diff options
| author | Andreas Schneider <asn@samba.org> | 2017-08-22 17:10:01 +0200 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2017-09-05 23:58:20 +0200 |
| commit | 3fa7c43ef73b6582e8985bf6d82465ffded9e5db (patch) | |
| tree | 2511f5d780f4f03994ba9cfd737d583bac67280d | |
| parent | 4c9608fb27b0f1bef846b72291ecb515045d3507 (diff) | |
| download | samba-3fa7c43ef73b6582e8985bf6d82465ffded9e5db.tar.gz | |
s4:bind_dlz: Use the 'binddns dir' if possible
The code makes sure we are backwards compatible. It will first check if
we still have files in the private directory, if yes it will use those.
If the the file is not in the private directory it will try the binddns
dir.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
| -rwxr-xr-x | selftest/selftest.pl | 7 | ||||
| -rwxr-xr-x | selftest/target/Samba3.pm | 4 | ||||
| -rwxr-xr-x | selftest/target/Samba4.pm | 4 | ||||
| -rw-r--r-- | source4/dns_server/dlz_bind9.c | 44 | ||||
| -rw-r--r-- | source4/dsdb/dns/dns_update.c | 46 | ||||
| -rw-r--r-- | source4/torture/dns/dlz_bind9.c | 26 |
6 files changed, 117 insertions, 14 deletions
diff --git a/selftest/selftest.pl b/selftest/selftest.pl index b3ef65828d7..e16696ab061 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -512,6 +512,12 @@ sub write_clientconf($$$) mkdir("$clientdir/private", 0777); } + if ( -d "$clientdir/bind-dns" ) { + unlink <$clientdir/bind-dns/*>; + } else { + mkdir("$clientdir/bind-dns", 0777); + } + if ( -d "$clientdir/lockdir" ) { unlink <$clientdir/lockdir/*>; } else { @@ -595,6 +601,7 @@ sub write_clientconf($$$) } print CF " private dir = $clientdir/private + binddns dir = $clientdir/bind-dns lock dir = $clientdir/lockdir state directory = $clientdir/statedir cache directory = $clientdir/cachedir diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 45c00ba6e4d..f4d033d0c7a 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1425,6 +1425,9 @@ sub provision($$$$$$$$$) my $privatedir="$prefix_abs/private"; push(@dirs,$privatedir); + my $binddnsdir = "$prefix_abs/bind-dns"; + push(@dirs, $binddnsdir); + my $lockdir="$prefix_abs/lockdir"; push(@dirs,$lockdir); @@ -1674,6 +1677,7 @@ sub provision($$$$$$$$$) workgroup = $domain private dir = $privatedir + binddns dir = $binddnsdir pid directory = $piddir lock directory = $lockdir log file = $logdir/log.\%m diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 205e2813db6..39a64ae3d81 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -467,6 +467,7 @@ sub provision_raw_prepare($$$$$$$$$$$) $ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache"; $ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf"; $ctx->{privatedir} = "$prefix_abs/private"; + $ctx->{binddnsdir} = "$prefix_abs/bind-dns"; $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc"; $ctx->{lockdir} = "$prefix_abs/lockdir"; $ctx->{logdir} = "$prefix_abs/logs"; @@ -494,6 +495,7 @@ sub provision_raw_prepare($$$$$$$$$$$) $ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64"; push(@{$ctx->{directories}}, $ctx->{privatedir}); + push(@{$ctx->{directories}}, $ctx->{binddnsdir}); push(@{$ctx->{directories}}, $ctx->{etcdir}); push(@{$ctx->{directories}}, $ctx->{piddir}); push(@{$ctx->{directories}}, $ctx->{lockdir}); @@ -584,6 +586,7 @@ sub provision_raw_step1($$) workgroup = $ctx->{domain} realm = $ctx->{realm} private dir = $ctx->{privatedir} + binddns dir = $ctx->{binddnsdir} pid directory = $ctx->{piddir} ncalrpc dir = $ctx->{ncalrpcdir} lock dir = $ctx->{lockdir} @@ -725,6 +728,7 @@ nogroup:x:65534:nobody STATEDIR => $ctx->{statedir}, CACHEDIR => $ctx->{cachedir}, PRIVATEDIR => $ctx->{privatedir}, + BINDDNSDIR => $ctx->{binddnsdir}, SERVERCONFFILE => $ctx->{smb_conf}, CONFIGURATION => $configuration, SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface}, diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 6ef378c75a6..8e0820ddd77 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -682,11 +682,23 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname, } if (state->options.url == NULL) { - state->options.url = lpcfg_private_path(state, state->lp, "dns/sam.ldb"); + state->options.url = lpcfg_private_path(state, + state->lp, + "dns/sam.ldb"); if (state->options.url == NULL) { result = ISC_R_NOMEMORY; goto failed; } + + if (!file_exist(state->options.url)) { + state->options.url = talloc_asprintf(state, + "%s/dns/sam.ldb", + lpcfg_binddns_dir(state->lp)); + if (state->options.url == NULL) { + result = ISC_R_NOMEMORY; + goto failed; + } + } } state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp, @@ -1266,6 +1278,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const DATA_BLOB ap_req; struct cli_credentials *server_credentials; char *keytab_name; + char *keytab_file = NULL; int ret; int ldb_ret; NTSTATUS nt_status; @@ -1307,8 +1320,33 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const cli_credentials_set_krb5_context(server_credentials, state->smb_krb5_ctx); cli_credentials_set_conf(server_credentials, state->lp); - keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s/dns.keytab", - lpcfg_private_dir(state->lp)); + keytab_file = talloc_asprintf(tmp_ctx, + "%s/dns.keytab", + lpcfg_private_dir(state->lp)); + if (keytab_file == NULL) { + state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!"); + talloc_free(tmp_ctx); + return ISC_FALSE; + } + + if (!file_exist(keytab_file)) { + keytab_file = talloc_asprintf(tmp_ctx, + "%s/dns.keytab", + lpcfg_binddns_dir(state->lp)); + if (keytab_file == NULL) { + state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!"); + talloc_free(tmp_ctx); + return ISC_FALSE; + } + } + + keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s", keytab_file); + if (keytab_name == NULL) { + state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!"); + talloc_free(tmp_ctx); + return ISC_FALSE; + } + ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name, CRED_SPECIFIED); if (ret != 0) { diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c index f74256d95ea..ba8431a3d1d 100644 --- a/source4/dsdb/dns/dns_update.c +++ b/source4/dsdb/dns/dns_update.c @@ -170,16 +170,56 @@ static void dnsupdate_rebuild(struct dnsupdate_service *service) path = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "path"); if (path == NULL) { - path = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update"); + path = lpcfg_private_path(tmp_ctx, + service->task->lp_ctx, + "named.conf.update"); + if (path == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + + /* + * If the file doesn't exist, we provisioned in a the new + * bind-dns directory + */ + if (!file_exist(path)) { + path = talloc_asprintf(tmp_ctx, + "%s/named.conf.update", + lpcfg_binddns_dir(service->task->lp_ctx)); + if (path == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + } } path_static = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "extra_static_grant_rules"); if (path_static == NULL) { - path_static = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update.static"); + path_static = lpcfg_private_path(tmp_ctx, + service->task->lp_ctx, + "named.conf.update.static"); + if (path_static == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + + if (!file_exist(path_static)) { + path_static = talloc_asprintf(tmp_ctx, + "%s/named.conf.update.static", + lpcfg_binddns_dir(service->task->lp_ctx)); + if (path_static == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + } } tmp_path = talloc_asprintf(tmp_ctx, "%s.tmp", path); - if (path == NULL || tmp_path == NULL || path_static == NULL ) { + if (tmp_path == NULL) { DEBUG(0,(__location__ ": Unable to get paths\n")); talloc_free(tmp_ctx); return; diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c index c29f26802f5..893158fa730 100644 --- a/source4/torture/dns/dlz_bind9.c +++ b/source4/torture/dns/dlz_bind9.c @@ -19,7 +19,7 @@ #include "includes.h" #include "torture/smbtorture.h" -#include "dlz_minimal.h" +#include "dns_server/dlz_minimal.h" #include <talloc.h> #include <ldb.h> #include "lib/param/param.h" @@ -54,13 +54,22 @@ static bool test_dlz_bind9_version(struct torture_context *tctx) return true; } +static char *test_dlz_bind9_binddns_dir(struct torture_context *tctx, + const char *file) +{ + return talloc_asprintf(tctx, + "%s/%s", + lpcfg_binddns_dir(tctx->lp_ctx), + file); +} + static bool test_dlz_bind9_create(struct torture_context *tctx) { void *dbdata; const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; tctx_static = tctx; @@ -79,7 +88,8 @@ static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view, struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context); struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx, system_session(tctx->lp_ctx), - 0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb")); + 0, + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb")); struct ldb_message *msg; int ret; const char *attrs[] = { @@ -108,7 +118,7 @@ static bool test_dlz_bind9_configure(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; tctx_static = tctx; @@ -143,7 +153,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; tctx_static = tctx; @@ -323,7 +333,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; struct test_expected_rr *expected1 = NULL; @@ -448,7 +458,7 @@ static bool test_dlz_bind9_zonedump(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; struct test_expected_rr *expected1 = NULL; @@ -560,7 +570,7 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; struct test_expected_rr *expected1 = NULL; |