added non pam authentication

19 years ago · 74a67d2d3f
parent 86ecad1197
commit 74a67d2d3f
4 changed files with 185 additions and 50 deletions
--- a/29
+++ b/29
@ -0,0 +1,29 @@
+
+DESTDIR = /usr/local/xrdp
+
+all: world
+
+world:
+	make -C vnc
+	make -C xrdp
+	make -C sesman
+
+clean:
+	make -C vnc clean
+	make -C xrdp clean
+	make -C sesman clean
+
+install:
+	mkdir -p $(DESTDIR)
+	install xrdp/xrdp $(DESTDIR)/xrdp
+	install xrdp/ad256.bmp $(DESTDIR)/ad256.bmp
+	install xrdp/xrdp256.bmp $(DESTDIR)/xrdp256.bmp
+	install xrdp/cursor0.cur $(DESTDIR)/cursor0.cur
+	install xrdp/cursor1.cur $(DESTDIR)/cursor1.cur
+	install xrdp/Tahoma-10.fv1 $(DESTDIR)/Tahoma-10.fv1
+	install vnc/libvnc.so $(DESTDIR)/libvnc.so
+	install sesman/sesman $(DESTDIR)/sesman
+	install instfiles/sesman.ini $(DESTDIR)/sesman.ini
+	install instfiles/startwm.sh $(DESTDIR)/startwm.sh
+	install instfiles/xrdp.ini $(DESTDIR)/xrdp.ini
+	install instfiles/xrdpstart.sh $(DESTDIR)/xrdpstart.sh
--- a/sesman/Makefile
+++ b/sesman/Makefile
@ -1,10 +1,22 @@

-SESMANOBJ = sesman.o os_calls.o d3des.o
+# uncomment the next line to use pam_userpass
+# in verify_user.c
+#USE_PAM = ""

+SESMANOBJ = sesman.o verify_user.o os_calls.o d3des.o
+
+ifdef USE_PAM
+CFLAGS = -Wall -O2 -I../common -DUSE_PAM
+else
 CFLAGS = -Wall -O2 -I../common
+endif
 C_OS_FLAGS = $(CFLAGS) -c
 LDFLAGS = -L /usr/gnu/lib
-LIBS = -lpam_userpass -lpam
+ifdef USE_PAM
+LIBS = -lpam -lpam_userpass
+else
+LIBS = -ldl -lcrypt
+endif
 PAMLIB =
 CC = gcc

--- a/sesman/sesman.c
+++ b/sesman/sesman.c
@ -37,16 +37,14 @@

 #include "d3des.h"

-#include <security/pam_userpass.h>
-
 #include "arch.h"
 #include "parse.h"
 #include "os_calls.h"

-#define SERVICE "xrdp"
+int auth_userpass(char* user, char* pass);

-int g_sck;
-int g_pid;
+static int g_sck;
+static int g_pid;

 struct session_item
 {
@ -60,7 +58,7 @@ struct session_item

 static unsigned char s_fixedkey[8] = {23, 82, 107, 6, 35, 78, 88, 7};

-struct session_item session_items[100];
+static struct session_item session_items[100];

 /*****************************************************************************/
 int tcp_force_recv(int sck, char* data, int len)
@ -184,47 +182,6 @@ int x_server_running(int display)
  return access(text, F_OK) == 0;
 }

-/******************************************************************************/
-/* returns boolean */
-int auth_pam_userpass(const char* user, const char* pass)
-{
-  pam_handle_t* pamh;
-  pam_userpass_t userpass;
-  struct pam_conv conv = {pam_userpass_conv, &userpass};
-  const void* template1;
-  int status;
-
-  userpass.user = user;
-  userpass.pass = pass;
-  if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
-  {
-    return 0;
-  }
-  status = pam_authenticate(pamh, 0);
-  if (status != PAM_SUCCESS)
-  {
-    pam_end(pamh, status);
-    return 0;
-  }
-  status = pam_acct_mgmt(pamh, 0);
-  if (status != PAM_SUCCESS)
-  {
-    pam_end(pamh, status);
-    return 0;
-  }
-  status = pam_get_item(pamh, PAM_USER, &template1);
-  if (status != PAM_SUCCESS)
-  {
-    pam_end(pamh, status);
-    return 0;
-  }
-  if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
-  {
-    return 0;
-  }
-  return 1;
-}
-
 /******************************************************************************/
 void cterm(int s)
 {
@ -503,7 +460,7 @@ start session\n");
                  in_uint16_be(in_s, height);
                  in_uint16_be(in_s, bpp);
                  //g_printf("%d %d %d\n", width, height, bpp);
-                  ok = auth_pam_userpass(user, pass);
+                  ok = auth_userpass(user, pass);
                  display = 0;
                  if (ok)
                  {
--- a/sesman/verify_user.c
+++ b/sesman/verify_user.c
@ -0,0 +1,137 @@
+/*
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+   xrdp: A Remote Desktop Protocol server.
+   Copyright (C) Jay Sorg 2005
+
+   authenticate user
+
+*/
+
+#ifdef USE_PAM
+
+#include <security/pam_userpass.h>
+
+#define SERVICE "xrdp"
+
+/******************************************************************************/
+/* returns boolean */
+int auth_userpass(char* user, char* pass)
+{
+  pam_handle_t* pamh;
+  pam_userpass_t userpass;
+  struct pam_conv conv = {pam_userpass_conv, &userpass};
+  const void* template1;
+  int status;
+
+  userpass.user = user;
+  userpass.pass = pass;
+  if (pam_start(SERVICE, user, &conv, &pamh) != PAM_SUCCESS)
+  {
+    return 0;
+  }
+  status = pam_authenticate(pamh, 0);
+  if (status != PAM_SUCCESS)
+  {
+    pam_end(pamh, status);
+    return 0;
+  }
+  status = pam_acct_mgmt(pamh, 0);
+  if (status != PAM_SUCCESS)
+  {
+    pam_end(pamh, status);
+    return 0;
+  }
+  status = pam_get_item(pamh, PAM_USER, &template1);
+  if (status != PAM_SUCCESS)
+  {
+    pam_end(pamh, status);
+    return 0;
+  }
+  if (pam_end(pamh, PAM_SUCCESS) != PAM_SUCCESS)
+  {
+    return 0;
+  }
+  return 1;
+}
+
+#else
+
+#define _XOPEN_SOURCE
+#include <unistd.h>
+#include <string.h>
+#include <shadow.h>
+#include <pwd.h>
+
+/******************************************************************************/
+/* returns boolean */
+int auth_userpass(char* user, char* pass)
+{
+  char salt[13] = "$1$";
+  char hash[35] = "";
+  char* encr = 0;
+  struct passwd* spw;
+  struct spwd* stp;
+  int saltcnt = 0;
+
+  spw = getpwnam(user);
+  if (spw == 0)
+  {
+    return 0;
+  }
+  if (strncmp(spw->pw_passwd, "x", 3) == 0)
+  {
+    /* the system is using shadow */
+    stp = getspnam(user);
+    if (stp == 0)
+    {
+      return 0;
+    }
+    strncpy(hash, stp->sp_pwdp, 34);
+  }
+  else
+  {
+    /* old system with only passwd */
+    strncpy(hash, spw->pw_passwd, 34);
+  }
+  hash[34] = '\0';
+  if (strncmp(hash, "$1$", 3) == 0)
+  {
+    /* gnu style crypt(); */
+    saltcnt = 3;
+    while ((hash[saltcnt] != '$') && (saltcnt < 11))
+    {
+      salt[saltcnt] = hash[saltcnt];
+      saltcnt++;
+    }
+    salt[saltcnt] = '$';
+    salt[saltcnt + 1] = '\0';
+  }
+  else
+  {
+    /* classic two char salt */
+    salt[0] = hash[0];
+    salt[1] = hash[1];
+    salt[2] = '\0';
+  }
+  encr = crypt(pass,salt);
+  if (strncmp(encr, hash, 34) != 0)
+  {
+    return 0;
+  }
+  return 1;
+}
+
+#endif