From 10fdc5c17f7aec2df8885d2cf7354f6681af76f6 Mon Sep 17 00:00:00 2001 From: norrarvid Date: Thu, 31 May 2012 16:57:17 +0200 Subject: separate pam authentication for gateways --- sesman/scp_v0.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'sesman/scp_v0.c') diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c index 0b4dc791..71b1ffad 100644 --- a/sesman/scp_v0.c +++ b/sesman/scp_v0.c @@ -38,9 +38,28 @@ scp_v0_process(struct SCP_CONNECTION* c, struct SCP_SESSION* s) struct session_item* s_item; data = auth_userpass(s->username, s->password); - - if (data) + if(s->type==SCP_GW_AUTHENTICATION) { + /* this is just authentication in a gateway situation */ + /* g_writeln("SCP_GW_AUTHENTICATION message received"); */ + if(data){ + if (1 == access_login_allowed(s->username)) + { + /* the user is member of the correct groups. */ + scp_v0s_replyauthentication(c,0); + /* g_writeln("Connection allowed"); */ + }else{ + scp_v0s_replyauthentication(c,3); + /* g_writeln("user password ok, but group problem"); */ + } + }else{ + /* g_writeln("username or password error"); */ + scp_v0s_replyauthentication(c,2); + } + auth_end(data); + } + else if (data) + { s_item = session_get_bydata(s->username, s->width, s->height, s->bpp, s->type); if (s_item != 0) { -- cgit v1.2.3 From 42edcbb6c193e5e825e7600a6784bd48fa9bf503 Mon Sep 17 00:00:00 2001 From: norrarvid Date: Thu, 7 Jun 2012 13:46:44 +0200 Subject: Improved logging --- sesman/libscp/libscp_v0.c | 4 ++-- sesman/scp_v0.c | 45 ++++++++++++++++++++++++++++++--------------- xrdp/xrdp_mm.c | 1 + 3 files changed, 33 insertions(+), 17 deletions(-) (limited to 'sesman/scp_v0.c') diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c index 32ef586f..f92383d4 100644 --- a/sesman/libscp/libscp_v0.c +++ b/sesman/libscp/libscp_v0.c @@ -283,7 +283,7 @@ scp_v0s_accept(struct SCP_CONNECTION* c, struct SCP_SESSION** s, int skipVchk) session = scp_session_create(); if (0 == session) { - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__);*/ + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: network error", __LINE__);*/ return SCP_SERVER_STATE_INTERNAL_ERR; } @@ -297,7 +297,7 @@ scp_v0s_accept(struct SCP_CONNECTION* c, struct SCP_SESSION** s, int skipVchk) if (0 != scp_session_set_username(session, buf)) { scp_session_destroy(session); - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ return SCP_SERVER_STATE_INTERNAL_ERR; } diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c index 75abb14a..b4e1a845 100644 --- a/sesman/scp_v0.c +++ b/sesman/scp_v0.c @@ -42,21 +42,32 @@ scp_v0_process(struct SCP_CONNECTION* c, struct SCP_SESSION* s) { /* this is just authentication in a gateway situation */ /* g_writeln("SCP_GW_AUTHENTICATION message received"); */ - if(data){ - if (1 == access_login_allowed(s->username)) - { + if(data) + { + if (1 == access_login_allowed(s->username)) + { /* the user is member of the correct groups. */ scp_v0s_replyauthentication(c,0); + log_message( LOG_LEVEL_INFO,"Access permitted for user: %s", + s->username); /* g_writeln("Connection allowed"); */ - }else{ - scp_v0s_replyauthentication(c,3); + } + else + { + scp_v0s_replyauthentication(c,3); + log_message( LOG_LEVEL_INFO,"Username okey but group problem for user: %s", + s->username); /* g_writeln("user password ok, but group problem"); */ - } - }else{ - /* g_writeln("username or password error"); */ - scp_v0s_replyauthentication(c,2); - } - auth_end(data); + } + } + else + { + /* g_writeln("username or password error"); */ + log_message( LOG_LEVEL_INFO,"Username or password error for user: %s", + s->username); + scp_v0s_replyauthentication(c,2); + } + auth_end(data); } else if (data) { @@ -66,11 +77,13 @@ scp_v0_process(struct SCP_CONNECTION* c, struct SCP_SESSION* s) display = s_item->display; if (0 != s->client_ip) { - log_message( LOG_LEVEL_INFO, "++ reconnected session: username %s, display :%d.0, session_pid %d, ip %s", s->username, display, s_item->pid, s->client_ip); + log_message( LOG_LEVEL_INFO, "++ reconnected session: username %s, display :%d.0, " + "session_pid %d, ip %s", s->username, display, s_item->pid, s->client_ip); } else { - log_message(LOG_LEVEL_INFO, "++ reconnected session: username %s, display :%d.0, session_pid %d", s->username, display, s_item->pid); + log_message(LOG_LEVEL_INFO, "++ reconnected session: username %s, display :%d.0, " + "session_pid %d", s->username, display, s_item->pid); } auth_end(data); /* don't set data to null here */ @@ -82,11 +95,13 @@ scp_v0_process(struct SCP_CONNECTION* c, struct SCP_SESSION* s) { if (0 != s->client_ip) { - log_message(LOG_LEVEL_INFO, "++ created session (access granted): username %s, ip %s", s->username, s->client_ip); + log_message(LOG_LEVEL_INFO, "++ created session (access granted): " + "username %s, ip %s", s->username, s->client_ip); } else { - log_message(LOG_LEVEL_INFO, "++ created session (access granted): username %s", s->username); + log_message(LOG_LEVEL_INFO, "++ created session (access granted): " + "username %s", s->username); } if (SCP_SESSION_TYPE_XVNC == s->type) diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c index 8ca71505..9cfb30a4 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c @@ -21,6 +21,7 @@ */ #include "xrdp.h" +#include "log.h" #define ACCESS /*****************************************************************************/ -- cgit v1.2.3