Allow domain name to be concatenated to username

If a server is multihomed (i.e. mutiple domains) the users are identified by their domain name. This change allows to concat the domain name to the username with a specific separator.
2020-08-30 21:20:21 +02:00 · 2020-08-30 21:20:21 +02:00 · a6a0e5e004
commit a6a0e5e004
parent b0bca1363e
6 changed files with 36 additions and 6 deletions
--- a/common/os_calls.c
+++ b/common/os_calls.c
@ -2590,6 +2590,19 @@ g_strcat(char *dest, const char *src)
    return strcat(dest, src);
 }

+/*****************************************************************************/
+/* returns dest */
+char *
+g_strncat(char *dest, const char *src, int len)
+{
+    if (dest == 0 || src == 0)
+    {
+        return dest;
+    }
+
+    return strncat(dest, src, len);
+}
+
 /*****************************************************************************/
 /* if in = 0, return 0 else return newly alloced copy of in */
 char *
--- a/common/os_calls.h
+++ b/common/os_calls.h
@ -124,6 +124,7 @@ const char *g_strchr(const char *text, int c);
 char*    g_strcpy(char* dest, const char* src);
 char*    g_strncpy(char* dest, const char* src, int len);
 char*    g_strcat(char* dest, const char* src);
+char*    g_strncat(char* dest, const char* src, int len);
 char*    g_strdup(const char* in);
 char*    g_strndup(const char* in, const unsigned int maxlen);
 int      g_strcmp(const char* c1, const char* c2);
--- a/common/xrdp_client_info.h
+++ b/common/xrdp_client_info.h
@ -161,6 +161,7 @@ struct xrdp_client_info
  int suppress_output;

  int enable_token_login;
+  char domain_user_separator[16];
 };

 #endif
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@ -280,7 +280,11 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
                            client_info->key_file, g_get_strerror());
            }
        }
-
+        else if (g_strcasecmp(item, "domain_user_separator") == 0
+                 && g_strlen(value) > 0)
+        {
+            g_strncpy(client_info->domain_user_separator, value, sizeof(client_info->domain_user_separator) - 1);
+        }
    }

    list_delete(items);
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@ -738,7 +738,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)

    if (len_domain >= INFO_CLIENT_MAX_CB_LEN)
    {
-        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain > 511"));
+        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain >= %d", INFO_CLIENT_MAX_CB_LEN));
        return 1;
    }

@ -760,7 +760,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)

    if (len_user >= INFO_CLIENT_MAX_CB_LEN)
    {
-        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user > 511"));
+        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user >= %d", INFO_CLIENT_MAX_CB_LEN));
        return 1;
    }

@ -772,7 +772,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)

    if (len_password >= INFO_CLIENT_MAX_CB_LEN)
    {
-        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password > 511"));
+        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password >= %d", INFO_CLIENT_MAX_CB_LEN));
        return 1;
    }

@ -784,7 +784,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)

    if (len_program >= INFO_CLIENT_MAX_CB_LEN)
    {
-        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program > 511"));
+        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program >= %d", INFO_CLIENT_MAX_CB_LEN));
        return 1;
    }

@ -796,7 +796,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)

    if (len_directory >= INFO_CLIENT_MAX_CB_LEN)
    {
-        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory > 511"));
+        DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory >= %d", INFO_CLIENT_MAX_CB_LEN));
        return 1;
    }

@ -842,6 +842,13 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
            return 1; /* credentials on cmd line is mandatory */
        }
    }
+    if (self->rdp_layer->client_info.domain_user_separator[0] != '\0'
+        && self->rdp_layer->client_info.domain[0] != '\0')
+    {
+        int size = sizeof(self->rdp_layer->client_info.username);
+        g_strncat(self->rdp_layer->client_info.username, self->rdp_layer->client_info.domain_user_separator, size - 1 - g_strlen(self->rdp_layer->client_info.domain_user_separator));
+        g_strncat(self->rdp_layer->client_info.username, self->rdp_layer->client_info.domain, size - 1 - g_strlen(self->rdp_layer->client_info.domain));
+    }
    DEBUG(("username %s", self->rdp_layer->client_info.username));

    if (unicode_utf16_in(s, len_program, self->rdp_layer->client_info.program, sizeof(self->rdp_layer->client_info.program) - 1) != 0)
--- a/xrdp/xrdp.ini.in
+++ b/xrdp/xrdp.ini.in
@ -58,6 +58,10 @@ ssl_protocols=TLSv1.2, TLSv1.3
 ; set TLS cipher suites
 #tls_ciphers=HIGH

+; concats the domain name to the user if set for authentication with the separator
+; for example when the server is multi homed with SSSd
+#domain_user_separator=@
+
 ; Section name to use for automatic login if the client sends username
 ; and password. If empty, the domain name sent by the client is used.
 ; If empty and no domain name is given, the first suitable section in