added non pam authentication

ulab-original
jsorg71 20 years ago
parent 86ecad1197
commit 74a67d2d3f

@ -0,0 +1,29 @@
DESTDIR = /usr/local/xrdp
all: world
world:
make -C vnc
make -C xrdp
make -C sesman
clean:
make -C vnc clean
make -C xrdp clean
make -C sesman clean
install:
mkdir -p $(DESTDIR)
install xrdp/xrdp $(DESTDIR)/xrdp
install xrdp/ad256.bmp $(DESTDIR)/ad256.bmp
install xrdp/xrdp256.bmp $(DESTDIR)/xrdp256.bmp
install xrdp/cursor0.cur $(DESTDIR)/cursor0.cur
install xrdp/cursor1.cur $(DESTDIR)/cursor1.cur
install xrdp/Tahoma-10.fv1 $(DESTDIR)/Tahoma-10.fv1
install vnc/libvnc.so $(DESTDIR)/libvnc.so
install sesman/sesman $(DESTDIR)/sesman
install instfiles/sesman.ini $(DESTDIR)/sesman.ini
install instfiles/startwm.sh $(DESTDIR)/startwm.sh
install instfiles/xrdp.ini $(DESTDIR)/xrdp.ini
install instfiles/xrdpstart.sh $(DESTDIR)/xrdpstart.sh

@ -1,10 +1,22 @@
SESMANOBJ = sesman.o os_calls.o d3des.o
# uncomment the next line to use pam_userpass
# in verify_user.c
#USE_PAM = ""
SESMANOBJ = sesman.o verify_user.o os_calls.o d3des.o
ifdef USE_PAM
CFLAGS = -Wall -O2 -I../common -DUSE_PAM
else
CFLAGS = -Wall -O2 -I../common
endif
C_OS_FLAGS = $(CFLAGS) -c
LDFLAGS = -L /usr/gnu/lib
LIBS = -lpam_userpass -lpam
ifdef USE_PAM
LIBS = -lpam -lpam_userpass
else
LIBS = -ldl -lcrypt
endif
PAMLIB =
CC = gcc

@ -37,16 +37,14 @@
#include "d3des.h"
#include <security/pam_userpass.h>
#include "arch.h"
#include "parse.h"
#include "os_calls.h"
#define SERVICE "xrdp"
int auth_userpass(char* user, char* pass);
int g_sck;
int g_pid;
static int g_sck;
static int g_pid;
struct session_item
{
@ -60,7 +58,7 @@ struct session_item
static unsigned char s_fixedkey[8] = {23, 82, 107, 6, 35, 78, 88, 7};
struct session_item session_items[100];
static struct session_item session_items[100];
/*****************************************************************************/
int tcp_force_recv(int sck, char* data, int len)
@ -184,47 +182,6 @@ int x_server_running(int display)
return access(text, F_OK) == 0;
}
/******************************************************************************/
/* returns boolean */
int auth_pam_userpass(const char* user, const char* pass)
{
pam_handle_t* pamh;
pam_userpass_t userpass;
struct pam_conv conv = {pam_userpass_conv, &userpass};
const void* template1;
int status;
userpass.user = user;
userpass.pass = pass;
if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
{
return 0;
}
status = pam_authenticate(pamh, 0);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
status = pam_acct_mgmt(pamh, 0);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
status = pam_get_item(pamh, PAM_USER, &template1);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
{
return 0;
}
return 1;
}
/******************************************************************************/
void cterm(int s)
{
@ -503,7 +460,7 @@ start session\n");
in_uint16_be(in_s, height);
in_uint16_be(in_s, bpp);
//g_printf("%d %d %d\n", width, height, bpp);
ok = auth_pam_userpass(user, pass);
ok = auth_userpass(user, pass);
display = 0;
if (ok)
{

@ -0,0 +1,137 @@
/*
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
xrdp: A Remote Desktop Protocol server.
Copyright (C) Jay Sorg 2005
authenticate user
*/
#ifdef USE_PAM
#include <security/pam_userpass.h>
#define SERVICE "xrdp"
/******************************************************************************/
/* returns boolean */
int auth_userpass(char* user, char* pass)
{
pam_handle_t* pamh;
pam_userpass_t userpass;
struct pam_conv conv = {pam_userpass_conv, &userpass};
const void* template1;
int status;
userpass.user = user;
userpass.pass = pass;
if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
{
return 0;
}
status = pam_authenticate(pamh, 0);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
status = pam_acct_mgmt(pamh, 0);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
status = pam_get_item(pamh, PAM_USER, &template1);
if (status != PAM_SUCCESS)
{
pam_end(pamh, status);
return 0;
}
if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
{
return 0;
}
return 1;
}
#else
#define _XOPEN_SOURCE
#include <unistd.h>
#include <string.h>
#include <shadow.h>
#include <pwd.h>
/******************************************************************************/
/* returns boolean */
int auth_userpass(char* user, char* pass)
{
char salt[13] = "$1$";
char hash[35] = "";
char* encr = 0;
struct passwd* spw;
struct spwd* stp;
int saltcnt = 0;
spw = getpwnam(user);
if (spw == 0)
{
return 0;
}
if (strncmp(spw->pw_passwd, "x", 3) == 0)
{
/* the system is using shadow */
stp = getspnam(user);
if (stp == 0)
{
return 0;
}
strncpy(hash, stp->sp_pwdp, 34);
}
else
{
/* old system with only passwd */
strncpy(hash, spw->pw_passwd, 34);
}
hash[34] = '\0';
if (strncmp(hash, "$1$", 3) == 0)
{
/* gnu style crypt(); */
saltcnt = 3;
while ((hash[saltcnt] != '$') && (saltcnt < 11))
{
salt[saltcnt] = hash[saltcnt];
saltcnt++;
}
salt[saltcnt] = '$';
salt[saltcnt + 1] = '\0';
}
else
{
/* classic two char salt */
salt[0] = hash[0];
salt[1] = hash[1];
salt[2] = '\0';
}
encr = crypt(pass,salt);
if (strncmp(encr, hash, 34) != 0)
{
return 0;
}
return 1;
}
#endif
Loading…
Cancel
Save