Commit Graph

1163 Commits

Author SHA1 Message Date
matt335672
675dd77807 Parameterise the sockdir with the UID of the user
The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.

XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>

XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
2023-10-23 18:14:46 +01:00
matt335672
63235eaafd Fix typo in error message 2023-10-23 15:51:17 +01:00
matt335672
547c619c2f Move g_mk_socket_path() to sesman
The sockdir is only used when sesman is active. The
call g_mk_socket_path() is removed from os_calls and moved to
sesman.

We also change the permissions on this directory to
0755 rather than 01777 (01000 is the 'sticky bit', S_ISVTX).

The behaviour of g_create_dir() has been modified to not
set S_ISVTX on Linux directories. This is implementation-defined
behaviour according to 1003.1, and is no longer required for the
sockdir.
2023-10-23 15:51:17 +01:00
matt335672
8f73f5ba73 Remove unnecessary assignments
As per title. Assigments are made to variables which are immediately
overwritten.
2023-10-23 15:23:07 +01:00
matt335672
d722ffe357 Update smartcard code to use new UTF-8 calls 2023-10-23 14:19:49 +01:00
matt335672
1b286a0469 Update RAIL code to use new UTF-8 calls 2023-10-23 14:19:49 +01:00
matt335672
8556f83905 Update drive redirection code to use new UTF-8 calls 2023-10-23 14:19:49 +01:00
matt335672
f8e7fd4c2c Update clipboard code to use new UTF-8 calls 2023-10-23 14:15:47 +01:00
firewave
f687174af1 provide more includes to Cppcheck
- added (temporary) suppression of Cppcheck `shiftTooManyBits` false positives in `libxrdp/xrdp_mppc_enc.c`
- added (temporary) suppression of Cppcheck `uninitMemberVar` true positives in `ulalaca/ulalaca.cpp` until fixes land downstream
- fix Cppcheck `nullPointerRedundantCheck` in `sesman/chansrv/clipboard.c`
- fix Cppcheck `syntaxError` in `fontutils/mkfv1.c` because it doesn't see the `freetype/fterrors.h` header / removed astyle workaround
2023-10-17 15:14:36 +02:00
matt335672
2a287963da devredir_proc_query_dir_response(): Conform to spec
This commit adds more error checking to the above function. The function
now conforms to [MS-FSCC] regarding processing of the NextEntryOffset
field.
2023-10-16 10:28:41 +01:00
matt335672
eb1c3cd4b3
Merge pull request #2810 from matt335672/remove_ss_clipboard_code
Remove client-server shortcut paste code
2023-10-11 10:38:16 +01:00
matt335672
cf5c2718af Update logging in sesman access control
Improve the built-in access checks for sesman/sesexec:-
- Group existence is checked for at login-time rather than program
  start time
- The name of the group is now included in the message

Also, check for UID == 0 when checking for root, rather than just
checking the name (which might be an alias)
2023-10-05 13:22:49 +01:00
matt335672
5837deae04 access_login_allowed: Remove primary group check
This check is now performed within g_check_user_in_group()
2023-10-05 12:25:40 +01:00
matt335672
284c17c0b2 Remove client-server shortcut paste code
When significant amounts of data is coming from the client in a
fragmented CLIPRDR_DATA_RESPONSE PDU, this code provides a way to
start copying it to a requesting client before it is all read.

The only advantage of this code is to provide a slight speedup
before a paste is visible on the server.

There are significant problems with this code. Notably, it is
very difficult to parse Unicode text coming through this route. Each
UTF-16 character can occupy up to 4 bytes, and a fragmentation
boundary could occur at any point within a UTF-16 character.
2023-09-29 12:07:19 +01:00
matt335672
e138c1a601 Update comments in smartcard code
Most of the Microsoft RDP documentation describes PDUs on-the-wire.
However, [MS-RDPESC] doesn't do this. It uses DCE IDL to describe the
contents of the PDUs sent over the File System Virtual Channel.

Ideally we'd use an IDL compiler to generate the interfaces in
[MS-RDPESC]. We don't have one though, so all PDUs are read and written
with the low-level streaming routines. It's not clear in the existing
code how IDL is mapped down to this level.

This commit updates the smartcard code with comments which will enable
maintainers to better understand the IDL-to-streaming mappings.
2023-09-25 16:13:00 +01:00
firewave
27d34e784d fixed Cppcheck unusedVariable warnings 2023-09-04 23:47:56 +02:00
matt335672
25a1fab5b6 Check auth_start_session() result 2023-08-19 13:35:26 +01:00
matt335672
84ae372a58 clipboard: Fix TODO action in clipboard_common.h
Use the official Windows clipboard format names where appropriate

Replace g_file_format_id with g_file_group_descriptor_format_id
as the latter name is more descriptive of what is described in
[MS-ECLIP]
2023-08-07 15:11:04 +01:00
matt335672
8eed7a395e clipboard: Only advertise text to X11 clients if it is available 2023-08-07 15:11:04 +01:00
matt335672
45ca9fe098 clipboard: Tell the X11 client if a selection is unavailable 2023-08-07 14:45:11 +01:00
matt335672
463cd8a543
Merge pull request #2719 from matt335672/log_xrdp_termination_signal
Log xrdp termination signals
2023-07-31 11:24:20 +01:00
matt335672
d77b0b3b9d Bump cppcheck to v2.11
This fixes the following errors:-

sesman/tools/authtest.c:64:14: error: syntax error [syntaxError]
    g_printf("xrdp auth module tester v" PACKAGE_VERSION "\n");
             ^
sesman/tools/sesrun.c:165:14: error: syntax error [syntaxError]
    g_printf("xrdp session starter v" PACKAGE_VERSION "\n");
             ^
vrplayer/decoder.h:35:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
vrplayer/playaudio.h:45:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
vrplayer/dlgabout.h:22:13: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    private slots:
            ^
vrplayer/playvideo.h:49:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
Additionally, cppcheck now makes use of all available CPUs
2023-06-23 15:12:51 +01:00
matt335672
ce42e3e12d Replace g_strsignal() with g_sig2text()
This call provides a textual representation of a signal number, i.e.
SIGHUP is mapped to "SIGHUP"

Unit tests are also added.
2023-06-12 16:19:17 +01:00
matt335672
0f32661056 Add g_strsignal() to string_calls module 2023-06-08 16:32:24 +01:00
matt335672
7cf9101407 Fix compile errors detected by the older gcc 4.8.5 compiler:-
sesexec.c: In function ‘main’:
sesexec.c:521:1: error: control reaches end of non-void function [-Werror=return-type]

sound.c: In function ‘process_pcm_message’:
sound.c:1123:21: error: ‘for’ loop initial declarations are only allowed in C99 mode
                     for (int i = 0; i < send_silence_times; i++)
                     ^
sound.c:1123:21: note: use option -std=c99 or -std=gnu99 to compile your code

These fixes are in line with our coding standard and have no functional change.
2023-06-07 20:21:54 +01:00
jsorg71
dab1443e87
Merge pull request #2686 from matt335672/update_fifo_code
Re-work FIFO code
2023-06-01 22:29:59 -07:00
matt335672
c0f9c55de6 Remove size limit for PAM environment variables
The current logic in auth_set_env() for PAM environments only allows
environment variables to be around 256 characters in length.
2023-05-31 16:39:42 +01:00
matt335672
05d1733950 Change chansrv to use common fifo code 2023-05-22 14:43:22 +01:00
matt335672
8535f8e08c
Merge pull request #2675 from matt335672/fix_chansrv_signal_handling
Fix signal handling in chansrv.c
2023-05-22 10:03:02 +01:00
Daniel Richard G
fdfe47668b Add XorgNoNewPrivileges configuration option
This allows Linux's no_new_privs restriction to be disabled when starting
the X server, which may be desirable if xrdp is running inside a kernel
confinement framework such as AppArmor or SELinux.
2023-05-15 17:40:46 -04:00
Daniel Richard G
b191d87e33 Move Linux's no_new_privs call into os_calls
This helps keep the application code free of platform-specific cruft.
Also remove a needless #include<sys/prctl.h> from sesman/session_list.c.
2023-05-15 17:40:46 -04:00
Daniel Richard G
1c0c923ad1 Split g_file_open() into _ro() and _rw() variants
Rename g_file_open() to g_file_open_rw(), and add a new g_file_open_ro()
call that wraps the common g_file_open_ex(file, 1, 0, 0, 0) idiom. This
will make the file access mode more explicit in the code.

Change all calls to g_file_open() to the _ro() or _rw() variant as
appropriate, and replace g_file_open_ex(file, 1, 0, 0, 0) with the _ro()
call.

Lastly, add tests for the two new calls to test_os_calls.c (code
courteously provided by matt335672).
2023-05-15 17:38:31 -04:00
matt335672
0a44594f51 Fix signal handling in chansrv.c
Signal handlers now only use signal-safe code

See signal-safety(7) on Linux
2023-05-15 14:16:29 +01:00
Daniel Richard G
42d32e7496 Use config_ac.h consistently and correctly 2023-05-12 13:49:53 -04:00
matt335672
8853b1c4ee New files for sesexec 2023-05-02 11:55:23 +01:00
matt335672
4dcaa84fbe Changes to autotools stuff for sesexec 2023-05-02 11:55:23 +01:00
matt335672
c5971b535d sesexec: Changes to existing files from sesman
env.c : The value of XRDP_SESSION in the environment is now set to the
        PID of the sesexec process, which ties up the session with the
        output of "xrdp-sesadmin -c=list".

        Later versions of xrdp-sesadmin can use this value to get
        information about the current process.
2023-05-02 11:55:23 +01:00
matt335672
74cd7d1837 Rework sesman with new files 2023-05-02 11:55:23 +01:00
matt335672
3895954b75 Add libipm interfaces to sesman
Add modules to sesman to handle incoming EICP and ERCP messages
2023-05-02 11:55:22 +01:00
matt335672
9c2c43693c Move files from sesman to sesexec directory 2023-05-02 11:55:22 +01:00
matt335672
8e291846d5 Create pre-session list
This is made from the old sesman_con structure. It describes
a connection to sesman which is not yet running a session.
2023-05-02 11:55:22 +01:00
matt335672
dadb393443 Add sesexec control module
This module provides a secure way for sesman to start the sesexec program
and establish a private communications channel with it.
2023-05-02 11:55:22 +01:00
matt335672
3d95954d87 Move session_list to struct list *
This commit now uses the standard list module to manage the active
session list, rather than having special code to do this.
2023-05-02 11:55:22 +01:00
matt335672
1a9d15bef0 Remove explicit auth_stop_session() call
Now that authentication/authorization and session creation are
happening in the same process, there is no need for a separate call
to finish an auth session. This change prevents the upper software
layers from needing to track whether auth_start_session() has been
called or not.
2023-05-02 11:55:22 +01:00
matt335672
82ede29388 libsesman: Make x11_display_offset and max_sessions unsigned 2023-05-02 11:55:22 +01:00
matt335672
06580ec448 sesman config: Add MaxDisplayNumber
When allocating a display number, we should be aware that
IANA only allow TCP displays up to :63. This PR adds that restriction in
to sesman.ini as a default, to prevent us allocating unavailable TCP
ports.

By default TCP ports are not enabled for X servers, but users can easily
change this if they wish to access X displays directly over the network.

This restriction is in addition to the MaxSessions limit already present
in sesman.ini
2023-05-02 11:55:22 +01:00
matt335672
970d936106 libsesman config: Define default sesman.ini name 2023-05-02 11:55:22 +01:00
matt335672
e96d77bac1 Remove g_mk_socket_path() from codepaths
The socket dir is only used if we are starting a session
with sesman. Consequently, it only makes sense to create
this directory within sesman itself.
2023-05-02 11:55:22 +01:00
matt335672
563cfaf009
Merge pull request #2643 from matt335672/close_unwanted_fds
Fix leaking file descriptors
2023-05-02 11:54:05 +01:00
matt335672
b3b12b1be5 Allow longer UserWindowManager strings
The UserWindowManager is limited to 31 characters. There appears
to be no good reason for this.
2023-05-01 11:52:21 +01:00
matt335672
f08355a325 Ensure commonly used file descriptors are close-on-exec 2023-04-24 14:20:14 +01:00
matt335672
adb7476187 Add LOG_DEVEL_LEAKING_FDS calls to the application 2023-04-24 14:20:14 +01:00
Lennart Sauerbeck
5741653900 sesman: Prevent the use of 'alternate shell'
By setting the new config value 'AllowAlternateShell' to 'no' it is now
possible to prevent the use of an alternate shell, which can be set by
the connecting user.
The default remains unchanged and any shell is allowed if the config
value is not specified. It can also be set explicitly to 'yes' to achieve
the same outcome.

Fixes: #850
2023-04-19 10:16:56 +01:00
Jay Sorg
6628d57b55 chansrv: build fix, use libipm from build dir 2023-04-03 22:25:06 -07:00
matt335672
5605ce44b1 Remove defines from sesman_config.h
This file currently contains defines which are only used in
sesman_config.c Moving them into there increases readability
and maintainability.
2023-03-30 13:07:49 +01:00
matt335672
53cc5c3e18 Remove unnecessary comment 2023-03-30 13:07:49 +01:00
matt335672
5e339d5054 Update sesman test tools after libsesman created 2023-03-30 13:07:49 +01:00
matt335672
8044bd1ecf Update sesman files left after libsesman created 2023-03-30 13:07:49 +01:00
matt335672
ea12231247 Updaste chansrv files related to new libsesman 2023-03-30 13:07:49 +01:00
matt335672
d2362f23a0 Fix typo 2023-03-30 13:07:49 +01:00
matt335672
b4f9d250e2 Update sesman files moved to libsesman 2023-03-29 14:31:30 +01:00
matt335672
75c9979b54 Add new files to libsesman 2023-03-29 14:31:30 +01:00
matt335672
2f3693b3dc autotools changes related to new libsesman library 2023-03-29 14:31:30 +01:00
matt335672
d05dd853bb Moved sesman_access module into libsesman 2023-03-29 14:31:30 +01:00
matt335672
2995d4942f Renamed sesman/access module 2023-03-29 14:31:30 +01:00
matt335672
dff380fb78 Move auth modules into libsesman 2023-03-29 14:31:30 +01:00
matt335672
d83bf100fa Move auth into libsesman 2023-03-29 14:31:30 +01:00
matt335672
cf5c1494cf Rename auth.h as sesman_auth.h 2023-03-29 14:31:29 +01:00
matt335672
db1f4c95a6 Moved config into libsesman 2023-03-29 14:31:29 +01:00
matt335672
f24400f4f1 Renamed sesman/config module 2023-03-29 14:31:29 +01:00
matt335672
177707dcb9
Merge pull request #2608 from Hiero32/Support-to-set-parameters-for-#2519
Support to set parameters for #2519
2023-03-29 10:29:23 +01:00
Hiero32
9fe9ae3bc0 Support to set parameters from sesman.ini. 2023-03-28 21:20:54 +09:00
matt335672
3ee8eb9c9e
Merge pull request #2592 from matt335672/restructure_session_start
Restructure session start
2023-03-27 10:38:37 +01:00
Jay Sorg
054c78d568 chansrv: don't free item on stack 2023-03-24 16:33:16 -07:00
matt335672
991770cc5d Refactored session.c to support X server validation 2023-03-24 10:58:42 +00:00
matt335672
34ad55faa6 xwait changes (breaks compile)
The wait_for_xserver() call is refactored so that it can
be called from root context to wait for an X server run by
a specific user.
2023-03-24 10:54:04 +00:00
matt335672
6bf0aed8dd Make wait objects private to sesman.c 2023-03-24 10:54:04 +00:00
matt335672
5cb5542d91 Rename session_list module functions
Rename functions in the session_list module so it's clearer where
they are defined.
2023-03-24 10:53:23 +00:00
matt335672
fb25de0419 Split sesman/session.c into session.c and session_list.c 2023-03-23 18:12:06 +00:00
matt335672
84c19e05ce Duplicate session module to session_list module
This makes an exact copy of session.[ch] in session_list.[ch].
The intention is to be able to follow changes in git with
the --follow switch
2023-03-23 18:12:06 +00:00
matt335672
c0b9bf9a37 Remove clone_session_params()
This is a hangover from SCP V1 and is no longer required with
the move to libipm
2023-03-23 18:12:06 +00:00
matt335672
8b9f9b40c8 os_calls changes
- Add g_pipe()
- Add g_file_duplicate_on()
- Rework struct exit_status to make it easier to parse
- Add optional status return to g_waitchild()
2023-03-23 18:12:06 +00:00
matt335672
5c01729d6f waitforx logging improvements 2023-03-18 10:54:14 +00:00
matt335672
3681ecdf23 Moved bin/xrdp-waitforx to libexec/xrdp/waitforx 2023-03-18 10:54:14 +00:00
matt335672
653a7a9bff
Merge pull request #2576 from matt335672/list_string_support
List string support
2023-03-10 11:07:59 +00:00
matt335672
c9940f6b0d
Merge pull request #2581 from metalefty/help-alignment
sesman: fix help message alignment
2023-03-08 10:42:13 +00:00
Koichiro IWAO
75f534b69f sesman: fix help message alignment 2023-03-08 10:24:08 +09:00
matt335672
621b3fc6dc Add g_execvp_list() to os_calls 2023-03-06 16:03:55 +00:00
matt335672
c3d697de16 Add list_add_strdup() etc 2023-03-06 15:58:13 +00:00
Zhipeng Xue
fbb3b9cef9 Fix potential null dereference 2023-03-05 13:38:43 +08:00
matt335672
420a7a429f
Merge pull request #2557 from Hiero32/improve_#2522
improve "#2522 use startup command from /usr/share/xsession ..."
2023-02-22 12:45:23 +00:00
Hiero32
cdc65db487
change comment a bit 2023-02-22 20:59:37 +09:00
Hiero32
a2a8a0ba89
fix comment 2023-02-21 21:30:33 +09:00
Hiero32
fda1ed0042
remove "source /etc/xrdp/export_desktop_session" 2023-02-21 21:15:21 +09:00
Yifan J
8be6bc137e Make pam.d directory configurable 2023-02-21 09:50:46 +08:00
Hiero32
5364ee6aaf
improve "#2522 use startup command from /usr/share/xsession ..." 2023-02-18 10:04:27 +09:00
matt335672
86d0d0e9fd Addressed review comments 2023-02-13 14:28:29 +00:00
matt335672
acdfd12cb6 Fix typo in chansrv_fuse.c
The code as it stands is checking two file descriptors for possible
input, but only one needs to be checked.
2023-02-13 14:28:29 +00:00
matt335672
78fa1c15b2 Replace select() system call with poll()
poll() is specified in POSIX.1-2001 as a simpler interface for
multiplexed file descriptors than select(). It also provides more
functionality.

This PR replaces the select() calls used in xrdp with poll()
equivalents.
2023-02-13 14:28:29 +00:00
matt335672
a27440c237
Merge pull request #2492 from derekschrock/randr-wait
Add xrdp-waitforx to wait for X to start with RandR outputs
2023-02-13 10:29:22 +00:00