void DEFAULT_CC scp_v1_mng_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) { long data; enum SCP_SERVER_STATES_E e; struct SCP_DISCONNECTED_SESSION *slist = 0; int scount; int end = 0; data = auth_userpass(s->username, s->password,NULL); /*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/ if (!data) { scp_v1s_mng_deny_connection(c, "Login failed"); log_message(LOG_LEVEL_INFO, "[MNG] Login failed for user %s. Connection terminated", s->username); scp_session_destroy(s); auth_end(data); return; } /* testing if login is allowed */ if (0 == access_login_mng_allowed(s->username)) { scp_v1s_mng_deny_connection(c, "Access to Terminal Server not allowed."); log_message(LOG_LEVEL_INFO, "[MNG] User %s not allowed on TS. Connection terminated", s->username); scp_session_destroy(s); auth_end(data); return; } e = scp_v1s_mng_allow_connection(c, s); end = 1; while (end) { switch (e) { case SCP_SERVER_STATE_MNG_ACTION: log_message(LOG_LEVEL_INFO, "Connection cancelled after session listing"); break; case SCP_SERVER_STATE_MNG_LISTREQ: /* list disconnected sessions */ slist = session_get_byuser(NULL, &scount, SESMAN_SESSION_STATUS_ALL); LOG_DBG("sessions on TS: %d (slist: %x)", scount, slist); if (0 == slist) { // e=scp_v1s_connection_error(c, "Internal error"); log_message(LOG_LEVEL_INFO, "No sessions on Terminal Server"); end = 0; } else { e = scp_v1s_mng_list_sessions(c, s, scount, slist); g_free(slist); } break; default: /* we check the other errors */ parseCommonStates(e, "scp_v1s_mng_list_sessions()"); end = 0; break; } } /* cleanup */ scp_session_destroy(s); auth_end(data); }
void DEFAULT_CC scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) { long data; int display; int retries; int current_try; enum SCP_SERVER_STATES_E e; struct SCP_DISCONNECTED_SESSION *slist; struct session_item *sitem; int scount; SCP_SID sid; retries = g_cfg->sec.login_retry; current_try = retries; data = auth_userpass(s->username, s->password); /*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/ while ((!data) && ((retries == 0) || (current_try > 0))) { LOG_DBG("data %d - retry %d - currenttry %d - expr %d", data, retries, current_try, ((!data) && ((retries == 0) || (current_try > 0)))); e = scp_v1s_request_password(c, s, "Wrong username and/or password"); switch (e) { case SCP_SERVER_STATE_OK: /* all ok, we got new username and password */ data = auth_userpass(s->username, s->password); /* one try less */ if (current_try > 0) { current_try--; } break; default: /* we check the other errors */ parseCommonStates(e, "scp_v1s_list_sessions()"); scp_session_destroy(s); return; //break; } } if (!data) { scp_v1s_deny_connection(c, "Login failed"); log_message( LOG_LEVEL_INFO, "Login failed for user %s. Connection terminated", s->username); scp_session_destroy(s); return; } /* testing if login is allowed*/ if (0 == access_login_allowed(s->username)) { scp_v1s_deny_connection(c, "Access to Terminal Server not allowed."); log_message(LOG_LEVEL_INFO, "User %s not allowed on TS. Connection terminated", s->username); scp_session_destroy(s); return; } //check if we need password change /* list disconnected sessions */ slist = session_get_byuser(s->username, &scount, SESMAN_SESSION_STATUS_DISCONNECTED); if (scount == 0) { /* no disconnected sessions - start a new one */ log_message(LOG_LEVEL_DEBUG, "No disconnected sessions for this user" "- we create a new one"); if (0 != s->client_ip) { log_message(LOG_LEVEL_INFO, "++ created session (access granted): username %s, ip %s", s->username, s->client_ip); } else { log_message(LOG_LEVEL_INFO, "++ created session (access granted): username %s", s->username); } if (SCP_SESSION_TYPE_XVNC == s->type) { log_message(LOG_LEVEL_INFO, "starting Xvnc session..."); display = session_start(s->width, s->height, s->bpp, s->username, s->password, data, SESMAN_SESSION_TYPE_XVNC, s->domain, s->program, s->directory, s->client_ip); } else { log_message(LOG_LEVEL_INFO, "starting X11rdp session..."); display = session_start(s->width, s->height, s->bpp, s->username, s->password, data, SESMAN_SESSION_TYPE_XRDP, s->domain, s->program, s->directory, s->client_ip); } e = scp_v1s_connect_new_session(c, display); switch (e) { case SCP_SERVER_STATE_OK: /* all ok, we got new username and password */ break; default: /* we check the other errors */ parseCommonStates(e, "scp_v1s_connect_new_session()"); break; } } else { /* one or more disconnected sessions - listing */ e = scp_v1s_list_sessions(c, scount, slist, &sid); switch (e) { /*case SCP_SERVER_STATE_FORCE_NEW:*/ /* we should check for MaxSessions */ case SCP_SERVER_STATE_SELECTION_CANCEL: log_message( LOG_LEVEL_INFO, "Connection cancelled after session listing"); break; case SCP_SERVER_STATE_OK: /* ok, reconnecting... */ sitem = session_get_bypid(sid); if (0 == sitem) { e = scp_v1s_connection_error(c, "Internal error"); log_message(LOG_LEVEL_INFO, "Cannot find session item on the chain"); } else { display = sitem->display; /*e=scp_v1s_reconnect_session(c, sitem, display);*/ e = scp_v1s_reconnect_session(c, display); if (0 != s->client_ip) { log_message(LOG_LEVEL_INFO, "++ reconnected session: username %s, display :%d.0, session_pid %d, ip %s", s->username, display, sitem->pid, s->client_ip); } else { log_message(LOG_LEVEL_INFO, "++ reconnected session: username %s, display :%d.0, session_pid %d", s->username, display, sitem->pid); } g_free(sitem); } break; default: /* we check the other errors */ parseCommonStates(e, "scp_v1s_list_sessions()"); break; } g_free(slist); } /* resource management */ if ((e == SCP_SERVER_STATE_OK) && (s->rsr)) { /* here goes scp resource sharing code */ } /* cleanup */ scp_session_destroy(s); auth_end(data); }
/* server API */ enum SCP_SERVER_STATES_E scp_v1s_accept(struct SCP_CONNECTION* c, struct SCP_SESSION** s, int skipVchk) { struct SCP_SESSION* session; tui32 version; tui32 size; tui16 cmdset; tui16 cmd; tui8 sz; char buf[257]; if (!skipVchk) { if (0 == scp_tcp_force_recv(c->in_sck, c->in_s->data, 8)) { in_uint32_be(c->in_s, version); if (version != 1) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: version error", __LINE__); return SCP_SERVER_STATE_VERSION_ERR; } } else { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_NETWORK_ERR; } } in_uint32_be(c->in_s, size); if (size < 12) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: size error", __LINE__); return SCP_SERVER_STATE_SIZE_ERR; } init_stream(c->in_s, c->in_s->size); if (0 != scp_tcp_force_recv(c->in_sck, c->in_s->data, (size-8))) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_NETWORK_ERR; } /* reading command set */ in_uint16_be(c->in_s, cmdset); /* if we are starting a management session */ if (cmdset == SCP_COMMAND_SET_MANAGE) { log_message(LOG_LEVEL_DEBUG, "[v1s:%d] requested management connection", __LINE__); /* should return SCP_SERVER_STATE_START_MANAGE */ return scp_v1s_mng_accept(c, s); } /* if we started with resource sharing... */ if (cmdset == SCP_COMMAND_SET_RSR) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: sequence error", __LINE__); return SCP_SERVER_STATE_SEQUENCE_ERR; } /* reading command */ in_uint16_be(c->in_s, cmd); if (cmd != 1) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: sequence error", __LINE__); return SCP_SERVER_STATE_SEQUENCE_ERR; } session = scp_session_create(); if (0 == session) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: internal error (malloc returned NULL)", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } scp_session_set_version(session, 1); in_uint8(c->in_s, sz); if ((sz != SCP_SESSION_TYPE_XVNC) && (sz != SCP_SESSION_TYPE_XRDP)) { scp_session_destroy(session); log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: unknown session type", __LINE__); return SCP_SERVER_STATE_SESSION_TYPE_ERR; } scp_session_set_type(session, sz); in_uint16_be(c->in_s, cmd); scp_session_set_height(session, cmd); in_uint16_be(c->in_s, cmd); scp_session_set_height(session, cmd); in_uint8(c->in_s, sz); scp_session_set_bpp(session, sz); in_uint8(c->in_s, sz); scp_session_set_rsr(session, sz); in_uint8a(c->in_s, buf, 17); buf[17]='\0'; scp_session_set_locale(session, buf); in_uint8(c->in_s, sz); if (sz == SCP_ADDRESS_TYPE_IPV4) { in_uint32_be(c->in_s, size); scp_session_set_addr(session, SCP_ADDRESS_TYPE_IPV4_BIN, &size); } else if (sz == SCP_ADDRESS_TYPE_IPV6) { in_uint8a(c->in_s, buf, 16); scp_session_set_addr(session, SCP_ADDRESS_TYPE_IPV6_BIN, buf); } buf[256] = '\0'; /* reading hostname */ in_uint8(c->in_s, sz); buf[sz]='\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_hostname(session, buf)) { scp_session_destroy(session); log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: internal error", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } /* reading username */ in_uint8(c->in_s, sz); buf[sz]='\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_username(session, buf)) { scp_session_destroy(session); log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: internal error", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } /* reading password */ in_uint8(c->in_s, sz); buf[sz]='\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_password(session, buf)) { scp_session_destroy(session); log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: internal error", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } /* returning the struct */ (*s)=session; return SCP_SERVER_STATE_OK; }
enum SCP_SERVER_STATES_E scp_v1s_request_password(struct SCP_CONNECTION* c, struct SCP_SESSION* s, char* reason) { tui8 sz; tui32 version; tui32 size; tui16 cmdset; tui16 cmd; int rlen; char buf[257]; init_stream(c->in_s, c->in_s->size); init_stream(c->out_s, c->out_s->size); /* forcing message not to exceed 64k */ rlen = g_strlen(reason); if (rlen > 65535) { rlen = 65535; } /* send password request */ version=1; cmd=3; out_uint32_be(c->out_s, version); /* version */ out_uint32_be(c->out_s, 14+rlen); /* size */ out_uint16_be(c->out_s, SCP_COMMAND_SET_DEFAULT); /* cmdset */ out_uint16_be(c->out_s, cmd); /* cmd */ out_uint16_be(c->out_s, rlen); out_uint8p(c->out_s, reason, rlen); if (0!=scp_tcp_force_send(c->in_sck, c->out_s->data, 14+rlen)) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_NETWORK_ERR; } /* receive password & username */ if (0!=scp_tcp_force_recv(c->in_sck, c->in_s->data, 8)) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_NETWORK_ERR; } in_uint32_be(c->in_s, version); if (version!=1) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: version error", __LINE__); return SCP_SERVER_STATE_VERSION_ERR; } in_uint32_be(c->in_s, size); if (size<12) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: size error", __LINE__); return SCP_SERVER_STATE_SIZE_ERR; } init_stream(c->in_s, c->in_s->size); if (0!=scp_tcp_force_recv(c->in_sck, c->in_s->data, (size-8))) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_NETWORK_ERR; } in_uint16_be(c->in_s, cmdset); if (cmdset != SCP_COMMAND_SET_DEFAULT) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: sequence error", __LINE__); return SCP_SERVER_STATE_SEQUENCE_ERR; } in_uint16_be(c->in_s, cmd); if (cmd != 4) { log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: sequence error", __LINE__); return SCP_SERVER_STATE_SEQUENCE_ERR; } buf[256] = '\0'; /* reading username */ in_uint8(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_username(s, buf)) { scp_session_destroy(s); log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: internal error", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } /* reading password */ in_uint8(c->in_s, sz); buf[sz]='\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_password(s, buf)) { scp_session_destroy(s); log_message(LOG_LEVEL_WARNING, "[v1s:%d] connection aborted: internal error", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } return SCP_SERVER_STATE_OK; }
enum SCP_SERVER_STATES_E scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) { tui32 version = 0; tui32 size; struct SCP_SESSION *session = 0; tui16 sz; tui32 code = 0; char buf[257]; if (!skipVchk) { LOG_DBG("[v0:%d] starting connection", __LINE__); if (0 == scp_tcp_force_recv(c->in_sck, c->in_s->data, 8)) { c->in_s->end = c->in_s->data + 8; in_uint32_be(c->in_s, version); if (version != 0) { log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: version error", __LINE__); return SCP_SERVER_STATE_VERSION_ERR; } } else { log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_NETWORK_ERR; } } in_uint32_be(c->in_s, size); init_stream(c->in_s, 8196); if (0 != scp_tcp_force_recv(c->in_sck, c->in_s->data, size - 8)) { log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_NETWORK_ERR; } c->in_s->end = c->in_s->data + (size - 8); in_uint16_be(c->in_s, code); if (code == 0 || code == 10 || code == 20) { session = scp_session_create(); if (0 == session) { log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } scp_session_set_version(session, version); if (code == 0) { scp_session_set_type(session, SCP_SESSION_TYPE_XVNC); } else if (code == 10) { scp_session_set_type(session, SCP_SESSION_TYPE_XRDP); } else if (code == 20) { scp_session_set_type(session, SCP_SESSION_TYPE_XORG); } /* reading username */ in_uint16_be(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_username(session, buf)) { scp_session_destroy(session); log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } /* reading password */ in_uint16_be(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_password(session, buf)) { scp_session_destroy(session); log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); return SCP_SERVER_STATE_INTERNAL_ERR; } /* width */ in_uint16_be(c->in_s, sz); scp_session_set_width(session, sz); /* height */ in_uint16_be(c->in_s, sz); scp_session_set_height(session, sz); /* bpp */ in_uint16_be(c->in_s, sz); scp_session_set_bpp(session, (tui8)sz); if (s_check_rem(c->in_s, 2)) { /* reading domain */ in_uint16_be(c->in_s, sz); if (sz > 0) { in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_domain(session, buf); } } if (s_check_rem(c->in_s, 2)) { /* reading program */ in_uint16_be(c->in_s, sz); if (sz > 0) { in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_program(session, buf); } } if (s_check_rem(c->in_s, 2)) { /* reading directory */ in_uint16_be(c->in_s, sz); if (sz > 0) { in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_directory(session, buf); } } if (s_check_rem(c->in_s, 2)) { /* reading client IP address */ in_uint16_be(c->in_s, sz); if (sz > 0) { in_uint8a(c->in_s, buf, sz); buf[sz] = '\0'; scp_session_set_client_ip(session, buf); } } } else if (code == SCP_GW_AUTHENTICATION) { /* g_writeln("Command is SCP_GW_AUTHENTICATION"); */ session = scp_session_create(); if (0 == session) { /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__);*/ return SCP_SERVER_STATE_INTERNAL_ERR; } scp_session_set_version(session, version); scp_session_set_type(session, SCP_GW_AUTHENTICATION); /* reading username */ in_uint16_be(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); /* g_writeln("Received user name: %s",buf); */ if (0 != scp_session_set_username(session, buf)) { scp_session_destroy(session); /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ return SCP_SERVER_STATE_INTERNAL_ERR; } /* reading password */ in_uint16_be(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); /* g_writeln("Received password: %s",buf); */ if (0 != scp_session_set_password(session, buf)) { scp_session_destroy(session); /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ return SCP_SERVER_STATE_INTERNAL_ERR; } } else { log_message(LOG_LEVEL_WARNING, "[v0:%d] connection aborted: sequence error", __LINE__); return SCP_SERVER_STATE_SEQUENCE_ERR; } (*s) = session; return SCP_SERVER_STATE_OK; }
/* server API */ enum SCP_SERVER_STATES_E scp_v1s_mng_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s) { struct SCP_SESSION *session; tui32 ipaddr; tui16 cmd; tui8 sz; char buf[257]; /* reading command */ in_uint16_be(c->in_s, cmd); if (cmd != 1) /* manager login */ { return SCP_SERVER_STATE_SEQUENCE_ERR; } session = scp_session_create(); if (0 == session) { return SCP_SERVER_STATE_INTERNAL_ERR; } scp_session_set_version(session, 1); scp_session_set_type(session, SCP_SESSION_TYPE_MANAGE); /* reading username */ in_uint8(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_username(session, buf)) { scp_session_destroy(session); return SCP_SERVER_STATE_INTERNAL_ERR; } /* reading password */ in_uint8(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_password(session, buf)) { scp_session_destroy(session); return SCP_SERVER_STATE_INTERNAL_ERR; } /* reading remote address */ in_uint8(c->in_s, sz); if (sz == SCP_ADDRESS_TYPE_IPV4) { in_uint32_be(c->in_s, ipaddr); scp_session_set_addr(session, SCP_ADDRESS_TYPE_IPV4_BIN, &ipaddr); } else if (sz == SCP_ADDRESS_TYPE_IPV6) { in_uint8a(c->in_s, buf, 16); scp_session_set_addr(session, SCP_ADDRESS_TYPE_IPV6_BIN, buf); } /* reading hostname */ in_uint8(c->in_s, sz); buf[sz] = '\0'; in_uint8a(c->in_s, buf, sz); if (0 != scp_session_set_hostname(session, buf)) { scp_session_destroy(session); return SCP_SERVER_STATE_INTERNAL_ERR; } /* returning the struct */ (*s) = session; return SCP_SERVER_STATE_START_MANAGE; }