Allow domain name to be concatenated to username

If a server is multihomed (i.e. mutiple domains) the
users are identified by their domain name. This change
allows to concat the domain name to the username with
a specific separator.
This commit is contained in:
Bolke de Bruin 2020-08-30 21:20:21 +02:00
parent b0bca1363e
commit a6a0e5e004
6 changed files with 36 additions and 6 deletions

View File

@ -2590,6 +2590,19 @@ g_strcat(char *dest, const char *src)
return strcat(dest, src); return strcat(dest, src);
} }
/*****************************************************************************/
/* returns dest */
char *
g_strncat(char *dest, const char *src, int len)
{
if (dest == 0 || src == 0)
{
return dest;
}
return strncat(dest, src, len);
}
/*****************************************************************************/ /*****************************************************************************/
/* if in = 0, return 0 else return newly alloced copy of in */ /* if in = 0, return 0 else return newly alloced copy of in */
char * char *

View File

@ -124,6 +124,7 @@ const char *g_strchr(const char *text, int c);
char* g_strcpy(char* dest, const char* src); char* g_strcpy(char* dest, const char* src);
char* g_strncpy(char* dest, const char* src, int len); char* g_strncpy(char* dest, const char* src, int len);
char* g_strcat(char* dest, const char* src); char* g_strcat(char* dest, const char* src);
char* g_strncat(char* dest, const char* src, int len);
char* g_strdup(const char* in); char* g_strdup(const char* in);
char* g_strndup(const char* in, const unsigned int maxlen); char* g_strndup(const char* in, const unsigned int maxlen);
int g_strcmp(const char* c1, const char* c2); int g_strcmp(const char* c1, const char* c2);

View File

@ -161,6 +161,7 @@ struct xrdp_client_info
int suppress_output; int suppress_output;
int enable_token_login; int enable_token_login;
char domain_user_separator[16];
}; };
#endif #endif

View File

@ -280,7 +280,11 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
client_info->key_file, g_get_strerror()); client_info->key_file, g_get_strerror());
} }
} }
else if (g_strcasecmp(item, "domain_user_separator") == 0
&& g_strlen(value) > 0)
{
g_strncpy(client_info->domain_user_separator, value, sizeof(client_info->domain_user_separator) - 1);
}
} }
list_delete(items); list_delete(items);

View File

@ -738,7 +738,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
if (len_domain >= INFO_CLIENT_MAX_CB_LEN) if (len_domain >= INFO_CLIENT_MAX_CB_LEN)
{ {
DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain > 511")); DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_domain >= %d", INFO_CLIENT_MAX_CB_LEN));
return 1; return 1;
} }
@ -760,7 +760,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
if (len_user >= INFO_CLIENT_MAX_CB_LEN) if (len_user >= INFO_CLIENT_MAX_CB_LEN)
{ {
DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user > 511")); DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_user >= %d", INFO_CLIENT_MAX_CB_LEN));
return 1; return 1;
} }
@ -772,7 +772,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
if (len_password >= INFO_CLIENT_MAX_CB_LEN) if (len_password >= INFO_CLIENT_MAX_CB_LEN)
{ {
DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password > 511")); DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_password >= %d", INFO_CLIENT_MAX_CB_LEN));
return 1; return 1;
} }
@ -784,7 +784,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
if (len_program >= INFO_CLIENT_MAX_CB_LEN) if (len_program >= INFO_CLIENT_MAX_CB_LEN)
{ {
DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program > 511")); DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_program >= %d", INFO_CLIENT_MAX_CB_LEN));
return 1; return 1;
} }
@ -796,7 +796,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
if (len_directory >= INFO_CLIENT_MAX_CB_LEN) if (len_directory >= INFO_CLIENT_MAX_CB_LEN)
{ {
DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory > 511")); DEBUG(("ERROR [xrdp_sec_process_logon_info()]: len_directory >= %d", INFO_CLIENT_MAX_CB_LEN));
return 1; return 1;
} }
@ -842,6 +842,13 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
return 1; /* credentials on cmd line is mandatory */ return 1; /* credentials on cmd line is mandatory */
} }
} }
if (self->rdp_layer->client_info.domain_user_separator[0] != '\0'
&& self->rdp_layer->client_info.domain[0] != '\0')
{
int size = sizeof(self->rdp_layer->client_info.username);
g_strncat(self->rdp_layer->client_info.username, self->rdp_layer->client_info.domain_user_separator, size - 1 - g_strlen(self->rdp_layer->client_info.domain_user_separator));
g_strncat(self->rdp_layer->client_info.username, self->rdp_layer->client_info.domain, size - 1 - g_strlen(self->rdp_layer->client_info.domain));
}
DEBUG(("username %s", self->rdp_layer->client_info.username)); DEBUG(("username %s", self->rdp_layer->client_info.username));
if (unicode_utf16_in(s, len_program, self->rdp_layer->client_info.program, sizeof(self->rdp_layer->client_info.program) - 1) != 0) if (unicode_utf16_in(s, len_program, self->rdp_layer->client_info.program, sizeof(self->rdp_layer->client_info.program) - 1) != 0)

View File

@ -58,6 +58,10 @@ ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites ; set TLS cipher suites
#tls_ciphers=HIGH #tls_ciphers=HIGH
; concats the domain name to the user if set for authentication with the separator
; for example when the server is multi homed with SSSd
#domain_user_separator=@
; Section name to use for automatic login if the client sends username ; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used. ; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in ; If empty and no domain name is given, the first suitable section in