2025-01-26 10:04:02 +03:00 · 2008-05-13 12:52:20 -05:00 · 2008-05-13 12:52:20 -05:00 · 9cd646c166
commit 9cd646c166
parent 44b7f672b8
4 changed files with 159 additions and 3 deletions
--- a/source3/nsswitch/libwbclient/wbc_pam.c
+++ b/source3/nsswitch/libwbclient/wbc_pam.c
@ -470,3 +470,55 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
 done:
 	return wbc_status;
 }
+
+/** @brief Trigger a logoff notification to Winbind for a specific user
+ *
+ * @param username    Name of user to remove from Winbind's list of
+ *                    logged on users.
+ * @param uid         Uid assigned to the username
+ * @param ccfilename  Absolute path to the Krb5 credentials cache to
+ *                    be removed
+ *
+ * @return #wbcErr
+ *
+ **/
+
+wbcErr wbcLogoffUser(const char *username,
+		     uid_t uid,
+		     const char *ccfilename)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct passwd *pw = NULL;
+
+	/* validate input */
+
+	if (!username) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.data.logoff.user, username,
+		sizeof(request.data.logoff.user)-1);
+	request.data.logoff.uid = uid;
+
+	if (ccfilename) {
+		strncpy(request.data.logoff.krb5ccname, ccfilename,
+			sizeof(request.data.logoff.krb5ccname)-1);
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF,
+					&request,
+					&response);
+
+	/* Take the response above and return it to the caller */
+
+ done:
+	return wbc_status;
+}
--- a/source3/nsswitch/libwbclient/wbc_util.c
+++ b/source3/nsswitch/libwbclient/wbc_util.c
@ -272,7 +272,7 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name)
 /**
 */

-static wbcErr process_domain_info_string(TALLOC_CTX *ctx, 
+static wbcErr process_domain_info_string(TALLOC_CTX *ctx,
 					 struct wbcDomainInfo *info,
 					 char *info_string)
 {
@ -437,7 +437,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains)
 	p = (char *)response.extra_data.data;

 	if (strlen(p) == 0) {
-		/* We should always at least get back our 
+		/* We should always at least get back our
 		   own SAM domain */
 		
 		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
@ -492,3 +492,61 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains)

 	return wbc_status;
 }
+
+/** @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param domain        Name of the domain to query for a DC
+ * @flags               Bit flags used to control the domain location query
+ * @param *dc_info      Pointer to the returned domain controller information
+ *
+ * @return #wbcErr
+ *
+ **/
+
+
+
+wbcErr wbcLookupDomainController(const char *domain,
+				 uint32_t flags,
+				struct wbcDomainControllerInfo **dc_info)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	struct wbcDomainControllerInfo *dc = NULL;
+
+	/* validate input params */
+
+	if (!domain || !dc_info) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.domain_name, domain, sizeof(request.domain_name)-1);
+
+	request.flags = flags;
+
+	dc = talloc(NULL, struct wbcDomainControllerInfo);
+	BAIL_ON_PTR_ERROR(dc, wbc_status);
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	dc->dc_name = talloc_strdup(dc, response.data.dc_name);
+	BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status);
+
+	*dc_info = dc;
+
+done:
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		talloc_free(dc);
+	}
+
+	return wbc_status;
+}
--- a/source3/nsswitch/libwbclient/wbclient.c
+++ b/source3/nsswitch/libwbclient/wbclient.c
@ -110,6 +110,10 @@ const char *wbcErrorString(wbcErr error)
 		return "WBC_ERR_INVALID_RESPONSE";
 	case WBC_ERR_NSS_ERROR:
 		return "WBC_ERR_NSS_ERROR";
+	case WBC_ERR_UNKNOWN_USER:
+		return "WBC_ERR_UNKNOWN_USER";
+	case WBC_ERR_UNKNOWN_GROUP:
+		return "WBC_ERR_UNKNOWN_GROUP";
 	case WBC_ERR_AUTH_ERROR:
 		return "WBC_ERR_AUTH_ERROR";
 	}
--- a/source3/nsswitch/libwbclient/wbclient.h
+++ b/source3/nsswitch/libwbclient/wbclient.h
@ -42,7 +42,9 @@ enum _wbcErrType {
 	WBC_ERR_DOMAIN_NOT_FOUND,        /**< Domain is not trusted or cannot be found **/
 	WBC_ERR_INVALID_RESPONSE,        /**< Winbind returned an invalid response **/
 	WBC_ERR_NSS_ERROR,            /**< NSS_STATUS error **/
-	WBC_ERR_AUTH_ERROR        /**< Authentication failed **/
+	WBC_ERR_AUTH_ERROR,        /**< Authentication failed **/
+	WBC_ERR_UNKNOWN_USER,      /**< User account cannot be found */
+	WBC_ERR_UNKNOWN_GROUP      /**< Group account cannot be found */
 };

 typedef enum _wbcErrType wbcErr;
@ -289,6 +291,15 @@ struct wbcAuthErrorInfo {
 	char *display_string;
 };

+/*
+ * DomainControllerInfo struct
+ */
+struct wbcDomainControllerInfo {
+	char *dc_name;
+};
+
+
+
 /*
 * Memory Management
 */
@ -411,6 +422,31 @@ wbcErr wbcDomainInfo(const char *domain,
 wbcErr wbcListTrusts(struct wbcDomainInfo **domains, 
 		     size_t *num_domains);

+/* Flags for wbcLookupDomainController */
+
+#define WBC_LOOKUP_DC_FORCE_REDISCOVERY        0x00000001
+#define WBC_LOOKUP_DC_DS_REQUIRED              0x00000010
+#define WBC_LOOKUP_DC_DS_PREFERRED             0x00000020
+#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED       0x00000040
+#define WBC_LOOKUP_DC_PDC_REQUIRED             0x00000080
+#define WBC_LOOKUP_DC_BACKGROUND_ONLY          0x00000100
+#define WBC_LOOKUP_DC_IP_REQUIRED              0x00000200
+#define WBC_LOOKUP_DC_KDC_REQUIRED             0x00000400
+#define WBC_LOOKUP_DC_TIMESERV_REQUIRED        0x00000800
+#define WBC_LOOKUP_DC_WRITABLE_REQUIRED        0x00001000
+#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED  0x00002000
+#define WBC_LOOKUP_DC_AVOID_SELF               0x00004000
+#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED         0x00008000
+#define WBC_LOOKUP_DC_IS_FLAT_NAME             0x00010000
+#define WBC_LOOKUP_DC_IS_DNS_NAME              0x00020000
+#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE     0x00040000
+#define WBC_LOOKUP_DC_DS_6_REQUIRED            0x00080000
+#define WBC_LOOKUP_DC_RETURN_DNS_NAME          0x40000000
+#define WBC_LOOKUP_DC_RETURN_FLAT_NAME         0x80000000
+
+wbcErr wbcLookupDomainController(const char *domain,
+				 uint32_t flags,
+				 struct wbcDomainControllerInfo **dc_info);

 /*
 * Athenticate functions
@ -423,6 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 			     struct wbcAuthUserInfo **info,
 			     struct wbcAuthErrorInfo **error);

+wbcErr wbcLogoffUser(const char *username,
+		     uid_t uid,
+		     const char *ccfilename);
+
+
 /*
 * Resolve functions
 */
@ -435,4 +476,5 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name);
 wbcErr wbcCheckTrustCredentials(const char *domain,
 				struct wbcAuthErrorInfo **error);

+
 #endif      /* _WBCLIENT_H */