From 06580ec448ca9ed543699d85afc4e4b97ec75b65 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Mon, 6 Feb 2023 16:14:36 +0000 Subject: [PATCH] sesman config: Add MaxDisplayNumber When allocating a display number, we should be aware that IANA only allow TCP displays up to :63. This PR adds that restriction in to sesman.ini as a default, to prevent us allocating unavailable TCP ports. By default TCP ports are not enabled for X servers, but users can easily change this if they wish to access X displays directly over the network. This restriction is in addition to the MaxSessions limit already present in sesman.ini --- docs/man/sesman.ini.5.in | 7 +++++++ sesman/libsesman/sesman_config.c | 12 ++++++++++++ sesman/libsesman/sesman_config.h | 5 +++++ sesman/sesman.ini.in | 9 +++++++++ 4 files changed, 33 insertions(+) diff --git a/docs/man/sesman.ini.5.in b/docs/man/sesman.ini.5.in index 45c256f9..474591c0 100644 --- a/docs/man/sesman.ini.5.in +++ b/docs/man/sesman.ini.5.in @@ -155,6 +155,13 @@ defaults to \fI10\fR. Sets the maximum number of simultaneous sessions. If not set or set to \fI0\fR, unlimited session are allowed. +.TP +\fBMaxDisplayNumber\fR=\fInumber\fR +Sets the maximum number which can be assigned to an X11 $DISPLAY. The +default is compatible with IANA TCP port allocations. If you are not +allowing TCP connections to your X servers you may safely increase this +number. + .TP \fBKillDisconnected\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed diff --git a/sesman/libsesman/sesman_config.c b/sesman/libsesman/sesman_config.c index 2c545a1e..0568a25f 100644 --- a/sesman/libsesman/sesman_config.c +++ b/sesman/libsesman/sesman_config.c @@ -77,6 +77,7 @@ #define SESMAN_CFG_SESS_IDLE_LIMIT "IdleTimeLimit" #define SESMAN_CFG_SESS_DISC_LIMIT "DisconnectedTimeLimit" #define SESMAN_CFG_SESS_X11DISPLAYOFFSET "X11DisplayOffset" +#define SESMAN_CFG_SESS_MAX_DISPLAY "MaxDisplayNumber" #define SESMAN_CFG_SESS_POLICY_S "Policy" #define SESMAN_CFG_SESS_POLICY_DFLT_S "Default" @@ -410,6 +411,8 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n, /* setting defaults */ se->x11_display_offset = 10; + // https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml` + se->max_display_number = 63; se->max_sessions = 0; se->max_idle_time = 0; se->max_disc_time = 0; @@ -428,6 +431,15 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n, se->x11_display_offset = g_atoi(value); } + else if (0 == g_strcasecmp(buf, SESMAN_CFG_SESS_MAX_DISPLAY)) + { + int mdn = g_atoi(value); + if (mdn > 0) + { + se->max_display_number = mdn; + } + } + else if (0 == g_strcasecmp(buf, SESMAN_CFG_SESS_MAX)) { se->max_sessions = g_atoi(value); diff --git a/sesman/libsesman/sesman_config.h b/sesman/libsesman/sesman_config.h index ea6cf2be..545728a2 100644 --- a/sesman/libsesman/sesman_config.h +++ b/sesman/libsesman/sesman_config.h @@ -118,6 +118,11 @@ struct config_sessions * @brief X11 TCP port offset. default value: 10 */ int x11_display_offset; + /** + * @var max_display_number + * @brief Highest X11 display number considered for allocation + */ + unsigned int max_display_number; /** * @var max_sessions * @brief maximum number of allowed sessions. 0 for unlimited diff --git a/sesman/sesman.ini.in b/sesman/sesman.ini.in index f2ce82c1..dd615858 100644 --- a/sesman/sesman.ini.in +++ b/sesman/sesman.ini.in @@ -51,6 +51,15 @@ X11DisplayOffset=10 ; Default: 0 MaxSessions=50 +;; MaxDisplayNumer - maximum number considered for an X display +; Type: integer +; Default: 63 +; +; IANA only allocates TCP ports up to 6063 for X servers. If you are not +; allowing TCP connections to your X servers you may safely increase this +; number. +#MaxDisplayNumber=63 + ;; KillDisconnected - kill disconnected sessions ; Type: boolean ; Default: false