mirrors
/
xrdp
mirror of https://github.com/neutrinolabs/xrdp
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,284 Commits 9 Branches 44 Tags 21 MiB
Commit Graph

105 Commits

Author SHA1 Message Date
matt335672 fd99653957 Update sesman authentication processing 
Update sesman to cope with separate authentication/authorization (AA) and
command processing.

Also, internally users are now tracked by UID rather thn username.
This addresses a problem found by some users using federated naming
services (e.g. Active Directory) where the same user can be referred to
in more than one way. See https://github.com/neutrinolabs/xrdp/issues/1823

The separation of AA in this way allows for multiple attempts to be made
on one connection to get a password right. This addresses MaxLoginRetry
not working (https://github.com/neutrinolabs/xrdp/issues/1739)
 2022-12-22 11:35:02 +00:00
matt335672 891efed9ad Remove nested includes from sesman.h 
The intention is to improve decoupling of the modules making up
sesman.
 2022-12-22 11:35:02 +00:00
matt335672 3a0a932472 Add --reload option to sesman 
Adds a --reload switch to sesman and plumbs this in
to systemctl reload xrdp-sesman.service
 2022-11-09 09:46:36 +00:00
a1346054 7fe18cc1c0
fix typos 2022-09-03 02:01:48 +00:00
matt335672 0db849fc5c Move SCP to a Unix Domain Socket 
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
 2022-04-18 09:12:35 +01:00
matt335672 104304aad1 Open log in sesman before reading config 2022-03-28 19:00:23 +01:00
matt335672 c0cb03801c Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672 8bd597a038 Fix signal handling in sesman 2022-03-04 11:37:45 +00:00
matt335672 2484928a5a Change 3rd parameter of log_start() to flags field 2022-03-04 11:37:45 +00:00
matt335672 eb4a8e342d Add lower bound to sesman data input size check 2022-02-02 10:39:50 +00:00
matt335672 5c9839a7f4 Address review comments 2021-07-27 13:36:34 +01:00
matt335672 d4c81229ba Module testing now OK 2021-07-27 13:36:34 +01:00
matt335672 3643cc37ec Fix compile issues with SCP states 2021-07-27 13:36:34 +01:00
Jay Sorg 95d4de206d work on moving to trans for scp v1 2021-07-27 13:36:32 +01:00
Jay Sorg 738e346f81 sesman: work on moving sesman to trans, v0 scp working 2021-07-27 13:35:43 +01:00
matt335672 1e13533048 Remove output on stdout by default on daemon startuip 2021-01-07 10:50:16 +00:00
matt335672 0a1a8f40e5 Moved a lot of string funcs to string_calls module 2020-12-22 11:57:24 +00:00
matt335672 e6c1df64d3 Added --config/-c to sesman 2020-12-09 10:19:14 +00:00
Alexandre Quesnel 0c61a15fc5 Migrating logging to LOG() and LOG_DEVEL() in sesman/* 2020-11-30 00:36:20 +00:00
Alexandre Quesnel a9ec1ebd99 Unifying logging in chanserv 
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
 2020-10-19 05:10:47 +00:00
Jay Sorg 351c92dfba sesman: fix for sesman startup without startup script 2019-10-16 13:53:22 -07:00
Koichiro IWAO 2262f1361f
sesman: close stdout/stderr earlier 
not to spit on the console
 2018-06-05 00:19:36 +09:00
Koichiro IWAO 6ae3052a0f
sesman: don't spit on the console when starting 
As the Debian patch[1] expresses, spitting messages on the console when
a process starts in background is a bad idea. Everything should be
written to log file and daemon should start silently. This is a first
step to shut up daemons.

Got some idea from Debian Remote Maintainers and Thorsten Glaser,
thanks!

[1] 2751ad4d62/debian/patches/shutup-daemon.diff
 2018-06-05 00:19:36 +09:00
Koichiro IWAO f2db57afb0
fix indent 2018-01-09 14:09:13 +09:00
matt335672 3f2a017c97 Make listen check before daemon fork 2017-12-27 15:00:18 +00:00
Ian Geiser 4b87548b71 Use g_create_path instead of g_create_dir 
Rename g_mk_temp_dir to g_mk_socket_path
 2017-07-14 20:52:38 +09:00
Koichiro IWAO 858e6149f0 fix typo 2017-07-13 13:41:26 +09:00
Koichiro IWAO 6f8eacd72b sesman: make sure socket directory present 
before try to create a domain socket.
Originally proposed by Ian Geiser (geiseri).
 2017-07-13 13:41:26 +09:00
Koichiro IWAO 5a7208a15b sesman: exit with failure status if listen failed 2017-06-20 14:29:02 +09:00
Pavel Roskin 6ed4c969f4 Eliminate APP_CC and DEFAULT_CC 2017-03-14 00:21:48 -07:00
Pavel Roskin b2d3dcf169 Include config_ac.h from all source files 2017-03-04 00:52:34 -08:00
Pavel Roskin 0a9b586332 Improve xrdp-sesman help text 
Don't document "-ns", as "-n" and "--nodaemon" should be enough. Always
refer to the program as xrdp-sesman, not sesman.
 2017-01-17 18:09:47 -08:00
Pavel Roskin 5829323ad8 Use g_new or g_new0 when C++ compiler would complain about implicit cast 2016-07-08 04:29:49 +00:00
Pavel Roskin be1d034f91 Report pid and listening address/port for xrdp and xrdp-sesman 
For xrdp-sesman, don't report that the daemon is listening to a port if
it fails to attach to that port. Don't use LOG_LEVEL_ALWAYS for startup
message, it's not a critical error.
 2016-06-21 16:30:15 -07:00
NerdKnight 99ebe1340f Fix compile error "format not a string literal and no format arguments [-Werror=format-security]" 2016-03-28 14:55:20 -03:00
Jay Sorg 689ffe79d9 fix warnings, move some calls to os_calls 2016-03-16 14:32:14 -07:00
Jay Sorg 38241f2a0b Fix all format warnings and some unused variable warnings 2016-03-14 17:04:08 -07:00
Jay Sorg 7393579205 Don't attempt to intercept SIGKILL, it doesn't work on any OS 2016-03-14 16:33:49 -07:00
Pavel Roskin 92a6833e9b Fix typos 2016-02-13 20:41:07 -08:00
Pavel Roskin 81779ddb01 Use lowercase program names for syslog 
Other programs typically use the same case as their execulables.
 2016-02-13 18:14:42 -08:00
Jay Sorg 4e0d0f3ba0 sesman: remove the thread 2015-12-11 20:41:17 -08:00
Koichiro IWAO ac9ff52c1b sesman: void function should not return a value 2015-03-12 16:48:20 +00:00
Laxmikant Rashinkar 27055d5762 coverity: improper use of negative value 2014-07-26 13:33:23 -07:00
Laxmikant Rashinkar a990287c46 coverity: fixed unchecked return value from library 2014-07-20 13:14:09 -07:00
Laxmikant Rashinkar 73578bc612 coverity: fixed unchecked return value 2014-07-19 13:06:25 -07:00
Jay Sorg c20b447f21 sesman: pid string match xrdp length 2013-06-19 11:43:24 -07:00
Jay Sorg a6592ed690 sesman: fix for reading pid file 2013-06-19 11:37:26 -07:00
Jay Sorg c6fa03102f copyright year update 2013-06-08 10:51:53 -07:00
Laxmikant Rashinkar 1123323fda o moved from GNU General Public License to Apache License, Version 2.0 
o applied new coding standards to all .c files
o moved some files around
 2012-09-19 20:51:34 -07:00
Jay Sorg 099a421c77 log: added path for when --prefix is used 2012-06-10 21:50:57 -07:00