/** * * @return 1 if the account is disabled, 0 otherwise * */ static int auth_account_disabled(struct spwd *stp) { int today; if (0 == stp) { /* if an invalid struct was passed we assume a disabled account */ return 1; } today = g_time1() / SECS_PER_DAY; LOG_DBG("last %d", stp->sp_lstchg); LOG_DBG("min %d", stp->sp_min); LOG_DBG("max %d", stp->sp_max); LOG_DBG("inact %d", stp->sp_inact); LOG_DBG("warn %d", stp->sp_warn); LOG_DBG("expire %d", stp->sp_expire); LOG_DBG("today %d", today); if ((stp->sp_expire != -1) && (today >= stp->sp_expire)) { return 1; } if (today >= (stp->sp_lstchg + stp->sp_max + stp->sp_inact)) { return 1; } return 0; }
void g_random(char *data, int len) { #if defined(_WIN32) int index; srand(g_time1()); for (index = 0; index < len; index++) { data[index] = (char)rand(); /* rand returns a number between 0 and RAND_MAX */ } #else int fd; memset(data, 0x44, len); fd = open("/dev/urandom", O_RDONLY); if (fd == -1) { fd = open("/dev/random", O_RDONLY); } if (fd != -1) { if (read(fd, data, len) != len) { } close(fd); } #endif }
/* returns error generates a new rsa key exp is passed in and mod and pri are passed out */ int APP_CC ssl_gen_key_xrdp1(int key_size_in_bits, char* exp, int exp_len, char* mod, int mod_len, char* pri, int pri_len) { int my_e; RSA* my_key; char* lmod; char* lpri; tui8* lexp; int error; int len; if ((exp_len != 4) || (mod_len != 64) || (pri_len != 64)) { return 1; } lmod = (char*)g_malloc(mod_len, 0); lpri = (char*)g_malloc(pri_len, 0); lexp = (tui8*)exp; my_e = lexp[0]; my_e |= lexp[1] << 8; my_e |= lexp[2] << 16; my_e |= lexp[3] << 24; /* srand is in stdlib.h */ srand(g_time1()); my_key = RSA_generate_key(key_size_in_bits, my_e, 0, 0); error = my_key == 0; if (error == 0) { len = BN_num_bytes(my_key->n); error = len != mod_len; } if (error == 0) { BN_bn2bin(my_key->n, (tui8*)lmod); ssl_reverse_it(lmod, mod_len); } if (error == 0) { len = BN_num_bytes(my_key->d); error = len != pri_len; } if (error == 0) { BN_bn2bin(my_key->d, (tui8*)lpri); ssl_reverse_it(lpri, pri_len); } if (error == 0) { g_memcpy(mod, lmod, mod_len); g_memcpy(pri, lpri, pri_len); } RSA_free(my_key); g_free(lmod); g_free(lpri); return error; }
int DEFAULT_CC auth_check_pwd_chg(char *user) { struct passwd *spw; struct spwd *stp; int now; long today; spw = getpwnam(user); if (spw == 0) { return AUTH_PWD_CHG_ERROR; } if (g_strncmp(spw->pw_passwd, "x", 3) != 0) { /* old system with only passwd */ return AUTH_PWD_CHG_OK; } /* the system is using shadow */ stp = getspnam(user); if (stp == 0) { return AUTH_PWD_CHG_ERROR; } /* check if we need a pwd change */ now = g_time1(); today = now / SECS_PER_DAY; if (stp->sp_expire == -1) { return AUTH_PWD_CHG_OK; } if (today >= (stp->sp_lstchg + stp->sp_max - stp->sp_warn)) { return AUTH_PWD_CHG_CHANGE; } if (today >= (stp->sp_lstchg + stp->sp_max)) { return AUTH_PWD_CHG_CHANGE_MANDATORY; } if (today < ((stp->sp_lstchg) + (stp->sp_min))) { /* cannot change pwd for now */ return AUTH_PWD_CHG_NOT_NOW; } return AUTH_PWD_CHG_OK; }
/* called with the main thread */ static int APP_CC session_start_fork(int width, int height, int bpp, char *username, char *password, tbus data, tui8 type, char *domain, char *program, char *directory, char *client_ip) { int display = 0; int pid = 0; int wmpid = 0; int xpid = 0; int i = 0; char geometry[32]; char depth[32]; char screen[32]; char text[256]; char passwd_file[256]; char **pp1 = (char **)NULL; struct session_chain *temp = (struct session_chain *)NULL; struct list *xserver_params = (struct list *)NULL; time_t ltime; struct tm stime; char execvpparams[2048]; /* initialize (zero out) local variables: */ g_memset(<ime, 0, sizeof(time_t)); g_memset(&stime, 0, sizeof(struct tm)); g_memset(geometry, 0, sizeof(char) * 32); g_memset(depth, 0, sizeof(char) * 32); g_memset(screen, 0, sizeof(char) * 32); g_memset(text, 0, sizeof(char) * 256); g_memset(passwd_file, 0, sizeof(char) * 256); /* check to limit concurrent sessions */ if (g_session_count >= g_cfg->sess.max_sessions) { log_message(LOG_LEVEL_INFO, "max concurrent session limit " "exceeded. login for user %s denied", username); return 0; } temp = (struct session_chain *)g_malloc(sizeof(struct session_chain), 0); if (temp == 0) { log_message(LOG_LEVEL_ERROR, "cannot create new chain " "element - user %s", username); return 0; } temp->item = (struct session_item *)g_malloc(sizeof(struct session_item), 0); if (temp->item == 0) { g_free(temp); log_message(LOG_LEVEL_ERROR, "cannot create new session " "item - user %s", username); return 0; } display = session_get_aval_display_from_chain(); if (display == 0) { g_free(temp->item); g_free(temp); return 0; } pid = g_fork(); if (pid == -1) { } else if (pid == 0) /* child sesman */ { g_tcp_close(g_sck); g_tcp_close(g_thread_sck); auth_start_session(data, display); g_sprintf(geometry, "%dx%d", width, height); g_sprintf(depth, "%d", bpp); g_sprintf(screen, ":%d", display); wmpid = g_fork(); if (wmpid == -1) { } else if (wmpid == 0) /* child (child sesman) xserver */ { wait_for_xserver(display); env_set_user(username, 0, display); if (x_server_running(display)) { auth_set_env(data); if (directory != 0) { if (directory[0] != 0) { g_set_current_dir(directory); } } if (program != 0) { if (program[0] != 0) { g_execlp3(program, program, 0); log_message(LOG_LEVEL_ALWAYS, "error starting program %s for user %s - pid %d", program, username, g_getpid()); } } /* try to execute user window manager if enabled */ if (g_cfg->enable_user_wm) { g_sprintf(text, "%s/%s", g_getenv("HOME"), g_cfg->user_wm); if (g_file_exist(text)) { g_execlp3(text, g_cfg->user_wm, 0); log_message(LOG_LEVEL_ALWAYS, "error starting user " "wm for user %s - pid %d", username, g_getpid()); /* logging parameters */ log_message(LOG_LEVEL_DEBUG, "errno: %d, " "description: %s", errno, g_get_strerror()); log_message(LOG_LEVEL_DEBUG, "execlp3 parameter " "list:"); log_message(LOG_LEVEL_DEBUG, " argv[0] = %s", text); log_message(LOG_LEVEL_DEBUG, " argv[1] = %s", g_cfg->user_wm); } } /* if we're here something happened to g_execlp3 so we try running the default window manager */ g_sprintf(text, "%s/%s", XRDP_CFG_PATH, g_cfg->default_wm); g_execlp3(text, g_cfg->default_wm, 0); log_message( LOG_LEVEL_ALWAYS, "error starting default " "wm for user %s - pid %d", username, g_getpid()); /* logging parameters */ log_message( LOG_LEVEL_DEBUG, "errno: %d, description: " "%s", errno, g_get_strerror()); log_message(LOG_LEVEL_DEBUG, "execlp3 parameter list:"); log_message(LOG_LEVEL_DEBUG, " argv[0] = %s", text); log_message(LOG_LEVEL_DEBUG, " argv[1] = %s", g_cfg->default_wm); /* still a problem starting window manager just start xterm */ g_execlp3("xterm", "xterm", 0); /* should not get here */ log_message(LOG_LEVEL_ALWAYS, "error starting xterm " "for user %s - pid %d", username, g_getpid()); /* logging parameters */ log_message(LOG_LEVEL_DEBUG, "errno: %d, description: " "%s", errno, g_get_strerror()); } else { log_message(LOG_LEVEL_ERROR, "another Xserver might " "already be active on display %d - see log", display); } log_message(LOG_LEVEL_DEBUG, "aborting connection..."); g_exit(0); } else /* parent (child sesman) */ { xpid = g_fork(); if (xpid == -1) { } else if (xpid == 0) /* child */ { env_set_user(username, passwd_file, display); env_check_password_file(passwd_file, password); if (type == SESMAN_SESSION_TYPE_XVNC) { xserver_params = list_create(); xserver_params->auto_free = 1; /* these are the must have parameters */ list_add_item(xserver_params, (long)g_strdup("Xvnc")); list_add_item(xserver_params, (long)g_strdup(screen)); list_add_item(xserver_params, (long)g_strdup("-geometry")); list_add_item(xserver_params, (long)g_strdup(geometry)); list_add_item(xserver_params, (long)g_strdup("-depth")); list_add_item(xserver_params, (long)g_strdup(depth)); list_add_item(xserver_params, (long)g_strdup("-rfbauth")); list_add_item(xserver_params, (long)g_strdup(passwd_file)); /* additional parameters from sesman.ini file */ //config_read_xserver_params(SESMAN_SESSION_TYPE_XVNC, // xserver_params); list_append_list_strdup(g_cfg->vnc_params, xserver_params, 0); /* make sure it ends with a zero */ list_add_item(xserver_params, 0); pp1 = (char **)xserver_params->items; log_message(LOG_LEVEL_INFO, "Xvnc start:%s", dumpItemsToString(xserver_params, execvpparams, 2048)); g_execvp("Xvnc", pp1); } else if (type == SESMAN_SESSION_TYPE_XRDP) { xserver_params = list_create(); xserver_params->auto_free = 1; /* these are the must have parameters */ list_add_item(xserver_params, (long)g_strdup("X11rdp")); list_add_item(xserver_params, (long)g_strdup(screen)); list_add_item(xserver_params, (long)g_strdup("-geometry")); list_add_item(xserver_params, (long)g_strdup(geometry)); list_add_item(xserver_params, (long)g_strdup("-depth")); list_add_item(xserver_params, (long)g_strdup(depth)); /* additional parameters from sesman.ini file */ //config_read_xserver_params(SESMAN_SESSION_TYPE_XRDP, // xserver_params); list_append_list_strdup(g_cfg->rdp_params, xserver_params, 0); /* make sure it ends with a zero */ list_add_item(xserver_params, 0); pp1 = (char **)xserver_params->items; log_message(LOG_LEVEL_INFO, "X11rdp start:%s", dumpItemsToString(xserver_params, execvpparams, 2048)); g_execvp("X11rdp", pp1); } else { log_message(LOG_LEVEL_ALWAYS, "bad session type - " "user %s - pid %d", username, g_getpid()); g_exit(1); } /* should not get here */ log_message(LOG_LEVEL_ALWAYS, "error starting X server " "- user %s - pid %d", username, g_getpid()); /* logging parameters */ log_message(LOG_LEVEL_DEBUG, "errno: %d, description: " "%s", errno, g_get_strerror()); log_message(LOG_LEVEL_DEBUG, "execve parameter list size: " "%d", (xserver_params)->count); for (i = 0; i < (xserver_params->count); i++) { log_message(LOG_LEVEL_DEBUG, " argv[%d] = %s", i, (char *)list_get_item(xserver_params, i)); } list_delete(xserver_params); g_exit(1); } else /* parent (child sesman)*/ { wait_for_xserver(display); g_snprintf(text, 255, "%d", display); g_setenv("XRDP_SESSVC_DISPLAY", text, 1); g_snprintf(text, 255, ":%d.0", display); g_setenv("DISPLAY", text, 1); /* new style waiting for clients */ session_start_sessvc(xpid, wmpid, data, username, display); } } } else /* parent sesman process */ { temp->item->pid = pid; temp->item->display = display; temp->item->width = width; temp->item->height = height; temp->item->bpp = bpp; temp->item->data = data; g_strncpy(temp->item->client_ip, client_ip, 255); /* store client ip data */ g_strncpy(temp->item->name, username, 255); ltime = g_time1(); localtime_r(<ime, &stime); temp->item->connect_time.year = (tui16)(stime.tm_year + 1900); temp->item->connect_time.month = (tui8)stime.tm_mon; temp->item->connect_time.day = (tui8)stime.tm_mday; temp->item->connect_time.hour = (tui8)stime.tm_hour; temp->item->connect_time.minute = (tui8)stime.tm_min; zero_time(&(temp->item->disconnect_time)); zero_time(&(temp->item->idle_time)); temp->item->type = type; temp->item->status = SESMAN_SESSION_STATUS_ACTIVE; temp->next = g_sessions; g_sessions = temp; g_session_count++; } return display; }
int auth_change_pwd(char *user, char *newpwd) { struct passwd *spw; struct spwd *stp; char hash[35] = ""; long today; FILE *fd; if (0 != lckpwdf()) { return 1; } /* open passwd */ spw = getpwnam(user); if (spw == 0) { return 1; } if (g_strncmp(spw->pw_passwd, "x", 3) != 0) { /* old system with only passwd */ if (auth_crypt_pwd(spw->pw_passwd, newpwd, hash) != 0) { ulckpwdf(); return 1; } spw->pw_passwd = g_strdup(hash); fd = fopen("/etc/passwd", "rw"); putpwent(spw, fd); } else { /* the system is using shadow */ stp = getspnam(user); if (stp == 0) { return 1; } /* old system with only passwd */ if (auth_crypt_pwd(stp->sp_pwdp, newpwd, hash) != 0) { ulckpwdf(); return 1; } stp->sp_pwdp = g_strdup(hash); today = g_time1() / SECS_PER_DAY; stp->sp_lstchg = today; stp->sp_expire = today + stp->sp_max + stp->sp_inact; fd = fopen("/etc/shadow", "rw"); putspent(stp, fd); } ulckpwdf(); return 0; }
static int clipboard_get_file(const char *file, int bytes) { int sindex; int pindex; int flags; char full_fn[256]; /* /etc/xrdp/xrdp.ini */ char filename[256]; /* xrdp.ini */ char pathname[256]; /* /etc/xrdp */ struct cb_file_info *cfi; /* x-special/gnome-copied-files */ if ((g_strncmp(file, "copy", 4) == 0) && (bytes == 4)) { return 0; } if ((g_strncmp(file, "cut", 3) == 0) && (bytes == 3)) { return 0; } sindex = 0; flags = CB_FILE_ATTRIBUTE_ARCHIVE; /* text/uri-list */ /* x-special/gnome-copied-files */ if (g_strncmp(file, "file://", 7) == 0) { sindex = 7; } pindex = bytes; while (pindex > sindex) { if (file[pindex] == '/') { break; } pindex--; } g_memset(pathname, 0, 256); g_memset(filename, 0, 256); g_memcpy(pathname, file + sindex, pindex - sindex); if (pathname[0] == 0) { pathname[0] = '/'; } g_memcpy(filename, file + pindex + 1, (bytes - 1) - pindex); /* this should replace %20 with space */ clipboard_check_file(pathname); clipboard_check_file(filename); g_snprintf(full_fn, 255, "%s/%s", pathname, filename); if (g_directory_exist(full_fn)) { log_error("clipboard_get_file: file [%s] is a directory, " "not supported", full_fn); flags |= CB_FILE_ATTRIBUTE_DIRECTORY; return 1; } if (!g_file_exist(full_fn)) { log_error("clipboard_get_file: file [%s] does not exist", full_fn); return 1; } else { cfi = (struct cb_file_info*)g_malloc(sizeof(struct cb_file_info), 1); list_add_item(g_files_list, (tintptr)cfi); g_strcpy(cfi->filename, filename); g_strcpy(cfi->pathname, pathname); cfi->size = g_file_get_size(full_fn); cfi->flags = flags; cfi->time = (g_time1() + CB_EPOCH_DIFF) * 10000000LL; log_debug("ok filename [%s] pathname [%s] size [%d]", cfi->filename, cfi->pathname, cfi->size); } return 0; }