Remove sesmanruntimedir

Now we've made the XRDP_SOCKET_PATH only writeable by root, it's
safe to move the sesman socket back into this directory. We no longer
need a separate sesmanruntimedir
This commit is contained in:
matt335672 2023-06-14 14:23:07 +01:00
parent 675dd77807
commit c51ec2e8e9
9 changed files with 31 additions and 64 deletions

View File

@ -62,12 +62,6 @@ AC_ARG_WITH([socketdir],
[], [with_socketdir="$runstatedir/xrdp"])
AC_SUBST([socketdir], [$with_socketdir])
AC_ARG_WITH([sesmanruntimedir],
[AS_HELP_STRING([--with-sesmanruntimedir=DIR],
[Use directory for sesman runtime data (default: RUNSTATEDIR/xrdp-sesman)])],
[], [with_sesmanruntimedir="$runstatedir/xrdp-sesman"])
AC_SUBST([sesmanruntimedir], [$with_sesmanruntimedir])
AC_ARG_WITH([systemdsystemunitdir],
AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files, no to disable]),
[], [
@ -655,7 +649,6 @@ echo " pamconfdir $pamconfdir"
echo " localstatedir $localstatedir"
echo " runstatedir $runstatedir"
echo " socketdir $socketdir"
echo " sesmanruntimedir $sesmanruntimedir"
echo ""
echo " unit tests performable $perform_unit_tests"
echo ""

View File

@ -27,7 +27,6 @@ SUBST_VARS = sed \
-e 's|@localstatedir[@]|$(localstatedir)|g' \
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
-e 's|@socketdir[@]|$(socketdir)|g' \
-e 's|@sesmanruntimedir[@]|$(sesmanruntimedir)|g' \
-e 's|@xrdpconfdir[@]|$(sysconfdir)/xrdp|g' \
-e 's|@xrdpdatadir[@]|$(datadir)/xrdp|g' \
-e 's|@xrdphomeurl[@]|http://www.xrdp.org/|g'

View File

@ -57,7 +57,7 @@ In this instance, the system administrator is responsible for ensuring
the socket can only be created by a suitably privileged process.
.PP
If the parameter does not start with a '/', a name within
@sesmanruntimedir@ is used.
@socketdir@ is used.
.RE
.TP

View File

@ -28,7 +28,7 @@ Retained for compatibility, but ignored.
.BI \-i= port
The sesman \fIUNIX domain socket\fP to connect to.
Defaults to \fBsesman.socket\fP.
If no path is specified for the socket, a default of @sesmanruntimedir@ is used.
If no path is specified for the socket, a default of @socketdir@ is used.
.TP
.BI \-c= command

View File

@ -70,7 +70,7 @@ not running \fBxrdp\-sesman\fR as a daemon.
.br
@localstatedir@/run/xrdp\-sesman.pid
.br
@sesmanruntimedir@/sesman.socket
@socketdir@/sesman.socket
.SH "AUTHORS"
Jay Sorg <jsorg71@users.sourceforge.net>

View File

@ -1,6 +1,5 @@
AM_CPPFLAGS = \
-DSESMAN_RUNTIME_PATH=\"${sesmanruntimedir}\" \
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
-I$(top_srcdir)/common

View File

@ -27,6 +27,8 @@
#include <config_ac.h>
#endif
#include <ctype.h>
#include "scp.h"
#include "libipm.h"
#include "guid.h"
@ -76,6 +78,23 @@ scp_msgno_to_str(enum scp_msg_code n, char *buff, unsigned int buff_size)
return buff;
}
/*****************************************************************************/
/**
* Helper function returning 1 if the passed-in string is an integer >= 0
*/
static int is_positive_int(const char *s)
{
for ( ; *s != '\0' ; ++s)
{
if (!isdigit(*s))
{
return 0;
}
}
return 1;
}
/*****************************************************************************/
int
scp_port_to_unix_domain_path(const char *port, char *buff,
@ -111,7 +130,7 @@ scp_port_to_unix_domain_path(const char *port, char *buff,
{
port = SCP_LISTEN_PORT_BASE_STR;
}
else if (g_strcmp(port, "3350") == 0)
else if (is_positive_int(port))
{
/* Version v0.9.x and earlier of xrdp used a TCP port
* number. If we come across this, we'll ignore it for
@ -121,7 +140,7 @@ scp_port_to_unix_domain_path(const char *port, char *buff,
port = SCP_LISTEN_PORT_BASE_STR;
}
result = g_snprintf(buff, bufflen, SESMAN_RUNTIME_PATH "/%s", port);
result = g_snprintf(buff, bufflen, XRDP_SOCKET_ROOT_PATH "/%s", port);
}
return result;

View File

@ -7,7 +7,6 @@ AM_CPPFLAGS = \
-DXRDP_LIBEXEC_PATH=\"${libexecdir}/xrdp\" \
-DXRDP_PID_PATH=\"${localstatedir}/run\" \
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
-DSESMAN_RUNTIME_PATH=\"${sesmanruntimedir}\" \
-I$(top_srcdir)/sesman/libsesman \
-I$(top_srcdir)/common \
-I$(top_srcdir)/libipm

View File

@ -193,45 +193,6 @@ sesman_process_params(int argc, char **argv,
return 0;
}
/******************************************************************************/
static int
create_sesman_runtime_dir(void)
{
int rv = -1;
/* Make sure if we create the directory, there's no gap where it
* may have the wrong permissions */
int entry_umask = g_umask_hex(0x755);
if (!g_directory_exist(SESMAN_RUNTIME_PATH) &&
!g_create_dir(SESMAN_RUNTIME_PATH))
{
LOG(LOG_LEVEL_ERROR,
"Can't create runtime directory '"
SESMAN_RUNTIME_PATH "' [%s]", g_get_strerror());
}
else if (g_chown(SESMAN_RUNTIME_PATH, g_getuid(), g_getuid()) != 0)
{
LOG(LOG_LEVEL_ERROR,
"Can't set ownership of sesman runtime directory [%s]",
g_get_strerror());
}
else if (g_chmod_hex(SESMAN_RUNTIME_PATH, 0x755) != 0)
{
/* This might seem redundant, but there's a chance the
* directory already exists */
LOG(LOG_LEVEL_ERROR,
"Can't set permissions of sesman runtime directory [%s]",
g_get_strerror());
}
else
{
rv = 0;
}
g_umask_hex(entry_umask);
return rv;
}
/******************************************************************************/
static int sesman_listen_test(struct config_sesman *cfg)
{
@ -694,24 +655,24 @@ create_xrdp_socket_root_path(void)
/* Create the path using 0755 permissions */
int old_umask = g_umask_hex(0x22);
(void)g_create_path(XRDP_SOCKET_PATH"/");
(void)g_create_path(XRDP_SOCKET_ROOT_PATH"/");
(void)g_umask_hex(old_umask);
/* Check the ownership and permissions on the last path element
* are as expected */
if (g_chown(XRDP_SOCKET_PATH, uid, gid) != 0)
if (g_chown(XRDP_SOCKET_ROOT_PATH, uid, gid) != 0)
{
LOG(LOG_LEVEL_ERROR,
"create_xrdp_socket_root_path: Can't set owner of %s to %d:%d",
XRDP_SOCKET_PATH, uid, gid);
XRDP_SOCKET_ROOT_PATH, uid, gid);
return 1;
}
if (g_chmod_hex(XRDP_SOCKET_PATH, 0x755) != 0)
if (g_chmod_hex(XRDP_SOCKET_ROOT_PATH, 0x755) != 0)
{
LOG(LOG_LEVEL_ERROR,
"create_xrdp_socket_root_path: Can't set perms of %s to 0x755",
XRDP_SOCKET_PATH);
XRDP_SOCKET_ROOT_PATH);
return 1;
}
@ -887,9 +848,9 @@ main(int argc, char **argv)
}
}
/* Create the runtime directory before we try to listen (or
/* Create the socket directory before we try to listen (or
* test-listen), so there's somewhere for the default socket to live */
if (create_sesman_runtime_dir() != 0)
if (create_xrdp_socket_root_path() != 0)
{
config_free(g_cfg);
log_end();
@ -963,9 +924,6 @@ main(int argc, char **argv)
LOG(LOG_LEVEL_INFO,
"starting xrdp-sesman with pid %d", g_pid);
/* make sure the socket directory exists */
create_xrdp_socket_root_path();
/* make sure the /tmp/.X11-unix directory exists */
if (!g_directory_exist("/tmp/.X11-unix"))
{