1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
|
/**
* xrdp: A Remote Desktop Protocol server.
*
* Copyright (C) Jay Sorg 2004-2013
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
*
* @file config.h
* @brief User authentication definitions
* @author Simone Fedele @< simo [at] esseemme [dot] org @>
*
*/
#ifndef CONFIG_H
#define CONFIG_H
#include "arch.h"
#include "list.h"
#include "log.h"
#define SESMAN_CFG_GLOBALS "Globals"
#define SESMAN_CFG_DEFWM "DefaultWindowManager"
#define SESMAN_CFG_ADDRESS "ListenAddress"
#define SESMAN_CFG_PORT "ListenPort"
#define SESMAN_CFG_ENABLE_USERWM "EnableUserWindowManager"
#define SESMAN_CFG_USERWM "UserWindowManager"
#define SESMAN_CFG_MAX_SESSION "MaxSessions"
#define SESMAN_CFG_AUTH_FILE_PATH "AuthFilePath"
#define SESMAN_CFG_RECONNECT_SH "ReconnectScript"
#define SESMAN_CFG_RDP_PARAMS "X11rdp"
#define SESMAN_CFG_XORG_PARAMS "Xorg"
#define SESMAN_CFG_VNC_PARAMS "Xvnc"
#define SESMAN_CFG_SESSION_VARIABLES "SessionVariables"
/*
#define SESMAN_CFG_LOGGING "Logging"
#define SESMAN_CFG_LOG_FILE "LogFile"
#define SESMAN_CFG_LOG_LEVEL "LogLevel"
#define SESMAN_CFG_LOG_ENABLE_SYSLOG "EnableSyslog"
#define SESMAN_CFG_LOG_SYSLOG_LEVEL "SyslogLevel"
*/
#define SESMAN_CFG_SECURITY "Security"
#define SESMAN_CFG_SEC_LOGIN_RETRY "MaxLoginRetry"
#define SESMAN_CFG_SEC_ALLOW_ROOT "AllowRootLogin"
#define SESMAN_CFG_SEC_USR_GROUP "TerminalServerUsers"
#define SESMAN_CFG_SEC_ADM_GROUP "TerminalServerAdmins"
#define SESMAN_CFG_SEC_ALWAYSGROUPCHECK "AlwaysGroupCheck"
#define SESMAN_CFG_SEC_RESTRICT_OUTBOUND_CLIPBOARD "RestrictOutboundClipboard"
#define SESMAN_CFG_SEC_RESTRICT_INBOUND_CLIPBOARD "RestrictInboundClipboard"
#define SESMAN_CFG_SESSIONS "Sessions"
#define SESMAN_CFG_SESS_MAX "MaxSessions"
#define SESMAN_CFG_SESS_KILL_DISC "KillDisconnected"
#define SESMAN_CFG_SESS_IDLE_LIMIT "IdleTimeLimit"
#define SESMAN_CFG_SESS_DISC_LIMIT "DisconnectedTimeLimit"
#define SESMAN_CFG_SESS_X11DISPLAYOFFSET "X11DisplayOffset"
#define SESMAN_CFG_SESS_POLICY_S "Policy"
#define SESMAN_CFG_SESS_POLICY_DFLT_S "Default"
#define SESMAN_CFG_SESS_POLICY_SEP_S "Separate"
enum SESMAN_CFG_SESS_POLICY_BITS
{
/* If these two are set, they override everything else */
SESMAN_CFG_SESS_POLICY_DEFAULT = (1 << 0),
SESMAN_CFG_SESS_POLICY_SEPARATE = (1 << 1),
/* Configuration bits */
SESMAN_CFG_SESS_POLICY_U = (1 << 2),
SESMAN_CFG_SESS_POLICY_B = (1 << 3),
SESMAN_CFG_SESS_POLICY_D = (1 << 4),
SESMAN_CFG_SESS_POLICY_I = (1 << 5)
};
/**
*
* @struct config_security
* @brief struct that contains sesman access control configuration
*
*/
struct config_security
{
/**
* @var allow_root
* @brief allow root login on TS
*/
int allow_root;
/**
* @var login_retry
* @brief maximum login attempts
*/
int login_retry;
/**
* @var ts_users
* @brief Terminal Server Users group
*/
int ts_users_enable;
int ts_users;
/**
* @var ts_admins
* @brief Terminal Server Administrators group
*/
int ts_admins_enable;
int ts_admins;
/**
* @var ts_always_group_check
* @brief if the Groups are not found deny access
*/
int ts_always_group_check;
/**
* @var restrict_outbound_clipboard
* @brief if the clipboard should be enforced restricted. If true only allow client -> server, not vice versa.
*/
int restrict_outbound_clipboard;
/**
* @var restrict_inbound_clipboard
* @brief if the clipboard should be enforced restricted. If true only allow server -> client, not vice versa.
*/
int restrict_inbound_clipboard;
};
/**
*
* @struct config_sessions
* @brief struct that contains sesman session handling configuration
*
*/
struct config_sessions
{
/**
* @var x11_display_offset
* @brief X11 TCP port offset. default value: 10
*/
int x11_display_offset;
/**
* @var max_sessions
* @brief maximum number of allowed sessions. 0 for unlimited
*/
int max_sessions;
/**
* @var max_idle_time
* @brief maximum idle time for each session
*/
int max_idle_time;
/**
* @var max_disc_time
* @brief maximum disconnected time for each session
*/
int max_disc_time;
/**
* @var kill_disconnected
* @brief enables automatic killing of disconnected session
*/
int kill_disconnected;
/**
* @var policy
* @brief session allocation policy
*/
unsigned int policy;
};
/**
*
* @struct config_sesman
* @brief struct that contains sesman configuration
*
* This struct contains all of sesman configuration parameters\n
* Every parameter in [globals] is a member of this struct, other
* sections options are embedded in this struct as member structures
*
*/
struct config_sesman
{
/**
* @var sesman_ini
* @brief File that these parameters are read from
*/
char *sesman_ini;
/**
* @var listen_port
* @brief Listening port
*/
char listen_port[256];
/**
* @var enable_user_wm
* @brief Flag that enables user specific wm
*/
int enable_user_wm;
/**
* @var default_wm
* @brief Default window manager
*/
char *default_wm;
/**
* @var user_wm
* @brief Default window manager
*/
char user_wm[32];
/**
* @var reconnect_sh
* @brief Script executed when reconnected
*/
char *reconnect_sh;
/**
* @var auth_file_path
* @brief Auth file path
*/
char *auth_file_path;
/**
* @var vnc_params
* @brief Xvnc additional parameter list
*/
struct list *vnc_params;
/**
* @var rdp_params
* @brief X11rdp additional parameter list
*/
struct list *rdp_params;
/**
* @var xorg_params
* @brief Xorg additional parameter list
*/
struct list *xorg_params;
/**
* @var log
* @brief Log configuration struct
*/
//struct log_config log;
/**
* @var sec
* @brief Security configuration options struct
*/
struct config_security sec;
/**
* @var sess
* @brief Session configuration options struct
*/
struct config_sessions sess;
/**
* @var env_names
* @brief environment variable name list
*/
struct list *env_names;
/**
* @var env_values
* @brief environment variable value list
*/
struct list *env_values;
};
/**
*
* @brief Reads sesman configuration
* @param sesman_ini Name of configuration file to read
* @return configuration on success, NULL on failure
*
* @post pass return value to config_free() to prevent memory leaks
*
*/
struct config_sesman *
config_read(const char *sesman_ini);
/**
*
* @brief Dumps configuration
* @param pointer to a config_sesman struct
*
*/
void
config_dump(struct config_sesman *config);
/**
*
* @brief Frees configuration allocated by config_read()
* @param pointer to a config_sesman struct (may be NULL)
*
*/
void
config_free(struct config_sesman *cs);
/**
* Converts a session allocation Policy value to a strin
* @param value - Session allocation policy value
* @param buff - Buffer for result
* @param bufflen - Length of buffer
* @return Length of string that would be required without a terminator
* to write the whole output (like snprintf())
*/
int
config_output_policy_string(unsigned int value,
char *buff, unsigned int bufflen);
#endif
|
