From 618ca587a52791bfccd3d81ee0dab16c8a005118 Mon Sep 17 00:00:00 2001
From: Renaud Allard <renaud@allard.it>
Date: Fri, 21 Nov 2014 14:22:15 +0100
Subject: [PATCH 1/3] Enable authenticate user using BSD password system

---
 configure.ac             |  11 +++-
 sesman/Makefile.am       |   5 ++
 sesman/verify_user_bsd.c | 113 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 127 insertions(+), 2 deletions(-)
 create mode 100644 sesman/verify_user_bsd.c

diff --git a/configure.ac b/configure.ac
index c5d22ec0..50db1fe9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -32,6 +32,10 @@ AM_CONDITIONAL(SESMAN_NOPAM, [test x$enable_pam != xyes])
 AC_ARG_ENABLE(kerberos, AS_HELP_STRING([--enable-kerberos],
               [Build kerberos support (default: no)]),
               [], [enable_kerberos=no])
+AC_ARG_ENABLE(bsd, AS_HELP_STRING([--enable-bsd],
+              [Build BSD auth support (default: no)]),
+              [bsd=true], [bsd=false])
+AM_CONDITIONAL(SESMAN_BSD, [test x$bsd = xtrue])
 AM_CONDITIONAL(SESMAN_KERBEROS, [test x$enable_kerberos = xyes])
 AC_ARG_ENABLE(pamuserpass, AS_HELP_STRING([--enable-pamuserpass],
               [Build pam userpass support (default: no)]),
@@ -78,8 +82,11 @@ if test "x$enable_pam" = "xyes"
 then
   if test "x$enable_kerberos" != "xyes"
   then
-    AC_CHECK_HEADER([security/pam_appl.h], [],
-      [AC_MSG_ERROR([please install libpam0g-dev or pam-devel])])
+    if test -z "$enable_bsd"
+    then
+      AC_CHECK_HEADER([security/pam_appl.h], [],
+        [AC_MSG_ERROR([please install libpam0g-dev or pam-devel])])
+    fi
   fi
 fi
 
diff --git a/sesman/Makefile.am b/sesman/Makefile.am
index e4b63eb4..516639f4 100644
--- a/sesman/Makefile.am
+++ b/sesman/Makefile.am
@@ -14,6 +14,10 @@ if SESMAN_NOPAM
 AUTH_C = verify_user.c
 AUTH_LIB = -lcrypt
 else
+if SESMAN_BSD
+AUTH_C = verify_user_bsd.c
+AUTH_LIB = 
+else
 if SESMAN_PAMUSERPASS
 AUTH_C = verify_user_pam_userpass.c
 AUTH_LIB = -lpam -lpam_userpass
@@ -27,6 +31,7 @@ AUTH_LIB = -lpam
 endif
 endif
 endif
+endif
 
 sbin_PROGRAMS = \
   xrdp-sesman
diff --git a/sesman/verify_user_bsd.c b/sesman/verify_user_bsd.c
new file mode 100644
index 00000000..3edd2d9e
--- /dev/null
+++ b/sesman/verify_user_bsd.c
@@ -0,0 +1,113 @@
+/*
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   xrdp: A Remote Desktop Protocol server.
+   Copyright (C) Jay Sorg 2005-2008
+*/
+
+/**
+ *
+ * @file verify_user_user.c
+ * @brief Authenticate user using BSD password system
+ * @author Renaud Allard
+ *
+ */
+
+#include "sesman.h"
+
+#define _XOPEN_SOURCE
+#include <stdio.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <time.h>
+#include <login_cap.h>
+#include <bsd_auth.h>
+
+#ifndef SECS_PER_DAY
+#define SECS_PER_DAY (24L*3600L)
+#endif
+
+extern struct config_sesman* g_cfg; /* in sesman.c */
+
+/******************************************************************************/
+/* returns boolean */
+long DEFAULT_CC
+auth_userpass(char* user, char* pass)
+{
+	int ret = auth_userokay(user, NULL, "auth-xrdp", pass);
+	return ret;
+}
+
+/******************************************************************************/
+/* returns error */
+int DEFAULT_CC
+auth_start_session(long in_val, int in_display)
+{
+  return 0;
+}
+
+/******************************************************************************/
+int DEFAULT_CC
+auth_end(long in_val)
+{
+  return 0;
+}
+
+/******************************************************************************/
+int DEFAULT_CC
+auth_set_env(long in_val)
+{
+  return 0;
+}
+
+/******************************************************************************/
+int DEFAULT_CC
+auth_check_pwd_chg(char* user)
+{
+  return 0;
+}
+
+int DEFAULT_CC
+auth_change_pwd(char* user, char* newpwd)
+{
+  return 0;
+}
+
+/**
+ *
+ * @brief Password encryption
+ * @param pwd Old password
+ * @param pln Plaintext new password
+ * @param crp Crypted new password
+ *
+ */
+
+static int DEFAULT_CC
+auth_crypt_pwd(char* pwd, char* pln, char* crp)
+{
+  return 0;
+}
+
+/**
+ *
+ * @return 1 if the account is disabled, 0 otherwise
+ *
+ */
+static int DEFAULT_CC
+auth_account_disabled(struct spwd* stp)
+{
+  return 0;
+}

From 803af49a0452f029895657280d473b5cae8bec2d Mon Sep 17 00:00:00 2001
From: Renaud Allard <renaud@allard.it>
Date: Fri, 21 Nov 2014 15:00:01 +0100
Subject: [PATCH 2/3] Some fixes to compile properly since this version has
 change a lot from 0.6.1

---
 configure.ac             |  2 +-
 sesman/verify_user_bsd.c | 10 ++++++++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 50db1fe9..e1a150e8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -95,7 +95,7 @@ AC_CHECK_MEMBER([struct in6_addr.s6_addr],
                 [AC_DEFINE(NO_ARPA_INET_H_IP6, 1, [for IPv6])],
                 [#include <arpa/inet.h>])
 
-if test "x$enable_pam" != "xyes"
+if test "x$enable_pam" != "xyes" || test "x$bsd" = "xtrue"
 then
   AC_DEFINE([USE_NOPAM],1,[Disable PAM])
 fi
diff --git a/sesman/verify_user_bsd.c b/sesman/verify_user_bsd.c
index 3edd2d9e..ef35037f 100644
--- a/sesman/verify_user_bsd.c
+++ b/sesman/verify_user_bsd.c
@@ -19,7 +19,7 @@
 
 /**
  *
- * @file verify_user_user.c
+ * @file verify_user_bsd.c
  * @brief Authenticate user using BSD password system
  * @author Renaud Allard
  *
@@ -45,7 +45,7 @@ extern struct config_sesman* g_cfg; /* in sesman.c */
 /******************************************************************************/
 /* returns boolean */
 long DEFAULT_CC
-auth_userpass(char* user, char* pass)
+auth_userpass(char *user, char *pass, int *errorcode)
 {
 	int ret = auth_userokay(user, NULL, "auth-xrdp", pass);
 	return ret;
@@ -86,6 +86,12 @@ auth_change_pwd(char* user, char* newpwd)
   return 0;
 }
 
+int DEFAULT_CC   
+auth_stop_session(long in_val)
+{
+  return 0;
+}
+
 /**
  *
  * @brief Password encryption

From 47de7a67f6c82794bb3d1c624c34df35c4e0bb90 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Mon, 24 Nov 2014 09:23:48 -0800
Subject: [PATCH 3/3] sesman: verify_user_bsd.c license change and indent

---
 sesman/verify_user_bsd.c | 57 ++++++++++++++++++++--------------------
 1 file changed, 28 insertions(+), 29 deletions(-)

diff --git a/sesman/verify_user_bsd.c b/sesman/verify_user_bsd.c
index ef35037f..5d9d0e23 100644
--- a/sesman/verify_user_bsd.c
+++ b/sesman/verify_user_bsd.c
@@ -1,21 +1,20 @@
-/*
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program; if not, write to the Free Software
-   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-   xrdp: A Remote Desktop Protocol server.
-   Copyright (C) Jay Sorg 2005-2008
-*/
+/**
+ * xrdp: A Remote Desktop Protocol server.
+ *
+ * Copyright (C) Jay Sorg 2005-2014
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 /**
  *
@@ -47,8 +46,8 @@ extern struct config_sesman* g_cfg; /* in sesman.c */
 long DEFAULT_CC
 auth_userpass(char *user, char *pass, int *errorcode)
 {
-	int ret = auth_userokay(user, NULL, "auth-xrdp", pass);
-	return ret;
+    int ret = auth_userokay(user, NULL, "auth-xrdp", pass);
+    return ret;
 }
 
 /******************************************************************************/
@@ -56,40 +55,40 @@ auth_userpass(char *user, char *pass, int *errorcode)
 int DEFAULT_CC
 auth_start_session(long in_val, int in_display)
 {
-  return 0;
+    return 0;
 }
 
 /******************************************************************************/
 int DEFAULT_CC
 auth_end(long in_val)
 {
-  return 0;
+    return 0;
 }
 
 /******************************************************************************/
 int DEFAULT_CC
 auth_set_env(long in_val)
 {
-  return 0;
+    return 0;
 }
 
 /******************************************************************************/
 int DEFAULT_CC
 auth_check_pwd_chg(char* user)
 {
-  return 0;
+    return 0;
 }
 
 int DEFAULT_CC
 auth_change_pwd(char* user, char* newpwd)
 {
-  return 0;
+    return 0;
 }
 
-int DEFAULT_CC   
+int DEFAULT_CC
 auth_stop_session(long in_val)
 {
-  return 0;
+    return 0;
 }
 
 /**
@@ -104,7 +103,7 @@ auth_stop_session(long in_val)
 static int DEFAULT_CC
 auth_crypt_pwd(char* pwd, char* pln, char* crp)
 {
-  return 0;
+    return 0;
 }
 
 /**
@@ -115,5 +114,5 @@ auth_crypt_pwd(char* pwd, char* pln, char* crp)
 static int DEFAULT_CC
 auth_account_disabled(struct spwd* stp)
 {
-  return 0;
+    return 0;
 }