The branch, v4-14-stable has been updated via 3b1235240f3 VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc2 release. via c07d538a4bc WHATSNEW: Add release notes for Samba 4.14.0rc2. via df0dd2ae007 s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state. via b6a9277beae s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use. via b6183a479ca s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths. via 55294ccdeca s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition. via 7125792f0e1 s3: libsmb: Ensure we disconnect the temporary SMB1 tcon pointer on failure to set up encryption. via 42f41c5ca5e s3: tests: Add regression test for bug 13992. via eac2d1504b7 s3:smbd: Fix invalid memory access in posix_sys_acl_blob_get_fd() via cc1568be4d4 script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default via c933135969b script/autobuild.py: split out a rmdir_force() helper function via c1a4cb97d1d selftest: make/use a copy of GNUPGHOME via 81b36b389cb s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo' via 3eba14718dd s3:selftest: run test_smbclient_tarmode.pl with a fixed subdirectory name via f1c7967b568 selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionary via 85800df9035 selftest/Samba4: correctly pass KRB5CCNAME to provision via 9d5f5e821cb selftest/Samba4: make more use of get_cmd_env_vars() via 56c2c0f651e selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal() via f480161b754 selftest: allow a prefix under /m/username/ via 9fed2749c03 Makefile: add support for 'make testonly' via 99673b77b06 s3:idmap_hash: reliable return ID_TYPE_BOTH via fcc6a32e069 smbd: use fsp->conn->session_info for the initial delete-on-close token via 4bfdc4eff93 selftest: add a test that verifies unlink works when "force user" is set via 4c9cf755eb2 selftest: add force_user_error_inject share in maptoguest env via d5a696fc886 vfs_error_inject: add unlinkat hook via 5041731ca02 s3/auth: implement "winbind:ignore domains" via 77f07ddb8ee winbind: check for allowed domains in winbindd_pam_auth_pac_verify() via 9b717968bd7 winbind: check for allowed domains in winbindd_dual_pam_chauthtok() via 647d1ca5e79 winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap() via ccc4efd5211 winbind: check for allowed domains in winbindd_dual_pam_auth_crap() via 56076c98dbb winbind: check for allowed domains in winbindd_dual_pam_auth() via 4f69adab43c winbind: move "winbind:ignore domain" logic to a seperate function via bee8a1cb9e9 selftest: add a test for "winbind:ignore domains" via 115c987aa58 winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children via 4df20674da1 winbind: set logfile after reloading config via 9e797518fb5 winbind: move config-reloading code to winbindd_dual.c via 835fd283fec selftest: use correct DNS domain name for wrapper hosts file via c74fc2ab69a VERSION: Bump version up to 4.14.0rc2... from 60cae14db1b VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc1 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-14-stable - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: Makefile | 3 + VERSION | 2 +- WHATSNEW.txt | 22 ++- script/autobuild.py | 38 ++++- selftest/selftest.pl | 7 +- selftest/target/Samba.pm | 26 +++ selftest/target/Samba3.pm | 25 ++- selftest/target/Samba4.pm | 183 +++++++++------------ source3/auth/auth_util.c | 8 + source3/include/proto.h | 1 + source3/lib/util_names.c | 20 +++ source3/libsmb/clidfs.c | 7 + source3/libsmb/clientgen.c | 30 +++- source3/modules/vfs_error_inject.c | 44 +++++ source3/script/tests/test_force_user_unlink.sh | 40 +++++ .../tests/test_net_rpc_share_allowedusers.sh | 20 +++ .../script/tests/test_winbind_ignore_domains.sh | 104 ++++++++++++ source3/selftest/tests.py | 12 +- source3/smbd/close.c | 25 +-- source3/smbd/posix_acls.c | 2 +- source3/torture/test_smb2.c | 2 +- source3/torture/torture.c | 27 ++- source3/winbindd/idmap_hash/idmap_hash.c | 35 ++++ source3/winbindd/winbindd.c | 29 +--- source3/winbindd/winbindd_dual.c | 37 +++++ source3/winbindd/winbindd_pam.c | 44 +++++ source3/winbindd/winbindd_proto.h | 7 + source3/winbindd/winbindd_util.c | 10 +- source4/selftest/tests.py | 3 +- 29 files changed, 630 insertions(+), 183 deletions(-) create mode 100755 source3/script/tests/test_force_user_unlink.sh create mode 100755 source3/script/tests/test_winbind_ignore_domains.sh Changeset truncated at 500 lines: diff --git a/Makefile b/Makefile index 0b7b0ae8866..7f5960d5191 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,9 @@ uninstall: test: $(WAF) test $(TEST_OPTIONS) +testonly: + $(WAF) testonly $(TEST_OPTIONS) + perftest: $(WAF) test --perf-test $(TEST_OPTIONS) diff --git a/VERSION b/VERSION index 8be5a378951..b14af4687ac 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 ######################################################## # To mark SVN snapshots this should be set to 'yes' # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 63dc70b1547..890e6313fe9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements ===================== -This is the first release candidate of Samba 4.14. This is *not* +This is the second release candidate of Samba 4.14. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -203,6 +203,26 @@ smb.conf changes server smb encrypt New default +CHANGES SINCE 4.14.0rc1 +======================= + +o Jeremy Allison <j...@samba.org> + * BUG 13992: Fix SAMBA RPC share error. + +o Ralph Boehme <s...@samba.org> + * BUG 14602: "winbind:ignore domains" doesn't prevent user login from trusted + domain. + * BUG 14617: smbd tries to delete files with wrong permissions (uses guest + instead of user from force user =). + +o Stefan Metzmacher <me...@samba.org> + * BUG 14539: s3:idmap_hash: Reliably return ID_TYPE_BOTH. + +o Andreas Schneider <a...@samba.org> + * BUG 14627: s3:smbd: Fix invalid memory access in + posix_sys_acl_blob_get_fd(). + + KNOWN ISSUES ============ diff --git a/script/autobuild.py b/script/autobuild.py index 444bc156f48..dded5c9dec9 100755 --- a/script/autobuild.py +++ b/script/autobuild.py @@ -4,7 +4,7 @@ # released under GNU GPL v3 or later from __future__ import print_function -from subprocess import call, check_call, check_output, Popen, PIPE +from subprocess import call, check_call, check_output, Popen, PIPE, CalledProcessError import os import tarfile import sys @@ -846,6 +846,17 @@ def run_cmd(cmd, dir=".", show=None, output=False, checkfail=True): else: return call(cmd, shell=True, cwd=dir) +def rmdir_force(dirname, re_raise=True): + try: + run_cmd("test -d %s && chmod -R +w %s; rm -rf %s" % ( + dirname, dirname, dirname), output=True, show=True) + except CalledProcessError as e: + do_print("Failed: '%s'" % (str(e))) + run_cmd("tree %s" % dirname, output=True, show=True) + if re_raise: + raise + return False + return True class builder(object): '''handle build of one directory''' @@ -868,8 +879,8 @@ class builder(object): self.test_source_dir = "%s/%s" % (testbase, self.tag) self.cwd = "%s/%s" % (self.test_source_dir, self.dir) self.prefix = "%s/%s" % (test_prefix, self.tag) - run_cmd("rm -rf %s" % self.test_source_dir) - run_cmd("rm -rf %s" % self.prefix) + rmdir_force(self.test_source_dir) + rmdir_force(self.prefix) if cp: run_cmd("cp -R -a -l %s %s" % (test_master, self.test_source_dir), dir=test_master, show=True) else: @@ -879,8 +890,8 @@ class builder(object): def start_next(self): if self.next == len(self.sequence): if not options.nocleanup: - run_cmd("rm -rf %s" % self.test_source_dir) - run_cmd("rm -rf %s" % self.prefix) + rmdir_force(self.test_source_dir) + rmdir_force(self.prefix) do_print('%s: Completed OK' % self.name) self.done = True return @@ -1004,7 +1015,7 @@ class buildlist(object): 'df -m %s' % testbase]: try: out = run_cmd(cmd, output=True, checkfail=False) - except subprocess.CalledProcessError as e: + except CalledProcessError as e: out = "<failed: %s>" % str(e) print('### %s' % cmd, file=f) print(out, file=f) @@ -1034,14 +1045,23 @@ class buildlist(object): self.tail_proc = Popen(cmd, close_fds=True) -def cleanup(): +def cleanup(do_raise=False): if options.nocleanup: return run_cmd("stat %s || true" % test_tmpdir, show=True) run_cmd("stat %s" % testbase, show=True) do_print("Cleaning up %r" % cleanup_list) for d in cleanup_list: - run_cmd("rm -rf %s" % d) + ok = rmdir_force(d, re_raise=False) + if ok: + continue + if os.path.isdir(d): + do_print("Killing, waiting and retry") + run_cmd("killbysubdir %s > /dev/null 2>&1" % d, checkfail=False) + else: + do_print("Waiting and retry") + time.sleep(1) + rmdir_force(d, re_raise=do_raise) def daemonize(logfile): @@ -1307,7 +1327,7 @@ while True: (status, failed_task, failed_stage, failed_tag, errstr) = blist.run() if status != 0 or errstr != "retry": break - cleanup() + cleanup(do_raise=True) except Exception: cleanup() raise diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 6ea21fa6bfe..4c27edd2969 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -281,7 +281,7 @@ my $bindir_abs = abs_path($bindir); my $torture_maxtime = ($ENV{TORTURE_MAXTIME} or 1200); $prefix =~ s+//+/+; -$prefix =~ s+/./+/+; +$prefix =~ s+/\./+/+; $prefix =~ s+/$++; die("using an empty prefix isn't allowed") unless $prefix ne ""; @@ -313,7 +313,6 @@ $ENV{PREFIX} = $prefix; $ENV{PREFIX_ABS} = $prefix_abs; $ENV{SRCDIR} = $srcdir; $ENV{SRCDIR_ABS} = $srcdir_abs; -$ENV{GNUPGHOME} = "$srcdir_abs/selftest/gnupg"; $ENV{BINDIR} = $bindir_abs; my $tls_enabled = not $opt_quick; @@ -667,6 +666,9 @@ $ENV{RESOLV_CONF} = "${selftest_resolv_conf_path}.global"; my $selftest_krbt_ccache_path = "$tmpdir_abs/selftest.krb5_ccache"; $ENV{KRB5CCNAME} = "FILE:${selftest_krbt_ccache_path}.global"; +my $selftest_gnupghome_path = "$tmpdir_abs/selftest.no.gnupg"; +$ENV{GNUPGHOME} = "${selftest_gnupghome_path}.global"; + my @available = (); foreach my $fn (@testlists) { foreach (read_testlist($fn)) { @@ -803,6 +805,7 @@ sub setup_env($$) $ENV{RESOLV_CONF} = "${selftest_resolv_conf_path}.${envname}/ignore"; $ENV{KRB5CCNAME} = "FILE:${selftest_krbt_ccache_path}.${envname}/ignore"; + $ENV{GNUPGHOME} = "${selftest_gnupghome_path}.${envname}/ignore"; if (defined(get_running_env($envname))) { $testenv_vars = get_running_env($envname); diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 0d7e13b7e66..5a7efa9c280 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -280,6 +280,30 @@ EOF umask $oldumask; } +sub copy_gnupg_home($) +{ + my ($ctx) = @_; + + my $gnupg_srcdir = "$ENV{SRCDIR_ABS}/selftest/gnupg"; + my @files = ( + "gpg.conf", + "pubring.gpg", + "secring.gpg", + "trustdb.gpg", + ); + + my $oldumask = umask; + umask 0077; + mkdir($ctx->{gnupghome}, 0777); + umask 0177; + foreach my $file (@files) { + my $srcfile = "${gnupg_srcdir}/${file}"; + my $dstfile = "$ctx->{gnupghome}/${file}"; + copy_file_content(${srcfile}, ${dstfile}); + } + umask $oldumask; +} + sub mk_krb5_conf($$) { my ($ctx) = @_; @@ -682,6 +706,7 @@ sub get_env_for_process RESOLV_CONF => $env_vars->{RESOLV_CONF}, KRB5_CONFIG => $env_vars->{KRB5_CONFIG}, KRB5CCNAME => "$env_vars->{KRB5_CCACHE}.$proc_name", + GNUPGHOME => $env_vars->{GNUPGHOME}, SELFTEST_WINBINDD_SOCKET_DIR => $env_vars->{SELFTEST_WINBINDD_SOCKET_DIR}, NMBD_SOCKET_DIR => $env_vars->{NMBD_SOCKET_DIR}, NSS_WRAPPER_PASSWD => $env_vars->{NSS_WRAPPER_PASSWD}, @@ -867,6 +892,7 @@ my @exported_envvars = ( # misc stuff "KRB5_CONFIG", "KRB5CCNAME", + "GNUPGHOME", "SELFTEST_WINBINDD_SOCKET_DIR", "NMBD_SOCKET_DIR", "LOCAL_PATH", diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index ee20528a325..b0910433940 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -761,6 +761,7 @@ sub provision_ad_member my $ret = $self->provision( prefix => $prefix, domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, server => "LOCALADMEMBER", password => "loCalMemberPass", extra_options => $member_options, @@ -911,6 +912,7 @@ sub setup_ad_member_rfc2307 my $ret = $self->provision( prefix => $prefix, domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, server => "RFC2307MEMBER", password => "loCalMemberPass", extra_options => $member_options, @@ -1008,6 +1010,7 @@ sub setup_ad_member_idmap_rid my $ret = $self->provision( prefix => $prefix, domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, server => "IDMAPRIDMEMBER", password => "loCalMemberPass", extra_options => $member_options, @@ -1107,6 +1110,7 @@ sub setup_ad_member_idmap_ad my $ret = $self->provision( prefix => $prefix, domain => $dcvars->{DOMAIN}, + realm => $dcvars->{REALM}, server => "IDMAPADMEMBER", password => "loCalMemberPass", extra_options => $member_options, @@ -1762,12 +1766,22 @@ $ret->{USERNAME} = KTEST\\Administrator sub setup_maptoguest { my ($self, $path) = @_; + my $prefix_abs = abs_path($path); + my $libdir="$prefix_abs/lib"; + my $share_dir="$prefix_abs/share"; + my $errorinjectconf="$libdir/error_inject.conf"; print "PROVISIONING maptoguest..."; my $options = " map to guest = bad user ntlm auth = yes + +[force_user_error_inject] + path = $share_dir + vfs objects = acl_xattr fake_acls xattr_tdb error_inject + force user = user1 + include = $errorinjectconf "; my $vars = $self->provision( @@ -1965,6 +1979,7 @@ sub provision($$) my $prefix = $args{prefix}; my $domain = $args{domain}; + my $realm = $args{realm}; my $server = $args{server}; my $password = $args{password}; my $extra_options = $args{extra_options}; @@ -1982,6 +1997,12 @@ sub provision($$) my %createuser_env = (); my $server_ip = Samba::get_ipv4_addr($server); my $server_ipv6 = Samba::get_ipv6_addr($server); + my $dns_domain; + if (defined($realm)) { + $dns_domain = lc($realm); + } else { + $dns_domain = "samba.example.com"; + } my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`); chomp $unix_name; @@ -2987,8 +3008,8 @@ force_user:x:$gid_force_user: warn("Unable to open $nss_wrapper_hosts"); return undef; } - print HOSTS "${server_ip} ${hostname}.samba.example.com ${hostname}\n"; - print HOSTS "${server_ipv6} ${hostname}.samba.example.com ${hostname}\n"; + print HOSTS "${server_ip} ${hostname}.${dns_domain} ${hostname}\n"; + print HOSTS "${server_ipv6} ${hostname}.${dns_domain} ${hostname}\n"; close(HOSTS); $resolv_conf = "$privatedir/no_resolv.conf" unless defined($resolv_conf); diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 1ebdf2a5484..1ae9fb9d996 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -17,7 +17,6 @@ use SocketWrapper; use target::Samba; use target::Samba3; use Archive::Tar; -use File::Path 'make_path'; sub new($$$$$) { my ($classname, $SambaCtx, $bindir, $srcdir, $server_maxtime) = @_; @@ -161,19 +160,7 @@ sub wait_for_start($$) my $max_wait = 60; # Add hosts file for name lookups - my $cmd = "NSS_WRAPPER_HOSTS='$testenv_vars->{NSS_WRAPPER_HOSTS}' "; - if (defined($testenv_vars->{RESOLV_WRAPPER_CONF})) { - $cmd .= "RESOLV_WRAPPER_CONF='$testenv_vars->{RESOLV_WRAPPER_CONF}' "; - } else { - $cmd .= "RESOLV_WRAPPER_HOSTS='$testenv_vars->{RESOLV_WRAPPER_HOSTS}' "; - } - $cmd .= "RESOLV_CONF='$testenv_vars->{RESOLV_CONF}' "; - if (defined($testenv_vars->{GNUTLS_FORCE_FIPS_MODE})) { - $cmd .= "GNUTLS_FORCE_FIPS_MODE=$testenv_vars->{GNUTLS_FORCE_FIPS_MODE} "; - } - if (defined($testenv_vars->{OPENSSL_FORCE_FIPS_MODE})) { - $cmd .= "OPENSSL_FORCE_FIPS_MODE=$testenv_vars->{OPENSSL_FORCE_FIPS_MODE} "; - } + my $cmd = $self->get_cmd_env_vars($testenv_vars); $cmd .= "$ldbsearch "; $cmd .= "$testenv_vars->{CONFIGURATION} "; @@ -281,7 +268,7 @@ sub setup_dns_hub_internal($$$) my ($self, $hostname, $prefix) = @_; my $STDIN_READER; - unless(-d $prefix or make_path($prefix, 0777)) { + unless(-d $prefix or mkdir($prefix, 0777)) { warn("Unable to create $prefix"); return undef; } @@ -356,6 +343,10 @@ sub setup_dns_hub my $hostname = "rootdnsforwarder"; + unless(-d $prefix or mkdir($prefix, 0777)) { + warn("Unable to create $prefix"); + return undef; + } my $env = $self->setup_dns_hub_internal("$hostname", "$prefix/$hostname"); $self->{dns_hub_env} = $env; @@ -375,10 +366,44 @@ sub get_dns_hub_env($) return undef; } +sub return_env_value +{ + my ($env, $overwrite, $key) = @_; + + if (defined($overwrite) and defined($overwrite->{$key})) { + return $overwrite->{$key}; + } + + if (defined($env->{$key})) { + return $env->{$key}; + } + + return undef; +} + # Returns the environmental variables that we pass to samba-tool commands sub get_cmd_env_vars { - my ($self, $localenv) = @_; + my ($self, $givenenv, $overwrite) = @_; + + my @keys = ( + "NSS_WRAPPER_HOSTS", + "SOCKET_WRAPPER_DEFAULT_IFACE", + "RESOLV_CONF", + "RESOLV_WRAPPER_CONF", + "RESOLV_WRAPPER_HOSTS", + "GNUTLS_FORCE_FIPS_MODE", + "OPENSSL_FORCE_FIPS_MODE", + "KRB5_CONFIG", + "KRB5_CCACHE", + "GNUPGHOME", + ); + + my $localenv = undef; + foreach my $key (@keys) { + my $v = return_env_value($givenenv, $overwrite, $key); + $localenv->{$key} = $v if defined($v); + } my $cmd_env = "NSS_WRAPPER_HOSTS='$localenv->{NSS_WRAPPER_HOSTS}' "; $cmd_env .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$localenv->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; @@ -393,9 +418,10 @@ sub get_cmd_env_vars if (defined($localenv->{OPENSSL_FORCE_FIPS_MODE})) { $cmd_env .= "OPENSSL_FORCE_FIPS_MODE=$localenv->{OPENSSL_FORCE_FIPS_MODE} "; } - $cmd_env .= " KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" "; + $cmd_env .= "KRB5_CONFIG=\"$localenv->{KRB5_CONFIG}\" "; $cmd_env .= "KRB5CCNAME=\"$localenv->{KRB5_CCACHE}\" "; $cmd_env .= "RESOLV_CONF=\"$localenv->{RESOLV_CONF}\" "; + $cmd_env .= "GNUPGHOME=\"$localenv->{GNUPGHOME}\" "; return $cmd_env; } @@ -565,6 +591,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) $ctx->{krb5_conf} = "$ctx->{etcdir}/krb5.conf"; $ctx->{krb5_ccache} = "$prefix_abs/krb5_ccache"; $ctx->{mitkdc_conf} = "$ctx->{etcdir}/mitkdc.conf"; + $ctx->{gnupghome} = "$prefix_abs/gnupg"; $ctx->{privatedir} = "$prefix_abs/private"; $ctx->{binddnsdir} = "$prefix_abs/bind-dns"; $ctx->{ncalrpcdir} = "$prefix_abs/ncalrpc"; @@ -608,8 +635,9 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) $ctx->{smb_conf_extra_options} = ""; my @provision_options = (); + push (@provision_options, "GNUPGHOME=\"$ctx->{gnupghome}\""); push (@provision_options, "KRB5_CONFIG=\"$ctx->{krb5_conf}\""); - push (@provision_options, "KRB5_CCACHE=\"$ctx->{krb5_ccache}\""); + push (@provision_options, "KRB5CCNAME=\"$ctx->{krb5_ccache}\""); push (@provision_options, "NSS_WRAPPER_PASSWD=\"$ctx->{nsswrap_passwd}\""); push (@provision_options, "NSS_WRAPPER_GROUP=\"$ctx->{nsswrap_group}\""); push (@provision_options, "NSS_WRAPPER_HOSTS=\"$ctx->{nsswrap_hosts}\""); @@ -700,6 +728,7 @@ sub provision_raw_step1($$) return undef; } + Samba::copy_gnupg_home($ctx); Samba::prepare_keyblobs($ctx); my $crlfile = "$ctx->{tlsdir}/crl.pem"; $crlfile = "" unless -e ${crlfile}; @@ -843,6 +872,7 @@ nogroup:x:65534:nobody # Note that we have SERVER_X and DC_SERVER_X variables (which have the same # value initially). In a 2 DC setup, $DC_SERVER_X will always be the PDC. my $ret = { + GNUPGHOME => $ctx->{gnupghome}, KRB5_CONFIG => $ctx->{krb5_conf}, KRB5_CCACHE => $ctx->{krb5_ccache}, MITKDC_CONFIG => $ctx->{mitkdc_conf}, @@ -922,11 +952,10 @@ sub provision_raw_step2($$$) return undef; } + my $cmd_env = $self->get_cmd_env_vars($ret); + my $testallowed_account = "testallowed"; - my $samba_tool_cmd = ""; - $samba_tool_cmd .= "RESOLV_CONF=\"$ret->{RESOLV_CONF}\" "; -- Samba Shared Repository