1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4:lib/tls: add tstream_tls_params_client_lpcfg()

This will be able simplify the callers a lot...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2024-02-13 16:36:27 +01:00 committed by Andrew Bartlett
parent 3186cdce85
commit 604413b98a
2 changed files with 52 additions and 0 deletions

View File

@ -63,6 +63,11 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
const char *peer_name, const char *peer_name,
struct tstream_tls_params **_tlsp); struct tstream_tls_params **_tlsp);
NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *peer_name,
struct tstream_tls_params **tlsp);
NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx, NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
const char *dns_host_name, const char *dns_host_name,
bool enabled, bool enabled,

View File

@ -27,6 +27,7 @@
#include "../lib/tsocket/tsocket_internal.h" #include "../lib/tsocket/tsocket_internal.h"
#include "../lib/util/util_net.h" #include "../lib/util/util_net.h"
#include "lib/tls/tls.h" #include "lib/tls/tls.h"
#include "lib/param/param.h"
#include <gnutls/gnutls.h> #include <gnutls/gnutls.h>
#include <gnutls/x509.h> #include <gnutls/x509.h>
@ -986,6 +987,52 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK; return NT_STATUS_OK;
} }
NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
const char *peer_name,
struct tstream_tls_params **tlsp)
{
TALLOC_CTX *frame = talloc_stackframe();
const char *ptr = NULL;
char *ca_file = NULL;
char *crl_file = NULL;
const char *tls_priority = NULL;
enum tls_verify_peer_state verify_peer =
TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
NTSTATUS status;
ptr = lpcfg__tls_cafile(lp_ctx);
if (ptr != NULL) {
ca_file = lpcfg_tls_cafile(frame, lp_ctx);
if (ca_file == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
}
ptr = lpcfg__tls_crlfile(lp_ctx);
if (ptr != NULL) {
crl_file = lpcfg_tls_crlfile(frame, lp_ctx);
if (crl_file == NULL) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
}
tls_priority = lpcfg_tls_priority(lp_ctx);
verify_peer = lpcfg_tls_verify_peer(lp_ctx);
status = tstream_tls_params_client(mem_ctx,
ca_file,
crl_file,
tls_priority,
verify_peer,
peer_name,
tlsp);
TALLOC_FREE(frame);
return status;
}
static NTSTATUS tstream_tls_prepare_gnutls(struct tstream_tls_params *_tlsp, static NTSTATUS tstream_tls_prepare_gnutls(struct tstream_tls_params *_tlsp,
struct tstream_tls *tlss) struct tstream_tls *tlss)
{ {