Commit Graph

103 Commits

Author SHA1 Message Date
matt335672
b80f07d2a7 Improve portability
- Use clearenv() if it exists
- Don't rely on <limits.h> being pulled in by <sys/param.h>
- Rename the DEFAULT_TYPE macro in sesrun.c.  This name appears to be
  used on Solaris. It's not a good choice.
2024-01-11 11:16:06 +00:00
matt335672
675dd77807 Parameterise the sockdir with the UID of the user
The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.

XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>

XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
2023-10-23 18:14:46 +01:00
matt335672
d77b0b3b9d Bump cppcheck to v2.11
This fixes the following errors:-

sesman/tools/authtest.c:64:14: error: syntax error [syntaxError]
    g_printf("xrdp auth module tester v" PACKAGE_VERSION "\n");
             ^
sesman/tools/sesrun.c:165:14: error: syntax error [syntaxError]
    g_printf("xrdp session starter v" PACKAGE_VERSION "\n");
             ^
vrplayer/decoder.h:35:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
vrplayer/playaudio.h:45:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
vrplayer/dlgabout.h:22:13: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    private slots:
            ^
vrplayer/playvideo.h:49:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
Additionally, cppcheck now makes use of all available CPUs
2023-06-23 15:12:51 +01:00
matt335672
1a9d15bef0 Remove explicit auth_stop_session() call
Now that authentication/authorization and session creation are
happening in the same process, there is no need for a separate call
to finish an auth session. This change prevents the upper software
layers from needing to track whether auth_start_session() has been
called or not.
2023-05-02 11:55:22 +01:00
matt335672
5e339d5054 Update sesman test tools after libsesman created 2023-03-30 13:07:49 +01:00
matt335672
2f3693b3dc autotools changes related to new libsesman library 2023-03-29 14:31:30 +01:00
Yifan J
8be6bc137e Make pam.d directory configurable 2023-02-21 09:50:46 +08:00
matt335672
86d0d0e9fd Addressed review comments 2023-02-13 14:28:29 +00:00
matt335672
78fa1c15b2 Replace select() system call with poll()
poll() is specified in POSIX.1-2001 as a simpler interface for
multiplexed file descriptors than select(). It also provides more
functionality.

This PR replaces the select() calls used in xrdp with poll()
equivalents.
2023-02-13 14:28:29 +00:00
matt335672
02a3821f4d Remove libipm_msg_in_start()
The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
2023-01-30 14:31:16 +00:00
matt335672
9b846b7b7e
Merge pull request #2473 from matt335672/bsd_setusercontext
Implement BSD setusercontext
2023-01-13 11:24:09 +00:00
matt335672
af69606e0b Remove support for x11rdp
X11rdp has been deprecated now since xrdp v0.9.7 (June 2018). This
commit removes support for it from xrdp itself.
2023-01-05 11:26:44 +00:00
matt335672
cd58d14cef Fix compilation on OpenBSD 2023-01-05 10:52:08 +00:00
matt335672
851bed680c Update sesman tools for new interfaces
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.

sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.

sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
2022-12-22 11:35:02 +00:00
matt335672
c5b6479985 Update authtest utility
This change allows the authtest utility to exercise the updated
auth module interface which includes UDS authentication and
improved error logging.
2022-12-22 11:35:02 +00:00
matt335672
767d861df4 Add authtest
Also, change the sesman Makefile generation to make it easy to pick the
correct authorization module for the authtest utility.
2022-12-13 11:09:33 +00:00
a1346054
7fe18cc1c0
fix typos 2022-09-03 02:01:48 +00:00
matt335672
79bec8110c Unify connection fields for the connected client
The connected client is currently described in two places in
the xrdp_client_info structure:-

1) In the connection_description field. This was introduced as
   field client_ip by commit d797b2cf49
   for xrdp v0.6.0

2) In the client_addr and client_port fields introduced by commit
   25369460a1 for xrdp v0.8.0

This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.

The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).

The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see #2239), and so now only
the IP field is passed to sesman.
2022-05-18 12:35:07 +01:00
matt335672
0db849fc5c Move SCP to a Unix Domain Socket
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
2022-04-18 09:12:35 +01:00
matt335672
bb820cca87 tools: Moved to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
a952ff8542 Remove unused tcp module from tools 2022-03-15 10:45:00 +00:00
matt335672
32f644a907 Removed sestest utility 2022-03-15 10:45:00 +00:00
matt335672
5c610aee28 Modify sesrun to use common SCP V0 interface 2021-11-25 13:30:34 +00:00
matt335672
30a92cb095 Changes to libtrans interface 2021-11-25 13:30:34 +00:00
matt335672
8b9b22c773 Create shared GUID module to simplify session guid handling 2021-11-25 13:29:55 +00:00
matt335672
d4c81229ba Module testing now OK 2021-07-27 13:36:34 +01:00
matt335672
a10de5c5aa Removed struct SCP_CONNECTION type entirely 2021-07-27 13:36:34 +01:00
matt335672
52a52daddd Split development option into separate things 2021-05-28 10:57:12 +01:00
Alexandre Quesnel
52707ac686 Fixing formatting with astyle 2021-05-08 16:58:11 +00:00
matt335672
86c87b6f15 Move get_display_num_from_display to string_calls module 2021-04-13 12:16:00 +01:00
matt335672
0a1a8f40e5 Moved a lot of string funcs to string_calls module 2020-12-22 11:57:24 +00:00
matt335672
633716bbad sesrun improvements and doc fixes 2020-12-09 11:44:17 +00:00
matt335672
e6c1df64d3 Added --config/-c to sesman 2020-12-09 10:19:14 +00:00
matt335672
8d994a547d Add log_config_init_for_console() for utilities 2020-11-30 11:04:21 +00:00
Alexandre Quesnel
0c61a15fc5 Migrating logging to LOG() and LOG_DEVEL() in sesman/* 2020-11-30 00:36:20 +00:00
Alexandre Quesnel
a9ec1ebd99 Unifying logging in chanserv
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
2020-10-19 05:10:47 +00:00
matt335672
3c4b42b1aa Implemented resize and multimon support for VNC backend 2020-06-04 15:10:35 +01:00
Koichiro IWAO
2a85a65d08
show more helpful message if xrdp-dis failed 2018-09-11 11:58:44 +09:00
Aiden Luo
7864f9d692 sesrun support start other session based on session_code argument 2018-04-20 18:11:27 +08:00
Pavel Roskin
148afd1170 Rename file_loc.h to xrdp_sockets.h, install it
Include xrdp_sockets.h directly, not through headers.
2017-03-28 00:59:16 -07:00
Pavel Roskin
58c9cb43e9 Make socket directory configurable, don't hardcode /tmp/.xrdp
Use XRDP_SOCKET_PATH in file_loc.h

Don't define any non-socket paths in file_loc.h, they should come from
the makefiles.

Define all paths unconditionally, they should not be defined elsewhere.

Pass XRDP_SOCKET_PATH as environment variable to the backends.
2017-03-17 22:25:05 -07:00
Pavel Roskin
6ed4c969f4 Eliminate APP_CC and DEFAULT_CC 2017-03-14 00:21:48 -07:00
Pavel Roskin
b2d3dcf169 Include config_ac.h from all source files 2017-03-04 00:52:34 -08:00
Pavel Roskin
99e4e4520a xrdp-sesadmin: show sessions in human readable format 2017-02-02 21:24:50 -08:00
Pavel Roskin
ea6882fd4c xrdp-sesadmin: refactor array access 2017-02-02 21:24:50 -08:00
Pavel Roskin
0017081d78 xrdp-sesadmin: fix crash on network or authentication error
If scp_v1c_mng_get_session_list() returns an error, report it to the
user and exit. Session list is not initialized in that case and should
not be freed.

g_free() already checks its argument for being to NULL, remove an extra
check.
2017-02-02 21:24:50 -08:00
Pavel Roskin
6664aac00f Use "void" for empty argument list in declarations
In C, an empty argument list in a declaration means that the function
can accept any arguments. Use "void" instead, it means "no arguments".

C++ treats void and empty list as "no arguments".
2017-01-05 17:27:20 -08:00
volth
26a26ef906 fix build with --enable-xrdpdebug=yes 2017-01-04 19:20:44 +00:00
volth
37b4a14b54 fix build with --enable-xrdpdebug=yes 2017-01-04 13:00:01 +00:00
Pavel Roskin
a01aaa19b8 Fix help text to match the manual and the actual behavior
The help text mentions "LIST" and "KILL" commands, but the manual says
"list" and "kill", and the command line parser expects the later.
2016-12-19 23:58:13 -08:00