File xrdp-fix-username-in-env.patch of Package xrdp.37241
Convert username entered by user to canonical form before exporting to environment variables.
Username can use different formats with domain prefixes or suffixes.
Conversion of username to uid and back from uid to username gives us
canonical username form as it's stored in passwd database.
Patch implements a small subset of functionality from upstream pull request
https://github.com/neutrinolabs/xrdp/pull/2472
Index: xrdp-0.9.13.1/sesman/env.c
===================================================================
--- xrdp-0.9.13.1.orig/sesman/env.c
+++ xrdp-0.9.13.1/sesman/env.c
@@ -100,6 +100,7 @@ env_set_user(const char *username, char
int len;
char *name;
char *value;
+ char *pw_username;
char *pw_shell;
char *pw_dir;
char text[256];
@@ -113,6 +114,16 @@ env_set_user(const char *username, char
if (error == 0)
{
+ /* Convert username to uid and back to pw_username to get unique username
+ * form with(out) various domain suffixes.
+ */
+ error = g_getuser_info_by_uid(pw_uid, &pw_username, 0, 0, 0, 0);
+
+ if (error != 0)
+ {
+ pw_username = g_strdup(username);
+ }
+
g_rm_temp_dir();
/*
* Set the primary group. Note that secondary groups should already
@@ -132,8 +143,8 @@ env_set_user(const char *username, char
g_clearenv();
g_setenv("SHELL", pw_shell, 1);
g_setenv("PATH", "/sbin:/bin:/usr/bin:/usr/local/bin", 1);
- g_setenv("USER", username, 1);
- g_setenv("LOGNAME", username, 1);
+ g_setenv("USER", pw_username, 1);
+ g_setenv("LOGNAME", pw_username, 1);
g_sprintf(text, "%d", uid);
g_setenv("UID", text, 1);
g_setenv("HOME", pw_dir, 1);
@@ -178,14 +189,14 @@ env_set_user(const char *username, char
}
len = g_snprintf(NULL, 0, "%s/.vnc/sesman_passwd-%s@%s:%d",
- pw_dir, username, hostname, display);
+ pw_dir, pw_username, hostname, display);
*passwd_file = (char *) g_malloc(len + 1, 1);
if (*passwd_file != NULL)
{
/* Try legacy names first, remove if found */
g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd:%d",
- pw_dir, username, display);
+ pw_dir, pw_username, display);
if (g_file_exist(*passwd_file))
{
log_message(LOG_LEVEL_WARNING, "Removing old "
@@ -193,7 +204,7 @@ env_set_user(const char *username, char
g_file_delete(*passwd_file);
}
g_sprintf(*passwd_file, "%s/.vnc/sesman_%s_passwd",
- pw_dir, username);
+ pw_dir, pw_username);
if (g_file_exist(*passwd_file))
{
log_message(LOG_LEVEL_WARNING, "Removing insecure "
@@ -201,18 +212,18 @@ env_set_user(const char *username, char
g_file_delete(*passwd_file);
}
g_sprintf(*passwd_file, "%s/.vnc/sesman_passwd-%s@%s:%d",
- pw_dir, username, hostname, display);
+ pw_dir, pw_username, hostname, display);
}
}
else
{
/* we use auth_file_path as requested */
- len = g_snprintf(NULL, 0, g_cfg->auth_file_path, username);
+ len = g_snprintf(NULL, 0, g_cfg->auth_file_path, pw_username);
*passwd_file = (char *) g_malloc(len + 1, 1);
if (*passwd_file != NULL)
{
- g_sprintf(*passwd_file, g_cfg->auth_file_path, username);
+ g_sprintf(*passwd_file, g_cfg->auth_file_path, pw_username);
}
}
@@ -222,6 +233,7 @@ env_set_user(const char *username, char
}
}
+ g_free(pw_username);
g_free(pw_dir);
g_free(pw_shell);
}
