Constants from MS documents (MS-RDPBCGR etc) moved out of
common/xrdp_constants.h into includes named after the documents.
Similar includes moved from sesman/chansrv to the common area.
Actually, TLSv1.3 will be enabled without this change if xrdp is compiled
with OpenSSL or alternatives which support TLSv1.3. This commit makes to
enable or disable TLSv1.3 explicitly. Also, this commit adds a log
"TLSv1.3 enabled by config, but not supported by system OpenSSL". if
xrdp installation doesn't support TLSv1.3. It should be user-friendly.
If you run xrdp with a Unix Domain Socket (UDS) for the port specified in
/etc/xrdp/xrdp.ini then the first connection succeeds but subsequent
connections fail. In fact the UDS is deleted from the filesystem as soon
as the first connection is established.
Test case:
1. Edit /etc/xrdp/xrdp.ini to set "port=/var/run/xrdp-local.socket".
2. Restart xrdp.
3. Run the following. When rdesktop starts up and the logon dialog is
displayed, press "Cancel".
sudo socat TCP-LISTEN:12345 UNIX-CONNECT:/var/run/xrdp-local.socket &
rdesktop localhost:12345
4. Run the following:
sudo socat TCP-LISTEN:12346 UNIX-CONNECT:/var/run/xrdp-local.socket &
rdesktop localhost:12346
Expected behaviour: rdesktop starts up and displays the logon dialog.
Observed behaviour: rdesktop exits with "ERROR: Connection closed" and
socat exits with "No such file or directory.
This is because in the child process after forking, xrdp_listen_fork()
calls trans_delete() which deletes the UDS. Simply commenting out the
g_file_delete() and g_free() fixes this, but that isn't a proper solution
because trans_delete() is called from elsewhere where the UDS might no
longer be wanted.
Fix by adding a function trans_delete_from_child() that frees and clears
listen_filename before calling trans_delete(), and call the new function
from xrdp_listen_fork().
(Workaround: set "fork=false" in /etc/xrdp/xrdp.ini, because
trans_delete() is then not called.)
In common/arch.h, the endianness detection considers all powerpc
architectures as big endian. Since that is not true for ppc64el, I
added a verification that checks other preprocessor macros, only for
ppc cases.
Signed-off-by: Fernando Seiti Furusato <ferseiti@gmail.com>
make it possible to use regular (non EC) EDH ciphers. To make this
possible a Diffie-Hellman parameter must be passed to the openssl
library. There are a few options possible as described in the manuals at
[1] and [2]. Simplest approach is to generate a DH parameter using
openssl dhparam -C <lenght> and include the code into the application.
The lenght used for this commit is 2236 bits long, which is the longest
possible without risking backward incompatibilities with old systems as
stated in [1]. Newer systems should use ECDH anyway, so it makes sense
to keep this method as compatible with older system as possible.
Paramters longer than 2048 should still be secure enough at the time of
writing.
[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3)
because if xrdp is running 'fork=yes' mode, the log message
'shutting down log subsystem...' is logged everytime when the child
process is exitting. In other words, everytime when clients are
disconnecting. This is a little bit too vebose.
classify constants into these 5 types
* constants for xrdp
* constants come from ITU-T Recommendations
* constants come from Remote Desktop Protocol
* constants come from other MS products
* unclassified yet
We shouldn't assume that xrdp daemon is running under root privilege.
In many cases, root privilege is not really needed for xrdp daemon.
xrdp may fail to load certificate/privkey due to lack of permissions
when running under user privilege. Checking existence of files is not
enough and xrdp should output user-friendly log in such case.
Reported by Debian user in bug 856436 [1].
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856436
- Changes made only in the os_calls.c file.
- Exported functions changed: g_tcp_bind g_tcp_bind_address g_tcp_connect
- Support three network configurations:
1) Normal network, with IPv6
2) Partly disabled IPv6 via sysctl.conf
3) Total disabled IPv6 via grub
Use XRDP_SOCKET_PATH in file_loc.h
Don't define any non-socket paths in file_loc.h, they should come from
the makefiles.
Define all paths unconditionally, they should not be defined elsewhere.
Pass XRDP_SOCKET_PATH as environment variable to the backends.
In C, an empty argument list in a declaration means that the function
can accept any arguments. Use "void" instead, it means "no arguments".
C++ treats void and empty list as "no arguments".
g_tcp_accept() and g_sck_accept() should use sockadd_in6 when IPv6 is
enabled. The former code logs client IP address always "0.0.0.0" in such
case.
Fixes#412.
Conditional preprocessor directives spread throughout the code set a bad
example.
The new backport code is located in one place. The compiler checks
argument types. The backport code has no access to the caller variables.
The main code has all advantages of the new, more compact API.
Don't assume AF_INET family. Don't assume the socket is connected. Report
local address and port. Don't try to close non-sockets and invalid file
descriptors. Report errors getting socket information and closing the
socket. Use more appropriate log levels.
broken by #314. This is compatible with the fix introduced in #314.
To use non-ASCII text/filename in clipboard, chansrv needs to be run
with LC_CTYPE=*.UTF-8 because the behaviour of mbstowcs(3) function
called in chansrv depends on LC_CTYPE[1]. However #314 made
LC_CTYPE=C in chansrv context. Even if LANG and LC_* are set in
.bashrc, /etc/profile, /etc/locale.conf or something like that,
it doesn't affect in chansrv context because chansrv doesn't source
any of them unlike sesman.
So do not set LC_CTYPE to blank or "C" in g_init() in order to get
g_mbstowcs and g_wcstombs to work properly with non-ASCII UTF-8
characters in any context.
Setting LC_CTYPE to *.UTF-8 doesn't obstruct applying system
language in RHEL [2].
[1] Linux man page says:
The behavior of mbstowcs() depends on the LC_CTYPE category of
the current locale.
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1290820
