1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

param: Add 'binddns dir' parameter

This allows to us to have restricted access to the directory by the group
'named' which bind is a member of.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2017-08-10 15:04:08 +02:00 committed by Jeremy Allison
parent 3b1aa2ca5f
commit 4c9608fb27
9 changed files with 33 additions and 0 deletions

View File

@ -108,6 +108,7 @@ def write_build_options_header(fp):
fp.write(" output(screen,\" PIDDIR: %s\\n\", get_dyn_PIDDIR());\n") fp.write(" output(screen,\" PIDDIR: %s\\n\", get_dyn_PIDDIR());\n")
fp.write(" output(screen,\" SMB_PASSWD_FILE: %s\\n\",get_dyn_SMB_PASSWD_FILE());\n") fp.write(" output(screen,\" SMB_PASSWD_FILE: %s\\n\",get_dyn_SMB_PASSWD_FILE());\n")
fp.write(" output(screen,\" PRIVATE_DIR: %s\\n\",get_dyn_PRIVATE_DIR());\n") fp.write(" output(screen,\" PRIVATE_DIR: %s\\n\",get_dyn_PRIVATE_DIR());\n")
fp.write(" output(screen,\" BINDDNS_DIR: %s\\n\",get_dyn_BINDDNS_DIR());\n")
fp.write("\n") fp.write("\n")
def write_build_options_footer(fp): def write_build_options_footer(fp):

View File

@ -11,6 +11,7 @@ echo "<!DOCTYPE section [
<!ENTITY pathconfig.PIDDIR '\${prefix}/var/run'> <!ENTITY pathconfig.PIDDIR '\${prefix}/var/run'>
<!ENTITY pathconfig.STATEDIR '\${prefix}/var/locks'> <!ENTITY pathconfig.STATEDIR '\${prefix}/var/locks'>
<!ENTITY pathconfig.PRIVATE_DIR '\${prefix}/private'> <!ENTITY pathconfig.PRIVATE_DIR '\${prefix}/private'>
<!ENTITY pathconfig.BINDDNS_DIR '\${prefix}/bind-dns'>
<!ENTITY pathconfig.SMB_PASSWD_FILE '\${prefix}/private/smbpasswd'> <!ENTITY pathconfig.SMB_PASSWD_FILE '\${prefix}/private/smbpasswd'>
<!ENTITY pathconfig.WINBINDD_SOCKET_DIR '\${prefix}/var/run/winbindd'> <!ENTITY pathconfig.WINBINDD_SOCKET_DIR '\${prefix}/var/run/winbindd'>
<!ENTITY pathconfig.CACHEDIR '\${prefix}/var/cache'> <!ENTITY pathconfig.CACHEDIR '\${prefix}/var/cache'>

View File

@ -0,0 +1,18 @@
<samba:parameter name="binddns dir"
context="G"
type="string"
constant="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>bind dns directory</synonym>
<description>
<para>
This parameters defines the directory samba will use to store the configuration
files for bind, such as named.conf.
NOTE: The bind dns directory needs to be on the same mount point as the private
directory!
</para>
</description>
<value type="default">&pathconfig.BINDDNS_DIR;</value>
</samba:parameter>

View File

@ -95,6 +95,7 @@ DEFINE_DYN_CONFIG_PARAM(PIDDIR)
DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR) DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR)
DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE) DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE)
DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR) DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR)
DEFINE_DYN_CONFIG_PARAM(BINDDNS_DIR)
DEFINE_DYN_CONFIG_PARAM(LOCALEDIR) DEFINE_DYN_CONFIG_PARAM(LOCALEDIR)
DEFINE_DYN_CONFIG_PARAM(NMBDSOCKETDIR) DEFINE_DYN_CONFIG_PARAM(NMBDSOCKETDIR)
DEFINE_DYN_CONFIG_PARAM(DATADIR) DEFINE_DYN_CONFIG_PARAM(DATADIR)

View File

@ -46,6 +46,7 @@ DEFINE_DYN_CONFIG_PROTO(PIDDIR)
DEFINE_DYN_CONFIG_PROTO(NCALRPCDIR) DEFINE_DYN_CONFIG_PROTO(NCALRPCDIR)
DEFINE_DYN_CONFIG_PROTO(SMB_PASSWD_FILE) DEFINE_DYN_CONFIG_PROTO(SMB_PASSWD_FILE)
DEFINE_DYN_CONFIG_PROTO(PRIVATE_DIR) DEFINE_DYN_CONFIG_PROTO(PRIVATE_DIR)
DEFINE_DYN_CONFIG_PROTO(BINDDNS_DIR)
DEFINE_DYN_CONFIG_PROTO(LOCALEDIR) DEFINE_DYN_CONFIG_PROTO(LOCALEDIR)
DEFINE_DYN_CONFIG_PROTO(NMBDSOCKETDIR) DEFINE_DYN_CONFIG_PROTO(NMBDSOCKETDIR)
DEFINE_DYN_CONFIG_PROTO(DATADIR) DEFINE_DYN_CONFIG_PROTO(DATADIR)

View File

@ -192,6 +192,12 @@ dynconfig = {
'OPTION': '--with-statedir', 'OPTION': '--with-statedir',
'HELPTEXT': 'Where to put persistent state files', 'HELPTEXT': 'Where to put persistent state files',
}, },
'BINDDNS_DIR' : {
'STD-PATH': '${LOCALSTATEDIR}/lib',
'FHS-PATH': '${LOCALSTATEDIR}/lib/samba/bind-dns',
'OPTION': '--with-bind-dns-dir',
'HELPTEXT': 'bind-dns config directory',
},
'CACHEDIR' : { 'CACHEDIR' : {
'STD-PATH': '${LOCALSTATEDIR}/cache', 'STD-PATH': '${LOCALSTATEDIR}/cache',
'FHS-PATH': '${LOCALSTATEDIR}/cache/samba', 'FHS-PATH': '${LOCALSTATEDIR}/cache/samba',
@ -419,6 +425,7 @@ def build(bld):
bld.INSTALL_DIR("${LOGFILEBASE}") bld.INSTALL_DIR("${LOGFILEBASE}")
bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}") bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700) bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700)
bld.INSTALL_DIR("${BINDDNS_DIR}", 0o770)
bld.INSTALL_DIR("${STATEDIR}") bld.INSTALL_DIR("${STATEDIR}")
bld.INSTALL_DIR("${CACHEDIR}") bld.INSTALL_DIR("${CACHEDIR}")

View File

@ -2655,6 +2655,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
/* the winbind method for domain controllers is for both RODC /* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */ auth forwarding and for trusted domains */
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR); lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
lpcfg_do_global_parameter(lp_ctx, "binddns dir", dyn_BINDDNS_DIR);
lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb"); lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
/* This hive should be dynamically generated by Samba using /* This hive should be dynamically generated by Samba using

View File

@ -56,6 +56,7 @@ const char **lpcfg_interfaces(struct loadparm_context *);
const char *lpcfg_realm(struct loadparm_context *); const char *lpcfg_realm(struct loadparm_context *);
const char *lpcfg_netbios_name(struct loadparm_context *); const char *lpcfg_netbios_name(struct loadparm_context *);
const char *lpcfg_private_dir(struct loadparm_context *); const char *lpcfg_private_dir(struct loadparm_context *);
const char *lpcfg_binddns_dir(struct loadparm_context *);
int lpcfg_server_role(struct loadparm_context *); int lpcfg_server_role(struct loadparm_context *);
int lpcfg_allow_dns_updates(struct loadparm_context *); int lpcfg_allow_dns_updates(struct loadparm_context *);

View File

@ -550,6 +550,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
get_dyn_SMB_PASSWD_FILE()); get_dyn_SMB_PASSWD_FILE());
lpcfg_string_set(Globals.ctx, &Globals.private_dir, lpcfg_string_set(Globals.ctx, &Globals.private_dir,
get_dyn_PRIVATE_DIR()); get_dyn_PRIVATE_DIR());
lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
get_dyn_BINDDNS_DIR());
/* use the new 'hash2' method by default, with a prefix of 1 */ /* use the new 'hash2' method by default, with a prefix of 1 */
lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2"); lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");