diff options
Diffstat (limited to 'sesman')
-rw-r--r-- | sesman/Makefile | 16 | ||||
-rw-r--r-- | sesman/sesman.c | 53 | ||||
-rw-r--r-- | sesman/verify_user.c | 137 |
3 files changed, 156 insertions, 50 deletions
diff --git a/sesman/Makefile b/sesman/Makefile index 252839fe..d75f3e04 100644 --- a/sesman/Makefile +++ b/sesman/Makefile @@ -1,10 +1,22 @@ -SESMANOBJ = sesman.o os_calls.o d3des.o +# uncomment the next line to use pam_userpass +# in verify_user.c +#USE_PAM = "" +SESMANOBJ = sesman.o verify_user.o os_calls.o d3des.o + +ifdef USE_PAM +CFLAGS = -Wall -O2 -I../common -DUSE_PAM +else CFLAGS = -Wall -O2 -I../common +endif C_OS_FLAGS = $(CFLAGS) -c LDFLAGS = -L /usr/gnu/lib -LIBS = -lpam_userpass -lpam +ifdef USE_PAM +LIBS = -lpam -lpam_userpass +else +LIBS = -ldl -lcrypt +endif PAMLIB = CC = gcc diff --git a/sesman/sesman.c b/sesman/sesman.c index ae791fec..78cc41ee 100644 --- a/sesman/sesman.c +++ b/sesman/sesman.c @@ -37,16 +37,14 @@ #include "d3des.h" -#include <security/pam_userpass.h> - #include "arch.h" #include "parse.h" #include "os_calls.h" -#define SERVICE "xrdp" +int auth_userpass(char* user, char* pass); -int g_sck; -int g_pid; +static int g_sck; +static int g_pid; struct session_item { @@ -60,7 +58,7 @@ struct session_item static unsigned char s_fixedkey[8] = {23, 82, 107, 6, 35, 78, 88, 7}; -struct session_item session_items[100]; +static struct session_item session_items[100]; /*****************************************************************************/ int tcp_force_recv(int sck, char* data, int len) @@ -185,47 +183,6 @@ int x_server_running(int display) } /******************************************************************************/ -/* returns boolean */ -int auth_pam_userpass(const char* user, const char* pass) -{ - pam_handle_t* pamh; - pam_userpass_t userpass; - struct pam_conv conv = {pam_userpass_conv, &userpass}; - const void* template1; - int status; - - userpass.user = user; - userpass.pass = pass; - if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS) - { - return 0; - } - status = pam_authenticate(pamh, 0); - if (status != PAM_SUCCESS) - { - pam_end(pamh, status); - return 0; - } - status = pam_acct_mgmt(pamh, 0); - if (status != PAM_SUCCESS) - { - pam_end(pamh, status); - return 0; - } - status = pam_get_item(pamh, PAM_USER, &template1); - if (status != PAM_SUCCESS) - { - pam_end(pamh, status); - return 0; - } - if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS) - { - return 0; - } - return 1; -} - -/******************************************************************************/ void cterm(int s) { int i; @@ -503,7 +460,7 @@ start session\n"); in_uint16_be(in_s, height); in_uint16_be(in_s, bpp); //g_printf("%d %d %d\n", width, height, bpp); - ok = auth_pam_userpass(user, pass); + ok = auth_userpass(user, pass); display = 0; if (ok) { diff --git a/sesman/verify_user.c b/sesman/verify_user.c new file mode 100644 index 00000000..60ff48c0 --- /dev/null +++ b/sesman/verify_user.c @@ -0,0 +1,137 @@ +/* + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + xrdp: A Remote Desktop Protocol server. + Copyright (C) Jay Sorg 2005 + + authenticate user + +*/ + +#ifdef USE_PAM + +#include <security/pam_userpass.h> + +#define SERVICE "xrdp" + +/******************************************************************************/ +/* returns boolean */ +int auth_userpass(char* user, char* pass) +{ + pam_handle_t* pamh; + pam_userpass_t userpass; + struct pam_conv conv = {pam_userpass_conv, &userpass}; + const void* template1; + int status; + + userpass.user = user; + userpass.pass = pass; + if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS) + { + return 0; + } + status = pam_authenticate(pamh, 0); + if (status != PAM_SUCCESS) + { + pam_end(pamh, status); + return 0; + } + status = pam_acct_mgmt(pamh, 0); + if (status != PAM_SUCCESS) + { + pam_end(pamh, status); + return 0; + } + status = pam_get_item(pamh, PAM_USER, &template1); + if (status != PAM_SUCCESS) + { + pam_end(pamh, status); + return 0; + } + if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS) + { + return 0; + } + return 1; +} + +#else + +#define _XOPEN_SOURCE +#include <unistd.h> +#include <string.h> +#include <shadow.h> +#include <pwd.h> + +/******************************************************************************/ +/* returns boolean */ +int auth_userpass(char* user, char* pass) +{ + char salt[13] = "$1$"; + char hash[35] = ""; + char* encr = 0; + struct passwd* spw; + struct spwd* stp; + int saltcnt = 0; + + spw = getpwnam(user); + if (spw == 0) + { + return 0; + } + if (strncmp(spw->pw_passwd, "x", 3) == 0) + { + /* the system is using shadow */ + stp = getspnam(user); + if (stp == 0) + { + return 0; + } + strncpy(hash, stp->sp_pwdp, 34); + } + else + { + /* old system with only passwd */ + strncpy(hash, spw->pw_passwd, 34); + } + hash[34] = '\0'; + if (strncmp(hash, "$1$", 3) == 0) + { + /* gnu style crypt(); */ + saltcnt = 3; + while ((hash[saltcnt] != '$') && (saltcnt < 11)) + { + salt[saltcnt] = hash[saltcnt]; + saltcnt++; + } + salt[saltcnt] = '$'; + salt[saltcnt + 1] = '\0'; + } + else + { + /* classic two char salt */ + salt[0] = hash[0]; + salt[1] = hash[1]; + salt[2] = '\0'; + } + encr = crypt(pass,salt); + if (strncmp(encr, hash, 34) != 0) + { + return 0; + } + return 1; +} + +#endif |