summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/build/m4/check_path.m439
-rw-r--r--source4/dynconfig/config.mk4
-rw-r--r--source4/dynconfig/dynconfig.c3
-rw-r--r--source4/dynconfig/dynconfig.h1
-rw-r--r--source4/param/loadparm.c4
-rw-r--r--source4/param/param.h1
-rw-r--r--source4/param/param_wrap.c24
-rw-r--r--source4/selftest/target/Samba4.pm4
-rw-r--r--source4/winbind/wb_server.c14
9 files changed, 75 insertions, 19 deletions
diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4
index c0b81f1a8d..a209a4b85a 100644
--- a/source4/build/m4/check_path.m4
+++ b/source4/build/m4/check_path.m4
@@ -19,7 +19,8 @@ lockdir="${localstatedir}/locks"
piddir="${localstatedir}/run"
privatedir="\${prefix}/private"
modulesdir="\${prefix}/modules"
-winbindd_socket_dir="${localstatedir}/run/winbind_pipe"
+winbindd_socket_dir="${localstatedir}/run/winbindd"
+winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged"
ntp_signd_socket_dir="${localstatedir}/run/ntp_signd"
AC_ARG_WITH(fhs,
@@ -33,7 +34,8 @@ AC_ARG_WITH(fhs,
datadir="${datadir}/samba"
includedir="${includedir}/samba-4.0"
ntp_signd_socket_dir="${localstatedir}/run/samba/ntp_signd"
- winbindd_socket_dir="${localstatedir}/run/samba/winbind_pipe"
+ winbindd_socket_dir="${localstatedir}/run/samba/winbindd"
+ winbindd_privileged_socket_dir="${localstatedir}/lib/samba/winbindd_privileged"
)
#################################################
@@ -55,6 +57,38 @@ AC_ARG_WITH(privatedir,
#################################################
# set where the winbindd socket should be put
AC_ARG_WITH(winbindd-socket-dir,
+[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($winbindd_socket_dir)],
+[ case "$withval" in
+ yes|no)
+ #
+ # Just in case anybody calls it without argument
+ #
+ AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default])
+ ;;
+ * )
+ winbindd_socket_dir="$withval"
+ ;;
+ esac])
+
+#################################################
+# set where the winbindd privilaged socket should be put
+AC_ARG_WITH(winbindd-privileged-socket-dir,
+[ --with-winbindd-privileged-socket-dir=DIR Where to put the winbindd socket ($winbindd_privileged_socket_dir)],
+[ case "$withval" in
+ yes|no)
+ #
+ # Just in case anybody calls it without argument
+ #
+ AC_MSG_WARN([--with-winbind-privileged-socketdir called without argument - will use default])
+ ;;
+ * )
+ winbindd_privileged_socket_dir="$withval"
+ ;;
+ esac])
+
+#################################################
+# set where the winbindd privilaged socket should be put
+AC_ARG_WITH(winbindd-socket-dir,
[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)],
[ case "$withval" in
yes|no)
@@ -140,6 +174,7 @@ AC_SUBST(privatedir)
AC_SUBST(bindir)
AC_SUBST(sbindir)
AC_SUBST(winbindd_socket_dir)
+AC_SUBST(winbindd_privileged_socket_dir)
AC_SUBST(ntp_signd_socket_dir)
AC_SUBST(modulesdir)
diff --git a/source4/dynconfig/config.mk b/source4/dynconfig/config.mk
index a353ba1214..4956fda519 100644
--- a/source4/dynconfig/config.mk
+++ b/source4/dynconfig/config.mk
@@ -19,6 +19,8 @@ $(dynconfigsrcdir)/dynconfig.o: CFLAGS+=-DCONFIGFILE=\"$(CONFIGFILE)\" -DBINDIR=
-DPRIVATE_DIR=\"$(privatedir)\" \
-DMODULESDIR=\"$(modulesdir)\" -DJSDIR=\"$(JSDIR)\" \
-DTORTUREDIR=\"$(TORTUREDIR)\" \
- -DSETUPDIR=\"$(SETUPDIR)\" -DWINBINDD_SOCKET_DIR=\"$(winbindd_socket_dir)\" \
+ -DSETUPDIR=\"$(SETUPDIR)\" \
+ -DWINBINDD_PRIVILEGED_SOCKET_DIR=\"$(winbindd_privileged_socket_dir)\" \
+ -DWINBINDD_SOCKET_DIR=\"$(winbindd_socket_dir)\" \
-DNTP_SIGND_SOCKET_DIR=\"$(ntp_signd_socket_dir)\"
diff --git a/source4/dynconfig/dynconfig.c b/source4/dynconfig/dynconfig.c
index ef5c40d698..507570318d 100644
--- a/source4/dynconfig/dynconfig.c
+++ b/source4/dynconfig/dynconfig.c
@@ -85,5 +85,8 @@ _PUBLIC_ const char *dyn_JSDIR = JSDIR;
/** Where to find the winbindd socket */
_PUBLIC_ const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR;
+/** Where to find the winbindd privileged socket */
+_PUBLIC_ const char *dyn_WINBINDD_PRIVILEGED_SOCKET_DIR = WINBINDD_PRIVILEGED_SOCKET_DIR;
+
/** Where to find the NTP signing deamon socket */
_PUBLIC_ const char *dyn_NTP_SIGND_SOCKET_DIR = NTP_SIGND_SOCKET_DIR;
diff --git a/source4/dynconfig/dynconfig.h b/source4/dynconfig/dynconfig.h
index e77c13bab3..1bba1f07db 100644
--- a/source4/dynconfig/dynconfig.h
+++ b/source4/dynconfig/dynconfig.h
@@ -38,4 +38,5 @@ extern const char *dyn_SWATDIR;
extern const char *dyn_JSDIR;
extern const char *dyn_SETUPDIR;
extern const char *dyn_WINBINDD_SOCKET_DIR;
+extern const char *dyn_WINBINDD_PRIVILEGED_SOCKET_DIR;
extern const char *dyn_NTP_SIGND_SOCKET_DIR;
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 0a7aec1985..e63a7aa8a1 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -116,6 +116,7 @@ struct loadparm_global
const char **server_services;
char *ntptr_providor;
char *szWinbindSeparator;
+ char *szWinbinddPrivilegedSocketDirectory;
char *szWinbinddSocketDirectory;
char *szTemplateShell;
char *szTemplateHomedir;
@@ -485,6 +486,7 @@ static struct parm_struct parm_table[] = {
{"host msdfs", P_BOOL, P_GLOBAL, GLOBAL_VAR(bHostMSDfs), NULL, NULL},
{"winbind separator", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbindSeparator), NULL, NULL },
{"winbindd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddSocketDirectory), NULL, NULL },
+ {"winbindd privileged socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddPrivilegedSocketDirectory), NULL, NULL },
{"winbind sealed pipes", P_BOOL, P_GLOBAL, GLOBAL_VAR(bWinbindSealedPipes), NULL, NULL },
{"template shell", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateShell), NULL, NULL },
{"template homedir", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateHomedir), NULL, NULL },
@@ -631,6 +633,7 @@ _PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, szWINS_CONFIG_URL)
_PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, szWINS_URL)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbind_separator, szWinbindSeparator)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, szWinbinddSocketDirectory)
+_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_shell, szTemplateShell)
_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_homedir, szTemplateHomedir)
_PUBLIC_ FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, bWinbindSealedPipes)
@@ -2382,6 +2385,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lp_do_global_parameter(lp_ctx, "winbind separator", "\\");
lp_do_global_parameter(lp_ctx, "winbind sealed pipes", "True");
lp_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR);
+ lp_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR);
lp_do_global_parameter(lp_ctx, "template shell", "/bin/false");
lp_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%");
lp_do_global_parameter(lp_ctx, "idmap trusted only", "False");
diff --git a/source4/param/param.h b/source4/param/param.h
index 06a42575ad..4ed2654692 100644
--- a/source4/param/param.h
+++ b/source4/param/param.h
@@ -91,6 +91,7 @@ const char *lp_wins_config_url(struct loadparm_context *);
const char *lp_wins_url(struct loadparm_context *);
const char *lp_winbind_separator(struct loadparm_context *);
const char *lp_winbindd_socket_directory(struct loadparm_context *);
+const char *lp_winbindd_privileged_socket_directory(struct loadparm_context *);
const char *lp_template_shell(struct loadparm_context *);
const char *lp_template_homedir(struct loadparm_context *);
bool lp_winbind_sealed_pipes(struct loadparm_context *);
diff --git a/source4/param/param_wrap.c b/source4/param/param_wrap.c
index aff239312d..48fd752f0e 100644
--- a/source4/param/param_wrap.c
+++ b/source4/param/param_wrap.c
@@ -2479,7 +2479,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_int swig_types[2]
#define SWIGTYPE_p_loadparm_context swig_types[3]
#define SWIGTYPE_p_loadparm_service swig_types[4]
-#define SWIGTYPE_p_long_long swig_types[5]
+#define SWIGTYPE_p_long swig_types[5]
#define SWIGTYPE_p_param_context swig_types[6]
#define SWIGTYPE_p_param_opt swig_types[7]
#define SWIGTYPE_p_param_section swig_types[8]
@@ -2487,7 +2487,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_signed_char swig_types[10]
#define SWIGTYPE_p_unsigned_char swig_types[11]
#define SWIGTYPE_p_unsigned_int swig_types[12]
-#define SWIGTYPE_p_unsigned_long_long swig_types[13]
+#define SWIGTYPE_p_unsigned_long swig_types[13]
#define SWIGTYPE_p_unsigned_short swig_types[14]
static swig_type_info *swig_types[16];
static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0};
@@ -4250,18 +4250,18 @@ static PyMethodDef SwigMethods[] = {
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
@@ -4270,7 +4270,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_int,
&_swigt__p_loadparm_context,
&_swigt__p_loadparm_service,
- &_swigt__p_long_long,
+ &_swigt__p_long,
&_swigt__p_param_context,
&_swigt__p_param_opt,
&_swigt__p_param_section,
@@ -4278,7 +4278,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_signed_char,
&_swigt__p_unsigned_char,
&_swigt__p_unsigned_int,
- &_swigt__p_unsigned_long_long,
+ &_swigt__p_unsigned_long,
&_swigt__p_unsigned_short,
};
@@ -4287,7 +4287,7 @@ static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0,
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -4295,7 +4295,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0,
static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info *swig_cast_initial[] = {
@@ -4304,7 +4304,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_int,
_swigc__p_loadparm_context,
_swigc__p_loadparm_service,
- _swigc__p_long_long,
+ _swigc__p_long,
_swigc__p_param_context,
_swigc__p_param_opt,
_swigc__p_param_section,
@@ -4312,7 +4312,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_signed_char,
_swigc__p_unsigned_char,
_swigc__p_unsigned_int,
- _swigc__p_unsigned_long_long,
+ _swigc__p_unsigned_long,
_swigc__p_unsigned_short,
};
diff --git a/source4/selftest/target/Samba4.pm b/source4/selftest/target/Samba4.pm
index b3dc984593..6283a3799a 100644
--- a/source4/selftest/target/Samba4.pm
+++ b/source4/selftest/target/Samba4.pm
@@ -520,7 +520,8 @@ sub provision($$$$$$)
my $privatedir = "$prefix_abs/private";
my $ncalrpcdir = "$prefix_abs/ncalrpc";
my $lockdir = "$prefix_abs/lockdir";
- my $winbindd_socket_dir = "$prefix_abs/winbind_socket";
+ my $winbindd_socket_dir = "$prefix_abs/winbindd_socket";
+ my $winbindd_privileged_socket_dir = "$prefix_abs/winbindd_privileged_socket";
my $ntp_signd_socket_dir = "$prefix_abs/ntp_signd_socket";
my $winbindd_priv_pipe_dir = "$privatedir/smbd.tmp/winbind_pipe";
my $nsswrap_passwd = "$etcdir/passwd";
@@ -557,6 +558,7 @@ sub provision($$$$$$)
modules dir = $self->{bindir}/modules
js include = $srcdir/scripting/libjs
winbindd socket directory = $winbindd_socket_dir
+ winbindd privileged socket directory = $winbindd_privileged_socket_dir
ntp signd socket directory = $ntp_signd_socket_dir
winbind separator = /
name resolve order = bcast
diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c
index 14d62b8568..97646f2849 100644
--- a/source4/winbind/wb_server.c
+++ b/source4/winbind/wb_server.c
@@ -136,6 +136,13 @@ static void winbind_task_init(struct task_server *task)
return;
}
+ /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
+ if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) {
+ task_server_terminate(task,
+ "Cannot create winbindd privileged pipe directory");
+ return;
+ }
+
service = talloc_zero(task, struct wbsrv_service);
if (!service) goto nomem;
service->task = task;
@@ -175,9 +182,10 @@ static void winbind_task_init(struct task_server *task)
/* setup the privileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
- listen_socket->socket_path =
- smbd_tmp_path(listen_socket, task->lp_ctx,
- WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
+ listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
+ lp_winbindd_privileged_socket_directory(task->lp_ctx),
+ WINBINDD_SAMBA3_SOCKET);
+ if (!listen_socket->socket_path) goto nomem;
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = true;