diff options
Diffstat (limited to 'sesman/access.c')
| -rw-r--r-- | sesman/access.c | 205 |
1 files changed, 102 insertions, 103 deletions
diff --git a/sesman/access.c b/sesman/access.c index 0037de3f..00c9c381 100644 --- a/sesman/access.c +++ b/sesman/access.c @@ -1,21 +1,20 @@ -/* - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - xrdp: A Remote Desktop Protocol server. - Copyright (C) Jay Sorg 2005-2010 -*/ +/** + * xrdp: A Remote Desktop Protocol server. + * + * Copyright (C) Jay Sorg 2004-2012 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ /** * @@ -27,102 +26,102 @@ #include "sesman.h" -extern struct config_sesman* g_cfg; /* in sesman.c */ +extern struct config_sesman *g_cfg; /* in sesman.c */ /******************************************************************************/ int DEFAULT_CC -access_login_allowed(char* user) +access_login_allowed(char *user) { - int gid; - int ok; + int gid; + int ok; + + if ((0 == g_strncmp(user, "root", 5)) && (0 == g_cfg->sec.allow_root)) + { + log_message(LOG_LEVEL_WARNING, + "ROOT login attempted, but root login is disabled"); + return 0; + } + + if (0 == g_cfg->sec.ts_users_enable) + { + LOG_DBG("Terminal Server Users group is disabled, allowing authentication", + 1); + return 1; + } + + if (0 != g_getuser_info(user, &gid, 0, 0, 0, 0)) + { + log_message(LOG_LEVEL_ERROR, "Cannot read user info! - login denied"); + return 0; + } + + if (g_cfg->sec.ts_users == gid) + { + LOG_DBG("ts_users is user's primary group"); + return 1; + } + + if (0 != g_check_user_in_group(user, g_cfg->sec.ts_users, &ok)) + { + log_message(LOG_LEVEL_ERROR, "Cannot read group info! - login denied"); + return 0; + } + + if (ok) + { + return 1; + } + + log_message(LOG_LEVEL_INFO, "login denied for user %s", user); - if ((0 == g_strncmp(user, "root", 5)) && (0 == g_cfg->sec.allow_root)) - { - log_message(LOG_LEVEL_WARNING, - "ROOT login attempted, but root login is disabled"); return 0; - } - - if (0 == g_cfg->sec.ts_users_enable) - { - LOG_DBG("Terminal Server Users group is disabled, allowing authentication", - 1); - return 1; - } - - if (0 != g_getuser_info(user, &gid, 0, 0, 0, 0)) - { - log_message(LOG_LEVEL_ERROR, "Cannot read user info! - login denied"); - return 0; - } - - if (g_cfg->sec.ts_users == gid) - { - LOG_DBG("ts_users is user's primary group"); - return 1; - } - - if (0 != g_check_user_in_group(user, g_cfg->sec.ts_users, &ok)) - { - log_message(LOG_LEVEL_ERROR, "Cannot read group info! - login denied"); - return 0; - } - - if (ok) - { - return 1; - } - - log_message(LOG_LEVEL_INFO, "login denied for user %s", user); - - return 0; } /******************************************************************************/ int DEFAULT_CC -access_login_mng_allowed(char* user) +access_login_mng_allowed(char *user) { - int gid; - int ok; + int gid; + int ok; + + if ((0 == g_strncmp(user, "root", 5)) && (0 == g_cfg->sec.allow_root)) + { + log_message(LOG_LEVEL_WARNING, + "[MNG] ROOT login attempted, but root login is disabled"); + return 0; + } + + if (0 == g_cfg->sec.ts_admins_enable) + { + LOG_DBG("[MNG] Terminal Server Admin group is disabled," + "allowing authentication", 1); + return 1; + } + + if (0 != g_getuser_info(user, &gid, 0, 0, 0, 0)) + { + log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read user info! - login denied"); + return 0; + } + + if (g_cfg->sec.ts_admins == gid) + { + LOG_DBG("[MNG] ts_users is user's primary group"); + return 1; + } + + if (0 != g_check_user_in_group(user, g_cfg->sec.ts_admins, &ok)) + { + log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read group info! - login denied"); + return 0; + } + + if (ok) + { + return 1; + } + + log_message(LOG_LEVEL_INFO, "[MNG] login denied for user %s", user); - if ((0 == g_strncmp(user, "root", 5)) && (0 == g_cfg->sec.allow_root)) - { - log_message(LOG_LEVEL_WARNING, - "[MNG] ROOT login attempted, but root login is disabled"); - return 0; - } - - if (0 == g_cfg->sec.ts_admins_enable) - { - LOG_DBG("[MNG] Terminal Server Admin group is disabled," - "allowing authentication",1); - return 1; - } - - if (0 != g_getuser_info(user, &gid, 0, 0, 0, 0)) - { - log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read user info! - login denied"); return 0; - } - - if (g_cfg->sec.ts_admins == gid) - { - LOG_DBG("[MNG] ts_users is user's primary group"); - return 1; - } - - if (0 != g_check_user_in_group(user, g_cfg->sec.ts_admins, &ok)) - { - log_message(LOG_LEVEL_ERROR, "[MNG] Cannot read group info! - login denied"); - return 0; - } - - if (ok) - { - return 1; - } - - log_message(LOG_LEVEL_INFO, "[MNG] login denied for user %s", user); - - return 0; } |