Commit Graph

50 Commits

Author SHA1 Message Date
Koichiro Iwao
5e95fc0cb3 Include {xrdp,sesman}.ini.in instead of substituted .ini in tarball
These config files are intended to be substituted during the build
process. The substituted .ini files should not be included in release
tarballs.

Fixes:  #3187
(cherry picked from commit 19bacc6e49)
2024-08-01 20:40:25 +09:00
matt335672
c51ec2e8e9 Remove sesmanruntimedir
Now we've made the XRDP_SOCKET_PATH only writeable by root, it's
safe to move the sesman socket back into this directory. We no longer
need a separate sesmanruntimedir
2023-10-23 18:14:46 +01:00
matt335672
675dd77807 Parameterise the sockdir with the UID of the user
The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.

XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>

XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
2023-10-23 18:14:46 +01:00
matt335672
4dcaa84fbe Changes to autotools stuff for sesexec 2023-05-02 11:55:23 +01:00
matt335672
74cd7d1837 Rework sesman with new files 2023-05-02 11:55:23 +01:00
matt335672
8e291846d5 Create pre-session list
This is made from the old sesman_con structure. It describes
a connection to sesman which is not yet running a session.
2023-05-02 11:55:22 +01:00
matt335672
dadb393443 Add sesexec control module
This module provides a secure way for sesman to start the sesexec program
and establish a private communications channel with it.
2023-05-02 11:55:22 +01:00
matt335672
53cc5c3e18 Remove unnecessary comment 2023-03-30 13:07:49 +01:00
matt335672
2f3693b3dc autotools changes related to new libsesman library 2023-03-29 14:31:30 +01:00
matt335672
fb25de0419 Split sesman/session.c into session.c and session_list.c 2023-03-23 18:12:06 +00:00
matt335672
3681ecdf23 Moved bin/xrdp-waitforx to libexec/xrdp/waitforx 2023-03-18 10:54:14 +00:00
Yifan J
8be6bc137e Make pam.d directory configurable 2023-02-21 09:50:46 +08:00
Derek Schrock
829378bba8 Add xrdp-waitforx to wait for X to start with RandR outputs
For some window managers (fvwm2 and fvwm3) if the X server isn't
running and has output it's possible for the window manager to fail or
reconfigure randr incorrectly.

With xrdp-waitfox:
 - Install xrdp-waitfox to the BIN dir.
 - sesman will run xrdp-waitfox as the logged in user.
 - Set an alarm to exit after 30 seconds.
 - Try to open env DISPLAY value's display (10 seconds).
 - Test for RandR extension.
 - Wait for outputs to appear (10 seconds).
2023-02-11 18:01:10 -05:00
matt335672
767d861df4 Add authtest
Also, change the sesman Makefile generation to make it easy to pick the
correct authorization module for the authtest utility.
2022-12-13 11:09:33 +00:00
matt335672
0db849fc5c Move SCP to a Unix Domain Socket
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
2022-04-18 09:12:35 +01:00
matt335672
9c30d4c2f8 Add lock_uds module to sesman
When sesman used a standard TCP socket, we were guaranteed only one copy
of sesman could run on on address, as standard TCP listening rules
enforced this. This isn't the case with Unix Domain sockets. This
module implements a locking mechanism for a UDS which emulates the
standard TCP socket behaviour.
2022-04-18 09:09:46 +01:00
matt335672
c0cb03801c Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
52a52daddd Split development option into separate things 2021-05-28 10:57:12 +01:00
matt335672
8205559959 Fix regressions in auth modules 2020-12-29 09:48:01 +00:00
Vraiment
fd37805ac0 Make sesman.ini dynamic for the location of the configuration file 2018-02-19 11:41:55 +09:00
Koichiro IWAO
05ef6d104e sesman: search pam files also in ${sysconfdir}/pam.d
as some operating system such as FreeBSD searches not only `/etc/pam.d`
but also `/usr/local/etc/pam.d` [1].

[1] https://www.freebsd.org/cgi/man.cgi?query=pam.d&sektion=5
2017-07-26 11:34:01 +09:00
Koichiro IWAO
6a860d4b02 sesman: install empty reconnectwm.sh as a template
as it was undocumented and few people know reconnectwm.sh is executed on
client reconnect. The behaviour of startwm.sh / reconnectwm.sh  should
be documented. This is a first step of documenting them.
2017-06-20 13:40:05 +09:00
Jay Sorg
05c599666d sesman: remove sessvc, one less process to manage 2017-03-19 17:16:36 -07:00
Pavel Roskin
58c9cb43e9 Make socket directory configurable, don't hardcode /tmp/.xrdp
Use XRDP_SOCKET_PATH in file_loc.h

Don't define any non-socket paths in file_loc.h, they should come from
the makefiles.

Define all paths unconditionally, they should not be defined elsewhere.

Pass XRDP_SOCKET_PATH as environment variable to the backends.
2017-03-17 22:25:05 -07:00
Pavel Roskin
8a1de8dbc4 Remove trailing whitespace 2017-02-08 13:30:56 +09:00
volth
26a26ef906 fix build with --enable-xrdpdebug=yes 2017-01-04 19:20:44 +00:00
volth
37b4a14b54 fix build with --enable-xrdpdebug=yes 2017-01-04 13:00:01 +00:00
Idan Freiberg
a11af2bc95 Merge pull request #545 from moobyfr/fix-xauth
Fix xauth
2016-12-19 01:59:19 -05:00
Pavel Roskin
c21b9a78f4 Distribute all files except git and github specific data
It is better to distribute a few useless file than not to distribute
needed files.
2016-12-18 00:00:11 -08:00
BLINDAUER Emmanuel
b2f4f68ab8 - move function related to xauth in own file
- use of g_bytes_to_hexstr()
- correct typos and coding syntax
- don't create auth file, xauth can do that if needed
2016-12-15 18:06:35 +01:00
Pavel Roskin
22e6f3e2f7 Use SCRIPTS for executable scripts, don't use "chmod 755" 2016-02-22 23:13:16 -08:00
Pavel Roskin
7642675ddf Use "dist_" prefix to minimize use of EXTRA_DIST
"dist" is ignored in presense of "noinst", so keep noinst_man_MANS.
2016-02-22 22:11:57 -08:00
Pavel Roskin
59a5fb0ddb Move headers from EXTRA_DIST to sources, sort alphabetically
There should be no functional difference.
2016-02-21 23:06:48 -08:00
Pavel Roskin
a452d8d36a Merge AM_CFLAGS and INCLUDES info AM_CPPFLAGS
AM_CPPFLAGS is for flags passed to the preprocessor, such as defines and
includes. AM_CFLAGS is for flags affecting the compiler, such as debug
and optimization settings.

INCLUDES is an obsolete name. Users can pass INCLUDES and break
compilation. AM_CPPFLAGS is more explicit that the flags come from
Automake and should not be overridden.
2016-01-29 22:45:00 -08:00
Jay Sorg
4e0d0f3ba0 sesman: remove the thread 2015-12-11 20:41:17 -08:00
Renaud Allard
618ca587a5 Enable authenticate user using BSD password system 2014-11-21 14:22:15 +01:00
Jay Sorg
58f5dcc030 autotools: change top_srcdir to top_builddir for LIBADD 2012-07-13 16:18:02 -07:00
Jay Sorg
0392b0167a autotool fixes 2011-07-05 21:50:09 -07:00
Itamar Reis Peixoto
6b08b8b71e include missing files in make dist 2010-11-20 22:13:50 -02:00
Itamar Reis Peixoto
029807cfdb add more missed files into extra_dist 2010-11-20 22:13:49 -02:00
jsorg71
23ffdb0c5f autotools fix and file_loc.h simplified 2009-05-19 04:23:49 +00:00
jsorg71
631a7c16e1 added chansrv 2009-04-19 17:16:46 +00:00
jsorg71
a6bc488678 move sessvc to a sub-directory 2008-11-25 04:00:53 +00:00
ilsimo
7c79298612 added first management code
added a rough management tool
fixes in session.c
2008-09-11 20:23:15 +00:00
jsorg71
f1ebdf189e added post install hook 2008-08-17 23:08:17 +00:00
jsorg71
e5cebc97f5 bin to sbin, common and install changes 2008-08-12 07:15:16 +00:00
jsorg71
4ae9c90a50 add tools subdir 2008-08-10 18:01:51 +00:00
jsorg71
e5796ac8a0 added sesman auth options 2008-08-09 08:35:05 +00:00
jsorg71
59a2d1dea6 build common as a library 2008-08-06 05:06:03 +00:00
jsorg71
c5fceb31ec autotools 2008-08-03 07:48:32 +00:00