Commit Graph

24 Commits

Author SHA1 Message Date
matt335672
dd1dc7c630 Use proper define for sesman listen_port size
The size of the listen_port for sesman cannot exceed
XRDP_SOCKETS_MAXPATH. We should use this value rather than
an arbitrary value of 256.
2024-10-22 12:21:25 +01:00
matt335672
675dd77807 Parameterise the sockdir with the UID of the user
The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.

XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>

XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
2023-10-23 18:14:46 +01:00
matt335672
8f73f5ba73 Remove unnecessary assignments
As per title. Assigments are made to variables which are immediately
overwritten.
2023-10-23 15:23:07 +01:00
matt335672
cf5c2718af Update logging in sesman access control
Improve the built-in access checks for sesman/sesexec:-
- Group existence is checked for at login-time rather than program
  start time
- The name of the group is now included in the message

Also, check for UID == 0 when checking for root, rather than just
checking the name (which might be an alias)
2023-10-05 13:22:49 +01:00
matt335672
5837deae04 access_login_allowed: Remove primary group check
This check is now performed within g_check_user_in_group()
2023-10-05 12:25:40 +01:00
matt335672
25a1fab5b6 Check auth_start_session() result 2023-08-19 13:35:26 +01:00
matt335672
c0f9c55de6 Remove size limit for PAM environment variables
The current logic in auth_set_env() for PAM environments only allows
environment variables to be around 256 characters in length.
2023-05-31 16:39:42 +01:00
Daniel Richard G
fdfe47668b Add XorgNoNewPrivileges configuration option
This allows Linux's no_new_privs restriction to be disabled when starting
the X server, which may be desirable if xrdp is running inside a kernel
confinement framework such as AppArmor or SELinux.
2023-05-15 17:40:46 -04:00
Daniel Richard G
1c0c923ad1 Split g_file_open() into _ro() and _rw() variants
Rename g_file_open() to g_file_open_rw(), and add a new g_file_open_ro()
call that wraps the common g_file_open_ex(file, 1, 0, 0, 0) idiom. This
will make the file access mode more explicit in the code.

Change all calls to g_file_open() to the _ro() or _rw() variant as
appropriate, and replace g_file_open_ex(file, 1, 0, 0, 0) with the _ro()
call.

Lastly, add tests for the two new calls to test_os_calls.c (code
courteously provided by matt335672).
2023-05-15 17:38:31 -04:00
matt335672
1a9d15bef0 Remove explicit auth_stop_session() call
Now that authentication/authorization and session creation are
happening in the same process, there is no need for a separate call
to finish an auth session. This change prevents the upper software
layers from needing to track whether auth_start_session() has been
called or not.
2023-05-02 11:55:22 +01:00
matt335672
82ede29388 libsesman: Make x11_display_offset and max_sessions unsigned 2023-05-02 11:55:22 +01:00
matt335672
06580ec448 sesman config: Add MaxDisplayNumber
When allocating a display number, we should be aware that
IANA only allow TCP displays up to :63. This PR adds that restriction in
to sesman.ini as a default, to prevent us allocating unavailable TCP
ports.

By default TCP ports are not enabled for X servers, but users can easily
change this if they wish to access X displays directly over the network.

This restriction is in addition to the MaxSessions limit already present
in sesman.ini
2023-05-02 11:55:22 +01:00
matt335672
970d936106 libsesman config: Define default sesman.ini name 2023-05-02 11:55:22 +01:00
matt335672
b3b12b1be5 Allow longer UserWindowManager strings
The UserWindowManager is limited to 31 characters. There appears
to be no good reason for this.
2023-05-01 11:52:21 +01:00
Lennart Sauerbeck
5741653900 sesman: Prevent the use of 'alternate shell'
By setting the new config value 'AllowAlternateShell' to 'no' it is now
possible to prevent the use of an alternate shell, which can be set by
the connecting user.
The default remains unchanged and any shell is allowed if the config
value is not specified. It can also be set explicitly to 'yes' to achieve
the same outcome.

Fixes: #850
2023-04-19 10:16:56 +01:00
matt335672
5605ce44b1 Remove defines from sesman_config.h
This file currently contains defines which are only used in
sesman_config.c Moving them into there increases readability
and maintainability.
2023-03-30 13:07:49 +01:00
matt335672
d2362f23a0 Fix typo 2023-03-30 13:07:49 +01:00
matt335672
b4f9d250e2 Update sesman files moved to libsesman 2023-03-29 14:31:30 +01:00
matt335672
75c9979b54 Add new files to libsesman 2023-03-29 14:31:30 +01:00
matt335672
2f3693b3dc autotools changes related to new libsesman library 2023-03-29 14:31:30 +01:00
matt335672
d05dd853bb Moved sesman_access module into libsesman 2023-03-29 14:31:30 +01:00
matt335672
dff380fb78 Move auth modules into libsesman 2023-03-29 14:31:30 +01:00
matt335672
d83bf100fa Move auth into libsesman 2023-03-29 14:31:30 +01:00
matt335672
db1f4c95a6 Moved config into libsesman 2023-03-29 14:31:29 +01:00