Пример #1
0
/*  its the responsibility of the caller to free passwd_file                  */
int DEFAULT_CC
env_set_user(const char *username, char **passwd_file, int display,
             const struct list *env_names, const struct list *env_values)
{
    int error;
    int pw_uid;
    int pw_gid;
    int uid;
    int index;
    int len;
    char *name;
    char *value;
    char *pw_shell;
    char *pw_dir;
    char text[256];

    pw_shell = 0;
    pw_dir = 0;

    error = g_getuser_info(username, &pw_gid, &pw_uid, &pw_shell, &pw_dir, 0);

    if (error == 0)
    {
        g_rm_temp_dir();
        error = g_setgid(pw_gid);

        if (error == 0)
        {
            error = g_initgroups(username, pw_gid);
        }

        if (error == 0)
        {
            uid = pw_uid;
            error = g_setuid(uid);
        }

        g_mk_temp_dir(0);

        if (error == 0)
        {
            g_clearenv();
            g_setenv("SHELL", pw_shell, 1);
            g_setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin", 1);
            g_setenv("USER", username, 1);
            g_sprintf(text, "%d", uid);
            g_setenv("UID", text, 1);
            g_setenv("HOME", pw_dir, 1);
            g_set_current_dir(pw_dir);
            g_sprintf(text, ":%d.0", display);
            g_setenv("DISPLAY", text, 1);
            g_setenv("XRDP_SESSION", "1", 1);
            if ((env_names != 0) && (env_values != 0) &&
                    (env_names->count == env_values->count))
            {
                for (index = 0; index < env_names->count; index++)
                {
                    name = (char *) list_get_item(env_names, index),
                    value = (char *) list_get_item(env_values, index),
                    g_setenv(name, value, 1);
                }
            }

            if (passwd_file != 0)
            {
                if (0 == g_cfg->auth_file_path)
                {
                    /* if no auth_file_path is set, then we go for
                     $HOME/.vnc/sesman_username_passwd:DISPLAY */
                    if (!g_directory_exist(".vnc"))
                    {
                        if (g_mkdir(".vnc") < 0)
                        {
                            log_message(LOG_LEVEL_ERROR,
                                        "Error creating .vnc directory: %s",
                                        g_get_strerror());
                        }
                    }

                    len = g_snprintf(NULL, 0, "%s/.vnc/sesman_%s_passwd:%d",
                                     pw_dir, username, display);

                    *passwd_file = (char *) g_malloc(len + 1, 1);
                    if (*passwd_file != NULL)
                    {
                        /* Try legacy name first, remove if found */
                        g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd",
                                  pw_dir, username);
                        if (g_file_exist(*passwd_file))
                        {
                            log_message(LOG_LEVEL_WARNING, "Removing insecure "
                                        "password file %s", *passwd_file);
                            g_file_delete(*passwd_file);
                        }

                        g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd:%d",
                                  pw_dir, username, display);
                    }
                }
                else
                {
                    /* we use auth_file_path as requested */
                    len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username);

                    *passwd_file = (char *) g_malloc(len + 1, 1);
                    if (*passwd_file != NULL)
                    {
                        g_sprintf(*passwd_file, g_cfg->auth_file_path, username);
                    }
                }

                if (*passwd_file != NULL)
                {
                    LOG_DBG("pass file: %s", *passwd_file);
                }
            }

            g_free(pw_dir);
            g_free(pw_shell);
        }
    }
    else
    {
        log_message(LOG_LEVEL_ERROR,
                    "error getting user info for user %s",
                    username);
    }

    return error;
}
Пример #2
0
Файл: env.c Проект: PKRoma/xrdp
/*  its the responsibility of the caller to free passwd_file                  */
int
env_set_user(const char *username, char **passwd_file, int display,
             const struct list *env_names, const struct list *env_values)
{
    int error;
    int pw_uid;
    int pw_gid;
    int uid;
    int index;
    int len;
    char *name;
    char *value;
    char *pw_shell;
    char *pw_dir;
    char text[256];
    char hostname[256];

    pw_shell = 0;
    pw_dir = 0;

    error = g_getuser_info(username, &pw_gid, &pw_uid, &pw_shell, &pw_dir, 0);

    if (error == 0)
    {
        g_rm_temp_dir();
        error = g_setgid(pw_gid);

        if (error == 0)
        {
            error = g_initgroups(username, pw_gid);
        }

        if (error == 0)
        {
            uid = pw_uid;
            error = g_setuid(uid);
        }

        g_mk_socket_path(0);

        if (error == 0)
        {
            g_clearenv();
            g_setenv("SHELL", pw_shell, 1);
            g_setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin", 1);
            g_setenv("USER", username, 1);
            g_setenv("LOGNAME", username, 1);
            g_sprintf(text, "%d", uid);
            g_setenv("UID", text, 1);
            g_setenv("HOME", pw_dir, 1);
            g_set_current_dir(pw_dir);
            g_sprintf(text, ":%d.0", display);
            g_setenv("DISPLAY", text, 1);
            g_setenv("XRDP_SESSION", "1", 1);
            /* XRDP_SOCKET_PATH should be set even here, chansrv uses this */
            g_setenv("XRDP_SOCKET_PATH", XRDP_SOCKET_PATH, 1);
            /* pulse sink socket */
            g_snprintf(text, sizeof(text) - 1, CHANSRV_PORT_OUT_BASE_STR, display);
            g_setenv("XRDP_PULSE_SINK_SOCKET", text, 1);
            /* pulse source socket */
            g_snprintf(text, sizeof(text) - 1, CHANSRV_PORT_IN_BASE_STR, display);
            g_setenv("XRDP_PULSE_SOURCE_SOCKET", text, 1);
            if ((env_names != 0) && (env_values != 0) &&
                (env_names->count == env_values->count))
            {
                for (index = 0; index < env_names->count; index++)
                {
                    name = (char *) list_get_item(env_names, index),
                    value = (char *) list_get_item(env_values, index),
                    g_setenv(name, value, 1);
                }
            }
            g_gethostname(hostname, 255);
            hostname[255] = 0;
            if (passwd_file != 0)
            {
                if (0 == g_cfg->auth_file_path)
                {
                    /* if no auth_file_path is set, then we go for
                     $HOME/.vnc/sesman_passwd-USERNAME@HOSTNAME:DISPLAY */
                    if (!g_directory_exist(".vnc"))
                    {
                        if (g_mkdir(".vnc") < 0)
                        {
                            log_message(LOG_LEVEL_ERROR,
                                        "Error creating .vnc directory: %s",
                                        g_get_strerror());
                        }
                    }

                    len = g_snprintf(NULL, 0, "%s/.vnc/sesman_passwd-%s@%s:%d",
                                     pw_dir, username, hostname, display);

                    *passwd_file = (char *) g_malloc(len + 1, 1);
                    if (*passwd_file != NULL)
                    {
                        /* Try legacy names first, remove if found */
                        g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd:%d",
                                  pw_dir, username, display);
                        if (g_file_exist(*passwd_file))
                        {
                            log_message(LOG_LEVEL_WARNING, "Removing old "
                                        "password file %s", *passwd_file);
                            g_file_delete(*passwd_file);
                        }
                        g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd",
                                  pw_dir, username);
                        if (g_file_exist(*passwd_file))
                        {
                            log_message(LOG_LEVEL_WARNING, "Removing insecure "
                                        "password file %s", *passwd_file);
                            g_file_delete(*passwd_file);
                        }
                        g_sprintf(*passwd_file, "%s/.vnc/sesman_passwd-%s@%s:%d",
                                  pw_dir, username, hostname, display);
                    }
                }
                else
                {
                    /* we use auth_file_path as requested */
                    len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username);

                    *passwd_file = (char *) g_malloc(len + 1, 1);
                    if (*passwd_file != NULL)
                    {
                        g_sprintf(*passwd_file, g_cfg->auth_file_path, username);
                    }
                }

                if (*passwd_file != NULL)
                {
                    LOG_DBG("pass file: %s", *passwd_file);
                }
            }

            g_free(pw_dir);
            g_free(pw_shell);
        }
    }
    else
    {
        log_message(LOG_LEVEL_ERROR,
                    "error getting user info for user %s",
                    username);
    }

    return error;
}
Пример #3
0
int DEFAULT_CC
env_set_user(char *username, char *passwd_file, int display)
{
    int error;
    int pw_uid;
    int pw_gid;
    int uid;
    char pw_shell[256];
    char pw_dir[256];
    char pw_gecos[256];
    char text[256];

    error = g_getuser_info(username, &pw_gid, &pw_uid, pw_shell, pw_dir,
                           pw_gecos);

    if (error == 0)
    {
        g_rm_temp_dir();
        error = g_setgid(pw_gid);

        if (error == 0)
        {
            error = g_initgroups(username, pw_gid);
        }

        if (error == 0)
        {
            uid = pw_uid;
            error = g_setuid(uid);
        }

        g_mk_temp_dir(0);

        if (error == 0)
        {
            g_clearenv();
            g_setenv("SHELL", pw_shell, 1);
            g_setenv("PATH", "/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin", 1);
            g_setenv("USER", username, 1);
            g_sprintf(text, "%d", uid);
            g_setenv("UID", text, 1);
            g_setenv("HOME", pw_dir, 1);
            g_set_current_dir(pw_dir);
            g_sprintf(text, ":%d.0", display);
            g_setenv("DISPLAY", text, 1);
            g_setenv("LANG", "en_US.UTF-8", 1);

            if (passwd_file != 0)
            {
                if (0 == g_cfg->auth_file_path)
                {
                    /* if no auth_file_path is set, then we go for
                       $HOME/.vnc/sesman_username_passwd */
                    g_mkdir(".vnc");
                    g_sprintf(passwd_file, "%s/.vnc/sesman_%s_passwd", pw_dir, username);
                }
                else
                {
                    /* we use auth_file_path as requested */
                    g_sprintf(passwd_file, g_cfg->auth_file_path, username);
                }

                LOG_DBG("pass file: %s", passwd_file);
            }
        }
    }
    else
    {
        log_message(LOG_LEVEL_ERROR,
                    "error getting user info for user %s", username);
    }

    return error;
}