The branch, v4-14-stable has been updated
via 3b1235240f3 VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc2 release.
via c07d538a4bc WHATSNEW: Add release notes for Samba 4.14.0rc2.
via df0dd2ae007 s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon
struct when temporarily swapping out a connection on a cli_state.
via b6a9277beae s3: torture: Change the SMB1-only UID-REGRESSION-TEST
to do an explicit copy of the tcon struct in use.
via b6183a479ca s3: smbtorture3: Ensure run_tcon_test() always replaces
any saved tcon and shuts down correctly even in error paths.
via 55294ccdeca s3: smbtorture3: Ensure we *always* replace the saved
saved_tcon even in an error condition.
via 7125792f0e1 s3: libsmb: Ensure we disconnect the temporary SMB1
tcon pointer on failure to set up encryption.
via 42f41c5ca5e s3: tests: Add regression test for bug 13992.
via eac2d1504b7 s3:smbd: Fix invalid memory access in
posix_sys_acl_blob_get_fd()
via cc1568be4d4 script/autobuild.py: let cleanup() ignore errors from
rmdir_force() by default
via c933135969b script/autobuild.py: split out a rmdir_force() helper
function
via c1a4cb97d1d selftest: make/use a copy of GNUPGHOME
via 81b36b389cb s4:selftest: use plansmbtorture4testsuite() for
'rpc.echo'
via 3eba14718dd s3:selftest: run test_smbclient_tarmode.pl with a fixed
subdirectory name
via f1c7967b568 selftest/Samba4: allow get_cmd_env_vars() to take an
overwrite dictionary
via 85800df9035 selftest/Samba4: correctly pass KRB5CCNAME to provision
via 9d5f5e821cb selftest/Samba4: make more use of get_cmd_env_vars()
via 56c2c0f651e selftest:Samba4: avoid File::Path 'make_path' in
setup_dns_hub_internal()
via f480161b754 selftest: allow a prefix under /m/username/
via 9fed2749c03 Makefile: add support for 'make testonly'
via 99673b77b06 s3:idmap_hash: reliable return ID_TYPE_BOTH
via fcc6a32e069 smbd: use fsp->conn->session_info for the initial
delete-on-close token
via 4bfdc4eff93 selftest: add a test that verifies unlink works when
"force user" is set
via 4c9cf755eb2 selftest: add force_user_error_inject share in
maptoguest env
via d5a696fc886 vfs_error_inject: add unlinkat hook
via 5041731ca02 s3/auth: implement "winbind:ignore domains"
via 77f07ddb8ee winbind: check for allowed domains in
winbindd_pam_auth_pac_verify()
via 9b717968bd7 winbind: check for allowed domains in
winbindd_dual_pam_chauthtok()
via 647d1ca5e79 winbind: check for allowed domains in
winbindd_dual_pam_chng_pswd_auth_crap()
via ccc4efd5211 winbind: check for allowed domains in
winbindd_dual_pam_auth_crap()
via 56076c98dbb winbind: check for allowed domains in
winbindd_dual_pam_auth()
via 4f69adab43c winbind: move "winbind:ignore domain" logic to a
seperate function
via bee8a1cb9e9 selftest: add a test for "winbind:ignore domains"
via 115c987aa58 winbind: handle MSG_SMB_CONF_UPDATED in the winbinds
children
via 4df20674da1 winbind: set logfile after reloading config
via 9e797518fb5 winbind: move config-reloading code to winbindd_dual.c
via 835fd283fec selftest: use correct DNS domain name for wrapper hosts
file
via c74fc2ab69a VERSION: Bump version up to 4.14.0rc2...
from 60cae14db1b VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc1 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
Makefile | 3 +
VERSION | 2 +-
WHATSNEW.txt | 22 ++-
script/autobuild.py | 38 ++++-
selftest/selftest.pl | 7 +-
selftest/target/Samba.pm | 26 +++
selftest/target/Samba3.pm | 25 ++-
selftest/target/Samba4.pm | 183 +++++++++------------
source3/auth/auth_util.c | 8 +
source3/include/proto.h | 1 +
source3/lib/util_names.c | 20 +++
source3/libsmb/clidfs.c | 7 +
source3/libsmb/clientgen.c | 30 +++-
source3/modules/vfs_error_inject.c | 44 +++++
source3/script/tests/test_force_user_unlink.sh | 40 +++++
.../tests/test_net_rpc_share_allowedusers.sh | 20 +++
.../script/tests/test_winbind_ignore_domains.sh | 104 ++++++++++++
source3/selftest/tests.py | 12 +-
source3/smbd/close.c | 25 +--
source3/smbd/posix_acls.c | 2 +-
source3/torture/test_smb2.c | 2 +-
source3/torture/torture.c | 27 ++-
source3/winbindd/idmap_hash/idmap_hash.c | 35 ++++
source3/winbindd/winbindd.c | 29 +---
source3/winbindd/winbindd_dual.c | 37 +++++
source3/winbindd/winbindd_pam.c | 44 +++++
source3/winbindd/winbindd_proto.h | 7 +
source3/winbindd/winbindd_util.c | 10 +-
source4/selftest/tests.py | 3 +-
29 files changed, 630 insertions(+), 183 deletions(-)
create mode 100755 source3/script/tests/test_force_user_unlink.sh
create mode 100755 source3/script/tests/test_winbind_ignore_domains.sh
Changeset truncated at 500 lines:
diff --git a/Makefile b/Makefile
index 0b7b0ae8866..7f5960d5191 100644
--- a/Makefile
+++ b/Makefile
@@ -15,6 +15,9 @@ uninstall:
test:
$(WAF) test $(TEST_OPTIONS)
+testonly:
+ $(WAF) testonly $(TEST_OPTIONS)
+
perftest:
$(WAF) test --perf-test $(TEST_OPTIONS)
diff --git a/VERSION b/VERSION
index 8be5a378951..b14af4687ac 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=2
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 63dc70b1547..890e6313fe9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the first release candidate of Samba 4.14. This is *not*
+This is the second release candidate of Samba 4.14. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -203,6 +203,26 @@ smb.conf changes
server smb encrypt New default
+CHANGES SINCE 4.14.0rc1
+=======================
+
+o Jeremy Allison <j...@samba.org>
+ * BUG 13992: Fix SAMBA RPC share error.
+
+o Ralph Boehme <s...@samba.org>
+ * BUG 14602: "winbind:ignore domains" doesn't prevent user login from
trusted
+ domain.
+ * BUG 14617: smbd tries to delete files with wrong permissions (uses guest
+ instead of user from force user =).
+
+o Stefan Metzmacher <me...@samba.org>
+ * BUG 14539: s3:idmap_hash: Reliably return ID_TYPE_BOTH.
+
+o Andreas Schneider <a...@samba.org>
+ * BUG 14627: s3:smbd: Fix invalid memory access in
+ posix_sys_acl_blob_get_fd().
+
+
KNOWN ISSUES
============
diff --git a/script/autobuild.py b/script/autobuild.py
index 444bc156f48..dded5c9dec9 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -4,7 +4,7 @@
# released under GNU GPL v3 or later
from __future__ import print_function
-from subprocess import call, check_call, check_output, Popen, PIPE
+from subprocess import call, check_call, check_output, Popen, PIPE,
CalledProcessError
import os
import tarfile
import sys
@@ -846,6 +846,17 @@ def run_cmd(cmd, dir=".", show=None, output=False,
checkfail=True):
else:
return call(cmd, shell=True, cwd=dir)
+def rmdir_force(dirname, re_raise=True):
+ try:
+ run_cmd("test -d %s && chmod -R +w %s; rm -rf %s" % (
+ dirname, dirname, dirname), output=True, show=True)
+ except CalledProcessError as e:
+ do_print("Failed: '%s'" % (str(e)))
+ run_cmd("tree %s" % dirname, output=True, show=True)
+ if re_raise:
+ raise
+ return False
+ return True
class builder(object):
'''handle build of one directory'''
@@ -868,8 +879,8 @@ class builder(object):
self.test_source_dir = "%s/%s" % (testbase, self.tag)
self.cwd = "%s/%s" % (self.test_source_dir, self.dir)
self.prefix = "%s/%s" % (test_prefix, self.tag)
- run_cmd("rm -rf %s" % self.test_source_dir)
- run_cmd("rm -rf %s" % self.prefix)
+ rmdir_force(self.test_source_dir)
+ rmdir_force(self.prefix)
if cp:
run_cmd("cp -R -a -l %s %s" % (test_master, self.test_source_dir),
dir=test_master, show=True)
else:
@@ -879,8 +890,8 @@ class builder(object):
def start_next(self):
if self.next == len(self.sequence):
if not options.nocleanup:
- run_cmd("rm -rf %s" % self.test_source_dir)
- run_cmd("rm -rf %s" % self.prefix)
+ rmdir_force(self.test_source_dir)
+ rmdir_force(self.prefix)
do_print('%s: Completed OK' % self.name)
self.done = True
return
@@ -1004,7 +1015,7 @@ class buildlist(object):
'df -m %s' % testbase]:
try:
out = run_cmd(cmd, output=True, checkfail=False)
- except subprocess.CalledProcessError as e:
+ except CalledProcessError as e:
out = "<failed: %s>" % str(e)
print('### %s' % cmd, file=f)
print(out, file=f)
@@ -1034,14 +1045,23 @@ class buildlist(object):
self.tail_proc = Popen(cmd, close_fds=True)
-def cleanup():
+def cleanup(do_raise=False):
if options.nocleanup:
return
run_cmd("stat %s || true" % test_tmpdir, show=True)
run_cmd("stat %s" % testbase, show=True)
do_print("Cleaning up %r" % cleanup_list)
for d in cleanup_list:
- run_cmd("rm -rf %s" % d)
+ ok = rmdir_force(d, re_raise=False)
+ if ok:
+ continue
+ if os.path.isdir(d):
+ do_print("Killing, waiting and retry")
+ run_cmd("killbysubdir %s > /dev/null 2>&1" % d, checkfail=False)
+ else:
+ do_print("Waiting and retry")
+ time.sleep(1)
+ rmdir_force(d, re_raise=do_raise)
def daemonize(logfile):
@@ -1307,7 +1327,7 @@ while True:
(status, failed_task, failed_stage, failed_tag, errstr) = blist.run()
if status != 0 or errstr != "retry":
break
- cleanup()
+ cleanup(do_raise=True)
except Exception:
cleanup()
raise
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 6ea21fa6bfe..4c27edd2969 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -281,7 +281,7 @@ my $bindir_abs = abs_path($bindir);
my $torture_maxtime = ($ENV{TORTURE_MAXTIME} or 1200);
$prefix =~ s+//+/+;
-$prefix =~ s+/./+/+;
+$prefix =~ s+/\./+/+;
$prefix =~ s+/$++;
die("using an empty prefix isn't allowed") unless $prefix ne "";
@@ -313,7 +313,6 @@ $ENV{PREFIX} = $prefix;
$ENV{PREFIX_ABS} = $prefix_abs;
$ENV{SRCDIR} = $srcdir;
$ENV{SRCDIR_ABS} = $srcdir_abs;
-$ENV{GNUPGHOME} = "$srcdir_abs/selftest/gnupg";
$ENV{BINDIR} = $bindir_abs;
my $tls_enabled = not $opt_quick;
@@ -667,6 +666,9 @@ $ENV{RESOLV_CONF} = "${selftest_resolv_conf_path}.global";
my $selftest_krbt_ccache_path = "$tmpdir_abs/selftest.krb5_ccache";
$ENV{KRB5CCNAME} = "FILE:${selftest_krbt_ccache_path}.global";
+my $selftest_gnupghome_path = "$tmpdir_abs/selftest.no.gnupg";
+$ENV{GNUPGHOME} = "${selftest_gnupghome_path}.global";
+
my @available = ();
foreach my $fn (@testlists) {
foreach (read_testlist($fn)) {
@@ -803,6 +805,7 @@ sub setup_env($$)
$ENV{RESOLV_CONF} = "${selftest_resolv_conf_path}.${envname}/ignore";
$ENV{KRB5CCNAME} =
"FILE:${selftest_krbt_ccache_path}.${envname}/ignore";
+ $ENV{GNUPGHOME} = "${selftest_gnupghome_path}.${envname}/ignore";
if (defined(get_running_env($envname))) {
$testenv_vars = get_running_env($envname);
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index 0d7e13b7e66..5a7efa9c280 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -280,6 +280,30 @@ EOF
umask $oldumask;
}
+sub copy_gnupg_home($)
+{
+ my ($ctx) = @_;
+
+ my $gnupg_srcdir = "$ENV{SRCDIR_ABS}/selftest/gnupg";
+ my @files = (
+ "gpg.conf",
+ "pubring.gpg",
+ "secring.gpg",
+ "trustdb.gpg",
+ );
+
+ my $oldumask = umask;
+ umask 0077;
+ mkdir($ctx->{gnupghome}, 0777);
+ umask 0177;
+ foreach my $file (@files) {
+ my $srcfile = "${gnupg_srcdir}/${file}";
+ my $dstfile = "$ctx->{gnupghome}/${file}";
+ copy_file_content(${srcfile}, ${dstfile});
+ }
+ umask $oldumask;
+}
+
sub mk_krb5_conf($$)
{
my ($ctx) = @_;
@@ -682,6 +706,7 @@ sub get_env_for_process
RESOLV_CONF => $env_vars->{RESOLV_CONF},
KRB5_CONFIG => $env_vars->{KRB5_CONFIG},
KRB5CCNAME => "$env_vars->{KRB5_CCACHE}.$proc_name",
+ GNUPGHOME => $env_vars->{GNUPGHOME},
SELFTEST_WINBINDD_SOCKET_DIR =>
$env_vars->{SELFTEST_WINBINDD_SOCKET_DIR},
NMBD_SOCKET_DIR => $env_vars->{NMBD_SOCKET_DIR},
NSS_WRAPPER_PASSWD => $env_vars->{NSS_WRAPPER_PASSWD},
@@ -867,6 +892,7 @@ my @exported_envvars = (
# misc stuff
"KRB5_CONFIG",
"KRB5CCNAME",
+ "GNUPGHOME",
"SELFTEST_WINBINDD_SOCKET_DIR",
"NMBD_SOCKET_DIR",
"LOCAL_PATH",
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index ee20528a325..b0910433940 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -761,6 +761,7 @@ sub provision_ad_member
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
+ realm => $dcvars->{REALM},
server => "LOCALADMEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
@@ -911,6 +912,7 @@ sub setup_ad_member_rfc2307
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
+ realm => $dcvars->{REALM},
server => "RFC2307MEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
@@ -1008,6 +1010,7 @@ sub setup_ad_member_idmap_rid
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
+ realm => $dcvars->{REALM},
server => "IDMAPRIDMEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
@@ -1107,6 +1110,7 @@ sub setup_ad_member_idmap_ad
my $ret = $self->provision(
prefix => $prefix,
domain => $dcvars->{DOMAIN},
+ realm => $dcvars->{REALM},
server => "IDMAPADMEMBER",
password => "loCalMemberPass",
extra_options => $member_options,
@@ -1762,12 +1766,22 @@ $ret->{USERNAME} = KTEST\\Administrator
sub setup_maptoguest
{
my ($self, $path) = @_;
+ my $prefix_abs = abs_path($path);
+ my $libdir="$prefix_abs/lib";
+ my $share_dir="$prefix_abs/share";
+ my $errorinjectconf="$libdir/error_inject.conf";
print "PROVISIONING maptoguest...";
my $options = "
map to guest = bad user
ntlm auth = yes
+
+[force_user_error_inject]
+ path = $share_dir
+ vfs objects = acl_xattr fake_acls xattr_tdb error_inject
+ force user = user1
+ include = $errorinjectconf
";
my $vars = $self->provision(
@@ -1965,6 +1979,7 @@ sub provision($$)
my $prefix = $args{prefix};
my $domain = $args{domain};
+ my $realm = $args{realm};
my $server = $args{server};
my $password = $args{password};
my $extra_options = $args{extra_options};
@@ -1982,6 +1997,12 @@ sub provision($$)
my %createuser_env = ();
my $server_ip = Samba::get_ipv4_addr($server);
my $server_ipv6 = Samba::get_ipv6_addr($server);
+ my $dns_domain;
+ if (defined($realm)) {
+ $dns_domain = lc($realm);
+ } else {
+ $dns_domain = "samba.example.com";
+ }
my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or
`PATH=/usr/ucb:$ENV{PATH} whoami`);
chomp $unix_name;
@@ -2987,8 +3008,8 @@ force_user:x:$gid_force_user:
warn("Unable to open $nss_wrapper_hosts");
return undef;
}
- print HOSTS "${server_ip} ${hostname}.samba.example.com ${hostname}\n";
- print HOSTS "${server_ipv6} ${hostname}.samba.example.com
${hostname}\n";
+ print HOSTS "${server_ip} ${hostname}.${dns_domain} ${hostname}\n";
+ print HOSTS "${server_ipv6} ${hostname}.${dns_domain} ${hostname}\n";
close(HOSTS);
$resolv_conf = "$privatedir/no_resolv.conf" unless
defined($resolv_conf);
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 1ebdf2a5484..1ae9fb9d996 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -17,7 +17,6 @@ use SocketWrapper;
use target::Samba;
use target::Samba3;
use Archive::Tar;
-use File::Path 'make_path';
sub new($$$$$) {
my ($classname, $SambaCtx, $bindir, $srcdir, $server_maxtime) = @_;
@@ -161,19 +160,7 @@ sub wait_for_start($$)
my $max_wait = 60;
# Add hosts file for name lookups
- my $cmd =
"NSS_WRAPPER_HOSTS='$testenv_vars->{NSS_WRAPPER_HOSTS}' ";
- if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) {
- $cmd .=
"RESOLV_WRAPPER_CONF='$testenv_vars->{RESOLV_WRAPPER_CONF}' ";
- } else {
- $cmd .=
"RESOLV_WRAPPER_HOSTS='$testenv_vars->{RESOLV_WRAPPER_HOSTS}' ";
- }
- $cmd .= "RESOLV_CONF='$testenv_vars->{RESOLV_CONF}' ";
- if (defined($testenv_vars->{GNUTLS_FORCE_FIPS_MODE})) {
- $cmd .=
"GNUTLS_FORCE_FIPS_MODE=$testenv_vars->{GNUTLS_FORCE_FIPS_MODE} ";
- }
- if (defined($testenv_vars->{OPENSSL_FORCE_FIPS_MODE})) {
- $cmd .=
"OPENSSL_FORCE_FIPS_MODE=$testenv_vars->{OPENSSL_FORCE_FIPS_MODE} ";
- }
+ my $cmd = $self->get_cmd_env_vars($testenv_vars);
$cmd .= "$ldbsearch ";
$cmd .= "$testenv_vars->{CONFIGURATION} ";
@@ -281,7 +268,7 @@ sub setup_dns_hub_internal($$$)
my ($self, $hostname, $prefix) = @_;
my $STDIN_READER;
- unless(-d $prefix or make_path($prefix, 0777)) {
+ unless(-d $prefix or mkdir($prefix, 0777)) {
warn("Unable to create $prefix");
return undef;
}
@@ -356,6 +343,10 @@ sub setup_dns_hub
my $hostname = "rootdnsforwarder";
+ unless(-d $prefix or mkdir($prefix, 0777)) {
+ warn("Unable to create $prefix");
+ return undef;
+ }
my $env = $self->setup_dns_hub_internal("$hostname",
"$prefix/$hostname");
$self->{dns_hub_env} = $env;
@@ -375,10 +366,44 @@ sub get_dns_hub_env($)
return undef;
}
+sub return_env_value
+{
+ my ($env, $overwrite, $key) = @_;
+
+ if (defined($overwrite) and defined($overwrite->{$key})) {
+ return $overwrite->{$key};
+ }
+
+ if (defined($env->{$key})) {
+ return $env->{$key};
+ }
+
+ return undef;
+}
+
# Returns the environmental variables that we pass to samba-tool commands
sub get_cmd_env_vars
{
- my ($self, $localenv) = @_;
+ my ($self, $givenenv, $overwrite) = @_;
+
+ my @keys = (
+ "NSS_WRAPPER_HOSTS",
+ "SOCKET_WRAPPER_DEFAULT_IFACE",
+ "RESOLV_CONF",
+ "RESOLV_WRAPPER_CONF",
+ "RESOLV_WRAPPER_HOSTS",
+ "GNUTLS_FORCE_FIPS_MODE",
+ "OPENSSL_FORCE_FIPS_MODE",
+ "KRB5_CONFIG",
+ "KRB5_CCACHE",
+ "GNUPGHOME",
+ );
+
+ my $localenv = undef;
+ foreach my $key (@keys) {
+ my $v = return_env_value($givenenv, $overwrite, $key);
+ $localenv->{$key} = $v if defined($v);
+ }
my $cmd_env = "NSS_WRAPPER_HOSTS='$localenv->{NSS_WRAPPER_HOSTS}' ";
$cmd_env .=
"SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
@@ -393,9 +418,10 @@ sub get_cmd_env_vars
if (defined($localenv->{OPENSSL_FORCE_FIPS_MODE})) {
$cmd_env .=
"OPENSSL_FORCE_FIPS_MODE=$localenv->{OPENSSL_FORCE_FIPS_MODE} ";
}
- $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" ";
+ $cmd_env .= "KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" ";
$cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" ";
$cmd_env .= "RESOLV_CONF=\"$localenv->{RESOLV_CONF}\" ";
+ $cmd_env .= "GNUPGHOME=\"$localenv->{GNUPGHOME}\" ";
return $cmd_env;
}
@@ -565,6 +591,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
$ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf";
$ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache";
$ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf";
+ $ctx->{gnupghome} = "$prefix_abs/gnupg";
$ctx->{privatedir} = "$prefix_abs/private";
$ctx->{binddnsdir} = "$prefix_abs/bind-dns";
$ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc";
@@ -608,8 +635,9 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
$ctx->{smb_conf_extra_options} = "";
my @provision_options = ();
+ push (@provision_options, "GNUPGHOME=\"$ctx->{gnupghome}\"");
push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_conf}\"");
- push (@provision_options, "KRB5_CCACHE=\"$ctx->{krb5_ccache}\"");
+ push (@provision_options, "KRB5CCNAME=\"$ctx->{krb5_ccache}\"");
push (@provision_options,
"NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\"");
push (@provision_options,
"NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\"");
push (@provision_options,
"NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\"");
@@ -700,6 +728,7 @@ sub provision_raw_step1($$)
return undef;
}
+ Samba::copy_gnupg_home($ctx);
Samba::prepare_keyblobs($ctx);
my $crlfile = "$ctx->{tlsdir}/crl.pem";
$crlfile = "" unless -e ${crlfile};
@@ -843,6 +872,7 @@ nogroup:x:65534:nobody
# Note that we have SERVER_X and DC_SERVER_X variables (which have the
same
# value initially). In a 2 DC setup, $DC_SERVER_X will always be the
PDC.
my $ret = {
+ GNUPGHOME => $ctx->{gnupghome},
KRB5_CONFIG => $ctx->{krb5_conf},
KRB5_CCACHE => $ctx->{krb5_ccache},
MITKDC_CONFIG => $ctx->{mitkdc_conf},
@@ -922,11 +952,10 @@ sub provision_raw_step2($$$)
return undef;
}
+ my $cmd_env = $self->get_cmd_env_vars($ret);
+
my $testallowed_account = "testallowed";
- my $samba_tool_cmd = "";
- $samba_tool_cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" ";
--
Samba Shared Repository
