Context Navigation

← Previous Change
Next Change →

Changeset 740 for vendor/current/source4/lib/tls

Timestamp:

Nov 14, 2012, 12:59:34 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to 3.6.0

Location:

vendor/current/source4/lib/tls

Files:

: 2 added
: 2 deleted
: 3 edited

config.m4 (deleted)
config.mk (deleted)
tls.c (modified) (3 diffs)
tls.h (modified) (1 diff)
tls_tstream.c (added)
tlscert.c (modified) (1 diff)
wscript (added)

Legend:

: Unmodified
: Added
: Removed

vendor/current/source4/lib/tls/tls.c

-              r414
+              r740
         int ret;
         TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
         const char *keyfile = lp_tls_keyfile(tmp_ctx, lp_ctx);
         const char *certfile = lp_tls_certfile(tmp_ctx, lp_ctx);
         const char *cafile = lp_tls_cafile(tmp_ctx, lp_ctx);
         const char *crlfile = lp_tls_crlfile(tmp_ctx, lp_ctx);
         const char *dhpfile = lp_tls_dhpfile(tmp_ctx, lp_ctx);
+        const char *keyfile = lpcfg_tls_keyfile(tmp_ctx, lp_ctx);
+        const char *certfile = lpcfg_tls_certfile(tmp_ctx, lp_ctx);
+        const char *cafile = lpcfg_tls_cafile(tmp_ctx, lp_ctx);
+        const char *crlfile = lpcfg_tls_crlfile(tmp_ctx, lp_ctx);
+        const char *dhpfile = lpcfg_tls_dhpfile(tmp_ctx, lp_ctx);
         void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *, const char *);
         params = talloc(mem_ctx, struct tls_params);
 …
+        }
         if (!lp_tls_enabled(lp_ctx) || keyfile == NULL || *keyfile == 0) {
+        if (!lpcfg_tls_enabled(lp_ctx) || keyfile == NULL || *keyfile == 0) {
                 params->tls_enabled = false;
                 talloc_free(tmp_ctx);
 …
         if (!file_exist(cafile)) {
                 char *hostname = talloc_asprintf(mem_ctx, "%s.%s",
+                                                 lp_netbios_name(lp_ctx), lp_realm(lp_ctx));
+                                                 lpcfg_netbios_name(lp_ctx),
+                                                 lpcfg_dnsdomain(lp_ctx));
                 if (hostname == NULL) {
                         goto init_failed;

vendor/current/source4/lib/tls/tls.h

-              r414
+              r740
 const struct socket_ops *socket_tls_ops(enum socket_type type);
+#endif
+struct tstream_context;
+struct tstream_tls_params;
+NTSTATUS tstream_tls_params_client(TALLOC_CTX *mem_ctx,
+                                   const char *ca_file,
+                                   const char *crl_file,
+                                   struct tstream_tls_params **_tlsp);
+NTSTATUS tstream_tls_params_server(TALLOC_CTX *mem_ctx,
+                                   const char *dns_host_name,
+                                   bool enabled,
+                                   const char *key_file,
+                                   const char *cert_file,
+                                   const char *ca_file,
+                                   const char *crl_file,
+                                   const char *dhp_file,
+                                   struct tstream_tls_params **_params);
+bool tstream_tls_params_enabled(struct tstream_tls_params *params);
+struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx,
+                                             struct tevent_context *ev,
+                                             struct tstream_context *plain_stream,
+                                             struct tstream_tls_params *tls_params,
+                                             const char *location);
+#define tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params); \
+        _tstream_tls_connect_send(mem_ctx, ev, plain_stream, tls_params, __location__)
+int tstream_tls_connect_recv(struct tevent_req *req,
+                             int *perrno,
+                             TALLOC_CTX *mem_ctx,
+                             struct tstream_context **tls_stream);
+struct tevent_req *_tstream_tls_accept_send(TALLOC_CTX *mem_ctx,
+                                            struct tevent_context *ev,
+                                            struct tstream_context *plain_stream,
+                                            struct tstream_tls_params *tls_params,
+                                            const char *location);
+#define tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params) \
+        _tstream_tls_accept_send(mem_ctx, ev, plain_stream, tls_params, __location__)
+int tstream_tls_accept_recv(struct tevent_req *req,
+                            int *perrno,
+                            TALLOC_CTX *mem_ctx,
+                            struct tstream_context **tls_stream);
+#endif /* _TLS_H_ */

vendor/current/source4/lib/tls/tlscert.c

-              r414
+              r740
         bufsize = sizeof(buf);
         TLSCHECK(gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buf, &bufsize));
+        file_save(certfile, buf, bufsize);
+        if (!file_save(certfile, buf, bufsize)) {
+                DEBUG(0,("Unable to save certificate in %s parent dir exists ?\n", certfile));
+                goto failed;
+        }
         bufsize = sizeof(buf);
         TLSCHECK(gnutls_x509_crt_export(cacrt, GNUTLS_X509_FMT_PEM, buf, &bufsize));
+        file_save(cafile, buf, bufsize);
+        if (!file_save(cafile, buf, bufsize)) {
+                DEBUG(0,("Unable to save ca cert in %s parent dir exists ?\n", cafile));
+                goto failed;
+        }
         bufsize = sizeof(buf);
         TLSCHECK(gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buf, &bufsize));
+        file_save(keyfile, buf, bufsize);
+        if (!file_save(keyfile, buf, bufsize)) {
+                DEBUG(0,("Unable to save privatekey in %s parent dir exists ?\n", keyfile));
+                goto failed;
+        }
         gnutls_x509_privkey_deinit(key);

Note: See TracChangeset for help on using the changeset viewer.