Move g_mk_socket_path() to sesman

The sockdir is only used when sesman is active. The
call g_mk_socket_path() is removed from os_calls and moved to
sesman.

We also change the permissions on this directory to
0755 rather than 01777 (01000 is the 'sticky bit', S_ISVTX).

The behaviour of g_create_dir() has been modified to not
set S_ISVTX on Linux directories. This is implementation-defined
behaviour according to 1003.1, and is no longer required for the
sockdir.

common/Makefile.am

@@ -27,8 +27,7 @@ AM_CPPFLAGS = \
   -DXRDP_SBIN_PATH=\"${sbindir}\" \
   -DXRDP_SHARE_PATH=\"${datadir}/xrdp\" \
   -DXRDP_PID_PATH=\"${localstatedir}/run\" \
-  -DXRDP_LOG_PATH=\"${localstatedir}/log\" \
-  -DXRDP_SOCKET_PATH=\"${socketdir}\"
+  -DXRDP_LOG_PATH=\"${localstatedir}/log\"
 
 # -no-suppress is an automake-specific flag which is needed
 # to prevent us missing compiler errors in some circumstances

common/os_calls.c

@@ -150,28 +150,6 @@ g_rm_temp_dir(void)
     return 0;
 }
 
-/*****************************************************************************/
-int
-g_mk_socket_path(void)
-{
-    if (!g_directory_exist(XRDP_SOCKET_PATH))
-    {
-        if (!g_create_path(XRDP_SOCKET_PATH"/"))
-        {
-            /* if failed, still check if it got created by someone else */
-            if (!g_directory_exist(XRDP_SOCKET_PATH))
-            {
-                LOG(LOG_LEVEL_ERROR,
-                    "g_mk_socket_path: g_create_path(%s) failed",
-                    XRDP_SOCKET_PATH);
-                return 1;
-            }
-        }
-        g_chmod_hex(XRDP_SOCKET_PATH, 0x1777);
-    }
-    return 0;
-}
-
 /*****************************************************************************/
 void
 g_init(const char *app_name)
@@ -2666,7 +2644,7 @@ g_create_dir(const char *dirname)
 #if defined(_WIN32)
     return CreateDirectoryA(dirname, 0); // test this
 #else
-    return mkdir(dirname, (mode_t) - 1) == 0;
+    return mkdir(dirname, 0777) == 0;
 #endif
 }
 

common/os_calls.h

@@ -53,7 +53,6 @@ struct list;
 #define g_close_wait_obj g_delete_wait_obj
 
 int      g_rm_temp_dir(void);
-int      g_mk_socket_path(void);
 void     g_init(const char *app_name);
 void     g_deinit(void);
 void g_printf(const char *format, ...) printflike(1, 2);

sesman/sesman.c

@@ -682,6 +682,44 @@ read_pid_file(const char *pid_file, int *pid)
     return rv;
 }
 
+/******************************************************************************/
+/** Creates the socket path for sesman and session sockets
+*/
+static int
+create_xrdp_socket_root_path(void)
+{
+#ifndef XRDP_SOCKET_PATH
+#   error "XRDP_SOCKET_PATH must be defined"
+#endif
+    int uid = g_getuid();
+    int gid = g_getgid();
+
+    /* Create the path using 0755 permissions */
+    int old_umask = g_umask_hex(0x22);
+    (void)g_create_path(XRDP_SOCKET_PATH"/");
+    (void)g_umask_hex(old_umask);
+
+    /* Check the ownership and permissions on the last path element
+     * are as expected */
+    if (g_chown(XRDP_SOCKET_PATH, uid, gid) != 0)
+    {
+        LOG(LOG_LEVEL_ERROR,
+            "create_xrdp_socket_root_path: Can't set owner of %s to %d:%d",
+            XRDP_SOCKET_PATH, uid, gid);
+        return 1;
+    }
+
+    if (g_chmod_hex(XRDP_SOCKET_PATH, 0x755) != 0)
+    {
+        LOG(LOG_LEVEL_ERROR,
+            "create_xrdp_socket_root_path: Can't set perms of %s to 0x755",
+            XRDP_SOCKET_PATH);
+        return 1;
+    }
+
+    return 0;
+}
+
 /******************************************************************************/
 int
 main(int argc, char **argv)
@@ -928,7 +966,7 @@ main(int argc, char **argv)
         "starting xrdp-sesman with pid %d", g_pid);
 
     /* make sure the socket directory exists */
-    g_mk_socket_path();
+    create_xrdp_socket_root_path();
 
     /* make sure the /tmp/.X11-unix directory exists */
     if (!g_directory_exist("/tmp/.X11-unix"))