s4:bind_dlz: Use the 'binddns dir' if possible

The code makes sure we are backwards compatible. It will first check if
we still have files in the private directory, if yes it will use those.

If the the file is not in the private directory it will try the binddns
dir.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

selftest/selftest.pl

@@ -512,6 +512,12 @@ sub write_clientconf($$$)
 	        mkdir("$clientdir/private", 0777);
 	}
 
+	if ( -d "$clientdir/bind-dns" ) {
+	        unlink <$clientdir/bind-dns/*>;
+	} else {
+	        mkdir("$clientdir/bind-dns", 0777);
+	}
+
 	if ( -d "$clientdir/lockdir" ) {
 	        unlink <$clientdir/lockdir/*>;
 	} else {
@@ -595,6 +601,7 @@ sub write_clientconf($$$)
 	}
 	print CF "
 	private dir = $clientdir/private
+	binddns dir = $clientdir/bind-dns
 	lock dir = $clientdir/lockdir
 	state directory = $clientdir/statedir
 	cache directory = $clientdir/cachedir

selftest/target/Samba3.pm

@@ -1425,6 +1425,9 @@ sub provision($$$$$$$$$)
 	my $privatedir="$prefix_abs/private";
 	push(@dirs,$privatedir);
 
+	my $binddnsdir = "$prefix_abs/bind-dns";
+	push(@dirs, $binddnsdir);
+
 	my $lockdir="$prefix_abs/lockdir";
 	push(@dirs,$lockdir);
 
@@ -1674,6 +1677,7 @@ sub provision($$$$$$$$$)
 	workgroup = $domain
 
 	private dir = $privatedir
+	binddns dir = $binddnsdir
 	pid directory = $piddir
 	lock directory = $lockdir
 	log file = $logdir/log.\%m

selftest/target/Samba4.pm

@@ -467,6 +467,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
 	$ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache";
 	$ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf";
 	$ctx->{privatedir} = "$prefix_abs/private";
+	$ctx->{binddnsdir} = "$prefix_abs/bind-dns";
 	$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
 	$ctx->{lockdir} = "$prefix_abs/lockdir";
 	$ctx->{logdir} = "$prefix_abs/logs";
@@ -494,6 +495,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
 	$ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64";
 
 	push(@{$ctx->{directories}}, $ctx->{privatedir});
+	push(@{$ctx->{directories}}, $ctx->{binddnsdir});
 	push(@{$ctx->{directories}}, $ctx->{etcdir});
 	push(@{$ctx->{directories}}, $ctx->{piddir});
 	push(@{$ctx->{directories}}, $ctx->{lockdir});
@@ -584,6 +586,7 @@ sub provision_raw_step1($$)
 	workgroup = $ctx->{domain}
 	realm = $ctx->{realm}
 	private dir = $ctx->{privatedir}
+	binddns dir = $ctx->{binddnsdir}
 	pid directory = $ctx->{piddir}
 	ncalrpc dir = $ctx->{ncalrpcdir}
 	lock dir = $ctx->{lockdir}
@@ -725,6 +728,7 @@ nogroup:x:65534:nobody
 		STATEDIR => $ctx->{statedir},
 		CACHEDIR => $ctx->{cachedir},
 		PRIVATEDIR => $ctx->{privatedir},
+		BINDDNSDIR => $ctx->{binddnsdir},
 		SERVERCONFFILE => $ctx->{smb_conf},
 		CONFIGURATION => $configuration,
 		SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},

source4/dns_server/dlz_bind9.c

@@ -682,11 +682,23 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
 	}
 
 	if (state->options.url == NULL) {
-		state->options.url = lpcfg_private_path(state, state->lp, "dns/sam.ldb");
+		state->options.url = lpcfg_private_path(state,
+							state->lp,
+							"dns/sam.ldb");
 		if (state->options.url == NULL) {
 			result = ISC_R_NOMEMORY;
 			goto failed;
 		}
+
+		if (!file_exist(state->options.url)) {
+			state->options.url = talloc_asprintf(state,
+							     "%s/dns/sam.ldb",
+							     lpcfg_binddns_dir(state->lp));
+			if (state->options.url == NULL) {
+				result = ISC_R_NOMEMORY;
+				goto failed;
+			}
+		}
 	}
 
 	state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp,
@@ -1266,6 +1278,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
 	DATA_BLOB ap_req;
 	struct cli_credentials *server_credentials;
 	char *keytab_name;
+	char *keytab_file = NULL;
 	int ret;
 	int ldb_ret;
 	NTSTATUS nt_status;
@@ -1307,8 +1320,33 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
 	cli_credentials_set_krb5_context(server_credentials, state->smb_krb5_ctx);
 	cli_credentials_set_conf(server_credentials, state->lp);
 
-	keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s/dns.keytab",
-					lpcfg_private_dir(state->lp));
+	keytab_file = talloc_asprintf(tmp_ctx,
+				      "%s/dns.keytab",
+				      lpcfg_private_dir(state->lp));
+	if (keytab_file == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+		talloc_free(tmp_ctx);
+		return ISC_FALSE;
+	}
+
+	if (!file_exist(keytab_file)) {
+		keytab_file = talloc_asprintf(tmp_ctx,
+					      "%s/dns.keytab",
+					      lpcfg_binddns_dir(state->lp));
+		if (keytab_file == NULL) {
+			state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+			talloc_free(tmp_ctx);
+			return ISC_FALSE;
+		}
+	}
+
+	keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s", keytab_file);
+	if (keytab_name == NULL) {
+		state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+		talloc_free(tmp_ctx);
+		return ISC_FALSE;
+	}
+
 	ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name,
 						CRED_SPECIFIED);
 	if (ret != 0) {

source4/dsdb/dns/dns_update.c

@@ -170,16 +170,56 @@ static void dnsupdate_rebuild(struct dnsupdate_service *service)
 
 	path = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "path");
 	if (path == NULL) {
-		path = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update");
+		path = lpcfg_private_path(tmp_ctx,
+					  service->task->lp_ctx,
+					  "named.conf.update");
+		if (path == NULL) {
+			DBG_ERR("Out of memory!");
+			talloc_free(tmp_ctx);
+			return;
+		}
+
+		/*
+		 * If the file doesn't exist, we provisioned in a the new
+		 * bind-dns directory
+		 */
+		if (!file_exist(path)) {
+			path = talloc_asprintf(tmp_ctx,
+					       "%s/named.conf.update",
+					       lpcfg_binddns_dir(service->task->lp_ctx));
+			if (path == NULL) {
+				DBG_ERR("Out of memory!");
+				talloc_free(tmp_ctx);
+				return;
+			}
+		}
 	}
 
 	path_static = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "extra_static_grant_rules");
 	if (path_static == NULL) {
-		path_static = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update.static");
+		path_static = lpcfg_private_path(tmp_ctx,
+						 service->task->lp_ctx,
+						 "named.conf.update.static");
+		if (path_static == NULL) {
+			DBG_ERR("Out of memory!");
+			talloc_free(tmp_ctx);
+			return;
+		}
+
+		if (!file_exist(path_static)) {
+			path_static = talloc_asprintf(tmp_ctx,
+						      "%s/named.conf.update.static",
+						      lpcfg_binddns_dir(service->task->lp_ctx));
+			if (path_static == NULL) {
+				DBG_ERR("Out of memory!");
+				talloc_free(tmp_ctx);
+				return;
+			}
+		}
 	}
 
 	tmp_path = talloc_asprintf(tmp_ctx, "%s.tmp", path);
-	if (path == NULL || tmp_path == NULL || path_static == NULL ) {
+	if (tmp_path == NULL) {
 		DEBUG(0,(__location__ ": Unable to get paths\n"));
 		talloc_free(tmp_ctx);
 		return;

source4/torture/dns/dlz_bind9.c

@@ -19,7 +19,7 @@
 
 #include "includes.h"
 #include "torture/smbtorture.h"
-#include "dlz_minimal.h"
+#include "dns_server/dlz_minimal.h"
 #include <talloc.h>
 #include <ldb.h>
 #include "lib/param/param.h"
@@ -54,13 +54,22 @@ static bool test_dlz_bind9_version(struct torture_context *tctx)
 	return true;
 }
 
+static char *test_dlz_bind9_binddns_dir(struct torture_context *tctx,
+					const char *file)
+{
+	return talloc_asprintf(tctx,
+			       "%s/%s",
+			       lpcfg_binddns_dir(tctx->lp_ctx),
+			       file);
+}
+
 static bool test_dlz_bind9_create(struct torture_context *tctx)
 {
 	void *dbdata;
 	const char *argv[] = {
 		"samba_dlz",
 		"-H",
-		lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+		test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
 		NULL
 	};
 	tctx_static = tctx;
@@ -79,7 +88,8 @@ static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
 	struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
 	struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
 						      system_session(tctx->lp_ctx),
-						      0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"));
+						      0,
+						      test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"));
 	struct ldb_message *msg;
 	int ret;
 	const char *attrs[] = {
@@ -108,7 +118,7 @@ static bool test_dlz_bind9_configure(struct torture_context *tctx)
 	const char *argv[] = {
 		"samba_dlz",
 		"-H",
-		lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+		test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
 		NULL
 	};
 	tctx_static = tctx;
@@ -143,7 +153,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
 	const char *argv[] = {
 		"samba_dlz",
 		"-H",
-		lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+		test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
 		NULL
 	};
 	tctx_static = tctx;
@@ -323,7 +333,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx)
 	const char *argv[] = {
 		"samba_dlz",
 		"-H",
-		lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+		test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
 		NULL
 	};
 	struct test_expected_rr *expected1 = NULL;
@@ -448,7 +458,7 @@ static bool test_dlz_bind9_zonedump(struct torture_context *tctx)
 	const char *argv[] = {
 		"samba_dlz",
 		"-H",
-		lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+		test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
 		NULL
 	};
 	struct test_expected_rr *expected1 = NULL;
@@ -560,7 +570,7 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx)
 	const char *argv[] = {
 		"samba_dlz",
 		"-H",
-		lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+		test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
 		NULL
 	};
 	struct test_expected_rr *expected1 = NULL;