summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2006-01-31 00:48:57 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:51:37 -0500
commitb70009649a23ee8f0e88c1b9935e739537f4a960 (patch)
treee720a3d9862dea024fbce7b28f4a2873ab2530ce /source4
parentb98a5bf92222e37eb62422f65ecc048511a8f256 (diff)
downloadsamba-b70009649a23ee8f0e88c1b9935e739537f4a960.tar.gz
samba-b70009649a23ee8f0e88c1b9935e739537f4a960.tar.bz2
samba-b70009649a23ee8f0e88c1b9935e739537f4a960.zip
r13244: Allow control of the location of the Samba3-compatible winbindd pipe
in Samba4. This allows us to start winbindd by default, including in 'make test'. This is via a new 'winbindd socket directory' parameter for utilities linked against loadparm, as well as a --with-winbindd-socket-dir option to configure (setting the default and the value for simple clients). I hope to add basic winbindd tests, to ensure continued correct operation, but at least now I don't have to manually change my 'server services' line. The other problem with the hard-coded /tmp/.winbind is that RedHat has moved this in Fedora (to /var/run I think). For this reason, this functionality should probably be ported to Samba3 as well. The default for Samba4 is PREFIX/var/run/winbind_pipe. I have also re-added the paranoia checks from Samba3 for correct permissions on the socket directory. Andrew Bartlett (This used to be commit 8866aa06ffc3896094c878e9c07b40c03826d9a7)
Diffstat (limited to 'source4')
-rw-r--r--source4/build/m4/check_path.m419
-rw-r--r--source4/build/smb_build/makefile.pm1
-rw-r--r--source4/dynconfig.c7
-rw-r--r--source4/include/dynconfig.h1
-rw-r--r--source4/lib/util.c43
-rw-r--r--source4/main.mk27
-rw-r--r--source4/nsswitch/winbindd_nss.h2
-rw-r--r--source4/param/loadparm.c6
-rwxr-xr-xsource4/script/tests/selftest.sh2
-rw-r--r--source4/winbind/wb_server.c12
-rw-r--r--source4/winbind/wb_server.h7
11 files changed, 104 insertions, 23 deletions
diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4
index 293aac2427..2f5f793a1d 100644
--- a/source4/build/m4/check_path.m4
+++ b/source4/build/m4/check_path.m4
@@ -16,6 +16,7 @@ logfilebase="${localstatedir}"
lockdir="${localstatedir}/locks"
piddir="${localstatedir}/run"
privatedir="${prefix}/private"
+winbindd_socket_dir="${localstatedir}/run/winbind_pipe"
AC_ARG_WITH(fhs,
[ --with-fhs Use FHS-compliant paths (default=no)],
@@ -27,6 +28,7 @@ AC_ARG_WITH(fhs,
libdir="${libdir}/samba"
datadir="${datadir}/samba"
includedir="${includedir}/samba-4.0"
+ winbindd_socket_dir="${localstatedir}/run/samba/winbind_pipe"
)
#################################################
@@ -46,6 +48,22 @@ AC_ARG_WITH(privatedir,
esac])
#################################################
+# set where the winbindd socket should be put
+AC_ARG_WITH(winbindd-socket-dir,
+[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)],
+[ case "$withval" in
+ yes|no)
+ #
+ # Just in case anybody calls it without argument
+ #
+ AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default])
+ ;;
+ * )
+ winbindd_socket_dir="$withval"
+ ;;
+ esac])
+
+#################################################
# set lock directory location
AC_ARG_WITH(lockdir,
[ --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)],
@@ -100,6 +118,7 @@ AC_SUBST(logfilebase)
AC_SUBST(privatedir)
AC_SUBST(bindir)
AC_SUBST(sbindir)
+AC_SUBST(winbindd_socket_dir)
#################################################
# set prefix for 'make test'
diff --git a/source4/build/smb_build/makefile.pm b/source4/build/smb_build/makefile.pm
index a7540bc9f9..4280efa949 100644
--- a/source4/build/smb_build/makefile.pm
+++ b/source4/build/smb_build/makefile.pm
@@ -84,6 +84,7 @@ LOCKDIR = $self->{config}->{lockdir}
PIDDIR = $self->{config}->{piddir}
MANDIR = $self->{config}->{mandir}
PRIVATEDIR = $self->{config}->{privatedir}
+WINBINDD_SOCKET_DIR = $self->{config}->{winbindd_socket_dir}
__EOD__
);
diff --git a/source4/dynconfig.c b/source4/dynconfig.c
index 70f17d0b48..742c96df2a 100644
--- a/source4/dynconfig.c
+++ b/source4/dynconfig.c
@@ -80,6 +80,13 @@ const char *dyn_PRIVATE_DIR = PRIVATE_DIR;
/** SWAT data file (images, etc) directory */
const char *dyn_SWATDIR = SWATDIR;
+/** SETUP files (source files used by the provision) */
const char *dyn_SETUPDIR = SETUPDIR;
+/** EJS Javascript library includes */
const char *dyn_JSDIR = JSDIR;
+
+/** Where to find the winbindd socket */
+
+const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR;
+
diff --git a/source4/include/dynconfig.h b/source4/include/dynconfig.h
index 32f5a24f80..5acf5b7338 100644
--- a/source4/include/dynconfig.h
+++ b/source4/include/dynconfig.h
@@ -40,3 +40,4 @@ extern const char *dyn_PRIVATE_DIR;
extern const char *dyn_SWATDIR;
extern const char *dyn_JSDIR;
extern const char *dyn_SETUPDIR;
+extern const char *dyn_WINBINDD_SOCKET_DIR;
diff --git a/source4/lib/util.c b/source4/lib/util.c
index ed384572fe..7d3f21c1e8 100644
--- a/source4/lib/util.c
+++ b/source4/lib/util.c
@@ -88,6 +88,49 @@ BOOL directory_exist(const char *dname)
return ret;
}
+BOOL directory_create_or_exist(const char *dname, uid_t uid,
+ mode_t dir_perms)
+{
+ mode_t old_umask;
+ struct stat st;
+
+ old_umask = umask(0);
+ if (lstat(dname, &st) == -1) {
+ if (errno == ENOENT) {
+ /* Create directory */
+ if (mkdir(dname, dir_perms) == -1) {
+ DEBUG(0, ("error creating directory "
+ "%s: %s\n", dname,
+ strerror(errno)));
+ umask(old_umask);
+ return False;
+ }
+ } else {
+ DEBUG(0, ("lstat failed on directory %s: %s\n",
+ dname, strerror(errno)));
+ umask(old_umask);
+ return False;
+ }
+ } else {
+ /* Check ownership and permission on existing directory */
+ if (!S_ISDIR(st.st_mode)) {
+ DEBUG(0, ("directory %s isn't a directory\n",
+ dname));
+ umask(old_umask);
+ return False;
+ }
+ if ((st.st_uid != uid) ||
+ ((st.st_mode & 0777) != dir_perms)) {
+ DEBUG(0, ("invalid permissions on directory "
+ "%s\n", dname));
+ umask(old_umask);
+ return False;
+ }
+ }
+ return True;
+}
+
+
/*******************************************************************
Returns the size in bytes of the named file.
********************************************************************/
diff --git a/source4/main.mk b/source4/main.mk
index 59dffb4841..d1a1c3ab2e 100644
--- a/source4/main.mk
+++ b/source4/main.mk
@@ -43,21 +43,22 @@ everything: all
showlayout:
@echo 'Samba will be installed into:'
- @echo ' basedir: $(BASEDIR)'
- @echo ' bindir: $(BINDIR)'
- @echo ' sbindir: $(SBINDIR)'
- @echo ' libdir: $(LIBDIR)'
+ @echo ' basedir: $(BASEDIR)'
+ @echo ' bindir: $(BINDIR)'
+ @echo ' sbindir: $(SBINDIR)'
+ @echo ' libdir: $(LIBDIR)'
@echo ' modulesdir: $(MODULESDIR)'
@echo ' includedir: $(INCLUDEDIR)'
- @echo ' vardir: $(VARDIR)'
+ @echo ' vardir: $(VARDIR)'
@echo ' privatedir: $(PRIVATEDIR)'
- @echo ' piddir: $(PIDDIR)'
- @echo ' lockdir: $(LOCKDIR)'
- @echo ' logfilebase: $(LOGFILEBASE)'
- @echo ' setupdir: $(SETUPDIR)'
- @echo ' jsdir: $(JSDIR)'
- @echo ' swatdir: $(SWATDIR)'
- @echo ' mandir: $(MANDIR)'
+ @echo ' piddir: $(PIDDIR)'
+ @echo ' lockdir: $(LOCKDIR)'
+ @echo ' logfilebase: $(LOGFILEBASE)'
+ @echo ' setupdir: $(SETUPDIR)'
+ @echo ' jsdir: $(JSDIR)'
+ @echo ' swatdir: $(SWATDIR)'
+ @echo ' mandir: $(MANDIR)'
+ @echo ' winbinddir: $(WINBINDDIR)'
showflags:
@echo 'Samba will be compiled with flags:'
@@ -84,7 +85,7 @@ PATH_FLAGS = -DCONFIGFILE=\"$(CONFIGFILE)\" -DSBINDIR=\"$(SBINDIR)\" \
-DCONFIGDIR=\"$(CONFIGDIR)\" -DNCALRPCDIR=\"$(NCALRPCDIR)\" \
-DSWATDIR=\"$(SWATDIR)\" -DPRIVATE_DIR=\"$(PRIVATEDIR)\" \
-DMODULESDIR=\"$(MODULESDIR)\" -DJSDIR=\"$(JSDIR)\" \
- -DSETUPDIR=\"$(SETUPDIR)\"
+ -DSETUPDIR=\"$(SETUPDIR)\" -DWINBINDD_SOCKET_DIR=\"$(WINBINDD_SOCKET_DIR)\"
install: showlayout installbin installdat installswat installmisc installlib \
installheader installpc
diff --git a/source4/nsswitch/winbindd_nss.h b/source4/nsswitch/winbindd_nss.h
index 5b96dad15f..37695c6aa6 100644
--- a/source4/nsswitch/winbindd_nss.h
+++ b/source4/nsswitch/winbindd_nss.h
@@ -27,7 +27,9 @@
#define _WINBINDD_NTDOM_H
#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
+#ifndef WINBINDD_SOCKET_DIR
#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
+#endif
#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index bd01581eae..96ba2bbc73 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -127,6 +127,7 @@ typedef struct
char **server_services;
char *ntptr_providor;
char *szWinbindSeparator;
+ char *szWinbinddSocketDirectory;
BOOL bWinbindSealedPipes;
char *swat_directory;
BOOL tls_enabled;
@@ -545,6 +546,7 @@ static struct parm_struct parm_table[] = {
{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER },
+ {"winbindd socket directory", P_STRING, P_GLOBAL, &Globals.szWinbinddSocketDirectory, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER },
{"winbind sealed pipes", P_BOOL, P_GLOBAL, &Globals.bWinbindSealedPipes, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER },
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
@@ -599,7 +601,7 @@ static void init_globals(void)
do_parameter("max connections", "-1", NULL);
do_parameter("dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup", NULL);
- do_parameter("server services", "smb rpc nbt wrepl ldap cldap web kdc", NULL);
+ do_parameter("server services", "smb rpc nbt wrepl ldap cldap web kdc winbind", NULL);
do_parameter("ntptr providor", "simple_ldb", NULL);
do_parameter("auth methods", "anonymous sam_ignoredomain", NULL);
do_parameter("private dir", dyn_PRIVATE_DIR, NULL);
@@ -670,6 +672,7 @@ static void init_globals(void)
do_parameter("winbind separator", "\\", NULL);
do_parameter("winbind sealed pipes", "True", NULL);
+ do_parameter("winbindd socket directory", dyn_WINBINDD_SOCKET_DIR, NULL);
do_parameter("client signing", "Yes", NULL);
do_parameter("server signing", "auto", NULL);
@@ -820,6 +823,7 @@ FN_GLOBAL_STRING(lp_spoolss_url, &Globals.szSPOOLSS_URL)
FN_GLOBAL_STRING(lp_wins_config_url, &Globals.szWINS_CONFIG_URL)
FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL)
FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
+FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, &Globals.szWinbinddSocketDirectory)
FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes)
FN_GLOBAL_STRING(lp_private_dir, &Globals.szPrivateDir)
FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString)
diff --git a/source4/script/tests/selftest.sh b/source4/script/tests/selftest.sh
index 67797b17f4..dc5da9b61f 100755
--- a/source4/script/tests/selftest.sh
+++ b/source4/script/tests/selftest.sh
@@ -59,6 +59,7 @@ PRIVATEDIR=$PREFIX_ABS/private
NCALRPCDIR=$PREFIX_ABS/ncalrpc
LOCKDIR=$PREFIX_ABS/lockdir
TLSDIR=$PRIVATEDIR/tls
+WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket
CONFIGURATION="--configfile=$CONFFILE"
export CONFIGURATION
export CONFFILE
@@ -109,6 +110,7 @@ cat >$CONFFILE<<EOF
lock dir = $LOCKDIR
setup directory = $SRCDIR/setup
js include = $SRCDIR/scripting/libjs
+ winbindd socket directory = $WINBINDD_SOCKET_DIR
name resolve order = bcast
interfaces = 127.0.0.1/8
tls enabled = $TLS_ENABLED
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index a08b080334..9c04558583 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -123,9 +123,11 @@ static void winbind_task_init(struct task_server *task)
return;
}
- /* Make sure the directory for NCALRPC exists */
- if (!directory_exist(WINBINDD_DIR)) {
- mkdir(WINBINDD_DIR, 0755);
+ /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
+ if (!directory_create_or_exist(lp_winbindd_socket_directory(), geteuid(), 0755)) {
+ task_server_terminate(task,
+ "Cannot create winbindd pipe directory");
+ return;
}
service = talloc_zero(task, struct wbsrv_service);
@@ -143,7 +145,9 @@ static void winbind_task_init(struct task_server *task)
/* setup the unprivileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
- listen_socket->socket_path = WINBINDD_SAMBA3_SOCKET;
+ listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
+ lp_winbindd_socket_directory(),
+ WINBINDD_SAMBA3_SOCKET);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = False;
diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h
index 15fee0853c..7906e52de6 100644
--- a/source4/winbind/wb_server.h
+++ b/source4/winbind/wb_server.h
@@ -22,12 +22,9 @@
#include "nsswitch/winbindd_nss.h"
-#define WINBINDD_DIR "/tmp/.winbindd/"
-#define WINBINDD_SOCKET WINBINDD_DIR"socket"
-/* the privileged socket is in smbd_tmp_dir() */
-#define WINBINDD_PRIVILEGED_SOCKET "winbind_socket"
-#define WINBINDD_SAMBA3_SOCKET WINBINDD_DIR"pipe"
+
+#define WINBINDD_SAMBA3_SOCKET "pipe"
/* the privileged socket is in smbd_tmp_dir() */
#define WINBINDD_SAMBA3_PRIVILEGED_SOCKET "winbind_pipe"