From a6a0e5e004dad5166b6b9b42bba7653ba363a40e Mon Sep 17 00:00:00 2001 From: Bolke de Bruin Date: Sun, 30 Aug 2020 21:20:21 +0200 Subject: [PATCH] Allow domain name to be concatenated to username If a server is multihomed (i.e. mutiple domains) the users are identified by their domain name. This change allows to concat the domain name to the username with a specific separator. --- common/os_calls.c | 13 +++++++++++++ common/os_calls.h | 1 + common/xrdp_client_info.h | 1 + libxrdp/xrdp_rdp.c | 6 +++++- libxrdp/xrdp_sec.c | 17 ++++++++++++----- xrdp/xrdp.ini.in | 4 ++++ 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/common/os_calls.c b/common/os_calls.c index 463af84c..5ed7db12 100644 --- a/common/os_calls.c +++ b/common/os_calls.c @@ -2590,6 +2590,19 @@ g_strcat(char *dest, const char *src) return strcat(dest, src); } +/*****************************************************************************/ +/* returns dest */ +char * +g_strncat(char *dest, const char *src, int len) +{ + if (dest == 0 || src == 0) + { + return dest; + } + + return strncat(dest, src, len); +} + /*****************************************************************************/ /* if in = 0, return 0 else return newly alloced copy of in */ char * diff --git a/common/os_calls.h b/common/os_calls.h index b52a84df..0245f0b9 100644 --- a/common/os_calls.h +++ b/common/os_calls.h @@ -124,6 +124,7 @@ const char *g_strchr(const char *text, int c); char* g_strcpy(char* dest, const char* src); char* g_strncpy(char* dest, const char* src, int len); char* g_strcat(char* dest, const char* src); +char* g_strncat(char* dest, const char* src, int len); char* g_strdup(const char* in); char* g_strndup(const char* in, const unsigned int maxlen); int g_strcmp(const char* c1, const char* c2); diff --git a/common/xrdp_client_info.h b/common/xrdp_client_info.h index 3c43f34f..7aaee159 100644 --- a/common/xrdp_client_info.h +++ b/common/xrdp_client_info.h @@ -161,6 +161,7 @@ struct xrdp_client_info int suppress_output; int enable_token_login; + char domain_user_separator[16]; }; #endif diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 629dd88b..9167eaf1 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -280,7 +280,11 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) client_info->key_file, g_get_strerror()); } } - + else if (g_strcasecmp(item, "domain_user_separator") == 0 + && g_strlen(value) > 0) + { + g_strncpy(client_info->domain_user_separator, value, sizeof(client_info->domain_user_separator) - 1); + } } list_delete(items); diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index fde6f110..7317c639 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -738,7 +738,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s) if (len_domain >= INFO_CLIENT_MAX_CB_LEN) { - DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain > 511")); + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain >= %d", INFO_CLIENT_MAX_CB_LEN)); return 1; } @@ -760,7 +760,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s) if (len_user >= INFO_CLIENT_MAX_CB_LEN) { - DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user > 511")); + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user >= %d", INFO_CLIENT_MAX_CB_LEN)); return 1; } @@ -772,7 +772,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s) if (len_password >= INFO_CLIENT_MAX_CB_LEN) { - DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password > 511")); + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password >= %d", INFO_CLIENT_MAX_CB_LEN)); return 1; } @@ -784,7 +784,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s) if (len_program >= INFO_CLIENT_MAX_CB_LEN) { - DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program > 511")); + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program >= %d", INFO_CLIENT_MAX_CB_LEN)); return 1; } @@ -796,7 +796,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s) if (len_directory >= INFO_CLIENT_MAX_CB_LEN) { - DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory > 511")); + DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory >= %d", INFO_CLIENT_MAX_CB_LEN)); return 1; } @@ -842,6 +842,13 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s) return 1; /* credentials on cmd line is mandatory */ } } + if (self->rdp_layer->client_info.domain_user_separator[0] != '\0' + && self->rdp_layer->client_info.domain[0] != '\0') + { + int size = sizeof(self->rdp_layer->client_info.username); + g_strncat(self->rdp_layer->client_info.username, self->rdp_layer->client_info.domain_user_separator, size - 1 - g_strlen(self->rdp_layer->client_info.domain_user_separator)); + g_strncat(self->rdp_layer->client_info.username, self->rdp_layer->client_info.domain, size - 1 - g_strlen(self->rdp_layer->client_info.domain)); + } DEBUG(("username %s", self->rdp_layer->client_info.username)); if (unicode_utf16_in(s, len_program, self->rdp_layer->client_info.program, sizeof(self->rdp_layer->client_info.program) - 1) != 0) diff --git a/xrdp/xrdp.ini.in b/xrdp/xrdp.ini.in index b66768f2..94b9d8b0 100644 --- a/xrdp/xrdp.ini.in +++ b/xrdp/xrdp.ini.in @@ -58,6 +58,10 @@ ssl_protocols=TLSv1.2, TLSv1.3 ; set TLS cipher suites #tls_ciphers=HIGH +; concats the domain name to the user if set for authentication with the separator +; for example when the server is multi homed with SSSd +#domain_user_separator=@ + ; Section name to use for automatic login if the client sends username ; and password. If empty, the domain name sent by the client is used. ; If empty and no domain name is given, the first suitable section in