diff options
| author | ArvidNorr <norrarvid@gmail.com> | 2013-01-31 15:19:58 +0100 |
|---|---|---|
| committer | ArvidNorr <norrarvid@gmail.com> | 2013-01-31 15:19:58 +0100 |
| commit | 876f356dad387d3d9b1a8382c0115857ca605e54 (patch) | |
| tree | a05629ec327bfcf56841609c66b992ddee9d77b1 /sesman | |
| parent | 0770f217fa314cd0ae2546e2b758fbbaa3e07e09 (diff) | |
| download | xrdp-proprietary-876f356dad387d3d9b1a8382c0115857ca605e54.tar.gz xrdp-proprietary-876f356dad387d3d9b1a8382c0115857ca605e54.zip | |
deny access if group is undefined
Diffstat (limited to 'sesman')
| -rw-r--r-- | sesman/access.c | 4 | ||||
| -rw-r--r-- | sesman/config.c | 7 | ||||
| -rw-r--r-- | sesman/config.h | 6 | ||||
| -rw-r--r-- | sesman/sesman.ini | 3 |
4 files changed, 17 insertions, 3 deletions
diff --git a/sesman/access.c b/sesman/access.c index 00c9c381..692575e5 100644 --- a/sesman/access.c +++ b/sesman/access.c @@ -42,7 +42,7 @@ access_login_allowed(char *user) return 0; } - if (0 == g_cfg->sec.ts_users_enable) + if ((0 == g_cfg->sec.ts_users_enable) && (0==g_cfg->sec.ts_always_group_check)) { LOG_DBG("Terminal Server Users group is disabled, allowing authentication", 1); @@ -57,7 +57,7 @@ access_login_allowed(char *user) if (g_cfg->sec.ts_users == gid) { - LOG_DBG("ts_users is user's primary group"); + log_message(LOG_LEVEL_DEBUG,"ts_users is user's primary group"); return 1; } diff --git a/sesman/config.c b/sesman/config.c index 9938249f..e2131c14 100644 --- a/sesman/config.c +++ b/sesman/config.c @@ -286,13 +286,18 @@ config_read_security(int file, struct config_security *sc, sc->ts_admins = gid; } } + if (0 == g_strcasecmp(buf, SESMAN_CFG_SEC_ALWAYSGROUPCHECK)) + { + sc->ts_always_group_check = text2bool((char *)list_get_item(param_v, i)); + } } /* printing security config */ g_printf("security configuration:\r\n"); g_printf("\tAllowRootLogin: %i\r\n", sc->allow_root); g_printf("\tMaxLoginRetry: %i\r\n", sc->login_retry); - + g_printf("\tAlwaysGroupCheck: %i\r\n", sc->ts_always_group_check); + if (sc->ts_users_enable) { g_printf("\tTSUsersGroup: %i\r\n", sc->ts_users); diff --git a/sesman/config.h b/sesman/config.h index 72c6cac4..263975b3 100644 --- a/sesman/config.h +++ b/sesman/config.h @@ -56,6 +56,7 @@ #define SESMAN_CFG_SEC_ALLOW_ROOT "AllowRootLogin" #define SESMAN_CFG_SEC_USR_GROUP "TerminalServerUsers" #define SESMAN_CFG_SEC_ADM_GROUP "TerminalServerAdmins" +#define SESMAN_CFG_SEC_ALWAYSGROUPCHECK "AlwaysGroupCheck" #define SESMAN_CFG_SESSIONS "Sessions" #define SESMAN_CFG_SESS_MAX "MaxSessions" @@ -93,6 +94,11 @@ struct config_security */ int ts_admins_enable; int ts_admins; + /** + * @var ts_always_group_check + * @brief if the Groups are not found deny access + */ + int ts_always_group_check; }; /** diff --git a/sesman/sesman.ini b/sesman/sesman.ini index f2a210a4..571e063b 100644 --- a/sesman/sesman.ini +++ b/sesman/sesman.ini @@ -10,6 +10,9 @@ AllowRootLogin=1 MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins +# When AlwaysGroupCheck = false access will be permitted +# if the group TerminalServerUsers is not defined. +AlwaysGroupCheck = false [Sessions] X11DisplayOffset=10 |