struct session_item *DEFAULT_CC
session_get_bydata(char *name, int width, int height, int bpp, int type)
{
struct session_chain *tmp;
/*THREAD-FIX require chain lock */
lock_chain_acquire();
tmp = g_sessions;
/* convert from SCP_SESSION_TYPE namespace to SESMAN_SESSION_TYPE namespace */
switch (type)
{
case SCP_SESSION_TYPE_XVNC: /* 0 */
type = SESMAN_SESSION_TYPE_XVNC; /* 2 */
break;
case SCP_SESSION_TYPE_XRDP: /* 1 */
type = SESMAN_SESSION_TYPE_XRDP; /* 1 */
break;
default:
lock_chain_release();
return 0;
}
while (tmp != 0)
{
if (type == SESMAN_SESSION_TYPE_XRDP)
{
/* only name and bpp need to match for X11rdp, it can resize */
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
tmp->item->bpp == bpp &&
tmp->item->type == type)
{
/*THREAD-FIX release chain lock */
lock_chain_release();
return tmp->item;
}
}
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
tmp->item->width == width &&
tmp->item->height == height &&
tmp->item->bpp == bpp &&
tmp->item->type == type)
{
/*THREAD-FIX release chain lock */
lock_chain_release();
return tmp->item;
}
tmp = tmp->next;
}
/*THREAD-FIX release chain lock */
lock_chain_release();
return 0;
}
static int
g_charclass(const Char **patternp, Char **bufnextp)
{
const Char *pattern = *patternp + 1;
Char *bufnext = *bufnextp;
const Char *colon;
struct cclass *cc;
size_t len;
if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']')
return 1; /* not a character class */
len = (size_t)(colon - pattern);
for (cc = cclasses; cc->name != NULL; cc++) {
if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0')
break;
}
if (cc->name == NULL)
return -1; /* invalid character class */
*bufnext++ = M_CLASS;
*bufnext++ = (Char)(cc - &cclasses[0]);
*bufnextp = bufnext;
*patternp += len + 3;
return 0;
}
static int auth_crypt_pwd(char *pwd, char *pln, char *crp)
{
char salt[13] = "$1$";
int saltcnt = 0;
char *encr;
if (g_strncmp(pwd, "$1$", 3) == 0)
{
/* gnu style crypt(); */
saltcnt = 3;
while ((pwd[saltcnt] != '$') && (saltcnt < 11))
{
salt[saltcnt] = pwd[saltcnt];
saltcnt++;
}
salt[saltcnt] = '$';
salt[saltcnt + 1] = '\0';
}
else
{
/* classic two char salt */
salt[0] = pwd[0];
salt[1] = pwd[1];
salt[2] = '\0';
}
encr = crypt(pln, salt);
g_strncpy(crp, encr, 34);
return 0;
}
int DEFAULT_CC
auth_check_pwd_chg(char *user)
{
struct passwd *spw;
struct spwd *stp;
int now;
long today;
spw = getpwnam(user);
if (spw == 0)
{
return AUTH_PWD_CHG_ERROR;
}
if (g_strncmp(spw->pw_passwd, "x", 3) != 0)
{
/* old system with only passwd */
return AUTH_PWD_CHG_OK;
}
/* the system is using shadow */
stp = getspnam(user);
if (stp == 0)
{
return AUTH_PWD_CHG_ERROR;
}
/* check if we need a pwd change */
now = g_time1();
today = now / SECS_PER_DAY;
if (stp->sp_expire == -1)
{
return AUTH_PWD_CHG_OK;
}
if (today >= (stp->sp_lstchg + stp->sp_max - stp->sp_warn))
{
return AUTH_PWD_CHG_CHANGE;
}
if (today >= (stp->sp_lstchg + stp->sp_max))
{
return AUTH_PWD_CHG_CHANGE_MANDATORY;
}
if (today < ((stp->sp_lstchg) + (stp->sp_min)))
{
/* cannot change pwd for now */
return AUTH_PWD_CHG_NOT_NOW;
}
return AUTH_PWD_CHG_OK;
}
int DEFAULT_CC
access_login_mng_allowed(char* user)
{
int gid;
int ok;
if ((0 == g_strncmp(user, "root", 5)) && (0 == g_cfg->sec.allow_root))
{
log_message(LOG_LEVEL_WARNING,
"[MNG] ROOT login attempted, but root login is disabled");
return 0;
}
if (0 == g_cfg->sec.ts_admins_enable)
{
LOG_DBG("[MNG] Terminal Server Admin group is disabled,"
"allowing authentication",1);
return 1;
}
if (0 != g_getuser_info(user, &gid, 0, 0, 0, 0))
{
log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read user info! - login denied");
return 0;
}
if (g_cfg->sec.ts_admins == gid)
{
LOG_DBG("[MNG] ts_users is user's primary group");
return 1;
}
if (0 != g_check_user_in_group(user, g_cfg->sec.ts_admins, &ok))
{
log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read group info! - login denied");
return 0;
}
if (ok)
{
return 1;
}
log_message(LOG_LEVEL_INFO, "[MNG] login denied for user %s", user);
return 0;
}
/* returns boolean */
long DEFAULT_CC
auth_userpass(char *user, char *pass, int *errorcode)
{
const char *encr;
const char *epass;
struct passwd *spw;
struct spwd *stp;
spw = getpwnam(user);
if (spw == 0)
{
return 0;
}
if (g_strncmp(spw->pw_passwd, "x", 3) == 0)
{
/* the system is using shadow */
stp = getspnam(user);
if (stp == 0)
{
return 0;
}
if (1 == auth_account_disabled(stp))
{
log_message(LOG_LEVEL_INFO, "account %s is disabled", user);
return 0;
}
encr = stp->sp_pwdp;
}
else
{
/* old system with only passwd */
encr = spw->pw_passwd;
}
epass = crypt(pass, encr);
if (epass == 0)
{
return 0;
}
return (strcmp(encr, epass) == 0);
}
struct session_item* DEFAULT_CC
session_get_bydata(char* name, int width, int height, int bpp)
{
struct session_chain* tmp;
/*THREAD-FIX require chain lock */
lock_chain_acquire();
tmp = g_sessions;
while (tmp != 0)
{
if (g_strncmp(name, tmp->item->name, 255) == 0)
{
if (tmp->item->type == SESMAN_SESSION_TYPE_XDMX)
{
/*THREAD-FIX release chain lock */
lock_chain_release();
return tmp->item;
}
if (tmp->item->bpp == bpp &&
tmp->item->width == width &&
tmp->item->height == height)
{
/*THREAD-FIX release chain lock */
lock_chain_release();
return tmp->item;
}
}
tmp = tmp->next;
}
/*THREAD-FIX release chain lock */
lock_chain_release();
return 0;
}
int auth_change_pwd(char *user, char *newpwd)
{
struct passwd *spw;
struct spwd *stp;
char hash[35] = "";
long today;
FILE *fd;
if (0 != lckpwdf())
{
return 1;
}
/* open passwd */
spw = getpwnam(user);
if (spw == 0)
{
return 1;
}
if (g_strncmp(spw->pw_passwd, "x", 3) != 0)
{
/* old system with only passwd */
if (auth_crypt_pwd(spw->pw_passwd, newpwd, hash) != 0)
{
ulckpwdf();
return 1;
}
spw->pw_passwd = g_strdup(hash);
fd = fopen("/etc/passwd", "rw");
putpwent(spw, fd);
}
else
{
/* the system is using shadow */
stp = getspnam(user);
if (stp == 0)
{
return 1;
}
/* old system with only passwd */
if (auth_crypt_pwd(stp->sp_pwdp, newpwd, hash) != 0)
{
ulckpwdf();
return 1;
}
stp->sp_pwdp = g_strdup(hash);
today = g_time1() / SECS_PER_DAY;
stp->sp_lstchg = today;
stp->sp_expire = today + stp->sp_max + stp->sp_inact;
fd = fopen("/etc/shadow", "rw");
putspent(stp, fd);
}
ulckpwdf();
return 0;
}
static int
clipboard_get_file(const char *file, int bytes)
{
int sindex;
int pindex;
int flags;
char full_fn[256]; /* /etc/xrdp/xrdp.ini */
char filename[256]; /* xrdp.ini */
char pathname[256]; /* /etc/xrdp */
struct cb_file_info *cfi;
/* x-special/gnome-copied-files */
if ((g_strncmp(file, "copy", 4) == 0) && (bytes == 4))
{
return 0;
}
if ((g_strncmp(file, "cut", 3) == 0) && (bytes == 3))
{
return 0;
}
sindex = 0;
flags = CB_FILE_ATTRIBUTE_ARCHIVE;
/* text/uri-list */
/* x-special/gnome-copied-files */
if (g_strncmp(file, "file://", 7) == 0)
{
sindex = 7;
}
pindex = bytes;
while (pindex > sindex)
{
if (file[pindex] == '/')
{
break;
}
pindex--;
}
g_memset(pathname, 0, 256);
g_memset(filename, 0, 256);
g_memcpy(pathname, file + sindex, pindex - sindex);
if (pathname[0] == 0)
{
pathname[0] = '/';
}
g_memcpy(filename, file + pindex + 1, (bytes - 1) - pindex);
/* this should replace %20 with space */
clipboard_check_file(pathname);
clipboard_check_file(filename);
g_snprintf(full_fn, 255, "%s/%s", pathname, filename);
if (g_directory_exist(full_fn))
{
log_error("clipboard_get_file: file [%s] is a directory, "
"not supported", full_fn);
flags |= CB_FILE_ATTRIBUTE_DIRECTORY;
return 1;
}
if (!g_file_exist(full_fn))
{
log_error("clipboard_get_file: file [%s] does not exist",
full_fn);
return 1;
}
else
{
cfi = (struct cb_file_info*)g_malloc(sizeof(struct cb_file_info), 1);
list_add_item(g_files_list, (tintptr)cfi);
g_strcpy(cfi->filename, filename);
g_strcpy(cfi->pathname, pathname);
cfi->size = g_file_get_size(full_fn);
cfi->flags = flags;
cfi->time = (g_time1() + CB_EPOCH_DIFF) * 10000000LL;
log_debug("ok filename [%s] pathname [%s] size [%d]",
cfi->filename, cfi->pathname, cfi->size);
}
return 0;
}
