From: David Mulder <dmulder@samba.org>
Date: Thu, 1 Aug 2024 15:52:45 +0000 (-0600)
Subject: Add pam_acct_mgmt to the himmelblau daemon
X-Git-Tag: tdb-1.4.13~910
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5350b31a786e529e4ea71a9ecba6ac87c6c67910;p=thirdparty%2Fsamba.git

Add pam_acct_mgmt to the himmelblau daemon

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
---

diff --git a/himmelblaud/src/himmelblaud.rs b/himmelblaud/src/himmelblaud.rs
index 6af19e2b901..624f03eb326 100644
--- a/himmelblaud/src/himmelblaud.rs
+++ b/himmelblaud/src/himmelblaud.rs
@@ -220,6 +220,9 @@ pub(crate) async fn handle_client(
                 resolver.getgrnam(&grp_id).await?
             }
             Request::NssGroupByGid(gid) => resolver.getgrgid(gid).await?,
+            Request::PamAccountAllowed(account_id) => {
+                resolver.pam_acct_mgmt(&account_id).await?
+            }
             _ => todo!(),
         };
         reqs.send(resp).await?;
@@ -237,4 +240,5 @@ mod himmelblaud_getgrnam;
 mod himmelblaud_getpwent;
 mod himmelblaud_getpwnam;
 mod himmelblaud_getpwuid;
+mod himmelblaud_pam_acct_mgmt;
 mod himmelblaud_pam_auth;
diff --git a/himmelblaud/src/himmelblaud/himmelblaud_pam_acct_mgmt.rs b/himmelblaud/src/himmelblaud/himmelblaud_pam_acct_mgmt.rs
new file mode 100644
index 00000000000..98209eee573
--- /dev/null
+++ b/himmelblaud/src/himmelblaud/himmelblaud_pam_acct_mgmt.rs
@@ -0,0 +1,47 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Himmelblau daemon implementation for pam_acct_mgmt
+
+   Copyright (C) David Mulder 2024
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+use crate::himmelblaud::Resolver;
+use dbg::DBG_WARNING;
+use ntstatus_gen::*;
+use sock::Response;
+
+impl Resolver {
+    pub(crate) async fn pam_acct_mgmt(
+        &self,
+        account_id: &str,
+    ) -> Result<Response, Box<NTSTATUS>> {
+        // Check if the user exists in Entra ID
+        // TODO: If we're offline, check the cache instead
+        match self
+            .client
+            .lock()
+            .await
+            .check_user_exists(&account_id)
+            .await
+        {
+            Ok(exists) => Ok(Response::PamStatus(Some(exists))),
+            Err(e) => {
+                DBG_WARNING!("{:?}", e);
+                Ok(Response::PamStatus(None))
+            }
+        }
+    }
+}