rpms/samba
7
0
Fork 0
Code Issues Pull Requests Releases Activity
83f86d94f0
samba/samba-4.7.0-bind_dlz.patch
Andreas Schneider 0c4b24bb70 Create a seperate samba-dc-bind-dlz package 
resolves: #1476175
2017-09-12 16:25:15 +02:00

1622 lines
62 KiB
Diff
Raw Blame History

From 243e61516860869b2ae5548edeba5e4f6f0ea90a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Aug 2017 11:36:52 +0200
Subject: [PATCH 01/18] wafsamba: Add INSTALL_DIR function
The install_dir function in waf has been deprecated and it doesn't
support setting directory permissions. So we need to implement our own
function anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 59dc9eb776551ee73cc11e1c1215b311d5299d4d)
---
buildtools/wafsamba/wafsamba.py | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 1bdabf60640..b1e617916e0 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -885,6 +885,24 @@ def INSTALL_WILDCARD(bld, destdir, pattern, chmod=MODE_644, flat=False,
python_fixup=python_fixup, base_name=trim_path)
Build.BuildContext.INSTALL_WILDCARD = INSTALL_WILDCARD
+def INSTALL_DIR(bld, path, chmod=0o755):
+ """Install a directory if it doesn't exist, always set permissions."""
+
+ if not path:
+ return []
+
+ if bld.is_install > 0:
+ path = bld.EXPAND_VARIABLES(path)
+ if not os.path.isdir(path):
+ try:
+ os.makedirs(path)
+ os.chmod(path, chmod)
+ except OSError, e:
+ if not os.path.isdir(path):
+ raise Utils.WafError("Cannot create the folder '%s' (error: %s)" % (path, e))
+ else:
+ os.chmod(path, chmod)
+Build.BuildContext.INSTALL_DIR = INSTALL_DIR
def INSTALL_DIRS(bld, destdir, dirs):
'''install a set of directories'''
--
2.14.1
From ff41ba9856316974af3074e2025d26040c0ce5a3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Aug 2017 11:40:06 +0200
Subject: [PATCH 02/18] wafsamba: Call INSTALL_DIR in INSTALL_DIRS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4311332a073787f4ca24cd0b89685632cb29134c)
---
buildtools/wafsamba/wafsamba.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index b1e617916e0..57913af2bd7 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -904,12 +904,12 @@ def INSTALL_DIR(bld, path, chmod=0o755):
os.chmod(path, chmod)
Build.BuildContext.INSTALL_DIR = INSTALL_DIR
-def INSTALL_DIRS(bld, destdir, dirs):
+def INSTALL_DIRS(bld, destdir, dirs, chmod=0o755):
'''install a set of directories'''
destdir = bld.EXPAND_VARIABLES(destdir)
dirs = bld.EXPAND_VARIABLES(dirs)
for d in TO_LIST(dirs):
- bld.install_dir(os.path.join(destdir, d))
+ INSTALL_DIR(bld, os.path.join(destdir, d), chmod)
Build.BuildContext.INSTALL_DIRS = INSTALL_DIRS
--
2.14.1
From 646631300e6fc117944f012337c50f5058e273d4 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Aug 2017 11:42:46 +0200
Subject: [PATCH 03/18] dynconfig: Use INSTALL_DIR to create directories
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 24 09:29:05 CEST 2017 on sn-devel-144
(cherry picked from commit 3a719dc68c80fe28f8fc6eb1bed3eb3e581a86da)
---
dynconfig/wscript | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 4eaa4c0b0c4..7e9bde929d0 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -415,9 +415,12 @@ def build(bld):
cflags=cflags)
# install some extra empty directories
- bld.INSTALL_DIRS("", "${CONFIGDIR} ${PRIVATE_DIR} ${LOGFILEBASE}");
- bld.INSTALL_DIRS("", "${PRIVATE_DIR} ${PRIVILEGED_SOCKET_DIR}")
- bld.INSTALL_DIRS("", "${STATEDIR} ${CACHEDIR}");
+ bld.INSTALL_DIR("${CONFIGDIR}")
+ bld.INSTALL_DIR("${LOGFILEBASE}")
+ bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
+ bld.INSTALL_DIR("${PRIVATE_DIR}")
+ bld.INSTALL_DIR("${STATEDIR}")
+ bld.INSTALL_DIR("${CACHEDIR}")
# these might be on non persistent storage
bld.INSTALL_DIRS("", "${LOCKDIR} ${PIDDIR} ${SOCKET_DIR}")
--
2.14.1
From 4ad917b47a4738a01c17a432329a42db0785dc01 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Aug 2017 11:43:11 +0200
Subject: [PATCH 04/18] dynconfig: Change permission of the private dir to 0700
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 47c039792a8a00c0f2798ced162c393d4712f946)
---
dynconfig/wscript | 2 +-
python/samba/provision/__init__.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/dynconfig/wscript b/dynconfig/wscript
index 7e9bde929d0..ba0c896b90e 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -418,7 +418,7 @@ def build(bld):
bld.INSTALL_DIR("${CONFIGDIR}")
bld.INSTALL_DIR("${LOGFILEBASE}")
bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
- bld.INSTALL_DIR("${PRIVATE_DIR}")
+ bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700)
bld.INSTALL_DIR("${STATEDIR}")
bld.INSTALL_DIR("${CACHEDIR}")
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 2387931987e..91d2105929c 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -2065,7 +2065,7 @@ def provision(logger, session_info, smbconf=None,
serverrole = lp.get("server role")
if not os.path.exists(paths.private_dir):
- os.mkdir(paths.private_dir)
+ os.mkdir(paths.private_dir, 0o700)
if not os.path.exists(os.path.join(paths.private_dir, "tls")):
os.makedirs(os.path.join(paths.private_dir, "tls"), 0700)
if not os.path.exists(paths.state_dir):
--
2.14.1
From 3544517ace9fc3c36a27a87b1522ae644400d5f1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Fri, 11 Aug 2017 12:45:14 +0200
Subject: [PATCH 05/18] python:samba: Remove code to change group
This is the wrong place, it will just prepare the ldif. The file is not
created here.
The code is corrently changing the group in:
python/samba/provision/__init__.py
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 3b1aa2ca5f9ae151cd64579ed05c8fb766b1ec5d)
---
python/samba/provision/sambadns.py | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 961f37e16a6..dcb19c7053c 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -1199,16 +1199,6 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
key_version_number=key_version_number)
- dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
- if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
- try:
- os.chmod(dns_keytab_path, 0640)
- os.chown(dns_keytab_path, -1, paths.bind_gid)
- except OSError:
- if not os.environ.has_key('SAMBA_SELFTEST'):
- logger.info("Failed to chown %s to bind gid %u",
- dns_keytab_path, paths.bind_gid)
-
create_dns_dir(logger, paths)
if dns_backend == "BIND9_FLATFILE":
--
2.14.1
From 9a621d7ec02d4b857e0ea7fd9949601486dc8350 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Aug 2017 15:04:08 +0200
Subject: [PATCH 06/18] param: Add 'binddns dir' parameter
This allows to us to have restricted access to the directory by the group
'named' which bind is a member of.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 4c9608fb27b0f1bef846b72291ecb515045d3507)
---
buildtools/wafsamba/samba_patterns.py | 1 +
docs-xml/smbdotconf/generate-file-list.sh | 1 +
docs-xml/smbdotconf/security/binddnsdir.xml | 18 ++++++++++++++++++
dynconfig/dynconfig.c | 1 +
dynconfig/dynconfig.h | 1 +
dynconfig/wscript | 7 +++++++
lib/param/loadparm.c | 1 +
lib/param/param.h | 1 +
source3/param/loadparm.c | 2 ++
9 files changed, 33 insertions(+)
create mode 100644 docs-xml/smbdotconf/security/binddnsdir.xml
diff --git a/buildtools/wafsamba/samba_patterns.py b/buildtools/wafsamba/samba_patterns.py
index e809f26a095..2b939372fa4 100644
--- a/buildtools/wafsamba/samba_patterns.py
+++ b/buildtools/wafsamba/samba_patterns.py
@@ -108,6 +108,7 @@ def write_build_options_header(fp):
fp.write(" output(screen,\" PIDDIR: %s\\n\", get_dyn_PIDDIR());\n")
fp.write(" output(screen,\" SMB_PASSWD_FILE: %s\\n\",get_dyn_SMB_PASSWD_FILE());\n")
fp.write(" output(screen,\" PRIVATE_DIR: %s\\n\",get_dyn_PRIVATE_DIR());\n")
+ fp.write(" output(screen,\" BINDDNS_DIR: %s\\n\",get_dyn_BINDDNS_DIR());\n")
fp.write("\n")
def write_build_options_footer(fp):
diff --git a/docs-xml/smbdotconf/generate-file-list.sh b/docs-xml/smbdotconf/generate-file-list.sh
index 4a25f1e6d49..7ab1b7caf76 100755
--- a/docs-xml/smbdotconf/generate-file-list.sh
+++ b/docs-xml/smbdotconf/generate-file-list.sh
@@ -11,6 +11,7 @@ echo "<!DOCTYPE section [
<!ENTITY pathconfig.PIDDIR '\${prefix}/var/run'>
<!ENTITY pathconfig.STATEDIR '\${prefix}/var/locks'>
<!ENTITY pathconfig.PRIVATE_DIR '\${prefix}/private'>
+<!ENTITY pathconfig.BINDDNS_DIR '\${prefix}/bind-dns'>
<!ENTITY pathconfig.SMB_PASSWD_FILE '\${prefix}/private/smbpasswd'>
<!ENTITY pathconfig.WINBINDD_SOCKET_DIR '\${prefix}/var/run/winbindd'>
<!ENTITY pathconfig.CACHEDIR '\${prefix}/var/cache'>
diff --git a/docs-xml/smbdotconf/security/binddnsdir.xml b/docs-xml/smbdotconf/security/binddnsdir.xml
new file mode 100644
index 00000000000..c296a0ef81d
--- /dev/null
+++ b/docs-xml/smbdotconf/security/binddnsdir.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="binddns dir"
+ context="G"
+ type="string"
+ constant="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<synonym>bind dns directory</synonym>
+<description>
+ <para>
+ This parameters defines the directory samba will use to store the configuration
+ files for bind, such as named.conf.
+
+ NOTE: The bind dns directory needs to be on the same mount point as the private
+ directory!
+ </para>
+</description>
+
+<value type="default">&pathconfig.BINDDNS_DIR;</value>
+</samba:parameter>
diff --git a/dynconfig/dynconfig.c b/dynconfig/dynconfig.c
index e75d7db553a..e70a10f8cfe 100644
--- a/dynconfig/dynconfig.c
+++ b/dynconfig/dynconfig.c
@@ -95,6 +95,7 @@ DEFINE_DYN_CONFIG_PARAM(PIDDIR)
DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR)
DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE)
DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR)
+DEFINE_DYN_CONFIG_PARAM(BINDDNS_DIR)
DEFINE_DYN_CONFIG_PARAM(LOCALEDIR)
DEFINE_DYN_CONFIG_PARAM(NMBDSOCKETDIR)
DEFINE_DYN_CONFIG_PARAM(DATADIR)
diff --git a/dynconfig/dynconfig.h b/dynconfig/dynconfig.h
index 4d07c103d74..bdab2e8f242 100644
--- a/dynconfig/dynconfig.h
+++ b/dynconfig/dynconfig.h
@@ -46,6 +46,7 @@ DEFINE_DYN_CONFIG_PROTO(PIDDIR)
DEFINE_DYN_CONFIG_PROTO(NCALRPCDIR)
DEFINE_DYN_CONFIG_PROTO(SMB_PASSWD_FILE)
DEFINE_DYN_CONFIG_PROTO(PRIVATE_DIR)
+DEFINE_DYN_CONFIG_PROTO(BINDDNS_DIR)
DEFINE_DYN_CONFIG_PROTO(LOCALEDIR)
DEFINE_DYN_CONFIG_PROTO(NMBDSOCKETDIR)
DEFINE_DYN_CONFIG_PROTO(DATADIR)
diff --git a/dynconfig/wscript b/dynconfig/wscript
index ba0c896b90e..fee37eaaf5f 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -192,6 +192,12 @@ dynconfig = {
'OPTION': '--with-statedir',
'HELPTEXT': 'Where to put persistent state files',
},
+ 'BINDDNS_DIR' : {
+ 'STD-PATH': '${LOCALSTATEDIR}/lib',
+ 'FHS-PATH': '${LOCALSTATEDIR}/lib/samba/bind-dns',
+ 'OPTION': '--with-bind-dns-dir',
+ 'HELPTEXT': 'bind-dns config directory',
+ },
'CACHEDIR' : {
'STD-PATH': '${LOCALSTATEDIR}/cache',
'FHS-PATH': '${LOCALSTATEDIR}/cache/samba',
@@ -419,6 +425,7 @@ def build(bld):
bld.INSTALL_DIR("${LOGFILEBASE}")
bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700)
+ bld.INSTALL_DIR("${BINDDNS_DIR}", 0o770)
bld.INSTALL_DIR("${STATEDIR}")
bld.INSTALL_DIR("${CACHEDIR}")
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index a221e879d07..b91f9657f1c 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2655,6 +2655,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
/* the winbind method for domain controllers is for both RODC
auth forwarding and for trusted domains */
lpcfg_do_global_parameter(lp_ctx, "private dir", dyn_PRIVATE_DIR);
+ lpcfg_do_global_parameter(lp_ctx, "binddns dir", dyn_BINDDNS_DIR);
lpcfg_do_global_parameter(lp_ctx, "registry:HKEY_LOCAL_MACHINE", "hklm.ldb");
/* This hive should be dynamically generated by Samba using
diff --git a/lib/param/param.h b/lib/param/param.h
index 589b8906db5..680c053a6cc 100644
--- a/lib/param/param.h
+++ b/lib/param/param.h
@@ -56,6 +56,7 @@ const char **lpcfg_interfaces(struct loadparm_context *);
const char *lpcfg_realm(struct loadparm_context *);
const char *lpcfg_netbios_name(struct loadparm_context *);
const char *lpcfg_private_dir(struct loadparm_context *);
+const char *lpcfg_binddns_dir(struct loadparm_context *);
int lpcfg_server_role(struct loadparm_context *);
int lpcfg_allow_dns_updates(struct loadparm_context *);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d5b1c56e21e..42e579efcfd 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -550,6 +550,8 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
get_dyn_SMB_PASSWD_FILE());
lpcfg_string_set(Globals.ctx, &Globals.private_dir,
get_dyn_PRIVATE_DIR());
+ lpcfg_string_set(Globals.ctx, &Globals.binddns_dir,
+ get_dyn_BINDDNS_DIR());
/* use the new 'hash2' method by default, with a prefix of 1 */
lpcfg_string_set(Globals.ctx, &Globals.mangling_method, "hash2");
--
2.14.1
From f5831f9afb6c82a30226a05ce1667b348d096531 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 22 Aug 2017 17:10:01 +0200
Subject: [PATCH 07/18] s4:bind_dlz: Use the 'binddns dir' if possible
The code makes sure we are backwards compatible. It will first check if
we still have files in the private directory, if yes it will use those.
If the the file is not in the private directory it will try the binddns
dir.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 3fa7c43ef73b6582e8985bf6d82465ffded9e5db)
---
selftest/selftest.pl | 7 +++++++
selftest/target/Samba3.pm | 4 ++++
selftest/target/Samba4.pm | 4 ++++
source4/dns_server/dlz_bind9.c | 44 ++++++++++++++++++++++++++++++++++++---
source4/dsdb/dns/dns_update.c | 46 ++++++++++++++++++++++++++++++++++++++---
source4/torture/dns/dlz_bind9.c | 26 ++++++++++++++++-------
6 files changed, 117 insertions(+), 14 deletions(-)
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index b3ef65828d7..e16696ab061 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -512,6 +512,12 @@ sub write_clientconf($$$)
mkdir("$clientdir/private", 0777);
}
+ if ( -d "$clientdir/bind-dns" ) {
+ unlink <$clientdir/bind-dns/*>;
+ } else {
+ mkdir("$clientdir/bind-dns", 0777);
+ }
+
if ( -d "$clientdir/lockdir" ) {
unlink <$clientdir/lockdir/*>;
} else {
@@ -595,6 +601,7 @@ sub write_clientconf($$$)
}
print CF "
private dir = $clientdir/private
+ binddns dir = $clientdir/bind-dns
lock dir = $clientdir/lockdir
state directory = $clientdir/statedir
cache directory = $clientdir/cachedir
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 79b1a53ad2d..446f49140c5 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1334,6 +1334,9 @@ sub provision($$$$$$$$$)
my $privatedir="$prefix_abs/private";
push(@dirs,$privatedir);
+ my $binddnsdir = "$prefix_abs/bind-dns";
+ push(@dirs, $binddnsdir);
+
my $lockdir="$prefix_abs/lockdir";
push(@dirs,$lockdir);
@@ -1583,6 +1586,7 @@ sub provision($$$$$$$$$)
workgroup = $domain
private dir = $privatedir
+ binddns dir = $binddnsdir
pid directory = $piddir
lock directory = $lockdir
log file = $logdir/log.\%m
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 772f982cb9d..b08e2299113 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -467,6 +467,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
$ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache";
$ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf";
$ctx->{privatedir} = "$prefix_abs/private";
+ $ctx->{binddnsdir} = "$prefix_abs/bind-dns";
$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
$ctx->{lockdir} = "$prefix_abs/lockdir";
$ctx->{logdir} = "$prefix_abs/logs";
@@ -494,6 +495,7 @@ sub provision_raw_prepare($$$$$$$$$$$)
$ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64";
push(@{$ctx->{directories}}, $ctx->{privatedir});
+ push(@{$ctx->{directories}}, $ctx->{binddnsdir});
push(@{$ctx->{directories}}, $ctx->{etcdir});
push(@{$ctx->{directories}}, $ctx->{piddir});
push(@{$ctx->{directories}}, $ctx->{lockdir});
@@ -584,6 +586,7 @@ sub provision_raw_step1($$)
workgroup = $ctx->{domain}
realm = $ctx->{realm}
private dir = $ctx->{privatedir}
+ binddns dir = $ctx->{binddnsdir}
pid directory = $ctx->{piddir}
ncalrpc dir = $ctx->{ncalrpcdir}
lock dir = $ctx->{lockdir}
@@ -725,6 +728,7 @@ nogroup:x:65534:nobody
STATEDIR => $ctx->{statedir},
CACHEDIR => $ctx->{cachedir},
PRIVATEDIR => $ctx->{privatedir},
+ BINDDNSDIR => $ctx->{binddnsdir},
SERVERCONFFILE => $ctx->{smb_conf},
CONFIGURATION => $configuration,
SOCKET_WRAPPER_DEFAULT_IFACE => $ctx->{swiface},
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 7096f4749b2..a3f336e6def 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -682,11 +682,23 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
}
if (state->options.url == NULL) {
- state->options.url = lpcfg_private_path(state, state->lp, "dns/sam.ldb");
+ state->options.url = lpcfg_private_path(state,
+ state->lp,
+ "dns/sam.ldb");
if (state->options.url == NULL) {
result = ISC_R_NOMEMORY;
goto failed;
}
+
+ if (!file_exist(state->options.url)) {
+ state->options.url = talloc_asprintf(state,
+ "%s/dns/sam.ldb",
+ lpcfg_binddns_dir(state->lp));
+ if (state->options.url == NULL) {
+ result = ISC_R_NOMEMORY;
+ goto failed;
+ }
+ }
}
state->samdb = samdb_connect_url(state, state->ev_ctx, state->lp,
@@ -1266,6 +1278,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
DATA_BLOB ap_req;
struct cli_credentials *server_credentials;
char *keytab_name;
+ char *keytab_file = NULL;
int ret;
int ldb_ret;
NTSTATUS nt_status;
@@ -1307,8 +1320,33 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
cli_credentials_set_krb5_context(server_credentials, state->smb_krb5_ctx);
cli_credentials_set_conf(server_credentials, state->lp);
- keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s/dns.keytab",
- lpcfg_private_dir(state->lp));
+ keytab_file = talloc_asprintf(tmp_ctx,
+ "%s/dns.keytab",
+ lpcfg_private_dir(state->lp));
+ if (keytab_file == NULL) {
+ state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+ talloc_free(tmp_ctx);
+ return ISC_FALSE;
+ }
+
+ if (!file_exist(keytab_file)) {
+ keytab_file = talloc_asprintf(tmp_ctx,
+ "%s/dns.keytab",
+ lpcfg_binddns_dir(state->lp));
+ if (keytab_file == NULL) {
+ state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+ talloc_free(tmp_ctx);
+ return ISC_FALSE;
+ }
+ }
+
+ keytab_name = talloc_asprintf(tmp_ctx, "FILE:%s", keytab_file);
+ if (keytab_name == NULL) {
+ state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
+ talloc_free(tmp_ctx);
+ return ISC_FALSE;
+ }
+
ret = cli_credentials_set_keytab_name(server_credentials, state->lp, keytab_name,
CRED_SPECIFIED);
if (ret != 0) {
diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c
index f74256d95ea..ba8431a3d1d 100644
--- a/source4/dsdb/dns/dns_update.c
+++ b/source4/dsdb/dns/dns_update.c
@@ -170,16 +170,56 @@ static void dnsupdate_rebuild(struct dnsupdate_service *service)
path = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "path");
if (path == NULL) {
- path = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update");
+ path = lpcfg_private_path(tmp_ctx,
+ service->task->lp_ctx,
+ "named.conf.update");
+ if (path == NULL) {
+ DBG_ERR("Out of memory!");
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ /*
+ * If the file doesn't exist, we provisioned in a the new
+ * bind-dns directory
+ */
+ if (!file_exist(path)) {
+ path = talloc_asprintf(tmp_ctx,
+ "%s/named.conf.update",
+ lpcfg_binddns_dir(service->task->lp_ctx));
+ if (path == NULL) {
+ DBG_ERR("Out of memory!");
+ talloc_free(tmp_ctx);
+ return;
+ }
+ }
}
path_static = lpcfg_parm_string(service->task->lp_ctx, NULL, "dnsupdate", "extra_static_grant_rules");
if (path_static == NULL) {
- path_static = lpcfg_private_path(tmp_ctx, service->task->lp_ctx, "named.conf.update.static");
+ path_static = lpcfg_private_path(tmp_ctx,
+ service->task->lp_ctx,
+ "named.conf.update.static");
+ if (path_static == NULL) {
+ DBG_ERR("Out of memory!");
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ if (!file_exist(path_static)) {
+ path_static = talloc_asprintf(tmp_ctx,
+ "%s/named.conf.update.static",
+ lpcfg_binddns_dir(service->task->lp_ctx));
+ if (path_static == NULL) {
+ DBG_ERR("Out of memory!");
+ talloc_free(tmp_ctx);
+ return;
+ }
+ }
}
tmp_path = talloc_asprintf(tmp_ctx, "%s.tmp", path);
- if (path == NULL || tmp_path == NULL || path_static == NULL ) {
+ if (tmp_path == NULL) {
DEBUG(0,(__location__ ": Unable to get paths\n"));
talloc_free(tmp_ctx);
return;
diff --git a/source4/torture/dns/dlz_bind9.c b/source4/torture/dns/dlz_bind9.c
index c29f26802f5..893158fa730 100644
--- a/source4/torture/dns/dlz_bind9.c
+++ b/source4/torture/dns/dlz_bind9.c
@@ -19,7 +19,7 @@
#include "includes.h"
#include "torture/smbtorture.h"
-#include "dlz_minimal.h"
+#include "dns_server/dlz_minimal.h"
#include <talloc.h>
#include <ldb.h>
#include "lib/param/param.h"
@@ -54,13 +54,22 @@ static bool test_dlz_bind9_version(struct torture_context *tctx)
return true;
}
+static char *test_dlz_bind9_binddns_dir(struct torture_context *tctx,
+ const char *file)
+{
+ return talloc_asprintf(tctx,
+ "%s/%s",
+ lpcfg_binddns_dir(tctx->lp_ctx),
+ file);
+}
+
static bool test_dlz_bind9_create(struct torture_context *tctx)
{
void *dbdata;
const char *argv[] = {
"samba_dlz",
"-H",
- lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
NULL
};
tctx_static = tctx;
@@ -79,7 +88,8 @@ static isc_result_t dlz_bind9_writeable_zone_hook(dns_view_t *view,
struct torture_context *tctx = talloc_get_type((void *)view, struct torture_context);
struct ldb_context *samdb = samdb_connect_url(tctx, NULL, tctx->lp_ctx,
system_session(tctx->lp_ctx),
- 0, lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"));
+ 0,
+ test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"));
struct ldb_message *msg;
int ret;
const char *attrs[] = {
@@ -108,7 +118,7 @@ static bool test_dlz_bind9_configure(struct torture_context *tctx)
const char *argv[] = {
"samba_dlz",
"-H",
- lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
NULL
};
tctx_static = tctx;
@@ -143,7 +153,7 @@ static bool test_dlz_bind9_gensec(struct torture_context *tctx, const char *mech
const char *argv[] = {
"samba_dlz",
"-H",
- lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
NULL
};
tctx_static = tctx;
@@ -323,7 +333,7 @@ static bool test_dlz_bind9_lookup(struct torture_context *tctx)
const char *argv[] = {
"samba_dlz",
"-H",
- lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
NULL
};
struct test_expected_rr *expected1 = NULL;
@@ -448,7 +458,7 @@ static bool test_dlz_bind9_zonedump(struct torture_context *tctx)
const char *argv[] = {
"samba_dlz",
"-H",
- lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
NULL
};
struct test_expected_rr *expected1 = NULL;
@@ -560,7 +570,7 @@ static bool test_dlz_bind9_update01(struct torture_context *tctx)
const char *argv[] = {
"samba_dlz",
"-H",
- lpcfg_private_path(tctx, tctx->lp_ctx, "dns/sam.ldb"),
+ test_dlz_bind9_binddns_dir(tctx, "dns/sam.ldb"),
NULL
};
struct test_expected_rr *expected1 = NULL;
--
2.14.1
From 025ab90445903832c576d083997074e6c790638c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Aug 2017 15:37:54 +0200
Subject: [PATCH 08/18] python:samba: Use 'binddns dir' in samba-tool and
samba_upgradedns
This provisions the bind_dlz files in the 'binddns dir'. If you want to
migrate to the new files strcuture you can run samba_upgradedns!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 8f2dee256e281c438105689b073f09685f161b16)
---
python/samba/provision/__init__.py | 72 ++++++++++++++++------
python/samba/provision/sambadns.py | 19 +++---
python/samba/tests/provision.py | 2 +
source4/scripting/bin/samba_upgradedns | 39 +++++++++---
source4/scripting/bin/samba_upgradeprovision | 16 ++---
wintest/wintest.py | 6 +-
12 files changed, 121 insertions(+), 55 deletions(-)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 91d2105929c..f820f6ab675 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -27,6 +27,7 @@
__docformat__ = "restructuredText"
from base64 import b64encode
+import errno
import os
import re
import pwd
@@ -145,6 +146,7 @@ class ProvisionPaths(object):
self.dns = None
self.winsdb = None
self.private_dir = None
+ self.binddns_dir = None
self.state_dir = None
@@ -531,6 +533,7 @@ def provision_paths_from_lp(lp, dnsdomain):
"""
paths = ProvisionPaths()
paths.private_dir = lp.get("private dir")
+ paths.binddns_dir = lp.get("binddns dir")
paths.state_dir = lp.get("state directory")
# This is stored without path prefix for the "privateKeytab" attribute in
@@ -543,16 +546,18 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.idmapdb = os.path.join(paths.private_dir, "idmap.ldb")
paths.secrets = os.path.join(paths.private_dir, "secrets.ldb")
paths.privilege = os.path.join(paths.private_dir, "privilege.ldb")
- paths.dns = os.path.join(paths.private_dir, "dns", dnsdomain + ".zone")
paths.dns_update_list = os.path.join(paths.private_dir, "dns_update_list")
paths.spn_update_list = os.path.join(paths.private_dir, "spn_update_list")
- paths.namedconf = os.path.join(paths.private_dir, "named.conf")
- paths.namedconf_update = os.path.join(paths.private_dir, "named.conf.update")
- paths.namedtxt = os.path.join(paths.private_dir, "named.txt")
paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
paths.kdcconf = os.path.join(paths.private_dir, "kdc.conf")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
+
+ paths.dns = os.path.join(paths.binddns_dir, "dns", dnsdomain + ".zone")
+ paths.namedconf = os.path.join(paths.binddns_dir, "named.conf")
+ paths.namedconf_update = os.path.join(paths.binddns_dir, "named.conf.update")
+ paths.namedtxt = os.path.join(paths.binddns_dir, "named.txt")
+
paths.hklm = "hklm.ldb"
paths.hkcr = "hkcr.ldb"
paths.hkcu = "hkcu.ldb"
@@ -945,6 +950,10 @@ def setup_secretsdb(paths, session_info, backend_credentials, lp):
if os.path.exists(keytab_path):
os.unlink(keytab_path)
+ bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+ if os.path.exists(bind_dns_keytab_path):
+ os.unlink(bind_dns_keytab_path)
+
dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
if os.path.exists(dns_keytab_path):
os.unlink(dns_keytab_path)
@@ -1928,6 +1937,15 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
else:
samdb.transaction_commit()
+def directory_create_or_exists(path, mode=0o755):
+ if not os.path.exists(path):
+ try:
+ os.mkdir(path, mode)
+ except OSError as e:
+ if e.errno in [errno.EEXIST]:
+ pass
+ else:
+ raise ProvisioningError("Failed to create directory %s: %s" % (path, e.strerror))
def provision(logger, session_info, smbconf=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
@@ -2064,12 +2082,10 @@ def provision(logger, session_info, smbconf=None,
if serverrole is None:
serverrole = lp.get("server role")
- if not os.path.exists(paths.private_dir):
- os.mkdir(paths.private_dir, 0o700)
- if not os.path.exists(os.path.join(paths.private_dir, "tls")):
- os.makedirs(os.path.join(paths.private_dir, "tls"), 0700)
- if not os.path.exists(paths.state_dir):
- os.mkdir(paths.state_dir)
+ directory_create_or_exists(paths.private_dir, 0o700)
+ directory_create_or_exists(paths.binddns_dir, 0o770)
+ directory_create_or_exists(os.path.join(paths.private_dir, "tls"))
+ directory_create_or_exists(paths.state_dir)
if paths.sysvol and not os.path.exists(paths.sysvol):
os.makedirs(paths.sysvol, 0775)
@@ -2198,16 +2214,34 @@ def provision(logger, session_info, smbconf=None,
# Now commit the secrets.ldb to disk
secrets_ldb.transaction_commit()
- # the commit creates the dns.keytab, now chown it
- dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
- if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
+ # the commit creates the dns.keytab in the private directory
+ private_dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+
+ if os.path.isfile(private_dns_keytab_path):
+ if os.path.isfile(bind_dns_keytab_path):
+ try:
+ os.unlink(bind_dns_keytab_path)
+ except OSError as e:
+ logger.error("Failed to remove %s: %s" %
+ (bind_dns_keytab_path, e.strerror))
+
+ # link the dns.keytab to the bind-dns directory
try:
- os.chmod(dns_keytab_path, 0640)
- os.chown(dns_keytab_path, -1, paths.bind_gid)
- except OSError:
- if not os.environ.has_key('SAMBA_SELFTEST'):
- logger.info("Failed to chown %s to bind gid %u",
- dns_keytab_path, paths.bind_gid)
+ os.link(private_dns_keytab_path, bind_dns_keytab_path)
+ except OSError as e:
+ logger.error("Failed to create link %s -> %s: %s" %
+ (private_dns_keytab_path, bind_dns_keytab_path, e.strerror))
+
+ # chown the dns.keytab in the bind-dns directory
+ if paths.bind_gid is not None:
+ try:
+ os.chmod(bind_dns_keytab_path, 0640)
+ os.chown(bind_dns_keytab_path, -1, paths.bind_gid)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u",
+ bind_dns_keytab_path, paths.bind_gid)
result = ProvisionResult()
result.server_role = serverrole
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index dcb19c7053c..d4cb93a89ea 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -649,7 +649,7 @@ def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
fqdn_hostname)
-def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
+def secretsdb_setup_dns(secretsdb, names, private_dir, binddns_dir, realm,
dnsdomain, dns_keytab_path, dnspass, key_version_number):
"""Add DNS specific bits to a secrets database.
@@ -659,12 +659,15 @@ def secretsdb_setup_dns(secretsdb, names, private_dir, realm,
"""
try:
os.unlink(os.path.join(private_dir, dns_keytab_path))
+ os.unlink(os.path.join(binddns_dir, dns_keytab_path))
except OSError:
pass
if key_version_number is None:
key_version_number = 1
+ # This will create the dns.keytab file in the private_dir when it is
+ # commited!
setup_ldb(secretsdb, setup_path("secrets_dns.ldif"), {
"REALM": realm,
"DNSDOMAIN": dnsdomain,
@@ -954,7 +957,7 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
})
-def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
+def create_named_txt(path, realm, dnsdomain, dnsname, binddns_dir,
keytab_name):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
@@ -962,7 +965,7 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
:param path: Path of the new named.conf file.
:param realm: Realm name
:param dnsdomain: DNS Domain name
- :param private_dir: Path to private directory
+ :param binddns_dir: Path to bind dns directory
:param keytab_name: File name of DNS keytab file
"""
setup_file(setup_path("named.txt"), path, {
@@ -970,8 +973,8 @@ def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
"DNSNAME" : dnsname,
"REALM": realm,
"DNS_KEYTAB": keytab_name,
- "DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
- "PRIVATE_DIR": private_dir
+ "DNS_KEYTAB_ABS": os.path.join(binddns_dir, keytab_name),
+ "PRIVATE_DIR": binddns_dir
})
@@ -1194,7 +1197,9 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
domainguid = get_domainguid(samdb, domaindn)
secretsdb_setup_dns(secretsdb, names,
- paths.private_dir, realm=names.realm,
+ paths.private_dir,
+ paths.binddns_dir,
+ realm=names.realm,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
key_version_number=key_version_number)
@@ -1218,7 +1223,7 @@ def setup_bind9_dns(samdb, secretsdb, names, paths, lp, logger,
create_named_txt(paths.namedtxt,
realm=names.realm, dnsdomain=names.dnsdomain,
dnsname = "%s.%s" % (names.hostname, names.dnsdomain),
- private_dir=paths.private_dir,
+ binddns_dir=paths.binddns_dir,
keytab_name=paths.dns_keytab)
logger.info("See %s for an example configuration include file for BIND",
paths.namedconf)
diff --git a/python/samba/tests/provision.py b/python/samba/tests/provision.py
index 11b0135f473..bada14f5936 100644
--- a/python/samba/tests/provision.py
+++ b/python/samba/tests/provision.py
@@ -42,6 +42,7 @@ def create_dummy_secretsdb(path, lp=None):
paths = ProvisionPaths()
paths.secrets = path
paths.private_dir = os.path.dirname(path)
+ paths.binddns_dir = os.path.dirname(path)
paths.keytab = "no.keytab"
paths.dns_keytab = "no.dns.keytab"
secrets_ldb = setup_secretsdb(paths, None, None, lp=lp)
@@ -59,6 +60,7 @@ class ProvisionTestCase(samba.tests.TestCaseInTempDir):
secrets_tdb_path = os.path.join(self.tempdir, "secrets.tdb")
paths.secrets = path
paths.private_dir = os.path.dirname(path)
+ paths.binddns_dir = os.path.dirname(path)
paths.keytab = "no.keytab"
paths.dns_keytab = "no.dns.keytab"
ldb = setup_secretsdb(paths, None, None, lp=env_loadparm())
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index d00b67daca1..231e05fca9a 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -446,7 +446,7 @@ if __name__ == '__main__':
dns_key_version_number = None
secretsdb_setup_dns(ldbs.secrets, names,
- paths.private_dir, realm=names.realm,
+ paths.private_dir, paths.binddns_dir, realm=names.realm,
dnsdomain=names.dnsdomain,
dns_keytab_path=paths.dns_keytab, dnspass=dnspass,
key_version_number=dns_key_version_number)
@@ -454,15 +454,34 @@ if __name__ == '__main__':
else:
logger.info("dns-%s account already exists" % hostname)
- dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
- if os.path.isfile(dns_keytab_path) and paths.bind_gid is not None:
+ private_dns_keytab_path = os.path.join(paths.private_dir, paths.dns_keytab)
+ bind_dns_keytab_path = os.path.join(paths.binddns_dir, paths.dns_keytab)
+
+ if os.path.isfile(private_dns_keytab_path):
+ if os.path.isfile(bind_dns_keytab_path):
+ try:
+ os.unlink(bind_dns_keytab_path)
+ except OSError as e:
+ logger.error("Failed to remove %s: %s" %
+ (bind_dns_keytab_path, e.strerror))
+
+ # link the dns.keytab to the bind-dns directory
try:
- os.chmod(dns_keytab_path, 0640)
- os.chown(dns_keytab_path, -1, paths.bind_gid)
- except OSError:
- if not os.environ.has_key('SAMBA_SELFTEST'):
- logger.info("Failed to chown %s to bind gid %u",
- dns_keytab_path, paths.bind_gid)
+ os.link(private_dns_keytab_path, bind_dns_keytab_path)
+ except OSError as e:
+ logger.error("Failed to create link %s -> %s: %s" %
+ (private_dns_keytab_path, bind_dns_keytab_path, e.strerror))
+
+ # chown the dns.keytab in the bind-dns directory
+ if paths.bind_gid is not None:
+ try:
+ os.chmod(bind_dns_keytab_path, 0640)
+ os.chown(bind_dns_keytab_path, -1, paths.bind_gid)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u",
+ bind_dns_keytab_path, paths.bind_gid)
+
# This forces a re-creation of dns directory and all the files within
# It's an overkill, but it's easier to re-create a samdb copy, rather
@@ -476,7 +495,7 @@ if __name__ == '__main__':
create_named_conf(paths, names.realm, dnsdomain, opts.dns_backend, logger)
create_named_txt(paths.namedtxt, names.realm, dnsdomain, dnsname,
- paths.private_dir, paths.dns_keytab)
+ paths.binddns_dir, paths.dns_keytab)
logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
logger.info("and %s for further documentation required for secure DNS "
"updates", paths.namedtxt)
diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision
index 99e97b7f28f..d11175314c6 100755
--- a/source4/scripting/bin/samba_upgradeprovision
+++ b/source4/scripting/bin/samba_upgradeprovision
@@ -207,7 +207,7 @@ creds.set_kerberos_state(DONT_USE_KERBEROS)
-def check_for_DNS(refprivate, private, dns_backend):
+def check_for_DNS(refprivate, private, refbinddns_dir, binddns_dir, dns_backend):
"""Check if the provision has already the requirement for dynamic dns
:param refprivate: The path to the private directory of the reference
@@ -229,17 +229,17 @@ def check_for_DNS(refprivate, private, dns_backend):
namedfile = lp.get("dnsupdate:path")
if not namedfile:
- namedfile = "%s/named.conf.update" % private
+ namedfile = "%s/named.conf.update" % binddns_dir
if not os.path.exists(namedfile):
- destdir = "%s/new_dns" % private
- dnsdir = "%s/dns" % private
+ destdir = "%s/new_dns" % binddns_dir
+ dnsdir = "%s/dns" % binddns_dir
if not os.path.exists(destdir):
os.mkdir(destdir)
if not os.path.exists(dnsdir):
os.mkdir(dnsdir)
- shutil.copy("%s/named.conf" % refprivate, "%s/named.conf" % destdir)
- shutil.copy("%s/named.txt" % refprivate, "%s/named.txt" % destdir)
+ shutil.copy("%s/named.conf" % refbinddns_dir, "%s/named.conf" % destdir)
+ shutil.copy("%s/named.txt" % refbinddns_dir, "%s/named.txt" % destdir)
message(SIMPLE, "It seems that your provision did not integrate "
"new rules for dynamic dns update of domain related entries")
message(SIMPLE, "A copy of the new bind configuration files and "
@@ -1793,7 +1793,9 @@ if __name__ == '__main__':
# 20)
updateOEMInfo(ldbs.sam, str(names.rootdn))
# 21)
- check_for_DNS(newpaths.private_dir, paths.private_dir, names.dns_backend)
+ check_for_DNS(newpaths.private_dir, paths.private_dir,
+ newpaths.binddns_dir, paths.binddns_dir,
+ names.dns_backend)
# 22)
update_provision_usn(ldbs.sam, minUSN, maxUSN, names.invocation)
if opts.full and (names.policyid is None or names.policyid_dc is None):
diff --git a/wintest/wintest.py b/wintest/wintest.py
index 3493df4e457..4fe35e3481a 100644
--- a/wintest/wintest.py
+++ b/wintest/wintest.py
@@ -341,15 +341,15 @@ nameserver %s
elif self.getvar('NAMESERVER_BACKEND') != 'SAMBA_INTERNAL':
if self.named_supports_gssapi_keytab():
self.setvar("NAMED_TKEY_OPTION",
- 'tkey-gssapi-keytab "${PREFIX}/private/dns.keytab";')
+ 'tkey-gssapi-keytab "${PREFIX}/bind-dns/dns.keytab";')
else:
self.info("LCREALM=${LCREALM}")
self.setvar("NAMED_TKEY_OPTION",
'''tkey-gssapi-credential "DNS/${LCREALM}";
tkey-domain "${LCREALM}";
''')
- self.putenv('KEYTAB_FILE', '${PREFIX}/private/dns.keytab')
- self.putenv('KRB5_KTNAME', '${PREFIX}/private/dns.keytab')
+ self.putenv('KEYTAB_FILE', '${PREFIX}/bind-dns/dns.keytab')
+ self.putenv('KRB5_KTNAME', '${PREFIX}/bind-dns/dns.keytab')
else:
self.setvar("NAMED_TKEY_OPTION", "")
--
2.14.1
From 7e823e42887aa5e87a06316c61bb086ce8e01ed9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 23 Aug 2017 15:36:23 +0200
Subject: [PATCH 09/18] python:samba: Add code to remove obsolete files in the
private dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 6 03:54:19 CEST 2017 on sn-devel-144
(cherry picked from commit 2d0e13837d8c6fab3fb296aafcabdf2a2973b96d)
---
source4/scripting/bin/samba_upgradedns | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 231e05fca9a..2582da0f6bc 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -20,6 +20,7 @@
import sys
import os
+import errno
import optparse
import logging
import grp
@@ -209,6 +210,36 @@ def import_zone_data(samdb, logger, zone, serial, domaindn, forestdn,
raise
logger.debug("Added DNS record %s" % (fqdn))
+def cleanup_remove_file(file_path):
+ try:
+ os.remove(file_path)
+ except OSError as e:
+ if e.errno not in [errno.EEXIST, errno.ENOENT]:
+ pass
+ else:
+ logger.debug("Could not remove %s: %s" % (file_path, e.strerror))
+
+def cleanup_remove_dir(dir_path):
+ try:
+ for root, dirs, files in os.walk(dir_path, topdown=False):
+ for name in files:
+ os.remove(os.path.join(root, name))
+ for name in dirs:
+ os.rmdir(os.path.join(root, name))
+ os.rmdir(dir_path)
+ except OSError as e:
+ if e.errno not in [errno.EEXIST, errno.ENOENT]:
+ pass
+ else:
+ logger.debug("Could not delete dir %s: %s" % (dir_path, e.strerror))
+
+def cleanup_obsolete_dns_files(paths):
+ cleanup_remove_file(os.path.join(paths.private_dir, "named.conf"))
+ cleanup_remove_file(os.path.join(paths.private_dir, "named.conf.update"))
+ cleanup_remove_file(os.path.join(paths.private_dir, "named.txt"))
+
+ cleanup_remove_dir(os.path.join(paths.private_dir, "dns"))
+
# dnsprovision creates application partitions for AD based DNS mainly if the existing
# provision was created using earlier snapshots of samba4 which did not have support
@@ -496,6 +527,9 @@ if __name__ == '__main__':
create_named_txt(paths.namedtxt, names.realm, dnsdomain, dnsname,
paths.binddns_dir, paths.dns_keytab)
+
+ cleanup_obsolete_dns_files(paths)
+
logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
logger.info("and %s for further documentation required for secure DNS "
"updates", paths.namedtxt)
--
2.14.1
From b3aecc64d2637bcf67cf4b277eb58b1db76d21c3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 5 Sep 2017 14:18:44 +0200
Subject: [PATCH 10/18] wafsamba: Do not chmod already existing dirs on install
This might break backward compatibility.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
buildtools/wafsamba/wafsamba.py | 2 --
1 file changed, 2 deletions(-)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index 57913af2bd7..f91adca1a0c 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -900,8 +900,6 @@ def INSTALL_DIR(bld, path, chmod=0o755):
except OSError, e:
if not os.path.isdir(path):
raise Utils.WafError("Cannot create the folder '%s' (error: %s)" % (path, e))
- else:
- os.chmod(path, chmod)
Build.BuildContext.INSTALL_DIR = INSTALL_DIR
def INSTALL_DIRS(bld, destdir, dirs, chmod=0o755):
--
2.14.1
From cb5e5e770dc50469d0f68594ea46c569fbbb396b Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 5 Sep 2017 20:36:47 +0200
Subject: [PATCH 11/18] samba:provision: Give a hint to copy the krb5.conf and
not symlink it
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
python/samba/provision/__init__.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index f820f6ab675..8a8c033105f 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -2200,6 +2200,9 @@ def provision(logger, session_info, smbconf=None,
realm=names.realm)
logger.info("A Kerberos configuration suitable for Samba AD has been "
"generated at %s", paths.krb5conf)
+ logger.info("Merge the contents of this file with your system "
+ "krb5.conf or replace it with this one. Do not create a "
+ "symlink!")
if serverrole == "active directory domain controller":
create_dns_update_list(lp, logger, paths)
--
2.14.1
From c852efa1f09ff45b333effacfd2b26a9b2b77694 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Thu, 10 Aug 2017 15:04:08 +0200
Subject: [PATCH 12/18] dynconfig: Fix location of the default 'binddns dir'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
dynconfig/wscript | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/dynconfig/wscript b/dynconfig/wscript
index fee37eaaf5f..54977e42bd4 100644
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -174,6 +174,12 @@ dynconfig = {
'OPTION': '--with-privatedir',
'HELPTEXT': 'Where to put sam.ldb and other private files',
},
+ 'BINDDNS_DIR' : {
+ 'STD-PATH': '${PREFIX}/bind-dns',
+ 'FHS-PATH': '${LOCALSTATEDIR}/lib/samba/bind-dns',
+ 'OPTION': '--with-bind-dns-dir',
+ 'HELPTEXT': 'bind-dns config directory',
+ },
'LOCKDIR' : {
'STD-PATH': '${LOCALSTATEDIR}/lock',
'FHS-PATH': '${LOCALSTATEDIR}/lock/samba',
@@ -192,12 +198,6 @@ dynconfig = {
'OPTION': '--with-statedir',
'HELPTEXT': 'Where to put persistent state files',
},
- 'BINDDNS_DIR' : {
- 'STD-PATH': '${LOCALSTATEDIR}/lib',
- 'FHS-PATH': '${LOCALSTATEDIR}/lib/samba/bind-dns',
- 'OPTION': '--with-bind-dns-dir',
- 'HELPTEXT': 'bind-dns config directory',
- },
'CACHEDIR' : {
'STD-PATH': '${LOCALSTATEDIR}/cache',
'FHS-PATH': '${LOCALSTATEDIR}/cache/samba',
--
2.14.1
From a671df22ac82a33eea6bdf88eee5e8a703ada831 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 22 Aug 2017 17:10:01 +0200
Subject: [PATCH 13/18] s4:bind_dlz: Try the 'binddns dir' first
The directory is normally empty if you did not provision or call
samba_upgradedns for the bind_dlz module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source4/dns_server/dlz_bind9.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index a3f336e6def..8d6385af154 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -682,9 +682,9 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
}
if (state->options.url == NULL) {
- state->options.url = lpcfg_private_path(state,
- state->lp,
- "dns/sam.ldb");
+ state->options.url = talloc_asprintf(state,
+ "%s/dns/sam.ldb",
+ lpcfg_binddns_dir(state->lp));
if (state->options.url == NULL) {
result = ISC_R_NOMEMORY;
goto failed;
@@ -693,7 +693,7 @@ _PUBLIC_ isc_result_t dlz_create(const char *dlzname,
if (!file_exist(state->options.url)) {
state->options.url = talloc_asprintf(state,
"%s/dns/sam.ldb",
- lpcfg_binddns_dir(state->lp));
+ lpcfg_private_dir(state->lp));
if (state->options.url == NULL) {
result = ISC_R_NOMEMORY;
goto failed;
@@ -1322,7 +1322,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
keytab_file = talloc_asprintf(tmp_ctx,
"%s/dns.keytab",
- lpcfg_private_dir(state->lp));
+ lpcfg_binddns_dir(state->lp));
if (keytab_file == NULL) {
state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
talloc_free(tmp_ctx);
@@ -1332,7 +1332,7 @@ _PUBLIC_ isc_boolean_t dlz_ssumatch(const char *signer, const char *name, const
if (!file_exist(keytab_file)) {
keytab_file = talloc_asprintf(tmp_ctx,
"%s/dns.keytab",
- lpcfg_binddns_dir(state->lp));
+ lpcfg_private_dir(state->lp));
if (keytab_file == NULL) {
state->log(ISC_LOG_ERROR, "samba_dlz: Out of memory!");
talloc_free(tmp_ctx);
--
2.14.1
From bce7681c6525654df5b896299de5270d96e33305 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 6 Sep 2017 07:23:57 +0200
Subject: [PATCH 14/18] python:provision: Change the group of the 'binddns dir'
too
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
python/samba/provision/__init__.py | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 8a8c033105f..07c24795477 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -2238,6 +2238,14 @@ def provision(logger, session_info, smbconf=None,
# chown the dns.keytab in the bind-dns directory
if paths.bind_gid is not None:
+ try:
+ os.chmod(paths.binddns_dir, 0770)
+ os.chown(paths.binddns_dir, -1, paths.bind_gid)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u",
+ paths.binddns_dir, paths.bind_gid)
+
try:
os.chmod(bind_dns_keytab_path, 0640)
os.chown(bind_dns_keytab_path, -1, paths.bind_gid)
--
2.14.1
From 2e6d5ee84e1199bf2b34ffa0c0db488a5f025bb1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 6 Sep 2017 07:25:04 +0200
Subject: [PATCH 15/18] python:provision: Do not change the owner of the
sam.ldb.d dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
python/samba/provision/sambadns.py | 3 ---
1 file changed, 3 deletions(-)
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index d4cb93a89ea..c95583162e7 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -864,9 +864,6 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
# Give bind read/write permissions dns partitions
if paths.bind_gid is not None:
try:
- os.chown(samldb_dir, -1, paths.bind_gid)
- os.chmod(samldb_dir, 0750)
-
for dirname, dirs, files in os.walk(dns_dir):
for d in dirs:
dpath = os.path.join(dirname, d)
--
2.14.1
From 20edd750566c9cfa1adb062dcdb4306f48e596fe Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 6 Sep 2017 10:06:40 +0200
Subject: [PATCH 16/18] samba_upgradedns: Change the group of the 'binddns dir'
too
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source4/scripting/bin/samba_upgradedns | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 2582da0f6bc..db3ef5c6d65 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -505,6 +505,13 @@ if __name__ == '__main__':
# chown the dns.keytab in the bind-dns directory
if paths.bind_gid is not None:
+ try:
+ os.chmod(paths.binddns_dir, 0o770)
+ os.chown(paths.binddns_dir, -1, paths.bind_gid)
+ except OSError:
+ if not os.environ.has_key('SAMBA_SELFTEST'):
+ logger.info("Failed to chown %s to bind gid %u",
+ paths.binddns_dir, paths.bind_gid)
try:
os.chmod(bind_dns_keytab_path, 0640)
os.chown(bind_dns_keytab_path, -1, paths.bind_gid)
--
2.14.1
From aeb32269b20cad8c8983b0530b60bc6ac182e274 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 6 Sep 2017 07:25:40 +0200
Subject: [PATCH 17/18] samba_upgradedns: Print better hints after we migrated
the config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source4/scripting/bin/samba_upgradedns | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index db3ef5c6d65..3369bcfed93 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -442,6 +442,12 @@ if __name__ == '__main__':
# Special stuff for DLZ backend
if opts.dns_backend == "BIND9_DLZ":
+ config_migration = False
+
+ if (paths.private_dir != paths.binddns_dir and
+ os.path.isfile(os.path.join(paths.private_dir, "named.conf"))):
+ config_migration = True
+
# Check if dns-HOSTNAME account exists and create it if required
secrets_msgs = ldbs.secrets.search(expression='(samAccountName=dns-%s)' % hostname, attrs=['secret'])
msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
@@ -537,9 +543,15 @@ if __name__ == '__main__':
cleanup_obsolete_dns_files(paths)
- logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
- logger.info("and %s for further documentation required for secure DNS "
- "updates", paths.namedtxt)
+ if config_migration:
+ logger.info("ATTENTION: The BIND configuration and keytab has been moved to: %s",
+ paths.binddns_dir)
+ logger.info(" Please update your BIND configuration accordingly.")
+ else:
+ logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
+ logger.info("and %s for further documentation required for secure DNS "
+ "updates", paths.namedtxt)
+
elif opts.dns_backend == "SAMBA_INTERNAL":
# Check if dns-HOSTNAME account exists and delete it if required
try:
--
2.14.1
From 89e3be296c1ca88b01b2efe80ba70398ffc0f3b7 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 5 Sep 2017 11:47:27 +0200
Subject: [PATCH 18/18] samba_upgradedns: When we setup the internal dns
cleanup bind-dns dir
Make sure to remove everything from the bind-dns directory to avoid
possible security issues with the named group having write access to all
AD partions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957
Signed-off-by: Andreas Schneider <asn@samba.org>
---
source4/scripting/bin/samba_upgradedns | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns
index 3369bcfed93..261d8a1922d 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -553,6 +553,23 @@ if __name__ == '__main__':
"updates", paths.namedtxt)
elif opts.dns_backend == "SAMBA_INTERNAL":
+ # Make sure to remove everything from the bind-dns directory to avoid
+ # possible security issues with the named group having write access
+ # to all AD partions
+ cleanup_remove_file(os.path.join(paths.binddns_dir, "dns.keytab"))
+ cleanup_remove_file(os.path.join(paths.binddns_dir, "named.conf"))
+ cleanup_remove_file(os.path.join(paths.binddns_dir, "named.conf.update"))
+ cleanup_remove_file(os.path.join(paths.binddns_dir, "named.txt"))
+
+ cleanup_remove_dir(os.path.dirname(paths.dns))
+
+ try:
+ os.chmod(paths.private_dir, 0o700)
+ os.chown(paths.private_dir, -1, 0)
+ except:
+ logger.warn("Failed to restore owner and permissions for %s",
+ (paths.private_dir))
+
# Check if dns-HOSTNAME account exists and delete it if required
try:
dn_str = 'samAccountName=dns-%s,CN=Principals' % hostname
--
2.14.1
From ed83927e4c3eb1052b5d0ca505b721d7d58e8ee8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 12 Sep 2017 15:56:44 +0200
Subject: [PATCH] wafsamba: We need to honor DESTDIR in INSTALL_DIR
Signed-off-by: Andreas Schneider <asn@samba.org>
---
buildtools/wafsamba/wafsamba.py | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index f91adca1a0c..3588292c3b4 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -885,20 +885,21 @@ def INSTALL_WILDCARD(bld, destdir, pattern, chmod=MODE_644, flat=False,
python_fixup=python_fixup, base_name=trim_path)
Build.BuildContext.INSTALL_WILDCARD = INSTALL_WILDCARD
-def INSTALL_DIR(bld, path, chmod=0o755):
+def INSTALL_DIR(bld, path, chmod=0o755, env=None):
"""Install a directory if it doesn't exist, always set permissions."""
if not path:
return []
+ destpath = bld.get_install_path(path, env)
+
if bld.is_install > 0:
- path = bld.EXPAND_VARIABLES(path)
- if not os.path.isdir(path):
+ if not os.path.isdir(destpath):
try:
- os.makedirs(path)
- os.chmod(path, chmod)
+ os.makedirs(destpath)
+ os.chmod(destpath, chmod)
except OSError, e:
- if not os.path.isdir(path):
+ if not os.path.isdir(destpath):
raise Utils.WafError("Cannot create the folder '%s' (error: %s)" % (path, e))
Build.BuildContext.INSTALL_DIR = INSTALL_DIR
--
2.14.1
Reference in New Issue View Git Blame Copy Permalink