Add support for token authentication
This feature allows to embed a token in the username field. Tokens are separated from the username by the ASCII field separator character 0x1F (unicode 0x001F).
This commit is contained in:
parent
e89f124afe
commit
b0bca1363e
@ -12,3 +12,4 @@ as possible.
|
|||||||
Our email eddress for security report is:
|
Our email eddress for security report is:
|
||||||
|
|
||||||
* [xrdp-core@googlegroups.com](mailto:xrdp-core@googlegroups.com)
|
* [xrdp-core@googlegroups.com](mailto:xrdp-core@googlegroups.com)
|
||||||
|
|
||||||
|
@ -159,6 +159,8 @@ struct xrdp_client_info
|
|||||||
int use_cache_glyph_v2;
|
int use_cache_glyph_v2;
|
||||||
int rail_enable;
|
int rail_enable;
|
||||||
int suppress_output;
|
int suppress_output;
|
||||||
|
|
||||||
|
int enable_token_login;
|
||||||
};
|
};
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -144,6 +144,10 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
|
|||||||
{
|
{
|
||||||
client_info->require_credentials = g_text2bool(value);
|
client_info->require_credentials = g_text2bool(value);
|
||||||
}
|
}
|
||||||
|
else if (g_strcasecmp(item, "enable_token_login") == 0)
|
||||||
|
{
|
||||||
|
client_info->enable_token_login = g_text2bool(value);
|
||||||
|
}
|
||||||
else if (g_strcasecmp(item, "use_fastpath") == 0)
|
else if (g_strcasecmp(item, "use_fastpath") == 0)
|
||||||
{
|
{
|
||||||
if (g_strcasecmp(value, "output") == 0)
|
if (g_strcasecmp(value, "output") == 0)
|
||||||
|
@ -675,6 +675,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
|
|||||||
int len_ip = 0;
|
int len_ip = 0;
|
||||||
int len_dll = 0;
|
int len_dll = 0;
|
||||||
char tmpdata[256];
|
char tmpdata[256];
|
||||||
|
const char *sep;
|
||||||
|
|
||||||
/* initialize (zero out) local variables */
|
/* initialize (zero out) local variables */
|
||||||
g_memset(tmpdata, 0, sizeof(char) * 256);
|
g_memset(tmpdata, 0, sizeof(char) * 256);
|
||||||
@ -808,7 +809,6 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
|
|||||||
{
|
{
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
DEBUG(("username %s", self->rdp_layer->client_info.username));
|
|
||||||
|
|
||||||
if (flags & RDP_LOGON_AUTO)
|
if (flags & RDP_LOGON_AUTO)
|
||||||
{
|
{
|
||||||
@ -818,6 +818,17 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
|
|||||||
}
|
}
|
||||||
DEBUG(("flag RDP_LOGON_AUTO found"));
|
DEBUG(("flag RDP_LOGON_AUTO found"));
|
||||||
}
|
}
|
||||||
|
else if (self->rdp_layer->client_info.enable_token_login
|
||||||
|
&& len_user > 0
|
||||||
|
&& len_password == 0
|
||||||
|
&& (sep = g_strchr(self->rdp_layer->client_info.username, '\x1f')) != NULL)
|
||||||
|
{
|
||||||
|
DEBUG(("Logon token detected"));
|
||||||
|
g_strncpy(self->rdp_layer->client_info.password, sep + 1,
|
||||||
|
sizeof(self->rdp_layer->client_info.password) - 1);
|
||||||
|
self->rdp_layer->client_info.username[sep - self->rdp_layer->client_info.username] = '\0';
|
||||||
|
self->rdp_layer->client_info.rdp_autologin = 1;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!s_check_rem(s, len_password + 2))
|
if (!s_check_rem(s, len_password + 2))
|
||||||
@ -831,6 +842,7 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s)
|
|||||||
return 1; /* credentials on cmd line is mandatory */
|
return 1; /* credentials on cmd line is mandatory */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
DEBUG(("username %s", self->rdp_layer->client_info.username));
|
||||||
|
|
||||||
if (unicode_utf16_in(s, len_program, self->rdp_layer->client_info.program, sizeof(self->rdp_layer->client_info.program) - 1) != 0)
|
if (unicode_utf16_in(s, len_program, self->rdp_layer->client_info.program, sizeof(self->rdp_layer->client_info.program) - 1) != 0)
|
||||||
{
|
{
|
||||||
|
@ -76,6 +76,8 @@ new_cursors=true
|
|||||||
use_fastpath=both
|
use_fastpath=both
|
||||||
; when true, userid/password *must* be passed on cmd line
|
; when true, userid/password *must* be passed on cmd line
|
||||||
#require_credentials=true
|
#require_credentials=true
|
||||||
|
; when true, the userid will be used to try to authenticate
|
||||||
|
#enable_token_login=true
|
||||||
; You can set the PAM error text in a gateway setup (MAX 256 chars)
|
; You can set the PAM error text in a gateway setup (MAX 256 chars)
|
||||||
#pamerrortxt=change your password according to policy at http://url
|
#pamerrortxt=change your password according to policy at http://url
|
||||||
|
|
||||||
|
@ -1001,6 +1001,11 @@ load_xrdp_config(struct xrdp_config *config, int bpp)
|
|||||||
else if (g_strncmp(n, "allow_multimon", 64) == 0)
|
else if (g_strncmp(n, "allow_multimon", 64) == 0)
|
||||||
globals->allow_multimon = g_text2bool(v);
|
globals->allow_multimon = g_text2bool(v);
|
||||||
|
|
||||||
|
else if (g_strncmp(n, "enable_token_login", 64) == 0) {
|
||||||
|
log_message(LOG_LEVEL_DEBUG, "Token login detection enabled x");
|
||||||
|
globals->enable_token_login = g_text2bool(v);
|
||||||
|
}
|
||||||
|
|
||||||
/* login screen values */
|
/* login screen values */
|
||||||
else if (g_strncmp(n, "ls_top_window_bg_color", 64) == 0)
|
else if (g_strncmp(n, "ls_top_window_bg_color", 64) == 0)
|
||||||
globals->ls_top_window_bg_color = HCOLOR(bpp, xrdp_wm_htoi(v));
|
globals->ls_top_window_bg_color = HCOLOR(bpp, xrdp_wm_htoi(v));
|
||||||
@ -1109,6 +1114,7 @@ load_xrdp_config(struct xrdp_config *config, int bpp)
|
|||||||
g_writeln("new_cursors: %d", globals->new_cursors);
|
g_writeln("new_cursors: %d", globals->new_cursors);
|
||||||
g_writeln("nego_sec_layer: %d", globals->nego_sec_layer);
|
g_writeln("nego_sec_layer: %d", globals->nego_sec_layer);
|
||||||
g_writeln("allow_multimon: %d", globals->allow_multimon);
|
g_writeln("allow_multimon: %d", globals->allow_multimon);
|
||||||
|
g_writeln("enable_token_login: %d", globals->enable_token_login)
|
||||||
|
|
||||||
g_writeln("ls_top_window_bg_color: %x", globals->ls_top_window_bg_color);
|
g_writeln("ls_top_window_bg_color: %x", globals->ls_top_window_bg_color);
|
||||||
g_writeln("ls_width: %d", globals->ls_width);
|
g_writeln("ls_width: %d", globals->ls_width);
|
||||||
|
@ -566,6 +566,7 @@ struct xrdp_cfg_globals
|
|||||||
int new_cursors;
|
int new_cursors;
|
||||||
int nego_sec_layer;
|
int nego_sec_layer;
|
||||||
int allow_multimon;
|
int allow_multimon;
|
||||||
|
int enable_token_login;
|
||||||
|
|
||||||
/* colors */
|
/* colors */
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user