svn commit: samba r7912 - in branches/SAMBA_4_0/source: lib lib/tls
param
tridge at samba.org
tridge at samba.org
Sun Jun 26 00:12:46 GMT 2005
Author: tridge
Date: 2005-06-26 00:12:44 +0000 (Sun, 26 Jun 2005)
New Revision: 7912
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=7912
Log:
make private_path() recognise a non-relative filename, so we can have
sam database = sam.ldb
and it will know to put it in the private dir, but if you use
sam database = ldap://server
it knows to use it as-is
Modified:
branches/SAMBA_4_0/source/lib/db_wrap.c
branches/SAMBA_4_0/source/lib/tls/tls.c
branches/SAMBA_4_0/source/lib/util.c
branches/SAMBA_4_0/source/param/loadparm.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/db_wrap.c
===================================================================
--- branches/SAMBA_4_0/source/lib/db_wrap.c 2005-06-25 23:53:14 UTC (rev 7911)
+++ branches/SAMBA_4_0/source/lib/db_wrap.c 2005-06-26 00:12:44 UTC (rev 7912)
@@ -83,8 +83,8 @@
struct ldb_wrap *w;
int ret;
struct event_context *ev;
+ char *real_url = NULL;
-
for (w = ldb_list; w; w = w->next) {
if (strcmp(url, w->url) == 0) {
return talloc_reference(mem_ctx, w->ldb);
@@ -112,13 +112,21 @@
talloc_free(ldb);
return NULL;
}
+
+ real_url = private_path(ldb, url);
+ if (real_url == NULL) {
+ talloc_free(ldb);
+ return NULL;
+ }
- ret = ldb_connect(ldb, url, flags, options);
+ ret = ldb_connect(ldb, real_url, flags, options);
if (ret == -1) {
talloc_free(ldb);
return NULL;
}
+ talloc_free(real_url);
+
w = talloc(ldb, struct ldb_wrap);
if (w == NULL) {
talloc_free(ldb);
Modified: branches/SAMBA_4_0/source/lib/tls/tls.c
===================================================================
--- branches/SAMBA_4_0/source/lib/tls/tls.c 2005-06-25 23:53:14 UTC (rev 7911)
+++ branches/SAMBA_4_0/source/lib/tls/tls.c 2005-06-26 00:12:44 UTC (rev 7912)
@@ -309,17 +309,22 @@
{
struct tls_params *params;
int ret;
- const char *keyfile = lp_tls_keyfile();
- const char *certfile = lp_tls_certfile();
- const char *cafile = lp_tls_cafile();
- const char *crlfile = lp_tls_crlfile();
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ const char *keyfile = private_path(tmp_ctx, lp_tls_keyfile());
+ const char *certfile = private_path(tmp_ctx, lp_tls_certfile());
+ const char *cafile = private_path(tmp_ctx, lp_tls_cafile());
+ const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile());
void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
params = talloc(mem_ctx, struct tls_params);
- if (params == NULL) return NULL;
+ if (params == NULL) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
if (!lp_tls_enabled() || keyfile == NULL || *keyfile == 0) {
params->tls_enabled = False;
+ talloc_free(tmp_ctx);
return params;
}
@@ -371,11 +376,13 @@
params->tls_enabled = True;
+ talloc_free(tmp_ctx);
return params;
init_failed:
DEBUG(0,("GNUTLS failed to initialise - %s\n", gnutls_strerror(ret)));
params->tls_enabled = False;
+ talloc_free(tmp_ctx);
return params;
}
@@ -450,6 +457,8 @@
struct tls_context *tls;
int ret;
const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+ char *cafile;
+
tls = talloc(socket, struct tls_context);
if (tls == NULL) return NULL;
@@ -461,11 +470,16 @@
return tls;
}
+ cafile = private_path(tls, lp_tls_cafile());
+ if (!cafile || !*cafile) {
+ goto failed;
+ }
+
gnutls_global_init();
gnutls_certificate_allocate_credentials(&tls->xcred);
- gnutls_certificate_set_x509_trust_file(tls->xcred, lp_tls_cafile(),
- GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
+ talloc_free(cafile);
TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
TLSCHECK(gnutls_set_default_priority(tls->session));
gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
Modified: branches/SAMBA_4_0/source/lib/util.c
===================================================================
--- branches/SAMBA_4_0/source/lib/util.c 2005-06-25 23:53:14 UTC (rev 7911)
+++ branches/SAMBA_4_0/source/lib/util.c 2005-06-26 00:12:44 UTC (rev 7912)
@@ -657,13 +657,19 @@
* @brief Returns an absolute path to a file in the Samba private directory.
*
* @param name File to find, relative to PRIVATEDIR.
+ * if name is not relative, then use it as-is
*
* @retval Pointer to a talloc'ed string containing the full path.
**/
-
char *private_path(TALLOC_CTX* mem_ctx, const char *name)
{
char *fname;
+ if (name == NULL) {
+ return NULL;
+ }
+ if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) {
+ return talloc_strdup(mem_ctx, name);
+ }
fname = talloc_asprintf(mem_ctx, "%s/%s", lp_private_dir(), name);
return fname;
}
Modified: branches/SAMBA_4_0/source/param/loadparm.c
===================================================================
--- branches/SAMBA_4_0/source/param/loadparm.c 2005-06-25 23:53:14 UTC (rev 7911)
+++ branches/SAMBA_4_0/source/param/loadparm.c 2005-06-26 00:12:44 UTC (rev 7912)
@@ -931,10 +931,10 @@
do_parameter("auth methods", "anonymous sam_ignoredomain");
do_parameter("smb passwd file", dyn_SMB_PASSWD_FILE);
do_parameter("private dir", dyn_PRIVATE_DIR);
- do_parameter_var("sam database", "tdb://%s/sam.ldb", dyn_PRIVATE_DIR);
- do_parameter_var("spoolss database", "tdb://%s/spoolss.ldb", dyn_PRIVATE_DIR);
- do_parameter_var("wins database", "tdb://%s/wins.ldb", dyn_PRIVATE_DIR);
- do_parameter_var("registry:HKEY_LOCAL_MACHINE", "ldb:/%s/hklm.ldb", dyn_PRIVATE_DIR);
+ do_parameter("sam database", "sam.ldb");
+ do_parameter("spoolss database", "spoolss.ldb");
+ do_parameter("wins database", "wins.ldb");
+ do_parameter("registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
do_parameter("guest account", GUEST_ACCOUNT);
/* using UTF8 by default allows us to support all chars */
@@ -1056,9 +1056,9 @@
do_parameter("min wins ttl", "10");
do_parameter("tls enabled", "True");
- do_parameter_var("tls keyfile", "%s/tls/key.pem", dyn_PRIVATE_DIR);
- do_parameter_var("tls certfile", "%s/tls/cert.pem", dyn_PRIVATE_DIR);
- do_parameter_var("tls cafile", "%s/tls/ca.pem", dyn_PRIVATE_DIR);
+ do_parameter("tls keyfile", "tls/key.pem");
+ do_parameter("tls certfile", "tls/cert.pem");
+ do_parameter("tls cafile", "tls/ca.pem");
}
static TALLOC_CTX *lp_talloc;
More information about the samba-cvs
mailing list