/src/samba/source3/lib/tldap_tls_connect.c
Line | Count | Source |
1 | | /* |
2 | | * Unix SMB/CIFS implementation. |
3 | | * tls based tldap connect |
4 | | * Copyright (C) Stefan Metzmacher 2024 |
5 | | * |
6 | | * This program is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU General Public License as published by |
8 | | * the Free Software Foundation; either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * This program is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU General Public License |
17 | | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
18 | | */ |
19 | | |
20 | | #include "replace.h" |
21 | | #include "tldap.h" |
22 | | #include "tldap_tls_connect.h" |
23 | | #include "lib/util/samba_util.h" |
24 | | #include "lib/util/debug.h" |
25 | | #include "lib/param/param.h" |
26 | | #include "../libcli/util/ntstatus.h" |
27 | | #include "../source4/lib/tls/tls.h" |
28 | | |
29 | | struct tldap_tls_connect_state { |
30 | | struct tevent_context *ev; |
31 | | struct tldap_context *ctx; |
32 | | struct tstream_tls_params *tls_params; |
33 | | }; |
34 | | |
35 | | static void tldap_tls_connect_crypto_done(struct tevent_req *subreq); |
36 | | |
37 | | struct tevent_req *tldap_tls_connect_send(TALLOC_CTX *mem_ctx, |
38 | | struct tevent_context *ev, |
39 | | struct tldap_context *ctx, |
40 | | struct tstream_tls_params *tls_params) |
41 | 0 | { |
42 | 0 | struct tevent_req *req = NULL, *subreq = NULL; |
43 | 0 | struct tldap_tls_connect_state *state = NULL; |
44 | 0 | struct tstream_context *plain_stream = NULL; |
45 | |
|
46 | 0 | req = tevent_req_create(mem_ctx, &state, |
47 | 0 | struct tldap_tls_connect_state); |
48 | 0 | if (req == NULL) { |
49 | 0 | return NULL; |
50 | 0 | } |
51 | 0 | state->ev = ev; |
52 | 0 | state->ctx = ctx; |
53 | 0 | state->tls_params = tls_params; |
54 | |
|
55 | 0 | if (!tldap_connection_ok(ctx)) { |
56 | 0 | DBG_ERR("tldap_connection_ok() => false\n"); |
57 | 0 | tevent_req_ldap_error(req, TLDAP_CONNECT_ERROR); |
58 | 0 | return tevent_req_post(req, ev); |
59 | 0 | } |
60 | | |
61 | 0 | if (tldap_has_gensec_tstream(ctx)) { |
62 | 0 | DBG_ERR("tldap_has_gensec_tstream() => true\n"); |
63 | 0 | tevent_req_ldap_error(req, TLDAP_LOCAL_ERROR); |
64 | 0 | return tevent_req_post(req, ev); |
65 | 0 | } |
66 | | |
67 | 0 | plain_stream = tldap_get_plain_tstream(state->ctx); |
68 | 0 | if (plain_stream == NULL) { |
69 | 0 | DBG_ERR("tldap_get_plain_tstream() = NULL\n"); |
70 | 0 | tevent_req_ldap_error(req, TLDAP_LOCAL_ERROR); |
71 | 0 | return req; |
72 | 0 | } |
73 | | |
74 | 0 | subreq = tstream_tls_connect_send(state, |
75 | 0 | state->ev, |
76 | 0 | plain_stream, |
77 | 0 | state->tls_params); |
78 | 0 | if (tevent_req_nomem(subreq, req)) { |
79 | 0 | return tevent_req_post(req, ev); |
80 | 0 | } |
81 | 0 | tevent_req_set_callback(subreq, |
82 | 0 | tldap_tls_connect_crypto_done, |
83 | 0 | req); |
84 | 0 | return req; |
85 | 0 | } |
86 | | |
87 | | static void tldap_tls_connect_crypto_done(struct tevent_req *subreq) |
88 | 0 | { |
89 | 0 | struct tevent_req *req = tevent_req_callback_data( |
90 | 0 | subreq, struct tevent_req); |
91 | 0 | struct tldap_tls_connect_state *state = tevent_req_data( |
92 | 0 | req, struct tldap_tls_connect_state); |
93 | 0 | struct tstream_context *tls_stream = NULL; |
94 | 0 | int ret; |
95 | 0 | int error; |
96 | |
|
97 | 0 | ret = tstream_tls_connect_recv(subreq, &error, state, &tls_stream); |
98 | 0 | TALLOC_FREE(subreq); |
99 | 0 | if (ret != 0) { |
100 | 0 | DBG_ERR("tstream_tls_connect_recv(%s): %d %d\n", |
101 | 0 | tstream_tls_params_peer_name(state->tls_params), |
102 | 0 | ret, |
103 | 0 | error); |
104 | 0 | tevent_req_ldap_error(req, TLDAP_CONNECT_ERROR); |
105 | 0 | return; |
106 | 0 | } |
107 | | |
108 | 0 | tldap_set_tls_tstream(state->ctx, &tls_stream); |
109 | |
|
110 | 0 | tevent_req_done(req); |
111 | 0 | } |
112 | | |
113 | | TLDAPRC tldap_tls_connect_recv(struct tevent_req *req) |
114 | 0 | { |
115 | 0 | TLDAPRC rc; |
116 | |
|
117 | 0 | if (tevent_req_is_ldap_error(req, &rc)) { |
118 | 0 | return rc; |
119 | 0 | } |
120 | | |
121 | 0 | return TLDAP_SUCCESS; |
122 | 0 | } |
123 | | |
124 | | TLDAPRC tldap_tls_connect(struct tldap_context *ctx, |
125 | | struct tstream_tls_params *tls_params) |
126 | 0 | { |
127 | 0 | TALLOC_CTX *frame = talloc_stackframe(); |
128 | 0 | struct tevent_context *ev; |
129 | 0 | struct tevent_req *req; |
130 | 0 | TLDAPRC rc = TLDAP_NO_MEMORY; |
131 | |
|
132 | 0 | ev = samba_tevent_context_init(frame); |
133 | 0 | if (ev == NULL) { |
134 | 0 | goto fail; |
135 | 0 | } |
136 | 0 | req = tldap_tls_connect_send(frame, ev, ctx, tls_params); |
137 | 0 | if (req == NULL) { |
138 | 0 | goto fail; |
139 | 0 | } |
140 | 0 | if (!tevent_req_poll(req, ev)) { |
141 | 0 | rc = TLDAP_OPERATIONS_ERROR; |
142 | 0 | goto fail; |
143 | 0 | } |
144 | 0 | rc = tldap_tls_connect_recv(req); |
145 | 0 | fail: |
146 | | TALLOC_FREE(frame); |
147 | 0 | return rc; |
148 | 0 | } |