int DEFAULT_CC access_login_mng_allowed(char* user) { int gid; int ok; if ((0 == g_strncmp(user, "root", 5)) && (0 == g_cfg->sec.allow_root)) { log_message(LOG_LEVEL_WARNING, "[MNG] ROOT login attempted, but root login is disabled"); return 0; } if (0 == g_cfg->sec.ts_admins_enable) { LOG_DBG("[MNG] Terminal Server Admin group is disabled," "allowing authentication",1); return 1; } if (0 != g_getuser_info(user, &gid, 0, 0, 0, 0)) { log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read user info! - login denied"); return 0; } if (g_cfg->sec.ts_admins == gid) { LOG_DBG("[MNG] ts_users is user's primary group"); return 1; } if (0 != g_check_user_in_group(user, g_cfg->sec.ts_admins, &ok)) { log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read group info! - login denied"); return 0; } if (ok) { return 1; } log_message(LOG_LEVEL_INFO, "[MNG] login denied for user %s", user); return 0; }
/* its the responsibility of the caller to free passwd_file */ int env_set_user(const char *username, char **passwd_file, int display, const struct list *env_names, const struct list *env_values) { int error; int pw_uid; int pw_gid; int uid; int index; int len; char *name; char *value; char *pw_shell; char *pw_dir; char text[256]; char hostname[256]; pw_shell = 0; pw_dir = 0; error = g_getuser_info(username, &pw_gid, &pw_uid, &pw_shell, &pw_dir, 0); if (error == 0) { g_rm_temp_dir(); error = g_setgid(pw_gid); if (error == 0) { error = g_initgroups(username, pw_gid); } if (error == 0) { uid = pw_uid; error = g_setuid(uid); } g_mk_socket_path(0); if (error == 0) { g_clearenv(); g_setenv("SHELL", pw_shell, 1); g_setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin", 1); g_setenv("USER", username, 1); g_setenv("LOGNAME", username, 1); g_sprintf(text, "%d", uid); g_setenv("UID", text, 1); g_setenv("HOME", pw_dir, 1); g_set_current_dir(pw_dir); g_sprintf(text, ":%d.0", display); g_setenv("DISPLAY", text, 1); g_setenv("XRDP_SESSION", "1", 1); /* XRDP_SOCKET_PATH should be set even here, chansrv uses this */ g_setenv("XRDP_SOCKET_PATH", XRDP_SOCKET_PATH, 1); /* pulse sink socket */ g_snprintf(text, sizeof(text) - 1, CHANSRV_PORT_OUT_BASE_STR, display); g_setenv("XRDP_PULSE_SINK_SOCKET", text, 1); /* pulse source socket */ g_snprintf(text, sizeof(text) - 1, CHANSRV_PORT_IN_BASE_STR, display); g_setenv("XRDP_PULSE_SOURCE_SOCKET", text, 1); if ((env_names != 0) && (env_values != 0) && (env_names->count == env_values->count)) { for (index = 0; index < env_names->count; index++) { name = (char *) list_get_item(env_names, index), value = (char *) list_get_item(env_values, index), g_setenv(name, value, 1); } } g_gethostname(hostname, 255); hostname[255] = 0; if (passwd_file != 0) { if (0 == g_cfg->auth_file_path) { /* if no auth_file_path is set, then we go for $HOME/.vnc/sesman_passwd-USERNAME@HOSTNAME:DISPLAY */ if (!g_directory_exist(".vnc")) { if (g_mkdir(".vnc") < 0) { log_message(LOG_LEVEL_ERROR, "Error creating .vnc directory: %s", g_get_strerror()); } } len = g_snprintf(NULL, 0, "%s/.vnc/sesman_passwd-%s@%s:%d", pw_dir, username, hostname, display); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { /* Try legacy names first, remove if found */ g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd:%d", pw_dir, username, display); if (g_file_exist(*passwd_file)) { log_message(LOG_LEVEL_WARNING, "Removing old " "password file %s", *passwd_file); g_file_delete(*passwd_file); } g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username); if (g_file_exist(*passwd_file)) { log_message(LOG_LEVEL_WARNING, "Removing insecure " "password file %s", *passwd_file); g_file_delete(*passwd_file); } g_sprintf(*passwd_file, "%s/.vnc/sesman_passwd-%s@%s:%d", pw_dir, username, hostname, display); } } else { /* we use auth_file_path as requested */ len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { g_sprintf(*passwd_file, g_cfg->auth_file_path, username); } } if (*passwd_file != NULL) { LOG_DBG("pass file: %s", *passwd_file); } } g_free(pw_dir); g_free(pw_shell); } } else { log_message(LOG_LEVEL_ERROR, "error getting user info for user %s", username); } return error; }
static char * session_ck_open_session (DBusConnection *connection, const char *username, int display) { DBusError error; DBusMessage *message; DBusMessage *reply; DBusMessageIter iter; DBusMessageIter iter_array; dbus_bool_t res; char *ret; char *cookie; dbus_bool_t is_local = FALSE; dbus_bool_t active = TRUE; int uid; char display_str[256]; const char *x11_display = display_str; const char *session_type = "rdp"; reply = NULL; message = NULL; ret = NULL; g_sprintf(display_str, ":%d", display); if (g_getuser_info(username, 0, &uid, 0, 0, 0)) goto out; message = dbus_message_new_method_call ("org.freedesktop.ConsoleKit", "/org/freedesktop/ConsoleKit/Manager", "org.freedesktop.ConsoleKit.Manager", "OpenSessionWithParameters"); if (message == NULL) { goto out; } dbus_message_iter_init_append (message, &iter); if (! dbus_message_iter_open_container (&iter, DBUS_TYPE_ARRAY, "(sv)", &iter_array)) { goto out; } if (!add_param_basic (&iter_array, "unix-user", DBUS_TYPE_INT32, &uid) || !add_param_basic (&iter_array, "x11-display", DBUS_TYPE_STRING, &x11_display) || !add_param_basic (&iter_array, "is-local", DBUS_TYPE_BOOLEAN, &is_local) || !add_param_basic (&iter_array, "active", DBUS_TYPE_BOOLEAN, &active) || !add_param_basic (&iter_array, "session-type", DBUS_TYPE_STRING, &session_type)) { log_message(&(g_cfg->log), LOG_LEVEL_ALWAYS, "Error adding ck session parameter"); goto out; } if (! dbus_message_iter_close_container (&iter, &iter_array)) { goto out; } dbus_error_init (&error); reply = dbus_connection_send_with_reply_and_block (connection, message, -1, &error); if (reply == NULL) { if (dbus_error_is_set (&error)) { log_message(&(g_cfg->log), LOG_LEVEL_ALWAYS, "Unable to open session: %s", error.message); dbus_error_free (&error); goto out; } } dbus_error_init (&error); if (! dbus_message_get_args (reply, &error, DBUS_TYPE_STRING, &cookie, DBUS_TYPE_INVALID)) { if (dbus_error_is_set (&error)) { log_message(&(g_cfg->log), LOG_LEVEL_ALWAYS, "Unable to open session: %s", error.message); dbus_error_free (&error); goto out; } } ret = g_strdup (cookie); out: if (reply != NULL) { dbus_message_unref (reply); } if (message != NULL) { dbus_message_unref (message); } return ret; }
/* its the responsibility of the caller to free passwd_file */ int DEFAULT_CC env_set_user(const char *username, char **passwd_file, int display, const struct list *env_names, const struct list *env_values) { int error; int pw_uid; int pw_gid; int uid; int index; int len; char *name; char *value; char *pw_shell; char *pw_dir; char text[256]; pw_shell = 0; pw_dir = 0; error = g_getuser_info(username, &pw_gid, &pw_uid, &pw_shell, &pw_dir, 0); if (error == 0) { g_rm_temp_dir(); error = g_setgid(pw_gid); if (error == 0) { error = g_initgroups(username, pw_gid); } if (error == 0) { uid = pw_uid; error = g_setuid(uid); } g_mk_temp_dir(0); if (error == 0) { g_clearenv(); g_setenv("SHELL", pw_shell, 1); g_setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin", 1); g_setenv("USER", username, 1); g_sprintf(text, "%d", uid); g_setenv("UID", text, 1); g_setenv("HOME", pw_dir, 1); g_set_current_dir(pw_dir); g_sprintf(text, ":%d.0", display); g_setenv("DISPLAY", text, 1); g_setenv("XRDP_SESSION", "1", 1); if ((env_names != 0) && (env_values != 0) && (env_names->count == env_values->count)) { for (index = 0; index < env_names->count; index++) { name = (char *) list_get_item(env_names, index), value = (char *) list_get_item(env_values, index), g_setenv(name, value, 1); } } if (passwd_file != 0) { if (0 == g_cfg->auth_file_path) { /* if no auth_file_path is set, then we go for $HOME/.vnc/sesman_username_passwd:DISPLAY */ if (!g_directory_exist(".vnc")) { if (g_mkdir(".vnc") < 0) { log_message(LOG_LEVEL_ERROR, "Error creating .vnc directory: %s", g_get_strerror()); } } len = g_snprintf(NULL, 0, "%s/.vnc/sesman_%s_passwd:%d", pw_dir, username, display); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { /* Try legacy name first, remove if found */ g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username); if (g_file_exist(*passwd_file)) { log_message(LOG_LEVEL_WARNING, "Removing insecure " "password file %s", *passwd_file); g_file_delete(*passwd_file); } g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd:%d", pw_dir, username, display); } } else { /* we use auth_file_path as requested */ len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { g_sprintf(*passwd_file, g_cfg->auth_file_path, username); } } if (*passwd_file != NULL) { LOG_DBG("pass file: %s", *passwd_file); } } g_free(pw_dir); g_free(pw_shell); } } else { log_message(LOG_LEVEL_ERROR, "error getting user info for user %s", username); } return error; }
int DEFAULT_CC env_set_user(char *username, char *passwd_file, int display) { int error; int pw_uid; int pw_gid; int uid; char pw_shell[256]; char pw_dir[256]; char pw_gecos[256]; char text[256]; error = g_getuser_info(username, &pw_gid, &pw_uid, pw_shell, pw_dir, pw_gecos); if (error == 0) { g_rm_temp_dir(); error = g_setgid(pw_gid); if (error == 0) { error = g_initgroups(username, pw_gid); } if (error == 0) { uid = pw_uid; error = g_setuid(uid); } g_mk_temp_dir(0); if (error == 0) { g_clearenv(); g_setenv("SHELL", pw_shell, 1); g_setenv("PATH", "/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin", 1); g_setenv("USER", username, 1); g_sprintf(text, "%d", uid); g_setenv("UID", text, 1); g_setenv("HOME", pw_dir, 1); g_set_current_dir(pw_dir); g_sprintf(text, ":%d.0", display); g_setenv("DISPLAY", text, 1); g_setenv("LANG", "en_US.UTF-8", 1); if (passwd_file != 0) { if (0 == g_cfg->auth_file_path) { /* if no auth_file_path is set, then we go for $HOME/.vnc/sesman_username_passwd */ g_mkdir(".vnc"); g_sprintf(passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username); } else { /* we use auth_file_path as requested */ g_sprintf(passwd_file, g_cfg->auth_file_path, username); } LOG_DBG("pass file: %s", passwd_file); } } } else { log_message(LOG_LEVEL_ERROR, "error getting user info for user %s", username); } return error; }
int main(int argc, char** argv, char** environ) { int fuse_group = 0; int ok = 0; char* home_dir = g_getenv("HOME"); l_config = g_malloc(sizeof(struct log_config), 1); if (argc != 2) { g_printf("Usage : vchannel_rdpdr USERNAME\n"); return 1; } if (disk_init() != LOG_STARTUP_OK) { g_printf("vchannel_rdpdr[main]: Enable to init log system\n"); g_free(l_config); return 1; } if ( g_getuser_info(argv[1], 0, 0, 0, 0, 0) == 1) { log_message(l_config, LOG_LEVEL_WARNING, "vchannel_rdpdr[main]: " "The username '%s' did not exist\n", argv[1]); } g_strncpy(username, argv[1], sizeof(username)); g_getgroup_info("fuse", &fuse_group); if (g_check_user_in_group(username, fuse_group, &ok) == 1) { log_message(l_config, LOG_LEVEL_WARNING, "vchannel_rdpdr[main]: " "Error while testing if user %s is member of fuse group", username); return 1; } if (ok == 0) { log_message(l_config, LOG_LEVEL_WARNING, "vchannel_rdpdr[main]: " "User %s is not allow to use fuse", username); return 1; } if (vchannel_init() == ERROR) { g_printf("vchannel_rdpdr[main]: Enable to init channel system\n"); g_free(l_config); return 1; } log_message(l_config, LOG_LEVEL_DEBUG, "vchannel_rdpdr[main]: " "Open channel to rdpdr main apps"); if (rdpfs_open() == 1) { log_message(l_config, LOG_LEVEL_ERROR, "vchannel_rdpdr[main]: " "Unable to open a connection to RDP filesystem"); } // share_desktop_purge(); share_bookmark_purge(); share_symlink_purge(); g_sprintf(mount_point, "%s/%s", home_dir, RDPDRIVE_NAME); log_message(l_config, LOG_LEVEL_DEBUG, "vchannel_rdpdr[main]: " "Rdpdrive is located on %s", mount_point); if (fuse_run() == 1) { log_message(l_config, LOG_LEVEL_DEBUG, "vchannel_rdpdr[main]: " "Fail to start fuse"); } g_free(l_config); }