2012-09-20 07:51:34 +04:00
|
|
|
/**
|
|
|
|
* xrdp: A Remote Desktop Protocol server.
|
|
|
|
*
|
2015-10-11 08:16:16 +03:00
|
|
|
* Copyright (C) Jay Sorg 2004-2015
|
2012-09-20 07:51:34 +04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
2006-05-26 17:10:14 +04:00
|
|
|
|
|
|
|
/**
|
|
|
|
*
|
|
|
|
* @file scp_v0.c
|
|
|
|
* @brief scp version 0 implementation
|
|
|
|
* @author Jay Sorg, Simone Fedele
|
2008-07-30 14:58:30 +04:00
|
|
|
*
|
2006-05-26 17:10:14 +04:00
|
|
|
*/
|
|
|
|
|
2017-03-03 07:33:23 +03:00
|
|
|
#if defined(HAVE_CONFIG_H)
|
|
|
|
#include <config_ac.h>
|
|
|
|
#endif
|
|
|
|
|
2006-05-26 17:10:14 +04:00
|
|
|
#include "sesman.h"
|
|
|
|
|
|
|
|
/******************************************************************************/
|
2020-08-07 23:56:54 +03:00
|
|
|
enum SCP_SERVER_STATES_E
|
|
|
|
scp_v0_process(struct trans *t, struct SCP_SESSION *s)
|
2006-05-26 17:10:14 +04:00
|
|
|
{
|
2012-09-20 07:51:34 +04:00
|
|
|
int display = 0;
|
|
|
|
tbus data;
|
|
|
|
struct session_item *s_item;
|
2015-12-12 07:41:17 +03:00
|
|
|
int errorcode = 0;
|
2017-03-21 04:59:44 +03:00
|
|
|
bool_t do_auth_end = 1;
|
2007-02-01 09:03:46 +03:00
|
|
|
|
2015-12-12 07:41:17 +03:00
|
|
|
data = auth_userpass(s->username, s->password, &errorcode);
|
2012-09-20 07:51:34 +04:00
|
|
|
|
|
|
|
if (s->type == SCP_GW_AUTHENTICATION)
|
2006-05-26 17:10:14 +04:00
|
|
|
{
|
2012-09-20 07:51:34 +04:00
|
|
|
/* this is just authentication in a gateway situation */
|
|
|
|
/* g_writeln("SCP_GW_AUTHENTICATION message received"); */
|
|
|
|
if (data)
|
|
|
|
{
|
|
|
|
if (1 == access_login_allowed(s->username))
|
|
|
|
{
|
|
|
|
/* the user is member of the correct groups. */
|
2020-08-07 23:56:54 +03:00
|
|
|
scp_v0s_replyauthentication(t, errorcode);
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "Access permitted for user: %s",
|
|
|
|
s->username);
|
2012-09-20 07:51:34 +04:00
|
|
|
/* g_writeln("Connection allowed"); */
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2020-08-07 23:56:54 +03:00
|
|
|
scp_v0s_replyauthentication(t, 32 + 3); /* all first 32 are reserved for PAM errors */
|
2020-06-10 11:20:27 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "Username okay but group problem for "
|
2020-11-30 03:36:20 +03:00
|
|
|
"user: %s", s->username);
|
2012-09-20 07:51:34 +04:00
|
|
|
/* g_writeln("user password ok, but group problem"); */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* g_writeln("username or password error"); */
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "Username or password error for user: %s",
|
|
|
|
s->username);
|
2020-08-07 23:56:54 +03:00
|
|
|
scp_v0s_replyauthentication(t, errorcode);
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
2006-10-15 17:08:08 +04:00
|
|
|
}
|
2012-09-20 07:51:34 +04:00
|
|
|
else if (data)
|
2006-10-15 17:08:08 +04:00
|
|
|
{
|
2012-09-20 07:51:34 +04:00
|
|
|
s_item = session_get_bydata(s->username, s->width, s->height,
|
2021-08-27 14:14:52 +03:00
|
|
|
s->bpp, s->type, s->connection_description);
|
2012-09-20 07:51:34 +04:00
|
|
|
|
|
|
|
if (s_item != 0)
|
2010-11-04 14:14:03 +03:00
|
|
|
{
|
2012-09-20 07:51:34 +04:00
|
|
|
display = s_item->display;
|
2021-04-22 15:27:39 +03:00
|
|
|
s->guid = s_item->guid;
|
2021-08-27 14:14:52 +03:00
|
|
|
if (0 != s->connection_description)
|
2012-09-20 07:51:34 +04:00
|
|
|
{
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG( LOG_LEVEL_INFO, "++ reconnected session: username %s, "
|
|
|
|
"display :%d.0, session_pid %d, ip %s",
|
2021-08-27 14:14:52 +03:00
|
|
|
s->username, display, s_item->pid,
|
|
|
|
s->connection_description);
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "++ reconnected session: username %s, "
|
|
|
|
"display :%d.0, session_pid %d", s->username, display,
|
|
|
|
s_item->pid);
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
|
|
|
|
2018-05-31 12:30:11 +03:00
|
|
|
session_reconnect(display, s->username, data);
|
2010-11-04 14:14:03 +03:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2020-10-08 04:55:08 +03:00
|
|
|
LOG_DEVEL(LOG_LEVEL_DEBUG, "pre auth");
|
2012-09-20 07:51:34 +04:00
|
|
|
|
|
|
|
if (1 == access_login_allowed(s->username))
|
|
|
|
{
|
2021-04-22 15:27:39 +03:00
|
|
|
struct guid guid = guid_new();
|
2016-12-04 10:12:48 +03:00
|
|
|
|
2021-04-22 15:27:39 +03:00
|
|
|
scp_session_set_guid(s, &guid);
|
2016-12-04 10:12:48 +03:00
|
|
|
|
2021-08-27 14:14:52 +03:00
|
|
|
if (0 != s->connection_description)
|
2012-09-20 07:51:34 +04:00
|
|
|
{
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "++ created session (access granted): "
|
2021-08-27 14:14:52 +03:00
|
|
|
"username %s, ip %s", s->username, s->connection_description);
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "++ created session (access granted): "
|
|
|
|
"username %s", s->username);
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (SCP_SESSION_TYPE_XVNC == s->type)
|
|
|
|
{
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG( LOG_LEVEL_INFO, "starting Xvnc session...");
|
2020-06-10 11:20:27 +03:00
|
|
|
display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s);
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
2014-03-09 04:41:37 +04:00
|
|
|
else if (SCP_SESSION_TYPE_XRDP == s->type)
|
2012-09-20 07:51:34 +04:00
|
|
|
{
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "starting X11rdp session...");
|
2020-06-10 11:20:27 +03:00
|
|
|
display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s);
|
2015-10-11 08:16:16 +03:00
|
|
|
}
|
2014-03-22 15:36:33 +04:00
|
|
|
else if (SCP_SESSION_TYPE_XORG == s->type)
|
2014-03-09 04:41:37 +04:00
|
|
|
{
|
2015-10-11 08:16:16 +03:00
|
|
|
/* type is SCP_SESSION_TYPE_XORG */
|
2020-11-30 03:36:20 +03:00
|
|
|
LOG(LOG_LEVEL_INFO, "starting Xorg session...");
|
2020-06-10 11:20:27 +03:00
|
|
|
display = session_start(data, SESMAN_SESSION_TYPE_XORG, s);
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
2017-03-21 04:59:44 +03:00
|
|
|
/* if the session started up ok, auth_end will be called on
|
|
|
|
sig child */
|
|
|
|
do_auth_end = display == 0;
|
2012-09-20 07:51:34 +04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
display = 0;
|
|
|
|
}
|
2010-11-04 14:14:03 +03:00
|
|
|
}
|
|
|
|
|
2012-09-20 07:51:34 +04:00
|
|
|
if (display == 0)
|
2006-05-26 17:10:14 +04:00
|
|
|
{
|
2020-08-07 23:56:54 +03:00
|
|
|
scp_v0s_deny_connection(t);
|
2006-05-26 17:10:14 +04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2021-04-22 15:27:39 +03:00
|
|
|
scp_v0s_allow_connection(t, display, &s->guid);
|
2006-05-26 17:10:14 +04:00
|
|
|
}
|
2006-10-15 17:08:08 +04:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2021-08-27 14:54:47 +03:00
|
|
|
char ip[64];
|
|
|
|
g_get_ip_from_description(s->connection_description, ip, sizeof(ip));
|
|
|
|
/*
|
|
|
|
* The message is intended for use by fail2ban, so for
|
|
|
|
* future-proofing we only log the IP address rather than the
|
|
|
|
* connection description */
|
2021-10-25 13:35:25 +03:00
|
|
|
LOG(LOG_LEVEL_INFO,
|
|
|
|
"AUTHFAIL: user=%s ip=%s time=%d",
|
|
|
|
s->username, ip, g_time1());
|
2020-08-07 23:56:54 +03:00
|
|
|
scp_v0s_deny_connection(t);
|
2006-10-15 17:08:08 +04:00
|
|
|
}
|
2017-03-21 04:59:44 +03:00
|
|
|
if (do_auth_end)
|
|
|
|
{
|
|
|
|
auth_end(data);
|
|
|
|
}
|
2020-08-07 23:56:54 +03:00
|
|
|
return SCP_SERVER_STATE_END;
|
2006-05-26 17:10:14 +04:00
|
|
|
}
|