summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2005-05-27 12:23:52 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:17:06 -0500
commitf466b722224d15a9674e04eca1175975d73e7d7a (patch)
tree41798f96d6aeea189f0617d06bdd1ef91e3e972f /source4
parent5ad5d0fb43d99748143cfee0ef60ae28b6654e31 (diff)
downloadsamba-f466b722224d15a9674e04eca1175975d73e7d7a.tar.gz
samba-f466b722224d15a9674e04eca1175975d73e7d7a.tar.bz2
samba-f466b722224d15a9674e04eca1175975d73e7d7a.zip
r7016: - added smb.conf parm 'web tls = true/false'
- by default enable tls if the certfile is set in smb.conf and gnutls library was compiled in (This used to be commit bbafdeae3a68c0ff1170b0a4ecc568664ec1a925)
Diffstat (limited to 'source4')
-rw-r--r--source4/param/loadparm.c4
-rw-r--r--source4/web_server/tls.c2
2 files changed, 5 insertions, 1 deletions
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index ab9dbdf47f..10660ffde7 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -179,6 +179,7 @@ typedef struct
char *szIDMapBackend;
char *szGuestaccount;
char *swat_directory;
+ BOOL web_tls;
char *web_keyfile;
char *web_certfile;
char *web_cafile;
@@ -595,6 +596,7 @@ static struct parm_struct parm_table[] = {
{"dgram port", P_INTEGER, P_GLOBAL, &Globals.dgram_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"cldap port", P_INTEGER, P_GLOBAL, &Globals.cldap_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"web port", P_INTEGER, P_GLOBAL, &Globals.web_port, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
+ {"web tls", P_BOOL, P_GLOBAL, &Globals.web_tls, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"web tls keyfile", P_STRING, P_GLOBAL, &Globals.web_keyfile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"web tls certfile", P_STRING, P_GLOBAL, &Globals.web_certfile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"web tls cafile", P_STRING, P_GLOBAL, &Globals.web_cafile, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
@@ -1044,6 +1046,7 @@ static void init_globals(void)
do_parameter("max wins ttl", "432000");
do_parameter("min wins ttl", "10");
+ do_parameter("web tls", "True");
do_parameter_var("web tls keyfile", "%s/tls/key.pem", dyn_PRIVATE_DIR);
do_parameter_var("web tls certfile", "%s/tls/cert.pem", dyn_PRIVATE_DIR);
do_parameter_var("web tls cafile", "%s/tls/ca.pem", dyn_PRIVATE_DIR);
@@ -1148,6 +1151,7 @@ FN_GLOBAL_INTEGER(lp_cldap_port, &Globals.cldap_port)
FN_GLOBAL_INTEGER(lp_web_port, &Globals.web_port)
FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset)
FN_GLOBAL_STRING(lp_swat_directory, &Globals.swat_directory)
+FN_GLOBAL_BOOL(lp_web_tls, &Globals.web_tls)
FN_GLOBAL_STRING(lp_web_keyfile, &Globals.web_keyfile)
FN_GLOBAL_STRING(lp_web_certfile, &Globals.web_certfile)
FN_GLOBAL_STRING(lp_web_cafile, &Globals.web_cafile)
diff --git a/source4/web_server/tls.c b/source4/web_server/tls.c
index 4129d59355..2d71ac0c37 100644
--- a/source4/web_server/tls.c
+++ b/source4/web_server/tls.c
@@ -57,7 +57,7 @@ void tls_initialise(struct task_server *task)
const char *cafile = lp_web_cafile();
const char *crlfile = lp_web_crlfile();
- if (!lp_parm_bool(-1, "web", "tls", False)) {
+ if (!lp_web_tls() || keyfile == NULL || *keyfile == 0) {
return;
}