s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
[Samba/bb.git] / source3 / winbindd / winbindd_pam_chauthtok.c
blob8ffbc29b973e49ea0edda6825c281031c414dba2
1 /*
2 Unix SMB/CIFS implementation.
3 async implementation of WINBINDD_PAM_CHAUTHTOK
4 Copyright (C) Volker Lendecke 2010
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 #include "includes.h"
21 #include "winbindd.h"
23 struct winbindd_pam_chauthtok_state {
24 struct winbindd_request *request;
25 struct winbindd_response *response;
28 static void winbindd_pam_chauthtok_done(struct tevent_req *subreq);
30 struct tevent_req *winbindd_pam_chauthtok_send(
31 TALLOC_CTX *mem_ctx,
32 struct tevent_context *ev,
33 struct winbindd_cli_state *cli,
34 struct winbindd_request *request)
36 struct tevent_req *req, *subreq;
37 struct winbindd_pam_chauthtok_state *state;
38 struct winbindd_domain *contact_domain;
39 fstring domain, user;
40 char *mapped_user;
41 NTSTATUS status;
43 req = tevent_req_create(mem_ctx, &state,
44 struct winbindd_pam_chauthtok_state);
45 if (req == NULL) {
46 return NULL;
48 state->request = request;
50 /* Ensure null termination */
51 request->data.chauthtok.user[
52 sizeof(request->data.chauthtok.user)-1]='\0';
54 DEBUG(3, ("[%5lu]: pam chauthtok %s\n", (unsigned long)cli->pid,
55 request->data.chauthtok.user));
57 status = normalize_name_unmap(state, request->data.chauthtok.user,
58 &mapped_user);
60 if (NT_STATUS_IS_OK(status) ||
61 NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
62 fstrcpy(request->data.chauthtok.user, mapped_user);
65 if (!canonicalize_username(request->data.chauthtok.user, domain,
66 user)) {
67 DEBUG(10, ("winbindd_pam_chauthtok: canonicalize_username %s "
68 "failed with\n", request->data.chauthtok.user));
69 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
70 return tevent_req_post(req, ev);
73 contact_domain = find_domain_from_name(domain);
74 if (contact_domain == NULL) {
75 DEBUG(3, ("Cannot change password for [%s] -> [%s]\\[%s] "
76 "as %s is not a trusted domain\n",
77 request->data.chauthtok.user, domain, user, domain));
78 tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
79 return tevent_req_post(req, ev);
82 subreq = wb_domain_request_send(state, winbind_event_context(),
83 contact_domain, request);
84 if (tevent_req_nomem(subreq, req)) {
85 return tevent_req_post(req, ev);
87 tevent_req_set_callback(subreq, winbindd_pam_chauthtok_done, req);
88 return req;
91 static void winbindd_pam_chauthtok_done(struct tevent_req *subreq)
93 struct tevent_req *req = tevent_req_callback_data(
94 subreq, struct tevent_req);
95 struct winbindd_pam_chauthtok_state *state = tevent_req_data(
96 req, struct winbindd_pam_chauthtok_state);
97 int res, err;
99 res = wb_domain_request_recv(subreq, state, &state->response, &err);
100 TALLOC_FREE(subreq);
101 if (res == -1) {
102 tevent_req_nterror(req, map_nt_error_from_unix(err));
103 return;
105 tevent_req_done(req);
108 NTSTATUS winbindd_pam_chauthtok_recv(struct tevent_req *req,
109 struct winbindd_response *response)
111 struct winbindd_pam_chauthtok_state *state = tevent_req_data(
112 req, struct winbindd_pam_chauthtok_state);
113 NTSTATUS status;
115 if (tevent_req_is_nterror(req, &status)) {
116 set_auth_errors(response, status);
117 return status;
119 *response = *state->response;
120 response->result = WINBINDD_PENDING;
121 state->response = talloc_move(response, &state->response);
123 status = NT_STATUS(response->data.auth.nt_status);
124 if (!NT_STATUS_IS_OK(status)) {
125 return status;
128 if (state->request->flags & WBFLAG_PAM_CACHED_LOGIN) {
130 /* Update the single sign-on memory creds. */
131 status = winbindd_replace_memory_creds(
132 state->request->data.chauthtok.user,
133 state->request->data.chauthtok.newpass);
135 DEBUG(10, ("winbindd_replace_memory_creds returned %s\n",
136 nt_errstr(status)));
139 * When we login from gdm or xdm and password expires,
140 * we change password, but there are no memory
141 * crendentials So, winbindd_replace_memory_creds()
142 * returns NT_STATUS_OBJECT_NAME_NOT_FOUND. This is
143 * not a failure. --- BoYang
145 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
146 status = NT_STATUS_OK;
149 return status;