mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
param: Add 'binddns dir' parameter
This allows to us to have restricted access to the directory by the group 'named' which bind is a member of. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
This commit is contained in:
parent
3b1aa2ca5f
commit
4c9608fb27
@ -108,6 +108,7 @@ def write_build_options_header(fp):
|
|||||||
fp.write(" output(screen,\" PIDDIR: %s\\n\", get_dyn_PIDDIR());\n")
|
fp.write(" output(screen,\" PIDDIR: %s\\n\", get_dyn_PIDDIR());\n")
|
||||||
fp.write(" output(screen,\" SMB_PASSWD_FILE: %s\\n\",get_dyn_SMB_PASSWD_FILE());\n")
|
fp.write(" output(screen,\" SMB_PASSWD_FILE: %s\\n\",get_dyn_SMB_PASSWD_FILE());\n")
|
||||||
fp.write(" output(screen,\" PRIVATE_DIR: %s\\n\",get_dyn_PRIVATE_DIR());\n")
|
fp.write(" output(screen,\" PRIVATE_DIR: %s\\n\",get_dyn_PRIVATE_DIR());\n")
|
||||||
|
fp.write(" output(screen,\" BINDDNS_DIR: %s\\n\",get_dyn_BINDDNS_DIR());\n")
|
||||||
fp.write("\n")
|
fp.write("\n")
|
||||||
|
|
||||||
def write_build_options_footer(fp):
|
def write_build_options_footer(fp):
|
||||||
|
@ -11,6 +11,7 @@ echo "<!DOCTYPE section [
|
|||||||
<!ENTITY pathconfig.PIDDIR '\${prefix}/var/run'>
|
<!ENTITY pathconfig.PIDDIR '\${prefix}/var/run'>
|
||||||
<!ENTITY pathconfig.STATEDIR '\${prefix}/var/locks'>
|
<!ENTITY pathconfig.STATEDIR '\${prefix}/var/locks'>
|
||||||
<!ENTITY pathconfig.PRIVATE_DIR '\${prefix}/private'>
|
<!ENTITY pathconfig.PRIVATE_DIR '\${prefix}/private'>
|
||||||
|
<!ENTITY pathconfig.BINDDNS_DIR '\${prefix}/bind-dns'>
|
||||||
<!ENTITY pathconfig.SMB_PASSWD_FILE '\${prefix}/private/smbpasswd'>
|
<!ENTITY pathconfig.SMB_PASSWD_FILE '\${prefix}/private/smbpasswd'>
|
||||||
<!ENTITY pathconfig.WINBINDD_SOCKET_DIR '\${prefix}/var/run/winbindd'>
|
<!ENTITY pathconfig.WINBINDD_SOCKET_DIR '\${prefix}/var/run/winbindd'>
|
||||||
<!ENTITY pathconfig.CACHEDIR '\${prefix}/var/cache'>
|
<!ENTITY pathconfig.CACHEDIR '\${prefix}/var/cache'>
|
||||||
|
18
docs-xml/smbdotconf/security/binddnsdir.xml
Normal file
18
docs-xml/smbdotconf/security/binddnsdir.xml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
<samba:parameter name="binddns dir"
|
||||||
|
context="G"
|
||||||
|
type="string"
|
||||||
|
constant="1"
|
||||||
|
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
|
||||||
|
<synonym>bind dns directory</synonym>
|
||||||
|
<description>
|
||||||
|
<para>
|
||||||
|
This parameters defines the directory samba will use to store the configuration
|
||||||
|
files for bind, such as named.conf.
|
||||||
|
|
||||||
|
NOTE: The bind dns directory needs to be on the same mount point as the private
|
||||||
|
directory!
|
||||||
|
</para>
|
||||||
|
</description>
|
||||||
|
|
||||||
|
<value type="default">&pathconfig.BINDDNS_DIR;</value>
|
||||||
|
</samba:parameter>
|
@ -95,6 +95,7 @@ DEFINE_DYN_CONFIG_PARAM(PIDDIR)
|
|||||||
DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR)
|
DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR)
|
||||||
DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE)
|
DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE)
|
||||||
DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR)
|
DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR)
|
||||||
|
DEFINE_DYN_CONFIG_PARAM(BINDDNS_DIR)
|
||||||
DEFINE_DYN_CONFIG_PARAM(LOCALEDIR)
|
DEFINE_DYN_CONFIG_PARAM(LOCALEDIR)
|
||||||
DEFINE_DYN_CONFIG_PARAM(NMBDSOCKETDIR)
|
DEFINE_DYN_CONFIG_PARAM(NMBDSOCKETDIR)
|
||||||
DEFINE_DYN_CONFIG_PARAM(DATADIR)
|
DEFINE_DYN_CONFIG_PARAM(DATADIR)
|
||||||
|
@ -46,6 +46,7 @@ DEFINE_DYN_CONFIG_PROTO(PIDDIR)
|
|||||||
DEFINE_DYN_CONFIG_PROTO(NCALRPCDIR)
|
DEFINE_DYN_CONFIG_PROTO(NCALRPCDIR)
|
||||||
DEFINE_DYN_CONFIG_PROTO(SMB_PASSWD_FILE)
|
DEFINE_DYN_CONFIG_PROTO(SMB_PASSWD_FILE)
|
||||||
DEFINE_DYN_CONFIG_PROTO(PRIVATE_DIR)
|
DEFINE_DYN_CONFIG_PROTO(PRIVATE_DIR)
|
||||||
|
DEFINE_DYN_CONFIG_PROTO(BINDDNS_DIR)
|
||||||
DEFINE_DYN_CONFIG_PROTO(LOCALEDIR)
|
DEFINE_DYN_CONFIG_PROTO(LOCALEDIR)
|
||||||
DEFINE_DYN_CONFIG_PROTO(NMBDSOCKETDIR)
|
DEFINE_DYN_CONFIG_PROTO(NMBDSOCKETDIR)
|
||||||
DEFINE_DYN_CONFIG_PROTO(DATADIR)
|
DEFINE_DYN_CONFIG_PROTO(DATADIR)
|
||||||
|
@ -192,6 +192,12 @@ dynconfig = {
|
|||||||
'OPTION': '--with-statedir',
|
'OPTION': '--with-statedir',
|
||||||
'HELPTEXT': 'Where to put persistent state files',
|
'HELPTEXT': 'Where to put persistent state files',
|
||||||
},
|
},
|
||||||
|
'BINDDNS_DIR' : {
|
||||||
|
'STD-PATH': '${LOCALSTATEDIR}/lib',
|
||||||
|
'FHS-PATH': '${LOCALSTATEDIR}/lib/samba/bind-dns',
|
||||||
|
'OPTION': '--with-bind-dns-dir',
|
||||||
|
'HELPTEXT': 'bind-dns config directory',
|
||||||
|
},
|
||||||
'CACHEDIR' : {
|
'CACHEDIR' : {
|
||||||
'STD-PATH': '${LOCALSTATEDIR}/cache',
|
'STD-PATH': '${LOCALSTATEDIR}/cache',
|
||||||
'FHS-PATH': '${LOCALSTATEDIR}/cache/samba',
|
'FHS-PATH': '${LOCALSTATEDIR}/cache/samba',
|
||||||
@ -419,6 +425,7 @@ def build(bld):
|
|||||||
bld.INSTALL_DIR("${LOGFILEBASE}")
|
bld.INSTALL_DIR("${LOGFILEBASE}")
|
||||||
bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
|
bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
|
||||||
bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700)
|
bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700)
|
||||||
|
bld.INSTALL_DIR("${BINDDNS_DIR}", 0o770)
|
||||||
bld.INSTALL_DIR("${STATEDIR}")
|
bld.INSTALL_DIR("${STATEDIR}")
|
||||||
bld.INSTALL_DIR("${CACHEDIR}")
|
bld.INSTALL_DIR("${CACHEDIR}")
|
||||||
|
|
||||||
|
@ -2655,6 +2655,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
|
|||||||
/* the winbind method for domain controllers is for both RODC
|
/* the winbind method for domain controllers is for both RODC
|
||||||
auth forwarding and for trusted domains */
|
auth forwarding and for trusted domains */
|
||||||
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
|
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
|
||||||
|
lpcfg_do_global_parameter(lp_ctx, "binddns dir", dyn_BINDDNS_DIR);
|
||||||
lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
|
lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
|
||||||
|
|
||||||
/* This hive should be dynamically generated by Samba using
|
/* This hive should be dynamically generated by Samba using
|
||||||
|
@ -56,6 +56,7 @@ const char **lpcfg_interfaces(struct loadparm_context *);
|
|||||||
const char *lpcfg_realm(struct loadparm_context *);
|
const char *lpcfg_realm(struct loadparm_context *);
|
||||||
const char *lpcfg_netbios_name(struct loadparm_context *);
|
const char *lpcfg_netbios_name(struct loadparm_context *);
|
||||||
const char *lpcfg_private_dir(struct loadparm_context *);
|
const char *lpcfg_private_dir(struct loadparm_context *);
|
||||||
|
const char *lpcfg_binddns_dir(struct loadparm_context *);
|
||||||
int lpcfg_server_role(struct loadparm_context *);
|
int lpcfg_server_role(struct loadparm_context *);
|
||||||
int lpcfg_allow_dns_updates(struct loadparm_context *);
|
int lpcfg_allow_dns_updates(struct loadparm_context *);
|
||||||
|
|
||||||
|
@ -550,6 +550,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
|
|||||||
get_dyn_SMB_PASSWD_FILE());
|
get_dyn_SMB_PASSWD_FILE());
|
||||||
lpcfg_string_set(Globals.ctx, &Globals.private_dir,
|
lpcfg_string_set(Globals.ctx, &Globals.private_dir,
|
||||||
get_dyn_PRIVATE_DIR());
|
get_dyn_PRIVATE_DIR());
|
||||||
|
lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
|
||||||
|
get_dyn_BINDDNS_DIR());
|
||||||
|
|
||||||
/* use the new 'hash2' method by default, with a prefix of 1 */
|
/* use the new 'hash2' method by default, with a prefix of 1 */
|
||||||
lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
|
lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
|
||||||
|
Loading…
Reference in New Issue
Block a user