summaryrefslogtreecommitdiffstats
path: root/sesman
diff options
context:
space:
mode:
authorjsorg71 <jsorg71>2005-06-04 23:51:51 +0000
committerjsorg71 <jsorg71>2005-06-04 23:51:51 +0000
commit74a67d2d3f9fd1e4e120373e49e6b02858d92bb9 (patch)
tree67eed529006be30b659e3571fb9adb57d66a3b66 /sesman
parent86ecad1197c04520d98ac62a8906e7b55a8b6e8d (diff)
downloadxrdp-proprietary-74a67d2d3f9fd1e4e120373e49e6b02858d92bb9.tar.gz
xrdp-proprietary-74a67d2d3f9fd1e4e120373e49e6b02858d92bb9.zip
added non pam authentication
Diffstat (limited to 'sesman')
-rw-r--r--sesman/Makefile16
-rw-r--r--sesman/sesman.c53
-rw-r--r--sesman/verify_user.c137
3 files changed, 156 insertions, 50 deletions
diff --git a/sesman/Makefile b/sesman/Makefile
index 252839fe..d75f3e04 100644
--- a/sesman/Makefile
+++ b/sesman/Makefile
@@ -1,10 +1,22 @@
-SESMANOBJ = sesman.o os_calls.o d3des.o
+# uncomment the next line to use pam_userpass
+# in verify_user.c
+#USE_PAM = ""
+SESMANOBJ = sesman.o verify_user.o os_calls.o d3des.o
+
+ifdef USE_PAM
+CFLAGS = -Wall -O2 -I../common -DUSE_PAM
+else
CFLAGS = -Wall -O2 -I../common
+endif
C_OS_FLAGS = $(CFLAGS) -c
LDFLAGS = -L /usr/gnu/lib
-LIBS = -lpam_userpass -lpam
+ifdef USE_PAM
+LIBS = -lpam -lpam_userpass
+else
+LIBS = -ldl -lcrypt
+endif
PAMLIB =
CC = gcc
diff --git a/sesman/sesman.c b/sesman/sesman.c
index ae791fec..78cc41ee 100644
--- a/sesman/sesman.c
+++ b/sesman/sesman.c
@@ -37,16 +37,14 @@
#include "d3des.h"
-#include <security/pam_userpass.h>
-
#include "arch.h"
#include "parse.h"
#include "os_calls.h"
-#define SERVICE "xrdp"
+int auth_userpass(char* user, char* pass);
-int g_sck;
-int g_pid;
+static int g_sck;
+static int g_pid;
struct session_item
{
@@ -60,7 +58,7 @@ struct session_item
static unsigned char s_fixedkey[8] = {23, 82, 107, 6, 35, 78, 88, 7};
-struct session_item session_items[100];
+static struct session_item session_items[100];
/*****************************************************************************/
int tcp_force_recv(int sck, char* data, int len)
@@ -185,47 +183,6 @@ int x_server_running(int display)
}
/******************************************************************************/
-/* returns boolean */
-int auth_pam_userpass(const char* user, const char* pass)
-{
- pam_handle_t* pamh;
- pam_userpass_t userpass;
- struct pam_conv conv = {pam_userpass_conv, &userpass};
- const void* template1;
- int status;
-
- userpass.user = user;
- userpass.pass = pass;
- if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
- {
- return 0;
- }
- status = pam_authenticate(pamh, 0);
- if (status != PAM_SUCCESS)
- {
- pam_end(pamh, status);
- return 0;
- }
- status = pam_acct_mgmt(pamh, 0);
- if (status != PAM_SUCCESS)
- {
- pam_end(pamh, status);
- return 0;
- }
- status = pam_get_item(pamh, PAM_USER, &template1);
- if (status != PAM_SUCCESS)
- {
- pam_end(pamh, status);
- return 0;
- }
- if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
- {
- return 0;
- }
- return 1;
-}
-
-/******************************************************************************/
void cterm(int s)
{
int i;
@@ -503,7 +460,7 @@ start session\n");
in_uint16_be(in_s, height);
in_uint16_be(in_s, bpp);
//g_printf("%d %d %d\n", width, height, bpp);
- ok = auth_pam_userpass(user, pass);
+ ok = auth_userpass(user, pass);
display = 0;
if (ok)
{
diff --git a/sesman/verify_user.c b/sesman/verify_user.c
new file mode 100644
index 00000000..60ff48c0
--- /dev/null
+++ b/sesman/verify_user.c
@@ -0,0 +1,137 @@
+/*
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ xrdp: A Remote Desktop Protocol server.
+ Copyright (C) Jay Sorg 2005
+
+ authenticate user
+
+*/
+
+#ifdef USE_PAM
+
+#include <security/pam_userpass.h>
+
+#define SERVICE "xrdp"
+
+/******************************************************************************/
+/* returns boolean */
+int auth_userpass(char* user, char* pass)
+{
+ pam_handle_t* pamh;
+ pam_userpass_t userpass;
+ struct pam_conv conv = {pam_userpass_conv, &userpass};
+ const void* template1;
+ int status;
+
+ userpass.user = user;
+ userpass.pass = pass;
+ if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
+ {
+ return 0;
+ }
+ status = pam_authenticate(pamh, 0);
+ if (status != PAM_SUCCESS)
+ {
+ pam_end(pamh, status);
+ return 0;
+ }
+ status = pam_acct_mgmt(pamh, 0);
+ if (status != PAM_SUCCESS)
+ {
+ pam_end(pamh, status);
+ return 0;
+ }
+ status = pam_get_item(pamh, PAM_USER, &template1);
+ if (status != PAM_SUCCESS)
+ {
+ pam_end(pamh, status);
+ return 0;
+ }
+ if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
+ {
+ return 0;
+ }
+ return 1;
+}
+
+#else
+
+#define _XOPEN_SOURCE
+#include <unistd.h>
+#include <string.h>
+#include <shadow.h>
+#include <pwd.h>
+
+/******************************************************************************/
+/* returns boolean */
+int auth_userpass(char* user, char* pass)
+{
+ char salt[13] = "$1$";
+ char hash[35] = "";
+ char* encr = 0;
+ struct passwd* spw;
+ struct spwd* stp;
+ int saltcnt = 0;
+
+ spw = getpwnam(user);
+ if (spw == 0)
+ {
+ return 0;
+ }
+ if (strncmp(spw->pw_passwd, "x", 3) == 0)
+ {
+ /* the system is using shadow */
+ stp = getspnam(user);
+ if (stp == 0)
+ {
+ return 0;
+ }
+ strncpy(hash, stp->sp_pwdp, 34);
+ }
+ else
+ {
+ /* old system with only passwd */
+ strncpy(hash, spw->pw_passwd, 34);
+ }
+ hash[34] = '\0';
+ if (strncmp(hash, "$1$", 3) == 0)
+ {
+ /* gnu style crypt(); */
+ saltcnt = 3;
+ while ((hash[saltcnt] != '$') && (saltcnt < 11))
+ {
+ salt[saltcnt] = hash[saltcnt];
+ saltcnt++;
+ }
+ salt[saltcnt] = '$';
+ salt[saltcnt + 1] = '\0';
+ }
+ else
+ {
+ /* classic two char salt */
+ salt[0] = hash[0];
+ salt[1] = hash[1];
+ salt[2] = '\0';
+ }
+ encr = crypt(pass,salt);
+ if (strncmp(encr, hash, 34) != 0)
+ {
+ return 0;
+ }
+ return 1;
+}
+
+#endif