2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_PAM_LOGOFF
4 Copyright (C) Volker Lendecke 2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "util/debug.h"
23 #include "lib/global_contexts.h"
24 #include "librpc/gen_ndr/ndr_winbind_c.h"
26 struct winbindd_pam_logoff_state {
27 struct wbint_PamLogOff r;
30 static void winbindd_pam_logoff_done(struct tevent_req *subreq);
32 struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
33 struct tevent_context *ev,
34 struct winbindd_cli_state *cli,
35 struct winbindd_request *request)
37 struct tevent_req *req, *subreq;
38 struct winbindd_pam_logoff_state *state;
39 struct winbindd_domain *domain;
40 fstring name_namespace, name_domain, user;
46 req = tevent_req_create(mem_ctx, &state,
47 struct winbindd_pam_logoff_state);
51 D_NOTICE("[%s (%u)] Winbind external command PAM_LOGOFF start.\n"
52 "Username '%s' is used during logoff.\n",
54 (unsigned int)cli->pid,
55 request->data.auth.user);
56 /* Ensure null termination */
57 /* Ensure null termination */
58 request->data.logoff.user[sizeof(request->data.logoff.user)-1]='\0';
59 request->data.logoff.krb5ccname[
60 sizeof(request->data.logoff.krb5ccname)-1]='\0';
62 if (request->data.logoff.uid == (uid_t)-1) {
66 ok = canonicalize_username(request->data.logoff.user,
74 domain = find_auth_domain(request->flags, name_namespace);
79 caller_uid = (uid_t)-1;
81 res = getpeereid(cli->sock, &caller_uid, &caller_gid);
83 D_WARNING("winbindd_pam_logoff: failed to check peerid: %s\n",
92 /* root must be able to logoff any user - gd */
95 if (caller_uid != request->data.logoff.uid) {
96 D_WARNING("caller requested invalid uid\n");
102 state->r.in.client_name = talloc_strdup(state, request->client_name);
103 if (tevent_req_nomem(state->r.in.client_name, req)) {
104 return tevent_req_post(req, ev);
106 state->r.in.client_pid = request->pid;
108 state->r.in.flags = request->flags;
109 state->r.in.user = talloc_strdup(state, request->data.logoff.user);
110 if (tevent_req_nomem(state->r.in.user, req)) {
111 return tevent_req_post(req, ev);
113 state->r.in.uid = request->data.logoff.uid;
114 state->r.in.krb5ccname = talloc_strdup(state,
115 request->data.logoff.krb5ccname);
116 if (tevent_req_nomem(state->r.in.krb5ccname, req)) {
117 return tevent_req_post(req, ev);
120 subreq = dcerpc_wbint_PamLogOff_r_send(state,
121 global_event_context(),
122 dom_child_handle(domain),
124 if (tevent_req_nomem(subreq, req)) {
125 return tevent_req_post(req, ev);
127 tevent_req_set_callback(subreq, winbindd_pam_logoff_done, req);
131 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
132 return tevent_req_post(req, ev);
135 static void winbindd_pam_logoff_done(struct tevent_req *subreq)
137 struct tevent_req *req = tevent_req_callback_data(
138 subreq, struct tevent_req);
139 struct winbindd_pam_logoff_state *state = tevent_req_data(
140 req, struct winbindd_pam_logoff_state);
143 status = dcerpc_wbint_PamLogOff_r_recv(subreq, state);
145 if (tevent_req_nterror(req, status)) {
149 tevent_req_done(req);
152 NTSTATUS winbindd_pam_logoff_recv(struct tevent_req *req,
153 struct winbindd_response *response)
155 struct winbindd_pam_logoff_state *state = tevent_req_data(
156 req, struct winbindd_pam_logoff_state);
157 NTSTATUS status = NT_STATUS_OK;
159 D_NOTICE("Winbind external command PAM_LOGOFF end.\n");
160 if (tevent_req_is_nterror(req, &status)) {
161 set_auth_errors(response, status);
165 response->result = WINBINDD_PENDING;
166 set_auth_errors(response, state->r.out.result);
168 if (NT_STATUS_IS_OK(state->r.out.result)) {
169 winbindd_delete_memory_creds(state->r.in.user);
172 return NT_STATUS(response->data.auth.nt_status);