separate pam authentication for gateways
This commit is contained in:
parent
60b0529656
commit
10fdc5c17f
@ -60,6 +60,9 @@ scp_session_set_type(struct SCP_SESSION* s, tui8 type)
|
|||||||
case SCP_SESSION_TYPE_XRDP:
|
case SCP_SESSION_TYPE_XRDP:
|
||||||
s->type = SCP_SESSION_TYPE_XRDP;
|
s->type = SCP_SESSION_TYPE_XRDP;
|
||||||
break;
|
break;
|
||||||
|
case SCP_GW_AUTHENTICATION:
|
||||||
|
s->type = SCP_GW_AUTHENTICATION;
|
||||||
|
break;
|
||||||
case SCP_SESSION_TYPE_MANAGE:
|
case SCP_SESSION_TYPE_MANAGE:
|
||||||
s->type = SCP_SESSION_TYPE_MANAGE;
|
s->type = SCP_SESSION_TYPE_MANAGE;
|
||||||
s->mng = (struct SCP_MNG_DATA*)g_malloc(sizeof(struct SCP_MNG_DATA), 1);
|
s->mng = (struct SCP_MNG_DATA*)g_malloc(sizeof(struct SCP_MNG_DATA), 1);
|
||||||
|
@ -42,6 +42,10 @@
|
|||||||
#define SCP_SESSION_TYPE_XVNC 0x00
|
#define SCP_SESSION_TYPE_XVNC 0x00
|
||||||
#define SCP_SESSION_TYPE_XRDP 0x01
|
#define SCP_SESSION_TYPE_XRDP 0x01
|
||||||
#define SCP_SESSION_TYPE_MANAGE 0x02
|
#define SCP_SESSION_TYPE_MANAGE 0x02
|
||||||
|
/* SCP_GW_AUTHENTICATION can be used when XRDP + sesman act as a gateway
|
||||||
|
* XRDP sends this command to let sesman verify if the user is allowed
|
||||||
|
* to use the gateway */
|
||||||
|
#define SCP_GW_AUTHENTICATION 0x04
|
||||||
|
|
||||||
#define SCP_ADDRESS_TYPE_IPV4 0x00
|
#define SCP_ADDRESS_TYPE_IPV4 0x00
|
||||||
#define SCP_ADDRESS_TYPE_IPV6 0x01
|
#define SCP_ADDRESS_TYPE_IPV6 0x01
|
||||||
|
@ -277,6 +277,42 @@ scp_v0s_accept(struct SCP_CONNECTION* c, struct SCP_SESSION** s, int skipVchk)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (code == SCP_GW_AUTHENTICATION)
|
||||||
|
{
|
||||||
|
/* g_writeln("Command is SCP_GW_AUTHENTICATION"); */
|
||||||
|
session = scp_session_create();
|
||||||
|
if (0 == session)
|
||||||
|
{
|
||||||
|
/* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__);*/
|
||||||
|
return SCP_SERVER_STATE_INTERNAL_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
scp_session_set_version(session, version);
|
||||||
|
scp_session_set_type(session, SCP_GW_AUTHENTICATION);
|
||||||
|
/* reading username */
|
||||||
|
in_uint16_be(c->in_s, sz);
|
||||||
|
buf[sz]='\0';
|
||||||
|
in_uint8a(c->in_s, buf, sz);
|
||||||
|
/* g_writeln("Received user name: %s",buf); */
|
||||||
|
if (0 != scp_session_set_username(session, buf))
|
||||||
|
{
|
||||||
|
scp_session_destroy(session);
|
||||||
|
/* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/
|
||||||
|
return SCP_SERVER_STATE_INTERNAL_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* reading password */
|
||||||
|
in_uint16_be(c->in_s, sz);
|
||||||
|
buf[sz]='\0';
|
||||||
|
in_uint8a(c->in_s, buf, sz);
|
||||||
|
/* g_writeln("Received password: %s",buf); */
|
||||||
|
if (0 != scp_session_set_password(session, buf))
|
||||||
|
{
|
||||||
|
scp_session_destroy(session);
|
||||||
|
/* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */
|
||||||
|
return SCP_SERVER_STATE_INTERNAL_ERR;
|
||||||
|
}
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: sequence error", __LINE__);
|
log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: sequence error", __LINE__);
|
||||||
@ -315,8 +351,8 @@ scp_v0s_deny_connection(struct SCP_CONNECTION* c)
|
|||||||
out_uint32_be(c->out_s, 0); /* version */
|
out_uint32_be(c->out_s, 0); /* version */
|
||||||
out_uint32_be(c->out_s, 14); /* size */
|
out_uint32_be(c->out_s, 14); /* size */
|
||||||
out_uint16_be(c->out_s, 3); /* cmd */
|
out_uint16_be(c->out_s, 3); /* cmd */
|
||||||
out_uint16_be(c->out_s, 0); /* data */
|
out_uint16_be(c->out_s, 0); /* data = 0 - means NOT ok*/
|
||||||
out_uint16_be(c->out_s, 0); /* data */
|
out_uint16_be(c->out_s, 0); /* reserved for display number*/
|
||||||
s_mark_end(c->out_s);
|
s_mark_end(c->out_s);
|
||||||
|
|
||||||
if (0 != scp_tcp_force_send(c->in_sck, c->out_s->data, c->out_s->end - c->out_s->data))
|
if (0 != scp_tcp_force_send(c->in_sck, c->out_s->data, c->out_s->end - c->out_s->data))
|
||||||
@ -328,3 +364,26 @@ scp_v0s_deny_connection(struct SCP_CONNECTION* c)
|
|||||||
LOG_DBG(s_log, "[v0:%d] connection terminated (denied)", __LINE__);
|
LOG_DBG(s_log, "[v0:%d] connection terminated (denied)", __LINE__);
|
||||||
return SCP_SERVER_STATE_OK;
|
return SCP_SERVER_STATE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/******************************************************************************/
|
||||||
|
enum SCP_SERVER_STATES_E
|
||||||
|
scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value)
|
||||||
|
{
|
||||||
|
out_uint32_be(c->out_s, 0); /* version */
|
||||||
|
out_uint32_be(c->out_s, 14); /* size */
|
||||||
|
/* cmd SCP_GW_AUTHENTICATION means authentication reply */
|
||||||
|
out_uint16_be(c->out_s, SCP_GW_AUTHENTICATION);
|
||||||
|
out_uint16_be(c->out_s, value); /* reply code */
|
||||||
|
out_uint16_be(c->out_s, 0); /* dummy data */
|
||||||
|
s_mark_end(c->out_s);
|
||||||
|
|
||||||
|
/* g_writeln("Total number of bytes that will be sent %d",c->out_s->end - c->out_s->data);*/
|
||||||
|
if (0 != scp_tcp_force_send(c->in_sck, c->out_s->data, c->out_s->end - c->out_s->data))
|
||||||
|
{
|
||||||
|
/* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__); */
|
||||||
|
return SCP_SERVER_STATE_NETWORK_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* until syslog merge LOG_DBG(s_log, "[v0:%d] connection terminated (scp_v0s_deny_authentication)", __LINE__);*/
|
||||||
|
return SCP_SERVER_STATE_OK;
|
||||||
|
}
|
||||||
|
@ -73,5 +73,14 @@ scp_v0s_allow_connection(struct SCP_CONNECTION* c, SCP_DISPLAY d);
|
|||||||
enum SCP_SERVER_STATES_E
|
enum SCP_SERVER_STATES_E
|
||||||
scp_v0s_deny_connection(struct SCP_CONNECTION* c);
|
scp_v0s_deny_connection(struct SCP_CONNECTION* c);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief send reply to an authentication request
|
||||||
|
* @param c connection descriptor
|
||||||
|
* @param value the reply code 0 means ok
|
||||||
|
* @return
|
||||||
|
*/
|
||||||
|
enum SCP_SERVER_STATES_E
|
||||||
|
scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -38,9 +38,28 @@ scp_v0_process(struct SCP_CONNECTION* c, struct SCP_SESSION* s)
|
|||||||
struct session_item* s_item;
|
struct session_item* s_item;
|
||||||
|
|
||||||
data = auth_userpass(s->username, s->password);
|
data = auth_userpass(s->username, s->password);
|
||||||
|
if(s->type==SCP_GW_AUTHENTICATION)
|
||||||
if (data)
|
|
||||||
{
|
{
|
||||||
|
/* this is just authentication in a gateway situation */
|
||||||
|
/* g_writeln("SCP_GW_AUTHENTICATION message received"); */
|
||||||
|
if(data){
|
||||||
|
if (1 == access_login_allowed(s->username))
|
||||||
|
{
|
||||||
|
/* the user is member of the correct groups. */
|
||||||
|
scp_v0s_replyauthentication(c,0);
|
||||||
|
/* g_writeln("Connection allowed"); */
|
||||||
|
}else{
|
||||||
|
scp_v0s_replyauthentication(c,3);
|
||||||
|
/* g_writeln("user password ok, but group problem"); */
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
/* g_writeln("username or password error"); */
|
||||||
|
scp_v0s_replyauthentication(c,2);
|
||||||
|
}
|
||||||
|
auth_end(data);
|
||||||
|
}
|
||||||
|
else if (data)
|
||||||
|
{
|
||||||
s_item = session_get_bydata(s->username, s->width, s->height, s->bpp, s->type);
|
s_item = session_get_bydata(s->username, s->width, s->height, s->bpp, s->type);
|
||||||
if (s_item != 0)
|
if (s_item != 0)
|
||||||
{
|
{
|
||||||
|
@ -6,7 +6,7 @@ port=3389
|
|||||||
crypt_level=low
|
crypt_level=low
|
||||||
channel_code=1
|
channel_code=1
|
||||||
max_bpp=24
|
max_bpp=24
|
||||||
fork=yes
|
fork=no
|
||||||
#black=000000
|
#black=000000
|
||||||
#grey=d6d3ce
|
#grey=d6d3ce
|
||||||
#dark_grey=808080
|
#dark_grey=808080
|
||||||
@ -42,6 +42,9 @@ ip=ask
|
|||||||
port=ask5900
|
port=ask5900
|
||||||
username=na
|
username=na
|
||||||
password=ask
|
password=ask
|
||||||
|
pamusername=asksame
|
||||||
|
pampassword=asksame
|
||||||
|
pamsessionmng=127.0.0.1
|
||||||
|
|
||||||
[xrdp4]
|
[xrdp4]
|
||||||
name=sesman-any
|
name=sesman-any
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "xrdp.h"
|
#include "xrdp.h"
|
||||||
|
#define ACCESS
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
/* all login help screen events go here */
|
/* all login help screen events go here */
|
||||||
static int DEFAULT_CC
|
static int DEFAULT_CC
|
||||||
@ -302,7 +302,11 @@ xrdp_wm_show_edits(struct xrdp_wm* self, struct xrdp_bitmap* combo)
|
|||||||
username_set = 1;
|
username_set = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifdef ACCESS
|
||||||
|
if ((g_strncmp(name, "password", 255) == 0) || (g_strncmp(name, "pampassword", 255) == 0))
|
||||||
|
#else
|
||||||
if (g_strncmp(name, "password", 255) == 0)
|
if (g_strncmp(name, "password", 255) == 0)
|
||||||
|
#endif
|
||||||
{
|
{
|
||||||
b->password_char = '*';
|
b->password_char = '*';
|
||||||
if (username_set)
|
if (username_set)
|
||||||
|
210
xrdp/xrdp_mm.c
210
xrdp/xrdp_mm.c
@ -21,6 +21,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "xrdp.h"
|
#include "xrdp.h"
|
||||||
|
#define ACCESS
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
struct xrdp_mm* APP_CC
|
struct xrdp_mm* APP_CC
|
||||||
@ -103,6 +104,7 @@ xrdp_mm_delete(struct xrdp_mm* self)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
|
/* Send login information to sesman */
|
||||||
static int APP_CC
|
static int APP_CC
|
||||||
xrdp_mm_send_login(struct xrdp_mm* self)
|
xrdp_mm_send_login(struct xrdp_mm* self)
|
||||||
{
|
{
|
||||||
@ -200,6 +202,7 @@ xrdp_mm_send_login(struct xrdp_mm* self)
|
|||||||
s_mark_end(s);
|
s_mark_end(s);
|
||||||
|
|
||||||
s_pop_layer(s, channel_hdr);
|
s_pop_layer(s, channel_hdr);
|
||||||
|
/* Version 0 of the protocol to sesman is currently used by XRDP */
|
||||||
out_uint32_be(s, 0); /* version */
|
out_uint32_be(s, 0); /* version */
|
||||||
index = (int)(s->end - s->data);
|
index = (int)(s->end - s->data);
|
||||||
out_uint32_be(s, index); /* size */
|
out_uint32_be(s, index); /* size */
|
||||||
@ -743,6 +746,17 @@ xrdp_mm_connect_chansrv(struct xrdp_mm* self, char* ip, char* port)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void cleanup_sesman_connection(struct xrdp_mm* self)
|
||||||
|
{
|
||||||
|
self->delete_sesman_trans = 1;
|
||||||
|
self->connected_state = 0;
|
||||||
|
if (self->wm->login_mode != 10)
|
||||||
|
{
|
||||||
|
xrdp_wm_set_login_mode(self->wm, 11);
|
||||||
|
xrdp_mm_module_cleanup(self);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
static int APP_CC
|
static int APP_CC
|
||||||
xrdp_mm_process_login_response(struct xrdp_mm* self, struct stream* s)
|
xrdp_mm_process_login_response(struct xrdp_mm* self, struct stream* s)
|
||||||
@ -790,14 +804,7 @@ xrdp_mm_process_login_response(struct xrdp_mm* self, struct stream* s)
|
|||||||
xrdp_wm_log_msg(self->wm, "xrdp_mm_process_login_response: "
|
xrdp_wm_log_msg(self->wm, "xrdp_mm_process_login_response: "
|
||||||
"login failed");
|
"login failed");
|
||||||
}
|
}
|
||||||
self->delete_sesman_trans = 1;
|
cleanup_sesman_connection(self);
|
||||||
self->connected_state = 0;
|
|
||||||
if (self->wm->login_mode != 10)
|
|
||||||
{
|
|
||||||
xrdp_wm_set_login_mode(self->wm, 11);
|
|
||||||
xrdp_mm_module_cleanup(self);
|
|
||||||
}
|
|
||||||
|
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -902,6 +909,7 @@ xrdp_mm_process_channel_data(struct xrdp_mm* self, tbus param1, tbus param2,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
|
/* This is the callback registered for sesman communication replies. */
|
||||||
static int APP_CC
|
static int APP_CC
|
||||||
xrdp_mm_sesman_data_in(struct trans* trans)
|
xrdp_mm_sesman_data_in(struct trans* trans)
|
||||||
{
|
{
|
||||||
@ -930,11 +938,14 @@ xrdp_mm_sesman_data_in(struct trans* trans)
|
|||||||
in_uint16_be(s, code);
|
in_uint16_be(s, code);
|
||||||
switch (code)
|
switch (code)
|
||||||
{
|
{
|
||||||
|
/* even when the request is denied the reply will hold 3 as the command. */
|
||||||
case 3:
|
case 3:
|
||||||
error = xrdp_mm_process_login_response(self, s);
|
error = xrdp_mm_process_login_response(self, s);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
g_writeln("xrdp_mm_sesman_data_in: unknown code %d", code);
|
xrdp_wm_log_msg(self->wm, "An undefined reply code was received from sesman");
|
||||||
|
g_writeln("Fatal xrdp_mm_sesman_data_in: unknown cmd code %d", code);
|
||||||
|
cleanup_sesman_connection(self);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -942,6 +953,103 @@ xrdp_mm_sesman_data_in(struct trans* trans)
|
|||||||
return error;
|
return error;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef ACCESS
|
||||||
|
/*********************************************************************/
|
||||||
|
/* return 0 on success */
|
||||||
|
int access_control(char *username, char *password, char *srv){
|
||||||
|
int reply ;
|
||||||
|
int rec = 1 ; // failure
|
||||||
|
struct stream* in_s;
|
||||||
|
struct stream* out_s;
|
||||||
|
unsigned long version ;
|
||||||
|
unsigned short int dummy;
|
||||||
|
unsigned short int ok;
|
||||||
|
unsigned short int code;
|
||||||
|
unsigned long size ;
|
||||||
|
int index ;
|
||||||
|
int socket = g_tcp_socket();
|
||||||
|
if (socket > 0) {
|
||||||
|
/* we use a blocking socket here */
|
||||||
|
reply = g_tcp_connect(socket, srv, "3350");
|
||||||
|
if (reply == 0)
|
||||||
|
{
|
||||||
|
g_writeln("Connected to sesman user %s: password %s :srv %s",username, password, srv);
|
||||||
|
make_stream(in_s);
|
||||||
|
init_stream(in_s, 500);
|
||||||
|
make_stream(out_s);
|
||||||
|
init_stream(out_s, 500);
|
||||||
|
s_push_layer(out_s, channel_hdr, 8);
|
||||||
|
out_uint16_be(out_s, 4); /*0x04 means SCP_GW_AUTHENTICATION*/
|
||||||
|
index = g_strlen(username);
|
||||||
|
out_uint16_be(out_s, index);
|
||||||
|
out_uint8a(out_s, username, index);
|
||||||
|
|
||||||
|
index = g_strlen(password);
|
||||||
|
out_uint16_be(out_s, index);
|
||||||
|
out_uint8a(out_s, password, index);
|
||||||
|
s_mark_end(out_s);
|
||||||
|
s_pop_layer(out_s, channel_hdr);
|
||||||
|
out_uint32_be(out_s, 0); /* version */
|
||||||
|
index = (int)(out_s->end - out_s->data);
|
||||||
|
out_uint32_be(out_s, index); /* size */
|
||||||
|
/* g_writeln("Number of data to send : %d",index); */
|
||||||
|
reply = g_tcp_send(socket, out_s->data, index, 0);
|
||||||
|
free_stream(out_s);
|
||||||
|
if (reply > 0)
|
||||||
|
{
|
||||||
|
reply = g_tcp_recv(socket, in_s->end, 500, 0);
|
||||||
|
if (reply > 0)
|
||||||
|
{
|
||||||
|
in_s->end = in_s->end + reply ;
|
||||||
|
in_uint32_be(in_s, version);
|
||||||
|
/*g_writeln("Version number in reply from sesman: %d",version) ; */
|
||||||
|
in_uint32_be(in_s, size);
|
||||||
|
if((size==14) && (version==0))
|
||||||
|
{
|
||||||
|
in_uint16_be(in_s, code);
|
||||||
|
in_uint16_be(in_s, ok);
|
||||||
|
in_uint16_be(in_s, dummy);
|
||||||
|
if(code!=4)
|
||||||
|
{
|
||||||
|
g_writeln("Return cmd code is corrupt");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
rec = ok; /* here we read the reply from the access control */
|
||||||
|
/* g_writeln("Valid reply received"); */
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
g_writeln("corrupt reply size or version from sesman: %d",size);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
g_writeln("no data received from sesman");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
g_writeln("no success sending to sesman");
|
||||||
|
}
|
||||||
|
free_stream(in_s);
|
||||||
|
g_tcp_close(socket);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
g_writeln("failure connecting to socket sesman");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
g_writeln("failure creating socket");
|
||||||
|
}
|
||||||
|
//g_free(port);
|
||||||
|
return rec;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
int APP_CC
|
int APP_CC
|
||||||
xrdp_mm_connect(struct xrdp_mm* self)
|
xrdp_mm_connect(struct xrdp_mm* self)
|
||||||
@ -950,7 +1058,6 @@ xrdp_mm_connect(struct xrdp_mm* self)
|
|||||||
struct list* values;
|
struct list* values;
|
||||||
int index;
|
int index;
|
||||||
int count;
|
int count;
|
||||||
int use_sesman;
|
|
||||||
int ok;
|
int ok;
|
||||||
int rv;
|
int rv;
|
||||||
char* name;
|
char* name;
|
||||||
@ -960,14 +1067,22 @@ xrdp_mm_connect(struct xrdp_mm* self)
|
|||||||
char text[256];
|
char text[256];
|
||||||
char port[8];
|
char port[8];
|
||||||
char chansrvport[256];
|
char chansrvport[256];
|
||||||
|
#ifdef ACCESS
|
||||||
|
int use_pam_auth = 0 ;
|
||||||
|
char pam_auth_sessionIP[256] ;
|
||||||
|
char pam_auth_password[256];
|
||||||
|
char pam_auth_username[256];
|
||||||
|
char username[256];
|
||||||
|
char password[256];
|
||||||
|
username[0] = 0;
|
||||||
|
password[0] = 0;
|
||||||
|
#endif
|
||||||
g_memset(ip, 0, sizeof(ip));
|
g_memset(ip, 0, sizeof(ip));
|
||||||
g_memset(errstr, 0, sizeof(errstr));
|
g_memset(errstr, 0, sizeof(errstr));
|
||||||
g_memset(text, 0, sizeof(text));
|
g_memset(text, 0, sizeof(text));
|
||||||
g_memset(port, 0, sizeof(port));
|
g_memset(port, 0, sizeof(port));
|
||||||
g_memset(chansrvport, 0, sizeof(chansrvport));
|
g_memset(chansrvport, 0, sizeof(chansrvport));
|
||||||
rv = 0; /* success */
|
rv = 0; /* success */
|
||||||
use_sesman = 0;
|
|
||||||
names = self->login_names;
|
names = self->login_names;
|
||||||
values = self->login_values;
|
values = self->login_values;
|
||||||
count = names->count;
|
count = names->count;
|
||||||
@ -983,25 +1098,82 @@ xrdp_mm_connect(struct xrdp_mm* self)
|
|||||||
{
|
{
|
||||||
if (g_strcasecmp(value, "-1") == 0)
|
if (g_strcasecmp(value, "-1") == 0)
|
||||||
{
|
{
|
||||||
use_sesman = 1;
|
self->sesman_controlled = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
#ifdef ACCESS
|
||||||
|
else if (g_strcasecmp(name, "pamusername") == 0)
|
||||||
|
{
|
||||||
|
use_pam_auth = 1;
|
||||||
|
g_strncpy(pam_auth_username, value, 255);
|
||||||
|
}
|
||||||
|
else if (g_strcasecmp(name, "pamsessionmng") == 0)
|
||||||
|
{
|
||||||
|
g_strncpy(pam_auth_sessionIP, value, 255);
|
||||||
|
}
|
||||||
|
else if (g_strcasecmp(name, "pampassword") == 0)
|
||||||
|
{
|
||||||
|
g_strncpy(pam_auth_password, value, 255);
|
||||||
|
}
|
||||||
|
else if (g_strcasecmp(name, "password") == 0)
|
||||||
|
{
|
||||||
|
g_strncpy(password, value, 255);
|
||||||
|
}
|
||||||
|
else if (g_strcasecmp(name, "username") == 0)
|
||||||
|
{
|
||||||
|
g_strncpy(username, value, 255);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
else if (g_strcasecmp(name, "chansrvport") == 0)
|
else if (g_strcasecmp(name, "chansrvport") == 0)
|
||||||
{
|
{
|
||||||
g_strncpy(chansrvport, value, 255);
|
g_strncpy(chansrvport, value, 255);
|
||||||
self->usechansrv = 1;
|
self->usechansrv = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (use_sesman)
|
#ifdef ACCESS
|
||||||
|
if(use_pam_auth){
|
||||||
|
int reply;
|
||||||
|
char replytxt[80];
|
||||||
|
char replymessage[4][80] = {"Ok","Sesman connect failure","User or password error","Privilege group error"};
|
||||||
|
xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control...");
|
||||||
|
/* g_writeln("we use pam modules to check if we can approve this user"); */
|
||||||
|
if(!g_strncmp(pam_auth_username,"same",255))
|
||||||
|
{
|
||||||
|
g_writeln("pamusername copied from username - same: %s",username);
|
||||||
|
g_strncpy(pam_auth_username,username,255);
|
||||||
|
}
|
||||||
|
if(!g_strncmp(pam_auth_password,"same",255))
|
||||||
|
{
|
||||||
|
g_writeln("pam_auth_password copied from username - same: %s",password);
|
||||||
|
g_strncpy(pam_auth_password,password,255);
|
||||||
|
}
|
||||||
|
/* access_control return 0 on success */
|
||||||
|
reply = access_control(pam_auth_username, pam_auth_password, pam_auth_sessionIP);
|
||||||
|
if(reply>=0 && reply<4)
|
||||||
|
{
|
||||||
|
g_sprintf(replytxt,"Reply from access control: %s",replymessage[reply]);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
g_sprintf(replytxt,"Reply from access control undefined");
|
||||||
|
}
|
||||||
|
xrdp_wm_log_msg(self->wm,replytxt);
|
||||||
|
if(reply!=0)
|
||||||
|
{
|
||||||
|
rv = 1 ;
|
||||||
|
return rv ;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
if (self->sesman_controlled)
|
||||||
{
|
{
|
||||||
ok = 0;
|
ok = 0;
|
||||||
errstr[0] = 0;
|
|
||||||
trans_delete(self->sesman_trans);
|
trans_delete(self->sesman_trans);
|
||||||
self->sesman_trans = trans_create(TRANS_MODE_TCP, 8192, 8192);
|
self->sesman_trans = trans_create(TRANS_MODE_TCP, 8192, 8192);
|
||||||
xrdp_mm_get_sesman_port(port, sizeof(port));
|
xrdp_mm_get_sesman_port(port, sizeof(port));
|
||||||
g_snprintf(text, 255, "connecting to sesman ip %s port %s", ip, port);
|
g_snprintf(text, 255, "connecting to sesman ip %s port %s", ip, port);
|
||||||
xrdp_wm_log_msg(self->wm, text);
|
xrdp_wm_log_msg(self->wm, text);
|
||||||
|
/* xrdp_mm_sesman_data_in is the callback that is called when data arrives */
|
||||||
self->sesman_trans->trans_data_in = xrdp_mm_sesman_data_in;
|
self->sesman_trans->trans_data_in = xrdp_mm_sesman_data_in;
|
||||||
self->sesman_trans->header_size = 8;
|
self->sesman_trans->header_size = 8;
|
||||||
self->sesman_trans->callback_data = self;
|
self->sesman_trans->callback_data = self;
|
||||||
@ -1027,6 +1199,8 @@ xrdp_mm_connect(struct xrdp_mm* self)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
g_snprintf(errstr, 255, "Failure to connect to sesman: %s port: %s",
|
||||||
|
ip, port);
|
||||||
xrdp_wm_log_msg(self->wm, errstr);
|
xrdp_wm_log_msg(self->wm, errstr);
|
||||||
trans_delete(self->sesman_trans);
|
trans_delete(self->sesman_trans);
|
||||||
self->sesman_trans = 0;
|
self->sesman_trans = 0;
|
||||||
@ -1045,8 +1219,7 @@ xrdp_mm_connect(struct xrdp_mm* self)
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* connect error */
|
/* connect error */
|
||||||
g_snprintf(errstr, 255, "Failure to connect to: %s port: %s",
|
g_snprintf(errstr, 255, "Failure to connect to: %s",ip);
|
||||||
ip, port);
|
|
||||||
xrdp_wm_log_msg(self->wm, errstr);
|
xrdp_wm_log_msg(self->wm, errstr);
|
||||||
rv = 1 ; /* failure */
|
rv = 1 ; /* failure */
|
||||||
}
|
}
|
||||||
@ -1057,7 +1230,6 @@ xrdp_mm_connect(struct xrdp_mm* self)
|
|||||||
xrdp_mm_module_cleanup(self);
|
xrdp_mm_module_cleanup(self);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
self->sesman_controlled = use_sesman;
|
|
||||||
|
|
||||||
if ((self->wm->login_mode == 10) && (self->sesman_controlled == 0) &&
|
if ((self->wm->login_mode == 10) && (self->sesman_controlled == 0) &&
|
||||||
(self->usechansrv != 0))
|
(self->usechansrv != 0))
|
||||||
|
Loading…
Reference in New Issue
Block a user