From 234413fbd9664dc217ed8c029be33fc7aa260d3a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 28 Jun 2008 22:02:19 +1000 Subject: Use a configure-specified directory for the winbind priv pipe This makes it easier for RPMs to specify an group for access to that directory. Andrew Bartlett (This used to be commit fa361354433fb9a5c09c84997a7c51f3052c294e) --- source4/build/m4/check_path.m4 | 39 +++++++++++++++++++++++++++++++++++++-- source4/param/loadparm.c | 4 ++++ source4/param/param.h | 1 + source4/param/param_wrap.c | 24 ++++++++++++------------ source4/winbind/wb_server.c | 14 +++++++++++--- 5 files changed, 65 insertions(+), 17 deletions(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index c0b81f1a8d..a209a4b85a 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -19,7 +19,8 @@ lockdir="${localstatedir}/locks" piddir="${localstatedir}/run" privatedir="\${prefix}/private" modulesdir="\${prefix}/modules" -winbindd_socket_dir="${localstatedir}/run/winbind_pipe" +winbindd_socket_dir="${localstatedir}/run/winbindd" +winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged" ntp_signd_socket_dir="${localstatedir}/run/ntp_signd" AC_ARG_WITH(fhs, @@ -33,7 +34,8 @@ AC_ARG_WITH(fhs, datadir="${datadir}/samba" includedir="${includedir}/samba-4.0" ntp_signd_socket_dir="${localstatedir}/run/samba/ntp_signd" - winbindd_socket_dir="${localstatedir}/run/samba/winbind_pipe" + winbindd_socket_dir="${localstatedir}/run/samba/winbindd" + winbindd_privileged_socket_dir="${localstatedir}/lib/samba/winbindd_privileged" ) ################################################# @@ -55,6 +57,38 @@ AC_ARG_WITH(privatedir, ################################################# # set where the winbindd socket should be put AC_ARG_WITH(winbindd-socket-dir, +[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($winbindd_socket_dir)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default]) + ;; + * ) + winbindd_socket_dir="$withval" + ;; + esac]) + +################################################# +# set where the winbindd privilaged socket should be put +AC_ARG_WITH(winbindd-privileged-socket-dir, +[ --with-winbindd-privileged-socket-dir=DIR Where to put the winbindd socket ($winbindd_privileged_socket_dir)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-winbind-privileged-socketdir called without argument - will use default]) + ;; + * ) + winbindd_privileged_socket_dir="$withval" + ;; + esac]) + +################################################# +# set where the winbindd privilaged socket should be put +AC_ARG_WITH(winbindd-socket-dir, [ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)], [ case "$withval" in yes|no) @@ -140,6 +174,7 @@ AC_SUBST(privatedir) AC_SUBST(bindir) AC_SUBST(sbindir) AC_SUBST(winbindd_socket_dir) +AC_SUBST(winbindd_privileged_socket_dir) AC_SUBST(ntp_signd_socket_dir) AC_SUBST(modulesdir) diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 0a7aec1985..e63a7aa8a1 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -116,6 +116,7 @@ struct loadparm_global const char **server_services; char *ntptr_providor; char *szWinbindSeparator; + char *szWinbinddPrivilegedSocketDirectory; char *szWinbinddSocketDirectory; char *szTemplateShell; char *szTemplateHomedir; @@ -485,6 +486,7 @@ static struct parm_struct parm_table[] = { {"host msdfs", P_BOOL, P_GLOBAL, GLOBAL_VAR(bHostMSDfs), NULL, NULL}, {"winbind separator", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbindSeparator), NULL, NULL }, {"winbindd socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddSocketDirectory), NULL, NULL }, + {"winbindd privileged socket directory", P_STRING, P_GLOBAL, GLOBAL_VAR(szWinbinddPrivilegedSocketDirectory), NULL, NULL }, {"winbind sealed pipes", P_BOOL, P_GLOBAL, GLOBAL_VAR(bWinbindSealedPipes), NULL, NULL }, {"template shell", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateShell), NULL, NULL }, {"template homedir", P_STRING, P_GLOBAL, GLOBAL_VAR(szTemplateHomedir), NULL, NULL }, @@ -631,6 +633,7 @@ _PUBLIC_ FN_GLOBAL_STRING(lp_wins_config_url, szWINS_CONFIG_URL) _PUBLIC_ FN_GLOBAL_STRING(lp_wins_url, szWINS_URL) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbind_separator, szWinbindSeparator) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, szWinbinddSocketDirectory) +_PUBLIC_ FN_GLOBAL_CONST_STRING(lp_winbindd_privileged_socket_directory, szWinbinddPrivilegedSocketDirectory) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_shell, szTemplateShell) _PUBLIC_ FN_GLOBAL_CONST_STRING(lp_template_homedir, szTemplateHomedir) _PUBLIC_ FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, bWinbindSealedPipes) @@ -2382,6 +2385,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lp_do_global_parameter(lp_ctx, "winbind separator", "\\"); lp_do_global_parameter(lp_ctx, "winbind sealed pipes", "True"); lp_do_global_parameter(lp_ctx, "winbindd socket directory", dyn_WINBINDD_SOCKET_DIR); + lp_do_global_parameter(lp_ctx, "winbindd privileged socket directory", dyn_WINBINDD_PRIVILEGED_SOCKET_DIR); lp_do_global_parameter(lp_ctx, "template shell", "/bin/false"); lp_do_global_parameter(lp_ctx, "template homedir", "/home/%WORKGROUP%/%ACCOUNTNAME%"); lp_do_global_parameter(lp_ctx, "idmap trusted only", "False"); diff --git a/source4/param/param.h b/source4/param/param.h index 06a42575ad..4ed2654692 100644 --- a/source4/param/param.h +++ b/source4/param/param.h @@ -91,6 +91,7 @@ const char *lp_wins_config_url(struct loadparm_context *); const char *lp_wins_url(struct loadparm_context *); const char *lp_winbind_separator(struct loadparm_context *); const char *lp_winbindd_socket_directory(struct loadparm_context *); +const char *lp_winbindd_privileged_socket_directory(struct loadparm_context *); const char *lp_template_shell(struct loadparm_context *); const char *lp_template_homedir(struct loadparm_context *); bool lp_winbind_sealed_pipes(struct loadparm_context *); diff --git a/source4/param/param_wrap.c b/source4/param/param_wrap.c index aff239312d..48fd752f0e 100644 --- a/source4/param/param_wrap.c +++ b/source4/param/param_wrap.c @@ -2479,7 +2479,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_int swig_types[2] #define SWIGTYPE_p_loadparm_context swig_types[3] #define SWIGTYPE_p_loadparm_service swig_types[4] -#define SWIGTYPE_p_long_long swig_types[5] +#define SWIGTYPE_p_long swig_types[5] #define SWIGTYPE_p_param_context swig_types[6] #define SWIGTYPE_p_param_opt swig_types[7] #define SWIGTYPE_p_param_section swig_types[8] @@ -2487,7 +2487,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_signed_char swig_types[10] #define SWIGTYPE_p_unsigned_char swig_types[11] #define SWIGTYPE_p_unsigned_int swig_types[12] -#define SWIGTYPE_p_unsigned_long_long swig_types[13] +#define SWIGTYPE_p_unsigned_long swig_types[13] #define SWIGTYPE_p_unsigned_short swig_types[14] static swig_type_info *swig_types[16]; static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0}; @@ -4250,18 +4250,18 @@ static PyMethodDef SwigMethods[] = { static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { @@ -4270,7 +4270,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_int, &_swigt__p_loadparm_context, &_swigt__p_loadparm_service, - &_swigt__p_long_long, + &_swigt__p_long, &_swigt__p_param_context, &_swigt__p_param_opt, &_swigt__p_param_section, @@ -4278,7 +4278,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_signed_char, &_swigt__p_unsigned_char, &_swigt__p_unsigned_int, - &_swigt__p_unsigned_long_long, + &_swigt__p_unsigned_long, &_swigt__p_unsigned_short, }; @@ -4287,7 +4287,7 @@ static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}}; @@ -4295,7 +4295,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { @@ -4304,7 +4304,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_int, _swigc__p_loadparm_context, _swigc__p_loadparm_service, - _swigc__p_long_long, + _swigc__p_long, _swigc__p_param_context, _swigc__p_param_opt, _swigc__p_param_section, @@ -4312,7 +4312,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_signed_char, _swigc__p_unsigned_char, _swigc__p_unsigned_int, - _swigc__p_unsigned_long_long, + _swigc__p_unsigned_long, _swigc__p_unsigned_short, }; diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c index 14d62b8568..97646f2849 100644 --- a/source4/winbind/wb_server.c +++ b/source4/winbind/wb_server.c @@ -136,6 +136,13 @@ static void winbind_task_init(struct task_server *task) return; } + /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ + if (!directory_create_or_exist(lp_winbindd_privileged_socket_directory(task->lp_ctx), geteuid(), 0750)) { + task_server_terminate(task, + "Cannot create winbindd privileged pipe directory"); + return; + } + service = talloc_zero(task, struct wbsrv_service); if (!service) goto nomem; service->task = task; @@ -175,9 +182,10 @@ static void winbind_task_init(struct task_server *task) /* setup the privileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; - listen_socket->socket_path = - smbd_tmp_path(listen_socket, task->lp_ctx, - WINBINDD_SAMBA3_PRIVILEGED_SOCKET); + listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", + lp_winbindd_privileged_socket_directory(task->lp_ctx), + WINBINDD_SAMBA3_SOCKET); + if (!listen_socket->socket_path) goto nomem; if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = true; -- cgit