diff --git a/source4/lib/tls/tls.h b/source4/lib/tls/tls.h index d9b18ff4d08..5634cce516c 100644 --- a/source4/lib/tls/tls.h +++ b/source4/lib/tls/tls.h @@ -63,6 +63,11 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx, const char *peer_name, struct tstream_tls_params **_tlsp); +NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char *peer_name, + struct tstream_tls_params **tlsp); + NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx, const char *dns_host_name, bool enabled, diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c index 55303c89ca0..42b43020b4d 100644 --- a/source4/lib/tls/tls_tstream.c +++ b/source4/lib/tls/tls_tstream.c @@ -27,6 +27,7 @@ #include "../lib/tsocket/tsocket_internal.h" #include "../lib/util/util_net.h" #include "lib/tls/tls.h" +#include "lib/param/param.h" #include #include @@ -986,6 +987,52 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx, + struct loadparm_context *lp_ctx, + const char *peer_name, + struct tstream_tls_params **tlsp) +{ + TALLOC_CTX *frame = talloc_stackframe(); + const char *ptr = NULL; + char *ca_file = NULL; + char *crl_file = NULL; + const char *tls_priority = NULL; + enum tls_verify_peer_state verify_peer = + TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE; + NTSTATUS status; + + ptr = lpcfg__tls_cafile(lp_ctx); + if (ptr != NULL) { + ca_file = lpcfg_tls_cafile(frame, lp_ctx); + if (ca_file == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + } + + ptr = lpcfg__tls_crlfile(lp_ctx); + if (ptr != NULL) { + crl_file = lpcfg_tls_crlfile(frame, lp_ctx); + if (crl_file == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + } + + tls_priority = lpcfg_tls_priority(lp_ctx); + verify_peer = lpcfg_tls_verify_peer(lp_ctx); + + status = tstream_tls_params_client(mem_ctx, + ca_file, + crl_file, + tls_priority, + verify_peer, + peer_name, + tlsp); + TALLOC_FREE(frame); + return status; +} + static NTSTATUS tstream_tls_prepare_gnutls(struct tstream_tls_params *_tlsp, struct tstream_tls *tlss) {