From f47a8a6d22609229e2ed238fc1419454a3e3422b Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Fri, 21 Nov 2008 11:31:01 +0100
Subject: [PATCH] pam_winbind: use libwbclient for WINBINDD_PAM_LOGOFF.

Guenther
(cherry picked from commit 18f1585539bb306101f3471103a2936c2dfd0aa3)
---
 source/nsswitch/pam_winbind.c | 71 +++++++++++++++++++++++++++++++------------
 1 file changed, 52 insertions(+), 19 deletions(-)

diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c
index c3520a53c8f..235f3c09e5b 100644
--- a/source/nsswitch/pam_winbind.c
+++ b/source/nsswitch/pam_winbind.c
@@ -2451,6 +2451,7 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
 {
 	int retval = PAM_SUCCESS;
 	struct pwb_context *ctx = NULL;
+	struct wbcLogoffUserParams logoff;
 
 	retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx);
 	if (retval) {
@@ -2467,15 +2468,16 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
 	if (ctx->ctrl & WINBIND_KRB5_AUTH) {
 
 		/* destroy the ccache here */
-		struct winbindd_request request;
-		struct winbindd_response response;
+
+		wbcErr wbc_status;
+		struct wbcAuthErrorInfo *error = NULL;
+
+		uint32_t flags = 0;
+
 		const char *user;
 		const char *ccname = NULL;
 		struct passwd *pwd = NULL;
 
-		ZERO_STRUCT(request);
-		ZERO_STRUCT(response);
-
 		retval = pam_get_user(pamh, &user, _("Username: "));
 		if (retval) {
 			_pam_log(ctx, LOG_ERR,
@@ -2499,30 +2501,61 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags,
 				       "user has no KRB5CCNAME environment");
 		}
 
-		strncpy(request.data.logoff.user, user,
-			sizeof(request.data.logoff.user) - 1);
+		flags = WBFLAG_PAM_KRB5 |
+			WBFLAG_PAM_CONTACT_TRUSTDOM;
+
+		ZERO_STRUCT(logoff);
 
-		if (ccname) {
-			strncpy(request.data.logoff.krb5ccname, ccname,
-				sizeof(request.data.logoff.krb5ccname) - 1);
+		logoff.username		= user;
+
+		wbc_status = wbcAddNamedBlob(&logoff.num_blobs,
+					     &logoff.blobs,
+					     "ccfilename",
+					     0,
+					     (uint8_t *)ccname,
+					     strlen(ccname)+1);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			goto out;
 		}
 
-		pwd = getpwnam(user);
-		if (pwd == NULL) {
-			retval = PAM_USER_UNKNOWN;
+		wbc_status = wbcAddNamedBlob(&logoff.num_blobs,
+					     &logoff.blobs,
+					     "flags",
+					     0,
+					     (uint8_t *)&flags,
+					     sizeof(flags));
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			goto out;
+		}
+
+		wbc_status = wbcAddNamedBlob(&logoff.num_blobs,
+					     &logoff.blobs,
+					     "user_uid",
+					     0,
+					     (uint8_t *)&pwd->pw_uid,
+					     sizeof(pwd->pw_uid));
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
 			goto out;
 		}
-		request.data.logoff.uid = pwd->pw_uid;
 
-		request.flags = WBFLAG_PAM_KRB5 |
-				WBFLAG_PAM_CONTACT_TRUSTDOM;
+		wbc_status = wbcLogoffUserEx(&logoff, &error);
+		retval = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
+						     user, "wbcLogoffUser");
+		wbcFreeMemory(error);
+		wbcFreeMemory(logoff.blobs);
 
-	        retval = pam_winbind_request_log(ctx,
-						 WINBINDD_PAM_LOGOFF,
-						 &request, &response, user);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			_pam_log(ctx, LOG_INFO,
+				 "failed to logoff user %s: %s\n",
+					 user, wbcErrorString(wbc_status));
+		}
 	}
 
 out:
+	if (logoff.blobs) {
+		wbcFreeMemory(logoff.blobs);
+	}
+
 	/*
 	 * Delete the krb5 ccname variable from the PAM environment
 	 * if it was set by winbind.
-- 
2.11.4.GIT