/* its the responsibility of the caller to free passwd_file */ int DEFAULT_CC env_set_user(const char *username, char **passwd_file, int display, const struct list *env_names, const struct list *env_values) { int error; int pw_uid; int pw_gid; int uid; int index; int len; char *name; char *value; char *pw_shell; char *pw_dir; char text[256]; pw_shell = 0; pw_dir = 0; error = g_getuser_info(username, &pw_gid, &pw_uid, &pw_shell, &pw_dir, 0); if (error == 0) { g_rm_temp_dir(); error = g_setgid(pw_gid); if (error == 0) { error = g_initgroups(username, pw_gid); } if (error == 0) { uid = pw_uid; error = g_setuid(uid); } g_mk_temp_dir(0); if (error == 0) { g_clearenv(); g_setenv("SHELL", pw_shell, 1); g_setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin", 1); g_setenv("USER", username, 1); g_sprintf(text, "%d", uid); g_setenv("UID", text, 1); g_setenv("HOME", pw_dir, 1); g_set_current_dir(pw_dir); g_sprintf(text, ":%d.0", display); g_setenv("DISPLAY", text, 1); g_setenv("XRDP_SESSION", "1", 1); if ((env_names != 0) && (env_values != 0) && (env_names->count == env_values->count)) { for (index = 0; index < env_names->count; index++) { name = (char *) list_get_item(env_names, index), value = (char *) list_get_item(env_values, index), g_setenv(name, value, 1); } } if (passwd_file != 0) { if (0 == g_cfg->auth_file_path) { /* if no auth_file_path is set, then we go for $HOME/.vnc/sesman_username_passwd:DISPLAY */ if (!g_directory_exist(".vnc")) { if (g_mkdir(".vnc") < 0) { log_message(LOG_LEVEL_ERROR, "Error creating .vnc directory: %s", g_get_strerror()); } } len = g_snprintf(NULL, 0, "%s/.vnc/sesman_%s_passwd:%d", pw_dir, username, display); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { /* Try legacy name first, remove if found */ g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username); if (g_file_exist(*passwd_file)) { log_message(LOG_LEVEL_WARNING, "Removing insecure " "password file %s", *passwd_file); g_file_delete(*passwd_file); } g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd:%d", pw_dir, username, display); } } else { /* we use auth_file_path as requested */ len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { g_sprintf(*passwd_file, g_cfg->auth_file_path, username); } } if (*passwd_file != NULL) { LOG_DBG("pass file: %s", *passwd_file); } } g_free(pw_dir); g_free(pw_shell); } } else { log_message(LOG_LEVEL_ERROR, "error getting user info for user %s", username); } return error; }
/* its the responsibility of the caller to free passwd_file */ int env_set_user(const char *username, char **passwd_file, int display, const struct list *env_names, const struct list *env_values) { int error; int pw_uid; int pw_gid; int uid; int index; int len; char *name; char *value; char *pw_shell; char *pw_dir; char text[256]; char hostname[256]; pw_shell = 0; pw_dir = 0; error = g_getuser_info(username, &pw_gid, &pw_uid, &pw_shell, &pw_dir, 0); if (error == 0) { g_rm_temp_dir(); error = g_setgid(pw_gid); if (error == 0) { error = g_initgroups(username, pw_gid); } if (error == 0) { uid = pw_uid; error = g_setuid(uid); } g_mk_socket_path(0); if (error == 0) { g_clearenv(); g_setenv("SHELL", pw_shell, 1); g_setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin", 1); g_setenv("USER", username, 1); g_setenv("LOGNAME", username, 1); g_sprintf(text, "%d", uid); g_setenv("UID", text, 1); g_setenv("HOME", pw_dir, 1); g_set_current_dir(pw_dir); g_sprintf(text, ":%d.0", display); g_setenv("DISPLAY", text, 1); g_setenv("XRDP_SESSION", "1", 1); /* XRDP_SOCKET_PATH should be set even here, chansrv uses this */ g_setenv("XRDP_SOCKET_PATH", XRDP_SOCKET_PATH, 1); /* pulse sink socket */ g_snprintf(text, sizeof(text) - 1, CHANSRV_PORT_OUT_BASE_STR, display); g_setenv("XRDP_PULSE_SINK_SOCKET", text, 1); /* pulse source socket */ g_snprintf(text, sizeof(text) - 1, CHANSRV_PORT_IN_BASE_STR, display); g_setenv("XRDP_PULSE_SOURCE_SOCKET", text, 1); if ((env_names != 0) && (env_values != 0) && (env_names->count == env_values->count)) { for (index = 0; index < env_names->count; index++) { name = (char *) list_get_item(env_names, index), value = (char *) list_get_item(env_values, index), g_setenv(name, value, 1); } } g_gethostname(hostname, 255); hostname[255] = 0; if (passwd_file != 0) { if (0 == g_cfg->auth_file_path) { /* if no auth_file_path is set, then we go for $HOME/.vnc/sesman_passwd-USERNAME@HOSTNAME:DISPLAY */ if (!g_directory_exist(".vnc")) { if (g_mkdir(".vnc") < 0) { log_message(LOG_LEVEL_ERROR, "Error creating .vnc directory: %s", g_get_strerror()); } } len = g_snprintf(NULL, 0, "%s/.vnc/sesman_passwd-%s@%s:%d", pw_dir, username, hostname, display); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { /* Try legacy names first, remove if found */ g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd:%d", pw_dir, username, display); if (g_file_exist(*passwd_file)) { log_message(LOG_LEVEL_WARNING, "Removing old " "password file %s", *passwd_file); g_file_delete(*passwd_file); } g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username); if (g_file_exist(*passwd_file)) { log_message(LOG_LEVEL_WARNING, "Removing insecure " "password file %s", *passwd_file); g_file_delete(*passwd_file); } g_sprintf(*passwd_file, "%s/.vnc/sesman_passwd-%s@%s:%d", pw_dir, username, hostname, display); } } else { /* we use auth_file_path as requested */ len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username); *passwd_file = (char *) g_malloc(len + 1, 1); if (*passwd_file != NULL) { g_sprintf(*passwd_file, g_cfg->auth_file_path, username); } } if (*passwd_file != NULL) { LOG_DBG("pass file: %s", *passwd_file); } } g_free(pw_dir); g_free(pw_shell); } } else { log_message(LOG_LEVEL_ERROR, "error getting user info for user %s", username); } return error; }
int DEFAULT_CC env_set_user(char *username, char *passwd_file, int display) { int error; int pw_uid; int pw_gid; int uid; char pw_shell[256]; char pw_dir[256]; char pw_gecos[256]; char text[256]; error = g_getuser_info(username, &pw_gid, &pw_uid, pw_shell, pw_dir, pw_gecos); if (error == 0) { g_rm_temp_dir(); error = g_setgid(pw_gid); if (error == 0) { error = g_initgroups(username, pw_gid); } if (error == 0) { uid = pw_uid; error = g_setuid(uid); } g_mk_temp_dir(0); if (error == 0) { g_clearenv(); g_setenv("SHELL", pw_shell, 1); g_setenv("PATH", "/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin", 1); g_setenv("USER", username, 1); g_sprintf(text, "%d", uid); g_setenv("UID", text, 1); g_setenv("HOME", pw_dir, 1); g_set_current_dir(pw_dir); g_sprintf(text, ":%d.0", display); g_setenv("DISPLAY", text, 1); g_setenv("LANG", "en_US.UTF-8", 1); if (passwd_file != 0) { if (0 == g_cfg->auth_file_path) { /* if no auth_file_path is set, then we go for $HOME/.vnc/sesman_username_passwd */ g_mkdir(".vnc"); g_sprintf(passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username); } else { /* we use auth_file_path as requested */ g_sprintf(passwd_file, g_cfg->auth_file_path, username); } LOG_DBG("pass file: %s", passwd_file); } } } else { log_message(LOG_LEVEL_ERROR, "error getting user info for user %s", username); } return error; }