diff options
author | jsorg71 <jsorg71> | 2006-04-23 21:54:12 +0000 |
---|---|---|
committer | jsorg71 <jsorg71> | 2006-04-23 21:54:12 +0000 |
commit | b1b3ff9e7d31da5fbfeedd3df8e40be240112f9c (patch) | |
tree | 496b7bfa37e3a6872b9fe34c412c4b4c5d17640e /sesman/access.c | |
parent | 2990d6daa742e4cf6ef3aa47a418d62340f031d9 (diff) | |
download | xrdp-proprietary-b1b3ff9e7d31da5fbfeedd3df8e40be240112f9c.tar.gz xrdp-proprietary-b1b3ff9e7d31da5fbfeedd3df8e40be240112f9c.zip |
year update and moved some stuff to os_calls.c
Diffstat (limited to 'sesman/access.c')
-rw-r--r-- | sesman/access.c | 61 |
1 files changed, 26 insertions, 35 deletions
diff --git a/sesman/access.c b/sesman/access.c index 96750c3f..bbb14fcc 100644 --- a/sesman/access.c +++ b/sesman/access.c @@ -14,7 +14,7 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. xrdp: A Remote Desktop Protocol server. - Copyright (C) Jay Sorg 2005 + Copyright (C) Jay Sorg 2005-2006 authenticate user @@ -22,63 +22,54 @@ #include "sesman.h" -#define _XOPEN_SOURCE -#include <sys/types.h> -#include <pwd.h> -#include <grp.h> - extern struct config_sesman g_cfg; /******************************************************************************/ +/* returns non zero if allowed */ int DEFAULT_CC access_login_allowed(char* user) { - int i; - struct group* groups; - struct passwd* pwd; + int gid; + int ok; - if ((0==g_strncmp(user, "root",5)) && (0==g_cfg.sec.allow_root)) + if ((0 == g_strncmp(user, "root", 5)) && (0 == g_cfg.sec.allow_root)) { - log_message(LOG_LEVEL_WARNING, "ROOT login attempted, but root login is disabled"); + log_message(LOG_LEVEL_WARNING, + "ROOT login attempted, but root login is disabled"); return 0; } - - if (0==g_cfg.sec.ts_users_enable) + + if (0 == g_cfg.sec.ts_users_enable) { - LOG_DBG("Terminal Server Users group is disabled, allowing authentication",1); + LOG_DBG("Terminal Server Users group is disabled, allowing authentication", + 1); return 1; } - - groups = getgrgid(g_cfg.sec.ts_users); - if (0==groups) - { - log_message(LOG_LEVEL_ERROR,"Cannot read group info! - login denied"); - return 0; - } - - pwd = getpwnam(user); - if (0==pwd) + if (0 != g_getuser_info(user, &gid, 0, 0, 0, 0)) { log_message(LOG_LEVEL_ERROR, "Cannot read user info! - login denied"); return 0; } - - if (g_cfg.sec.ts_users==pwd->pw_gid) + + if (g_cfg.sec.ts_users == gid) { - LOG_DBG("ts_users is user's primary group",1); + LOG_DBG("ts_users is user's primary group", 1); return 1; } - - i=0; - while (0!=groups->gr_mem[i]) + + if (0 != g_check_user_in_group(user, g_cfg.sec.ts_users, &ok)) + { + log_message(LOG_LEVEL_ERROR, "Cannot read group info! - login denied"); + return 0; + } + + if (ok) { - LOG_DBG("user: %s", groups->gr_mem[i]); - if (0==g_strcmp(groups->gr_mem[i], user)) return 1; - i++; + return 1; } - + log_message(LOG_LEVEL_INFO, "login denied for user %s", user); - + return 0; } |