poll() is specified in POSIX.1-2001 as a simpler interface for
multiplexed file descriptors than select(). It also provides more
functionality.
This PR replaces the select() calls used in xrdp with poll()
equivalents.
For some window managers (fvwm2 and fvwm3) if the X server isn't
running and has output it's possible for the window manager to fail or
reconfigure randr incorrectly.
With xrdp-waitfox:
- Install xrdp-waitfox to the BIN dir.
- sesman will run xrdp-waitfox as the logged in user.
- Set an alarm to exit after 30 seconds.
- Try to open env DISPLAY value's display (10 seconds).
- Test for RandR extension.
- Wait for outputs to appear (10 seconds).
These log levels are unintendedly decreased during logging reworking.
Recording audio formats are useful to know which format is used in
current RDP session.
gnome shell has a way to start different desktop profiles, but all
use the same gnome-session binary.
currently implemented only for debian based distributions
The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.
sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.
sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
Update sesman to cope with separate authentication/authorization (AA) and
command processing.
Also, internally users are now tracked by UID rather thn username.
This addresses a problem found by some users using federated naming
services (e.g. Active Directory) where the same user can be referred to
in more than one way. See https://github.com/neutrinolabs/xrdp/issues/1823
The separation of AA in this way allows for multiple attempts to be made
on one connection to get a password right. This addresses MaxLoginRetry
not working (https://github.com/neutrinolabs/xrdp/issues/1739)
The previous commit introduced a new interface for the auth modules. This
commit simply updates the other auth modules to use the new interface.
The basic auth module is also updated so that if a user has a shadow
password entry indicated, but the shadow entry cannot be found, an error
is logged rather than silently succeeding.
The BSD authentication module is also updated to allow it to be
compiled on a Linux system for basic testing.
An extra method auth_uds() is added to the PAM module to
allow a 'struct auth_info' to be created for a UDS login. The PAM stack
is used to check the UDS user can be authorized.
Also, an error code is returned from the auth module rather than a
simple boolean. This allows a more complete status to be communicated
to the user. See https://github.com/neutrinolabs/xrdp/discussions/1921
and also #909 and #642
Moving to a uid_t to store the user information makes a lot
of sense. When doing this, we need a function to get information
about a user from the uid_t
As well as creating the function g_getuser_info_by_uid() we also
rename g_getuser_info() to g_getuser_info_by_name() and make the
parameter ordering more usual.
When using PAM authentication, a copy is made of the username and password in the auth_info structure.
The password copy is not cleared from memory when the structure is deallocated. This could mean the password is revealed to an attacker from a coredump.
One solution is to clear the password when the struct is deallocated. However, the username and password in the auth_info struct are only required for the duration of the PAM conversation function. A better solution is to remove the username and password from the auth_info struct entirely, and just use pointers for the duration of the time the callback function is used.
The loadable sesman authentication modules use different types for the
authentication handle returned from auth_userpass(). The PAM module
uses a pointer, and the other modules use (effectively) a boolean. Within
sesman itself, a long or tbus (intptr_t) is used.
This PR replaces all of these types with a pointer to an incomplete type.
Consequently:-
- A single better-labelled type is used it all places within sesman so
it's more obvious what's being handled.
- There is no need to cast the authentication handle within the PAM
module to a long and back again.
- The compiler can check function signatures between auth.h and the
various verify modules.
This may throw a warning with clang-15+ when devel logs are disabled
Fixes
../../../xrdp-0.9.19/sesman/chansrv/chansrv.c:198:9: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Hiero32