diff options
Diffstat (limited to 'source4/lib')
-rw-r--r-- | source4/lib/db_wrap.c | 12 | ||||
-rw-r--r-- | source4/lib/tls/tls.c | 28 | ||||
-rw-r--r-- | source4/lib/util.c | 8 |
3 files changed, 38 insertions, 10 deletions
diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c index b000225bbf..c0240aa62d 100644 --- a/source4/lib/db_wrap.c +++ b/source4/lib/db_wrap.c @@ -83,7 +83,7 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, struct ldb_wrap *w; int ret; struct event_context *ev; - + char *real_url = NULL; for (w = ldb_list; w; w = w->next) { if (strcmp(url, w->url) == 0) { @@ -112,13 +112,21 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, talloc_free(ldb); return NULL; } + + real_url = private_path(ldb, url); + if (real_url == NULL) { + talloc_free(ldb); + return NULL; + } - ret = ldb_connect(ldb, url, flags, options); + ret = ldb_connect(ldb, real_url, flags, options); if (ret == -1) { talloc_free(ldb); return NULL; } + talloc_free(real_url); + w = talloc(ldb, struct ldb_wrap); if (w == NULL) { talloc_free(ldb); diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c index f89e2f1028..12087639c1 100644 --- a/source4/lib/tls/tls.c +++ b/source4/lib/tls/tls.c @@ -309,17 +309,22 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) { struct tls_params *params; int ret; - const char *keyfile = lp_tls_keyfile(); - const char *certfile = lp_tls_certfile(); - const char *cafile = lp_tls_cafile(); - const char *crlfile = lp_tls_crlfile(); + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + const char *keyfile = private_path(tmp_ctx, lp_tls_keyfile()); + const char *certfile = private_path(tmp_ctx, lp_tls_certfile()); + const char *cafile = private_path(tmp_ctx, lp_tls_cafile()); + const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile()); void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *); params = talloc(mem_ctx, struct tls_params); - if (params == NULL) return NULL; + if (params == NULL) { + talloc_free(tmp_ctx); + return NULL; + } if (!lp_tls_enabled() || keyfile == NULL || *keyfile == 0) { params->tls_enabled = False; + talloc_free(tmp_ctx); return params; } @@ -371,11 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) params->tls_enabled = True; + talloc_free(tmp_ctx); return params; init_failed: DEBUG(0,("GNUTLS failed to initialise - %s\n", gnutls_strerror(ret))); params->tls_enabled = False; + talloc_free(tmp_ctx); return params; } @@ -450,6 +457,8 @@ struct tls_context *tls_init_client(struct socket_context *socket, struct tls_context *tls; int ret; const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + char *cafile; + tls = talloc(socket, struct tls_context); if (tls == NULL) return NULL; @@ -461,11 +470,16 @@ struct tls_context *tls_init_client(struct socket_context *socket, return tls; } + cafile = private_path(tls, lp_tls_cafile()); + if (!cafile || !*cafile) { + goto failed; + } + gnutls_global_init(); gnutls_certificate_allocate_credentials(&tls->xcred); - gnutls_certificate_set_x509_trust_file(tls->xcred, lp_tls_cafile(), - GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM); + talloc_free(cafile); TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT)); TLSCHECK(gnutls_set_default_priority(tls->session)); gnutls_certificate_type_set_priority(tls->session, cert_type_priority); diff --git a/source4/lib/util.c b/source4/lib/util.c index ba2c0e1ae4..308d1b6f45 100644 --- a/source4/lib/util.c +++ b/source4/lib/util.c @@ -657,13 +657,19 @@ char *lib_path(TALLOC_CTX* mem_ctx, const char *name) * @brief Returns an absolute path to a file in the Samba private directory. * * @param name File to find, relative to PRIVATEDIR. + * if name is not relative, then use it as-is * * @retval Pointer to a talloc'ed string containing the full path. **/ - char *private_path(TALLOC_CTX* mem_ctx, const char *name) { char *fname; + if (name == NULL) { + return NULL; + } + if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) { + return talloc_strdup(mem_ctx, name); + } fname = talloc_asprintf(mem_ctx, "%s/%s", lp_private_dir(), name); return fname; } |