diff options
-rwxr-xr-x | selftest/selftest.pl | 7 | ||||
-rwxr-xr-x | selftest/target/Samba3.pm | 4 | ||||
-rwxr-xr-x | selftest/target/Samba4.pm | 4 | ||||
-rw-r--r-- | source4/dns_server/dlz_bind9.c | 44 | ||||
-rw-r--r-- | source4/dsdb/dns/dns_update.c | 46 | ||||
-rw-r--r-- | source4/torture/dns/dlz_bind9.c | 26 |
6 files changed, 117 insertions, 14 deletions
diff --git a/selftest/selftest.pl b/selftest/selftest.pl index b3ef65828d7..e16696ab061 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -512,6 +512,12 @@ sub write_clientconf($$$) mkdir("$clientdir/private", 0777); } + if ( -d "$clientdir/bind-dns" ) { + unlink <$clientdir/bind-dns/*>; + } else { + mkdir("$clientdir/bind-dns", 0777); + } + if ( -d "$clientdir/lockdir" ) { unlink <$clientdir/lockdir/*>; } else { @@ -595,6 +601,7 @@ sub write_clientconf($$$) } print CF " private dir = $clientdir/private + binddns dir = $clientdir/bind-dns lock dir = $clientdir/lockdir state directory = $clientdir/statedir cache directory = $clientdir/cachedir diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 45c00ba6e4d..f4d033d0c7a 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1425,6 +1425,9 @@ sub provision($$$$$$$$$) my $privatedir="$prefix_abs/private"; push(@dirs,$privatedir); + my $binddnsdir = "$prefix_abs/bind-dns"; + push(@dirs, $binddnsdir); + my $lockdir="$prefix_abs/lockdir"; push(@dirs,$lockdir); @@ -1674,6 +1677,7 @@ sub provision($$$$$$$$$) workgroup = $domain private dir = $privatedir + binddns dir = $binddnsdir pid directory = $piddir lock directory = $lockdir log file = $logdir/log.\%m diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 205e2813db6..39a64ae3d81 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -467,6 +467,7 @@ sub provision_raw_prepare($$$$$$$$$$$) $ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache"; $ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf"; $ctx->{privatedir} = "$prefix_abs/private"; + $ctx->{binddnsdir} = "$prefix_abs/bind-dns"; $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc"; $ctx->{lockdir} = "$prefix_abs/lockdir"; $ctx->{logdir} = "$prefix_abs/logs"; @@ -494,6 +495,7 @@ sub provision_raw_prepare($$$$$$$$$$$) $ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64"; push(@{$ctx->{directories}}, $ctx->{privatedir}); + push(@{$ctx->{directories}}, $ctx->{binddnsdir}); push(@{$ctx->{directories}}, $ctx->{etcdir}); push(@{$ctx->{directories}}, $ctx->{piddir}); push(@{$ctx->{directories}}, $ctx->{lockdir}); @@ -584,6 +586,7 @@ sub provision_raw_step1($$) workgroup = $ctx->{domain} realm = $ctx->{realm} private dir = $ctx->{privatedir} + binddns dir = $ctx->{binddnsdir} pid directory = $ctx->{piddir} ncalrpc dir = $ctx->{ncalrpcdir} lock dir = $ctx->{lockdir} @@ -725,6 +728,7 @@ nogroup:x:65534:nobody STATEDIR => $ctx->{statedir}, CACHEDIR => $ctx->{cachedir}, PRIVATEDIR => $ctx->{privatedir}, + BINDDNSDIR => $ctx->{binddnsdir}, SERVERCONFFILE => $ctx->{smb_conf}, CONFIGURATION => $configuration, SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface}, diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 6ef378c75a6..8e0820ddd77 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -682,11 +682,23 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname, } if (state->options.url == NULL) { - state->options.url = lpcfg_private_path(state, state->lp, "dns/sam.ldb"); + state->options.url = lpcfg_private_path(state, + state->lp, + "dns/sam.ldb"); if (state->options.url == NULL) { result = ISC_R_NOMEMORY; goto failed; } + + if (!file_exist(state->options.url)) { + state->options.url = talloc_asprintf(state, + "%s/dns/sam.ldb", + lpcfg_binddns_dir(state->lp)); + if (state->options.url == NULL) { + result = ISC_R_NOMEMORY; + goto failed; + } + } } state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp, @@ -1266,6 +1278,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const DATA_BLOB ap_req; struct cli_credentials *server_credentials; char *keytab_name; + char *keytab_file = NULL; int ret; int ldb_ret; NTSTATUS nt_status; @@ -1307,8 +1320,33 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const cli_credentials_set_krb5_context(server_credentials, state->smb_krb5_ctx); cli_credentials_set_conf(server_credentials, state->lp); - keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s/dns.keytab", - lpcfg_private_dir(state->lp)); + keytab_file = talloc_asprintf(tmp_ctx, + "%s/dns.keytab", + lpcfg_private_dir(state->lp)); + if (keytab_file == NULL) { + state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!"); + talloc_free(tmp_ctx); + return ISC_FALSE; + } + + if (!file_exist(keytab_file)) { + keytab_file = talloc_asprintf(tmp_ctx, + "%s/dns.keytab", + lpcfg_binddns_dir(state->lp)); + if (keytab_file == NULL) { + state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!"); + talloc_free(tmp_ctx); + return ISC_FALSE; + } + } + + keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s", keytab_file); + if (keytab_name == NULL) { + state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!"); + talloc_free(tmp_ctx); + return ISC_FALSE; + } + ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name, CRED_SPECIFIED); if (ret != 0) { diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c index f74256d95ea..ba8431a3d1d 100644 --- a/source4/dsdb/dns/dns_update.c +++ b/source4/dsdb/dns/dns_update.c @@ -170,16 +170,56 @@ static void dnsupdate_rebuild(struct dnsupdate_service *service) path = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "path"); if (path == NULL) { - path = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update"); + path = lpcfg_private_path(tmp_ctx, + service->task->lp_ctx, + "named.conf.update"); + if (path == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + + /* + * If the file doesn't exist, we provisioned in a the new + * bind-dns directory + */ + if (!file_exist(path)) { + path = talloc_asprintf(tmp_ctx, + "%s/named.conf.update", + lpcfg_binddns_dir(service->task->lp_ctx)); + if (path == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + } } path_static = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "extra_static_grant_rules"); if (path_static == NULL) { - path_static = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update.static"); + path_static = lpcfg_private_path(tmp_ctx, + service->task->lp_ctx, + "named.conf.update.static"); + if (path_static == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + + if (!file_exist(path_static)) { + path_static = talloc_asprintf(tmp_ctx, + "%s/named.conf.update.static", + lpcfg_binddns_dir(service->task->lp_ctx)); + if (path_static == NULL) { + DBG_ERR("Out of memory!"); + talloc_free(tmp_ctx); + return; + } + } } tmp_path = talloc_asprintf(tmp_ctx, "%s.tmp", path); - if (path == NULL || tmp_path == NULL || path_static == NULL ) { + if (tmp_path == NULL) { DEBUG(0,(__location__ ": Unable to get paths\n")); talloc_free(tmp_ctx); return; diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c index c29f26802f5..893158fa730 100644 --- a/source4/torture/dns/dlz_bind9.c +++ b/source4/torture/dns/dlz_bind9.c @@ -19,7 +19,7 @@ #include "includes.h" #include "torture/smbtorture.h" -#include "dlz_minimal.h" +#include "dns_server/dlz_minimal.h" #include <talloc.h> #include <ldb.h> #include "lib/param/param.h" @@ -54,13 +54,22 @@ static bool test_dlz_bind9_version(struct torture_context *tctx) return true; } +static char *test_dlz_bind9_binddns_dir(struct torture_context *tctx, + const char *file) +{ + return talloc_asprintf(tctx, + "%s/%s", + lpcfg_binddns_dir(tctx->lp_ctx), + file); +} + static bool test_dlz_bind9_create(struct torture_context *tctx) { void *dbdata; const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; tctx_static = tctx; @@ -79,7 +88,8 @@ static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view, struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context); struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx, system_session(tctx->lp_ctx), - 0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb")); + 0, + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb")); struct ldb_message *msg; int ret; const char *attrs[] = { @@ -108,7 +118,7 @@ static bool test_dlz_bind9_configure(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; tctx_static = tctx; @@ -143,7 +153,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; tctx_static = tctx; @@ -323,7 +333,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; struct test_expected_rr *expected1 = NULL; @@ -448,7 +458,7 @@ static bool test_dlz_bind9_zonedump(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; struct test_expected_rr *expected1 = NULL; @@ -560,7 +570,7 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx) const char *argv[] = { "samba_dlz", "-H", - lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"), + test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"), NULL }; struct test_expected_rr *expected1 = NULL; |