diff options
-rw-r--r-- | source3/nsswitch/libwbclient/wbc_pam.c | 52 | ||||
-rw-r--r-- | source3/nsswitch/libwbclient/wbc_util.c | 62 | ||||
-rw-r--r-- | source3/nsswitch/libwbclient/wbclient.c | 4 | ||||
-rw-r--r-- | source3/nsswitch/libwbclient/wbclient.h | 44 |
4 files changed, 159 insertions, 3 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index a0e91faaf3..a3fb212d53 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -470,3 +470,55 @@ wbcErr wbcCheckTrustCredentials(const char *domain, done: return wbc_status; } + +/** @brief Trigger a logoff notification to Winbind for a specific user + * + * @param username Name of user to remove from Winbind's list of + * logged on users. + * @param uid Uid assigned to the username + * @param ccfilename Absolute path to the Krb5 credentials cache to + * be removed + * + * @return #wbcErr + * + **/ + +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct passwd *pw = NULL; + + /* validate input */ + + if (!username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.logoff.user, username, + sizeof(request.data.logoff.user)-1); + request.data.logoff.uid = uid; + + if (ccfilename) { + strncpy(request.data.logoff.krb5ccname, ccfilename, + sizeof(request.data.logoff.krb5ccname)-1); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF, + &request, + &response); + + /* Take the response above and return it to the caller */ + + done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 3afd8a29d3..24568f9101 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -272,7 +272,7 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name) /** */ -static wbcErr process_domain_info_string(TALLOC_CTX *ctx, +static wbcErr process_domain_info_string(TALLOC_CTX *ctx, struct wbcDomainInfo *info, char *info_string) { @@ -437,7 +437,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) p = (char *)response.extra_data.data; if (strlen(p) == 0) { - /* We should always at least get back our + /* We should always at least get back our own SAM domain */ wbc_status = WBC_ERR_DOMAIN_NOT_FOUND; @@ -492,3 +492,61 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) return wbc_status; } + +/** @brief Enumerate the domain trusts known by Winbind + * + * @param domain Name of the domain to query for a DC + * @flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned domain controller information + * + * @return #wbcErr + * + **/ + + + +wbcErr wbcLookupDomainController(const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + struct wbcDomainControllerInfo *dc = NULL; + + /* validate input params */ + + if (!domain || !dc_info) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.domain_name, domain, sizeof(request.domain_name)-1); + + request.flags = flags; + + dc = talloc(NULL, struct wbcDomainControllerInfo); + BAIL_ON_PTR_ERROR(dc, wbc_status); + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + dc->dc_name = talloc_strdup(dc, response.data.dc_name); + BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status); + + *dc_info = dc; + +done: + if (!WBC_ERROR_IS_OK(wbc_status)) { + talloc_free(dc); + } + + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index 9383fd5406..6403c1565f 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -110,6 +110,10 @@ const char *wbcErrorString(wbcErr error) return "WBC_ERR_INVALID_RESPONSE"; case WBC_ERR_NSS_ERROR: return "WBC_ERR_NSS_ERROR"; + case WBC_ERR_UNKNOWN_USER: + return "WBC_ERR_UNKNOWN_USER"; + case WBC_ERR_UNKNOWN_GROUP: + return "WBC_ERR_UNKNOWN_GROUP"; case WBC_ERR_AUTH_ERROR: return "WBC_ERR_AUTH_ERROR"; } diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index f236c43e11..da466b4041 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -42,7 +42,9 @@ enum _wbcErrType { WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ - WBC_ERR_AUTH_ERROR /**< Authentication failed **/ + WBC_ERR_AUTH_ERROR, /**< Authentication failed **/ + WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */ + WBC_ERR_UNKNOWN_GROUP /**< Group account cannot be found */ }; typedef enum _wbcErrType wbcErr; @@ -290,6 +292,15 @@ struct wbcAuthErrorInfo { }; /* + * DomainControllerInfo struct + */ +struct wbcDomainControllerInfo { + char *dc_name; +}; + + + +/* * Memory Management */ @@ -411,6 +422,31 @@ wbcErr wbcDomainInfo(const char *domain, wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains); +/* Flags for wbcLookupDomainController */ + +#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001 +#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010 +#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020 +#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040 +#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080 +#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100 +#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200 +#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400 +#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800 +#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000 +#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000 +#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000 +#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000 +#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000 +#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000 +#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000 +#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000 +#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000 +#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000 + +wbcErr wbcLookupDomainController(const char *domain, + uint32_t flags, + struct wbcDomainControllerInfo **dc_info); /* * Athenticate functions @@ -423,6 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error); +wbcErr wbcLogoffUser(const char *username, + uid_t uid, + const char *ccfilename); + + /* * Resolve functions */ @@ -435,4 +476,5 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name); wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); + #endif /* _WBCLIENT_H */ |