mirror of https://github.com/neutrinolabs/xrdp
Remove sesmanruntimedir
Now we've made the XRDP_SOCKET_PATH only writeable by root, it's safe to move the sesman socket back into this directory. We no longer need a separate sesmanruntimedir
This commit is contained in:
parent
675dd77807
commit
c51ec2e8e9
|
@ -62,12 +62,6 @@ AC_ARG_WITH([socketdir],
|
||||||
[], [with_socketdir="$runstatedir/xrdp"])
|
[], [with_socketdir="$runstatedir/xrdp"])
|
||||||
AC_SUBST([socketdir], [$with_socketdir])
|
AC_SUBST([socketdir], [$with_socketdir])
|
||||||
|
|
||||||
AC_ARG_WITH([sesmanruntimedir],
|
|
||||||
[AS_HELP_STRING([--with-sesmanruntimedir=DIR],
|
|
||||||
[Use directory for sesman runtime data (default: RUNSTATEDIR/xrdp-sesman)])],
|
|
||||||
[], [with_sesmanruntimedir="$runstatedir/xrdp-sesman"])
|
|
||||||
AC_SUBST([sesmanruntimedir], [$with_sesmanruntimedir])
|
|
||||||
|
|
||||||
AC_ARG_WITH([systemdsystemunitdir],
|
AC_ARG_WITH([systemdsystemunitdir],
|
||||||
AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files, no to disable]),
|
AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files, no to disable]),
|
||||||
[], [
|
[], [
|
||||||
|
@ -655,7 +649,6 @@ echo " pamconfdir $pamconfdir"
|
||||||
echo " localstatedir $localstatedir"
|
echo " localstatedir $localstatedir"
|
||||||
echo " runstatedir $runstatedir"
|
echo " runstatedir $runstatedir"
|
||||||
echo " socketdir $socketdir"
|
echo " socketdir $socketdir"
|
||||||
echo " sesmanruntimedir $sesmanruntimedir"
|
|
||||||
echo ""
|
echo ""
|
||||||
echo " unit tests performable $perform_unit_tests"
|
echo " unit tests performable $perform_unit_tests"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
|
@ -27,7 +27,6 @@ SUBST_VARS = sed \
|
||||||
-e 's|@localstatedir[@]|$(localstatedir)|g' \
|
-e 's|@localstatedir[@]|$(localstatedir)|g' \
|
||||||
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
|
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
|
||||||
-e 's|@socketdir[@]|$(socketdir)|g' \
|
-e 's|@socketdir[@]|$(socketdir)|g' \
|
||||||
-e 's|@sesmanruntimedir[@]|$(sesmanruntimedir)|g' \
|
|
||||||
-e 's|@xrdpconfdir[@]|$(sysconfdir)/xrdp|g' \
|
-e 's|@xrdpconfdir[@]|$(sysconfdir)/xrdp|g' \
|
||||||
-e 's|@xrdpdatadir[@]|$(datadir)/xrdp|g' \
|
-e 's|@xrdpdatadir[@]|$(datadir)/xrdp|g' \
|
||||||
-e 's|@xrdphomeurl[@]|http://www.xrdp.org/|g'
|
-e 's|@xrdphomeurl[@]|http://www.xrdp.org/|g'
|
||||||
|
|
|
@ -57,7 +57,7 @@ In this instance, the system administrator is responsible for ensuring
|
||||||
the socket can only be created by a suitably privileged process.
|
the socket can only be created by a suitably privileged process.
|
||||||
.PP
|
.PP
|
||||||
If the parameter does not start with a '/', a name within
|
If the parameter does not start with a '/', a name within
|
||||||
@sesmanruntimedir@ is used.
|
@socketdir@ is used.
|
||||||
.RE
|
.RE
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
|
|
|
@ -28,7 +28,7 @@ Retained for compatibility, but ignored.
|
||||||
.BI \-i= port
|
.BI \-i= port
|
||||||
The sesman \fIUNIX domain socket\fP to connect to.
|
The sesman \fIUNIX domain socket\fP to connect to.
|
||||||
Defaults to \fBsesman.socket\fP.
|
Defaults to \fBsesman.socket\fP.
|
||||||
If no path is specified for the socket, a default of @sesmanruntimedir@ is used.
|
If no path is specified for the socket, a default of @socketdir@ is used.
|
||||||
|
|
||||||
.TP
|
.TP
|
||||||
.BI \-c= command
|
.BI \-c= command
|
||||||
|
|
|
@ -70,7 +70,7 @@ not running \fBxrdp\-sesman\fR as a daemon.
|
||||||
.br
|
.br
|
||||||
@localstatedir@/run/xrdp\-sesman.pid
|
@localstatedir@/run/xrdp\-sesman.pid
|
||||||
.br
|
.br
|
||||||
@sesmanruntimedir@/sesman.socket
|
@socketdir@/sesman.socket
|
||||||
|
|
||||||
.SH "AUTHORS"
|
.SH "AUTHORS"
|
||||||
Jay Sorg <jsorg71@users.sourceforge.net>
|
Jay Sorg <jsorg71@users.sourceforge.net>
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
|
|
||||||
AM_CPPFLAGS = \
|
AM_CPPFLAGS = \
|
||||||
-DSESMAN_RUNTIME_PATH=\"${sesmanruntimedir}\" \
|
|
||||||
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
|
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
|
||||||
-I$(top_srcdir)/common
|
-I$(top_srcdir)/common
|
||||||
|
|
||||||
|
|
23
libipm/scp.c
23
libipm/scp.c
|
@ -27,6 +27,8 @@
|
||||||
#include <config_ac.h>
|
#include <config_ac.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include <ctype.h>
|
||||||
|
|
||||||
#include "scp.h"
|
#include "scp.h"
|
||||||
#include "libipm.h"
|
#include "libipm.h"
|
||||||
#include "guid.h"
|
#include "guid.h"
|
||||||
|
@ -76,6 +78,23 @@ scp_msgno_to_str(enum scp_msg_code n, char *buff, unsigned int buff_size)
|
||||||
return buff;
|
return buff;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
/**
|
||||||
|
* Helper function returning 1 if the passed-in string is an integer >= 0
|
||||||
|
*/
|
||||||
|
static int is_positive_int(const char *s)
|
||||||
|
{
|
||||||
|
for ( ; *s != '\0' ; ++s)
|
||||||
|
{
|
||||||
|
if (!isdigit(*s))
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
int
|
int
|
||||||
scp_port_to_unix_domain_path(const char *port, char *buff,
|
scp_port_to_unix_domain_path(const char *port, char *buff,
|
||||||
|
@ -111,7 +130,7 @@ scp_port_to_unix_domain_path(const char *port, char *buff,
|
||||||
{
|
{
|
||||||
port = SCP_LISTEN_PORT_BASE_STR;
|
port = SCP_LISTEN_PORT_BASE_STR;
|
||||||
}
|
}
|
||||||
else if (g_strcmp(port, "3350") == 0)
|
else if (is_positive_int(port))
|
||||||
{
|
{
|
||||||
/* Version v0.9.x and earlier of xrdp used a TCP port
|
/* Version v0.9.x and earlier of xrdp used a TCP port
|
||||||
* number. If we come across this, we'll ignore it for
|
* number. If we come across this, we'll ignore it for
|
||||||
|
@ -121,7 +140,7 @@ scp_port_to_unix_domain_path(const char *port, char *buff,
|
||||||
port = SCP_LISTEN_PORT_BASE_STR;
|
port = SCP_LISTEN_PORT_BASE_STR;
|
||||||
}
|
}
|
||||||
|
|
||||||
result = g_snprintf(buff, bufflen, SESMAN_RUNTIME_PATH "/%s", port);
|
result = g_snprintf(buff, bufflen, XRDP_SOCKET_ROOT_PATH "/%s", port);
|
||||||
}
|
}
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
|
|
|
@ -7,7 +7,6 @@ AM_CPPFLAGS = \
|
||||||
-DXRDP_LIBEXEC_PATH=\"${libexecdir}/xrdp\" \
|
-DXRDP_LIBEXEC_PATH=\"${libexecdir}/xrdp\" \
|
||||||
-DXRDP_PID_PATH=\"${localstatedir}/run\" \
|
-DXRDP_PID_PATH=\"${localstatedir}/run\" \
|
||||||
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
|
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
|
||||||
-DSESMAN_RUNTIME_PATH=\"${sesmanruntimedir}\" \
|
|
||||||
-I$(top_srcdir)/sesman/libsesman \
|
-I$(top_srcdir)/sesman/libsesman \
|
||||||
-I$(top_srcdir)/common \
|
-I$(top_srcdir)/common \
|
||||||
-I$(top_srcdir)/libipm
|
-I$(top_srcdir)/libipm
|
||||||
|
|
|
@ -193,45 +193,6 @@ sesman_process_params(int argc, char **argv,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/******************************************************************************/
|
|
||||||
static int
|
|
||||||
create_sesman_runtime_dir(void)
|
|
||||||
{
|
|
||||||
int rv = -1;
|
|
||||||
/* Make sure if we create the directory, there's no gap where it
|
|
||||||
* may have the wrong permissions */
|
|
||||||
int entry_umask = g_umask_hex(0x755);
|
|
||||||
|
|
||||||
if (!g_directory_exist(SESMAN_RUNTIME_PATH) &&
|
|
||||||
!g_create_dir(SESMAN_RUNTIME_PATH))
|
|
||||||
{
|
|
||||||
LOG(LOG_LEVEL_ERROR,
|
|
||||||
"Can't create runtime directory '"
|
|
||||||
SESMAN_RUNTIME_PATH "' [%s]", g_get_strerror());
|
|
||||||
}
|
|
||||||
else if (g_chown(SESMAN_RUNTIME_PATH, g_getuid(), g_getuid()) != 0)
|
|
||||||
{
|
|
||||||
LOG(LOG_LEVEL_ERROR,
|
|
||||||
"Can't set ownership of sesman runtime directory [%s]",
|
|
||||||
g_get_strerror());
|
|
||||||
}
|
|
||||||
else if (g_chmod_hex(SESMAN_RUNTIME_PATH, 0x755) != 0)
|
|
||||||
{
|
|
||||||
/* This might seem redundant, but there's a chance the
|
|
||||||
* directory already exists */
|
|
||||||
LOG(LOG_LEVEL_ERROR,
|
|
||||||
"Can't set permissions of sesman runtime directory [%s]",
|
|
||||||
g_get_strerror());
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
rv = 0;
|
|
||||||
}
|
|
||||||
g_umask_hex(entry_umask);
|
|
||||||
|
|
||||||
return rv;
|
|
||||||
}
|
|
||||||
|
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
static int sesman_listen_test(struct config_sesman *cfg)
|
static int sesman_listen_test(struct config_sesman *cfg)
|
||||||
{
|
{
|
||||||
|
@ -694,24 +655,24 @@ create_xrdp_socket_root_path(void)
|
||||||
|
|
||||||
/* Create the path using 0755 permissions */
|
/* Create the path using 0755 permissions */
|
||||||
int old_umask = g_umask_hex(0x22);
|
int old_umask = g_umask_hex(0x22);
|
||||||
(void)g_create_path(XRDP_SOCKET_PATH"/");
|
(void)g_create_path(XRDP_SOCKET_ROOT_PATH"/");
|
||||||
(void)g_umask_hex(old_umask);
|
(void)g_umask_hex(old_umask);
|
||||||
|
|
||||||
/* Check the ownership and permissions on the last path element
|
/* Check the ownership and permissions on the last path element
|
||||||
* are as expected */
|
* are as expected */
|
||||||
if (g_chown(XRDP_SOCKET_PATH, uid, gid) != 0)
|
if (g_chown(XRDP_SOCKET_ROOT_PATH, uid, gid) != 0)
|
||||||
{
|
{
|
||||||
LOG(LOG_LEVEL_ERROR,
|
LOG(LOG_LEVEL_ERROR,
|
||||||
"create_xrdp_socket_root_path: Can't set owner of %s to %d:%d",
|
"create_xrdp_socket_root_path: Can't set owner of %s to %d:%d",
|
||||||
XRDP_SOCKET_PATH, uid, gid);
|
XRDP_SOCKET_ROOT_PATH, uid, gid);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (g_chmod_hex(XRDP_SOCKET_PATH, 0x755) != 0)
|
if (g_chmod_hex(XRDP_SOCKET_ROOT_PATH, 0x755) != 0)
|
||||||
{
|
{
|
||||||
LOG(LOG_LEVEL_ERROR,
|
LOG(LOG_LEVEL_ERROR,
|
||||||
"create_xrdp_socket_root_path: Can't set perms of %s to 0x755",
|
"create_xrdp_socket_root_path: Can't set perms of %s to 0x755",
|
||||||
XRDP_SOCKET_PATH);
|
XRDP_SOCKET_ROOT_PATH);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -887,9 +848,9 @@ main(int argc, char **argv)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create the runtime directory before we try to listen (or
|
/* Create the socket directory before we try to listen (or
|
||||||
* test-listen), so there's somewhere for the default socket to live */
|
* test-listen), so there's somewhere for the default socket to live */
|
||||||
if (create_sesman_runtime_dir() != 0)
|
if (create_xrdp_socket_root_path() != 0)
|
||||||
{
|
{
|
||||||
config_free(g_cfg);
|
config_free(g_cfg);
|
||||||
log_end();
|
log_end();
|
||||||
|
@ -963,9 +924,6 @@ main(int argc, char **argv)
|
||||||
LOG(LOG_LEVEL_INFO,
|
LOG(LOG_LEVEL_INFO,
|
||||||
"starting xrdp-sesman with pid %d", g_pid);
|
"starting xrdp-sesman with pid %d", g_pid);
|
||||||
|
|
||||||
/* make sure the socket directory exists */
|
|
||||||
create_xrdp_socket_root_path();
|
|
||||||
|
|
||||||
/* make sure the /tmp/.X11-unix directory exists */
|
/* make sure the /tmp/.X11-unix directory exists */
|
||||||
if (!g_directory_exist("/tmp/.X11-unix"))
|
if (!g_directory_exist("/tmp/.X11-unix"))
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue