summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/lib/db_wrap.c12
-rw-r--r--source4/lib/tls/tls.c28
-rw-r--r--source4/lib/util.c8
-rw-r--r--source4/param/loadparm.c14
4 files changed, 45 insertions, 17 deletions
diff --git a/source4/lib/db_wrap.c b/source4/lib/db_wrap.c
index b000225bbf..c0240aa62d 100644
--- a/source4/lib/db_wrap.c
+++ b/source4/lib/db_wrap.c
@@ -83,7 +83,7 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
struct ldb_wrap *w;
int ret;
struct event_context *ev;
-
+ char *real_url = NULL;
for (w = ldb_list; w; w = w->next) {
if (strcmp(url, w->url) == 0) {
@@ -112,13 +112,21 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
talloc_free(ldb);
return NULL;
}
+
+ real_url = private_path(ldb, url);
+ if (real_url == NULL) {
+ talloc_free(ldb);
+ return NULL;
+ }
- ret = ldb_connect(ldb, url, flags, options);
+ ret = ldb_connect(ldb, real_url, flags, options);
if (ret == -1) {
talloc_free(ldb);
return NULL;
}
+ talloc_free(real_url);
+
w = talloc(ldb, struct ldb_wrap);
if (w == NULL) {
talloc_free(ldb);
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c
index f89e2f1028..12087639c1 100644
--- a/source4/lib/tls/tls.c
+++ b/source4/lib/tls/tls.c
@@ -309,17 +309,22 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
{
struct tls_params *params;
int ret;
- const char *keyfile = lp_tls_keyfile();
- const char *certfile = lp_tls_certfile();
- const char *cafile = lp_tls_cafile();
- const char *crlfile = lp_tls_crlfile();
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ const char *keyfile = private_path(tmp_ctx, lp_tls_keyfile());
+ const char *certfile = private_path(tmp_ctx, lp_tls_certfile());
+ const char *cafile = private_path(tmp_ctx, lp_tls_cafile());
+ const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile());
void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
params = talloc(mem_ctx, struct tls_params);
- if (params == NULL) return NULL;
+ if (params == NULL) {
+ talloc_free(tmp_ctx);
+ return NULL;
+ }
if (!lp_tls_enabled() || keyfile == NULL || *keyfile == 0) {
params->tls_enabled = False;
+ talloc_free(tmp_ctx);
return params;
}
@@ -371,11 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
params->tls_enabled = True;
+ talloc_free(tmp_ctx);
return params;
init_failed:
DEBUG(0,("GNUTLS failed to initialise - %s\n", gnutls_strerror(ret)));
params->tls_enabled = False;
+ talloc_free(tmp_ctx);
return params;
}
@@ -450,6 +457,8 @@ struct tls_context *tls_init_client(struct socket_context *socket,
struct tls_context *tls;
int ret;
const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+ char *cafile;
+
tls = talloc(socket, struct tls_context);
if (tls == NULL) return NULL;
@@ -461,11 +470,16 @@ struct tls_context *tls_init_client(struct socket_context *socket,
return tls;
}
+ cafile = private_path(tls, lp_tls_cafile());
+ if (!cafile || !*cafile) {
+ goto failed;
+ }
+
gnutls_global_init();
gnutls_certificate_allocate_credentials(&tls->xcred);
- gnutls_certificate_set_x509_trust_file(tls->xcred, lp_tls_cafile(),
- GNUTLS_X509_FMT_PEM);
+ gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
+ talloc_free(cafile);
TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
TLSCHECK(gnutls_set_default_priority(tls->session));
gnutls_certificate_type_set_priority(tls->session, cert_type_priority);
diff --git a/source4/lib/util.c b/source4/lib/util.c
index ba2c0e1ae4..308d1b6f45 100644
--- a/source4/lib/util.c
+++ b/source4/lib/util.c
@@ -657,13 +657,19 @@ char *lib_path(TALLOC_CTX* mem_ctx, const char *name)
* @brief Returns an absolute path to a file in the Samba private directory.
*
* @param name File to find, relative to PRIVATEDIR.
+ * if name is not relative, then use it as-is
*
* @retval Pointer to a talloc'ed string containing the full path.
**/
-
char *private_path(TALLOC_CTX* mem_ctx, const char *name)
{
char *fname;
+ if (name == NULL) {
+ return NULL;
+ }
+ if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) {
+ return talloc_strdup(mem_ctx, name);
+ }
fname = talloc_asprintf(mem_ctx, "%s/%s", lp_private_dir(), name);
return fname;
}
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index d59d4efadf..80f7709280 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -931,10 +931,10 @@ static void init_globals(void)
do_parameter("auth methods", "anonymous sam_ignoredomain");
do_parameter("smb passwd file", dyn_SMB_PASSWD_FILE);
do_parameter("private dir", dyn_PRIVATE_DIR);
- do_parameter_var("sam database", "tdb://%s/sam.ldb", dyn_PRIVATE_DIR);
- do_parameter_var("spoolss database", "tdb://%s/spoolss.ldb", dyn_PRIVATE_DIR);
- do_parameter_var("wins database", "tdb://%s/wins.ldb", dyn_PRIVATE_DIR);
- do_parameter_var("registry:HKEY_LOCAL_MACHINE", "ldb:/%s/hklm.ldb", dyn_PRIVATE_DIR);
+ do_parameter("sam database", "sam.ldb");
+ do_parameter("spoolss database", "spoolss.ldb");
+ do_parameter("wins database", "wins.ldb");
+ do_parameter("registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
do_parameter("guest account", GUEST_ACCOUNT);
/* using UTF8 by default allows us to support all chars */
@@ -1056,9 +1056,9 @@ static void init_globals(void)
do_parameter("min wins ttl", "10");
do_parameter("tls enabled", "True");
- do_parameter_var("tls keyfile", "%s/tls/key.pem", dyn_PRIVATE_DIR);
- do_parameter_var("tls certfile", "%s/tls/cert.pem", dyn_PRIVATE_DIR);
- do_parameter_var("tls cafile", "%s/tls/ca.pem", dyn_PRIVATE_DIR);
+ do_parameter("tls keyfile", "tls/key.pem");
+ do_parameter("tls certfile", "tls/cert.pem");
+ do_parameter("tls cafile", "tls/ca.pem");
}
static TALLOC_CTX *lp_talloc;