diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-01-31 00:48:57 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:51:37 -0500 |
commit | b70009649a23ee8f0e88c1b9935e739537f4a960 (patch) | |
tree | e720a3d9862dea024fbce7b28f4a2873ab2530ce /source4 | |
parent | b98a5bf92222e37eb62422f65ecc048511a8f256 (diff) | |
download | samba-b70009649a23ee8f0e88c1b9935e739537f4a960.tar.gz samba-b70009649a23ee8f0e88c1b9935e739537f4a960.tar.xz samba-b70009649a23ee8f0e88c1b9935e739537f4a960.zip |
r13244: Allow control of the location of the Samba3-compatible winbindd pipe
in Samba4. This allows us to start winbindd by default, including in
'make test'.
This is via a new 'winbindd socket directory' parameter for utilities
linked against loadparm, as well as a --with-winbindd-socket-dir
option to configure (setting the default and the value for simple
clients).
I hope to add basic winbindd tests, to ensure continued correct
operation, but at least now I don't have to manually change my 'server
services' line.
The other problem with the hard-coded /tmp/.winbind is that RedHat has
moved this in Fedora (to /var/run I think). For this reason, this
functionality should probably be ported to Samba3 as well.
The default for Samba4 is PREFIX/var/run/winbind_pipe.
I have also re-added the paranoia checks from Samba3 for correct
permissions on the socket directory.
Andrew Bartlett
(This used to be commit 8866aa06ffc3896094c878e9c07b40c03826d9a7)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/build/m4/check_path.m4 | 19 | ||||
-rw-r--r-- | source4/build/smb_build/makefile.pm | 1 | ||||
-rw-r--r-- | source4/dynconfig.c | 7 | ||||
-rw-r--r-- | source4/include/dynconfig.h | 1 | ||||
-rw-r--r-- | source4/lib/util.c | 43 | ||||
-rw-r--r-- | source4/main.mk | 27 | ||||
-rw-r--r-- | source4/nsswitch/winbindd_nss.h | 2 | ||||
-rw-r--r-- | source4/param/loadparm.c | 6 | ||||
-rwxr-xr-x | source4/script/tests/selftest.sh | 2 | ||||
-rw-r--r-- | source4/winbind/wb_server.c | 12 | ||||
-rw-r--r-- | source4/winbind/wb_server.h | 7 |
11 files changed, 104 insertions, 23 deletions
diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 293aac2427f..2f5f793a1da 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -16,6 +16,7 @@ logfilebase="${localstatedir}" lockdir="${localstatedir}/locks" piddir="${localstatedir}/run" privatedir="${prefix}/private" +winbindd_socket_dir="${localstatedir}/run/winbind_pipe" AC_ARG_WITH(fhs, [ --with-fhs Use FHS-compliant paths (default=no)], @@ -27,6 +28,7 @@ AC_ARG_WITH(fhs, libdir="${libdir}/samba" datadir="${datadir}/samba" includedir="${includedir}/samba-4.0" + winbindd_socket_dir="${localstatedir}/run/samba/winbind_pipe" ) ################################################# @@ -46,6 +48,22 @@ AC_ARG_WITH(privatedir, esac]) ################################################# +# set where the winbindd socket should be put +AC_ARG_WITH(winbindd-socket-dir, +[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default]) + ;; + * ) + winbindd_socket_dir="$withval" + ;; + esac]) + +################################################# # set lock directory location AC_ARG_WITH(lockdir, [ --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)], @@ -100,6 +118,7 @@ AC_SUBST(logfilebase) AC_SUBST(privatedir) AC_SUBST(bindir) AC_SUBST(sbindir) +AC_SUBST(winbindd_socket_dir) ################################################# # set prefix for 'make test' diff --git a/source4/build/smb_build/makefile.pm b/source4/build/smb_build/makefile.pm index a7540bc9f9a..4280efa9495 100644 --- a/source4/build/smb_build/makefile.pm +++ b/source4/build/smb_build/makefile.pm @@ -84,6 +84,7 @@ LOCKDIR = $self->{config}->{lockdir} PIDDIR = $self->{config}->{piddir} MANDIR = $self->{config}->{mandir} PRIVATEDIR = $self->{config}->{privatedir} +WINBINDD_SOCKET_DIR = $self->{config}->{winbindd_socket_dir} __EOD__ ); diff --git a/source4/dynconfig.c b/source4/dynconfig.c index 70f17d0b483..742c96df2a2 100644 --- a/source4/dynconfig.c +++ b/source4/dynconfig.c @@ -80,6 +80,13 @@ const char *dyn_PRIVATE_DIR = PRIVATE_DIR; /** SWAT data file (images, etc) directory */ const char *dyn_SWATDIR = SWATDIR; +/** SETUP files (source files used by the provision) */ const char *dyn_SETUPDIR = SETUPDIR; +/** EJS Javascript library includes */ const char *dyn_JSDIR = JSDIR; + +/** Where to find the winbindd socket */ + +const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR; + diff --git a/source4/include/dynconfig.h b/source4/include/dynconfig.h index 32f5a24f805..5acf5b7338a 100644 --- a/source4/include/dynconfig.h +++ b/source4/include/dynconfig.h @@ -40,3 +40,4 @@ extern const char *dyn_PRIVATE_DIR; extern const char *dyn_SWATDIR; extern const char *dyn_JSDIR; extern const char *dyn_SETUPDIR; +extern const char *dyn_WINBINDD_SOCKET_DIR; diff --git a/source4/lib/util.c b/source4/lib/util.c index ed384572fe6..7d3f21c1e8b 100644 --- a/source4/lib/util.c +++ b/source4/lib/util.c @@ -88,6 +88,49 @@ BOOL directory_exist(const char *dname) return ret; } +BOOL directory_create_or_exist(const char *dname, uid_t uid, + mode_t dir_perms) +{ + mode_t old_umask; + struct stat st; + + old_umask = umask(0); + if (lstat(dname, &st) == -1) { + if (errno == ENOENT) { + /* Create directory */ + if (mkdir(dname, dir_perms) == -1) { + DEBUG(0, ("error creating directory " + "%s: %s\n", dname, + strerror(errno))); + umask(old_umask); + return False; + } + } else { + DEBUG(0, ("lstat failed on directory %s: %s\n", + dname, strerror(errno))); + umask(old_umask); + return False; + } + } else { + /* Check ownership and permission on existing directory */ + if (!S_ISDIR(st.st_mode)) { + DEBUG(0, ("directory %s isn't a directory\n", + dname)); + umask(old_umask); + return False; + } + if ((st.st_uid != uid) || + ((st.st_mode & 0777) != dir_perms)) { + DEBUG(0, ("invalid permissions on directory " + "%s\n", dname)); + umask(old_umask); + return False; + } + } + return True; +} + + /******************************************************************* Returns the size in bytes of the named file. ********************************************************************/ diff --git a/source4/main.mk b/source4/main.mk index 59dffb4841f..d1a1c3ab2e9 100644 --- a/source4/main.mk +++ b/source4/main.mk @@ -43,21 +43,22 @@ everything: all showlayout: @echo 'Samba will be installed into:' - @echo ' basedir: $(BASEDIR)' - @echo ' bindir: $(BINDIR)' - @echo ' sbindir: $(SBINDIR)' - @echo ' libdir: $(LIBDIR)' + @echo ' basedir: $(BASEDIR)' + @echo ' bindir: $(BINDIR)' + @echo ' sbindir: $(SBINDIR)' + @echo ' libdir: $(LIBDIR)' @echo ' modulesdir: $(MODULESDIR)' @echo ' includedir: $(INCLUDEDIR)' - @echo ' vardir: $(VARDIR)' + @echo ' vardir: $(VARDIR)' @echo ' privatedir: $(PRIVATEDIR)' - @echo ' piddir: $(PIDDIR)' - @echo ' lockdir: $(LOCKDIR)' - @echo ' logfilebase: $(LOGFILEBASE)' - @echo ' setupdir: $(SETUPDIR)' - @echo ' jsdir: $(JSDIR)' - @echo ' swatdir: $(SWATDIR)' - @echo ' mandir: $(MANDIR)' + @echo ' piddir: $(PIDDIR)' + @echo ' lockdir: $(LOCKDIR)' + @echo ' logfilebase: $(LOGFILEBASE)' + @echo ' setupdir: $(SETUPDIR)' + @echo ' jsdir: $(JSDIR)' + @echo ' swatdir: $(SWATDIR)' + @echo ' mandir: $(MANDIR)' + @echo ' winbinddir: $(WINBINDDIR)' showflags: @echo 'Samba will be compiled with flags:' @@ -84,7 +85,7 @@ PATH_FLAGS = -DCONFIGFILE=\"$(CONFIGFILE)\" -DSBINDIR=\"$(SBINDIR)\" \ -DCONFIGDIR=\"$(CONFIGDIR)\" -DNCALRPCDIR=\"$(NCALRPCDIR)\" \ -DSWATDIR=\"$(SWATDIR)\" -DPRIVATE_DIR=\"$(PRIVATEDIR)\" \ -DMODULESDIR=\"$(MODULESDIR)\" -DJSDIR=\"$(JSDIR)\" \ - -DSETUPDIR=\"$(SETUPDIR)\" + -DSETUPDIR=\"$(SETUPDIR)\" -DWINBINDD_SOCKET_DIR=\"$(WINBINDD_SOCKET_DIR)\" install: showlayout installbin installdat installswat installmisc installlib \ installheader installpc diff --git a/source4/nsswitch/winbindd_nss.h b/source4/nsswitch/winbindd_nss.h index 5b96dad15f4..37695c6aa6b 100644 --- a/source4/nsswitch/winbindd_nss.h +++ b/source4/nsswitch/winbindd_nss.h @@ -27,7 +27,9 @@ #define _WINBINDD_NTDOM_H #define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */ +#ifndef WINBINDD_SOCKET_DIR #define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */ +#endif #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */ #define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */ #define WINBINDD_DONT_ENV "_NO_WINBINDD" diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index bd01581eae2..96ba2bbc736 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -127,6 +127,7 @@ typedef struct char **server_services; char *ntptr_providor; char *szWinbindSeparator; + char *szWinbinddSocketDirectory; BOOL bWinbindSealedPipes; char *swat_directory; BOOL tls_enabled; @@ -545,6 +546,7 @@ static struct parm_struct parm_table[] = { {"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE}, {"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER}, {"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER }, + {"winbindd socket directory", P_STRING, P_GLOBAL, &Globals.szWinbinddSocketDirectory, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER }, {"winbind sealed pipes", P_BOOL, P_GLOBAL, &Globals.bWinbindSealedPipes, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER }, {NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0} @@ -599,7 +601,7 @@ static void init_globals(void) do_parameter("max connections", "-1", NULL); do_parameter("dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup", NULL); - do_parameter("server services", "smb rpc nbt wrepl ldap cldap web kdc", NULL); + do_parameter("server services", "smb rpc nbt wrepl ldap cldap web kdc winbind", NULL); do_parameter("ntptr providor", "simple_ldb", NULL); do_parameter("auth methods", "anonymous sam_ignoredomain", NULL); do_parameter("private dir", dyn_PRIVATE_DIR, NULL); @@ -670,6 +672,7 @@ static void init_globals(void) do_parameter("winbind separator", "\\", NULL); do_parameter("winbind sealed pipes", "True", NULL); + do_parameter("winbindd socket directory", dyn_WINBINDD_SOCKET_DIR, NULL); do_parameter("client signing", "Yes", NULL); do_parameter("server signing", "auto", NULL); @@ -820,6 +823,7 @@ FN_GLOBAL_STRING(lp_spoolss_url, &Globals.szSPOOLSS_URL) FN_GLOBAL_STRING(lp_wins_config_url, &Globals.szWINS_CONFIG_URL) FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL) FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator) +FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, &Globals.szWinbinddSocketDirectory) FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes) FN_GLOBAL_STRING(lp_private_dir, &Globals.szPrivateDir) FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString) diff --git a/source4/script/tests/selftest.sh b/source4/script/tests/selftest.sh index 67797b17f42..dc5da9b61f5 100755 --- a/source4/script/tests/selftest.sh +++ b/source4/script/tests/selftest.sh @@ -59,6 +59,7 @@ PRIVATEDIR=$PREFIX_ABS/private NCALRPCDIR=$PREFIX_ABS/ncalrpc LOCKDIR=$PREFIX_ABS/lockdir TLSDIR=$PRIVATEDIR/tls +WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket CONFIGURATION="--configfile=$CONFFILE" export CONFIGURATION export CONFFILE @@ -109,6 +110,7 @@ cat >$CONFFILE<<EOF lock dir = $LOCKDIR setup directory = $SRCDIR/setup js include = $SRCDIR/scripting/libjs + winbindd socket directory = $WINBINDD_SOCKET_DIR name resolve order = bcast interfaces = 127.0.0.1/8 tls enabled = $TLS_ENABLED diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c index a08b0803342..9c045585832 100644 --- a/source4/winbind/wb_server.c +++ b/source4/winbind/wb_server.c @@ -123,9 +123,11 @@ static void winbind_task_init(struct task_server *task) return; } - /* Make sure the directory for NCALRPC exists */ - if (!directory_exist(WINBINDD_DIR)) { - mkdir(WINBINDD_DIR, 0755); + /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */ + if (!directory_create_or_exist(lp_winbindd_socket_directory(), geteuid(), 0755)) { + task_server_terminate(task, + "Cannot create winbindd pipe directory"); + return; } service = talloc_zero(task, struct wbsrv_service); @@ -143,7 +145,9 @@ static void winbind_task_init(struct task_server *task) /* setup the unprivileged samba3 socket */ listen_socket = talloc(service, struct wbsrv_listen_socket); if (!listen_socket) goto nomem; - listen_socket->socket_path = WINBINDD_SAMBA3_SOCKET; + listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s", + lp_winbindd_socket_directory(), + WINBINDD_SAMBA3_SOCKET); if (!listen_socket->socket_path) goto nomem; listen_socket->service = service; listen_socket->privileged = False; diff --git a/source4/winbind/wb_server.h b/source4/winbind/wb_server.h index 15fee0853ca..7906e52de69 100644 --- a/source4/winbind/wb_server.h +++ b/source4/winbind/wb_server.h @@ -22,12 +22,9 @@ #include "nsswitch/winbindd_nss.h" -#define WINBINDD_DIR "/tmp/.winbindd/" -#define WINBINDD_SOCKET WINBINDD_DIR"socket" -/* the privileged socket is in smbd_tmp_dir() */ -#define WINBINDD_PRIVILEGED_SOCKET "winbind_socket" -#define WINBINDD_SAMBA3_SOCKET WINBINDD_DIR"pipe" + +#define WINBINDD_SAMBA3_SOCKET "pipe" /* the privileged socket is in smbd_tmp_dir() */ #define WINBINDD_SAMBA3_PRIVILEGED_SOCKET "winbind_pipe" |