svn commit: samba r264 - in branches/tmp/VOYAGER/source:
groupdb include libsmb nsswitch passdb smbd
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Apr 18 10:30:04 GMT 2004
On Sun, Apr 18, 2004 at 10:13:07AM +1000, Tim Potter wrote:
> > Another idea: How much effort would it be for smbd to listen on a unix domain
> > socket in a private directory?
>
> And this sounds like the PRIV_PIPE_DIR winbindd command. (-:
Attached find a prototype that is rather simple (needs tuning) but seems to do
the job.
Comments?
Volker
-------------- next part --------------
Index: smbd/negprot.c
===================================================================
--- smbd/negprot.c (revision 264)
+++ smbd/negprot.c (working copy)
@@ -471,16 +471,9 @@
arch &= ( ARCH_WINNT | ARCH_OS2 );
else if (strcsequal(p,"Samba")) {
arch = ARCH_SAMBA;
+ break;
}
- if (strncmp(p, "WB_PROTO", strlen("WB_PROTO")) == 0) {
- char *key = secrets_fetch(p, NULL);
- if (key != NULL) {
- global_winbind_off();
- SAFE_FREE(key);
- }
- }
-
p += strlen(p) + 2;
}
Index: smbd/server.c
===================================================================
--- smbd/server.c (revision 248)
+++ smbd/server.c (working copy)
@@ -311,6 +311,18 @@
}
}
+ {
+ int sock = create_pipe_sock("/tmp/.smbd-priv", "smbd", 0750);
+
+ if (sock != 0) {
+ set_blocking(sock, False);
+ fd_listenset[num_sockets] = sock;
+ FD_SET(sock,&listen_set);
+
+ num_sockets++;
+ }
+ }
+
SAFE_FREE(ports);
/* Listen to messages */
@@ -420,6 +432,9 @@
smb_panic("tdb_reopen_all failed.");
}
+ if (addr.sa_family == AF_UNIX)
+ global_winbind_off();
+
return True;
}
/* The parent doesn't need this socket */
Index: nsswitch/winbindd_cm.c
===================================================================
--- nsswitch/winbindd_cm.c (revision 264)
+++ nsswitch/winbindd_cm.c (working copy)
@@ -243,7 +243,7 @@
flags = CLI_FULL_CONNECTION_USE_KERBEROS;
if (domain->loopback)
- flags |= CLI_FULL_CONNECTION_OFFER_WINBIND;
+ flags |= CLI_FULL_CONNECTION_IS_LOOPBACK;
result = cli_start_connection(&new_conn->cli, global_myname(),
new_conn->controller,
Index: libsmb/cliconnect.c
===================================================================
--- libsmb/cliconnect.c (revision 264)
+++ libsmb/cliconnect.c (working copy)
@@ -1028,14 +1028,7 @@
char *p;
int numprots;
int plength;
- char *winbind_proto;
- if (cli->am_winbind) {
- winbind_proto = invent_winbind_proto();
- if (winbind_proto == NULL)
- return False;
- }
-
if (cli->protocol < PROTOCOL_NT1)
cli->use_spnego = False;
@@ -1047,9 +1040,6 @@
numprots++)
plength += strlen(prots[numprots].name)+2;
- if (cli->am_winbind)
- plength += strlen(winbind_proto)+2;
-
set_message(cli->outbuf,0,plength,True);
p = smb_buf(cli->outbuf);
@@ -1060,12 +1050,6 @@
p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
}
- if (cli->am_winbind) {
- *p++ = 2;
- p += clistr_push(cli, p, winbind_proto, -1, STR_TERMINATE);
- SAFE_FREE(winbind_proto);
- }
-
SCVAL(cli->outbuf,smb_com,SMBnegprot);
cli_setup_packet(cli);
@@ -1291,6 +1275,22 @@
if (getenv("LIBSMB_PROG")) {
cli->fd = sock_exec(getenv("LIBSMB_PROG"));
+ } if (cli->is_loopback) {
+ struct sockaddr_un sunaddr;
+ ZERO_STRUCT(sunaddr);
+ sunaddr.sun_family = AF_UNIX;
+ strncpy(sunaddr.sun_path, "/tmp/.smbd-priv/smbd",
+ sizeof(sunaddr.sun_path) - 1);
+
+ if ((cli->fd = socket(AF_UNIX, SOCK_STREAM, 0)) != -1) {
+ if (connect(cli->fd, (struct sockaddr *)&sunaddr,
+ sizeof(sunaddr)) == -1) {
+ DEBUG(1, ("Could not open socket: %s\n",
+ strerror(errno)));
+ close(cli->fd);
+ cli->fd = -1;
+ }
+ }
} else {
/* try 445 first, then 139 */
int port = cli->port?cli->port:445;
@@ -1380,6 +1380,9 @@
else
ZERO_STRUCT(ip);
+ if (flags & CLI_FULL_CONNECTION_IS_LOOPBACK)
+ cli->is_loopback = True;
+
again:
DEBUG(3,("Connecting to host=%s\n", dest_host));
@@ -1416,9 +1419,6 @@
else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
cli->use_kerberos = True;
- if (flags & CLI_FULL_CONNECTION_OFFER_WINBIND)
- cli->am_winbind = True;
-
if (!cli_negprot(cli)) {
DEBUG(1,("failed negprot\n"));
nt_status = NT_STATUS_UNSUCCESSFUL;
Index: include/client.h
===================================================================
--- include/client.h (revision 264)
+++ include/client.h (working copy)
@@ -145,7 +145,7 @@
BOOL use_kerberos;
BOOL use_spnego;
- BOOL am_winbind;
+ BOOL is_loopback;
BOOL use_oplocks; /* should we use oplocks? */
BOOL use_level_II_oplocks; /* should we use level II oplocks? */
@@ -166,6 +166,6 @@
#define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001
#define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002
#define CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK 0x0004
-#define CLI_FULL_CONNECTION_OFFER_WINBIND 0x0008
+#define CLI_FULL_CONNECTION_IS_LOOPBACK 0x0008
#endif /* _CLIENT_H */
More information about the samba-technical
mailing list