r7912: make private_path() recognise a non-relative filename, so we can have

sam database = sam.ldb

and it will know to put it in the private dir, but if you use

  sam database = ldap://server

it knows to use it as-is

source/lib/db_wrap.c

@@ -83,7 +83,7 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
 	struct ldb_wrap *w;
 	int ret;
 	struct event_context *ev;
-
+	char *real_url = NULL;
 
 	for (w = ldb_list; w; w = w->next) {
 		if (strcmp(url, w->url) == 0) {
@@ -112,13 +112,21 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx,
 		talloc_free(ldb);
 		return NULL;
 	}
+
+	real_url = private_path(ldb, url);
+	if (real_url == NULL) {
+		talloc_free(ldb);
+		return NULL;
+	}
 	
-	ret = ldb_connect(ldb, url, flags, options);
+	ret = ldb_connect(ldb, real_url, flags, options);
 	if (ret == -1) {
 		talloc_free(ldb);
 		return NULL;
 	}
 
+	talloc_free(real_url);
+
 	w = talloc(ldb, struct ldb_wrap);
 	if (w == NULL) {
 		talloc_free(ldb);

source/lib/tls/tls.c

@@ -309,17 +309,22 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
 {
 	struct tls_params *params;
 	int ret;
-	const char *keyfile = lp_tls_keyfile();
+	TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-	const char *certfile = lp_tls_certfile();
+	const char *keyfile = private_path(tmp_ctx, lp_tls_keyfile());
-	const char *cafile = lp_tls_cafile();
+	const char *certfile = private_path(tmp_ctx, lp_tls_certfile());
-	const char *crlfile = lp_tls_crlfile();
+	const char *cafile = private_path(tmp_ctx, lp_tls_cafile());
+	const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile());
 	void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *);
 
 	params = talloc(mem_ctx, struct tls_params);
-	if (params == NULL) return NULL;
+	if (params == NULL) {
+		talloc_free(tmp_ctx);
+		return NULL;
+	}
 
 	if (!lp_tls_enabled() || keyfile == NULL || *keyfile == 0) {
 		params->tls_enabled = False;
+		talloc_free(tmp_ctx);
 		return params;
 	}
 
@@ -371,11 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx)
 
 	params->tls_enabled = True;
 
+	talloc_free(tmp_ctx);
 	return params;
 
 init_failed:
 	DEBUG(0,("GNUTLS failed to initialise - %s\n", gnutls_strerror(ret)));
 	params->tls_enabled = False;
+	talloc_free(tmp_ctx);
 	return params;
 }
 
@@ -450,6 +457,8 @@ struct tls_context *tls_init_client(struct socket_context *socket,
 	struct tls_context *tls;
 	int ret;
 	const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 };
+	char *cafile;
+
 	tls = talloc(socket, struct tls_context);
 	if (tls == NULL) return NULL;
 
@@ -461,11 +470,16 @@ struct tls_context *tls_init_client(struct socket_context *socket,
 		return tls;
 	}
 
+	cafile = private_path(tls, lp_tls_cafile());
+	if (!cafile || !*cafile) {
+		goto failed;
+	}
+
 	gnutls_global_init();
 
 	gnutls_certificate_allocate_credentials(&tls->xcred);
-	gnutls_certificate_set_x509_trust_file(tls->xcred, lp_tls_cafile(),
+	gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM);
-					       GNUTLS_X509_FMT_PEM);
+	talloc_free(cafile);
 	TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT));
 	TLSCHECK(gnutls_set_default_priority(tls->session));
 	gnutls_certificate_type_set_priority(tls->session, cert_type_priority);

source/lib/util.c

@@ -657,13 +657,19 @@ char *lib_path(TALLOC_CTX* mem_ctx, const char *name)
  * @brief Returns an absolute path to a file in the Samba private directory.
  *
  * @param name File to find, relative to PRIVATEDIR.
+ * if name is not relative, then use it as-is
  *
  * @retval Pointer to a talloc'ed string containing the full path.
  **/
-
 char *private_path(TALLOC_CTX* mem_ctx, const char *name)
 {
 	char *fname;
+	if (name == NULL) {
+		return NULL;
+	}
+	if (name[0] == 0 || name[0] == '/' || strstr(name, ":/")) {
+		return talloc_strdup(mem_ctx, name);
+	}
 	fname = talloc_asprintf(mem_ctx, "%s/%s", lp_private_dir(), name);
 	return fname;
 }

source/param/loadparm.c

@@ -931,10 +931,10 @@ static void init_globals(void)
 	do_parameter("auth methods", "anonymous sam_ignoredomain");
 	do_parameter("smb passwd file", dyn_SMB_PASSWD_FILE);
 	do_parameter("private dir", dyn_PRIVATE_DIR);
-	do_parameter_var("sam database", "tdb://%s/sam.ldb", dyn_PRIVATE_DIR);
+	do_parameter("sam database", "sam.ldb");
-	do_parameter_var("spoolss database", "tdb://%s/spoolss.ldb", dyn_PRIVATE_DIR);
+	do_parameter("spoolss database", "spoolss.ldb");
-	do_parameter_var("wins database", "tdb://%s/wins.ldb", dyn_PRIVATE_DIR);
+	do_parameter("wins database", "wins.ldb");
-	do_parameter_var("registry:HKEY_LOCAL_MACHINE", "ldb:/%s/hklm.ldb", dyn_PRIVATE_DIR);
+	do_parameter("registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
 	do_parameter("guest account", GUEST_ACCOUNT);
 
 	/* using UTF8 by default allows us to support all chars */
@@ -1056,9 +1056,9 @@ static void init_globals(void)
 	do_parameter("min wins ttl", "10");
 
 	do_parameter("tls enabled", "True");
-	do_parameter_var("tls keyfile", "%s/tls/key.pem", dyn_PRIVATE_DIR);
+	do_parameter("tls keyfile", "tls/key.pem");
-	do_parameter_var("tls certfile", "%s/tls/cert.pem", dyn_PRIVATE_DIR);
+	do_parameter("tls certfile", "tls/cert.pem");
-	do_parameter_var("tls cafile", "%s/tls/ca.pem", dyn_PRIVATE_DIR);
+	do_parameter("tls cafile", "tls/ca.pem");
 }
 
 static TALLOC_CTX *lp_talloc;