Remove sesmanruntimedir
Now we've made the XRDP_SOCKET_PATH only writeable by root, it's safe to move the sesman socket back into this directory. We no longer need a separate sesmanruntimedir
This commit is contained in:
parent
675dd77807
commit
c51ec2e8e9
@ -62,12 +62,6 @@ AC_ARG_WITH([socketdir],
|
||||
[], [with_socketdir="$runstatedir/xrdp"])
|
||||
AC_SUBST([socketdir], [$with_socketdir])
|
||||
|
||||
AC_ARG_WITH([sesmanruntimedir],
|
||||
[AS_HELP_STRING([--with-sesmanruntimedir=DIR],
|
||||
[Use directory for sesman runtime data (default: RUNSTATEDIR/xrdp-sesman)])],
|
||||
[], [with_sesmanruntimedir="$runstatedir/xrdp-sesman"])
|
||||
AC_SUBST([sesmanruntimedir], [$with_sesmanruntimedir])
|
||||
|
||||
AC_ARG_WITH([systemdsystemunitdir],
|
||||
AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files, no to disable]),
|
||||
[], [
|
||||
@ -655,7 +649,6 @@ echo " pamconfdir $pamconfdir"
|
||||
echo " localstatedir $localstatedir"
|
||||
echo " runstatedir $runstatedir"
|
||||
echo " socketdir $socketdir"
|
||||
echo " sesmanruntimedir $sesmanruntimedir"
|
||||
echo ""
|
||||
echo " unit tests performable $perform_unit_tests"
|
||||
echo ""
|
||||
|
@ -27,7 +27,6 @@ SUBST_VARS = sed \
|
||||
-e 's|@localstatedir[@]|$(localstatedir)|g' \
|
||||
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
|
||||
-e 's|@socketdir[@]|$(socketdir)|g' \
|
||||
-e 's|@sesmanruntimedir[@]|$(sesmanruntimedir)|g' \
|
||||
-e 's|@xrdpconfdir[@]|$(sysconfdir)/xrdp|g' \
|
||||
-e 's|@xrdpdatadir[@]|$(datadir)/xrdp|g' \
|
||||
-e 's|@xrdphomeurl[@]|http://www.xrdp.org/|g'
|
||||
|
@ -57,7 +57,7 @@ In this instance, the system administrator is responsible for ensuring
|
||||
the socket can only be created by a suitably privileged process.
|
||||
.PP
|
||||
If the parameter does not start with a '/', a name within
|
||||
@sesmanruntimedir@ is used.
|
||||
@socketdir@ is used.
|
||||
.RE
|
||||
|
||||
.TP
|
||||
|
@ -28,7 +28,7 @@ Retained for compatibility, but ignored.
|
||||
.BI \-i= port
|
||||
The sesman \fIUNIX domain socket\fP to connect to.
|
||||
Defaults to \fBsesman.socket\fP.
|
||||
If no path is specified for the socket, a default of @sesmanruntimedir@ is used.
|
||||
If no path is specified for the socket, a default of @socketdir@ is used.
|
||||
|
||||
.TP
|
||||
.BI \-c= command
|
||||
|
@ -70,7 +70,7 @@ not running \fBxrdp\-sesman\fR as a daemon.
|
||||
.br
|
||||
@localstatedir@/run/xrdp\-sesman.pid
|
||||
.br
|
||||
@sesmanruntimedir@/sesman.socket
|
||||
@socketdir@/sesman.socket
|
||||
|
||||
.SH "AUTHORS"
|
||||
Jay Sorg <jsorg71@users.sourceforge.net>
|
||||
|
@ -1,6 +1,5 @@
|
||||
|
||||
AM_CPPFLAGS = \
|
||||
-DSESMAN_RUNTIME_PATH=\"${sesmanruntimedir}\" \
|
||||
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
|
||||
-I$(top_srcdir)/common
|
||||
|
||||
|
23
libipm/scp.c
23
libipm/scp.c
@ -27,6 +27,8 @@
|
||||
#include <config_ac.h>
|
||||
#endif
|
||||
|
||||
#include <ctype.h>
|
||||
|
||||
#include "scp.h"
|
||||
#include "libipm.h"
|
||||
#include "guid.h"
|
||||
@ -76,6 +78,23 @@ scp_msgno_to_str(enum scp_msg_code n, char *buff, unsigned int buff_size)
|
||||
return buff;
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
/**
|
||||
* Helper function returning 1 if the passed-in string is an integer >= 0
|
||||
*/
|
||||
static int is_positive_int(const char *s)
|
||||
{
|
||||
for ( ; *s != '\0' ; ++s)
|
||||
{
|
||||
if (!isdigit(*s))
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
int
|
||||
scp_port_to_unix_domain_path(const char *port, char *buff,
|
||||
@ -111,7 +130,7 @@ scp_port_to_unix_domain_path(const char *port, char *buff,
|
||||
{
|
||||
port = SCP_LISTEN_PORT_BASE_STR;
|
||||
}
|
||||
else if (g_strcmp(port, "3350") == 0)
|
||||
else if (is_positive_int(port))
|
||||
{
|
||||
/* Version v0.9.x and earlier of xrdp used a TCP port
|
||||
* number. If we come across this, we'll ignore it for
|
||||
@ -121,7 +140,7 @@ scp_port_to_unix_domain_path(const char *port, char *buff,
|
||||
port = SCP_LISTEN_PORT_BASE_STR;
|
||||
}
|
||||
|
||||
result = g_snprintf(buff, bufflen, SESMAN_RUNTIME_PATH "/%s", port);
|
||||
result = g_snprintf(buff, bufflen, XRDP_SOCKET_ROOT_PATH "/%s", port);
|
||||
}
|
||||
|
||||
return result;
|
||||
|
@ -7,7 +7,6 @@ AM_CPPFLAGS = \
|
||||
-DXRDP_LIBEXEC_PATH=\"${libexecdir}/xrdp\" \
|
||||
-DXRDP_PID_PATH=\"${localstatedir}/run\" \
|
||||
-DXRDP_SOCKET_ROOT_PATH=\"${socketdir}\" \
|
||||
-DSESMAN_RUNTIME_PATH=\"${sesmanruntimedir}\" \
|
||||
-I$(top_srcdir)/sesman/libsesman \
|
||||
-I$(top_srcdir)/common \
|
||||
-I$(top_srcdir)/libipm
|
||||
|
@ -193,45 +193,6 @@ sesman_process_params(int argc, char **argv,
|
||||
return 0;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
static int
|
||||
create_sesman_runtime_dir(void)
|
||||
{
|
||||
int rv = -1;
|
||||
/* Make sure if we create the directory, there's no gap where it
|
||||
* may have the wrong permissions */
|
||||
int entry_umask = g_umask_hex(0x755);
|
||||
|
||||
if (!g_directory_exist(SESMAN_RUNTIME_PATH) &&
|
||||
!g_create_dir(SESMAN_RUNTIME_PATH))
|
||||
{
|
||||
LOG(LOG_LEVEL_ERROR,
|
||||
"Can't create runtime directory '"
|
||||
SESMAN_RUNTIME_PATH "' [%s]", g_get_strerror());
|
||||
}
|
||||
else if (g_chown(SESMAN_RUNTIME_PATH, g_getuid(), g_getuid()) != 0)
|
||||
{
|
||||
LOG(LOG_LEVEL_ERROR,
|
||||
"Can't set ownership of sesman runtime directory [%s]",
|
||||
g_get_strerror());
|
||||
}
|
||||
else if (g_chmod_hex(SESMAN_RUNTIME_PATH, 0x755) != 0)
|
||||
{
|
||||
/* This might seem redundant, but there's a chance the
|
||||
* directory already exists */
|
||||
LOG(LOG_LEVEL_ERROR,
|
||||
"Can't set permissions of sesman runtime directory [%s]",
|
||||
g_get_strerror());
|
||||
}
|
||||
else
|
||||
{
|
||||
rv = 0;
|
||||
}
|
||||
g_umask_hex(entry_umask);
|
||||
|
||||
return rv;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
static int sesman_listen_test(struct config_sesman *cfg)
|
||||
{
|
||||
@ -694,24 +655,24 @@ create_xrdp_socket_root_path(void)
|
||||
|
||||
/* Create the path using 0755 permissions */
|
||||
int old_umask = g_umask_hex(0x22);
|
||||
(void)g_create_path(XRDP_SOCKET_PATH"/");
|
||||
(void)g_create_path(XRDP_SOCKET_ROOT_PATH"/");
|
||||
(void)g_umask_hex(old_umask);
|
||||
|
||||
/* Check the ownership and permissions on the last path element
|
||||
* are as expected */
|
||||
if (g_chown(XRDP_SOCKET_PATH, uid, gid) != 0)
|
||||
if (g_chown(XRDP_SOCKET_ROOT_PATH, uid, gid) != 0)
|
||||
{
|
||||
LOG(LOG_LEVEL_ERROR,
|
||||
"create_xrdp_socket_root_path: Can't set owner of %s to %d:%d",
|
||||
XRDP_SOCKET_PATH, uid, gid);
|
||||
XRDP_SOCKET_ROOT_PATH, uid, gid);
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (g_chmod_hex(XRDP_SOCKET_PATH, 0x755) != 0)
|
||||
if (g_chmod_hex(XRDP_SOCKET_ROOT_PATH, 0x755) != 0)
|
||||
{
|
||||
LOG(LOG_LEVEL_ERROR,
|
||||
"create_xrdp_socket_root_path: Can't set perms of %s to 0x755",
|
||||
XRDP_SOCKET_PATH);
|
||||
XRDP_SOCKET_ROOT_PATH);
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -887,9 +848,9 @@ main(int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
/* Create the runtime directory before we try to listen (or
|
||||
/* Create the socket directory before we try to listen (or
|
||||
* test-listen), so there's somewhere for the default socket to live */
|
||||
if (create_sesman_runtime_dir() != 0)
|
||||
if (create_xrdp_socket_root_path() != 0)
|
||||
{
|
||||
config_free(g_cfg);
|
||||
log_end();
|
||||
@ -963,9 +924,6 @@ main(int argc, char **argv)
|
||||
LOG(LOG_LEVEL_INFO,
|
||||
"starting xrdp-sesman with pid %d", g_pid);
|
||||
|
||||
/* make sure the socket directory exists */
|
||||
create_xrdp_socket_root_path();
|
||||
|
||||
/* make sure the /tmp/.X11-unix directory exists */
|
||||
if (!g_directory_exist("/tmp/.X11-unix"))
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user