Commit Graph

4785 Commits

Author SHA1 Message Date
matt335672
43d6db45ed Add module test for scancode index conversions 2024-08-05 10:44:10 +01:00
matt335672
c91ef80ca9 Implement scancode indexing
The mapping from scancodes to the indexes used in xrdp_keymap
is not well designed and contains an implicit dependency on
keycode values.

This mapping is alse slightly different from the index used for
the 'keys' map in the xrdp_wm structure.

This commit introduces support for mapping scancodes directly
to 'scancode indexes' suitable for indexing into both structures.

Some renaming is also done; [MS-RDPBCGR] uses the terms scancode
and keyCode interchangeably. An effort is made to use key_code for a
raw value from a TS_KEYBOARD_EVENT, and scancode for a value which is
produced by the scancode module.
2024-08-05 10:44:10 +01:00
matt335672
d82a172b55
Merge pull request #3173 from matt335672/chansrv_clip_fixes
Chansrv clip fixes
2024-08-05 09:49:08 +01:00
matt335672
0f6e731524 clipboard: Allow a file read to return 0 for EOF
When used with a FreeRDP client on Linux, a file copy operation from
the clipboard detects end-of-file by a read returning 0 bytes. This is
currently marked as an error.

It is assumed that mstsc.exe detects end-of-file in another way, which
is why this has not been found before.
2024-08-02 12:41:20 +01:00
matt335672
34b5582460 Remove unnecessary copy from clipboard_get_files()
The routine clipboard_get_files() parses a potentially long string,
and copies portions of it into a temporary buffer. This buffer is then
passed to clipboard_get_file() as pointer + length;

The buffer is inadequately sized for very long filenames which may
approach XFS_MAXFILENAMELEN in length. This can cause chansrv to fail
when the user copies such filenames.

It turns out the buffer is unnecessary, as the filenames can be
passed directly into clipboard_get_file() from the source string,
using pointer + length. This avoids the length limitation entirely.
2024-08-02 12:41:20 +01:00
matt335672
c3f7eec4f5 Allow for longer filenames from the redirector.
This commit ensures that filenames up to the maximum size supported
by our xfs can be supported.
2024-08-02 12:41:20 +01:00
matt335672
a90228241d Remove hard-coded filename limit for clipboard file lists
The limit of 256 characters for clipboard files is limiting for
many Asian locales, particularly as '%xx' notation is used to
communicate bytes with bit 7 set.
2024-08-02 12:41:20 +01:00
matt335672
d8b5435710 Dynamically allocate XFS filesystem names
Replace the 256 byte buffer used for names in the XFS filesystem with a
dynamically allocated buffer.

The define XFS_MAXFILENAMELEN which used to be 255 has been retained,
but bumped to 1023. This value is no longer used for long-lived
allocations, but is used in chansrv_fuse.c for maintaining state
information for in-fligh I/O requests.
2024-08-02 12:41:20 +01:00
metalefty
f1d3b21177
Merge pull request #3189 from metalefty/tarball
Include {xrdp,sesman}.ini.in instead of substituted .ini in tarball
2024-08-01 21:17:43 +09:00
Koichiro Iwao
5e95fc0cb3 Include {xrdp,sesman}.ini.in instead of substituted .ini in tarball
These config files are intended to be substituted during the build
process. The substituted .ini files should not be included in release
tarballs.

Fixes:  #3187
(cherry picked from commit 19bacc6e49)
2024-08-01 20:40:25 +09:00
metalefty
ecebe4588a
Merge pull request #2973 from metalefty/compression-level-options
GFX: selectable lossy compression levels
2024-07-30 10:22:20 +09:00
matt335672
597d30b6e2
Merge pull request #3172 from matt335672/fix_potential_name_overflow
Fix potential name buffer overflows in redirector
2024-07-23 12:29:03 +01:00
matt335672
c9e84dc16c Fix potential name buffer overflows in redirector
The state buffers used by the following structs in chansrv_fuse.c
are one byte too small for filenames of length XFS_MAXFILENAMELEN:-
- struct state_lookup
- struct state_create
- struct state_rename

In practice, there is no runtime danger, as XFS_MAXFILENAMELEN is 255,
and these buffers will be followed by non-byte aligned data. Nevertheless
this should be fixed to prevent problems if the value is changed.
2024-07-22 14:44:58 +01:00
matt335672
4bfeb668e1
Merge pull request #3170 from matt335672/fix_missing_pre_session_ipaddr
sesman: Copy IP address to pre_session_item struct
2024-07-22 09:46:08 +01:00
matt335672
a4f57572e6 sesman: Copy IP address to pre_session_item struct
struct pre_session_item has an entry for the start_ip_addr which is not
being filled in. This is not normally needed, as the IP address of the
session is passed into the session another way, but it is needed if the
session selection Policy contains the 'I' selector.
2024-07-19 11:57:55 +01:00
matt335672
b6407a9bf9
Merge pull request #3143 from matt335672/remove_licensing_exchange
Remove Licensing exchange
2024-07-15 09:02:32 +01:00
jsorg71
2a8eea90de
Merge pull request #3161 from jsorg71/link1
link error dlclose, use DLOPEN_LIBS
2024-07-13 22:46:26 -07:00
Jay Sorg
ce27b373c1 link error dlclose, use DLOPEN_LIBS 2024-07-13 12:13:52 -07:00
metalefty
f1ba92b35e
Merge pull request #3159 from metalefty/xrdp_as_unprivileged_user
chkpriv: respect $sysconfdir for config files directory
2024-07-13 21:46:20 +09:00
Koichiro Iwao
c2b8cbf19e chkpriv: respect $sysconfdir for config files directory
While here, ignore build artifacts of chkpriv tools.

Follow-up to:   #2974
2024-07-12 11:11:06 +09:00
metalefty
19c111c74c
Merge pull request from GHSA-7w22-h4w7-8j5j
Enforce no login screen if require_credentials is set
2024-07-11 09:37:12 +09:00
metalefty
10c4700e9a
Merge pull request #3154 from metalefty/update-submodule
Support screens larger than 4096 pixels (update submodule)
2024-07-09 20:11:35 +09:00
Koichiro Iwao
8caadb370f Support screens larger than 4096 pixels (update submodule)
Fixes:  #3083
2024-07-09 15:10:40 +09:00
metalefty
a1f148d307
Merge pull request #3151 from metalefty/makedist
docs: always include docs/man/xrdp-mkfv1.8.in to dist tarball
2024-07-08 21:52:33 +09:00
Koichiro Iwao
ab383ed713 docs: always include docs/man/xrdp-mkfv1.8.in to dist tarball
Files included in distribution tarball must always be enumerated,
not be enumerated conditionally.

Resolves:   #3149
(cherry picked from commit e83dcc52eb)
2024-07-08 21:31:53 +09:00
matt335672
52dd88b576 Replace binary blob with specified data
This commit changes the license response PDU to be constructed rather
than simply being contained as a binary blob.

Some constants in common/ms-rdpbcgr.h are renamed with the values
from the specification.
2024-07-03 14:20:33 +01:00
matt335672
cc4a4c95f2 Remove Licensing exchange
Replaces the existing licensing exchange with a single PDU
saying the user will not issue a license.

This is necessary for clients on FIPS-compliant systems, as these
are unable to decode the licensing exchange packets, due to outdated
cyphers.
2024-07-03 14:19:22 +01:00
matt335672
fced0002bd
Merge pull request #2974 from matt335672/xrdp_as_unprivileged_user
Xrdp as unprivileged user
2024-07-02 08:56:55 +01:00
matt335672
0ebf4cff13 Check unprivileged user can't write TLS files
The unprivileged user needs to be able to read the certificate and
key files to offer TLS, but should not be able to write to then.

This commit checks the TLS files are read-only, rather than
simply readable
2024-07-01 14:25:23 +01:00
matt335672
48255da29a Add xrdp-chkpriv script to check xrdp privileges 2024-07-01 11:11:21 +01:00
matt335672
ce355fc235 Allow for xrdp not being able to delete PID file
If xrdp is running with dropped privileges it won't be able to delete
the PID file it's created. Places where xrdp is stopped need to cater
for this.

It's prefereable to do this than make the PID file writeable by xrdp
with dropped privileges, as this can still lead to DoS attacks if an
attacker manages to modify the PID file from a compromised xrdp
process.
2024-07-01 11:11:21 +01:00
matt335672
b1d8428579 Add code to drop privileges of xrdp daemon 2024-07-01 11:11:21 +01:00
matt335672
2446c206e6 xrdp: PID file handling tidy-ups
Now we have g_file_open_rw() we don't need to try to write to
the PID file to see if we can. Just leave the file open and write to
it after forking.
2024-07-01 11:11:21 +01:00
matt335672
ddff9ebb32 Refactor xrdp_listen to allow for privilege drop
- xrdp_listen.c is refactored so we can create the
  listening socket(s) before dropping privileges.
- The code which reads startup params from xrdp.ini
  is moved from xrdp_listen.c to xrdp.c, so it
  is only called once if we test the listen before
  starting the daemon.
2024-07-01 11:11:21 +01:00
matt335672
17a56567d2 Add params to allow xrdp to be run as non-root
runtime_user and runtime_group are added to the xrdp.ini file
so that the service knows how to reduce privilege
2024-07-01 11:11:21 +01:00
matt335672
8ac2f6db34 Enforce no login screen if require_credentials is set
If the setting require_credentials is true, there should be no way
for the user to get to a login screen.

This commit makes the following changes if this flag is active:-
- Makes the checks around TS_INFO_PACKET more explicit.
- Closes the connection if the first login attempt fails.
2024-06-27 11:53:52 +01:00
matt335672
1d927add29
Merge pull request #3111 from matt335672/investigate_gfx_min_max_issue
Fix min/max monitor placing issue
2024-06-19 09:13:40 +01:00
matt335672
c92334720c
Merge pull request #3121 from matt335672/fix_server_24bpp_gfx
Don't use GFX if server max_bpp is <32
2024-06-19 09:00:05 +01:00
metalefty
faed0d538c
Merge pull request #3123 from metalefty/libreoffice-clipboard
Forward #3102 to devel
2024-06-18 23:21:39 +09:00
Koichiro Iwao
a6199e8510
clipboard: tidy up bmp file header assembly
Sponsored by:   Krämer Pferdesport GmbH & Co KG

(cherry picked from commit e070902310)
2024-06-18 21:56:30 +09:00
Koichiro Iwao
57cf5c19b7
clipboard: fix a bug when pasting image to LibreOffice
While here, embed correct file size in BMP file header.

Fixes:          #3102
Sponsored by:   Krämer Pferdesport GmbH & Co KG

(cherry picked from commit 4968a34cd6)
2024-06-18 21:56:19 +09:00
matt335672
d2bab53364 Don't use GFX if server max_bpp is <32 2024-06-17 11:53:47 +01:00
matt335672
8ee4a6cb6f
Merge pull request #3113 from matt335672/fix_evdev_keycode_problems
Fix evdev keycode problems
2024-06-14 10:23:29 +01:00
matt335672
620f3b6220 Pass KBDFLAGS_EXTENDED1 flag for FP scancode events
The current fastpath code for scancode events is not mapping
the FASTPATH_INPUT_KBDFLAGS_EXTENDED1 flag to the KBDFLAGS_EXTENDED1
flag.
2024-06-12 16:20:12 +01:00
matt335672
96168ff918 Fix lookup of extended keys
6257dae74d added a mapping of RDP
scancodes to X11 keycodes to the XUP interface. The intention is
to move this functionality from xorgxrdp to a common lookup
in xrdp.

The mapping of RDP scancodes for extended keys (e.g. Right-CTRL) is
not being done correctly.
2024-06-12 16:16:47 +01:00
matt335672
a5a7ccc660
Merge pull request #3112 from matt335672/fix_dvorak_layout
Replace 'dvorak' keyboard description with 'us(dvorak)'
2024-06-12 14:08:02 +01:00
matt335672
a1b7c17906 Replace 'dvorak' keyboard description with 'us(dvorak)'
In the words of @iskunk

It is no longer possible to refer to the Dvorak layout as just "dvorak"
(as when one would run "setxkbmap dvorak"); one must now use either
"us dvorak" or "us(dvorak)"

See https://bugs.debian.org/1063725
2024-06-12 10:46:32 +01:00
matt335672
095f0d0e4c Fix min/max monitor placing issue
when a multi-monitor session has the top-left vertex of the primary
monitor at a desktop location other than (0,0), minimising and maximising
the session results in the (0,0) co-ordinate of the entire desktop being
placed at the top-left of the primary monitor.

The implementation seems to be at odds with [MS-RDPEGFX] 2.2.2.14 which
suggests the monitorDefArray of the RDPGFX_RESET_GRAPHICS_PDU should be
the same as that in the Monitor Layout PDU ([MS-RDPBCGR] 2.2.12.1)
2024-06-10 20:01:56 +01:00
matt335672
6fa941e208
Merge pull request #3107 from matt335672/fix_resize_crash
Fix GFX resize crash
2024-06-10 18:50:09 +01:00
matt335672
985b0de35e Add explicit object for the encoder finishing
On a resize, the encoder is deleted. At present this is done by asking
the encoder to exit, and then waiting a second.

- On slower systems, a second may not be enough, and so the encoder
  data structures are freed while they are still being used by the
  encoder.
- On quicker systems, resizes are delayed by hundreds of milliseconds
  longer than they need to be.

This commit adds a wait object which the encoder can use to signal it
has actually finished.
2024-06-03 16:00:31 +01:00