[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Sep 6 01:55:03 UTC 2017
The branch, master has been updated
via 2d0e138 python:samba: Add code to remove obsolete files in the private dir
via 8f2dee2 python:samba: Use 'binddns dir' in samba-tool and samba_upgradedns
via 3fa7c43 s4:bind_dlz: Use the 'binddns dir' if possible
via 4c9608f param: Add 'binddns dir' parameter
via 3b1aa2c python:samba: Remove code to change group
via 47c0397 dynconfig: Change permission of the private dir to 0700
from f8b491f cli_credentials: Fix a return value
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2d0e13837d8c6fab3fb296aafcabdf2a2973b96d
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 23 15:36:23 2017 +0200
python:samba: Add code to remove obsolete files in the private dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Sep 6 03:54:19 CEST 2017 on sn-devel-144
commit 8f2dee256e281c438105689b073f09685f161b16
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 10 15:37:54 2017 +0200
python:samba: Use 'binddns dir' in samba-tool and samba_upgradedns
This provisions the bind_dlz files in the 'binddns dir'. If you want to
migrate to the new files strcuture you can run samba_upgradedns!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
commit 3fa7c43ef73b6582e8985bf6d82465ffded9e5db
Author: Andreas Schneider <asn at samba.org>
Date: Tue Aug 22 17:10:01 2017 +0200
s4:bind_dlz: Use the 'binddns dir' if possible
The code makes sure we are backwards compatible. It will first check if
we still have files in the private directory, if yes it will use those.
If the the file is not in the private directory it will try the binddns
dir.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
commit 4c9608fb27b0f1bef846b72291ecb515045d3507
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 10 15:04:08 2017 +0200
param: Add 'binddns dir' parameter
This allows to us to have restricted access to the directory by the group
'named' which bind is a member of.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
commit 3b1aa2ca5f9ae151cd64579ed05c8fb766b1ec5d
Author: Andreas Schneider <asn at samba.org>
Date: Fri Aug 11 12:45:14 2017 +0200
python:samba: Remove code to change group
This is the wrong place, it will just prepare the ldif. The file is not
created here.
The code is corrently changing the group in:
python/samba/provision/__init__.py
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
commit 47c039792a8a00c0f2798ced162c393d4712f946
Author: Andreas Schneider <asn at samba.org>
Date: Thu Aug 10 11:43:11 2017 +0200
dynconfig: Change permission of the private dir to 0700
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_patterns.py | 1 +
docs-xml/smbdotconf/generate-file-list.sh | 1 +
docs-xml/smbdotconf/security/binddnsdir.xml | 18 ++++++
dynconfig/dynconfig.c | 1 +
dynconfig/dynconfig.h | 1 +
dynconfig/wscript | 9 ++-
lib/param/loadparm.c | 1 +
lib/param/param.h | 1 +
python/samba/provision/__init__.py | 72 +++++++++++++++------
python/samba/provision/sambadns.py | 29 ++++-----
python/samba/tests/provision.py | 2 +
selftest/selftest.pl | 7 +++
selftest/target/Samba3.pm | 4 ++
selftest/target/Samba4.pm | 4 ++
source3/param/loadparm.c | 2 +
source4/dns_server/dlz_bind9.c | 44 ++++++++++++-
source4/dsdb/dns/dns_update.c | 46 +++++++++++++-
source4/scripting/bin/samba_upgradedns | 73 +++++++++++++++++++---
source4/scripting/bin/samba_upgradeprovision | 16 ++---
.../provisions/alpha13/etc/smb.conf.template | 1 +
.../selftest/provisions/alpha13/private/named.txt | 10 +--
.../provisions/release-4-0-0/etc/smb.conf.template | 1 +
.../release-4-1-0rc3/etc/smb.conf.template | 1 +
.../provisions/release-4-1-0rc3/private/named.txt | 8 +--
.../etc/smb.conf.template | 1 +
source4/torture/dns/dlz_bind9.c | 26 +++++---
wintest/wintest.py | 6 +-
27 files changed, 306 insertions(+), 80 deletions(-)
create mode 100644 docs-xml/smbdotconf/security/binddnsdir.xml
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_patterns.py b/buildtools/wafsamba/samba_patterns.py
index e809f26..2b93937 100644
--- a/buildtools/wafsamba/samba_patterns.py
+++ b/buildtools/wafsamba/samba_patterns.py
@@ -108,6 +108,7 @@ def write_build_options_header(fp):
fp.write(" output(screen,\" PIDDIR: %s\\n\", get_dyn_PIDDIR());\n")
fp.write(" output(screen,\" SMB_PASSWD_FILE: %s\\n\",get_dyn_SMB_PASSWD_FILE());\n")
fp.write(" output(screen,\" PRIVATE_DIR: %s\\n\",get_dyn_PRIVATE_DIR());\n")
+ fp.write(" output(screen,\" BINDDNS_DIR: %s\\n\",get_dyn_BINDDNS_DIR());\n")
fp.write("\n")
def write_build_options_footer(fp):
diff --git a/docs-xml/smbdotconf/generate-file-list.sh b/docs-xml/smbdotconf/generate-file-list.sh
index 4a25f1e..7ab1b7c 100755
--- a/docs-xml/smbdotconf/generate-file-list.sh
+++ b/docs-xml/smbdotconf/generate-file-list.sh
@@ -11,6 +11,7 @@ echo "<!DOCTYPE section [
<!ENTITY pathconfig.PIDDIR '\${prefix}/var/run'>
<!ENTITY pathconfig.STATEDIR '\${prefix}/var/locks'>
<!ENTITY pathconfig.PRIVATE_DIR '\${prefix}/private'>
+<!ENTITY pathconfig.BINDDNS_DIR '\${prefix}/bind-dns'>
<!ENTITY pathconfig.SMB_PASSWD_FILE '\${prefix}/private/smbpasswd'>
<!ENTITY pathconfig.WINBINDD_SOCKET_DIR '\${prefix}/var/run/winbindd'>
<!ENTITY pathconfig.CACHEDIR '\${prefix}/var/cache'>
diff --git a/docs-xml/smbdotconf/security/binddnsdir.xml b/docs-xml/smbdotconf/security/binddnsdir.xml
new file mode 100644
index 0000000..c296a0e
--- /dev/null
+++ b/docs-xml/smbdotconf/security/binddnsdir.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="binddns dir"
+ context="G"
+ type="string"
+ constant="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<synonym>bind dns directory</synonym>
+<description>
+ <para>
+ This parameters defines the directory samba will use to store the configuration
+ files for bind, such as named.conf.
+
+ NOTE: The bind dns directory needs to be on the same mount point as the private
+ directory!
+ </para>
+</description>
+
+<value type="default">&pathconfig.BINDDNS_DIR;</value>
+</samba:parameter>
diff --git a/dynconfig/dynconfig.c b/dynconfig/dynconfig.c
index e75d7db..e70a10f 100644
--- a/dynconfig/dynconfig.c
+++ b/dynconfig/dynconfig.c
@@ -95,6 +95,7 @@ DEFINE_DYN_CONFIG_PARAM(PIDDIR)
DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR)
DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE)
DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR)
+DEFINE_DYN_CONFIG_PARAM(BINDDNS_DIR)
DEFINE_DYN_CONFIG_PARAM(LOCALEDIR)
DEFINE_DYN_CONFIG_PARAM(NMBDSOCKETDIR)
DEFINE_DYN_CONFIG_PARAM(DATADIR)
diff --git a/dynconfig/dynconfig.h b/dynconfig/dynconfig.h
index 4d07c10..bdab2e8 100644
--- a/dynconfig/dynconfig.h
+++ b/dynconfig/dynconfig.h
@@ -46,6 +46,7 @@ DEFINE_DYN_CONFIG_PROTO(PIDDIR)
DEFINE_DYN_CONFIG_PROTO(NCALRPCDIR)
DEFINE_DYN_CONFIG_PROTO(SMB_PASSWD_FILE)
DEFINE_DYN_CONFIG_PROTO(PRIVATE_DIR)
+DEFINE_DYN_CONFIG_PROTO(BINDDNS_DIR)
DEFINE_DYN_CONFIG_PROTO(LOCALEDIR)
DEFINE_DYN_CONFIG_PROTO(NMBDSOCKETDIR)
DEFINE_DYN_CONFIG_PROTO(DATADIR)
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 7e9bde9..fee37ea 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -192,6 +192,12 @@ dynconfig = {
'OPTION': '--with-statedir',
'HELPTEXT': 'Where to put persistent state files',
},
+ 'BINDDNS_DIR' : {
+ 'STD-PATH': '${LOCALSTATEDIR}/lib',
+ 'FHS-PATH': '${LOCALSTATEDIR}/lib/samba/bind-dns',
+ 'OPTION': '--with-bind-dns-dir',
+ 'HELPTEXT': 'bind-dns config directory',
+ },
'CACHEDIR' : {
'STD-PATH': '${LOCALSTATEDIR}/cache',
'FHS-PATH': '${LOCALSTATEDIR}/cache/samba',
@@ -418,7 +424,8 @@ def build(bld):
bld.INSTALL_DIR("${CONFIGDIR}")
bld.INSTALL_DIR("${LOGFILEBASE}")
bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
- bld.INSTALL_DIR("${PRIVATE_DIR}")
+ bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700)
+ bld.INSTALL_DIR("${BINDDNS_DIR}", 0o770)
bld.INSTALL_DIR("${STATEDIR}")
bld.INSTALL_DIR("${CACHEDIR}")
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index a221e87..b91f965 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2655,6 +2655,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
/* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
+ lpcfg_do_global_parameter(lp_ctx, "binddns dir", dyn_BINDDNS_DIR);
lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
/* This hive should be dynamically generated by Samba using
diff --git a/lib/param/param.h b/lib/param/param.h
index 589b890..680c053 100644
--- a/lib/param/param.h
+++ b/lib/param/param.h
@@ -56,6 +56,7 @@ const char **lpcfg_interfaces(struct loadparm_context *);
const char *lpcfg_realm(struct loadparm_context *);
const char *lpcfg_netbios_name(struct loadparm_context *);
const char *lpcfg_private_dir(struct loadparm_context *);
+const char *lpcfg_binddns_dir(struct loadparm_context *);
int lpcfg_server_role(struct loadparm_context *);
int lpcfg_allow_dns_updates(struct loadparm_context *);
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 2387931..f820f6a 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -27,6 +27,7 @@
__docformat__ = "restructuredText"
from base64 import b64encode
+import errno
import os
import re
import pwd
@@ -145,6 +146,7 @@ class ProvisionPaths(object):
self.dns = None
self.winsdb = None
self.private_dir = None
+ self.binddns_dir = None
self.state_dir = None
@@ -531,6 +533,7 @@ def provision_paths_from_lp(lp, dnsdomain):
"""
paths = ProvisionPaths()
paths.private_dir = lp.get("private dir")
+ paths.binddns_dir = lp.get("binddns dir")
paths.state_dir = lp.get("state directory")
# This is stored without path prefix for the "privateKeytab" attribute in
@@ -543,16 +546,18 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.idmapdb = os.path.join(paths.private_dir, "idmap.ldb")
paths.secrets = os.path.join(paths.private_dir, "secrets.ldb")
paths.privilege = os.path.join(paths.private_dir, "privilege.ldb")
- paths.dns = os.path.join(paths.private_dir, "dns", dnsdomain + ".zone")
paths.dns_update_list = os.path.join(paths.private_dir, "dns_update_list")
paths.spn_update_list = os.path.join(paths.private_dir, "spn_update_list")
- paths.namedconf = os.path.join(paths.private_dir, "named.conf")
- paths.namedconf_update = os.path.join(paths.private_dir, "named.conf.update")
- paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
paths.kdcconf = os.path.join(paths.private_dir, "kdc.conf")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
+
+ paths.dns = os.path.join(paths.binddns_dir, "dns", dnsdomain + ".zone")
+ paths.namedconf = os.path.join(paths.binddns_dir, "named.conf")
+ paths.namedconf_update = os.path.join(paths.binddns_dir, "named.conf.update")
+ paths.namedtxt = os.path.join(paths.binddns_dir, "named.txt")
+
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
paths.hkcu = "hkcu.ldb"
@@ -945,6 +950,10 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp):
if os.path.exists(keytab_path):
os.unlink(keytab_path)
+ bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+ if os.path.exists(bind_dns_keytab_path):
+ os.unlink(bind_dns_keytab_path)
+
dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
if os.path.exists(dns_keytab_path):
os.unlink(dns_keytab_path)
@@ -1928,6 +1937,15 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
else:
samdb.transaction_commit()
+def directory_create_or_exists(path, mode=0o755):
+ if not os.path.exists(path):
+ try:
+ os.mkdir(path, mode)
+ except OSError as e:
+ if e.errno in [errno.EEXIST]:
+ pass
+ else:
+ raise ProvisioningError("Failed to create directory %s: %s" % (path, e.strerror))
def provision(logger, session_info, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
@@ -2064,12 +2082,10 @@ def provision(logger, session_info, smbconf=None,
if serverrole is None:
serverrole = lp.get("server role")
- if not os.path.exists(paths.private_dir):
- os.mkdir(paths.private_dir)
- if not os.path.exists(os.path.join(paths.private_dir, "tls")):
- os.makedirs(os.path.join(paths.private_dir, "tls"), 0700)
- if not os.path.exists(paths.state_dir):
- os.mkdir(paths.state_dir)
+ directory_create_or_exists(paths.private_dir, 0o700)
+ directory_create_or_exists(paths.binddns_dir, 0o770)
+ directory_create_or_exists(os.path.join(paths.private_dir, "tls"))
+ directory_create_or_exists(paths.state_dir)
if paths.sysvol and not os.path.exists(paths.sysvol):
os.makedirs(paths.sysvol, 0775)
@@ -2198,16 +2214,34 @@ def provision(logger, session_info, smbconf=None,
# Now commit the secrets.ldb to disk
secrets_ldb.transaction_commit()
- # the commit creates the dns.keytab, now chown it
- dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
- if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
+ # the commit creates the dns.keytab in the private directory
+ private_dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+
+ if os.path.isfile(private_dns_keytab_path):
+ if os.path.isfile(bind_dns_keytab_path):
+ try:
+ os.unlink(bind_dns_keytab_path)
+ except OSError as e:
+ logger.error("Failed to remove %s: %s" %
+ (bind_dns_keytab_path, e.strerror))
+
+ # link the dns.keytab to the bind-dns directory
try:
- os.chmod(dns_keytab_path, 0640)
- os.chown(dns_keytab_path, -1, paths.bind_gid)
- except OSError:
- if not os.environ.has_key('SAMBA_SELFTEST'):
- logger.info("Failed to chown %s to bind gid %u",
- dns_keytab_path, paths.bind_gid)
+ os.link(private_dns_keytab_path, bind_dns_keytab_path)
+ except OSError as e:
+ logger.error("Failed to create link %s -> %s: %s" %
+ (private_dns_keytab_path, bind_dns_keytab_path, e.strerror))
+
+ # chown the dns.keytab in the bind-dns directory
+ if paths.bind_gid is not None:
+ try:
+ os.chmod(bind_dns_keytab_path, 0640)
+ os.chown(bind_dns_keytab_path, -1, paths.bind_gid)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u",
+ bind_dns_keytab_path, paths.bind_gid)
result = ProvisionResult()
result.server_role = serverrole
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 961f37e..d4cb93a 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -649,7 +649,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
fqdn_hostname)
-def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
+def secretsdb_setup_dns(secretsdb, names, private_dir, binddns_dir, realm,
dnsdomain, dns_keytab_path, dnspass, key_version_number):
"""Add DNS specific bits to a secrets database.
@@ -659,12 +659,15 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
"""
try:
os.unlink(os.path.join(private_dir, dns_keytab_path))
+ os.unlink(os.path.join(binddns_dir, dns_keytab_path))
except OSError:
pass
if key_version_number is None:
key_version_number = 1
+ # This will create the dns.keytab file in the private_dir when it is
+ # commited!
setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
"REALM": realm,
"DNSDOMAIN": dnsdomain,
@@ -954,7 +957,7 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
})
-def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
+def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
keytab_name):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
@@ -962,7 +965,7 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
:param path: Path of the new named.conf file.
:param realm: Realm name
:param dnsdomain: DNS Domain name
- :param private_dir: Path to private directory
+ :param binddns_dir: Path to bind dns directory
:param keytab_name: File name of DNS keytab file
"""
setup_file(setup_path("named.txt"), path, {
@@ -970,8 +973,8 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
"DNSNAME" : dnsname,
"REALM": realm,
"DNS_KEYTAB": keytab_name,
- "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
- "PRIVATE_DIR": private_dir
+ "DNS_KEYTAB_ABS": os.path.join(binddns_dir, keytab_name),
+ "PRIVATE_DIR": binddns_dir
})
@@ -1194,21 +1197,13 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
domainguid = get_domainguid(samdb, domaindn)
secretsdb_setup_dns(secretsdb, names,
- paths.private_dir, realm=names.realm,
+ paths.private_dir,
+ paths.binddns_dir,
+ realm=names.realm,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
key_version_number=key_version_number)
- dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
- if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
- try:
- os.chmod(dns_keytab_path, 0640)
- os.chown(dns_keytab_path, -1, paths.bind_gid)
- except OSError:
- if not os.environ.has_key('SAMBA_SELFTEST'):
- logger.info("Failed to chown %s to bind gid %u",
- dns_keytab_path, paths.bind_gid)
-
create_dns_dir(logger, paths)
if dns_backend == "BIND9_FLATFILE":
@@ -1228,7 +1223,7 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
create_named_txt(paths.namedtxt,
realm=names.realm, dnsdomain=names.dnsdomain,
dnsname = "%s.%s" % (names.hostname, names.dnsdomain),
- private_dir=paths.private_dir,
+ binddns_dir=paths.binddns_dir,
keytab_name=paths.dns_keytab)
logger.info("See %s for an example configuration include file for BIND",
paths.namedconf)
diff --git a/python/samba/tests/provision.py b/python/samba/tests/provision.py
index 11b0135..bada14f 100644
--- a/python/samba/tests/provision.py
+++ b/python/samba/tests/provision.py
@@ -42,6 +42,7 @@ def create_dummy_secretsdb(path, lp=None):
paths = ProvisionPaths()
paths.secrets = path
paths.private_dir = os.path.dirname(path)
+ paths.binddns_dir = os.path.dirname(path)
paths.keytab = "no.keytab"
paths.dns_keytab = "no.dns.keytab"
secrets_ldb = setup_secretsdb(paths, None, None, lp=lp)
@@ -59,6 +60,7 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
secrets_tdb_path = os.path.join(self.tempdir, "secrets.tdb")
paths.secrets = path
paths.private_dir = os.path.dirname(path)
+ paths.binddns_dir = os.path.dirname(path)
paths.keytab = "no.keytab"
paths.dns_keytab = "no.dns.keytab"
ldb = setup_secretsdb(paths, None, None, lp=env_loadparm())
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index b3ef658..e16696a 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -512,6 +512,12 @@ sub write_clientconf($$$)
mkdir("$clientdir/private", 0777);
}
+ if ( -d "$clientdir/bind-dns" ) {
+ unlink <$clientdir/bind-dns/*>;
+ } else {
+ mkdir("$clientdir/bind-dns", 0777);
+ }
+
if ( -d "$clientdir/lockdir" ) {
unlink <$clientdir/lockdir/*>;
} else {
@@ -595,6 +601,7 @@ sub write_clientconf($$$)
}
print CF "
private dir = $clientdir/private
+ binddns dir = $clientdir/bind-dns
lock dir = $clientdir/lockdir
state directory = $clientdir/statedir
cache directory = $clientdir/cachedir
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 45c00ba..f4d033d 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1425,6 +1425,9 @@ sub provision($$$$$$$$$)
my $privatedir="$prefix_abs/private";
push(@dirs,$privatedir);
+ my $binddnsdir = "$prefix_abs/bind-dns";
+ push(@dirs, $binddnsdir);
+
my $lockdir="$prefix_abs/lockdir";
push(@dirs,$lockdir);
@@ -1674,6 +1677,7 @@ sub provision($$$$$$$$$)
workgroup = $domain
private dir = $privatedir
+ binddns dir = $binddnsdir
pid directory = $piddir
lock directory = $lockdir
log file = $logdir/log.\%m
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 205e281..39a64ae 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -467,6 +467,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
$ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache";
$ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf";
$ctx->{privatedir} = "$prefix_abs/private";
+ $ctx->{binddnsdir} = "$prefix_abs/bind-dns";
$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
$ctx->{lockdir} = "$prefix_abs/lockdir";
$ctx->{logdir} = "$prefix_abs/logs";
@@ -494,6 +495,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
$ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64";
push(@{$ctx->{directories}}, $ctx->{privatedir});
+ push(@{$ctx->{directories}}, $ctx->{binddnsdir});
push(@{$ctx->{directories}}, $ctx->{etcdir});
push(@{$ctx->{directories}}, $ctx->{piddir});
push(@{$ctx->{directories}}, $ctx->{lockdir});
@@ -584,6 +586,7 @@ sub provision_raw_step1($$)
workgroup = $ctx->{domain}
realm = $ctx->{realm}
private dir = $ctx->{privatedir}
+ binddns dir = $ctx->{binddnsdir}
pid directory = $ctx->{piddir}
ncalrpc dir = $ctx->{ncalrpcdir}
lock dir = $ctx->{lockdir}
@@ -725,6 +728,7 @@ nogroup:x:65534:nobody
STATEDIR => $ctx->{statedir},
CACHEDIR => $ctx->{cachedir},
PRIVATEDIR => $ctx->{privatedir},
+ BINDDNSDIR => $ctx->{binddnsdir},
SERVERCONFFILE => $ctx->{smb_conf},
CONFIGURATION => $configuration,
SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d5b1c56..42e579e 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -550,6 +550,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
get_dyn_SMB_PASSWD_FILE());
lpcfg_string_set(Globals.ctx, &Globals.private_dir,
get_dyn_PRIVATE_DIR());
+ lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
+ get_dyn_BINDDNS_DIR());
/* use the new 'hash2' method by default, with a prefix of 1 */
lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 6ef378c..8e0820d 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -682,11 +682,23 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
}
if (state->options.url == NULL) {
- state->options.url = lpcfg_private_path(state, state->lp, "dns/sam.ldb");
+ state->options.url = lpcfg_private_path(state,
+ state->lp,
+ "dns/sam.ldb");
if (state->options.url == NULL) {
result = ISC_R_NOMEMORY;
goto failed;
}
+
+ if (!file_exist(state->options.url)) {
+ state->options.url = talloc_asprintf(state,
+ "%s/dns/sam.ldb",
+ lpcfg_binddns_dir(state->lp));
+ if (state->options.url == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto failed;
+ }
+ }
}
state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp,
@@ -1266,6 +1278,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
--
Samba Shared Repository
More information about the samba-cvs
mailing list