diff options
| author | Laxmikant Rashinkar <LK.Rashinkar@gmail.com> | 2013-03-18 19:44:53 -0700 |
|---|---|---|
| committer | Laxmikant Rashinkar <LK.Rashinkar@gmail.com> | 2013-03-18 19:44:53 -0700 |
| commit | 5d7ffc14314ff511b9c2777921339e6284a4e756 (patch) | |
| tree | 5da53440e3762c528293be7d2ccc3788e0738b78 | |
| parent | 5acc54cd1d1f84a6907102e3d133eb687b0eadad (diff) | |
| parent | 26f4502ebfa857e0dd3382c53b0fdbea13c635b2 (diff) | |
| download | xrdp-proprietary-5d7ffc14314ff511b9c2777921339e6284a4e756.tar.gz xrdp-proprietary-5d7ffc14314ff511b9c2777921339e6284a4e756.zip | |
Merge branch 'master' of github.com:FreeRDP/xrdp
| -rw-r--r-- | common/xrdp_client_info.h | 3 | ||||
| -rw-r--r-- | common/xrdp_constants.h | 1 | ||||
| -rw-r--r-- | configure.ac | 5 | ||||
| -rw-r--r-- | libxrdp/libxrdp.c | 91 | ||||
| -rw-r--r-- | libxrdp/libxrdpinc.h | 2 | ||||
| -rw-r--r-- | libxrdp/xrdp_rdp.c | 19 | ||||
| -rw-r--r-- | sesman/chansrv/chansrv_fuse.c | 11 | ||||
| -rw-r--r-- | sesman/chansrv/devredir.h | 1 | ||||
| -rw-r--r-- | sesman/verify_user.c | 44 | ||||
| -rwxr-xr-x | xorg/X11R7.6/buildx.sh | 18 | ||||
| -rw-r--r-- | xrdp/Makefile.am | 1 | ||||
| -rw-r--r-- | xrdp/xrdp.h | 2 | ||||
| -rw-r--r-- | xrdp/xrdp_cache.c | 11 | ||||
| -rw-r--r-- | xrdp/xrdp_mm.c | 344 | ||||
| -rw-r--r-- | xrdp/xrdp_types.h | 3 | ||||
| -rw-r--r-- | xrdp/xrdp_wm.c | 19 |
16 files changed, 335 insertions, 240 deletions
diff --git a/common/xrdp_client_info.h b/common/xrdp_client_info.h index a364927d..61daea7a 100644 --- a/common/xrdp_client_info.h +++ b/common/xrdp_client_info.h @@ -1,7 +1,7 @@ /** * xrdp: A Remote Desktop Protocol server. * - * Copyright (C) Jay Sorg 2004-2012 + * Copyright (C) Jay Sorg 2004-2013 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -87,6 +87,7 @@ struct xrdp_client_info char jpeg_prop[64]; int v3_codec_id; int use_bulk_comp; + int pointer_flags; /* 0 color, 1 new */ }; #endif diff --git a/common/xrdp_constants.h b/common/xrdp_constants.h index 1aa18eb5..d6ea3a96 100644 --- a/common/xrdp_constants.h +++ b/common/xrdp_constants.h @@ -126,6 +126,7 @@ #define RDP_POINTER_MOVE 3 #define RDP_POINTER_COLOR 6 #define RDP_POINTER_CACHED 7 +#define RDP_POINTER_POINTER 8 #define RDP_NULL_POINTER 0 #define RDP_DEFAULT_POINTER 0x7F00 diff --git a/configure.ac b/configure.ac index 6dd4052e..d4315133 100644 --- a/configure.ac +++ b/configure.ac @@ -69,6 +69,11 @@ then fi fi +if test "x$enable_nopam" = "xyes" +then + AC_DEFINE([USE_NOPAM],1,[Disable PAM]) +fi + AS_IF( [test "x$enable_freerdp1" = "xyes"] , [PKG_CHECK_MODULES(FREERDP, freerdp >= 1.0.0)] ) # checking for libjpeg diff --git a/libxrdp/libxrdp.c b/libxrdp/libxrdp.c index d4c9d372..91ff1e35 100644 --- a/libxrdp/libxrdp.c +++ b/libxrdp/libxrdp.c @@ -417,44 +417,103 @@ libxrdp_send_bitmap(struct xrdp_session *session, int width, int height, /*****************************************************************************/ int EXPORT_CC libxrdp_send_pointer(struct xrdp_session *session, int cache_idx, - char *data, char *mask, int x, int y) + char *data, char *mask, int x, int y, int bpp) { struct stream *s; char *p; + tui16 *p16; + tui32 *p32; int i; int j; + int data_bytes; DEBUG(("libxrdp_send_pointer sending cursor")); + /* error check */ + if ((session->client_info->pointer_flags & 1) == 0) + { + if (bpp != 0) + { + g_writeln("libxrdp_send_pointer: error"); + return 1; + } + } + if ((bpp != 0) && (bpp == 15) && (bpp != 16) && + (bpp != 24) && (bpp != 32)) + { + g_writeln("libxrdp_send_pointer: error"); + return 1; + } make_stream(s); init_stream(s, 8192); xrdp_rdp_init_data((struct xrdp_rdp *)session->rdp, s); - out_uint16_le(s, RDP_POINTER_COLOR); - out_uint16_le(s, 0); /* pad */ + if (bpp == 0) + { + out_uint16_le(s, RDP_POINTER_COLOR); + out_uint16_le(s, 0); /* pad */ + data_bytes = 3072; + } + else + { + out_uint16_le(s, RDP_POINTER_POINTER); + out_uint16_le(s, 0); /* pad */ + out_uint16_le(s, bpp); + data_bytes = ((bpp + 7) / 8) * 32 * 32; + } out_uint16_le(s, cache_idx); /* cache_idx */ out_uint16_le(s, x); out_uint16_le(s, y); out_uint16_le(s, 32); out_uint16_le(s, 32); out_uint16_le(s, 128); - out_uint16_le(s, 3072); - p = data; + out_uint16_le(s, data_bytes); - for (i = 0; i < 32; i++) + switch (bpp) { - for (j = 0; j < 32; j++) - { - out_uint8(s, *p); - p++; - out_uint8(s, *p); - p++; - out_uint8(s, *p); - p++; - } + case 15: + case 16: + p16 = (tui16 *) data; + for (i = 0; i < 32; i++) + { + for (j = 0; j < 32; j++) + { + out_uint16_le(s, *p16); + p16++; + } + } + break; + case 0: + case 24: + p = data; + for (i = 0; i < 32; i++) + { + for (j = 0; j < 32; j++) + { + out_uint8(s, *p); + p++; + out_uint8(s, *p); + p++; + out_uint8(s, *p); + p++; + } + } + break; + case 32: + p32 = (tui32 *) data; + for (i = 0; i < 32; i++) + { + for (j = 0; j < 32; j++) + { + out_uint32_le(s, *p32); + p32++; + } + } + break; } out_uint8a(s, mask, 128); /* mask */ s_mark_end(s); - xrdp_rdp_send_data((struct xrdp_rdp *)session->rdp, s, RDP_DATA_PDU_POINTER); + xrdp_rdp_send_data((struct xrdp_rdp *)(session->rdp), s, + RDP_DATA_PDU_POINTER); free_stream(s); return 0; } diff --git a/libxrdp/libxrdpinc.h b/libxrdp/libxrdpinc.h index ebfc348c..9eac9733 100644 --- a/libxrdp/libxrdpinc.h +++ b/libxrdp/libxrdpinc.h @@ -91,7 +91,7 @@ libxrdp_send_bitmap(struct xrdp_session* session, int width, int height, int bpp, char* data, int x, int y, int cx, int cy); int DEFAULT_CC libxrdp_send_pointer(struct xrdp_session* session, int cache_idx, - char* data, char* mask, int x, int y); + char* data, char* mask, int x, int y, int bpp); int DEFAULT_CC libxrdp_set_pointer(struct xrdp_session* session, int cache_idx); int DEFAULT_CC diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 7136e36a..9f238378 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -1,7 +1,7 @@ /** * xrdp: A Remote Desktop Protocol server. * - * Copyright (C) Jay Sorg 2004-2012 + * Copyright (C) Jay Sorg 2004-2013 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -958,11 +958,26 @@ xrdp_process_capset_pointercache(struct xrdp_rdp *self, struct stream *s, int len) { int i; + int colorPointerFlag; - in_uint8s(s, 2); /* color pointer */ + in_uint16_le(s, colorPointerFlag); + self->client_info.pointer_flags = colorPointerFlag; in_uint16_le(s, i); i = MIN(i, 32); self->client_info.pointer_cache_entries = i; + if (colorPointerFlag & 1) + { + g_writeln("xrdp_process_capset_pointercache: client supports " + "new(color) cursor"); + in_uint16_le(s, i); + i = MIN(i, 32); + self->client_info.pointer_cache_entries = i; + } + else + { + g_writeln("xrdp_process_capset_pointercache: client does not support " + "new(color) cursor"); + } return 0; } diff --git a/sesman/chansrv/chansrv_fuse.c b/sesman/chansrv/chansrv_fuse.c index 9b16c9a3..27ce7573 100644 --- a/sesman/chansrv/chansrv_fuse.c +++ b/sesman/chansrv/chansrv_fuse.c @@ -52,7 +52,12 @@ char g_fuse_root_path[256] = ""; ** ** ******************************************************************************/ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + #include "arch.h" +#include "chansrv_fuse.h" /* dummy calls when XRDP_FUSE is not defined */ int xfuse_init() {} @@ -63,6 +68,12 @@ int xfuse_clear_clip_dir(void) {} int xfuse_file_contents_range(int stream_id, char *data, int data_bytes) {} int xfuse_file_contents_size(int stream_id, int file_size) {} int xfuse_add_clip_dir_item(char *filename, int flags, int size, int lindex) {} +int xfuse_create_share(tui32 device_id, char *dirname) {} +void xfuse_devredir_cb_open_file(void *vp, tui32 DeviceId, tui32 FileId) {} +void xfuse_devredir_cb_write_file(void *vp, char *buf, size_t length) {} +void xfuse_devredir_cb_read_file(void *vp, char *buf, size_t length) {} +void xfuse_devredir_cb_enum_dir(void *vp, struct xrdp_inode *xinode) {} +void xfuse_devredir_cb_enum_dir_done(void *vp, tui32 IoStatus) {} #else diff --git a/sesman/chansrv/devredir.h b/sesman/chansrv/devredir.h index 74615973..a4699dcd 100644 --- a/sesman/chansrv/devredir.h +++ b/sesman/chansrv/devredir.h @@ -27,6 +27,7 @@ #include <unistd.h> #include <stdlib.h> #include <sys/types.h> +#include <sys/stat.h> #include <fcntl.h> #include <string.h> diff --git a/sesman/verify_user.c b/sesman/verify_user.c index 5bd89c73..85e614d3 100644 --- a/sesman/verify_user.c +++ b/sesman/verify_user.c @@ -50,12 +50,9 @@ auth_account_disabled(struct spwd *stp); long DEFAULT_CC auth_userpass(char *user, char *pass, int *errorcode) { - char salt[13] = "$1$"; - char hash[35] = ""; - char *encr = 0; + const char *encr; struct passwd *spw; struct spwd *stp; - int saltcnt = 0; spw = getpwnam(user); @@ -76,50 +73,19 @@ auth_userpass(char *user, char *pass, int *errorcode) if (1 == auth_account_disabled(stp)) { - log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user); + log_message(LOG_LEVEL_INFO, "account %s is disabled", user); return 0; } - g_strncpy(hash, stp->sp_pwdp, 34); + encr = stp->sp_pwdp; } else { /* old system with only passwd */ - g_strncpy(hash, spw->pw_passwd, 34); - } - - hash[34] = '\0'; - - if (g_strncmp(hash, "$1$", 3) == 0) - { - /* gnu style crypt(); */ - saltcnt = 3; - - while ((hash[saltcnt] != '$') && (saltcnt < 11)) - { - salt[saltcnt] = hash[saltcnt]; - saltcnt++; - } - - salt[saltcnt] = '$'; - salt[saltcnt + 1] = '\0'; - } - else - { - /* classic two char salt */ - salt[0] = hash[0]; - salt[1] = hash[1]; - salt[2] = '\0'; - } - - encr = crypt(pass, salt); - - if (g_strncmp(encr, hash, 34) != 0) - { - return 0; + encr = spw->pw_passwd; } - return 1; + return (strcmp(encr, crypt(pass, encr)) == 0); } /******************************************************************************/ diff --git a/xorg/X11R7.6/buildx.sh b/xorg/X11R7.6/buildx.sh index 5a593f1a..6108707a 100755 --- a/xorg/X11R7.6/buildx.sh +++ b/xorg/X11R7.6/buildx.sh @@ -35,7 +35,23 @@ download_file() cd downloads echo "downloading file $file" - if [ "$file" = "pixman-0.15.20.tar.bz2" ]; then + + if [ "$file" = "libpthread-stubs-0.3.tar.bz2" ]; then + wget -cq http://xcb.freedesktop.org/dist/$file + status=$? + cd .. + return $status + elif [ "$file" = "libxcb-1.7.tar.bz2" ]; then + wget -cq http://xcb.freedesktop.org/dist/$file + status=$? + cd .. + return $status + elif [ "$file" = "xcb-proto-1.6.tar.bz2" ]; then + wget -cq http://xcb.freedesktop.org/dist/$file + status=$? + cd .. + return $status + elif [ "$file" = "pixman-0.15.20.tar.bz2" ]; then wget -cq http://ftp.x.org/pub/individual/lib/$file status=$? cd .. diff --git a/xrdp/Makefile.am b/xrdp/Makefile.am index b755bbeb..25ab3eed 100644 --- a/xrdp/Makefile.am +++ b/xrdp/Makefile.am @@ -14,6 +14,7 @@ AM_CFLAGS = \ $(EXTRA_DEFINES) INCLUDES = \ + -I$(top_builddir) \ -I$(top_srcdir)/common \ -I$(top_srcdir)/libxrdp diff --git a/xrdp/xrdp.h b/xrdp/xrdp.h index a98acb16..123551fa 100644 --- a/xrdp/xrdp.h +++ b/xrdp/xrdp.h @@ -126,7 +126,7 @@ int APP_CC xrdp_wm_pu(struct xrdp_wm* self, struct xrdp_bitmap* control); int APP_CC xrdp_wm_send_pointer(struct xrdp_wm* self, int cache_idx, - char* data, char* mask, int x, int y); + char* data, char* mask, int x, int y, int bpp); int APP_CC xrdp_wm_pointer(struct xrdp_wm* self, char* data, char* mask, int x, int y); int diff --git a/xrdp/xrdp_cache.c b/xrdp/xrdp_cache.c index 2c6f901a..50e1fa30 100644 --- a/xrdp/xrdp_cache.c +++ b/xrdp/xrdp_cache.c @@ -475,9 +475,10 @@ xrdp_cache_add_pointer(struct xrdp_cache *self, if (self->pointer_items[i].x == pointer_item->x && self->pointer_items[i].y == pointer_item->y && g_memcmp(self->pointer_items[i].data, - pointer_item->data, 32 * 32 * 3) == 0 && + pointer_item->data, 32 * 32 * 4) == 0 && g_memcmp(self->pointer_items[i].mask, - pointer_item->mask, 32 * 32 / 8) == 0) + pointer_item->mask, 32 * 32 / 8) == 0 && + self->pointer_items[i].bpp == pointer_item->bpp) { self->pointer_items[i].stamp = self->pointer_stamp; xrdp_wm_set_pointer(self->wm, i); @@ -511,7 +512,8 @@ xrdp_cache_add_pointer(struct xrdp_cache *self, self->pointer_items[index].data, self->pointer_items[index].mask, self->pointer_items[index].x, - self->pointer_items[index].y); + self->pointer_items[index].y, + self->pointer_items[index].bpp); self->wm->current_pointer = index; DEBUG(("adding pointer at %d", index)); return index; @@ -541,7 +543,8 @@ xrdp_cache_add_pointer_static(struct xrdp_cache *self, self->pointer_items[index].data, self->pointer_items[index].mask, self->pointer_items[index].x, - self->pointer_items[index].y); + self->pointer_items[index].y, + self->pointer_items[index].bpp); self->wm->current_pointer = index; DEBUG(("adding pointer at %d", index)); return index; diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c index 1f5acaaf..6c01c85c 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c @@ -17,12 +17,15 @@ * * module manager */ +#include <config_ac.h> #define ACCESS #include "xrdp.h" #include "log.h" #ifdef ACCESS +#ifndef USE_NOPAM #include "security/_pam_types.h" #endif +#endif /*****************************************************************************/ struct xrdp_mm *APP_CC @@ -822,7 +825,7 @@ xrdp_mm_connect_chansrv(struct xrdp_mm *self, char *ip, char *port) if (!(self->chan_trans_up)) { log_message(LOG_LEVEL_ERROR,"xrdp_mm_connect_chansrv: error in" - "trans_connect chan"); + "trans_connect chan"); } if (self->chan_trans_up) @@ -835,7 +838,7 @@ xrdp_mm_connect_chansrv(struct xrdp_mm *self, char *ip, char *port) else { log_message(LOG_LEVEL_DEBUG,"xrdp_mm_connect_chansrv: chansrv" - "connect successful"); + "connect successful"); } } @@ -1071,9 +1074,11 @@ xrdp_mm_sesman_data_in(struct trans *trans) } #ifdef ACCESS +#ifndef USE_NOPAM /*********************************************************************/ /* return 0 on success */ -int access_control(char *username, char *password, char *srv) +static int APP_CC +access_control(char *username, char *password, char *srv) { int reply; int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */ @@ -1183,12 +1188,14 @@ int access_control(char *username, char *password, char *srv) return rec; } #endif +#endif /*****************************************************************************/ /* This routine clears all states to make sure that our next login will be * as expected. If the user does not press ok on the log window and try to * connect again we must make sure that no previous information is stored.*/ -void cleanup_states(struct xrdp_mm *self) +static void APP_CC +cleanup_states(struct xrdp_mm *self) { if (self != NULL) { @@ -1205,134 +1212,134 @@ void cleanup_states(struct xrdp_mm *self) self-> usechansrv = 0; /* true if chansrvport is set in xrdp.ini or using sesman */ } } + #ifdef ACCESS -const char *getPAMError(const int pamError) -{ - switch(pamError){ - case PAM_SUCCESS: - return "Success"; - case PAM_OPEN_ERR: - return "dlopen() failure"; - case PAM_SYMBOL_ERR: - return "Symbol not found"; - case PAM_SERVICE_ERR: - return "Error in service module"; - case PAM_SYSTEM_ERR: - return "System error"; - case PAM_BUF_ERR: - return "Memory buffer error"; - case PAM_PERM_DENIED: - return "Permission denied"; - case PAM_AUTH_ERR: - return "Authentication failure"; - case PAM_CRED_INSUFFICIENT: - return "Insufficient credentials to access authentication data"; - case PAM_AUTHINFO_UNAVAIL: - return "Authentication service cannot retrieve authentication info."; - case PAM_USER_UNKNOWN: - return "User not known to the underlying authentication module"; - case PAM_MAXTRIES: - return "Have exhasted maximum number of retries for service."; - case PAM_NEW_AUTHTOK_REQD: - return "Authentication token is no longer valid; new one required."; - case PAM_ACCT_EXPIRED: - return "User account has expired"; - case PAM_CRED_UNAVAIL: - return "Authentication service cannot retrieve user credentials"; - case PAM_CRED_EXPIRED: - return "User credentials expired"; - case PAM_CRED_ERR: - return "Failure setting user credentials"; - case PAM_NO_MODULE_DATA: - return "No module specific data is present"; - case PAM_BAD_ITEM: - return "Bad item passed to pam_*_item()"; - case PAM_CONV_ERR: - return "Conversation error"; - case PAM_AUTHTOK_ERR: - return "Authentication token manipulation error"; - case PAM_AUTHTOK_LOCK_BUSY: - return "Authentication token lock busy"; - case PAM_AUTHTOK_DISABLE_AGING: - return "Authentication token aging disabled"; - case PAM_TRY_AGAIN: - return "Failed preliminary check by password service"; - case PAM_IGNORE: - return "Please ignore underlying account module"; - case PAM_MODULE_UNKNOWN: - return "Module is unknown"; - case PAM_AUTHTOK_EXPIRED: - return "Authentication token expired"; - case PAM_CONV_AGAIN: - return "Conversation is waiting for event"; - case PAM_INCOMPLETE: - return "Application needs to call libpam again"; - case 32+1: - return "Error connecting to PAM"; - case 32+3: - return "Username okey but group problem"; - default:{ - char replytxt[80]; - g_sprintf(replytxt,"Not defined PAM error:%d",pamError); - return replytxt ; - } - - } - -} - -const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self) -{ - switch(pamError){ - case PAM_SUCCESS: - return NULL; - case PAM_OPEN_ERR: - case PAM_SYMBOL_ERR: - case PAM_SERVICE_ERR: - case PAM_SYSTEM_ERR: - case PAM_BUF_ERR: - case PAM_PERM_DENIED: - case PAM_AUTH_ERR: - case PAM_CRED_INSUFFICIENT: - case PAM_AUTHINFO_UNAVAIL: - case PAM_USER_UNKNOWN: - case PAM_CRED_UNAVAIL: - case PAM_CRED_ERR: - case PAM_NO_MODULE_DATA: - case PAM_BAD_ITEM: - case PAM_CONV_ERR: - case PAM_AUTHTOK_ERR: - case PAM_AUTHTOK_LOCK_BUSY: - case PAM_AUTHTOK_DISABLE_AGING: - case PAM_TRY_AGAIN: - case PAM_IGNORE: - case PAM_MODULE_UNKNOWN: - case PAM_CONV_AGAIN: - case PAM_INCOMPLETE: - case _PAM_RETURN_VALUES+1: - case _PAM_RETURN_VALUES+3: +#ifndef USE_NOPAM +static const char * APP_CC +getPAMError(const int pamError, char *text, int text_bytes) +{ + switch (pamError) + { + case PAM_SUCCESS: + return "Success"; + case PAM_OPEN_ERR: + return "dlopen() failure"; + case PAM_SYMBOL_ERR: + return "Symbol not found"; + case PAM_SERVICE_ERR: + return "Error in service module"; + case PAM_SYSTEM_ERR: + return "System error"; + case PAM_BUF_ERR: + return "Memory buffer error"; + case PAM_PERM_DENIED: + return "Permission denied"; + case PAM_AUTH_ERR: + return "Authentication failure"; + case PAM_CRED_INSUFFICIENT: + return "Insufficient credentials to access authentication data"; + case PAM_AUTHINFO_UNAVAIL: + return "Authentication service cannot retrieve authentication info."; + case PAM_USER_UNKNOWN: + return "User not known to the underlying authentication module"; + case PAM_MAXTRIES: + return "Have exhasted maximum number of retries for service."; + case PAM_NEW_AUTHTOK_REQD: + return "Authentication token is no longer valid; new one required."; + case PAM_ACCT_EXPIRED: + return "User account has expired"; + case PAM_CRED_UNAVAIL: + return "Authentication service cannot retrieve user credentials"; + case PAM_CRED_EXPIRED: + return "User credentials expired"; + case PAM_CRED_ERR: + return "Failure setting user credentials"; + case PAM_NO_MODULE_DATA: + return "No module specific data is present"; + case PAM_BAD_ITEM: + return "Bad item passed to pam_*_item()"; + case PAM_CONV_ERR: + return "Conversation error"; + case PAM_AUTHTOK_ERR: + return "Authentication token manipulation error"; + case PAM_AUTHTOK_LOCK_BUSY: + return "Authentication token lock busy"; + case PAM_AUTHTOK_DISABLE_AGING: + return "Authentication token aging disabled"; + case PAM_TRY_AGAIN: + return "Failed preliminary check by password service"; + case PAM_IGNORE: + return "Please ignore underlying account module"; + case PAM_MODULE_UNKNOWN: + return "Module is unknown"; + case PAM_AUTHTOK_EXPIRED: + return "Authentication token expired"; + case PAM_CONV_AGAIN: + return "Conversation is waiting for event"; + case PAM_INCOMPLETE: + return "Application needs to call libpam again"; + case 32 + 1: + return "Error connecting to PAM"; + case 32 + 3: + return "Username okey but group problem"; + default: + g_snprintf(text, text_bytes, "Not defined PAM error:%d", pamError); + return text; + } +} + +static const char * APP_CC +getPAMAdditionalErrorInfo(const int pamError, struct xrdp_mm *self) +{ + switch (pamError) + { + case PAM_SUCCESS: return NULL; - case PAM_MAXTRIES: - case PAM_NEW_AUTHTOK_REQD: - case PAM_ACCT_EXPIRED: - case PAM_CRED_EXPIRED: - case PAM_AUTHTOK_EXPIRED: - if(self->wm->pamerrortxt[0]) - { - return self->wm->pamerrortxt; - } - else - { - return "Authentication error - Verify that user/password is valid "; - } - default:{ - return "No expected error" ; - } - - } - + case PAM_OPEN_ERR: + case PAM_SYMBOL_ERR: + case PAM_SERVICE_ERR: + case PAM_SYSTEM_ERR: + case PAM_BUF_ERR: + case PAM_PERM_DENIED: + case PAM_AUTH_ERR: + case PAM_CRED_INSUFFICIENT: + case PAM_AUTHINFO_UNAVAIL: + case PAM_USER_UNKNOWN: + case PAM_CRED_UNAVAIL: + case PAM_CRED_ERR: + case PAM_NO_MODULE_DATA: + case PAM_BAD_ITEM: + case PAM_CONV_ERR: + case PAM_AUTHTOK_ERR: + case PAM_AUTHTOK_LOCK_BUSY: + case PAM_AUTHTOK_DISABLE_AGING: + case PAM_TRY_AGAIN: + case PAM_IGNORE: + case PAM_MODULE_UNKNOWN: + case PAM_CONV_AGAIN: + case PAM_INCOMPLETE: + case _PAM_RETURN_VALUES + 1: + case _PAM_RETURN_VALUES + 3: + return NULL; + case PAM_MAXTRIES: + case PAM_NEW_AUTHTOK_REQD: + case PAM_ACCT_EXPIRED: + case PAM_CRED_EXPIRED: + case PAM_AUTHTOK_EXPIRED: + if (self->wm->pamerrortxt[0]) + { + return self->wm->pamerrortxt; + } + else + { + return "Authentication error - Verify that user/password is valid"; + } + default: + return "No expected error"; + } } #endif +#endif /*****************************************************************************/ int APP_CC xrdp_mm_connect(struct xrdp_mm *self) @@ -1351,10 +1358,12 @@ xrdp_mm_connect(struct xrdp_mm *self) char port[8]; char chansrvport[256]; #ifdef ACCESS +#ifndef USE_NOPAM int use_pam_auth = 0; char pam_auth_sessionIP[256]; char pam_auth_password[256]; char pam_auth_username[256]; +#endif char username[256]; char password[256]; username[0] = 0; @@ -1390,6 +1399,7 @@ xrdp_mm_connect(struct xrdp_mm *self) } #ifdef ACCESS +#ifndef USE_NOPAM else if (g_strcasecmp(name, "pamusername") == 0) { use_pam_auth = 1; @@ -1403,6 +1413,7 @@ xrdp_mm_connect(struct xrdp_mm *self) { g_strncpy(pam_auth_password, value, 255); } +#endif else if (g_strcasecmp(name, "password") == 0) { g_strncpy(password, value, 255); @@ -1421,12 +1432,13 @@ xrdp_mm_connect(struct xrdp_mm *self) } #ifdef ACCESS - +#ifndef USE_NOPAM if (use_pam_auth) { int reply; - char replytxt[80]; - char *additionalError; + char replytxt[128]; + char pam_error[128]; + const char *additionalError; xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control..."); /* g_writeln("we use pam modules to check if we can approve this user"); */ @@ -1444,17 +1456,19 @@ xrdp_mm_connect(struct xrdp_mm *self) /* access_control return 0 on success */ reply = access_control(pam_auth_username, pam_auth_password, pam_auth_sessionIP); - - g_sprintf(replytxt, "Reply from access control: %s", getPAMError(reply)); + + g_sprintf(replytxt, "Reply from access control: %s", + getPAMError(reply, pam_error, 127)); xrdp_wm_log_msg(self->wm, replytxt); log_message(LOG_LEVEL_INFO, replytxt); - additionalError = getPAMAdditionalErrorInfo(reply,self); - if(additionalError) + additionalError = getPAMAdditionalErrorInfo(reply, self); + if (additionalError) { - if(additionalError[0]) + g_snprintf(replytxt, 127, "%s", additionalError); + if (replytxt[0]) { - xrdp_wm_log_msg(self->wm,additionalError); + xrdp_wm_log_msg(self->wm, replytxt); } } @@ -1464,7 +1478,7 @@ xrdp_mm_connect(struct xrdp_mm *self) return rv; } } - +#endif #endif if (self->sesman_controlled) @@ -2112,6 +2126,28 @@ int read_allowed_channel_names(struct list *names, struct list *values) return ret; } +/* internal function return -1 if name is not in list + * otherwise return the index 0->count-1*/ +int DEFAULT_CC +find_name_in_lists(char *inName, struct list *names) +{ + int reply = -1; /*means not in the list*/ + int index; + char *name; + + for (index = 0; index < names->count; index++) + { + name = (char *)list_get_item(names, index); + if ( (name != 0) && (g_strncmp(name, inName, MAX_CHANNEL_NAME) == 0) ) + { + reply = index; + break; /* stop loop - item found*/ + } + } + + return reply; +} + #define CHANNEL_NAME_PREFIX "channel." /* update the channel lists from connection specific overrides * return 1 on success 0 on failure */ @@ -2126,7 +2162,7 @@ int update_allowed_channel_names(struct xrdp_wm *wm, struct list *names, struct for (index = 0; index < wm->mm->login_names->count; index++) { name = (char *)list_get_item(wm->mm->login_names, index); - if ( (name != 0) && (g_strncmp( name, CHANNEL_NAME_PREFIX, g_strlen(CHANNEL_NAME_PREFIX)) == 0 ) ) + if ( (name != 0) && (g_strncmp( name, CHANNEL_NAME_PREFIX, g_strlen(CHANNEL_NAME_PREFIX)) == 0 ) ) { name += g_strlen(CHANNEL_NAME_PREFIX); // locate and remove from list @@ -2145,28 +2181,6 @@ int update_allowed_channel_names(struct xrdp_wm *wm, struct list *names, struct return ret; } -/* internal function return -1 if name is not in list - * otherwise return the index 0->count-1*/ -int DEFAULT_CC -find_name_in_lists(char *inName, struct list *names) -{ - int reply = -1; /*means not in the list*/ - int index; - char *name; - - for (index = 0; index < names->count; index++) - { - name = (char *)list_get_item(names, index); - if ( (name != 0) && (g_strncmp(name, inName, MAX_CHANNEL_NAME) == 0) ) - { - reply = index; - break; /* stop loop - item found*/ - } - } - - return reply; -} - /* internal function return 1 if name is in list of channels * and if the value is allowed */ int DEFAULT_CC @@ -2174,7 +2188,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values) { int reply = 0; /*means not in the list*/ int index; - char *val; + char *val; index = find_name_in_lists(inName, names); if ( index >= 0 ) @@ -2189,7 +2203,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values) else { log_message(LOG_LEVEL_INFO,"This channel is disabled (not in List): %s", inName); - } + } return reply; } @@ -2215,7 +2229,7 @@ void init_channel_allowed(struct xrdp_wm *wm) names = list_create(); values = list_create(); - /* You can override the list of allowed channels individually for each + /* You can override the list of allowed channels individually for each * session type. */ if ( read_allowed_channel_names(names, values) && update_allowed_channel_names(wm, names, values) ) @@ -2291,7 +2305,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id) break; } } - + return reply; } diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h index d99dced9..a4b4bc7a 100644 --- a/xrdp/xrdp_types.h +++ b/xrdp/xrdp_types.h @@ -170,8 +170,9 @@ struct xrdp_pointer_item int stamp; int x; /* hotspot */ int y; - char data[32 * 32 * 3]; + char data[32 * 32 * 4]; char mask[32 * 32 / 8]; + int bpp; }; struct xrdp_brush_item diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c index ea7e286a..0aa0beed 100644 --- a/xrdp/xrdp_wm.c +++ b/xrdp/xrdp_wm.c @@ -292,9 +292,10 @@ xrdp_wm_load_pointer(struct xrdp_wm *self, char *file_name, char *data, /*****************************************************************************/ int APP_CC xrdp_wm_send_pointer(struct xrdp_wm *self, int cache_idx, - char *data, char *mask, int x, int y) + char *data, char *mask, int x, int y, int bpp) { - return libxrdp_send_pointer(self->session, cache_idx, data, mask, x, y); + return libxrdp_send_pointer(self->session, cache_idx, data, mask, + x, y, bpp); } /*****************************************************************************/ @@ -541,13 +542,13 @@ xrdp_wm_init(struct xrdp_wm *self) names->auto_free = 1; values = list_create(); values->auto_free = 1; - /* domain names that starts with '_' are reserved for IP/DNS to simplify - * for the user in a gateway setup */ - if(self->session->client_info->domain[0]!='_') - { - g_strncpy(section_name, self->session->client_info->domain, 255); - } - + /* domain names that starts with '_' are reserved for IP/DNS to + * simplify for the user in a gateway setup */ + if (self->session->client_info->domain[0] != '_') + { + g_strncpy(section_name, self->session->client_info->domain, + 255); + } if (section_name[0] == 0) { if (autorun_name[0] == 0) |