git.samba.org / metze / samba / wip.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
raise the debug level for a common message
[metze/samba/wip.git] / source4 / lib / tls / tls.c
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index f72aafe542fc271e0e67cc9a14b05ab3bed91c82..ba2e9e431b3b94a4a9d286b1f4524faac25d4fad 100644 (file)
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -47,7 +47,7 @@ struct tls_params {
 /* hold per connection tls data */
 struct tls_context {
        struct socket_context *socket;
-       struct fd_event *fde;
+       struct tevent_fd *fde;
        bool tls_enabled;
 #if ENABLE_GNUTLS
        gnutls_session session;
@@ -185,7 +185,7 @@ static int tls_destructor(struct tls_context *tls)
        int ret;
        ret = gnutls_bye(tls->session, GNUTLS_SHUT_WR);
        if (ret < 0) {
-               DEBUG(0,("TLS gnutls_bye failed - %s\n", gnutls_strerror(ret)));
+               DEBUG(4,("TLS gnutls_bye failed - %s\n", gnutls_strerror(ret)));
        }
        return 0;
 }
@@ -357,12 +357,12 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
        struct tls_params *params;
        int ret;
        TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-       const char *keyfile = private_path(tmp_ctx, lp_ctx, lp_tls_keyfile(lp_ctx));
-       const char *certfile = private_path(tmp_ctx, lp_ctx, lp_tls_certfile(lp_ctx));
-       const char *cafile = private_path(tmp_ctx, lp_ctx, lp_tls_cafile(lp_ctx));
-       const char *crlfile = private_path(tmp_ctx, lp_ctx, lp_tls_crlfile(lp_ctx));
-       const char *dhpfile = private_path(tmp_ctx, lp_ctx, lp_tls_dhpfile(lp_ctx));
-       void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
+       const char *keyfile = lp_tls_keyfile(tmp_ctx, lp_ctx);
+       const char *certfile = lp_tls_certfile(tmp_ctx, lp_ctx);
+       const char *cafile = lp_tls_cafile(tmp_ctx, lp_ctx);
+       const char *crlfile = lp_tls_crlfile(tmp_ctx, lp_ctx);
+       const char *dhpfile = lp_tls_dhpfile(tmp_ctx, lp_ctx);
+       void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *, const char *);
        params = talloc(mem_ctx, struct tls_params);
        if (params == NULL) {
                talloc_free(tmp_ctx);
@@ -376,7 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
        }
 
        if (!file_exist(cafile)) {
-               tls_cert_generate(params, keyfile, certfile, cafile);
+               char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
+                                                lp_netbios_name(lp_ctx), lp_realm(lp_ctx));
+               if (hostname == NULL) {
+                       goto init_failed;
+               }
+               tls_cert_generate(params, hostname, keyfile, certfile, cafile);
+               talloc_free(hostname);
        }
 
        ret = gnutls_global_init();
@@ -454,8 +460,8 @@ init_failed:
   setup for a new connection
 */
 struct socket_context *tls_init_server(struct tls_params *params, 
-                                      struct socket_context *socket,
-                                      struct fd_event *fde, 
+                                      struct socket_context *socket_ctx,
+                                      struct tevent_fd *fde, 
                                       const char *plain_chars)
 {
        struct tls_context *tls;
@@ -463,9 +469,9 @@ struct socket_context *tls_init_server(struct tls_params *params,
        struct socket_context *new_sock;
        NTSTATUS nt_status;
        
-       nt_status = socket_create_with_ops(socket, &tls_socket_ops, &new_sock, 
+       nt_status = socket_create_with_ops(socket_ctx, &tls_socket_ops, &new_sock, 
                                           SOCKET_TYPE_STREAM, 
-                                          socket->flags | SOCKET_FLAG_ENCRYPT);
+                                          socket_ctx->flags | SOCKET_FLAG_ENCRYPT);
        if (!NT_STATUS_IS_OK(nt_status)) {
                return NULL;
        }
@@ -475,16 +481,9 @@ struct socket_context *tls_init_server(struct tls_params *params,
                return NULL;
        }
 
-       tls->socket          = socket;
+       tls->socket          = socket_ctx;
+       talloc_steal(tls, socket_ctx);
        tls->fde             = fde;
-       if (talloc_reference(tls, fde) == NULL) {
-               talloc_free(new_sock);
-               return NULL;
-       }
-       if (talloc_reference(tls, socket) == NULL) {
-               talloc_free(new_sock);
-               return NULL;
-       }
 
        new_sock->private_data    = tls;
 
@@ -534,20 +533,19 @@ failed:
 /*
   setup for a new client connection
 */
-struct socket_context *tls_init_client(struct socket_context *socket,
-                                      struct fd_event *fde,
+struct socket_context *tls_init_client(struct socket_context *socket_ctx,
+                                      struct tevent_fd *fde,
                                       const char *ca_path)
 {
        struct tls_context *tls;
        int ret = 0;
        const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-       char *cafile;
        struct socket_context *new_sock;
        NTSTATUS nt_status;
        
-       nt_status = socket_create_with_ops(socket, &tls_socket_ops, &new_sock, 
+       nt_status = socket_create_with_ops(socket_ctx, &tls_socket_ops, &new_sock, 
                                           SOCKET_TYPE_STREAM, 
-                                          socket->flags | SOCKET_FLAG_ENCRYPT);
+                                          socket_ctx->flags | SOCKET_FLAG_ENCRYPT);
        if (!NT_STATUS_IS_OK(nt_status)) {
                return NULL;
        }
@@ -555,20 +553,16 @@ struct socket_context *tls_init_client(struct socket_context *socket,
        tls = talloc(new_sock, struct tls_context);
        if (tls == NULL) return NULL;
 
-       tls->socket          = socket;
+       tls->socket          = socket_ctx;
+       talloc_steal(tls, socket_ctx);
        tls->fde             = fde;
-       if (talloc_reference(tls, fde) == NULL) {
-               return NULL;
-       }
-       if (talloc_reference(tls, socket) == NULL) {
-               return NULL;
-       }
+
        new_sock->private_data    = tls;
 
        gnutls_global_init();
 
        gnutls_certificate_allocate_credentials(&tls->xcred);
-       gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
+       gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
        TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
        TLSCHECK(gnutls_set_default_priority(tls->session));
        gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
@@ -663,7 +657,7 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
 */
 struct socket_context *tls_init_server(struct tls_params *params, 
                                    struct socket_context *socket,
-                                   struct fd_event *fde, 
+                                   struct tevent_fd *fde, 
                                    const char *plain_chars)
 {
        return NULL;
@@ -674,7 +668,7 @@ struct socket_context *tls_init_server(struct tls_params *params,
   setup for a new client connection
 */
 struct socket_context *tls_init_client(struct socket_context *socket,
-                                      struct fd_event *fde,
+                                      struct tevent_fd *fde,
                                       const char *ca_path)
 {
        return NULL;
Work in progress branches