search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_ceph: use consistent code style when setting errno
[Samba.git] / source3 / winbindd / winbindd_pam_logoff.c
blobc799eb5e38d399c8f62ffa9f43de4d71b9ac66bd
1 /*
2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_PAM_LOGOFF
4 Copyright (C) Volker Lendecke 2010
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "util/debug.h"
22 #include "winbindd.h"
23 #include "lib/global_contexts.h"
24 #include "librpc/gen_ndr/ndr_winbind_c.h"
25 #include "lib/util/string_wrappers.h"
26
27 struct winbindd_pam_logoff_state {
28 struct wbint_PamLogOff r;
29 };
30
31 static void winbindd_pam_logoff_done(struct tevent_req *subreq);
32
33 struct tevent_req *winbindd_pam_logoff_send(TALLOC_CTX *mem_ctx,
34 struct tevent_context *ev,
35 struct winbindd_cli_state *cli,
36 struct winbindd_request *request)
37 {
38 struct tevent_req *req, *subreq;
39 struct winbindd_pam_logoff_state *state;
40 struct winbindd_domain *domain;
41 char *name_namespace = NULL;
42 char *name_domain = NULL;
43 char *user = NULL;
44 char *logoff_user = NULL;
45
46 uid_t caller_uid;
47 gid_t caller_gid;
48 int res;
49 bool ok;
50
51 req = tevent_req_create(mem_ctx, &state,
52 struct winbindd_pam_logoff_state);
53 if (req == NULL) {
54 return NULL;
55 }
56 D_NOTICE("[%s (%u)] Winbind external command PAM_LOGOFF start.\n"
57 "Username '%s' is used during logoff.\n",
58 cli->client_name,
59 (unsigned int)cli->pid,
60 request->data.auth.user);
61 /* Ensure null termination */
62 /* Ensure null termination */
63 request->data.logoff.user[sizeof(request->data.logoff.user)-1]='\0';
64 request->data.logoff.krb5ccname[
65 sizeof(request->data.logoff.krb5ccname)-1]='\0';
66
67 if (request->data.logoff.uid == (uid_t)-1) {
68 goto failed;
69 }
70
71 logoff_user = request->data.logoff.user;
72
73 ok = canonicalize_username(req,
74 &logoff_user,
75 &name_namespace,
76 &name_domain,
77 &user);
78 if (!ok) {
79 goto failed;
80 }
81
82 fstrcpy(request->data.logoff.user, logoff_user);
83
84 domain = find_auth_domain(request->flags, name_namespace);
85 if (domain == NULL) {
86 goto failed;
87 }
88
89 caller_uid = (uid_t)-1;
90
91 res = getpeereid(cli->sock, &caller_uid, &caller_gid);
92 if (res != 0) {
93 D_WARNING("winbindd_pam_logoff: failed to check peerid: %s\n",
94 strerror(errno));
95 goto failed;
96 }
97
98 switch (caller_uid) {
99 case -1:
100 goto failed;
101 case 0:
102 /* root must be able to logoff any user - gd */
103 break;
104 default:
105 if (caller_uid != request->data.logoff.uid) {
106 D_WARNING("caller requested invalid uid\n");
107 goto failed;
108 }
109 break;
110 }
111
112 state->r.in.client_name = talloc_strdup(state, request->client_name);
113 if (tevent_req_nomem(state->r.in.client_name, req)) {
114 return tevent_req_post(req, ev);
115 }
116 state->r.in.client_pid = request->pid;
117
118 state->r.in.flags = request->flags;
119 state->r.in.user = talloc_strdup(state, request->data.logoff.user);
120 if (tevent_req_nomem(state->r.in.user, req)) {
121 return tevent_req_post(req, ev);
122 }
123 state->r.in.uid = request->data.logoff.uid;
124 state->r.in.krb5ccname = talloc_strdup(state,
125 request->data.logoff.krb5ccname);
126 if (tevent_req_nomem(state->r.in.krb5ccname, req)) {
127 return tevent_req_post(req, ev);
128 }
129
130 subreq = dcerpc_wbint_PamLogOff_r_send(state,
131 global_event_context(),
132 dom_child_handle(domain),
133 &state->r);
134 if (tevent_req_nomem(subreq, req)) {
135 return tevent_req_post(req, ev);
136 }
137 tevent_req_set_callback(subreq, winbindd_pam_logoff_done, req);
138 return req;
139
140 failed:
141 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
142 return tevent_req_post(req, ev);
143 }
144
145 static void winbindd_pam_logoff_done(struct tevent_req *subreq)
146 {
147 struct tevent_req *req = tevent_req_callback_data(
148 subreq, struct tevent_req);
149 struct winbindd_pam_logoff_state *state = tevent_req_data(
150 req, struct winbindd_pam_logoff_state);
151 NTSTATUS status;
152
153 status = dcerpc_wbint_PamLogOff_r_recv(subreq, state);
154 TALLOC_FREE(subreq);
155 if (tevent_req_nterror(req, status)) {
156 return;
157 }
158
159 tevent_req_done(req);
160 }
161
162 NTSTATUS winbindd_pam_logoff_recv(struct tevent_req *req,
163 struct winbindd_response *response)
164 {
165 struct winbindd_pam_logoff_state *state = tevent_req_data(
166 req, struct winbindd_pam_logoff_state);
167 NTSTATUS status = NT_STATUS_OK;
168
169 D_NOTICE("Winbind external command PAM_LOGOFF end.\n");
170 if (tevent_req_is_nterror(req, &status)) {
171 set_auth_errors(response, status);
172 return status;
173 }
174
175 response->result = WINBINDD_PENDING;
176 set_auth_errors(response, state->r.out.result);
177
178 if (NT_STATUS_IS_OK(state->r.out.result)) {
179 winbindd_delete_memory_creds(state->r.in.user);
180 }
181
182 return NT_STATUS(response->data.auth.nt_status);
183 }
Samba GIT mirror