summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--configure.ac5
-rw-r--r--sesman/verify_user.c44
-rw-r--r--xrdp/Makefile.am1
-rw-r--r--xrdp/xrdp_mm.c15
4 files changed, 24 insertions, 41 deletions
diff --git a/configure.ac b/configure.ac
index 6dd4052e..d4315133 100644
--- a/configure.ac
+++ b/configure.ac
@@ -69,6 +69,11 @@ then
fi
fi
+if test "x$enable_nopam" = "xyes"
+then
+ AC_DEFINE([USE_NOPAM],1,[Disable PAM])
+fi
+
AS_IF( [test "x$enable_freerdp1" = "xyes"] , [PKG_CHECK_MODULES(FREERDP, freerdp >= 1.0.0)] )
# checking for libjpeg
diff --git a/sesman/verify_user.c b/sesman/verify_user.c
index 5bd89c73..85e614d3 100644
--- a/sesman/verify_user.c
+++ b/sesman/verify_user.c
@@ -50,12 +50,9 @@ auth_account_disabled(struct spwd *stp);
long DEFAULT_CC
auth_userpass(char *user, char *pass, int *errorcode)
{
- char salt[13] = "$1$";
- char hash[35] = "";
- char *encr = 0;
+ const char *encr;
struct passwd *spw;
struct spwd *stp;
- int saltcnt = 0;
spw = getpwnam(user);
@@ -76,50 +73,19 @@ auth_userpass(char *user, char *pass, int *errorcode)
if (1 == auth_account_disabled(stp))
{
- log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user);
+ log_message(LOG_LEVEL_INFO, "account %s is disabled", user);
return 0;
}
- g_strncpy(hash, stp->sp_pwdp, 34);
+ encr = stp->sp_pwdp;
}
else
{
/* old system with only passwd */
- g_strncpy(hash, spw->pw_passwd, 34);
- }
-
- hash[34] = '\0';
-
- if (g_strncmp(hash, "$1$", 3) == 0)
- {
- /* gnu style crypt(); */
- saltcnt = 3;
-
- while ((hash[saltcnt] != '$') && (saltcnt < 11))
- {
- salt[saltcnt] = hash[saltcnt];
- saltcnt++;
- }
-
- salt[saltcnt] = '$';
- salt[saltcnt + 1] = '\0';
- }
- else
- {
- /* classic two char salt */
- salt[0] = hash[0];
- salt[1] = hash[1];
- salt[2] = '\0';
- }
-
- encr = crypt(pass, salt);
-
- if (g_strncmp(encr, hash, 34) != 0)
- {
- return 0;
+ encr = spw->pw_passwd;
}
- return 1;
+ return (strcmp(encr, crypt(pass, encr)) == 0);
}
/******************************************************************************/
diff --git a/xrdp/Makefile.am b/xrdp/Makefile.am
index b755bbeb..25ab3eed 100644
--- a/xrdp/Makefile.am
+++ b/xrdp/Makefile.am
@@ -14,6 +14,7 @@ AM_CFLAGS = \
$(EXTRA_DEFINES)
INCLUDES = \
+ -I$(top_builddir) \
-I$(top_srcdir)/common \
-I$(top_srcdir)/libxrdp
diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c
index 1f5acaaf..008f191e 100644
--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@@ -17,12 +17,15 @@
*
* module manager
*/
+#include <config_ac.h>
#define ACCESS
#include "xrdp.h"
#include "log.h"
#ifdef ACCESS
+#ifndef USE_NOPAM
#include "security/_pam_types.h"
#endif
+#endif
/*****************************************************************************/
struct xrdp_mm *APP_CC
@@ -1071,6 +1074,7 @@ xrdp_mm_sesman_data_in(struct trans *trans)
}
#ifdef ACCESS
+#ifndef USE_NOPAM
/*********************************************************************/
/* return 0 on success */
int access_control(char *username, char *password, char *srv)
@@ -1183,6 +1187,7 @@ int access_control(char *username, char *password, char *srv)
return rec;
}
#endif
+#endif
/*****************************************************************************/
/* This routine clears all states to make sure that our next login will be
@@ -1206,6 +1211,7 @@ void cleanup_states(struct xrdp_mm *self)
}
}
#ifdef ACCESS
+#ifndef USE_NOPAM
const char *getPAMError(const int pamError)
{
switch(pamError){
@@ -1333,6 +1339,7 @@ const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self)
}
#endif
+#endif
/*****************************************************************************/
int APP_CC
xrdp_mm_connect(struct xrdp_mm *self)
@@ -1351,10 +1358,12 @@ xrdp_mm_connect(struct xrdp_mm *self)
char port[8];
char chansrvport[256];
#ifdef ACCESS
+#ifndef USE_NOPAM
int use_pam_auth = 0;
char pam_auth_sessionIP[256];
char pam_auth_password[256];
char pam_auth_username[256];
+#endif
char username[256];
char password[256];
username[0] = 0;
@@ -1390,6 +1399,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
}
#ifdef ACCESS
+#ifndef USE_NOPAM
else if (g_strcasecmp(name, "pamusername") == 0)
{
use_pam_auth = 1;
@@ -1403,6 +1413,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
{
g_strncpy(pam_auth_password, value, 255);
}
+#endif
else if (g_strcasecmp(name, "password") == 0)
{
g_strncpy(password, value, 255);
@@ -1421,7 +1432,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
}
#ifdef ACCESS
-
+#ifndef USE_NOPAM
if (use_pam_auth)
{
int reply;
@@ -1464,7 +1475,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
return rv;
}
}
-
+#endif
#endif
if (self->sesman_controlled)