The loadable sesman authentication modules use different types for the
authentication handle returned from auth_userpass(). The PAM module
uses a pointer, and the other modules use (effectively) a boolean. Within
sesman itself, a long or tbus (intptr_t) is used.
This PR replaces all of these types with a pointer to an incomplete type.
Consequently:-
- A single better-labelled type is used it all places within sesman so
it's more obvious what's being handled.
- There is no need to cast the authentication handle within the PAM
module to a long and back again.
- The compiler can check function signatures between auth.h and the
various verify modules.
Made session allocation policies more readable and maintainable.
The 'C' policy which was confusing before has been replaced with the
'Separate' keyword. This is a public interface change, but is unlikely
to affect many users.
The logging in session_get_bydata() is substantially improved, making
it far easier to spot why sessions are getting matched or not matched.
The connected client is currently described in two places in
the xrdp_client_info structure:-
1) In the connection_description field. This was introduced as
field client_ip by commit d797b2cf49
for xrdp v0.6.0
2) In the client_addr and client_port fields introduced by commit
25369460a1 for xrdp v0.8.0
This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.
The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).
The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see #2239), and so now only
the IP field is passed to sesman.
This is required for PAM systems that depend on group membership being
available during PAM processing. This is used by pam_group on FreeBSD
and pam_group on Linux-PAM, although the functionality of both is
different.
There are two points.
Make sure cleanup files happen after chansrv and Xserver exit. If these
child processes lock socket files, the deletion might fail.
Usually, cleanup of xorgxrdp related socket files is handled by
xorgxrdp. Just in case it failed, perform cleanup also in sesman.
Fixes#1740. Thanks to @matt335672.
Sponsored by: Cybertrust Japan
Sponsored by: HAW International
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
Pull request #650 is not valid to avoid run session twice.
It certainly stops running session twice but causes #1016.
In FreeBSD, sesman process will run like this. The intermediate
sesman is needed to detect session termination correctly.
xrdp-sesman (daemon)
|
+- xrdp-sesman (FreeBSD specific intermediate sesman)
|
+- xrdp-sesman (bsd sesion leader & each session)
|
+- Xorg
+- startwm.sh
+- xrdp-chansrv
To stop runninng session twice correctly, just exit before the
intermediate sesman executes Xorg, WM and chansrv.
Use XRDP_SOCKET_PATH in file_loc.h
Don't define any non-socket paths in file_loc.h, they should come from
the makefiles.
Define all paths unconditionally, they should not be defined elsewhere.
Pass XRDP_SOCKET_PATH as environment variable to the backends.
In C, an empty argument list in a declaration means that the function
can accept any arguments. Use "void" instead, it means "no arguments".
C++ treats void and empty list as "no arguments".
- remove test on filename for xauth as we know what we send
- better names for variables in xauth
- if xauth fails, exit sesman
- g_bytes_to_hexstr returns a null-teminated string, don't set it twice.
