lockdir="${localstatedir}/locks"
piddir="${localstatedir}/run"
privatedir="${prefix}/private"
+winbindd_socket_dir="${localstatedir}/run/winbind_pipe"
AC_ARG_WITH(fhs,
[ --with-fhs Use FHS-compliant paths (default=no)],
libdir="${libdir}/samba"
datadir="${datadir}/samba"
includedir="${includedir}/samba-4.0"
+ winbindd_socket_dir="${localstatedir}/run/samba/winbind_pipe"
)
#################################################
;;
esac])
+#################################################
+# set where the winbindd socket should be put
+AC_ARG_WITH(winbindd-socket-dir,
+[ --with-winbindd-socket-dir=DIR Where to put the winbindd socket ($ac_default_prefix/run/winbind_pipe)],
+[ case "$withval" in
+ yes|no)
+ #
+ # Just in case anybody calls it without argument
+ #
+ AC_MSG_WARN([--with-winbind-socketdir called without argument - will use default])
+ ;;
+ * )
+ winbindd_socket_dir="$withval"
+ ;;
+ esac])
+
#################################################
# set lock directory location
AC_ARG_WITH(lockdir,
AC_SUBST(privatedir)
AC_SUBST(bindir)
AC_SUBST(sbindir)
+AC_SUBST(winbindd_socket_dir)
#################################################
# set prefix for 'make test'
PIDDIR = $self->{config}->{piddir}
MANDIR = $self->{config}->{mandir}
PRIVATEDIR = $self->{config}->{privatedir}
+WINBINDD_SOCKET_DIR = $self->{config}->{winbindd_socket_dir}
__EOD__
);
/** SWAT data file (images, etc) directory */
const char *dyn_SWATDIR = SWATDIR;
+/** SETUP files (source files used by the provision) */
const char *dyn_SETUPDIR = SETUPDIR;
+/** EJS Javascript library includes */
const char *dyn_JSDIR = JSDIR;
+
+/** Where to find the winbindd socket */
+
+const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR;
+
extern const char *dyn_SWATDIR;
extern const char *dyn_JSDIR;
extern const char *dyn_SETUPDIR;
+extern const char *dyn_WINBINDD_SOCKET_DIR;
return ret;
}
+BOOL directory_create_or_exist(const char *dname, uid_t uid,
+ mode_t dir_perms)
+{
+ mode_t old_umask;
+ struct stat st;
+
+ old_umask = umask(0);
+ if (lstat(dname, &st) == -1) {
+ if (errno == ENOENT) {
+ /* Create directory */
+ if (mkdir(dname, dir_perms) == -1) {
+ DEBUG(0, ("error creating directory "
+ "%s: %s\n", dname,
+ strerror(errno)));
+ umask(old_umask);
+ return False;
+ }
+ } else {
+ DEBUG(0, ("lstat failed on directory %s: %s\n",
+ dname, strerror(errno)));
+ umask(old_umask);
+ return False;
+ }
+ } else {
+ /* Check ownership and permission on existing directory */
+ if (!S_ISDIR(st.st_mode)) {
+ DEBUG(0, ("directory %s isn't a directory\n",
+ dname));
+ umask(old_umask);
+ return False;
+ }
+ if ((st.st_uid != uid) ||
+ ((st.st_mode & 0777) != dir_perms)) {
+ DEBUG(0, ("invalid permissions on directory "
+ "%s\n", dname));
+ umask(old_umask);
+ return False;
+ }
+ }
+ return True;
+}
+
+
/*******************************************************************
Returns the size in bytes of the named file.
********************************************************************/
showlayout:
@echo 'Samba will be installed into:'
- @echo ' basedir: $(BASEDIR)'
- @echo ' bindir: $(BINDIR)'
- @echo ' sbindir: $(SBINDIR)'
- @echo ' libdir: $(LIBDIR)'
+ @echo ' basedir: $(BASEDIR)'
+ @echo ' bindir: $(BINDIR)'
+ @echo ' sbindir: $(SBINDIR)'
+ @echo ' libdir: $(LIBDIR)'
@echo ' modulesdir: $(MODULESDIR)'
@echo ' includedir: $(INCLUDEDIR)'
- @echo ' vardir: $(VARDIR)'
+ @echo ' vardir: $(VARDIR)'
@echo ' privatedir: $(PRIVATEDIR)'
- @echo ' piddir: $(PIDDIR)'
- @echo ' lockdir: $(LOCKDIR)'
- @echo ' logfilebase: $(LOGFILEBASE)'
- @echo ' setupdir: $(SETUPDIR)'
- @echo ' jsdir: $(JSDIR)'
- @echo ' swatdir: $(SWATDIR)'
- @echo ' mandir: $(MANDIR)'
+ @echo ' piddir: $(PIDDIR)'
+ @echo ' lockdir: $(LOCKDIR)'
+ @echo ' logfilebase: $(LOGFILEBASE)'
+ @echo ' setupdir: $(SETUPDIR)'
+ @echo ' jsdir: $(JSDIR)'
+ @echo ' swatdir: $(SWATDIR)'
+ @echo ' mandir: $(MANDIR)'
+ @echo ' winbinddir: $(WINBINDDIR)'
showflags:
@echo 'Samba will be compiled with flags:'
-DCONFIGDIR=\"$(CONFIGDIR)\" -DNCALRPCDIR=\"$(NCALRPCDIR)\" \
-DSWATDIR=\"$(SWATDIR)\" -DPRIVATE_DIR=\"$(PRIVATEDIR)\" \
-DMODULESDIR=\"$(MODULESDIR)\" -DJSDIR=\"$(JSDIR)\" \
- -DSETUPDIR=\"$(SETUPDIR)\"
+ -DSETUPDIR=\"$(SETUPDIR)\" -DWINBINDD_SOCKET_DIR=\"$(WINBINDD_SOCKET_DIR)\"
install: showlayout installbin installdat installswat installmisc installlib \
installheader installpc
#define _WINBINDD_NTDOM_H
#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
+#ifndef WINBINDD_SOCKET_DIR
#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
+#endif
#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
char **server_services;
char *ntptr_providor;
char *szWinbindSeparator;
+ char *szWinbinddSocketDirectory;
BOOL bWinbindSealedPipes;
char *swat_directory;
BOOL tls_enabled;
{"msdfs root", P_BOOL, P_LOCAL, &sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE},
{"host msdfs", P_BOOL, P_GLOBAL, &Globals.bHostMSDfs, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER},
{"winbind separator", P_STRING, P_GLOBAL, &Globals.szWinbindSeparator, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER },
+ {"winbindd socket directory", P_STRING, P_GLOBAL, &Globals.szWinbinddSocketDirectory, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER },
{"winbind sealed pipes", P_BOOL, P_GLOBAL, &Globals.bWinbindSealedPipes, NULL, NULL, FLAG_ADVANCED | FLAG_DEVELOPER },
{NULL, P_BOOL, P_NONE, NULL, NULL, NULL, 0}
do_parameter("max connections", "-1", NULL);
do_parameter("dcerpc endpoint servers", "epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup", NULL);
- do_parameter("server services", "smb rpc nbt wrepl ldap cldap web kdc", NULL);
+ do_parameter("server services", "smb rpc nbt wrepl ldap cldap web kdc winbind", NULL);
do_parameter("ntptr providor", "simple_ldb", NULL);
do_parameter("auth methods", "anonymous sam_ignoredomain", NULL);
do_parameter("private dir", dyn_PRIVATE_DIR, NULL);
do_parameter("winbind separator", "\\", NULL);
do_parameter("winbind sealed pipes", "True", NULL);
+ do_parameter("winbindd socket directory", dyn_WINBINDD_SOCKET_DIR, NULL);
do_parameter("client signing", "Yes", NULL);
do_parameter("server signing", "auto", NULL);
FN_GLOBAL_STRING(lp_wins_config_url, &Globals.szWINS_CONFIG_URL)
FN_GLOBAL_STRING(lp_wins_url, &Globals.szWINS_URL)
FN_GLOBAL_CONST_STRING(lp_winbind_separator, &Globals.szWinbindSeparator)
+FN_GLOBAL_CONST_STRING(lp_winbindd_socket_directory, &Globals.szWinbinddSocketDirectory)
FN_GLOBAL_BOOL(lp_winbind_sealed_pipes, &Globals.bWinbindSealedPipes)
FN_GLOBAL_STRING(lp_private_dir, &Globals.szPrivateDir)
FN_GLOBAL_STRING(lp_serverstring, &Globals.szServerString)
NCALRPCDIR=$PREFIX_ABS/ncalrpc
LOCKDIR=$PREFIX_ABS/lockdir
TLSDIR=$PRIVATEDIR/tls
+WINBINDD_SOCKET_DIR=$PREFIX_ABS/winbind_socket
CONFIGURATION="--configfile=$CONFFILE"
export CONFIGURATION
export CONFFILE
lock dir = $LOCKDIR
setup directory = $SRCDIR/setup
js include = $SRCDIR/scripting/libjs
+ winbindd socket directory = $WINBINDD_SOCKET_DIR
name resolve order = bcast
interfaces = 127.0.0.1/8
tls enabled = $TLS_ENABLED
return;
}
- /* Make sure the directory for NCALRPC exists */
- if (!directory_exist(WINBINDD_DIR)) {
- mkdir(WINBINDD_DIR, 0755);
+ /* Make sure the directory for the Samba3 socket exists, and is of the correct permissions */
+ if (!directory_create_or_exist(lp_winbindd_socket_directory(), geteuid(), 0755)) {
+ task_server_terminate(task,
+ "Cannot create winbindd pipe directory");
+ return;
}
service = talloc_zero(task, struct wbsrv_service);
/* setup the unprivileged samba3 socket */
listen_socket = talloc(service, struct wbsrv_listen_socket);
if (!listen_socket) goto nomem;
- listen_socket->socket_path = WINBINDD_SAMBA3_SOCKET;
+ listen_socket->socket_path = talloc_asprintf(listen_socket, "%s/%s",
+ lp_winbindd_socket_directory(),
+ WINBINDD_SAMBA3_SOCKET);
if (!listen_socket->socket_path) goto nomem;
listen_socket->service = service;
listen_socket->privileged = False;
#include "nsswitch/winbindd_nss.h"
-#define WINBINDD_DIR "/tmp/.winbindd/"
-#define WINBINDD_SOCKET WINBINDD_DIR"socket"
-/* the privileged socket is in smbd_tmp_dir() */
-#define WINBINDD_PRIVILEGED_SOCKET "winbind_socket"
-#define WINBINDD_SAMBA3_SOCKET WINBINDD_DIR"pipe"
+
+#define WINBINDD_SAMBA3_SOCKET "pipe"
/* the privileged socket is in smbd_tmp_dir() */
#define WINBINDD_SAMBA3_PRIVILEGED_SOCKET "winbind_pipe"