s4:lib/tls - call "gnutls_transport_set_lowat" only on GNUTLS < 3.0

[mdw/samba.git] / source4 / lib / tls / tls.c
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c

index 1014ab07a8a672757f1e186c2e17200d4edfd3ea..3a49e2f2e8c4619bf022c1d5b24e044c05647a58 100644 (file)
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -126,21 +126,21 @@ static ssize_t tls_pull(gnutls_transport_ptr ptr, void *buf, size_t size)
                 return 0;
         }
         if (NT_STATUS_IS_ERR(status)) {
-               EVENT_FD_NOT_READABLE(tls->fde);
-               EVENT_FD_NOT_WRITEABLE(tls->fde);
+               TEVENT_FD_NOT_READABLE(tls->fde);
+               TEVENT_FD_NOT_WRITEABLE(tls->fde);
                 errno = EBADF;
                 return -1;
         }
         if (!NT_STATUS_IS_OK(status)) {
-               EVENT_FD_READABLE(tls->fde);
+               TEVENT_FD_READABLE(tls->fde);
                 errno = EAGAIN;
                 return -1;
         }
         if (tls->output_pending) {
-               EVENT_FD_WRITEABLE(tls->fde);
+               TEVENT_FD_WRITEABLE(tls->fde);
         }
         if (size != nread) {
-               EVENT_FD_READABLE(tls->fde);
+               TEVENT_FD_READABLE(tls->fde);
         }
         return nread;
  }
@@ -168,11 +168,11 @@ static ssize_t tls_push(gnutls_transport_ptr ptr, const void *buf, size_t size)
                 return -1;
         }
         if (!NT_STATUS_IS_OK(status)) {
-               EVENT_FD_WRITEABLE(tls->fde);
+               TEVENT_FD_WRITEABLE(tls->fde);
                 return -1;
         }
         if (size != nwritten) {
-               EVENT_FD_WRITEABLE(tls->fde);
+               TEVENT_FD_WRITEABLE(tls->fde);
         }
         return nwritten;
  }
@@ -185,7 +185,7 @@ static int tls_destructor(struct tls_context *tls)
         int ret;
         ret = gnutls_bye(tls->session, GNUTLS_SHUT_WR);
         if (ret < 0) {
-               DEBUG(0,("TLS gnutls_bye failed - %s\n", gnutls_strerror(ret)));
+               DEBUG(4,("TLS gnutls_bye failed - %s\n", gnutls_strerror(ret)));
         }
         return 0;
  }
@@ -205,7 +205,7 @@ static NTSTATUS tls_handshake(struct tls_context *tls)
         ret = gnutls_handshake(tls->session);
         if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
                 if (gnutls_record_get_direction(tls->session) == 1) {
-                       EVENT_FD_WRITEABLE(tls->fde);
+                       TEVENT_FD_WRITEABLE(tls->fde);
                 }
                 return STATUS_MORE_ENTRIES;
         }
@@ -298,7 +298,7 @@ static NTSTATUS tls_socket_recv(struct socket_context *sock, void *buf,
         ret = gnutls_record_recv(tls->session, buf, wantlen);
         if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
                 if (gnutls_record_get_direction(tls->session) == 1) {
-                       EVENT_FD_WRITEABLE(tls->fde);
+                       TEVENT_FD_WRITEABLE(tls->fde);
                 }
                 tls->interrupted = true;
                 return STATUS_MORE_ENTRIES;
@@ -334,7 +334,7 @@ static NTSTATUS tls_socket_send(struct socket_context *sock,
         ret = gnutls_record_send(tls->session, blob->data, blob->length);
         if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN) {
                 if (gnutls_record_get_direction(tls->session) == 1) {
-                       EVENT_FD_WRITEABLE(tls->fde);
+                       TEVENT_FD_WRITEABLE(tls->fde);
                 }
                 tls->interrupted = true;
                 return STATUS_MORE_ENTRIES;
@@ -357,11 +357,11 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
         struct tls_params *params;
         int ret;
         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-       const char *keyfile = lp_tls_keyfile(tmp_ctx, lp_ctx);
-       const char *certfile = lp_tls_certfile(tmp_ctx, lp_ctx);
-       const char *cafile = lp_tls_cafile(tmp_ctx, lp_ctx);
-       const char *crlfile = lp_tls_crlfile(tmp_ctx, lp_ctx);
-       const char *dhpfile = lp_tls_dhpfile(tmp_ctx, lp_ctx);
+       const char *keyfile = lpcfg_tls_keyfile(tmp_ctx, lp_ctx);
+       const char *certfile = lpcfg_tls_certfile(tmp_ctx, lp_ctx);
+       const char *cafile = lpcfg_tls_cafile(tmp_ctx, lp_ctx);
+       const char *crlfile = lpcfg_tls_crlfile(tmp_ctx, lp_ctx);
+       const char *dhpfile = lpcfg_tls_dhpfile(tmp_ctx, lp_ctx);
         void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *, const char *);
         params = talloc(mem_ctx, struct tls_params);
         if (params == NULL) {
@@ -369,7 +369,7 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
                 return NULL;
         }
  
-       if (!lp_tls_enabled(lp_ctx) || keyfile == NULL || *keyfile == 0) {
+       if (!lpcfg_tls_enabled(lp_ctx) || keyfile == NULL || *keyfile == 0) {
                 params->tls_enabled = false;
                 talloc_free(tmp_ctx);
                 return params;
@@ -377,7 +377,8 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx, struct loadparm_context *
  
         if (!file_exist(cafile)) {
                 char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
-                                                lp_netbios_name(lp_ctx), lp_realm(lp_ctx));
+                                                lpcfg_netbios_name(lp_ctx),
+                                                lpcfg_dnsdomain(lp_ctx));
                 if (hostname == NULL) {
                         goto init_failed;
                 }
@@ -482,15 +483,8 @@ struct socket_context *tls_init_server(struct tls_params *params,
         }
  
         tls->socket          = socket_ctx;
+       talloc_steal(tls, socket_ctx);
         tls->fde             = fde;
-       if (talloc_reference(tls, fde) == NULL) {
-               talloc_free(new_sock);
-               return NULL;
-       }
-       if (talloc_reference(tls, socket_ctx) == NULL) {
-               talloc_free(new_sock);
-               return NULL;
-       }
  
         new_sock->private_data    = tls;
  
@@ -511,7 +505,9 @@ struct socket_context *tls_init_server(struct tls_params *params,
         gnutls_transport_set_ptr(tls->session, (gnutls_transport_ptr)tls);
         gnutls_transport_set_pull_function(tls->session, (gnutls_pull_func)tls_pull);
         gnutls_transport_set_push_function(tls->session, (gnutls_push_func)tls_push);
+#if GNUTLS_VERSION_MAJOR < 3
         gnutls_transport_set_lowat(tls->session, 0);
+#endif
  
         tls->plain_chars = plain_chars;
         if (plain_chars) {
@@ -547,7 +543,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
         struct tls_context *tls;
         int ret = 0;
         const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
-       char *cafile;
         struct socket_context *new_sock;
         NTSTATUS nt_status;
         
@@ -562,19 +557,15 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
         if (tls == NULL) return NULL;
  
         tls->socket          = socket_ctx;
+       talloc_steal(tls, socket_ctx);
         tls->fde             = fde;
-       if (talloc_reference(tls, fde) == NULL) {
-               return NULL;
-       }
-       if (talloc_reference(tls, socket_ctx) == NULL) {
-               return NULL;
-       }
+
         new_sock->private_data    = tls;
  
         gnutls_global_init();
  
         gnutls_certificate_allocate_credentials(&tls->xcred);
-       gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
+       gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM);
         TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
         TLSCHECK(gnutls_set_default_priority(tls->session));
         gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
@@ -585,7 +576,9 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx,
         gnutls_transport_set_ptr(tls->session, (gnutls_transport_ptr)tls);
         gnutls_transport_set_pull_function(tls->session, (gnutls_pull_func)tls_pull);
         gnutls_transport_set_push_function(tls->session, (gnutls_push_func)tls_push);
+#if GNUTLS_VERSION_MAJOR < 3
         gnutls_transport_set_lowat(tls->session, 0);
+#endif
         tls->tls_detect = false;
  
         tls->output_pending  = false;