uLab
/
xrdp-proprietary
mirror of https://mirror.git.trinitydesktop.org/gitea/uLab/xrdp-proprietary
0
0
Fork 0
Code Issues Releases Wiki Activity

deny access if group is undefined

Browse Source
ulab-next
ArvidNorr 12 years ago
parent 0770f217fa
commit 876f356dad
5 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File

4
sesman/access.c
Unescape View File

@ -42,7 +42,7 @@ access_login_allowed(char *user)
return 0; return 0;
} }
if (0 == g_cfg->sec.ts_users_enable) if ((0 == g_cfg->sec.ts_users_enable) && (0==g_cfg->sec.ts_always_group_check))
{ {
LOG_DBG("Terminal Server Users group is disabled, allowing authentication", LOG_DBG("Terminal Server Users group is disabled, allowing authentication",
1); 1);
@ -57,7 +57,7 @@ access_login_allowed(char *user)
if (g_cfg->sec.ts_users == gid) if (g_cfg->sec.ts_users == gid)
{ {
LOG_DBG("ts_users is user's primary group"); log_message(LOG_LEVEL_DEBUG,"ts_users is user's primary group");
return 1; return 1;
} }

5
sesman/config.c
Unescape View File

@ -286,12 +286,17 @@ config_read_security(int file, struct config_security *sc,
sc->ts_admins = gid; sc->ts_admins = gid;
} }
} }
if (0 == g_strcasecmp(buf, SESMAN_CFG_SEC_ALWAYSGROUPCHECK))
{
sc->ts_always_group_check = text2bool((char *)list_get_item(param_v, i));
}
} }
/* printing security config */ /* printing security config */
g_printf("security configuration:\r\n"); g_printf("security configuration:\r\n");
g_printf("\tAllowRootLogin: %i\r\n", sc->allow_root); g_printf("\tAllowRootLogin: %i\r\n", sc->allow_root);
g_printf("\tMaxLoginRetry: %i\r\n", sc->login_retry); g_printf("\tMaxLoginRetry: %i\r\n", sc->login_retry);
g_printf("\tAlwaysGroupCheck: %i\r\n", sc->ts_always_group_check);
if (sc->ts_users_enable) if (sc->ts_users_enable)
{ {

6
sesman/config.h
Unescape View File

@ -56,6 +56,7 @@
#define SESMAN_CFG_SEC_ALLOW_ROOT "AllowRootLogin" #define SESMAN_CFG_SEC_ALLOW_ROOT "AllowRootLogin"
#define SESMAN_CFG_SEC_USR_GROUP "TerminalServerUsers" #define SESMAN_CFG_SEC_USR_GROUP "TerminalServerUsers"
#define SESMAN_CFG_SEC_ADM_GROUP "TerminalServerAdmins" #define SESMAN_CFG_SEC_ADM_GROUP "TerminalServerAdmins"
#define SESMAN_CFG_SEC_ALWAYSGROUPCHECK "AlwaysGroupCheck"
#define SESMAN_CFG_SESSIONS "Sessions" #define SESMAN_CFG_SESSIONS "Sessions"
#define SESMAN_CFG_SESS_MAX "MaxSessions" #define SESMAN_CFG_SESS_MAX "MaxSessions"
@ -93,6 +94,11 @@ struct config_security
*/ */
int ts_admins_enable; int ts_admins_enable;
int ts_admins; int ts_admins;
/**
* @var ts_always_group_check
* @brief if the Groups are not found deny access
*/
int ts_always_group_check;
}; };
/** /**

3
sesman/sesman.ini
Unescape View File

@ -10,6 +10,9 @@ AllowRootLogin=1
MaxLoginRetry=4 MaxLoginRetry=4
TerminalServerUsers=tsusers TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins TerminalServerAdmins=tsadmins
# When AlwaysGroupCheck = false access will be permitted
# if the group TerminalServerUsers is not defined.
AlwaysGroupCheck = false
[Sessions] [Sessions]
X11DisplayOffset=10 X11DisplayOffset=10

2
xrdp/xrdp_wm.c
Unescape View File

@ -455,7 +455,7 @@ xrdp_wm_load_static_colors_plus(struct xrdp_wm *self, char *autorun_name)
else if (g_strcasecmp(val, "pamerrortxt") == 0) else if (g_strcasecmp(val, "pamerrortxt") == 0)
{ {
val = (char *)list_get_item(values, index); val = (char *)list_get_item(values, index);
g_strncpy(self->pamerrortxt,val,256); g_strncpy(self->pamerrortxt,val,255);
} }
} }
} }

Write Preview
Loading…
Cancel
Save