diff options
| -rw-r--r-- | WHATSNEW.txt | 50 | ||||
| -rw-r--r-- | packaging/Fedora/samba4.init | 2 | ||||
| -rw-r--r-- | packaging/Fedora/samba4.spec | 8 | ||||
| -rw-r--r-- | source4/build/m4/check_path.m4 | 39 | ||||
| -rw-r--r-- | source4/dynconfig/config.mk | 4 | ||||
| -rw-r--r-- | source4/dynconfig/dynconfig.c | 3 | ||||
| -rw-r--r-- | source4/dynconfig/dynconfig.h | 1 | ||||
| -rw-r--r-- | source4/param/loadparm.c | 4 | ||||
| -rw-r--r-- | source4/param/param.h | 1 | ||||
| -rw-r--r-- | source4/param/param_wrap.c | 24 | ||||
| -rw-r--r-- | source4/selftest/target/Samba4.pm | 4 | ||||
| -rw-r--r-- | source4/winbind/wb_server.c | 14 |
12 files changed, 99 insertions, 55 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8f17e981fe..562a331b32 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,4 @@ -What's new in Samba 4 alpha4 +What's new in Samba 4 alpha5 ============================ Samba 4 is the ambitious next version of the Samba suite that is being @@ -6,13 +6,13 @@ developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above. -Samba4 alpha4 follows on from the alpha release series we have been +Samba4 alpha5 follows on from the alpha release series we have been publishing since September 2007 WARNINGS ======== -Samba4 alpha4 is not a final Samba release. That is more a reference +Samba4 alpha5 is not a final Samba release. That is more a reference to Samba4's lack of the features we expect you will need than a statement of code quality, but clearly it hasn't seen a broad deployment yet. If you were to upgrade Samba3 (or indeed Windows) to @@ -68,15 +68,18 @@ CHANGES SINCE Alpha4 In the time since Samba4 Alpha4 was released in June 2008, Samba has continued to evolve, but you may particularly notice these areas: -(TODO: update list when closer to a release) + LDAP backend support restored (issues preventing the use of the LDAP + backend in alpha4 have been addressed) - Python Bindings: Bindings for Python are now used for all internal - scripting, and the system python installation is used to run all - Samba python scripts (in place of smbpython found in the previous - alpha). + SMB2 Support: The SMB2 server, while still disabled, has improved, + and now supports SMB2 signing. - As such Python is no longer optional, and configure will generate an - error if it cannot locate an appropriate Python installation. + OpenChange support: Updates have been made since alpha4 to better + support OpenChange's use of Samba4's libraries. + + Faster ldb loading: A fix to avoid calling 'init_module' (which was + not defined by Samba modules, but was by the C library) will fix + some of the slowness in authentication. SWAT Remains Disabled: Due to a lack of developer time and without a long-term web developer to maintain it, the SWAT web UI remains been @@ -85,26 +88,6 @@ continued to evolve, but you may particularly notice these areas: GNU Make: To try and simplfy our build system, we rely on GNU Make to avoid autogenerating a massive single makefile. - Registry: Samba4's registry library has continued to improve. - - ID mapping: Samba4 uses the internal ID mapping in winbind for all - but a few core users. Samba users should not appear in /etc/passwd, - as Samba will generate new user and group IDs regradless. - - NTP: Samba4 can act as a signing server for the ntp.org NTP deamon, - allowing NTPd to reply using Microsoft's non-standard signing - scheme. A patch to make NTPd talk to Samba for this purpose has - been submitted to the ntp.org project. - - CLDAP: Users should experience less arbitary delays and more success with - group policy, domain joins and logons due to an improved - implementation of CLDAP and the 'netlogon' mailslot datagrams. - - SMB2: The Samba4 SMB2 server and testsuite have been greatly - improved, but the SMB2 server remains off by default. - - Secure DNS update: Configuration for GSS-TSIG updates of DNS records - is now generated by the provision script. These are just some of the highlights of the work done in the past few months. More details can be found in our GIT history. @@ -130,13 +113,14 @@ KNOWN ISSUES - Clock Synchronisation is critical. Many 'wrong password' errors are actually due to Kerberos objecting to a clock skew between client - and server. (The NTP work is partly to assist with this problem). + and server. (The NTP work in the previous alpha is partly to assist + with this problem). -- Samba4 alpha4 is currently only portable to recent Linux +- Samba4 alpha5 is currently only portable to recent Linux distributions. Work to return support for other Unix varients is expected during the next alpha cycle -- Samba4 alpha4 is incompatible with GnuTLS 2.0, found in Fedora 9 and +- Samba4 alpha5 is incompatible with GnuTLS 2.0, found in Fedora 9 and recent Ubuntu releases. GnuTLS use may be disabled using the --disable-gnutls argument to ./configure. (otherwise 'make test' and LDAPS operations will hang). diff --git a/packaging/Fedora/samba4.init b/packaging/Fedora/samba4.init index 1e42364452..a04cce92c5 100644 --- a/packaging/Fedora/samba4.init +++ b/packaging/Fedora/samba4.init @@ -5,7 +5,7 @@ # used to provide SMB network services. # # pidfile: /var/run/samba4/smbd.pid -# config: /etc/samba/smb.conf +# config: /etc/samba4/smb.conf SAMBA_NAME=samba4 diff --git a/packaging/Fedora/samba4.spec b/packaging/Fedora/samba4.spec index 9059f14697..ad929f1174 100644 --- a/packaging/Fedora/samba4.spec +++ b/packaging/Fedora/samba4.spec @@ -142,7 +142,7 @@ cd source --with-lockdir=/var/lib/%{name} \ --with-piddir=/var/run \ --with-privatedir=/var/lib/%{name}/private \ - --with-logfilebase=/var/log/samba \ + --with-logfilebase=/var/log/%{name} \ --with-configdir=%{_sysconfdir}/%{name} \ --with-winbindd-socket-dir=/var/run/winbind \ --with-ntp-signd-socket-dir=/var/run/ntp_signd \ @@ -260,7 +260,6 @@ exit 0 %{_datadir}/samba/setup/* %dir /var/lib/%{name}/sysvol %config(noreplace) %{_sysconfdir}/sysconfig/%{name} -%dir %{_sysconfdir}/%{name} %attr(0700,root,root) %dir /var/log/%{name} %attr(0700,root,root) %dir /var/log/%{name}/old @@ -271,6 +270,11 @@ exit 0 %{_datadir}/samba/*.dat %{_libdir}/*.so.* %{_libdir}/samba +%dir %{_sysconfdir}/%{name} +#Need to mark this as being owned by Samba, but it is normally created +#by the provision script, which runs best if there is no existing +#smb.conf +#%config(noreplace) %{_sysconfdir}/%{name}/smb.conf %files winbind %defattr(-,root,root) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index c0b81f1a8d..a209a4b85a 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -19,7 +19,8 @@ lockdir="${localstatedir}/locks" piddir="${localstatedir}/run" privatedir="\${prefix}/private" modulesdir="\${prefix}/modules" -winbindd_socket_dir="${localstatedir}/run/winbind_pipe" +winbindd_socket_dir="${localstatedir}/run/winbindd" +winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged" ntp_signd_socket_dir="${localstatedir}/run/ntp_signd" AC_ARG_WITH(fhs, @@ -33,7 +34,8 @@ AC_ARG_WITH(fhs, datadir="${datadir}/samba" includedir="${includedir}/samba-4.0" ntp_signd_socket_dir="${localstatedir}/run/samba/ntp_signd" - winbindd_socket_dir="${localstatedir}/run/samba/winbind_pipe" + winbindd_socket_dir="${localstatedir}/run/samba/winbindd" + winbindd_privileged_socket_dir="${localstatedir}/lib/samba/winbindd_privileged" ) ################################################# @@ -55,6 +57,38 @@ AC_ARG_WITH(privatedir, ################################################# # set where the winbindd socket should be put AC_ARG_WITH(winbindd-socket-dir, +[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($winbindd_socket_dir)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default]) + ;; + * ) + winbindd_socket_dir="$withval" + ;; + esac]) + +################################################# +# set where the winbindd privilaged socket should be put +AC_ARG_WITH(winbindd-privileged-socket-dir, +[ --with-winbindd-privileged-socket-dir=DIR Where to put the winbindd socket ($winbindd_privileged_socket_dir)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-winbind-privileged-socketdir called without argument - will use default]) + ;; + * ) + winbindd_privileged_socket_dir="$withval" + ;; + esac]) + +################################################# +# set where the winbindd privilaged socket should be put +AC_ARG_WITH(winbindd-socket-dir, [ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)], [ case "$withval" in yes|no) @@ -140,6 +174,7 @@ AC_SUBST(privatedir) AC_SUBST(bindir) AC_SUBST(sbindir) AC_SUBST(winbindd_socket_dir) +AC_SUBST(winbindd_privileged_socket_dir) AC_SUBST(ntp_signd_socket_dir) AC_SUBST(modulesdir) diff --git a/source4/dynconfig/config.mk b/source4/dynconfig/config.mk index a353ba1214..4956fda519 100644 --- a/source4/dynconfig/config.mk +++ b/source4/dynconfig/config.mk @@ -19,6 +19,8 @@ $(dynconfigsrcdir)/dynconfig.o: CFLAGS+=-DCONFIGFILE=\"$(CONFIGFILE)\" -DBINDIR= -DPRIVATE_DIR=\"$(privatedir)\" \ -DMODULESDIR=\"$(modulesdir)\" -DJSDIR=\"$(JSDIR)\" \ -DTORTUREDIR=\"$(TORTUREDIR)\" \ - -DSETUPDIR=\"$(SETUPDIR)\" -DWINBINDD_SOCKET_DIR=\"$(winbindd_socket_dir)\" \ + -DSETUPDIR=\"$(SETUPDIR)\" \ + -DWINBINDD_PRIVILEGED_SOCKET_DIR=\"$(winbindd_privileged_socket_dir)\" \ + -DWINBINDD_SOCKET_DIR=\"$(winbindd_socket_dir)\" \ -DNTP_SIGND_SOCKET_DIR=\"$(ntp_signd_socket_dir)\" diff --git a/source4/dynconfig/dynconfig.c b/source4/dynconfig/dynconfig.c index ef5c40d698..507570318d 100644 --- a/source4/dynconfig/dynconfig.c +++ b/source4/dynconfig/dynconfig.c @@ -85,5 +85,8 @@ _PUBLIC_ const char *dyn_JSDIR = JSDIR; /** Where to find the winbindd socket */ _PUBLIC_ const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR; +/** Where to find the winbindd privileged socket */ +_PUBLIC_ const char *dyn_WINBINDD_PRIVILEGED_SOCKET_DIR = WINBINDD_PRIVILEGED_SOCKET_DIR; + /** Where to find the NTP signing deamon socket */ _PUBLIC_ const char *dyn_NTP_SIGND_SOCKET_DIR = NTP_SIGND_SOCKET_DIR; diff --git a/source4/dynconfig/dynconfig.h b/source4/dynconfig/dynconfig.h index e77c13bab3..1bba1f07db 100644 --- a/source4/dynconfig/dynconfig.h +++ b/source4/dynconfig/dynconfig.h @@ -38,4 +38,5 @@ extern const char *dyn_SWATDIR; extern const char *dyn_JSDIR; extern const char *dyn_SETUPDIR; extern const char *dyn_WINBINDD_SOCKET_DIR; +extern const char *dyn_WINBINDD_PRIVILEGED_SOCKET_DIR; extern const char *dyn_NTP_SIGND_SOCKET_DIR; diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 0a7aec1985..e63a7aa8a1 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -116,6 +116,7 @@ struct loadparm_global const char **server_services; char *ntptr_providor; char *szWinbindSeparator; + char *szWinbinddPrivilegedSocketDirectory; char *szWinbinddSocketDirectory; char *szTemplateShell; char *szTemplateHomedir; @@ -485,6 +486,7 @@ static struct parm_struct parm_table[] = { {"host msdfs", P_BOOL, P_GLOBAL, GLOBAL_VAR(bHostMSDfs), NULL, NULL}, {"winbind separator", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbindSeparator), NULL, NULL }, {"winbindd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddSocketDirectory), NULL, NULL }, + {"winbindd privileged socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddPrivilegedSocketDirectory), NULL, NULL }, {"winbind sealed pipes", P_BOOL, P_GLOBAL, GLOBAL_VAR(bWinbindSealedPipes), NULL, NULL }, {"template shell", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateShell), NULL, NULL }, {"template homedir", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateHomedir), NULL, NULL }, @@ -631,6 +633,7 @@ _PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, szWINS_CONFIG_URL) _PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, szWINS_URL) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbind_separator, szWinbindSeparator) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, szWinbinddSocketDirectory) +_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_shell, szTemplateShell) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_homedir, szTemplateHomedir) _PUBLIC_ FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, bWinbindSealedPipes) @@ -2382,6 +2385,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lp_do_global_parameter(lp_ctx, "winbind separator", "\\"); lp_do_global_parameter(lp_ctx, "winbind sealed pipes", "True"); lp_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR); + lp_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR); lp_do_global_parameter(lp_ctx, "template shell", "/bin/false"); lp_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%"); lp_do_global_parameter(lp_ctx, "idmap trusted only", "False"); diff --git a/source4/param/param.h b/source4/param/param.h index 06a42575ad..4ed2654692 100644 --- a/source4/param/param.h +++ b/source4/param/param.h @@ -91,6 +91,7 @@ const char *lp_wins_config_url(struct loadparm_context *); const char *lp_wins_url(struct loadparm_context *); const char *lp_winbind_separator(struct loadparm_context *); const char *lp_winbindd_socket_directory(struct loadparm_context *); +const char *lp_winbindd_privileged_socket_directory(struct loadparm_context *); const char *lp_template_shell(struct loadparm_context *); const char *lp_template_homedir(struct loadparm_context *); bool lp_winbind_sealed_pipes(struct loadparm_context *); diff --git a/source4/param/param_wrap.c b/source4/param/param_wrap.c index aff239312d..48fd752f0e 100644 --- a/source4/param/param_wrap.c +++ b/source4/param/param_wrap.c @@ -2479,7 +2479,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_int swig_types[2] #define SWIGTYPE_p_loadparm_context swig_types[3] #define SWIGTYPE_p_loadparm_service swig_types[4] -#define SWIGTYPE_p_long_long swig_types[5] +#define SWIGTYPE_p_long swig_types[5] #define SWIGTYPE_p_param_context swig_types[6] #define SWIGTYPE_p_param_opt swig_types[7] #define SWIGTYPE_p_param_section swig_types[8] @@ -2487,7 +2487,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_signed_char swig_types[10] #define SWIGTYPE_p_unsigned_char swig_types[11] #define SWIGTYPE_p_unsigned_int swig_types[12] -#define SWIGTYPE_p_unsigned_long_long swig_types[13] +#define SWIGTYPE_p_unsigned_long swig_types[13] #define SWIGTYPE_p_unsigned_short swig_types[14] static swig_type_info *swig_types[16]; static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0}; @@ -4250,18 +4250,18 @@ static PyMethodDef SwigMethods[] = { static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { @@ -4270,7 +4270,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_int, &_swigt__p_loadparm_context, &_swigt__p_loadparm_service, - &_swigt__p_long_long, + &_swigt__p_long, &_swigt__p_param_context, &_swigt__p_param_opt, &_swigt__p_param_section, @@ -4278,7 +4278,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_signed_char, &_swigt__p_unsigned_char, &_swigt__p_unsigned_int, - &_swigt__p_unsigned_long_long, + &_swigt__p_unsigned_long, &_swigt__p_unsigned_short, }; @@ -4287,7 +4287,7 @@ static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}}; @@ -4295,7 +4295,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { @@ -4304,7 +4304,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_int, _swigc__p_loadparm_context, _swigc__p_loadparm_service, - _swigc__p_long_long, + _swigc__p_long, _swigc__p_param_context, _swigc__p_param_opt, _swigc__p_param_section, @@ -4312,7 +4312,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_signed_char, _swigc__p_unsigned_char, _swigc__p_unsigned_int, - _swigc__p_unsigned_long_long, + _swigc__p_unsigned_long, _swigc__p_unsigned_short, }; diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm index b3dc984593..6283a3799a 100644 --- a/source4/selftest/target/Samba4.pm +++ b/source4/selftest/target/Samba4.pm @@ -520,7 +520,8 @@ sub provision($$$$$$) my $privatedir = "$prefix_abs/private"; my $ncalrpcdir = "$prefix_abs/ncalrpc"; my $lockdir = "$prefix_abs/lockdir"; - my $winbindd_socket_dir = "$prefix_abs/winbind_socket"; + my $winbindd_socket_dir = "$prefix_abs/winbindd_socket"; + my $winbindd_privileged_socket_dir = "$prefix_abs/winbindd_privileged_socket"; my $ntp_signd_socket_dir = "$prefix_abs/ntp_signd_socket"; my $winbindd_priv_pipe_dir = "$privatedir/smbd.tmp/winbind_pipe"; my $nsswrap_passwd = "$etcdir/passwd"; @@ -557,6 +558,7 @@ sub provision($$$$$$) modules dir = $self->{bindir}/modules js include = $srcdir/scripting/libjs winbindd socket directory = $winbindd_socket_dir + winbindd privileged socket directory = $winbindd_privileged_socket_dir ntp signd socket directory = $ntp_signd_socket_dir winbind separator = / name resolve order = bcast diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c index 14d62b8568..97646f2849 100644 --- a/source4/winbind/wb_server.c +++ b/source4/winbind/wb_server.c @@ -136,6 +136,13 @@ static void winbind_task_init(struct task_server *task) return; } + /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ + if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) { + task_server_terminate(task, + "Cannot create winbindd privileged pipe directory"); + return; + } + service = talloc_zero(task, struct wbsrv_service); if (!service) goto nomem; service->task = task; @@ -175,9 +182,10 @@ static void winbind_task_init(struct task_server *task) /* setup the privileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; - listen_socket->socket_path = - smbd_tmp_path(listen_socket, task->lp_ctx, - WINBINDD_SAMBA3_PRIVILEGED_SOCKET); + listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", + lp_winbindd_privileged_socket_directory(task->lp_ctx), + WINBINDD_SAMBA3_SOCKET); + if (!listen_socket->socket_path) goto nomem; if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = true; |