diff options
author | Andrew Bartlett <abartlet@samba.org> | 2008-06-28 22:02:19 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2008-06-28 22:02:19 +1000 |
commit | 234413fbd9664dc217ed8c029be33fc7aa260d3a (patch) | |
tree | cc8881df9a71f6fb05ad2ce0fd78d5e7f369abfb /source4 | |
parent | 7dbe92c97038b62b7ef9576c003a09a87d56edfa (diff) | |
download | samba-234413fbd9664dc217ed8c029be33fc7aa260d3a.tar.gz samba-234413fbd9664dc217ed8c029be33fc7aa260d3a.tar.bz2 samba-234413fbd9664dc217ed8c029be33fc7aa260d3a.zip |
Use a configure-specified directory for the winbind priv pipe
This makes it easier for RPMs to specify an group for access to that
directory.
Andrew Bartlett
(This used to be commit fa361354433fb9a5c09c84997a7c51f3052c294e)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/build/m4/check_path.m4 | 39 | ||||
-rw-r--r-- | source4/param/loadparm.c | 4 | ||||
-rw-r--r-- | source4/param/param.h | 1 | ||||
-rw-r--r-- | source4/param/param_wrap.c | 24 | ||||
-rw-r--r-- | source4/winbind/wb_server.c | 14 |
5 files changed, 65 insertions, 17 deletions
diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index c0b81f1a8d..a209a4b85a 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -19,7 +19,8 @@ lockdir="${localstatedir}/locks" piddir="${localstatedir}/run" privatedir="\${prefix}/private" modulesdir="\${prefix}/modules" -winbindd_socket_dir="${localstatedir}/run/winbind_pipe" +winbindd_socket_dir="${localstatedir}/run/winbindd" +winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged" ntp_signd_socket_dir="${localstatedir}/run/ntp_signd" AC_ARG_WITH(fhs, @@ -33,7 +34,8 @@ AC_ARG_WITH(fhs, datadir="${datadir}/samba" includedir="${includedir}/samba-4.0" ntp_signd_socket_dir="${localstatedir}/run/samba/ntp_signd" - winbindd_socket_dir="${localstatedir}/run/samba/winbind_pipe" + winbindd_socket_dir="${localstatedir}/run/samba/winbindd" + winbindd_privileged_socket_dir="${localstatedir}/lib/samba/winbindd_privileged" ) ################################################# @@ -55,6 +57,38 @@ AC_ARG_WITH(privatedir, ################################################# # set where the winbindd socket should be put AC_ARG_WITH(winbindd-socket-dir, +[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($winbindd_socket_dir)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default]) + ;; + * ) + winbindd_socket_dir="$withval" + ;; + esac]) + +################################################# +# set where the winbindd privilaged socket should be put +AC_ARG_WITH(winbindd-privileged-socket-dir, +[ --with-winbindd-privileged-socket-dir=DIR Where to put the winbindd socket ($winbindd_privileged_socket_dir)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-winbind-privileged-socketdir called without argument - will use default]) + ;; + * ) + winbindd_privileged_socket_dir="$withval" + ;; + esac]) + +################################################# +# set where the winbindd privilaged socket should be put +AC_ARG_WITH(winbindd-socket-dir, [ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)], [ case "$withval" in yes|no) @@ -140,6 +174,7 @@ AC_SUBST(privatedir) AC_SUBST(bindir) AC_SUBST(sbindir) AC_SUBST(winbindd_socket_dir) +AC_SUBST(winbindd_privileged_socket_dir) AC_SUBST(ntp_signd_socket_dir) AC_SUBST(modulesdir) diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 0a7aec1985..e63a7aa8a1 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -116,6 +116,7 @@ struct loadparm_global const char **server_services; char *ntptr_providor; char *szWinbindSeparator; + char *szWinbinddPrivilegedSocketDirectory; char *szWinbinddSocketDirectory; char *szTemplateShell; char *szTemplateHomedir; @@ -485,6 +486,7 @@ static struct parm_struct parm_table[] = { {"host msdfs", P_BOOL, P_GLOBAL, GLOBAL_VAR(bHostMSDfs), NULL, NULL}, {"winbind separator", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbindSeparator), NULL, NULL }, {"winbindd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddSocketDirectory), NULL, NULL }, + {"winbindd privileged socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddPrivilegedSocketDirectory), NULL, NULL }, {"winbind sealed pipes", P_BOOL, P_GLOBAL, GLOBAL_VAR(bWinbindSealedPipes), NULL, NULL }, {"template shell", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateShell), NULL, NULL }, {"template homedir", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateHomedir), NULL, NULL }, @@ -631,6 +633,7 @@ _PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, szWINS_CONFIG_URL) _PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, szWINS_URL) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbind_separator, szWinbindSeparator) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, szWinbinddSocketDirectory) +_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_shell, szTemplateShell) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_homedir, szTemplateHomedir) _PUBLIC_ FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, bWinbindSealedPipes) @@ -2382,6 +2385,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lp_do_global_parameter(lp_ctx, "winbind separator", "\\"); lp_do_global_parameter(lp_ctx, "winbind sealed pipes", "True"); lp_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR); + lp_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR); lp_do_global_parameter(lp_ctx, "template shell", "/bin/false"); lp_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%"); lp_do_global_parameter(lp_ctx, "idmap trusted only", "False"); diff --git a/source4/param/param.h b/source4/param/param.h index 06a42575ad..4ed2654692 100644 --- a/source4/param/param.h +++ b/source4/param/param.h @@ -91,6 +91,7 @@ const char *lp_wins_config_url(struct loadparm_context *); const char *lp_wins_url(struct loadparm_context *); const char *lp_winbind_separator(struct loadparm_context *); const char *lp_winbindd_socket_directory(struct loadparm_context *); +const char *lp_winbindd_privileged_socket_directory(struct loadparm_context *); const char *lp_template_shell(struct loadparm_context *); const char *lp_template_homedir(struct loadparm_context *); bool lp_winbind_sealed_pipes(struct loadparm_context *); diff --git a/source4/param/param_wrap.c b/source4/param/param_wrap.c index aff239312d..48fd752f0e 100644 --- a/source4/param/param_wrap.c +++ b/source4/param/param_wrap.c @@ -2479,7 +2479,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_int swig_types[2] #define SWIGTYPE_p_loadparm_context swig_types[3] #define SWIGTYPE_p_loadparm_service swig_types[4] -#define SWIGTYPE_p_long_long swig_types[5] +#define SWIGTYPE_p_long swig_types[5] #define SWIGTYPE_p_param_context swig_types[6] #define SWIGTYPE_p_param_opt swig_types[7] #define SWIGTYPE_p_param_section swig_types[8] @@ -2487,7 +2487,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_signed_char swig_types[10] #define SWIGTYPE_p_unsigned_char swig_types[11] #define SWIGTYPE_p_unsigned_int swig_types[12] -#define SWIGTYPE_p_unsigned_long_long swig_types[13] +#define SWIGTYPE_p_unsigned_long swig_types[13] #define SWIGTYPE_p_unsigned_short swig_types[14] static swig_type_info *swig_types[16]; static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0}; @@ -4250,18 +4250,18 @@ static PyMethodDef SwigMethods[] = { static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { @@ -4270,7 +4270,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_int, &_swigt__p_loadparm_context, &_swigt__p_loadparm_service, - &_swigt__p_long_long, + &_swigt__p_long, &_swigt__p_param_context, &_swigt__p_param_opt, &_swigt__p_param_section, @@ -4278,7 +4278,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_signed_char, &_swigt__p_unsigned_char, &_swigt__p_unsigned_int, - &_swigt__p_unsigned_long_long, + &_swigt__p_unsigned_long, &_swigt__p_unsigned_short, }; @@ -4287,7 +4287,7 @@ static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}}; @@ -4295,7 +4295,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { @@ -4304,7 +4304,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_int, _swigc__p_loadparm_context, _swigc__p_loadparm_service, - _swigc__p_long_long, + _swigc__p_long, _swigc__p_param_context, _swigc__p_param_opt, _swigc__p_param_section, @@ -4312,7 +4312,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_signed_char, _swigc__p_unsigned_char, _swigc__p_unsigned_int, - _swigc__p_unsigned_long_long, + _swigc__p_unsigned_long, _swigc__p_unsigned_short, }; diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c index 14d62b8568..97646f2849 100644 --- a/source4/winbind/wb_server.c +++ b/source4/winbind/wb_server.c @@ -136,6 +136,13 @@ static void winbind_task_init(struct task_server *task) return; } + /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ + if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) { + task_server_terminate(task, + "Cannot create winbindd privileged pipe directory"); + return; + } + service = talloc_zero(task, struct wbsrv_service); if (!service) goto nomem; service->task = task; @@ -175,9 +182,10 @@ static void winbind_task_init(struct task_server *task) /* setup the privileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; - listen_socket->socket_path = - smbd_tmp_path(listen_socket, task->lp_ctx, - WINBINDD_SAMBA3_PRIVILEGED_SOCKET); + listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", + lp_winbindd_privileged_socket_directory(task->lp_ctx), + WINBINDD_SAMBA3_SOCKET); + if (!listen_socket->socket_path) goto nomem; if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = true; |