diff --git a/common/trans.c b/common/trans.c index 4e1f0da6..b738c4d3 100644 --- a/common/trans.c +++ b/common/trans.c @@ -289,7 +289,7 @@ trans_force_write_s(struct trans* self, struct stream* out_s) return 0; } #else -// RAJA DEBUG +// DEBUG ONLY /*****************************************************************************/ int APP_CC trans_force_write_s(struct trans* self, struct stream* out_s) diff --git a/instfiles/pam.d/xrdp-sesman b/instfiles/pam.d/xrdp-sesman index 7fdbee5b..d7e1ddc5 100644 --- a/instfiles/pam.d/xrdp-sesman +++ b/instfiles/pam.d/xrdp-sesman @@ -1,4 +1,5 @@ #%PAM-1.0 -auth required pam_unix.so shadow nullok -auth required pam_env.so readenv=1 -account required pam_unix.so +@include common-auth +@include common-account +@include common-password +@include common-session diff --git a/raptorsmiface/libraptorsmiface.c b/raptorsmiface/libraptorsmiface.c index e0f32330..390034f6 100644 --- a/raptorsmiface/libraptorsmiface.c +++ b/raptorsmiface/libraptorsmiface.c @@ -83,10 +83,10 @@ void raptorsmiface_config_read_database(int file, struct list* param_n, struct l int i; char* buf; char* temp_buf; - + list_clear(param_v); list_clear(param_n); - + file_read_section(file, RAPTORSMIFACE_CFG_DATABASE, param_n, param_v); for (i = 0; i < param_n->count; i++) { buf = (char*)list_get_item(param_n, i); @@ -124,7 +124,7 @@ void read_ini_configuration() { dprint("[ERROR] Unable to open configuration file [%s]", cfg_file); return; } - + sec = list_create(); sec->auto_free = 1; file_read_sections(fd, sec); @@ -132,7 +132,7 @@ void read_ini_configuration() { param_n->auto_free = 1; param_v = list_create(); param_v->auto_free = 1; - + /* read database config */ raptorsmiface_config_read_database(fd, param_n, param_v); @@ -184,6 +184,26 @@ char* get_group_for_user(char* username) { return strdup(primarygroup->gr_name); } +int raptor_sm_get_uid_for_user(char* username) { + struct passwd *pwd = calloc(1, sizeof(struct passwd)); + if (pwd == NULL) { + return -1; + } + size_t buffer_len = sysconf(_SC_GETPW_R_SIZE_MAX) * sizeof(char); + char *buffer = malloc(buffer_len); + if (buffer == NULL) { + return -2; + } + getpwnam_r(username, pwd, buffer, buffer_len, &pwd); + if (pwd == NULL) { + return -3; + } + uid_t uid = pwd->pw_uid; + free(buffer); + free(pwd); + return uid; +} + char raptor_sm_deallocate_session(char* username) { MYSQL_RES *res; MYSQL_ROW row; @@ -227,6 +247,16 @@ char raptor_sm_deallocate_session(char* username) { } } +#ifndef RAPTOR_SM_DISABLE_KERBEROS + char* command_string; + char* ip = raptor_sm_get_ip_for_hostname(hostname, 0); + asprintf(&command_string, "ssh root@%s \'rm -f /tmp/krb5cc_%d\'", ip, raptor_sm_get_uid_for_user(username)); + dprint("Running command %s...\n\r", command_string); + system(command_string); + free(command_string); + free(ip); +#endif + // Remove the user from the system char* safe_username = get_mysql_escaped_string(conn, username); asprintf(&query, "DELETE FROM sessions WHERE username='%s'", safe_username); @@ -682,11 +712,26 @@ pid_t raptor_sm_run_remote_server(char* username, char *const argv[], char* dbfi } char* origstr = command_string; +#ifndef RAPTOR_SM_DISABLE_KERBEROS + if (display >= 0) { + uid_t uid = raptor_sm_get_uid_for_user(username); + asprintf(&command_string, "rsync -a /tmp/krb5cc_%d root@%s:/tmp/krb5cc_%d", uid, ipaddr, uid); + dprint("Running command %s...\n\r", command_string); + system(command_string); + free(command_string); + asprintf(&command_string, "rm -f /tmp/krb5cc_%d", uid); + dprint("Running command %s...\n\r", command_string); + system(command_string); + free(command_string); + } +#endif + #ifndef RAPTOR_SM_DISABLE_PULSEAUDIO if (display >= 0) { asprintf(&command_string, "ssh root@%s \"su %s -c \'export DISPLAY=:%d && export PULSE_SERVER=tcp:%s:%d && pulseaudio -D --load=\\\"module-native-protocol-tcp listen=0.0.0.0 auth-ip-acl=%s port=%d\\\"\' &> /dev/null\" &", ipaddr, username, display, ipaddr, (RAPTOR_SM_BASE_PULSEAUDIO_PORT+display), RAPTOR_SM_MANAGEMENT_SERVER_IP_NETRANGE, (RAPTOR_SM_BASE_PULSEAUDIO_PORT+display)); dprint("Running command %s...\n\r", command_string); system(command_string); + free(command_string); } #endif @@ -703,20 +748,20 @@ pid_t raptor_sm_run_remote_server(char* username, char *const argv[], char* dbfi } dprint("Running command %s...\n\r", command_string); free(origstr); - + FILE *fp; char output[1024]; - + // Open the command for reading fp = popen(command_string, "r"); if (fp == NULL) { mysql_close(conn); return -1; } - + // Read the output a line at a time fgets(output, sizeof(output)-1, fp); - + // Close output pclose(fp); diff --git a/sesman/chansrv/sound.c b/sesman/chansrv/sound.c index 2bfa789b..1401ca13 100644 --- a/sesman/chansrv/sound.c +++ b/sesman/chansrv/sound.c @@ -504,7 +504,7 @@ read_raw_audio_data(void* arg) for upto one minute */ for (i = 0; i < 60; i++) { - // RAJA FIXME + // FIXME // How can I make this work with the distributed server system!?!? // pa_simple_new can take a server as its first argument, but each server can have multiple sessions active at any given time... // This will involve reserving a range of ports (e.g. port 2000 and up), and setting PULSE_SERVER=tcp::<2000 + X11 display number> diff --git a/sesman/env.c b/sesman/env.c index f7abe120..56f40db5 100644 --- a/sesman/env.c +++ b/sesman/env.c @@ -83,7 +83,7 @@ env_set_user(char* username, char* passwd_file, int display) if (error == 0) { uid = pw_uid; - error = g_setuid(uid); +// error = g_setuid(uid); } g_mk_temp_dir(0); if (error == 0) diff --git a/sesman/session.c b/sesman/session.c index c6da1e35..31034057 100644 --- a/sesman/session.c +++ b/sesman/session.c @@ -521,8 +521,6 @@ session_start_fork(int width, int height, int bpp, char* username, g_memset(text,0,sizeof(char) * 256); g_memset(passwd_file,0,sizeof(char) * 256); -log_message( LOG_LEVEL_ALWAYS, "[RAJA DEBUG 260.0] In session_start_fork for user %s", username); - /* check to limit concurrent sessions */ if (g_session_count >= g_cfg->sess.max_sessions) { @@ -883,7 +881,6 @@ session_start(int width, int height, int bpp, char* username, char* password, long data, tui8 type, char* domain, char* program, char* directory, char* client_ip) { -log_message( LOG_LEVEL_ALWAYS, "[RAJA DEBUG 258.0] In session_start"); int display; /* lock mutex */ @@ -938,7 +935,6 @@ session_reconnect(int display, char* username) int APP_CC session_sync_start(void) { -log_message( LOG_LEVEL_ALWAYS, "[RAJA DEBUG 259.0] In session_sync_start"); g_sync_result = session_start_fork(g_sync_width, g_sync_height, g_sync_bpp, g_sync_username, g_sync_password, g_sync_data, g_sync_type, g_sync_domain, diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c index 34a929b8..cb5ded75 100644 --- a/xrdp/xrdp_login_wnd.c +++ b/xrdp/xrdp_login_wnd.c @@ -420,9 +420,10 @@ xrdp_wm_login_fill_in_combo(struct xrdp_wm* self, struct xrdp_bitmap* b) { p = (char*)list_get_item(sections, i); file_read_section(fd, p, section_names, section_values); - if ((g_strncmp(p, "globals", 255) == 0) + if ((g_strncmp(p, "globals", 255) == 0) ||(g_strncmp(p, "channels", 255) == 0) - ||(g_strncmp(p, "Logging", 255) == 0)) + ||(g_strncmp(p, "Logging", 255) == 0) + ||(g_strncmp(p, "Database", 255) == 0)) { } else