Merge branch 'master' of github.com:FreeRDP/xrdp

11 years ago · 5d7ffc1431
parent 5acc54cd1d 26f4502ebf
commit 5d7ffc1431
16 changed files with 335 additions and 240 deletions
--- a/common/xrdp_client_info.h
+++ b/common/xrdp_client_info.h
@ -1,7 +1,7 @@
 /**
 * xrdp: A Remote Desktop Protocol server.
 *
- * Copyright (C) Jay Sorg 2004-2012
+ * Copyright (C) Jay Sorg 2004-2013
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -87,6 +87,7 @@ struct xrdp_client_info
  char jpeg_prop[64];
  int v3_codec_id;
  int use_bulk_comp;
  int pointer_flags; /* 0 color, 1 new */
 };
 #endif
--- a/common/xrdp_constants.h
+++ b/common/xrdp_constants.h
@ -126,6 +126,7 @@
 #define RDP_POINTER_MOVE               3
 #define RDP_POINTER_COLOR              6
 #define RDP_POINTER_CACHED             7
 #define RDP_POINTER_POINTER            8
 #define RDP_NULL_POINTER               0
 #define RDP_DEFAULT_POINTER            0x7F00
--- a/configure.ac
+++ b/configure.ac
@ -69,6 +69,11 @@ then
  fi
 fi
 if test "x$enable_nopam" = "xyes"
 then
  AC_DEFINE([USE_NOPAM],1,[Disable PAM])
 fi
 AS_IF( [test "x$enable_freerdp1" = "xyes"] , [PKG_CHECK_MODULES(FREERDP, freerdp >= 1.0.0)] )
 # checking for libjpeg
--- a/libxrdp/libxrdp.c
+++ b/libxrdp/libxrdp.c
@ -417,44 +417,103 @@ libxrdp_send_bitmap(struct xrdp_session *session, int width, int height,
 /*****************************************************************************/
 int EXPORT_CC
 libxrdp_send_pointer(struct xrdp_session *session, int cache_idx,
-                     char *data, char *mask, int x, int y)
+                     char *data, char *mask, int x, int y, int bpp)
 {
    struct stream *s;
    char *p;
    tui16 *p16;
    tui32 *p32;
    int i;
    int j;
    int data_bytes;
    DEBUG(("libxrdp_send_pointer sending cursor"));
    /* error check */
    if ((session->client_info->pointer_flags & 1) == 0)
    {
        if (bpp != 0)
        {
            g_writeln("libxrdp_send_pointer: error");
            return 1;
        }
    }
    if ((bpp != 0) && (bpp == 15) && (bpp != 16) &&
        (bpp != 24) && (bpp != 32))
    {
        g_writeln("libxrdp_send_pointer: error");
        return 1;
    }
    make_stream(s);
    init_stream(s, 8192);
    xrdp_rdp_init_data((struct xrdp_rdp *)session->rdp, s);
-    out_uint16_le(s, RDP_POINTER_COLOR);
+    if (bpp == 0)
-    out_uint16_le(s, 0); /* pad */
+    {
        out_uint16_le(s, RDP_POINTER_COLOR);
        out_uint16_le(s, 0); /* pad */
        data_bytes = 3072;
    }
    else
    {
        out_uint16_le(s, RDP_POINTER_POINTER);
        out_uint16_le(s, 0); /* pad */
        out_uint16_le(s, bpp);
        data_bytes = ((bpp + 7) / 8) * 32 * 32;
    }
    out_uint16_le(s, cache_idx); /* cache_idx */
    out_uint16_le(s, x);
    out_uint16_le(s, y);
    out_uint16_le(s, 32);
    out_uint16_le(s, 32);
    out_uint16_le(s, 128);
-    out_uint16_le(s, 3072);
+    out_uint16_le(s, data_bytes);
    p = data;
-    for (i = 0; i < 32; i++)
+    switch (bpp)
    {
-        for (j = 0; j < 32; j++)
+        case 15:
-        {
+        case 16:
-            out_uint8(s, *p);
+            p16 = (tui16 *) data;
-            p++;
+            for (i = 0; i < 32; i++)
-            out_uint8(s, *p);
+            {
-            p++;
+                for (j = 0; j < 32; j++)
-            out_uint8(s, *p);
+                {
-            p++;
+                    out_uint16_le(s, *p16);
-        }
+                    p16++;
                }
            }
            break;
        case 0:
        case 24:
            p = data;
            for (i = 0; i < 32; i++)
            {
                for (j = 0; j < 32; j++)
                {
                    out_uint8(s, *p);
                    p++;
                    out_uint8(s, *p);
                    p++;
                    out_uint8(s, *p);
                    p++;
                }
            }
            break;
        case 32:
            p32 = (tui32 *) data;
            for (i = 0; i < 32; i++)
            {
                for (j = 0; j < 32; j++)
                {
                    out_uint32_le(s, *p32);
                    p32++;
                }
            }
            break;
    }
    out_uint8a(s, mask, 128); /* mask */
    s_mark_end(s);
-    xrdp_rdp_send_data((struct xrdp_rdp *)session->rdp, s, RDP_DATA_PDU_POINTER);
+    xrdp_rdp_send_data((struct xrdp_rdp *)(session->rdp), s,
                       RDP_DATA_PDU_POINTER);
    free_stream(s);
    return 0;
 }
--- a/libxrdp/libxrdpinc.h
+++ b/libxrdp/libxrdpinc.h
@ -91,7 +91,7 @@ libxrdp_send_bitmap(struct xrdp_session* session, int width, int height,
                    int bpp, char* data, int x, int y, int cx, int cy);
 int DEFAULT_CC
 libxrdp_send_pointer(struct xrdp_session* session, int cache_idx,
-                     char* data, char* mask, int x, int y);
+                     char* data, char* mask, int x, int y, int bpp);
 int DEFAULT_CC
 libxrdp_set_pointer(struct xrdp_session* session, int cache_idx);
 int DEFAULT_CC
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@ -1,7 +1,7 @@
 /**
 * xrdp: A Remote Desktop Protocol server.
 *
- * Copyright (C) Jay Sorg 2004-2012
+ * Copyright (C) Jay Sorg 2004-2013
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -958,11 +958,26 @@ xrdp_process_capset_pointercache(struct xrdp_rdp *self, struct stream *s,
                                 int len)
 {
    int i;
    int colorPointerFlag;
-    in_uint8s(s, 2); /* color pointer */
+    in_uint16_le(s, colorPointerFlag);
    self->client_info.pointer_flags = colorPointerFlag;
    in_uint16_le(s, i);
    i = MIN(i, 32);
    self->client_info.pointer_cache_entries = i;
    if (colorPointerFlag & 1)
    {
        g_writeln("xrdp_process_capset_pointercache: client supports "
                  "new(color) cursor");
        in_uint16_le(s, i);
        i = MIN(i, 32);
        self->client_info.pointer_cache_entries = i;
    }
    else
    {
        g_writeln("xrdp_process_capset_pointercache: client does not support "
                  "new(color) cursor");
    }
    return 0;
 }
--- a/sesman/chansrv/chansrv_fuse.c
+++ b/sesman/chansrv/chansrv_fuse.c
@ -52,7 +52,12 @@ char g_fuse_root_path[256] = "";
 **                                                                           **
 ******************************************************************************/
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "arch.h"
 #include "chansrv_fuse.h"
 /* dummy calls when XRDP_FUSE is not defined */
 int xfuse_init()                {}
@ -63,6 +68,12 @@ int xfuse_clear_clip_dir(void)  {}
 int xfuse_file_contents_range(int stream_id, char *data, int data_bytes)     {}
 int xfuse_file_contents_size(int stream_id, int file_size)                   {}
 int xfuse_add_clip_dir_item(char *filename, int flags, int size, int lindex) {}
 int xfuse_create_share(tui32 device_id, char *dirname)                       {}
 void xfuse_devredir_cb_open_file(void *vp, tui32 DeviceId, tui32 FileId)     {}
 void xfuse_devredir_cb_write_file(void *vp, char *buf, size_t length)        {}
 void xfuse_devredir_cb_read_file(void *vp, char *buf, size_t length)         {}
 void xfuse_devredir_cb_enum_dir(void *vp, struct xrdp_inode *xinode)         {}
 void xfuse_devredir_cb_enum_dir_done(void *vp, tui32 IoStatus)               {}
 #else
--- a/sesman/chansrv/devredir.h
+++ b/sesman/chansrv/devredir.h
@ -27,6 +27,7 @@
 #include <unistd.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <string.h>
--- a/sesman/verify_user.c
+++ b/sesman/verify_user.c
@ -50,12 +50,9 @@ auth_account_disabled(struct spwd *stp);
 long DEFAULT_CC
 auth_userpass(char *user, char *pass, int *errorcode)
 {
-    char salt[13] = "$1$";
+    const char *encr;
    char hash[35] = "";
    char *encr = 0;
    struct passwd *spw;
    struct spwd *stp;
    int saltcnt = 0;
    spw = getpwnam(user);
@ -76,50 +73,19 @@ auth_userpass(char *user, char *pass, int *errorcode)
        if (1 == auth_account_disabled(stp))
        {
-            log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user);
+            log_message(LOG_LEVEL_INFO, "account %s is disabled", user);
            return 0;
        }
-        g_strncpy(hash, stp->sp_pwdp, 34);
+        encr = stp->sp_pwdp;
    }
    else
    {
        /* old system with only passwd */
-        g_strncpy(hash, spw->pw_passwd, 34);
+        encr = spw->pw_passwd;
    }
    hash[34] = '\0';
    if (g_strncmp(hash, "$1$", 3) == 0)
    {
        /* gnu style crypt(); */
        saltcnt = 3;
        while ((hash[saltcnt] != '$') && (saltcnt < 11))
        {
            salt[saltcnt] = hash[saltcnt];
            saltcnt++;
        }
        salt[saltcnt] = '$';
        salt[saltcnt + 1] = '\0';
    }
    else
    {
        /* classic two char salt */
        salt[0] = hash[0];
        salt[1] = hash[1];
        salt[2] = '\0';
    }
    encr = crypt(pass, salt);
    if (g_strncmp(encr, hash, 34) != 0)
    {
        return 0;
    }
-    return 1;
+    return (strcmp(encr, crypt(pass, encr)) == 0);
 }
 /******************************************************************************/
--- a/xorg/X11R7.6/buildx.sh
+++ b/xorg/X11R7.6/buildx.sh
@ -35,7 +35,23 @@ download_file()
    cd downloads
    echo "downloading file $file"
-    if [ "$file" = "pixman-0.15.20.tar.bz2" ]; then
+
    if [ "$file" = "libpthread-stubs-0.3.tar.bz2" ]; then
        wget -cq http://xcb.freedesktop.org/dist/$file
        status=$?
        cd ..
        return $status
    elif [ "$file" = "libxcb-1.7.tar.bz2" ]; then
        wget -cq http://xcb.freedesktop.org/dist/$file
        status=$?
        cd ..
        return $status
    elif [ "$file" = "xcb-proto-1.6.tar.bz2" ]; then
        wget -cq http://xcb.freedesktop.org/dist/$file
        status=$?
        cd ..
        return $status
    elif [ "$file" = "pixman-0.15.20.tar.bz2" ]; then
        wget -cq http://ftp.x.org/pub/individual/lib/$file
        status=$?
        cd ..
--- a/xrdp/Makefile.am
+++ b/xrdp/Makefile.am
@ -14,6 +14,7 @@ AM_CFLAGS = \
  $(EXTRA_DEFINES)
 INCLUDES = \
  -I$(top_builddir) \
  -I$(top_srcdir)/common \
  -I$(top_srcdir)/libxrdp
--- a/xrdp/xrdp.h
+++ b/xrdp/xrdp.h
@ -126,7 +126,7 @@ int APP_CC
 xrdp_wm_pu(struct xrdp_wm* self, struct xrdp_bitmap* control);
 int APP_CC
 xrdp_wm_send_pointer(struct xrdp_wm* self, int cache_idx,
-                     char* data, char* mask, int x, int y);
+                     char* data, char* mask, int x, int y, int bpp);
 int APP_CC
 xrdp_wm_pointer(struct xrdp_wm* self, char* data, char* mask, int x, int y);
 int
--- a/xrdp/xrdp_cache.c
+++ b/xrdp/xrdp_cache.c
@ -475,9 +475,10 @@ xrdp_cache_add_pointer(struct xrdp_cache *self,
        if (self->pointer_items[i].x == pointer_item->x &&
                self->pointer_items[i].y == pointer_item->y &&
                g_memcmp(self->pointer_items[i].data,
-                         pointer_item->data, 32 * 32 * 3) == 0 &&
+                         pointer_item->data, 32 * 32 * 4) == 0 &&
                g_memcmp(self->pointer_items[i].mask,
-                         pointer_item->mask, 32 * 32 / 8) == 0)
+                         pointer_item->mask, 32 * 32 / 8) == 0 &&
                self->pointer_items[i].bpp == pointer_item->bpp)
        {
            self->pointer_items[i].stamp = self->pointer_stamp;
            xrdp_wm_set_pointer(self->wm, i);
@ -511,7 +512,8 @@ xrdp_cache_add_pointer(struct xrdp_cache *self,
                         self->pointer_items[index].data,
                         self->pointer_items[index].mask,
                         self->pointer_items[index].x,
-                         self->pointer_items[index].y);
+                         self->pointer_items[index].y,
                         self->pointer_items[index].bpp);
    self->wm->current_pointer = index;
    DEBUG(("adding pointer at %d", index));
    return index;
@ -541,7 +543,8 @@ xrdp_cache_add_pointer_static(struct xrdp_cache *self,
                         self->pointer_items[index].data,
                         self->pointer_items[index].mask,
                         self->pointer_items[index].x,
-                         self->pointer_items[index].y);
+                         self->pointer_items[index].y,
                         self->pointer_items[index].bpp);
    self->wm->current_pointer = index;
    DEBUG(("adding pointer at %d", index));
    return index;
--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@ -17,12 +17,15 @@
 *
 * module manager
 */
 #include <config_ac.h>
 #define ACCESS
 #include "xrdp.h"
 #include "log.h"
 #ifdef ACCESS
 #ifndef USE_NOPAM
 #include "security/_pam_types.h"
 #endif
 #endif
 /*****************************************************************************/
 struct xrdp_mm *APP_CC
@ -822,7 +825,7 @@ xrdp_mm_connect_chansrv(struct xrdp_mm *self, char *ip, char *port)
    if (!(self->chan_trans_up))
    {
        log_message(LOG_LEVEL_ERROR,"xrdp_mm_connect_chansrv: error in"
-		"trans_connect chan");
+                    "trans_connect chan");
    }
    if (self->chan_trans_up)
@ -835,7 +838,7 @@ xrdp_mm_connect_chansrv(struct xrdp_mm *self, char *ip, char *port)
        else
        {
            log_message(LOG_LEVEL_DEBUG,"xrdp_mm_connect_chansrv: chansrv"
-		    "connect successful");
+                        "connect successful");
        }
    }
@ -1071,9 +1074,11 @@ xrdp_mm_sesman_data_in(struct trans *trans)
 }
 #ifdef ACCESS
 #ifndef USE_NOPAM
 /*********************************************************************/
 /* return 0 on success */
-int access_control(char *username, char *password, char *srv)
+static int APP_CC
 access_control(char *username, char *password, char *srv)
 {
    int reply;
    int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */
@ -1183,12 +1188,14 @@ int access_control(char *username, char *password, char *srv)
    return rec;
 }
 #endif
 #endif
 /*****************************************************************************/
 /* This routine clears all states to make sure that our next login will be
 * as expected. If the user does not press ok on the log window and try to
 * connect again we must make sure that no previous information is stored.*/
-void cleanup_states(struct xrdp_mm *self)
+static void APP_CC
 cleanup_states(struct xrdp_mm *self)
 {
    if (self != NULL)
    {
@ -1205,134 +1212,134 @@ void cleanup_states(struct xrdp_mm *self)
        self-> usechansrv = 0; /* true if chansrvport is set in xrdp.ini or using sesman */
    }
 }
 #ifdef ACCESS
-const char *getPAMError(const int pamError)
+#ifndef USE_NOPAM
-{      
+static const char * APP_CC
-    switch(pamError){
+getPAMError(const int pamError, char *text, int text_bytes)
-	case PAM_SUCCESS:
+{
-	    return "Success";    
+    switch (pamError)
-	case PAM_OPEN_ERR:
+    {
-	    return "dlopen() failure";
+        case PAM_SUCCESS:
-	case PAM_SYMBOL_ERR:
+            return "Success";
-	    return "Symbol not found";
+        case PAM_OPEN_ERR:
-	case PAM_SERVICE_ERR:
+            return "dlopen() failure";
-	    return "Error in service module";
+        case PAM_SYMBOL_ERR:
-	case PAM_SYSTEM_ERR:
+            return "Symbol not found";
-	    return "System error";
+        case PAM_SERVICE_ERR:
-	case PAM_BUF_ERR:
+            return "Error in service module";
-	    return "Memory buffer error";
+        case PAM_SYSTEM_ERR:
-	case PAM_PERM_DENIED:
+            return "System error";
-	    return "Permission denied";
+        case PAM_BUF_ERR:
-	case PAM_AUTH_ERR:
+            return "Memory buffer error";
-	    return "Authentication failure";
+        case PAM_PERM_DENIED:
-	case PAM_CRED_INSUFFICIENT:
+            return "Permission denied";
-	    return "Insufficient credentials to access authentication data";
+        case PAM_AUTH_ERR:
-	case PAM_AUTHINFO_UNAVAIL:
+            return "Authentication failure";
-	    return "Authentication service cannot retrieve authentication info.";
+        case PAM_CRED_INSUFFICIENT:
-	case PAM_USER_UNKNOWN:
+            return "Insufficient credentials to access authentication data";
-	    return "User not known to the underlying authentication module";
+        case PAM_AUTHINFO_UNAVAIL:
-	case PAM_MAXTRIES:
+            return "Authentication service cannot retrieve authentication info.";
-	    return "Have exhasted maximum number of retries for service.";
+        case PAM_USER_UNKNOWN:
-	case PAM_NEW_AUTHTOK_REQD:
+            return "User not known to the underlying authentication module";
-	    return "Authentication token is no longer valid; new one required.";
+        case PAM_MAXTRIES:
-	case PAM_ACCT_EXPIRED:
+            return "Have exhasted maximum number of retries for service.";
-	    return "User account has expired";    
+        case PAM_NEW_AUTHTOK_REQD:
-	case PAM_CRED_UNAVAIL:
+            return "Authentication token is no longer valid; new one required.";
-	    return "Authentication service cannot retrieve user credentials";
+        case PAM_ACCT_EXPIRED:
-	case PAM_CRED_EXPIRED:
+            return "User account has expired";
-	    return "User credentials expired";
+        case PAM_CRED_UNAVAIL:
-	case PAM_CRED_ERR:
+            return "Authentication service cannot retrieve user credentials";
-	    return "Failure setting user credentials";
+        case PAM_CRED_EXPIRED:
-	case PAM_NO_MODULE_DATA:
+            return "User credentials expired";
-	    return "No module specific data is present";
+        case PAM_CRED_ERR:
-	case PAM_BAD_ITEM:
+            return "Failure setting user credentials";
-	    return "Bad item passed to pam_*_item()";
+        case PAM_NO_MODULE_DATA:
-	case PAM_CONV_ERR:
+            return "No module specific data is present";
-	    return "Conversation error";
+        case PAM_BAD_ITEM:
-	case PAM_AUTHTOK_ERR:
+            return "Bad item passed to pam_*_item()";
-	    return "Authentication token manipulation error";   
+        case PAM_CONV_ERR:
-	case PAM_AUTHTOK_LOCK_BUSY:
+            return "Conversation error";
-	    return "Authentication token lock busy";
+        case PAM_AUTHTOK_ERR:
-	case PAM_AUTHTOK_DISABLE_AGING:
+            return "Authentication token manipulation error";
-	    return "Authentication token aging disabled";
+        case PAM_AUTHTOK_LOCK_BUSY:
-	case PAM_TRY_AGAIN:
+            return "Authentication token lock busy";
-	    return "Failed preliminary check by password service";
+        case PAM_AUTHTOK_DISABLE_AGING:
-	case PAM_IGNORE:
+            return "Authentication token aging disabled";
-	    return "Please ignore underlying account module";
+        case PAM_TRY_AGAIN:
-	case PAM_MODULE_UNKNOWN:
+            return "Failed preliminary check by password service";
-	    return "Module is unknown";
+        case PAM_IGNORE:
-	case PAM_AUTHTOK_EXPIRED:
+            return "Please ignore underlying account module";
-	    return "Authentication token expired";
+        case PAM_MODULE_UNKNOWN:
-	case PAM_CONV_AGAIN:
+            return "Module is unknown";
-	    return "Conversation is waiting for event";
+        case PAM_AUTHTOK_EXPIRED:
-	case PAM_INCOMPLETE:
+            return "Authentication token expired";
-	    return "Application needs to call libpam again";    
+        case PAM_CONV_AGAIN:
-	case 32+1:
+            return "Conversation is waiting for event";
-	    return "Error connecting to PAM";	
+        case PAM_INCOMPLETE:
-	case 32+3:
+            return "Application needs to call libpam again";
-	    return "Username okey but group problem";
+        case 32 + 1:
-	default:{
+            return "Error connecting to PAM";
-	    char replytxt[80];	
+        case 32 + 3:
-	    g_sprintf(replytxt,"Not defined PAM error:%d",pamError);
+            return "Username okey but group problem";
-	    return replytxt ;
+        default:
-	}
+            g_snprintf(text, text_bytes, "Not defined PAM error:%d", pamError);
-	
+            return text;
-    }
+    }
-    
+}
-}
+
-
+static const char * APP_CC
-const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self)
+getPAMAdditionalErrorInfo(const int pamError, struct xrdp_mm *self)
-{      
+{
-    switch(pamError){
+    switch (pamError)
-	case PAM_SUCCESS:
+    {
-	    return NULL;    
+        case PAM_SUCCESS:
 	case PAM_OPEN_ERR:	    
 	case PAM_SYMBOL_ERR:	    
 	case PAM_SERVICE_ERR:	    
 	case PAM_SYSTEM_ERR:	    
 	case PAM_BUF_ERR:	    
 	case PAM_PERM_DENIED:	    
 	case PAM_AUTH_ERR:	    
 	case PAM_CRED_INSUFFICIENT:	    
 	case PAM_AUTHINFO_UNAVAIL:	    
 	case PAM_USER_UNKNOWN:
 	case PAM_CRED_UNAVAIL:
 	case PAM_CRED_ERR:	    
 	case PAM_NO_MODULE_DATA:	    
 	case PAM_BAD_ITEM:	    
 	case PAM_CONV_ERR:	    
 	case PAM_AUTHTOK_ERR:	     
 	case PAM_AUTHTOK_LOCK_BUSY:	    
 	case PAM_AUTHTOK_DISABLE_AGING:	    
 	case PAM_TRY_AGAIN:	    
 	case PAM_IGNORE:	    
 	case PAM_MODULE_UNKNOWN:	    
 	case PAM_CONV_AGAIN:
 	case PAM_INCOMPLETE:	       
 	case _PAM_RETURN_VALUES+1:	    
 	case _PAM_RETURN_VALUES+3:	    
            return NULL;
-	case PAM_MAXTRIES:	    
+        case PAM_OPEN_ERR:
-	case PAM_NEW_AUTHTOK_REQD:	    
+        case PAM_SYMBOL_ERR:
-	case PAM_ACCT_EXPIRED:	 
+        case PAM_SERVICE_ERR:
-	case PAM_CRED_EXPIRED:	
+        case PAM_SYSTEM_ERR:
-	case PAM_AUTHTOK_EXPIRED:	
+        case PAM_BUF_ERR:
-	    if(self->wm->pamerrortxt[0])
+        case PAM_PERM_DENIED:
-	    {		
+        case PAM_AUTH_ERR:
-	        return self->wm->pamerrortxt;
+        case PAM_CRED_INSUFFICIENT:
-	    }
+        case PAM_AUTHINFO_UNAVAIL:
-	    else
+        case PAM_USER_UNKNOWN:
-	    {
+        case PAM_CRED_UNAVAIL:
-		return "Authentication error - Verify that user/password is valid ";
+        case PAM_CRED_ERR:
-	    }
+        case PAM_NO_MODULE_DATA:
-	default:{	   
+        case PAM_BAD_ITEM:
-	    return "No expected error" ;
+        case PAM_CONV_ERR:
-	}
+        case PAM_AUTHTOK_ERR:
-	
+        case PAM_AUTHTOK_LOCK_BUSY:
-    }
+        case PAM_AUTHTOK_DISABLE_AGING:
-    
+        case PAM_TRY_AGAIN:
        case PAM_IGNORE:
        case PAM_MODULE_UNKNOWN:
        case PAM_CONV_AGAIN:
        case PAM_INCOMPLETE:
        case _PAM_RETURN_VALUES + 1:
        case _PAM_RETURN_VALUES + 3:
            return NULL;
        case PAM_MAXTRIES:
        case PAM_NEW_AUTHTOK_REQD:
        case PAM_ACCT_EXPIRED:
        case PAM_CRED_EXPIRED:
        case PAM_AUTHTOK_EXPIRED:
            if (self->wm->pamerrortxt[0])
            {
                return self->wm->pamerrortxt;
            }
            else
            {
                return "Authentication error - Verify that user/password is valid";
            }
        default:
            return "No expected error";
    }
 }
 #endif
 #endif
 /*****************************************************************************/
 int APP_CC
 xrdp_mm_connect(struct xrdp_mm *self)
@ -1351,10 +1358,12 @@ xrdp_mm_connect(struct xrdp_mm *self)
    char port[8];
    char chansrvport[256];
 #ifdef ACCESS
 #ifndef USE_NOPAM
    int use_pam_auth = 0;
    char pam_auth_sessionIP[256];
    char pam_auth_password[256];
    char pam_auth_username[256];
 #endif
    char username[256];
    char password[256];
    username[0] = 0;
@ -1390,6 +1399,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
        }
 #ifdef ACCESS
 #ifndef USE_NOPAM
        else if (g_strcasecmp(name, "pamusername") == 0)
        {
            use_pam_auth = 1;
@ -1403,6 +1413,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
        {
            g_strncpy(pam_auth_password, value, 255);
        }
 #endif
        else if (g_strcasecmp(name, "password") == 0)
        {
            g_strncpy(password, value, 255);
@ -1421,12 +1432,13 @@ xrdp_mm_connect(struct xrdp_mm *self)
    }
 #ifdef ACCESS
-
+#ifndef USE_NOPAM
    if (use_pam_auth)
    {
        int reply;
-        char replytxt[80];
+        char replytxt[128];
-        char *additionalError;
+        char pam_error[128];
        const char *additionalError;
        xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control...");
        /* g_writeln("we use pam modules to check if we can approve this user"); */
@ -1444,17 +1456,19 @@ xrdp_mm_connect(struct xrdp_mm *self)
        /* access_control return 0 on success */
        reply = access_control(pam_auth_username, pam_auth_password, pam_auth_sessionIP);
-       
+
-        g_sprintf(replytxt, "Reply from access control: %s", getPAMError(reply));
+        g_sprintf(replytxt, "Reply from access control: %s",
                  getPAMError(reply, pam_error, 127));
        xrdp_wm_log_msg(self->wm, replytxt);
        log_message(LOG_LEVEL_INFO, replytxt);
-        additionalError = getPAMAdditionalErrorInfo(reply,self);
+        additionalError = getPAMAdditionalErrorInfo(reply, self);
-        if(additionalError)
+        if (additionalError)
        {
-            if(additionalError[0])
+            g_snprintf(replytxt, 127, "%s", additionalError);
            if (replytxt[0])
            {
-                xrdp_wm_log_msg(self->wm,additionalError);
+                xrdp_wm_log_msg(self->wm, replytxt);
            }
        }
@ -1464,7 +1478,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
            return rv;
        }
    }
-
+#endif
 #endif
    if (self->sesman_controlled)
@ -2112,6 +2126,28 @@ int read_allowed_channel_names(struct list *names, struct list *values)
    return ret;
 }
 /* internal function return -1 if name is not in list
 * otherwise return the index 0->count-1*/
 int DEFAULT_CC
 find_name_in_lists(char *inName, struct list *names)
 {
    int reply = -1; /*means not in the list*/
    int index;
    char *name;
    for (index = 0; index < names->count; index++)
    {
        name = (char *)list_get_item(names, index);
        if ( (name != 0) && (g_strncmp(name, inName, MAX_CHANNEL_NAME) == 0) )
        {
            reply = index;
            break; /* stop loop - item found*/
        }
    }
    return reply;
 }
 #define CHANNEL_NAME_PREFIX "channel."
 /* update the channel lists from connection specific overrides
 * return 1 on success 0 on failure */
@ -2126,7 +2162,7 @@ int update_allowed_channel_names(struct xrdp_wm *wm, struct list *names, struct
    for (index = 0; index < wm->mm->login_names->count; index++)
    {
        name = (char *)list_get_item(wm->mm->login_names, index);
-        if ( (name != 0) && (g_strncmp( name, CHANNEL_NAME_PREFIX, g_strlen(CHANNEL_NAME_PREFIX)) == 0 ) ) 
+        if ( (name != 0) && (g_strncmp( name, CHANNEL_NAME_PREFIX, g_strlen(CHANNEL_NAME_PREFIX)) == 0 ) )
        {
            name += g_strlen(CHANNEL_NAME_PREFIX);
            // locate and remove from list
@ -2145,28 +2181,6 @@ int update_allowed_channel_names(struct xrdp_wm *wm, struct list *names, struct
    return ret;
 }
 /* internal function return -1 if name is not in list
 * otherwise return the index 0->count-1*/
 int DEFAULT_CC
 find_name_in_lists(char *inName, struct list *names)
 {
    int reply = -1; /*means not in the list*/
    int index;
    char *name;
    for (index = 0; index < names->count; index++)
    {
        name = (char *)list_get_item(names, index);
        if ( (name != 0) && (g_strncmp(name, inName, MAX_CHANNEL_NAME) == 0) )
        {
            reply = index;
            break; /* stop loop - item found*/
        }
    }
    return reply;
 }
 /* internal function return 1 if name is in list of channels
 * and if the value is allowed */
 int DEFAULT_CC
@ -2174,7 +2188,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
 {
    int reply = 0; /*means not in the list*/
    int index;
-    char *val;    
+    char *val;
    index = find_name_in_lists(inName, names);
    if ( index >= 0 )
@ -2189,7 +2203,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
    else
    {
        log_message(LOG_LEVEL_INFO,"This channel is disabled (not in List): %s", inName);
-    }	
+    }
    return reply;
 }
@ -2215,7 +2229,7 @@ void init_channel_allowed(struct xrdp_wm *wm)
    names = list_create();
    values = list_create();
-    /* You can override the list of allowed channels individually for each 
+    /* You can override the list of allowed channels individually for each
     * session type. */
    if (   read_allowed_channel_names(names, values)
        && update_allowed_channel_names(wm, names, values) )
@ -2291,7 +2305,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
            break;
        }
    }
-    
+
    return reply;
 }
--- a/xrdp/xrdp_types.h
+++ b/xrdp/xrdp_types.h
@ -170,8 +170,9 @@ struct xrdp_pointer_item
  int stamp;
  int x; /* hotspot */
  int y;
-  char data[32 * 32 * 3];
+  char data[32 * 32 * 4];
  char mask[32 * 32 / 8];
  int bpp;
 };
 struct xrdp_brush_item
--- a/xrdp/xrdp_wm.c
+++ b/xrdp/xrdp_wm.c
@ -292,9 +292,10 @@ xrdp_wm_load_pointer(struct xrdp_wm *self, char *file_name, char *data,
 /*****************************************************************************/
 int APP_CC
 xrdp_wm_send_pointer(struct xrdp_wm *self, int cache_idx,
-                     char *data, char *mask, int x, int y)
+                     char *data, char *mask, int x, int y, int bpp)
 {
-    return libxrdp_send_pointer(self->session, cache_idx, data, mask, x, y);
+    return libxrdp_send_pointer(self->session, cache_idx, data, mask,
                                x, y, bpp);
 }
 /*****************************************************************************/
@ -541,13 +542,13 @@ xrdp_wm_init(struct xrdp_wm *self)
            names->auto_free = 1;
            values = list_create();
            values->auto_free = 1;
-	    /* domain names that starts with '_' are reserved for IP/DNS to simplify 
+            /* domain names that starts with '_' are reserved for IP/DNS to
-	     * for the user in a gateway setup */
+             * simplify for the user in a gateway setup */
-	    if(self->session->client_info->domain[0]!='_')
+            if (self->session->client_info->domain[0] != '_')
-	    {
+            {
-		g_strncpy(section_name, self->session->client_info->domain, 255);
+                g_strncpy(section_name, self->session->client_info->domain,
-	    }
+                          255);
-
+            }
            if (section_name[0] == 0)
            {
                if (autorun_name[0] == 0)