2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_PAM_LOGOFF
4 Copyright (C) Volker Lendecke 2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 struct winbindd_pam_logoff_state
{
24 struct winbindd_request
*request
;
25 struct winbindd_response
*response
;
28 static void winbindd_pam_logoff_done(struct tevent_req
*subreq
);
30 struct tevent_req
*winbindd_pam_logoff_send(TALLOC_CTX
*mem_ctx
,
31 struct tevent_context
*ev
,
32 struct winbindd_cli_state
*cli
,
33 struct winbindd_request
*request
)
35 struct tevent_req
*req
, *subreq
;
36 struct winbindd_pam_logoff_state
*state
;
37 struct winbindd_domain
*domain
;
38 fstring name_domain
, user
;
42 req
= tevent_req_create(mem_ctx
, &state
,
43 struct winbindd_pam_logoff_state
);
47 state
->request
= request
;
49 /* Ensure null termination */
50 /* Ensure null termination */
51 request
->data
.logoff
.user
[sizeof(request
->data
.logoff
.user
)-1]='\0';
52 request
->data
.logoff
.krb5ccname
[
53 sizeof(request
->data
.logoff
.krb5ccname
)-1]='\0';
55 DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)cli
->pid
,
56 request
->data
.auth
.user
));
58 if (request
->data
.logoff
.uid
== (uid_t
)-1) {
62 if (!canonicalize_username(request
->data
.logoff
.user
, name_domain
,
67 domain
= find_auth_domain(request
->flags
, name_domain
);
72 caller_uid
= (uid_t
)-1;
74 res
= sys_getpeereid(cli
->sock
, &caller_uid
);
76 DEBUG(1,("winbindd_pam_logoff: failed to check peerid: %s\n",
85 /* root must be able to logoff any user - gd */
88 if (caller_uid
!= request
->data
.logoff
.uid
) {
89 DEBUG(1,("winbindd_pam_logoff: caller requested "
96 subreq
= wb_domain_request_send(state
, winbind_event_context(), domain
,
98 if (tevent_req_nomem(subreq
, req
)) {
99 return tevent_req_post(req
, ev
);
101 tevent_req_set_callback(subreq
, winbindd_pam_logoff_done
, req
);
105 tevent_req_nterror(req
, NT_STATUS_NO_SUCH_USER
);
106 return tevent_req_post(req
, ev
);
109 static void winbindd_pam_logoff_done(struct tevent_req
*subreq
)
111 struct tevent_req
*req
= tevent_req_callback_data(
112 subreq
, struct tevent_req
);
113 struct winbindd_pam_logoff_state
*state
= tevent_req_data(
114 req
, struct winbindd_pam_logoff_state
);
117 res
= wb_domain_request_recv(subreq
, state
, &state
->response
, &err
);
120 tevent_req_nterror(req
, map_nt_error_from_unix(err
));
123 tevent_req_done(req
);
126 NTSTATUS
winbindd_pam_logoff_recv(struct tevent_req
*req
,
127 struct winbindd_response
*response
)
129 struct winbindd_pam_logoff_state
*state
= tevent_req_data(
130 req
, struct winbindd_pam_logoff_state
);
133 if (tevent_req_is_nterror(req
, &status
)) {
134 set_auth_errors(response
, status
);
137 *response
= *state
->response
;
138 response
->result
= WINBINDD_PENDING
;
139 state
->response
= talloc_move(response
, &state
->response
);
141 status
= NT_STATUS(response
->data
.auth
.nt_status
);
142 if (!NT_STATUS_IS_OK(status
)) {
145 winbindd_delete_memory_creds(state
->request
->data
.logoff
.user
);