diff options
| -rw-r--r-- | configure.ac | 13 | ||||
| -rw-r--r-- | sesman/Makefile.am | 5 | ||||
| -rw-r--r-- | sesman/verify_user_bsd.c | 118 |
3 files changed, 133 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index c5d22ec0..e1a150e8 100644 --- a/configure.ac +++ b/configure.ac @@ -32,6 +32,10 @@ AM_CONDITIONAL(SESMAN_NOPAM, [test x$enable_pam != xyes]) AC_ARG_ENABLE(kerberos, AS_HELP_STRING([--enable-kerberos], [Build kerberos support (default: no)]), [], [enable_kerberos=no]) +AC_ARG_ENABLE(bsd, AS_HELP_STRING([--enable-bsd], + [Build BSD auth support (default: no)]), + [bsd=true], [bsd=false]) +AM_CONDITIONAL(SESMAN_BSD, [test x$bsd = xtrue]) AM_CONDITIONAL(SESMAN_KERBEROS, [test x$enable_kerberos = xyes]) AC_ARG_ENABLE(pamuserpass, AS_HELP_STRING([--enable-pamuserpass], [Build pam userpass support (default: no)]), @@ -78,8 +82,11 @@ if test "x$enable_pam" = "xyes" then if test "x$enable_kerberos" != "xyes" then - AC_CHECK_HEADER([security/pam_appl.h], [], - [AC_MSG_ERROR([please install libpam0g-dev or pam-devel])]) + if test -z "$enable_bsd" + then + AC_CHECK_HEADER([security/pam_appl.h], [], + [AC_MSG_ERROR([please install libpam0g-dev or pam-devel])]) + fi fi fi @@ -88,7 +95,7 @@ AC_CHECK_MEMBER([struct in6_addr.s6_addr], [AC_DEFINE(NO_ARPA_INET_H_IP6, 1, [for IPv6])], [#include <arpa/inet.h>]) -if test "x$enable_pam" != "xyes" +if test "x$enable_pam" != "xyes" || test "x$bsd" = "xtrue" then AC_DEFINE([USE_NOPAM],1,[Disable PAM]) fi diff --git a/sesman/Makefile.am b/sesman/Makefile.am index e4b63eb4..516639f4 100644 --- a/sesman/Makefile.am +++ b/sesman/Makefile.am @@ -14,6 +14,10 @@ if SESMAN_NOPAM AUTH_C = verify_user.c AUTH_LIB = -lcrypt else +if SESMAN_BSD +AUTH_C = verify_user_bsd.c +AUTH_LIB = +else if SESMAN_PAMUSERPASS AUTH_C = verify_user_pam_userpass.c AUTH_LIB = -lpam -lpam_userpass @@ -27,6 +31,7 @@ AUTH_LIB = -lpam endif endif endif +endif sbin_PROGRAMS = \ xrdp-sesman diff --git a/sesman/verify_user_bsd.c b/sesman/verify_user_bsd.c new file mode 100644 index 00000000..5d9d0e23 --- /dev/null +++ b/sesman/verify_user_bsd.c @@ -0,0 +1,118 @@ +/** + * xrdp: A Remote Desktop Protocol server. + * + * Copyright (C) Jay Sorg 2005-2014 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * + * @file verify_user_bsd.c + * @brief Authenticate user using BSD password system + * @author Renaud Allard + * + */ + +#include "sesman.h" + +#define _XOPEN_SOURCE +#include <stdio.h> +#include <sys/types.h> +#include <stdlib.h> +#include <unistd.h> +#include <time.h> +#include <login_cap.h> +#include <bsd_auth.h> + +#ifndef SECS_PER_DAY +#define SECS_PER_DAY (24L*3600L) +#endif + +extern struct config_sesman* g_cfg; /* in sesman.c */ + +/******************************************************************************/ +/* returns boolean */ +long DEFAULT_CC +auth_userpass(char *user, char *pass, int *errorcode) +{ + int ret = auth_userokay(user, NULL, "auth-xrdp", pass); + return ret; +} + +/******************************************************************************/ +/* returns error */ +int DEFAULT_CC +auth_start_session(long in_val, int in_display) +{ + return 0; +} + +/******************************************************************************/ +int DEFAULT_CC +auth_end(long in_val) +{ + return 0; +} + +/******************************************************************************/ +int DEFAULT_CC +auth_set_env(long in_val) +{ + return 0; +} + +/******************************************************************************/ +int DEFAULT_CC +auth_check_pwd_chg(char* user) +{ + return 0; +} + +int DEFAULT_CC +auth_change_pwd(char* user, char* newpwd) +{ + return 0; +} + +int DEFAULT_CC +auth_stop_session(long in_val) +{ + return 0; +} + +/** + * + * @brief Password encryption + * @param pwd Old password + * @param pln Plaintext new password + * @param crp Crypted new password + * + */ + +static int DEFAULT_CC +auth_crypt_pwd(char* pwd, char* pln, char* crp) +{ + return 0; +} + +/** + * + * @return 1 if the account is disabled, 0 otherwise + * + */ +static int DEFAULT_CC +auth_account_disabled(struct spwd* stp) +{ + return 0; +} |