summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/libwbclient/wbc_pam.c52
-rw-r--r--source3/nsswitch/libwbclient/wbc_util.c62
-rw-r--r--source3/nsswitch/libwbclient/wbclient.c4
-rw-r--r--source3/nsswitch/libwbclient/wbclient.h44
4 files changed, 159 insertions, 3 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c
index a0e91faaf3..a3fb212d53 100644
--- a/source3/nsswitch/libwbclient/wbc_pam.c
+++ b/source3/nsswitch/libwbclient/wbc_pam.c
@@ -470,3 +470,55 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
done:
return wbc_status;
}
+
+/** @brief Trigger a logoff notification to Winbind for a specific user
+ *
+ * @param username Name of user to remove from Winbind's list of
+ * logged on users.
+ * @param uid Uid assigned to the username
+ * @param ccfilename Absolute path to the Krb5 credentials cache to
+ * be removed
+ *
+ * @return #wbcErr
+ *
+ **/
+
+wbcErr wbcLogoffUser(const char *username,
+ uid_t uid,
+ const char *ccfilename)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct passwd *pw = NULL;
+
+ /* validate input */
+
+ if (!username) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.data.logoff.user, username,
+ sizeof(request.data.logoff.user)-1);
+ request.data.logoff.uid = uid;
+
+ if (ccfilename) {
+ strncpy(request.data.logoff.krb5ccname, ccfilename,
+ sizeof(request.data.logoff.krb5ccname)-1);
+ }
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF,
+ &request,
+ &response);
+
+ /* Take the response above and return it to the caller */
+
+ done:
+ return wbc_status;
+}
diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c
index 3afd8a29d3..24568f9101 100644
--- a/source3/nsswitch/libwbclient/wbc_util.c
+++ b/source3/nsswitch/libwbclient/wbc_util.c
@@ -272,7 +272,7 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name)
/**
*/
-static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
+static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
struct wbcDomainInfo *info,
char *info_string)
{
@@ -437,7 +437,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains)
p = (char *)response.extra_data.data;
if (strlen(p) == 0) {
- /* We should always at least get back our
+ /* We should always at least get back our
own SAM domain */
wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
@@ -492,3 +492,61 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains)
return wbc_status;
}
+
+/** @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param domain Name of the domain to query for a DC
+ * @flags Bit flags used to control the domain location query
+ * @param *dc_info Pointer to the returned domain controller information
+ *
+ * @return #wbcErr
+ *
+ **/
+
+
+
+wbcErr wbcLookupDomainController(const char *domain,
+ uint32_t flags,
+ struct wbcDomainControllerInfo **dc_info)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct winbindd_request request;
+ struct winbindd_response response;
+ struct wbcDomainControllerInfo *dc = NULL;
+
+ /* validate input params */
+
+ if (!domain || !dc_info) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ strncpy(request.domain_name, domain, sizeof(request.domain_name)-1);
+
+ request.flags = flags;
+
+ dc = talloc(NULL, struct wbcDomainControllerInfo);
+ BAIL_ON_PTR_ERROR(dc, wbc_status);
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME,
+ &request,
+ &response);
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ dc->dc_name = talloc_strdup(dc, response.data.dc_name);
+ BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status);
+
+ *dc_info = dc;
+
+done:
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ talloc_free(dc);
+ }
+
+ return wbc_status;
+}
diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c
index 9383fd5406..6403c1565f 100644
--- a/source3/nsswitch/libwbclient/wbclient.c
+++ b/source3/nsswitch/libwbclient/wbclient.c
@@ -110,6 +110,10 @@ const char *wbcErrorString(wbcErr error)
return "WBC_ERR_INVALID_RESPONSE";
case WBC_ERR_NSS_ERROR:
return "WBC_ERR_NSS_ERROR";
+ case WBC_ERR_UNKNOWN_USER:
+ return "WBC_ERR_UNKNOWN_USER";
+ case WBC_ERR_UNKNOWN_GROUP:
+ return "WBC_ERR_UNKNOWN_GROUP";
case WBC_ERR_AUTH_ERROR:
return "WBC_ERR_AUTH_ERROR";
}
diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h
index f236c43e11..da466b4041 100644
--- a/source3/nsswitch/libwbclient/wbclient.h
+++ b/source3/nsswitch/libwbclient/wbclient.h
@@ -42,7 +42,9 @@ enum _wbcErrType {
WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/
WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/
WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
- WBC_ERR_AUTH_ERROR /**< Authentication failed **/
+ WBC_ERR_AUTH_ERROR, /**< Authentication failed **/
+ WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */
+ WBC_ERR_UNKNOWN_GROUP /**< Group account cannot be found */
};
typedef enum _wbcErrType wbcErr;
@@ -290,6 +292,15 @@ struct wbcAuthErrorInfo {
};
/*
+ * DomainControllerInfo struct
+ */
+struct wbcDomainControllerInfo {
+ char *dc_name;
+};
+
+
+
+/*
* Memory Management
*/
@@ -411,6 +422,31 @@ wbcErr wbcDomainInfo(const char *domain,
wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
size_t *num_domains);
+/* Flags for wbcLookupDomainController */
+
+#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001
+#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010
+#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020
+#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040
+#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080
+#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100
+#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200
+#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400
+#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800
+#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000
+#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000
+#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000
+#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000
+#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000
+#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000
+#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000
+#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000
+#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000
+#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000
+
+wbcErr wbcLookupDomainController(const char *domain,
+ uint32_t flags,
+ struct wbcDomainControllerInfo **dc_info);
/*
* Athenticate functions
@@ -423,6 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
struct wbcAuthUserInfo **info,
struct wbcAuthErrorInfo **error);
+wbcErr wbcLogoffUser(const char *username,
+ uid_t uid,
+ const char *ccfilename);
+
+
/*
* Resolve functions
*/
@@ -435,4 +476,5 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name);
wbcErr wbcCheckTrustCredentials(const char *domain,
struct wbcAuthErrorInfo **error);
+
#endif /* _WBCLIENT_H */