s4:lib/tls: add tstream_tls_params_client_lpcfg()

author Stefan Metzmacher <metze@samba.org>

Tue, 13 Feb 2024 15:36:27 +0000 (16:36 +0100)

committer Andrew Bartlett <abartlet@samba.org>

Tue, 23 Apr 2024 23:50:33 +0000 (23:50 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 13 Feb 2024 15:36:27 +0000 (16:36 +0100)
committer Andrew Bartlett <abartlet@samba.org>
Tue, 23 Apr 2024 23:50:33 +0000 (23:50 +0000)
diff --git a/source4/lib/tls/tls.h b/source4/lib/tls/tls.h

index d9b18ff4d0838e680bf6fba1129205e9199c2750..5634cce516c2d065c5b4667ed535fcd12c36f6bf 100644 (file)
--- a/source4/lib/tls/tls.h
+++ b/source4/lib/tls/tls.h
@@ -63,6 +63,11 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
                                    const char *peer_name,
                                    struct tstream_tls_params **_tlsp);
  
+NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx,
+                                        struct loadparm_context *lp_ctx,
+                                        const char *peer_name,
+                                        struct tstream_tls_params **tlsp);
+
  NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
                                    const char *dns_host_name,
                                    bool enabled,
diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c

index 55303c89ca0dd8a0d0121e39014e29bf65c41632..42b43020b4d377e39bf084a7fa8e2e273f19d04d 100644 (file)
--- a/source4/lib/tls/tls_tstream.c
+++ b/source4/lib/tls/tls_tstream.c
@@ -27,6 +27,7 @@
  #include "../lib/tsocket/tsocket_internal.h"
  #include "../lib/util/util_net.h"
  #include "lib/tls/tls.h"
+#include "lib/param/param.h"
  
  #include <gnutls/gnutls.h>
  #include <gnutls/x509.h>
@@ -986,6 +987,52 @@ NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
         return NT_STATUS_OK;
  }
  
+NTSTATUS tstream_tls_params_client_lpcfg(TALLOC_CTX *mem_ctx,
+                                        struct loadparm_context *lp_ctx,
+                                        const char *peer_name,
+                                        struct tstream_tls_params **tlsp)
+{
+       TALLOC_CTX *frame = talloc_stackframe();
+       const char *ptr = NULL;
+       char *ca_file = NULL;
+       char *crl_file = NULL;
+       const char *tls_priority = NULL;
+       enum tls_verify_peer_state verify_peer =
+               TLS_VERIFY_PEER_AS_STRICT_AS_POSSIBLE;
+       NTSTATUS status;
+
+       ptr = lpcfg__tls_cafile(lp_ctx);
+       if (ptr != NULL) {
+               ca_file = lpcfg_tls_cafile(frame, lp_ctx);
+               if (ca_file == NULL) {
+                       TALLOC_FREE(frame);
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+
+       ptr = lpcfg__tls_crlfile(lp_ctx);
+       if (ptr != NULL) {
+               crl_file = lpcfg_tls_crlfile(frame, lp_ctx);
+               if (crl_file == NULL) {
+                       TALLOC_FREE(frame);
+                       return NT_STATUS_NO_MEMORY;
+               }
+       }
+
+       tls_priority = lpcfg_tls_priority(lp_ctx);
+       verify_peer = lpcfg_tls_verify_peer(lp_ctx);
+
+       status = tstream_tls_params_client(mem_ctx,
+                                          ca_file,
+                                          crl_file,
+                                          tls_priority,
+                                          verify_peer,
+                                          peer_name,
+                                          tlsp);
+       TALLOC_FREE(frame);
+       return status;
+}
+
  static NTSTATUS tstream_tls_prepare_gnutls(struct tstream_tls_params *_tlsp,
                                            struct tstream_tls *tlss)
  {
author	Stefan Metzmacher <metze@samba.org>
	Tue, 13 Feb 2024 15:36:27 +0000 (16:36 +0100)
committer	Andrew Bartlett <abartlet@samba.org>
	Tue, 23 Apr 2024 23:50:33 +0000 (23:50 +0000)
source4/lib/tls/tls.h		patch \| blob \| history
source4/lib/tls/tls_tstream.c		patch \| blob \| history