This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#ifndef _TLS_H_
+#define _TLS_H_
+
+#include "lib/socket/socket.h"
+
+struct loadparm_context;
+
/*
call tls_initialise() once per task to startup the tls subsystem
*/
-struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx);
+struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx);
/*
call tls_init_server() on each new server connection
tls and non-tls servers on the same port. If this is NULL then only
tls connections will be allowed
*/
-struct tls_context *tls_init_server(struct tls_params *parms,
+struct socket_context *tls_init_server(struct tls_params *parms,
struct socket_context *sock,
- struct fd_event *fde,
+ struct tevent_fd *fde,
const char *plain_chars);
/*
- call these to send and receive data. They behave like socket_send() and socket_recv()
- */
-NTSTATUS tls_socket_recv(struct tls_context *tls, void *buf, size_t wantlen,
- size_t *nread);
-NTSTATUS tls_socket_send(struct tls_context *tls, const DATA_BLOB *blob,
- size_t *sendlen);
+ call tls_init_client() on each new client connection
+*/
+struct socket_context *tls_init_client(struct socket_context *sock,
+ struct tevent_fd *fde,
+ const char *cafile);
/*
return True if a connection used tls
*/
-BOOL tls_enabled(struct tls_context *tls);
+bool tls_enabled(struct socket_context *tls);
/*
true if tls support is compiled in
*/
-BOOL tls_support(struct tls_params *parms);
+bool tls_support(struct tls_params *parms);
+const struct socket_ops *socket_tls_ops(enum socket_type type);
-/*
- ask for the number of bytes in a pending incoming packet
-*/
-NTSTATUS tls_socket_pending(struct tls_context *tls, size_t *npending);
+struct tstream_context;
+struct tstream_tls_params;
+
+/**
+ * @brief Initiate a TLS tunnel on top of a given tstream
+ *
+ * @param[in] mem_ctx
+ * @param[in] ev
+ *
+ * @param[in] plain_stream The plain tstream which is used as transport.
+ * It's important that the caller keeps the "plain"
+ * tstream_context arround during the whole life
+ * time of the "tls" tstream_context!
+ * Note: tstream_disconnect_send()/recv() doesn't
+ * disconnect the "plain" tstream_context.
+ *
+ * @param[in] tls_params ...
+ *
+ * @return
+ *
+ * @see tstream_tls_connect_recv
+ */
+#ifdef DOXYGEN
+struct tevent_req *tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *plain_stream,
+ struct tstream_tls_params *tls_params);
+#else
+struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *plain_stream,
+ struct tstream_tls_params *tls_params,
+ const char *location);
+#define tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params); \
+ _tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params, __location__)
+#endif
+
+/**
+ * @brief Receives the async result of tevent_tls_connect_send
+ *
+ * @param[in] req
+ *
+ * @param[out] perrno
+ *
+ * @param[in] mem_ctx
+ *
+ * @param[out] tls_stream
+ *
+ * @return
+ *
+ * @see tstream_tls_connect_send
+ */
+int tstream_tls_connect_recv(struct tevent_req *req,
+ int *perrno,
+ TALLOC_CTX *mem_ctx,
+ struct tstream_context **tls_stream);
+
+/**
+ * @brief Accept a TLS tunnel on top of a given tstream
+ *
+ * @param[in] mem_ctx
+ * @param[in] ev
+ *
+ * @param[in] plain_stream The plain tstream which is used as transport.
+ * It's important that the caller keeps the "plain"
+ * tstream_context arround during the whole life
+ * time of the "tls" tstream_context!
+ * Note: tstream_disconnect_send()/recv() doesn't
+ * disconnect the "plain" tstream_context.
+ *
+ * @param[in] tls_params ...
+ *
+ * @return
+ *
+ * @see tstream_tls_accept_recv
+ */
+#ifdef DOXYGEN
+struct tevent_req *tstream_tls_accept_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *plain_stream,
+ struct tstream_tls_params *tls_params);
+#else
+struct tevent_req *_tstream_tls_accept_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *plain_stream,
+ struct tstream_tls_params *tls_params,
+ const char *location);
+#define tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params); \
+ _tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params, __location__)
+#endif
+
+/**
+ * @brief Receives the async result of tevent_tls_accept_send
+ *
+ * @param[in] req
+ *
+ * @param[out] perrno
+ *
+ * @param[in] mem_ctx
+ *
+ * @param[out] tls_stream
+ *
+ * @return
+ *
+ * @see tstream_tls_accept_send
+ */
+int tstream_tls_accept_recv(struct tevent_req *req,
+ int *perrno,
+ TALLOC_CTX *mem_ctx,
+ struct tstream_context **tls_stream);
+#endif /* _TLS_H_ */
git.samba.org / metze / samba / wip.git / blobdiff