Commit Graph

4456 Commits

Author SHA1 Message Date
matt335672
c5971b535d sesexec: Changes to existing files from sesman
env.c : The value of XRDP_SESSION in the environment is now set to the
        PID of the sesexec process, which ties up the session with the
        output of "xrdp-sesadmin -c=list".

        Later versions of xrdp-sesadmin can use this value to get
        information about the current process.
2023-05-02 11:55:23 +01:00
matt335672
74cd7d1837 Rework sesman with new files 2023-05-02 11:55:23 +01:00
matt335672
3895954b75 Add libipm interfaces to sesman
Add modules to sesman to handle incoming EICP and ERCP messages
2023-05-02 11:55:22 +01:00
matt335672
9c2c43693c Move files from sesman to sesexec directory 2023-05-02 11:55:22 +01:00
matt335672
8e291846d5 Create pre-session list
This is made from the old sesman_con structure. It describes
a connection to sesman which is not yet running a session.
2023-05-02 11:55:22 +01:00
matt335672
dadb393443 Add sesexec control module
This module provides a secure way for sesman to start the sesexec program
and establish a private communications channel with it.
2023-05-02 11:55:22 +01:00
matt335672
3d95954d87 Move session_list to struct list *
This commit now uses the standard list module to manage the active
session list, rather than having special code to do this.
2023-05-02 11:55:22 +01:00
matt335672
1a9d15bef0 Remove explicit auth_stop_session() call
Now that authentication/authorization and session creation are
happening in the same process, there is no need for a separate call
to finish an auth session. This change prevents the upper software
layers from needing to track whether auth_start_session() has been
called or not.
2023-05-02 11:55:22 +01:00
matt335672
82ede29388 libsesman: Make x11_display_offset and max_sessions unsigned 2023-05-02 11:55:22 +01:00
matt335672
06580ec448 sesman config: Add MaxDisplayNumber
When allocating a display number, we should be aware that
IANA only allow TCP displays up to :63. This PR adds that restriction in
to sesman.ini as a default, to prevent us allocating unavailable TCP
ports.

By default TCP ports are not enabled for X servers, but users can easily
change this if they wish to access X displays directly over the network.

This restriction is in addition to the MaxSessions limit already present
in sesman.ini
2023-05-02 11:55:22 +01:00
matt335672
970d936106 libsesman config: Define default sesman.ini name 2023-05-02 11:55:22 +01:00
matt335672
dec05f91fa libipm: Add ERCP 2023-05-02 11:55:22 +01:00
matt335672
8064a463c9 libipm: Add libipm_change_facility() call 2023-05-02 11:55:22 +01:00
matt335672
c3f02f5107 libipm: Add EICP 2023-05-02 11:55:22 +01:00
matt335672
f79f8bfa70 SCP: Add scp_init_trans_from_fd() 2023-05-02 11:55:22 +01:00
matt335672
e96d77bac1 Remove g_mk_socket_path() from codepaths
The socket dir is only used if we are starting a session
with sesman. Consequently, it only makes sense to create
this directory within sesman itself.
2023-05-02 11:55:22 +01:00
matt335672
cf5e1961d3 os_calls: Add g_setpgid() 2023-05-02 11:55:22 +01:00
matt335672
65ff618479 os_calls: Add g_executable_exist() 2023-05-02 11:55:22 +01:00
matt335672
ff24984cf3 os_calls: Add g_file_is_open() 2023-05-02 11:55:22 +01:00
matt335672
563cfaf009
Merge pull request #2643 from matt335672/close_unwanted_fds
Fix leaking file descriptors
2023-05-02 11:54:05 +01:00
matt335672
c0ed83a022
Merge pull request #2651 from matt335672/allow_longer_user_wm_str
Allow longer UserWindowManager strings
2023-05-02 11:53:46 +01:00
matt335672
b3b12b1be5 Allow longer UserWindowManager strings
The UserWindowManager is limited to 31 characters. There appears
to be no good reason for this.
2023-05-01 11:52:21 +01:00
matt335672
0d0004f3cb
Merge pull request #2649 from jat001/patch-1
remove unnecessary include `check.h`
2023-04-28 10:14:43 +01:00
Jat
2a58ba40c9
remove unnecessary include check.h 2023-04-28 10:25:21 +08:00
matt335672
f08355a325 Ensure commonly used file descriptors are close-on-exec 2023-04-24 14:20:14 +01:00
matt335672
adb7476187 Add LOG_DEVEL_LEAKING_FDS calls to the application 2023-04-24 14:20:14 +01:00
matt335672
1c798cee47 Logging: Add LOG_DEVEL_LOG_LEAKING_FDS 2023-04-24 14:20:14 +01:00
matt335672
cf9e07d341 Add basic tests for cloexec and get_open_fds functions 2023-04-24 14:20:14 +01:00
matt335672
d712f3527a os_calls: Add g_get_open_fds() 2023-04-24 11:57:38 +01:00
matt335672
b811fdb36b os_calls: Add g_file_{get,set}_cloexec() functions
Allows us to avoid file descriptor leaks when running a new executable
2023-04-24 11:11:04 +01:00
matt335672
184287d81e
Merge pull request #2640 from matt335672/report_broken_sesman
Fail xrdp immediately on sesman connection failure
2023-04-24 11:06:45 +01:00
matt335672
6d756f8002 Fail xrdp immediately on sesman connection failure
At present if sesman fails when processing an xrdp request, xrdp
will sit forever at a blue screen.

This PR detects this situation, and immediately logs an error
2023-04-19 11:09:52 +01:00
matt335672
d71ec3fed0
Merge pull request #2639 from matt335672/alternate_shell
[devel] sesman: Prevent the use of 'alternate shell'
2023-04-19 10:34:58 +01:00
Lennart Sauerbeck
5741653900 sesman: Prevent the use of 'alternate shell'
By setting the new config value 'AllowAlternateShell' to 'no' it is now
possible to prevent the use of an alternate shell, which can be set by
the connecting user.
The default remains unchanged and any shell is allowed if the config
value is not specified. It can also be set explicitly to 'yes' to achieve
the same outcome.

Fixes: #850
2023-04-19 10:16:56 +01:00
jsorg71
f2146aecfb
Merge pull request #2623 from jsorg71/build_g_malloc_libipm
chansrv: build fix, use libipm from build dir
2023-04-03 22:40:27 -07:00
Jay Sorg
6628d57b55 chansrv: build fix, use libipm from build dir 2023-04-03 22:25:06 -07:00
metalefty
bc8c8c67b9
Merge pull request #2613 from metalefty/tomlc99
Add tomlc99 library
2023-04-04 13:08:52 +09:00
Koichiro IWAO
3b62bf1df2 CI: skip running astyle on third_party sources 2023-04-04 12:08:32 +09:00
matt335672
65330761a1
Merge pull request #2601 from matt335672/add_sesmanlib
Add sesmanlib
2023-04-03 09:53:02 +01:00
Koichiro IWAO
a251aae49e third_party: Update README.md 2023-04-03 17:35:30 +09:00
Koichiro IWAO
65a69cdd8f third_party: Update Makefile.am to fix make distcheck 2023-04-03 17:35:00 +09:00
Koichiro IWAO
7ca834e3b8 Remove tomlc99's original Makefile because we don't use it 2023-04-03 16:54:37 +09:00
Koichiro IWAO
576feffe90 third_party: add Makefile.am 2023-04-03 16:48:22 +09:00
Koichiro IWAO
cd1c479069 CI: skip running cppcheck on third_party sources 2023-04-03 15:51:10 +09:00
Koichiro IWAO
740bcfde47 xrdp: add --license option to show third party license 2023-04-03 15:51:01 +09:00
Koichiro IWAO
68555abe74 third_party: Add Makefile to generate copyright file 2023-04-03 15:50:50 +09:00
Koichiro IWAO
2c5940f0a0 third_party: add COPYING 2023-04-03 15:50:39 +09:00
Koichiro IWAO
40e3421bf1 Integrate tomlc99 into xrdp build 2023-04-03 15:50:03 +09:00
Koichiro IWAO
ee1ea91eb1 Merge commit 'f6e95526498ad92644b3f2689636f33be108049b' as 'third_party/tomlc99' 2023-04-03 15:35:14 +09:00
Koichiro IWAO
f6e9552649 Squashed 'third_party/tomlc99/' content from commit 89490282
git-subtree-dir: third_party/tomlc99
git-subtree-split: 894902820a3ea2f1ec470cd7fe338bde54045cf5
2023-04-03 15:35:14 +09:00