The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.
XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>
XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
The sockdir is only used when sesman is active. The
call g_mk_socket_path() is removed from os_calls and moved to
sesman.
We also change the permissions on this directory to
0755 rather than 01777 (01000 is the 'sticky bit', S_ISVTX).
The behaviour of g_create_dir() has been modified to not
set S_ISVTX on Linux directories. This is implementation-defined
behaviour according to 1003.1, and is no longer required for the
sockdir.
- added (temporary) suppression of Cppcheck `shiftTooManyBits` false positives in `libxrdp/xrdp_mppc_enc.c`
- added (temporary) suppression of Cppcheck `uninitMemberVar` true positives in `ulalaca/ulalaca.cpp` until fixes land downstream
- fix Cppcheck `nullPointerRedundantCheck` in `sesman/chansrv/clipboard.c`
- fix Cppcheck `syntaxError` in `fontutils/mkfv1.c` because it doesn't see the `freetype/fterrors.h` header / removed astyle workaround
Improve the built-in access checks for sesman/sesexec:-
- Group existence is checked for at login-time rather than program
start time
- The name of the group is now included in the message
Also, check for UID == 0 when checking for root, rather than just
checking the name (which might be an alias)
When significant amounts of data is coming from the client in a
fragmented CLIPRDR_DATA_RESPONSE PDU, this code provides a way to
start copying it to a requesting client before it is all read.
The only advantage of this code is to provide a slight speedup
before a paste is visible on the server.
There are significant problems with this code. Notably, it is
very difficult to parse Unicode text coming through this route. Each
UTF-16 character can occupy up to 4 bytes, and a fragmentation
boundary could occur at any point within a UTF-16 character.
Most of the Microsoft RDP documentation describes PDUs on-the-wire.
However, [MS-RDPESC] doesn't do this. It uses DCE IDL to describe the
contents of the PDUs sent over the File System Virtual Channel.
Ideally we'd use an IDL compiler to generate the interfaces in
[MS-RDPESC]. We don't have one though, so all PDUs are read and written
with the low-level streaming routines. It's not clear in the existing
code how IDL is mapped down to this level.
This commit updates the smartcard code with comments which will enable
maintainers to better understand the IDL-to-streaming mappings.
Use the official Windows clipboard format names where appropriate
Replace g_file_format_id with g_file_group_descriptor_format_id
as the latter name is more descriptive of what is described in
[MS-ECLIP]
This fixes the following errors:-
sesman/tools/authtest.c:64:14: error: syntax error [syntaxError]
g_printf("xrdp auth module tester v" PACKAGE_VERSION "\n");
^
sesman/tools/sesrun.c:165:14: error: syntax error [syntaxError]
g_printf("xrdp session starter v" PACKAGE_VERSION "\n");
^
vrplayer/decoder.h:35:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
public slots:
^
vrplayer/playaudio.h:45:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
public slots:
^
vrplayer/dlgabout.h:22:13: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
private slots:
^
vrplayer/playvideo.h:49:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
public slots:
^
Additionally, cppcheck now makes use of all available CPUs
sesexec.c: In function ‘main’:
sesexec.c:521:1: error: control reaches end of non-void function [-Werror=return-type]
sound.c: In function ‘process_pcm_message’:
sound.c:1123:21: error: ‘for’ loop initial declarations are only allowed in C99 mode
for (int i = 0; i < send_silence_times; i++)
^
sound.c:1123:21: note: use option -std=c99 or -std=gnu99 to compile your code
These fixes are in line with our coding standard and have no functional change.
This allows Linux's no_new_privs restriction to be disabled when starting
the X server, which may be desirable if xrdp is running inside a kernel
confinement framework such as AppArmor or SELinux.
Rename g_file_open() to g_file_open_rw(), and add a new g_file_open_ro()
call that wraps the common g_file_open_ex(file, 1, 0, 0, 0) idiom. This
will make the file access mode more explicit in the code.
Change all calls to g_file_open() to the _ro() or _rw() variant as
appropriate, and replace g_file_open_ex(file, 1, 0, 0, 0) with the _ro()
call.
Lastly, add tests for the two new calls to test_os_calls.c (code
courteously provided by matt335672).
env.c : The value of XRDP_SESSION in the environment is now set to the
PID of the sesexec process, which ties up the session with the
output of "xrdp-sesadmin -c=list".
Later versions of xrdp-sesadmin can use this value to get
information about the current process.
Now that authentication/authorization and session creation are
happening in the same process, there is no need for a separate call
to finish an auth session. This change prevents the upper software
layers from needing to track whether auth_start_session() has been
called or not.
When allocating a display number, we should be aware that
IANA only allow TCP displays up to :63. This PR adds that restriction in
to sesman.ini as a default, to prevent us allocating unavailable TCP
ports.
By default TCP ports are not enabled for X servers, but users can easily
change this if they wish to access X displays directly over the network.
This restriction is in addition to the MaxSessions limit already present
in sesman.ini
By setting the new config value 'AllowAlternateShell' to 'no' it is now
possible to prevent the use of an alternate shell, which can be set by
the connecting user.
The default remains unchanged and any shell is allowed if the config
value is not specified. It can also be set explicitly to 'yes' to achieve
the same outcome.
Fixes: #850
poll() is specified in POSIX.1-2001 as a simpler interface for
multiplexed file descriptors than select(). It also provides more
functionality.
This PR replaces the select() calls used in xrdp with poll()
equivalents.