summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/xrdp/xrdp-v0.6.1_cleanup-state.diff51
-rw-r--r--system/xrdp/xrdp-v0.6.1_crypt.diff116
-rw-r--r--system/xrdp/xrdp-v0.6.1_disabled.diff26
-rw-r--r--system/xrdp/xrdp.SlackBuild7
4 files changed, 199 insertions, 1 deletions
diff --git a/system/xrdp/xrdp-v0.6.1_cleanup-state.diff b/system/xrdp/xrdp-v0.6.1_cleanup-state.diff
new file mode 100644
index 0000000000..32d8cb59ef
--- /dev/null
+++ b/system/xrdp/xrdp-v0.6.1_cleanup-state.diff
@@ -0,0 +1,51 @@
+From fca088da8caab209534db2c6ff9dcda277a529a7 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 AT zoho DOT com>
+Date: Wed, 18 Feb 2015
+Subject: Clean our state
+
+Make sure our state is clean when we're at the login window. This
+code, adapted from upstream's development branch, ensures settings
+from previous connections are cleared.
+
+---
+ xrdp/xrdp_mm.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+--- a/xrdp/xrdp_mm.c
++++ b/xrdp/xrdp_mm.c
+@@ -899,6 +899,25 @@ xrdp_mm_sesman_data_in(struct trans* tra
+ }
+
+ /*****************************************************************************/
++static void APP_CC
++cleanup_states(struct xrdp_mm *self)
++{
++ if (self != NULL)
++ {
++ self-> connected_state = 0; /* true if connected to sesman else false */
++ self-> sesman_trans = NULL; /* connection to sesman */
++ self-> sesman_trans_up = 0; /* true once connected to sesman */
++ self-> delete_sesman_trans = 0; /* boolean set when done with sesman connection */
++ self-> display = 0; /* 10 for :10.0, 11 for :11.0, etc */
++ self-> code = 0; /* 0 Xvnc session, 10 X11rdp session, 20 Xorg session */
++ self-> sesman_controlled = 0; /* true if this is a sesman session */
++ self-> chan_trans = NULL; /* connection to chansrv */
++ self-> chan_trans_up = 0; /* true once connected to chansrv */
++ self-> delete_chan_trans = 0; /* boolean set when done with channel connection */
++ }
++}
++
++/*****************************************************************************/
+ int APP_CC
+ xrdp_mm_connect(struct xrdp_mm* self)
+ {
+@@ -916,6 +939,9 @@ xrdp_mm_connect(struct xrdp_mm* self)
+ char text[256];
+ char port[8];
+
++ /* make sure we start in correct state */
++ cleanup_states(self);
++
+ g_memset(ip,0,sizeof(char) * 256);
+ g_memset(errstr,0,sizeof(char) * 256);
+ g_memset(text,0,sizeof(char) * 256);
diff --git a/system/xrdp/xrdp-v0.6.1_crypt.diff b/system/xrdp/xrdp-v0.6.1_crypt.diff
new file mode 100644
index 0000000000..1e6948a914
--- /dev/null
+++ b/system/xrdp/xrdp-v0.6.1_crypt.diff
@@ -0,0 +1,116 @@
+From 33feceb1573cbb6ba7fb326bb7872de75bca6b9e Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 AT zoho DOT com>
+Date: Wed, 18 Feb 2015
+Subject: Fix account validation with glibc crypt
+
+Starting with glibc 2.17, crypt() can return NULL which can cause
+xrdp-sesman to segfault. This patch backports upstream's fix for
+this as well as changes auth_userpass so it can validate SHA-256
+and SHA-512 hashed passwords.
+
+---
+ sesman/verify_user.c | 87 ++++++++++++++++-------------------------
+ 1 file changed, 35 insertions(+), 52 deletions(-)
+
+--- a/sesman/verify_user.c
++++ b/sesman/verify_user.c
+@@ -51,64 +51,47 @@ auth_account_disabled(struct spwd* stp);
+ long DEFAULT_CC
+ auth_userpass(char* user, char* pass)
+ {
+- char salt[13] = "$1$";
+- char hash[35] = "";
+- char* encr = 0;
+- struct passwd* spw;
+- struct spwd* stp;
+- int saltcnt = 0;
+-
+- spw = getpwnam(user);
+- if (spw == 0)
+- {
+- return 0;
+- }
+- if (g_strncmp(spw->pw_passwd, "x", 3) == 0)
+- {
+- /* the system is using shadow */
+- stp = getspnam(user);
+- if (stp == 0)
++ const char *encr;
++ const char *epass;
++ struct passwd *spw;
++ struct spwd *stp;
++
++ spw = getpwnam(user);
++
++ if (spw == 0)
++ {
++ return 0;
++ }
++
++ if (g_strncmp(spw->pw_passwd, "x", 3) == 0)
+ {
+- return 0;
++ /* the system is using shadow */
++ stp = getspnam(user);
++
++ if (stp == 0)
++ {
++ return 0;
++ }
++
++ if (1 == auth_account_disabled(stp))
++ {
++ log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user);
++ return 0;
++ }
++
++ encr = stp->sp_pwdp;
+ }
+- if (1==auth_account_disabled(stp))
++ else
+ {
+- log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user);
+- return 0;
++ /* old system with only passwd */
++ encr = spw->pw_passwd;
+ }
+- g_strncpy(hash, stp->sp_pwdp, 34);
+- }
+- else
+- {
+- /* old system with only passwd */
+- g_strncpy(hash, spw->pw_passwd, 34);
+- }
+- hash[34] = '\0';
+- if (g_strncmp(hash, "$1$", 3) == 0)
+- {
+- /* gnu style crypt(); */
+- saltcnt = 3;
+- while ((hash[saltcnt] != '$') && (saltcnt < 11))
++ epass = crypt(pass, encr);
++ if (epass == 0)
+ {
+- salt[saltcnt] = hash[saltcnt];
+- saltcnt++;
++ return 0;
+ }
+- salt[saltcnt] = '$';
+- salt[saltcnt + 1] = '\0';
+- }
+- else
+- {
+- /* classic two char salt */
+- salt[0] = hash[0];
+- salt[1] = hash[1];
+- salt[2] = '\0';
+- }
+- encr = crypt(pass,salt);
+- if (g_strncmp(encr, hash, 34) != 0)
+- {
+- return 0;
+- }
+- return 1;
++ return (strcmp(encr, epass) == 0);
+ }
+
+ /******************************************************************************/
diff --git a/system/xrdp/xrdp-v0.6.1_disabled.diff b/system/xrdp/xrdp-v0.6.1_disabled.diff
new file mode 100644
index 0000000000..42855c89d3
--- /dev/null
+++ b/system/xrdp/xrdp-v0.6.1_disabled.diff
@@ -0,0 +1,26 @@
+From 6f195b64890e08d3fbbbb792f45a7d94d641c914 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1 AT zoho DOT com>
+Date: Wed, 18 Feb 2015
+Subject: Fix inactive account determination
+
+sesman: fix so shadow accounts aren't incorrectly classified "inactive"
+as might happen if sp_max/sp_inact fields are empty or sp_lstchg=0.
+
+---
+ sesman/verify_user.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/sesman/verify_user.c
++++ b/sesman/verify_user.c
+@@ -323,7 +323,10 @@ auth_account_disabled(struct spwd* stp)
+ return 1;
+ }
+
+- if (today >= (stp->sp_lstchg+stp->sp_max+stp->sp_inact))
++ if ((stp->sp_max >= 0) &&
++ (stp->sp_inact >= 0) &&
++ (stp->sp_lstchg > 0) &&
++ (today >= (stp->sp_lstchg + stp->sp_max + stp->sp_inact)))
+ {
+ return 1;
+ }
diff --git a/system/xrdp/xrdp.SlackBuild b/system/xrdp/xrdp.SlackBuild
index 8ac44d6ad9..0a18e3aada 100644
--- a/system/xrdp/xrdp.SlackBuild
+++ b/system/xrdp/xrdp.SlackBuild
@@ -5,7 +5,7 @@
PRGNAM=xrdp
VERSION=${VERSION:-0.6.1}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@@ -63,6 +63,11 @@ else
NOPAM_OPT=""
fi
+# patches from Mancha
+patch -p1 < $CWD/xrdp-v0.6.1_disabled.diff
+patch -p1 < $CWD/xrdp-v0.6.1_crypt.diff
+patch -p1 < $CWD/xrdp-v0.6.1_cleanup-state.diff
+
# Optional config options if built with FreeRDP:
# --enable-freerdp Build freerdp module (default: no)
# --enable-freerdp1 Build freerdp1 module (default: no)