/**
*
* @return 1 if the account is disabled, 0 otherwise
*
*/
static int auth_account_disabled(struct spwd *stp)
{
int today;
if (0 == stp)
{
/* if an invalid struct was passed we assume a disabled account */
return 1;
}
today = g_time1() / SECS_PER_DAY;
LOG_DBG("last %d", stp->sp_lstchg); LOG_DBG("min %d", stp->sp_min); LOG_DBG("max %d", stp->sp_max); LOG_DBG("inact %d", stp->sp_inact); LOG_DBG("warn %d", stp->sp_warn); LOG_DBG("expire %d", stp->sp_expire); LOG_DBG("today %d", today);
if ((stp->sp_expire != -1) && (today >= stp->sp_expire))
{
return 1;
}
if (today >= (stp->sp_lstchg + stp->sp_max + stp->sp_inact))
{
return 1;
}
return 0;
}
void g_random(char *data, int len)
{
#if defined(_WIN32)
int index;
srand(g_time1());
for (index = 0; index < len; index++)
{
data[index] = (char)rand(); /* rand returns a number between 0 and
RAND_MAX */
}
#else
int fd;
memset(data, 0x44, len);
fd = open("/dev/urandom", O_RDONLY);
if (fd == -1)
{
fd = open("/dev/random", O_RDONLY);
}
if (fd != -1)
{
if (read(fd, data, len) != len)
{
}
close(fd);
}
#endif
}
/* returns error
generates a new rsa key
exp is passed in and mod and pri are passed out */
int APP_CC
ssl_gen_key_xrdp1(int key_size_in_bits, char* exp, int exp_len,
char* mod, int mod_len, char* pri, int pri_len)
{
int my_e;
RSA* my_key;
char* lmod;
char* lpri;
tui8* lexp;
int error;
int len;
if ((exp_len != 4) || (mod_len != 64) || (pri_len != 64))
{
return 1;
}
lmod = (char*)g_malloc(mod_len, 0);
lpri = (char*)g_malloc(pri_len, 0);
lexp = (tui8*)exp;
my_e = lexp[0];
my_e |= lexp[1] << 8;
my_e |= lexp[2] << 16;
my_e |= lexp[3] << 24;
/* srand is in stdlib.h */
srand(g_time1());
my_key = RSA_generate_key(key_size_in_bits, my_e, 0, 0);
error = my_key == 0;
if (error == 0)
{
len = BN_num_bytes(my_key->n);
error = len != mod_len;
}
if (error == 0)
{
BN_bn2bin(my_key->n, (tui8*)lmod);
ssl_reverse_it(lmod, mod_len);
}
if (error == 0)
{
len = BN_num_bytes(my_key->d);
error = len != pri_len;
}
if (error == 0)
{
BN_bn2bin(my_key->d, (tui8*)lpri);
ssl_reverse_it(lpri, pri_len);
}
if (error == 0)
{
g_memcpy(mod, lmod, mod_len);
g_memcpy(pri, lpri, pri_len);
}
RSA_free(my_key);
g_free(lmod);
g_free(lpri);
return error;
}
int DEFAULT_CC
auth_check_pwd_chg(char *user)
{
struct passwd *spw;
struct spwd *stp;
int now;
long today;
spw = getpwnam(user);
if (spw == 0)
{
return AUTH_PWD_CHG_ERROR;
}
if (g_strncmp(spw->pw_passwd, "x", 3) != 0)
{
/* old system with only passwd */
return AUTH_PWD_CHG_OK;
}
/* the system is using shadow */
stp = getspnam(user);
if (stp == 0)
{
return AUTH_PWD_CHG_ERROR;
}
/* check if we need a pwd change */
now = g_time1();
today = now / SECS_PER_DAY;
if (stp->sp_expire == -1)
{
return AUTH_PWD_CHG_OK;
}
if (today >= (stp->sp_lstchg + stp->sp_max - stp->sp_warn))
{
return AUTH_PWD_CHG_CHANGE;
}
if (today >= (stp->sp_lstchg + stp->sp_max))
{
return AUTH_PWD_CHG_CHANGE_MANDATORY;
}
if (today < ((stp->sp_lstchg) + (stp->sp_min)))
{
/* cannot change pwd for now */
return AUTH_PWD_CHG_NOT_NOW;
}
return AUTH_PWD_CHG_OK;
}
/* called with the main thread */
static int APP_CC
session_start_fork(int width, int height, int bpp, char *username,
char *password, tbus data, tui8 type, char *domain,
char *program, char *directory, char *client_ip)
{
int display = 0;
int pid = 0;
int wmpid = 0;
int xpid = 0;
int i = 0;
char geometry[32];
char depth[32];
char screen[32];
char text[256];
char passwd_file[256];
char **pp1 = (char **)NULL;
struct session_chain *temp = (struct session_chain *)NULL;
struct list *xserver_params = (struct list *)NULL;
time_t ltime;
struct tm stime;
char execvpparams[2048];
/* initialize (zero out) local variables: */
g_memset(<ime, 0, sizeof(time_t));
g_memset(&stime, 0, sizeof(struct tm));
g_memset(geometry, 0, sizeof(char) * 32);
g_memset(depth, 0, sizeof(char) * 32);
g_memset(screen, 0, sizeof(char) * 32);
g_memset(text, 0, sizeof(char) * 256);
g_memset(passwd_file, 0, sizeof(char) * 256);
/* check to limit concurrent sessions */
if (g_session_count >= g_cfg->sess.max_sessions)
{
log_message(LOG_LEVEL_INFO, "max concurrent session limit "
"exceeded. login for user %s denied", username);
return 0;
}
temp = (struct session_chain *)g_malloc(sizeof(struct session_chain), 0);
if (temp == 0)
{
log_message(LOG_LEVEL_ERROR, "cannot create new chain "
"element - user %s", username);
return 0;
}
temp->item = (struct session_item *)g_malloc(sizeof(struct session_item), 0);
if (temp->item == 0)
{
g_free(temp);
log_message(LOG_LEVEL_ERROR, "cannot create new session "
"item - user %s", username);
return 0;
}
display = session_get_aval_display_from_chain();
if (display == 0)
{
g_free(temp->item);
g_free(temp);
return 0;
}
pid = g_fork();
if (pid == -1)
{
}
else if (pid == 0) /* child sesman */
{
g_tcp_close(g_sck);
g_tcp_close(g_thread_sck);
auth_start_session(data, display);
g_sprintf(geometry, "%dx%d", width, height);
g_sprintf(depth, "%d", bpp);
g_sprintf(screen, ":%d", display);
wmpid = g_fork();
if (wmpid == -1)
{
}
else if (wmpid == 0) /* child (child sesman) xserver */
{
wait_for_xserver(display);
env_set_user(username, 0, display);
if (x_server_running(display))
{
auth_set_env(data);
if (directory != 0)
{
if (directory[0] != 0)
{
g_set_current_dir(directory);
}
}
if (program != 0)
{
if (program[0] != 0)
{
g_execlp3(program, program, 0);
log_message(LOG_LEVEL_ALWAYS,
"error starting program %s for user %s - pid %d",
program, username, g_getpid());
}
}
/* try to execute user window manager if enabled */
if (g_cfg->enable_user_wm)
{
g_sprintf(text, "%s/%s", g_getenv("HOME"), g_cfg->user_wm);
if (g_file_exist(text))
{
g_execlp3(text, g_cfg->user_wm, 0);
log_message(LOG_LEVEL_ALWAYS, "error starting user "
"wm for user %s - pid %d", username, g_getpid());
/* logging parameters */
log_message(LOG_LEVEL_DEBUG, "errno: %d, "
"description: %s", errno, g_get_strerror());
log_message(LOG_LEVEL_DEBUG, "execlp3 parameter "
"list:");
log_message(LOG_LEVEL_DEBUG, " argv[0] = %s",
text);
log_message(LOG_LEVEL_DEBUG, " argv[1] = %s",
g_cfg->user_wm);
}
}
/* if we're here something happened to g_execlp3
so we try running the default window manager */
g_sprintf(text, "%s/%s", XRDP_CFG_PATH, g_cfg->default_wm);
g_execlp3(text, g_cfg->default_wm, 0);
log_message( LOG_LEVEL_ALWAYS, "error starting default "
"wm for user %s - pid %d", username, g_getpid());
/* logging parameters */
log_message( LOG_LEVEL_DEBUG, "errno: %d, description: "
"%s", errno, g_get_strerror());
log_message(LOG_LEVEL_DEBUG, "execlp3 parameter list:");
log_message(LOG_LEVEL_DEBUG, " argv[0] = %s",
text);
log_message(LOG_LEVEL_DEBUG, " argv[1] = %s",
g_cfg->default_wm);
/* still a problem starting window manager just start xterm */
g_execlp3("xterm", "xterm", 0);
/* should not get here */
log_message(LOG_LEVEL_ALWAYS, "error starting xterm "
"for user %s - pid %d", username, g_getpid());
/* logging parameters */
log_message(LOG_LEVEL_DEBUG, "errno: %d, description: "
"%s", errno, g_get_strerror());
}
else
{
log_message(LOG_LEVEL_ERROR, "another Xserver might "
"already be active on display %d - see log", display);
}
log_message(LOG_LEVEL_DEBUG, "aborting connection...");
g_exit(0);
}
else /* parent (child sesman) */
{
xpid = g_fork();
if (xpid == -1)
{
}
else if (xpid == 0) /* child */
{
env_set_user(username, passwd_file, display);
env_check_password_file(passwd_file, password);
if (type == SESMAN_SESSION_TYPE_XVNC)
{
xserver_params = list_create();
xserver_params->auto_free = 1;
/* these are the must have parameters */
list_add_item(xserver_params, (long)g_strdup("Xvnc"));
list_add_item(xserver_params, (long)g_strdup(screen));
list_add_item(xserver_params, (long)g_strdup("-geometry"));
list_add_item(xserver_params, (long)g_strdup(geometry));
list_add_item(xserver_params, (long)g_strdup("-depth"));
list_add_item(xserver_params, (long)g_strdup(depth));
list_add_item(xserver_params, (long)g_strdup("-rfbauth"));
list_add_item(xserver_params, (long)g_strdup(passwd_file));
/* additional parameters from sesman.ini file */
//config_read_xserver_params(SESMAN_SESSION_TYPE_XVNC,
// xserver_params);
list_append_list_strdup(g_cfg->vnc_params, xserver_params, 0);
/* make sure it ends with a zero */
list_add_item(xserver_params, 0);
pp1 = (char **)xserver_params->items;
log_message(LOG_LEVEL_INFO, "Xvnc start:%s", dumpItemsToString(xserver_params, execvpparams, 2048));
g_execvp("Xvnc", pp1);
}
else if (type == SESMAN_SESSION_TYPE_XRDP)
{
xserver_params = list_create();
xserver_params->auto_free = 1;
/* these are the must have parameters */
list_add_item(xserver_params, (long)g_strdup("X11rdp"));
list_add_item(xserver_params, (long)g_strdup(screen));
list_add_item(xserver_params, (long)g_strdup("-geometry"));
list_add_item(xserver_params, (long)g_strdup(geometry));
list_add_item(xserver_params, (long)g_strdup("-depth"));
list_add_item(xserver_params, (long)g_strdup(depth));
/* additional parameters from sesman.ini file */
//config_read_xserver_params(SESMAN_SESSION_TYPE_XRDP,
// xserver_params);
list_append_list_strdup(g_cfg->rdp_params, xserver_params, 0);
/* make sure it ends with a zero */
list_add_item(xserver_params, 0);
pp1 = (char **)xserver_params->items;
log_message(LOG_LEVEL_INFO, "X11rdp start:%s", dumpItemsToString(xserver_params, execvpparams, 2048));
g_execvp("X11rdp", pp1);
}
else
{
log_message(LOG_LEVEL_ALWAYS, "bad session type - "
"user %s - pid %d", username, g_getpid());
g_exit(1);
}
/* should not get here */
log_message(LOG_LEVEL_ALWAYS, "error starting X server "
"- user %s - pid %d", username, g_getpid());
/* logging parameters */
log_message(LOG_LEVEL_DEBUG, "errno: %d, description: "
"%s", errno, g_get_strerror());
log_message(LOG_LEVEL_DEBUG, "execve parameter list size: "
"%d", (xserver_params)->count);
for (i = 0; i < (xserver_params->count); i++)
{
log_message(LOG_LEVEL_DEBUG, " argv[%d] = %s",
i, (char *)list_get_item(xserver_params, i));
}
list_delete(xserver_params);
g_exit(1);
}
else /* parent (child sesman)*/
{
wait_for_xserver(display);
g_snprintf(text, 255, "%d", display);
g_setenv("XRDP_SESSVC_DISPLAY", text, 1);
g_snprintf(text, 255, ":%d.0", display);
g_setenv("DISPLAY", text, 1);
/* new style waiting for clients */
session_start_sessvc(xpid, wmpid, data, username, display);
}
}
}
else /* parent sesman process */
{
temp->item->pid = pid;
temp->item->display = display;
temp->item->width = width;
temp->item->height = height;
temp->item->bpp = bpp;
temp->item->data = data;
g_strncpy(temp->item->client_ip, client_ip, 255); /* store client ip data */
g_strncpy(temp->item->name, username, 255);
ltime = g_time1();
localtime_r(<ime, &stime);
temp->item->connect_time.year = (tui16)(stime.tm_year + 1900);
temp->item->connect_time.month = (tui8)stime.tm_mon;
temp->item->connect_time.day = (tui8)stime.tm_mday;
temp->item->connect_time.hour = (tui8)stime.tm_hour;
temp->item->connect_time.minute = (tui8)stime.tm_min;
zero_time(&(temp->item->disconnect_time));
zero_time(&(temp->item->idle_time));
temp->item->type = type;
temp->item->status = SESMAN_SESSION_STATUS_ACTIVE;
temp->next = g_sessions;
g_sessions = temp;
g_session_count++;
}
return display;
}
int auth_change_pwd(char *user, char *newpwd)
{
struct passwd *spw;
struct spwd *stp;
char hash[35] = "";
long today;
FILE *fd;
if (0 != lckpwdf())
{
return 1;
}
/* open passwd */
spw = getpwnam(user);
if (spw == 0)
{
return 1;
}
if (g_strncmp(spw->pw_passwd, "x", 3) != 0)
{
/* old system with only passwd */
if (auth_crypt_pwd(spw->pw_passwd, newpwd, hash) != 0)
{
ulckpwdf();
return 1;
}
spw->pw_passwd = g_strdup(hash);
fd = fopen("/etc/passwd", "rw");
putpwent(spw, fd);
}
else
{
/* the system is using shadow */
stp = getspnam(user);
if (stp == 0)
{
return 1;
}
/* old system with only passwd */
if (auth_crypt_pwd(stp->sp_pwdp, newpwd, hash) != 0)
{
ulckpwdf();
return 1;
}
stp->sp_pwdp = g_strdup(hash);
today = g_time1() / SECS_PER_DAY;
stp->sp_lstchg = today;
stp->sp_expire = today + stp->sp_max + stp->sp_inact;
fd = fopen("/etc/shadow", "rw");
putspent(stp, fd);
}
ulckpwdf();
return 0;
}
static int
clipboard_get_file(const char *file, int bytes)
{
int sindex;
int pindex;
int flags;
char full_fn[256]; /* /etc/xrdp/xrdp.ini */
char filename[256]; /* xrdp.ini */
char pathname[256]; /* /etc/xrdp */
struct cb_file_info *cfi;
/* x-special/gnome-copied-files */
if ((g_strncmp(file, "copy", 4) == 0) && (bytes == 4))
{
return 0;
}
if ((g_strncmp(file, "cut", 3) == 0) && (bytes == 3))
{
return 0;
}
sindex = 0;
flags = CB_FILE_ATTRIBUTE_ARCHIVE;
/* text/uri-list */
/* x-special/gnome-copied-files */
if (g_strncmp(file, "file://", 7) == 0)
{
sindex = 7;
}
pindex = bytes;
while (pindex > sindex)
{
if (file[pindex] == '/')
{
break;
}
pindex--;
}
g_memset(pathname, 0, 256);
g_memset(filename, 0, 256);
g_memcpy(pathname, file + sindex, pindex - sindex);
if (pathname[0] == 0)
{
pathname[0] = '/';
}
g_memcpy(filename, file + pindex + 1, (bytes - 1) - pindex);
/* this should replace %20 with space */
clipboard_check_file(pathname);
clipboard_check_file(filename);
g_snprintf(full_fn, 255, "%s/%s", pathname, filename);
if (g_directory_exist(full_fn))
{
log_error("clipboard_get_file: file [%s] is a directory, "
"not supported", full_fn);
flags |= CB_FILE_ATTRIBUTE_DIRECTORY;
return 1;
}
if (!g_file_exist(full_fn))
{
log_error("clipboard_get_file: file [%s] does not exist",
full_fn);
return 1;
}
else
{
cfi = (struct cb_file_info*)g_malloc(sizeof(struct cb_file_info), 1);
list_add_item(g_files_list, (tintptr)cfi);
g_strcpy(cfi->filename, filename);
g_strcpy(cfi->pathname, pathname);
cfi->size = g_file_get_size(full_fn);
cfi->flags = flags;
cfi->time = (g_time1() + CB_EPOCH_DIFF) * 10000000LL;
log_debug("ok filename [%s] pathname [%s] size [%d]",
cfi->filename, cfi->pathname, cfi->size);
}
return 0;
}
