
r7742: abstracted out the tls code from the web server, so that our other servers can easily become tls enabled. This will be used to add support for ldaps (This used to be commit 950500f603725349d2a0e22878e83dd1b5975f9f)
2005-06-19 08:20:27 +04:00
r15400: Move the TLS code behind the socket interface. This reduces caller complexity, because the TLS code is now called just like any other socket. (A new socket context is returned by the tls_init_server and tls_init_client routines). When TLS is not available, the original socket is returned. Andrew Bartlett (This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)
2006-05-03 00:15:47 +04:00
const struct socket_ops *socket_tls_ops(enum socket_type type);
r7747: - simplified the ldap server buffer handling - got rid of the special cases for sasl buffers - added a tls_socket_pending() call to determine how much data is waiting on a tls connection - removed the attempt at async handling of ldap calls. The buffers/sockets are all async, but the calls themselves are sync. (This used to be commit 73cb4aad229d08e17e22d5792580bd43a61b142a)
2005-06-19 13:31:34 +04:00
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
struct tstream_context;
struct tstream_tls_params;
NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
const char *ca_file,
const char *crl_file,
lib/tls: Add new 'tls priority' option This adds a new option to the smb.conf to allow administrators to disable TLS protocols in GnuTLS without changing the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-07-20 02:22:46 +03:00
const char *tls_priority,
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
struct tstream_tls_params **_tlsp);
NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
const char *dns_host_name,
s4:lib/tls: fix enabled logic in tstream_tls_params_server() metze
2010-10-07 13:16:48 +04:00
bool enabled,
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
const char *key_file,
const char *cert_file,
const char *ca_file,
const char *crl_file,
const char *dhp_file,
lib/tls: Add new 'tls priority' option This adds a new option to the smb.conf to allow administrators to disable TLS protocols in GnuTLS without changing the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076 Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-07-20 02:22:46 +03:00
const char *tls_priority,
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
struct tstream_tls_params **_params);
bool tstream_tls_params_enabled(struct tstream_tls_params *params);
struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *plain_stream,
struct tstream_tls_params *tls_params,
const char *location);
s4:lib/tls: fix tstream_tls_connect_send() define Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-06-19 13:26:55 +03:00
#define tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params) \
s4:lib/tls: add gnutls backend for tstream metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-02-03 16:36:10 +03:00
_tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params, __location__)
int tstream_tls_connect_recv(struct tevent_req *req,
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **tls_stream);
struct tevent_req *_tstream_tls_accept_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *plain_stream,
struct tstream_tls_params *tls_params,
const char *location);
#define tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params) \
_tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params, __location__)
int tstream_tls_accept_recv(struct tevent_req *req,
int *perrno,
TALLOC_CTX *mem_ctx,
struct tstream_context **tls_stream);
#endif /* _TLS_H_ */
Copy Permalink