diff options
-rw-r--r-- | source4/lib/db_wrap.c | 12 | ||||
-rw-r--r-- | source4/lib/tls/tls.c | 28 | ||||
-rw-r--r-- | source4/lib/util.c | 8 | ||||
-rw-r--r-- | source4/param/loadparm.c | 14 |
4 files changed, 45 insertions, 17 deletions
diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c index b000225bbf..c0240aa62d 100644 --- a/source4/lib/db_wrap.c +++ b/source4/lib/db_wrap.c @@ -83,7 +83,7 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, struct ldb_wrap *w; int ret; struct event_context *ev; - + char *real_url = NULL; for (w = ldb_list; w; w = w->next) { if (strcmp(url, w->url) == 0) { @@ -112,13 +112,21 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, talloc_free(ldb); return NULL; } + + real_url = private_path(ldb, url); + if (real_url == NULL) { + talloc_free(ldb); + return NULL; + } - ret = ldb_connect(ldb, url, flags, options); + ret = ldb_connect(ldb, real_url, flags, options); if (ret == -1) { talloc_free(ldb); return NULL; } + talloc_free(real_url); + w = talloc(ldb, struct ldb_wrap); if (w == NULL) { talloc_free(ldb); diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c index f89e2f1028..12087639c1 100644 --- a/source4/lib/tls/tls.c +++ b/source4/lib/tls/tls.c @@ -309,17 +309,22 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) { struct tls_params *params; int ret; - const char *keyfile = lp_tls_keyfile(); - const char *certfile = lp_tls_certfile(); - const char *cafile = lp_tls_cafile(); - const char *crlfile = lp_tls_crlfile(); + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + const char *keyfile = private_path(tmp_ctx, lp_tls_keyfile()); + const char *certfile = private_path(tmp_ctx, lp_tls_certfile()); + const char *cafile = private_path(tmp_ctx, lp_tls_cafile()); + const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile()); void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *); params = talloc(mem_ctx, struct tls_params); - if (params == NULL) return NULL; + if (params == NULL) { + talloc_free(tmp_ctx); + return NULL; + } if (!lp_tls_enabled() || keyfile == NULL || *keyfile == 0) { params->tls_enabled = False; + talloc_free(tmp_ctx); return params; } @@ -371,11 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) params->tls_enabled = True; + talloc_free(tmp_ctx); return params; init_failed: DEBUG(0,("GNUTLS failed to initialise - %s\n", gnutls_strerror(ret))); params->tls_enabled = False; + talloc_free(tmp_ctx); return params; } @@ -450,6 +457,8 @@ struct tls_context *tls_init_client(struct socket_context *socket, struct tls_context *tls; int ret; const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + char *cafile; + tls = talloc(socket, struct tls_context); if (tls == NULL) return NULL; @@ -461,11 +470,16 @@ struct tls_context *tls_init_client(struct socket_context *socket, return tls; } + cafile = private_path(tls, lp_tls_cafile()); + if (!cafile || !*cafile) { + goto failed; + } + gnutls_global_init(); gnutls_certificate_allocate_credentials(&tls->xcred); - gnutls_certificate_set_x509_trust_file(tls->xcred, lp_tls_cafile(), - GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM); + talloc_free(cafile); TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT)); TLSCHECK(gnutls_set_default_priority(tls->session)); gnutls_certificate_type_set_priority(tls->session, cert_type_priority); diff --git a/source4/lib/util.c b/source4/lib/util.c index ba2c0e1ae4..308d1b6f45 100644 --- a/source4/lib/util.c +++ b/source4/lib/util.c @@ -657,13 +657,19 @@ char *lib_path(TALLOC_CTX* mem_ctx, const char *name) * @brief Returns an absolute path to a file in the Samba private directory. * * @param name File to find, relative to PRIVATEDIR. + * if name is not relative, then use it as-is * * @retval Pointer to a talloc'ed string containing the full path. **/ - char *private_path(TALLOC_CTX* mem_ctx, const char *name) { char *fname; + if (name == NULL) { + return NULL; + } + if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) { + return talloc_strdup(mem_ctx, name); + } fname = talloc_asprintf(mem_ctx, "%s/%s", lp_private_dir(), name); return fname; } diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index d59d4efadf..80f7709280 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -931,10 +931,10 @@ static void init_globals(void) do_parameter("auth methods", "anonymous sam_ignoredomain"); do_parameter("smb passwd file", dyn_SMB_PASSWD_FILE); do_parameter("private dir", dyn_PRIVATE_DIR); - do_parameter_var("sam database", "tdb://%s/sam.ldb", dyn_PRIVATE_DIR); - do_parameter_var("spoolss database", "tdb://%s/spoolss.ldb", dyn_PRIVATE_DIR); - do_parameter_var("wins database", "tdb://%s/wins.ldb", dyn_PRIVATE_DIR); - do_parameter_var("registry:HKEY_LOCAL_MACHINE", "ldb:/%s/hklm.ldb", dyn_PRIVATE_DIR); + do_parameter("sam database", "sam.ldb"); + do_parameter("spoolss database", "spoolss.ldb"); + do_parameter("wins database", "wins.ldb"); + do_parameter("registry:HKEY_LOCAL_MACHINE", "hklm.ldb"); do_parameter("guest account", GUEST_ACCOUNT); /* using UTF8 by default allows us to support all chars */ @@ -1056,9 +1056,9 @@ static void init_globals(void) do_parameter("min wins ttl", "10"); do_parameter("tls enabled", "True"); - do_parameter_var("tls keyfile", "%s/tls/key.pem", dyn_PRIVATE_DIR); - do_parameter_var("tls certfile", "%s/tls/cert.pem", dyn_PRIVATE_DIR); - do_parameter_var("tls cafile", "%s/tls/ca.pem", dyn_PRIVATE_DIR); + do_parameter("tls keyfile", "tls/key.pem"); + do_parameter("tls certfile", "tls/cert.pem"); + do_parameter("tls cafile", "tls/ca.pem"); } static TALLOC_CTX *lp_talloc; |