You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
535 lines
13 KiB
535 lines
13 KiB
/*
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
xrdp: A Remote Desktop Protocol server.
|
|
Copyright (C) Jay Sorg 2005
|
|
|
|
session manager
|
|
linux only
|
|
|
|
*/
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/wait.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/stat.h>
|
|
#include <netinet/in.h>
|
|
#include <netinet/tcp.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <pwd.h>
|
|
#include <signal.h>
|
|
#include <grp.h>
|
|
|
|
#include "d3des.h"
|
|
|
|
#include <security/pam_userpass.h>
|
|
|
|
#include "arch.h"
|
|
#include "parse.h"
|
|
#include "os_calls.h"
|
|
|
|
#define SERVICE "xrdp"
|
|
|
|
struct session_item
|
|
{
|
|
char name[256];
|
|
int pid; // pid of sesman waiting for wm to end
|
|
int display;
|
|
int width;
|
|
int height;
|
|
int bpp;
|
|
};
|
|
|
|
static unsigned char s_fixedkey[8] = {23, 82, 107, 6, 35, 78, 88, 7};
|
|
|
|
struct session_item session_items[100];
|
|
|
|
/******************************************************************************/
|
|
struct session_item* find_session_item(char* name, int width,
|
|
int height, int bpp)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < 100; i++)
|
|
{
|
|
if (g_strcmp(name, session_items[i].name) == 0 &&
|
|
session_items[i].width == width &&
|
|
session_items[i].height == height &&
|
|
session_items[i].bpp == bpp)
|
|
{
|
|
return session_items + i;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
struct session_item* find_session_item_by_name(char* name)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < 100; i++)
|
|
{
|
|
if (g_strcmp(name, session_items[i].name) == 0)
|
|
{
|
|
return session_items + i;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
struct session_item* find_session_item_by_display(int display)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < 100; i++)
|
|
{
|
|
if (session_items[i].display == display)
|
|
{
|
|
return session_items + i;
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
int x_server_running(int display)
|
|
{
|
|
char text[256];
|
|
|
|
g_sprintf(text, "/tmp/.X11-unix/X%d", display);
|
|
return access(text, F_OK) == 0;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
/* returns boolean */
|
|
int auth_pam_userpass(const char* user, const char* pass)
|
|
{
|
|
pam_handle_t* pamh;
|
|
pam_userpass_t userpass;
|
|
struct pam_conv conv = {pam_userpass_conv, &userpass};
|
|
const void* template1;
|
|
int status;
|
|
|
|
userpass.user = user;
|
|
userpass.pass = pass;
|
|
if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
|
|
{
|
|
return 0;
|
|
}
|
|
status = pam_authenticate(pamh, 0);
|
|
if (status != PAM_SUCCESS)
|
|
{
|
|
pam_end(pamh, status);
|
|
return 0;
|
|
}
|
|
status = pam_acct_mgmt(pamh, 0);
|
|
if (status != PAM_SUCCESS)
|
|
{
|
|
pam_end(pamh, status);
|
|
return 0;
|
|
}
|
|
status = pam_get_item(pamh, PAM_USER, &template1);
|
|
if (status != PAM_SUCCESS)
|
|
{
|
|
pam_end(pamh, status);
|
|
return 0;
|
|
}
|
|
if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
|
|
{
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
void cterm(int s)
|
|
{
|
|
int i;
|
|
int pid;
|
|
int wstat;
|
|
|
|
pid = waitpid(0, &wstat, WNOHANG);
|
|
if (pid > 0)
|
|
{
|
|
for (i = 0; i < 100; i++)
|
|
{
|
|
if (session_items[i].pid == pid)
|
|
{
|
|
g_memset(session_items + i, 0, sizeof(struct session_item));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
/******************************************************************************/
|
|
/* ge the next available X display */
|
|
int get_next_display(void)
|
|
{
|
|
int i;
|
|
|
|
for (i = 10; i < 100; i++)
|
|
{
|
|
if (!x_server_running(i))
|
|
{
|
|
return i;
|
|
}
|
|
}
|
|
return -1;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
int check_password_file(char* filename, char* password)
|
|
{
|
|
char encryptedPasswd[16];
|
|
int fd;
|
|
|
|
g_memset(encryptedPasswd, 0, 16);
|
|
g_strncpy(encryptedPasswd, password, 8);
|
|
rfbDesKey(s_fixedkey, 0);
|
|
rfbDes(encryptedPasswd, encryptedPasswd);
|
|
fd = g_file_open(filename);
|
|
if (fd == 0)
|
|
{
|
|
return 1;
|
|
}
|
|
g_file_write(fd, encryptedPasswd, 8);
|
|
g_file_close(fd);
|
|
chmod(filename, S_IRUSR | S_IWUSR);
|
|
return 0;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
int start_session(int width, int height, int bpp, char* username,
|
|
char* password)
|
|
{
|
|
int display;
|
|
int pid;
|
|
int uid;
|
|
int wmpid;
|
|
int xpid;
|
|
int error;
|
|
struct passwd* pwd_1;
|
|
char text[256];
|
|
char passwd_file[256];
|
|
char geometry[32];
|
|
char depth[32];
|
|
char screen[32];
|
|
char cur_dir[256];
|
|
|
|
getcwd(cur_dir, 255);
|
|
display = 10;
|
|
while (x_server_running(display) && display < 50)
|
|
{
|
|
display++;
|
|
}
|
|
if (display >= 50)
|
|
{
|
|
return 0;
|
|
}
|
|
wmpid = 0;
|
|
pid = fork();
|
|
if (pid == -1)
|
|
{
|
|
}
|
|
else if (pid == 0) // child
|
|
{
|
|
pwd_1 = getpwnam(username);
|
|
if (pwd_1 != 0)
|
|
{
|
|
/* set uid and groups */
|
|
error = initgroups(pwd_1->pw_name, pwd_1->pw_gid);
|
|
if (error == 0)
|
|
{
|
|
error = setgid(pwd_1->pw_gid);
|
|
}
|
|
if (error == 0)
|
|
{
|
|
uid = pwd_1->pw_uid;
|
|
error = setuid(uid);
|
|
}
|
|
if (error == 0)
|
|
{
|
|
clearenv();
|
|
setenv("PATH", "/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin", 1);
|
|
setenv("USER", username, 1);
|
|
g_sprintf(text, "%d", uid);
|
|
setenv("UID", text, 1);
|
|
setenv("HOME", pwd_1->pw_dir, 1);
|
|
chdir(pwd_1->pw_dir);
|
|
g_sprintf(text, ":%d.0", display);
|
|
setenv("DISPLAY", text, 1);
|
|
g_sprintf(geometry, "%dx%d", width, height);
|
|
g_sprintf(depth, "%d", bpp);
|
|
g_sprintf(screen, ":%d", display);
|
|
mkdir(".vnc", S_IRWXU);
|
|
g_sprintf(passwd_file, "%s/.vnc/sesman_passwd", pwd_1->pw_dir);
|
|
check_password_file(passwd_file, password);
|
|
wmpid = fork();
|
|
if (wmpid == -1)
|
|
{
|
|
}
|
|
else if (wmpid == 0) // child
|
|
{
|
|
// give X a bit to start
|
|
g_sleep(500);
|
|
if (x_server_running(display))
|
|
{
|
|
g_sprintf(text, "%s/startwm.sh", cur_dir);
|
|
execlp(text, "startwm.sh", NULL);
|
|
// should not get here
|
|
}
|
|
g_printf("error\n");
|
|
_exit(0);
|
|
}
|
|
else // parent
|
|
{
|
|
xpid = fork();
|
|
if (xpid == -1)
|
|
{
|
|
}
|
|
else if (xpid == 0) // child
|
|
{
|
|
execlp("Xvnc", "Xvnc", screen, "-geometry", geometry,
|
|
"-depth", depth, "-bs", "-rfbauth", passwd_file,
|
|
NULL);
|
|
// should not get here
|
|
g_printf("error\n");
|
|
_exit(0);
|
|
}
|
|
else // parent
|
|
{
|
|
waitpid(wmpid, 0, 0);
|
|
kill(xpid, SIGTERM);
|
|
kill(wmpid, SIGTERM);
|
|
_exit(0);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else // parent
|
|
{
|
|
signal(SIGCHLD, cterm);
|
|
session_items[display].pid = pid;
|
|
g_strcpy(session_items[display].name, username);
|
|
session_items[display].display = display;
|
|
session_items[display].width = width;
|
|
session_items[display].height = height;
|
|
session_items[display].bpp = bpp;
|
|
g_sleep(5000);
|
|
}
|
|
return display;
|
|
}
|
|
|
|
/******************************************************************************/
|
|
int main(int argc, char** argv)
|
|
{
|
|
int sck;
|
|
int in_sck;
|
|
int code;
|
|
int i;
|
|
int size;
|
|
int version;
|
|
int ok;
|
|
int width;
|
|
int height;
|
|
int bpp;
|
|
int display;
|
|
int error;
|
|
struct stream* in_s;
|
|
struct stream* out_s;
|
|
char* username;
|
|
char* password;
|
|
char user[256];
|
|
char pass[256];
|
|
struct session_item* s_item;
|
|
|
|
g_memset(&session_items, 0, sizeof(session_items));
|
|
if (argc == 1)
|
|
{
|
|
g_printf("xrdp session manager v0.1\n");
|
|
g_printf("usage\n");
|
|
g_printf("sesman wait - wait for connection\n");
|
|
g_printf("sesman server username password width height bpp - \
|
|
start session\n");
|
|
}
|
|
else if (argc == 2 && g_strcmp(argv[1], "wait") == 0)
|
|
{
|
|
make_stream(in_s);
|
|
init_stream(in_s, 8192);
|
|
make_stream(out_s);
|
|
init_stream(out_s, 8192);
|
|
g_printf("listening\n");
|
|
sck = g_tcp_socket();
|
|
g_tcp_set_non_blocking(sck);
|
|
error = g_tcp_bind(sck, "3350");
|
|
if (error == 0)
|
|
{
|
|
error = g_tcp_listen(sck);
|
|
if (error == 0)
|
|
{
|
|
in_sck = g_tcp_accept(sck);
|
|
while (in_sck == -1 && g_tcp_last_error_would_block(sck))
|
|
{
|
|
g_sleep(1000);
|
|
in_sck = g_tcp_accept(sck);
|
|
}
|
|
while (in_sck > 0)
|
|
{
|
|
init_stream(in_s, 8192);
|
|
if (g_tcp_force_recv(in_sck, in_s->data, 8) == 0)
|
|
{
|
|
in_uint32_be(in_s, version);
|
|
in_uint32_be(in_s, size);
|
|
init_stream(in_s, 8192);
|
|
if (g_tcp_force_recv(in_sck, in_s->data, size - 8) == 0)
|
|
{
|
|
if (version == 0)
|
|
{
|
|
in_uint16_be(in_s, code);
|
|
if (code == 0) // check username - password, start session
|
|
{
|
|
in_uint16_be(in_s, i);
|
|
in_uint8a(in_s, user, i);
|
|
user[i] = 0;
|
|
//g_printf("%s\n", user);
|
|
in_uint16_be(in_s, i);
|
|
in_uint8a(in_s, pass, i);
|
|
pass[i] = 0;
|
|
//g_printf("%s\n", pass);
|
|
in_uint16_be(in_s, width);
|
|
in_uint16_be(in_s, height);
|
|
in_uint16_be(in_s, bpp);
|
|
//g_printf("%d %d %d\n", width, height, bpp);
|
|
ok = auth_pam_userpass(user, pass);
|
|
display = 0;
|
|
if (ok)
|
|
{
|
|
s_item = find_session_item(user, width, height, bpp);
|
|
if (s_item != 0)
|
|
{
|
|
display = s_item->display;
|
|
}
|
|
else
|
|
{
|
|
display = start_session(width, height, bpp, user, pass);
|
|
}
|
|
if (display == 0)
|
|
{
|
|
ok = 0;
|
|
}
|
|
}
|
|
init_stream(out_s, 8192);
|
|
out_uint32_be(out_s, 0); // version
|
|
out_uint32_be(out_s, 14); // size
|
|
out_uint16_be(out_s, 3); // cmd
|
|
out_uint16_be(out_s, ok); // data
|
|
out_uint16_be(out_s, display); // data
|
|
s_mark_end(out_s);
|
|
g_tcp_force_send(in_sck, out_s->data,
|
|
out_s->end - out_s->data);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
close(in_sck);
|
|
in_sck = g_tcp_accept(sck);
|
|
while (in_sck == -1 && g_tcp_last_error_would_block(sck))
|
|
{
|
|
g_sleep(1000);
|
|
in_sck = g_tcp_accept(sck);
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
g_printf("listen error\n");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
g_printf("bind error\n");
|
|
}
|
|
g_tcp_close(sck);
|
|
free_stream(in_s);
|
|
free_stream(out_s);
|
|
}
|
|
else if (argc == 7)
|
|
{
|
|
username = argv[2];
|
|
password = argv[3];
|
|
width = atoi(argv[4]);
|
|
height = atoi(argv[5]);
|
|
bpp = atoi(argv[6]);
|
|
make_stream(in_s);
|
|
init_stream(in_s, 8192);
|
|
make_stream(out_s);
|
|
init_stream(out_s, 8192);
|
|
sck = g_tcp_socket();
|
|
if (g_tcp_connect(sck, argv[1], "3350") == 0)
|
|
{
|
|
s_push_layer(out_s, channel_hdr, 8);
|
|
out_uint16_be(out_s, 0); // code
|
|
i = g_strlen(username);
|
|
out_uint16_be(out_s, i);
|
|
out_uint8a(out_s, username, i);
|
|
i = g_strlen(password);
|
|
out_uint16_be(out_s, i);
|
|
out_uint8a(out_s, password, i);
|
|
//g_printf("%d\n", width);
|
|
out_uint16_be(out_s, width);
|
|
out_uint16_be(out_s, height);
|
|
out_uint16_be(out_s, bpp);
|
|
s_mark_end(out_s);
|
|
s_pop_layer(out_s, channel_hdr);
|
|
out_uint32_be(out_s, 0); // version
|
|
out_uint32_be(out_s, out_s->end - out_s->data); // size
|
|
g_tcp_force_send(sck, out_s->data, out_s->end - out_s->data);
|
|
if (g_tcp_force_recv(sck, in_s->data, 8) == 0)
|
|
{
|
|
in_uint32_be(in_s, version);
|
|
in_uint32_be(in_s, size);
|
|
init_stream(in_s, 8192);
|
|
if (g_tcp_force_recv(sck, in_s->data, size - 8) == 0)
|
|
{
|
|
if (version == 0)
|
|
{
|
|
in_uint16_be(in_s, code);
|
|
if (code == 3)
|
|
{
|
|
in_uint16_be(in_s, ok);
|
|
in_uint16_be(in_s, display);
|
|
g_printf("ok %d display %d\n", ok, display);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
g_printf("connect error\n");
|
|
}
|
|
g_tcp_close(sck);
|
|
free_stream(in_s);
|
|
free_stream(out_s);
|
|
}
|
|
return 0;
|
|
}
|