The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.
sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.
sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
The connected client is currently described in two places in
the xrdp_client_info structure:-
1) In the connection_description field. This was introduced as
field client_ip by commit d797b2cf497587355bbf25cd27d59edd1c3f2915
for xrdp v0.6.0
2) In the client_addr and client_port fields introduced by commit
25369460a1b2f204d03a6bc4821251d7ef2d7adf for xrdp v0.8.0
This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.
The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).
The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see #2239), and so now only
the IP field is passed to sesman.
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.
The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
Use XRDP_SOCKET_PATH in file_loc.h
Don't define any non-socket paths in file_loc.h, they should come from
the makefiles.
Define all paths unconditionally, they should not be defined elsewhere.
Pass XRDP_SOCKET_PATH as environment variable to the backends.
If scp_v1c_mng_get_session_list() returns an error, report it to the
user and exit. Session list is not initialized in that case and should
not be freed.
g_free() already checks its argument for being to NULL, remove an extra
check.
In C, an empty argument list in a declaration means that the function
can accept any arguments. Use "void" instead, it means "no arguments".
C++ treats void and empty list as "no arguments".
