Normally the test runners run in 'forking mode'. When a lot of
messages are logged to stdout, the child process can still be writing
data when the parent writes 'ok' or 'not ok'. This can confuse
the tap-driver.sh process.
- This isn't hooked up to anything yet. That will come later with
further EGFX commits.
- There are some TODO items in this code around the way XRDP handles
caps negotiation and monitor storage.
- This is a great candidate for unit testing in the future.
Although there is nothing in the specification to prevent automatic
logons with empty passwords, this is not a secure default.
The autologon flag INFO_AUTOLOGON ([MS-RDPBCGR] 2.2.1.11.1.1) is now
ignored for empty passwords.
xrdp is updated to use the separate authenticate/authorization (AA) and
command processing interface now provided by sesman.
PAM processing has been removed entirely and moved into the seman PAM
module. As a result, gateway processing for proxy use-cases can be
made use of by non-PAM systems.
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.
sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.
sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
Update sesman to cope with separate authentication/authorization (AA) and
command processing.
Also, internally users are now tracked by UID rather thn username.
This addresses a problem found by some users using federated naming
services (e.g. Active Directory) where the same user can be referred to
in more than one way. See https://github.com/neutrinolabs/xrdp/issues/1823
The separation of AA in this way allows for multiple attempts to be made
on one connection to get a password right. This addresses MaxLoginRetry
not working (https://github.com/neutrinolabs/xrdp/issues/1739)
The previous commit introduced a new interface for the auth modules. This
commit simply updates the other auth modules to use the new interface.
The basic auth module is also updated so that if a user has a shadow
password entry indicated, but the shadow entry cannot be found, an error
is logged rather than silently succeeding.
The BSD authentication module is also updated to allow it to be
compiled on a Linux system for basic testing.
An extra method auth_uds() is added to the PAM module to
allow a 'struct auth_info' to be created for a UDS login. The PAM stack
is used to check the UDS user can be authorized.
Also, an error code is returned from the auth module rather than a
simple boolean. This allows a more complete status to be communicated
to the user. See https://github.com/neutrinolabs/xrdp/discussions/1921
and also #909 and #642
Messaging changes:-
- Implement sys_login request message with username, password and
IP address
- Implement UDS login message for current user connected to sesman
- Implement common login response message for login requests
- Implement logout message so gateway authentications can be handled
- with login/logout messages
- Remove login info from the create session request
- Existing gateway request/response messages removed
- Add close connection message so that sesman can close terminated
connections without displaying ERROR messages in the log.
- Add a set_peername message so clients can send a name to sesman
for improved logging.
Other changes:-
- Add status types for logging in and session creation, so that the
front-end can supply the user with more informative errors in the
event of an error occurring.
- Users identities are now carried by UID rather than username, as
xrdp and sesman are guaranteed to be on the same machine.
Moving to a uid_t to store the user information makes a lot
of sense. When doing this, we need a function to get information
about a user from the uid_t
As well as creating the function g_getuser_info_by_uid() we also
rename g_getuser_info() to g_getuser_info_by_name() and make the
parameter ordering more usual.
Since multiple processes can write logs simultaneously, and there
is no explicit synchronization between them, logs redirected to
stdout may interleave. When logging to the disk file, synchronization
is obtained by using a combination of O_APPEND and O_SYNC flags when
log file is being opened, which is not possible when <stdout>
redirection is in use.
So documentation is updated to cleanly notify that this is debug-only
feature, not for regular use
