r15400: Move the TLS code behind the socket interface.

This reduces caller complexity, because the TLS code is now called
just like any other socket.  (A new socket context is returned by the
tls_init_server and tls_init_client routines).

When TLS is not available, the original socket is returned.

Andrew Bartlett
(This used to be commit 09b2f30dfa7a640f5187b4933204e9680be61497)

3 files changed, 9 insertions, 11 deletions

diff --git a/source4/web_server/http.c b/source4/web_server/http.c
index 93d81ef1d0..f79bedb2de 100644
--- a/source4/web_server/http.c
+++ b/source4/web_server/http.c
@@ -237,12 +237,12 @@ static void http_redirect(EspHandle handle, int code, char *url)
 			char *p = strrchr(web->input.url, '/');
 			if (p == web->input.url) {
 				url = talloc_asprintf(web, "http%s://%s/%s", 
-						      tls_enabled(web->tls)?"s":"",
+						      tls_enabled(web->conn->socket)?"s":"",
 						      host, url);
 			} else {
 				int dirlen = p - web->input.url;
 				url = talloc_asprintf(web, "http%s://%s%*.*s/%s",
-						      tls_enabled(web->tls)?"s":"",
+						      tls_enabled(web->conn->socket)?"s":"",
 						      host, 
 						      dirlen, dirlen, web->input.url,
 						      url);
@@ -452,7 +452,7 @@ static void http_setup_arrays(struct esp_state *esp)
 	}
 
 	SETVAR(ESP_SERVER_OBJ, "DOCUMENT_ROOT", lp_swat_directory());
-	SETVAR(ESP_SERVER_OBJ, "SERVER_PROTOCOL", tls_enabled(web->tls)?"https":"http");
+	SETVAR(ESP_SERVER_OBJ, "SERVER_PROTOCOL", tls_enabled(web->conn->socket)?"https":"http");
 	SETVAR(ESP_SERVER_OBJ, "SERVER_SOFTWARE", "SWAT");
 	SETVAR(ESP_SERVER_OBJ, "GATEWAY_INTERFACE", "CGI/1.1");
 	SETVAR(ESP_SERVER_OBJ, "TLS_SUPPORT", tls_support(edata->tls_params)?"True":"False");
diff --git a/source4/web_server/web_server.c b/source4/web_server/web_server.c
index 05c315e4fa..93d59cc47a 100644
--- a/source4/web_server/web_server.c
+++ b/source4/web_server/web_server.c
@@ -76,7 +76,7 @@ static void websrv_recv(struct stream_connection *conn, uint16_t flags)
 	DATA_BLOB b;
 
 	/* not the most efficient http parser ever, but good enough for us */
-	status = tls_socket_recv(web->tls, buf, sizeof(buf), &nread);
+	status = socket_recv(conn->socket, buf, sizeof(buf), &nread);
 	if (NT_STATUS_IS_ERR(status)) goto failed;
 	if (!NT_STATUS_IS_OK(status)) return;
 
@@ -149,7 +149,7 @@ static void websrv_send(struct stream_connection *conn, uint16_t flags)
 	b.data += web->output.nsent;
 	b.length -= web->output.nsent;
 
-	status = tls_socket_send(web->tls, &b, &nsent);
+	status = socket_send(conn->socket, &b, &nsent);
 	if (NT_STATUS_IS_ERR(status)) {
 		stream_terminate_connection(web->conn, "socket_send: failed");
 		return;
@@ -183,8 +183,6 @@ static void websrv_send(struct stream_connection *conn, uint16_t flags)
 
 	if (web->output.content.length == web->output.nsent && 
 	    web->output.fd == -1) {
-		talloc_free(web->tls);
-		web->tls = NULL;
 		stream_terminate_connection(web->conn, "websrv_send: finished sending");
 	}
 }
@@ -211,9 +209,10 @@ static void websrv_accept(struct stream_connection *conn)
 			timeval_current_ofs(HTTP_TIMEOUT, 0),
 			websrv_timeout, web);
 
-	web->tls = tls_init_server(edata->tls_params, conn->socket, 
-				   conn->event.fde, "GPHO", True);
-	if (web->tls == NULL) goto failed;
+	/* Overwrite the socket with a (possibly) TLS socket */
+	conn->socket = tls_init_server(edata->tls_params, conn->socket, 
+				       conn->event.fde, "GPHO");
+	if (conn->socket == NULL) goto failed;
 
 	return;
 
diff --git a/source4/web_server/web_server.h b/source4/web_server/web_server.h
index 6e266cc8bc..f64a946bee 100644
--- a/source4/web_server/web_server.h
+++ b/source4/web_server/web_server.h
@@ -54,7 +54,6 @@ struct websrv_context {
 		int response_code;
 		const char **headers;
 	} output;
-	struct tls_context *tls;
 	struct session_data *session;
 };