svn commit: samba r264 - in branches/tmp/VOYAGER/source: groupdb include libsmb nsswitch passdb smbd

Sun Apr 18 10:30:04 GMT 2004

On Sun, Apr 18, 2004 at 10:13:07AM +1000, Tim Potter wrote:
> > Another idea: How much effort would it be for smbd to listen on a unix domain
> > socket in a private directory?
> 
> And this sounds like the PRIV_PIPE_DIR winbindd command.  (-:

Attached find a prototype that is rather simple (needs tuning) but seems to do
the job.

Comments?

Volker
-------------- next part --------------
Index: smbd/negprot.c
===================================================================

--- smbd/negprot.c	(revision 264)
+++ smbd/negprot.c	(working copy)
@@ -471,16 +471,9 @@
 			arch &= ( ARCH_WINNT | ARCH_OS2 );
 		else if (strcsequal(p,"Samba")) {
 			arch = ARCH_SAMBA;
+			break;
 		}
 
-		if (strncmp(p, "WB_PROTO", strlen("WB_PROTO")) == 0) {
-			char *key = secrets_fetch(p, NULL);
-			if (key != NULL) {
-				global_winbind_off();
-				SAFE_FREE(key);
-			}
-		}
- 
 		p += strlen(p) + 2;
 	}
     
Index: smbd/server.c
===================================================================
--- smbd/server.c	(revision 248)
+++ smbd/server.c	(working copy)
@@ -311,6 +311,18 @@
 		}
 	} 
 
+	{
+		int sock = create_pipe_sock("/tmp/.smbd-priv", "smbd", 0750);
+
+		if (sock != 0) {
+			set_blocking(sock, False);
+			fd_listenset[num_sockets] = sock;
+			FD_SET(sock,&listen_set);
+
+			num_sockets++;
+		}
+	}
+
 	SAFE_FREE(ports);
 
         /* Listen to messages */
@@ -420,6 +432,9 @@
 					smb_panic("tdb_reopen_all failed.");
 				}
 
+				if (addr.sa_family == AF_UNIX)
+					global_winbind_off();
+
 				return True; 
 			}
 			/* The parent doesn't need this socket */
Index: nsswitch/winbindd_cm.c
===================================================================
--- nsswitch/winbindd_cm.c	(revision 264)
+++ nsswitch/winbindd_cm.c	(working copy)
@@ -243,7 +243,7 @@
 
 		flags = CLI_FULL_CONNECTION_USE_KERBEROS;
 		if (domain->loopback)
-			flags |= CLI_FULL_CONNECTION_OFFER_WINBIND;
+			flags |= CLI_FULL_CONNECTION_IS_LOOPBACK;
 
 		result = cli_start_connection(&new_conn->cli, global_myname(), 
 					      new_conn->controller, 
Index: libsmb/cliconnect.c
===================================================================
--- libsmb/cliconnect.c	(revision 264)
+++ libsmb/cliconnect.c	(working copy)
@@ -1028,14 +1028,7 @@
 	char *p;
 	int numprots;
 	int plength;
-	char *winbind_proto;
 
-	if (cli->am_winbind) {
-		winbind_proto = invent_winbind_proto();
-		if (winbind_proto == NULL)
-			return False;
-	}
-
 	if (cli->protocol < PROTOCOL_NT1)
 		cli->use_spnego = False;
 
@@ -1047,9 +1040,6 @@
 	     numprots++)
 		plength += strlen(prots[numprots].name)+2;
 
-	if (cli->am_winbind)
-		plength += strlen(winbind_proto)+2;
-    
 	set_message(cli->outbuf,0,plength,True);
 
 	p = smb_buf(cli->outbuf);
@@ -1060,12 +1050,6 @@
 		p += clistr_push(cli, p, prots[numprots].name, -1, STR_TERMINATE);
 	}
 
-	if (cli->am_winbind) {
-		*p++ = 2;
-		p += clistr_push(cli, p, winbind_proto, -1, STR_TERMINATE);
-		SAFE_FREE(winbind_proto);
-	}
-
 	SCVAL(cli->outbuf,smb_com,SMBnegprot);
 	cli_setup_packet(cli);
 
@@ -1291,6 +1275,22 @@
 
 	if (getenv("LIBSMB_PROG")) {
 		cli->fd = sock_exec(getenv("LIBSMB_PROG"));
+	} if (cli->is_loopback) {
+		struct sockaddr_un sunaddr;
+		ZERO_STRUCT(sunaddr);
+		sunaddr.sun_family = AF_UNIX;
+		strncpy(sunaddr.sun_path, "/tmp/.smbd-priv/smbd",
+			sizeof(sunaddr.sun_path) - 1);
+		
+		if ((cli->fd = socket(AF_UNIX, SOCK_STREAM, 0)) != -1) {
+			if (connect(cli->fd, (struct sockaddr *)&sunaddr, 
+				    sizeof(sunaddr)) == -1) {
+				DEBUG(1, ("Could not open socket: %s\n",
+					  strerror(errno)));
+				close(cli->fd);
+				cli->fd = -1;
+			}
+		}
 	} else {
 		/* try 445 first, then 139 */
 		int port = cli->port?cli->port:445;
@@ -1380,6 +1380,9 @@
 	else
 		ZERO_STRUCT(ip);
 
+	if (flags & CLI_FULL_CONNECTION_IS_LOOPBACK)
+		cli->is_loopback = True;
+
 again:
 
 	DEBUG(3,("Connecting to host=%s\n", dest_host));
@@ -1416,9 +1419,6 @@
 	else if (flags & CLI_FULL_CONNECTION_USE_KERBEROS)
 		cli->use_kerberos = True;
 
-	if (flags & CLI_FULL_CONNECTION_OFFER_WINBIND)
-		cli->am_winbind = True;
-
 	if (!cli_negprot(cli)) {
 		DEBUG(1,("failed negprot\n"));
 		nt_status = NT_STATUS_UNSUCCESSFUL;
Index: include/client.h
===================================================================
--- include/client.h	(revision 264)
+++ include/client.h	(working copy)
@@ -145,7 +145,7 @@
 
 	BOOL use_kerberos;
 	BOOL use_spnego;
-	BOOL am_winbind;
+	BOOL is_loopback;
 
 	BOOL use_oplocks; /* should we use oplocks? */
 	BOOL use_level_II_oplocks; /* should we use level II oplocks? */
@@ -166,6 +166,6 @@
 #define CLI_FULL_CONNECTION_DONT_SPNEGO 0x0001
 #define CLI_FULL_CONNECTION_USE_KERBEROS 0x0002
 #define CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK 0x0004
-#define CLI_FULL_CONNECTION_OFFER_WINBIND 0x0008
+#define CLI_FULL_CONNECTION_IS_LOOPBACK 0x0008
 
 #endif /* _CLIENT_H */
