This is required for PAM systems that depend on group membership being
available during PAM processing. This is used by pam_group on FreeBSD
and pam_group on Linux-PAM, although the functionality of both is
different.
Disable clipboard_event_selection_request call is overkill for
blocking text/image/file purpose.
For example, it breaks existing behavior (slow response from gedit,
gimp as a side effects)
Instead, in clipboard_event_selection_request, these media format will
be blocked respectively which depends on the following configurations
in sesman.ini [Security] section.
* RestrictInboundClipboard=text
* RestrictInboundClipboard=file
* RestrictInboundClipboard=image
You can also set comma separated list.
* RestrictInboundClipboard=text,file,image
RestrictOutboundClipboard kills all of test/file/image
transfer via clipboard.
For controlling each content type behavior,
clipboard_xevent is not appropriate place to block respectively.
Instead, in clipboard_event_selection_notify, these media type
will be blocked which depends on the following configurations in
sesman.ini [Security] section.
* RestrictOutboundClipboard=text
* RestrictOutboundClipboard=file
* RestrictOutboundClipboard=image
You can also set comma separated list
* RestrictOutboundClipboard=text, file, image
It supports the extended configurations for sesman.ini:
Before:
[Security]
RestrictOutboundClipboard=true or false
After:
[Security]
RestrictInboundClipboard=[true or false | text or file or image | comma separated list]
RestrictOutboundClipboard=[true or false | text or file or image | comma separated list]
Above configuration is disabled by default (false)
And it can be specified comma separated list like this:.
RestrictInboundClipboard=file, image
RestrictOutboundClipboard=text, file, image
Note that if RestrictOutboundClipboard=true,file is set,
file is ignored and it is treated as RestrictOutboundClipboard=true
It is same for RestrictInboundClipboard.
According to https://github.com/neutrinolabs/xrdp/wiki/Logging,
it may be better to emit this log message because this log is
useful for system administrator to know whether RestrictOutboundClipboard
configuration works or not
And raise log level to info because it is informative for system
administrator.
As g_file_atom2 is x-special/gnome-copied-files
(See g_file_atom2 definition in sesman/chansrv/clipboard.c),
it should be "x-special/gnome-copied-files" in this context.
Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
* Added s_rem(s) for getting the remaining bytes in a stream
* Added s_rem_out() macro
* Fixed 15bpp pointer error checking
* Combined the 512 and 2048 bit certificate sending code paths
* Other detailed comments and logging added following MS-RDPBCGR
There are two points.
Make sure cleanup files happen after chansrv and Xserver exit. If these
child processes lock socket files, the deletion might fail.
Usually, cleanup of xorgxrdp related socket files is handled by
xorgxrdp. Just in case it failed, perform cleanup also in sesman.
Fixes#1740. Thanks to @matt335672.
Sponsored by: Cybertrust Japan
Sponsored by: HAW International
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
The MS specs determine that the character buffer lenngths
for usernames, domains, passwords, alternate shells, etc
can be up to 512 characters including the mandatory null
terminator.
Constants from MS documents (MS-RDPBCGR etc) moved out of
common/xrdp_constants.h into includes named after the documents.
Similar includes moved from sesman/chansrv to the common area.
- Reimplemented inode store in separate module chansrv_xfs.[hc]
- Allowed atimes and mtimes to be written to Windows side
- Mapped file user write bit to (inverted) Windows FILE_ATTRIBUTE_READONLY bit
- Mapped file user execute bit to Windows FILE_ATTRIBUTE_SYSTEM bit
- Implemented improved security for remotely mounted drives
- Implemented USB device removal, allowing hot-plug/remove of memory sticks
- Fixed pagefile.sys breaking Ubuntu file browser
- Fixed write offset bug
- Allowed renaming of open files
- Improved reported error codes
- Fixed various memory leaks
- Addressed valgrind errors related to struct fuse_file_info pointers.
Fixes#1335.
In file included from ./irp.h:27:
./chansrv_fuse.h:39:5: error: unknown type name 'time_t'
time_t atime; /* Time of last access. */
^
./chansrv_fuse.h:40:5: error: unknown type name 'time_t'
time_t mtime; /* Time of last modification. */
^
./chansrv_fuse.h:41:5: error: unknown type name 'time_t'
time_t ctime; /* Time of last status change. */
^
3 errors generated.
*** Error code 1
- Replace xfuse_cb_enum_dir() directory callback for adding files with
more general xfuse_devredir_add_file_or_dir() to be called from a
directory or a lookup operation.
- Moved XRDP_INODE out of public interface for chansrv_fuse, and replaced
with simpler struct file_attr to pass to
xfuse_devredir_add_file_or_dir()
- Allow a struct file_attr to be placed in an IRP for assembly of file
attributes over multiple IRP_MJ_QUERY_INFORMATION requats.
- Add dev_redir_lookup_entry() to public interface for devredir.c
- Add xfuse_devredir_cb_lookup_entry() callback to public interface for
chansrv-fuse.c
- Remove unused 'is_synced' member from struct xrdp_inode
- Move prototype for xfuse_devredir_cb_write_file() to correct file
- Add const correctness to dev_redir_strings_ends_with() function
- Add const correctness to fuse_reverse_pathname() function
- Moved devredir_proc_cid_* functions out of devredir.h and made static
- Added XFUSE_DUMP_ADDED_ENTRIES maro for debugging
- Removed duplicate code path in xfuse_remove_dir_or_file()
- Removed duplicate code path in xfuse_cb_rename()
- Removed duplicate code path in xfuse_create_dir_or_file()
- Removed duplicate code path in xfuse_cb_open()
- Removed duplicate code path in xfuse_proc_opendir_req()
- Remove unused USE_SYNC_FLAG macro
- Remove unused members invoke_fuse, off, dirbuf1 from XFUSE_INFO
- Clear f_fifo_opendir entries on deinit
- Added some comments and fixed some others