Commit Graph

1163 Commits

Author SHA1 Message Date
matt335672
f08355a325 Ensure commonly used file descriptors are close-on-exec 2023-04-24 14:20:14 +01:00
matt335672
adb7476187 Add LOG_DEVEL_LEAKING_FDS calls to the application 2023-04-24 14:20:14 +01:00
Lennart Sauerbeck
5741653900 sesman: Prevent the use of 'alternate shell'
By setting the new config value 'AllowAlternateShell' to 'no' it is now
possible to prevent the use of an alternate shell, which can be set by
the connecting user.
The default remains unchanged and any shell is allowed if the config
value is not specified. It can also be set explicitly to 'yes' to achieve
the same outcome.

Fixes: #850
2023-04-19 10:16:56 +01:00
Jay Sorg
6628d57b55 chansrv: build fix, use libipm from build dir 2023-04-03 22:25:06 -07:00
matt335672
5605ce44b1 Remove defines from sesman_config.h
This file currently contains defines which are only used in
sesman_config.c Moving them into there increases readability
and maintainability.
2023-03-30 13:07:49 +01:00
matt335672
53cc5c3e18 Remove unnecessary comment 2023-03-30 13:07:49 +01:00
matt335672
5e339d5054 Update sesman test tools after libsesman created 2023-03-30 13:07:49 +01:00
matt335672
8044bd1ecf Update sesman files left after libsesman created 2023-03-30 13:07:49 +01:00
matt335672
ea12231247 Updaste chansrv files related to new libsesman 2023-03-30 13:07:49 +01:00
matt335672
d2362f23a0 Fix typo 2023-03-30 13:07:49 +01:00
matt335672
b4f9d250e2 Update sesman files moved to libsesman 2023-03-29 14:31:30 +01:00
matt335672
75c9979b54 Add new files to libsesman 2023-03-29 14:31:30 +01:00
matt335672
2f3693b3dc autotools changes related to new libsesman library 2023-03-29 14:31:30 +01:00
matt335672
d05dd853bb Moved sesman_access module into libsesman 2023-03-29 14:31:30 +01:00
matt335672
2995d4942f Renamed sesman/access module 2023-03-29 14:31:30 +01:00
matt335672
dff380fb78 Move auth modules into libsesman 2023-03-29 14:31:30 +01:00
matt335672
d83bf100fa Move auth into libsesman 2023-03-29 14:31:30 +01:00
matt335672
cf5c1494cf Rename auth.h as sesman_auth.h 2023-03-29 14:31:29 +01:00
matt335672
db1f4c95a6 Moved config into libsesman 2023-03-29 14:31:29 +01:00
matt335672
f24400f4f1 Renamed sesman/config module 2023-03-29 14:31:29 +01:00
matt335672
177707dcb9
Merge pull request #2608 from Hiero32/Support-to-set-parameters-for-#2519
Support to set parameters for #2519
2023-03-29 10:29:23 +01:00
Hiero32
9fe9ae3bc0 Support to set parameters from sesman.ini. 2023-03-28 21:20:54 +09:00
matt335672
3ee8eb9c9e
Merge pull request #2592 from matt335672/restructure_session_start
Restructure session start
2023-03-27 10:38:37 +01:00
Jay Sorg
054c78d568 chansrv: don't free item on stack 2023-03-24 16:33:16 -07:00
matt335672
991770cc5d Refactored session.c to support X server validation 2023-03-24 10:58:42 +00:00
matt335672
34ad55faa6 xwait changes (breaks compile)
The wait_for_xserver() call is refactored so that it can
be called from root context to wait for an X server run by
a specific user.
2023-03-24 10:54:04 +00:00
matt335672
6bf0aed8dd Make wait objects private to sesman.c 2023-03-24 10:54:04 +00:00
matt335672
5cb5542d91 Rename session_list module functions
Rename functions in the session_list module so it's clearer where
they are defined.
2023-03-24 10:53:23 +00:00
matt335672
fb25de0419 Split sesman/session.c into session.c and session_list.c 2023-03-23 18:12:06 +00:00
matt335672
84c19e05ce Duplicate session module to session_list module
This makes an exact copy of session.[ch] in session_list.[ch].
The intention is to be able to follow changes in git with
the --follow switch
2023-03-23 18:12:06 +00:00
matt335672
c0b9bf9a37 Remove clone_session_params()
This is a hangover from SCP V1 and is no longer required with
the move to libipm
2023-03-23 18:12:06 +00:00
matt335672
8b9f9b40c8 os_calls changes
- Add g_pipe()
- Add g_file_duplicate_on()
- Rework struct exit_status to make it easier to parse
- Add optional status return to g_waitchild()
2023-03-23 18:12:06 +00:00
matt335672
5c01729d6f waitforx logging improvements 2023-03-18 10:54:14 +00:00
matt335672
3681ecdf23 Moved bin/xrdp-waitforx to libexec/xrdp/waitforx 2023-03-18 10:54:14 +00:00
matt335672
653a7a9bff
Merge pull request #2576 from matt335672/list_string_support
List string support
2023-03-10 11:07:59 +00:00
matt335672
c9940f6b0d
Merge pull request #2581 from metalefty/help-alignment
sesman: fix help message alignment
2023-03-08 10:42:13 +00:00
Koichiro IWAO
75f534b69f sesman: fix help message alignment 2023-03-08 10:24:08 +09:00
matt335672
621b3fc6dc Add g_execvp_list() to os_calls 2023-03-06 16:03:55 +00:00
matt335672
c3d697de16 Add list_add_strdup() etc 2023-03-06 15:58:13 +00:00
Zhipeng Xue
fbb3b9cef9 Fix potential null dereference 2023-03-05 13:38:43 +08:00
matt335672
420a7a429f
Merge pull request #2557 from Hiero32/improve_#2522
improve "#2522 use startup command from /usr/share/xsession ..."
2023-02-22 12:45:23 +00:00
Hiero32
cdc65db487
change comment a bit 2023-02-22 20:59:37 +09:00
Hiero32
a2a8a0ba89
fix comment 2023-02-21 21:30:33 +09:00
Hiero32
fda1ed0042
remove "source /etc/xrdp/export_desktop_session" 2023-02-21 21:15:21 +09:00
Yifan J
8be6bc137e Make pam.d directory configurable 2023-02-21 09:50:46 +08:00
Hiero32
5364ee6aaf
improve "#2522 use startup command from /usr/share/xsession ..." 2023-02-18 10:04:27 +09:00
matt335672
86d0d0e9fd Addressed review comments 2023-02-13 14:28:29 +00:00
matt335672
acdfd12cb6 Fix typo in chansrv_fuse.c
The code as it stands is checking two file descriptors for possible
input, but only one needs to be checked.
2023-02-13 14:28:29 +00:00
matt335672
78fa1c15b2 Replace select() system call with poll()
poll() is specified in POSIX.1-2001 as a simpler interface for
multiplexed file descriptors than select(). It also provides more
functionality.

This PR replaces the select() calls used in xrdp with poll()
equivalents.
2023-02-13 14:28:29 +00:00
matt335672
a27440c237
Merge pull request #2492 from derekschrock/randr-wait
Add xrdp-waitforx to wait for X to start with RandR outputs
2023-02-13 10:29:22 +00:00
metalefty
f3dc94448c
Merge pull request #2537 from metalefty/sound-log
sound: logging improvements
2023-02-13 10:38:31 +09:00
Derek Schrock
829378bba8 Add xrdp-waitforx to wait for X to start with RandR outputs
For some window managers (fvwm2 and fvwm3) if the X server isn't
running and has output it's possible for the window manager to fail or
reconfigure randr incorrectly.

With xrdp-waitfox:
 - Install xrdp-waitfox to the BIN dir.
 - sesman will run xrdp-waitfox as the logged in user.
 - Set an alarm to exit after 30 seconds.
 - Try to open env DISPLAY value's display (10 seconds).
 - Test for RandR extension.
 - Wait for outputs to appear (10 seconds).
2023-02-11 18:01:10 -05:00
Koichiro IWAO
9d7a817e87 chansrv/audin: return UNKNOWN when undefined value
is passed to audin_wave_format_tag_to_str.
2023-02-11 11:51:08 +09:00
Hiero32
1ffe7890d8
sound: fix noise between two playbacks for mp3/aac (#2519)
* sound: fix noise between two playbacks for mp3/aac
* fix sound stuttered on skip operation of vlc
2023-02-09 10:09:04 +09:00
Koichiro IWAO
73a8865561 chansrv/audin,sound: record index of formats array
It helps to know which audio format is in use.
2023-02-09 01:21:45 +09:00
Koichiro IWAO
a355b7bf98 chansrv/audin: record audin (microphone redirection) audio formats 2023-02-09 01:06:44 +09:00
Koichiro IWAO
264ee4a761 chansrv/sound: adjust log level and record wFormatTag as string
These log levels are unintendedly decreased during logging reworking.

Recording audio formats are useful to know which format is used in
current RDP session.
2023-02-09 01:06:44 +09:00
Koichiro IWAO
5f07c648e4 chansrv: add a utility function to convert wFormatTag into string 2023-02-09 01:06:44 +09:00
matt335672
04a9c76087
Merge pull request #2522 from akarl10/startwm-xsession-desktop-files
Debian: use startup command from /usr/share/xsession if DISPLAY_SESSION is set
2023-02-02 14:21:51 +00:00
akarl10
093baad9b0 try using startup command in /usr/share/xsessions
gnome shell has a way to start different desktop profiles, but all
use the same gnome-session binary.

currently implemented only for debian based distributions
2023-02-02 14:54:56 +01:00
matt335672
9e53b72c80
Merge pull request #2528 from akarl10/chansrv-fuse-display-variable
Add %d and %D to fuse mount path for local mounts.
2023-02-02 10:36:49 +00:00
akarl10
46398fcda5 [chansrv-fuse] refactoring to make compiler happier 2023-02-01 16:03:32 +01:00
Michael Saxl
2052664d69 [chansrv-fuse] do also % substitutions when relative paths are used 2023-01-31 20:11:26 +01:00
akarl10
3458210c1c [chansrv-fuse] Add %d and %D as path replacement variables
%d is the numeric display number
%D is the DISPLAY environment variable

this enables the concurrent use of fuse in multiple sessions of the same
user
2023-01-31 19:41:02 +01:00
matt335672
5ed9b96530 Add missing include guards 2023-01-31 09:30:36 +00:00
matt335672
02a3821f4d Remove libipm_msg_in_start()
The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
2023-01-30 14:31:16 +00:00
matt335672
5f030a95b7 Don't try to listen on the scard socket if it isn't there
If the scard local socket can't be created, there's no point
in trying to listen on it. This will just fill the chansrv log
file with errors.
2023-01-16 13:41:18 +00:00
matt335672
9b846b7b7e
Merge pull request #2473 from matt335672/bsd_setusercontext
Implement BSD setusercontext
2023-01-13 11:24:09 +00:00
matt335672
af69606e0b Remove support for x11rdp
X11rdp has been deprecated now since xrdp v0.9.7 (June 2018). This
commit removes support for it from xrdp itself.
2023-01-05 11:26:44 +00:00
matt335672
a35082e6c5 Call g_set_allusercontext() on appropriate systems 2023-01-05 10:52:08 +00:00
matt335672
cd58d14cef Fix compilation on OpenBSD 2023-01-05 10:52:08 +00:00
matt335672
851bed680c Update sesman tools for new interfaces
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.

sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.

sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
2022-12-22 11:35:02 +00:00
matt335672
fd99653957 Update sesman authentication processing
Update sesman to cope with separate authentication/authorization (AA) and
command processing.

Also, internally users are now tracked by UID rather thn username.
This addresses a problem found by some users using federated naming
services (e.g. Active Directory) where the same user can be referred to
in more than one way. See https://github.com/neutrinolabs/xrdp/issues/1823

The separation of AA in this way allows for multiple attempts to be made
on one connection to get a password right. This addresses MaxLoginRetry
not working (https://github.com/neutrinolabs/xrdp/issues/1739)
2022-12-22 11:35:02 +00:00
matt335672
c5b6479985 Update authtest utility
This change allows the authtest utility to exercise the updated
auth module interface which includes UDS authentication and
improved error logging.
2022-12-22 11:35:02 +00:00
matt335672
d2a5fcdcd8 Update other auth modules to use new interface
The previous commit introduced a new interface for the auth modules.  This
commit simply updates the other auth modules to use the new interface.

The basic auth module is also updated so that if a user has a shadow
password entry indicated, but the shadow entry cannot be found, an error
is logged rather than silently succeeding.

The BSD authentication module is also updated to allow it to be
compiled on a Linux system for basic testing.
2022-12-22 11:35:02 +00:00
matt335672
2a3cec4125 Update PAM auth module for UDS logins
An extra method auth_uds() is added to the PAM module to
allow a 'struct auth_info' to be created for a UDS login. The PAM stack
is used to check the UDS user can be authorized.

Also, an error code is returned from the auth module rather than a
simple boolean. This allows a more complete status to be communicated
to the user. See https://github.com/neutrinolabs/xrdp/discussions/1921
and also #909 and #642
2022-12-22 11:35:02 +00:00
matt335672
891efed9ad Remove nested includes from sesman.h
The intention is to improve decoupling of the modules making up
sesman.
2022-12-22 11:35:02 +00:00
matt335672
a16e56f711 Add function to get user information by UID
Moving to a uid_t to store the user information makes a lot
of sense. When doing this, we need a function to get information
about a user from the uid_t

As well as creating the function g_getuser_info_by_uid() we also
rename g_getuser_info() to g_getuser_info_by_name() and make the
parameter ordering more usual.
2022-12-22 11:35:02 +00:00
otaconix
c04bf92552
Tiny fix in pseudocode description of startwm.sh
I realize there's not much value in this PR, but I noticed this, so I thought I'd fix it 🙂
2022-12-21 11:54:05 +01:00
matt335672
a6714225e6 Changes to verify_user_kerberos.c 2022-12-13 11:09:33 +00:00
matt335672
767d861df4 Add authtest
Also, change the sesman Makefile generation to make it easy to pick the
correct authorization module for the authtest utility.
2022-12-13 11:09:33 +00:00
metalefty
321f124c73
Merge pull request #2459 from matt335672/pcscd_sock_permissions
Set permissions on pcsc socket dir to owner only
2022-12-10 21:11:44 +09:00
matt335672
b5b047458e Remove unused g_full_name_for_filesystem
Not only was this unused, the way it was read could lead to a
buffer overflow (CVE-2022-23480)
2022-12-09 18:11:03 +00:00
matt335672
ae7c17e1f6 CVE-2022-23480
Added length checking to redirector response parsing
2022-12-09 18:11:03 +00:00
matt335672
96afae1ec5 CVE-2022-23477
Prevent buffer overflow for oversized audio format from client
2022-12-09 17:33:34 +00:00
matt335672
89c873e4aa Set permissions on pcsc socket dir to owner only
There is no reason for any user other than the current one to be able
to communicate with the remote smartcard.
2022-12-09 11:55:31 +00:00
matt335672
8fc5610dad
Remove unnecesssary data from struct auth_info (#2438)
When using PAM authentication, a copy is made of the username and password in the auth_info structure.

The password copy is not cleared from memory when the structure is deallocated. This could mean the password is revealed to an attacker from a coredump.

One solution is to clear the password when the struct is deallocated. However, the username and password in the auth_info struct are only required for the duration of the PAM conversation function. A better solution is to remove the username and password from the auth_info struct entirely, and just use pointers for the duration of the time the callback function is used.
2022-11-28 10:05:20 +00:00
matt335672
3a0a932472 Add --reload option to sesman
Adds a --reload switch to sesman and plumbs this in
to systemctl reload xrdp-sesman.service
2022-11-09 09:46:36 +00:00
matt335672
660ac303f0 Replace various types used for auth_info
The loadable sesman authentication modules use different types for the
authentication handle returned from auth_userpass(). The PAM module
uses a pointer, and the other modules use (effectively) a boolean. Within
sesman itself, a long or tbus (intptr_t) is used.

This PR replaces all of these types with a pointer to an incomplete type.

Consequently:-
- A single better-labelled type is used it all places within sesman so
  it's more obvious what's being handled.
- There is no need to cast the authentication handle within the PAM
  module to a long and back again.
- The compiler can check function signatures between auth.h and the
  various verify modules.
2022-09-16 10:46:53 +01:00
Khem Raj
fc2d61e0c8 mark count with unused attribute
This may throw a warning with clang-15+ when devel logs are disabled
Fixes
../../../xrdp-0.9.19/sesman/chansrv/chansrv.c:198:9: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-05 22:58:07 -07:00
a1346054
5ff68740e5
remove executable bit from text files 2022-09-03 02:02:14 +00:00
a1346054
7fe18cc1c0
fix typos 2022-09-03 02:01:48 +00:00
matt335672
686bb4e075
Merge pull request #2348 from metalefty/sesman-ini
sesman.ini: mention FreeBSD Xorg path
2022-08-27 12:06:29 +01:00
Koichiro IWAO
235d264a02 sesman.ini: mention FreeBSD Xorg path 2022-08-26 13:56:52 +09:00
Koichiro IWAO
2c25e60abc
sesman: fix spacing in log
[20220301-18:25:01] [INFO ] Starting window manager on display 12from user home directory: /home/user/startwm.sh
                                                                ^^
2022-05-28 01:27:47 +09:00
matt335672
3e488773d7 Updated session allocation policy for sesman
Made session allocation policies more readable and maintainable.

The 'C' policy which was confusing before has been replaced with the
'Separate' keyword. This is a public interface change, but is unlikely
to affect many users.

The logging in session_get_bydata() is substantially improved, making
it far easier to spot why sessions are getting matched or not matched.
2022-05-18 12:35:07 +01:00
matt335672
a4c6c36cf2 Add PAM_RHOST support
Supplies the IP address that an authentication event is
received from as the PAM parameter PAM_RHOST for PAM-capable systems.
2022-05-18 12:35:07 +01:00
matt335672
79bec8110c Unify connection fields for the connected client
The connected client is currently described in two places in
the xrdp_client_info structure:-

1) In the connection_description field. This was introduced as
   field client_ip by commit d797b2cf49
   for xrdp v0.6.0

2) In the client_addr and client_port fields introduced by commit
   25369460a1 for xrdp v0.8.0

This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.

The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).

The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see #2239), and so now only
the IP field is passed to sesman.
2022-05-18 12:35:07 +01:00
matt335672
34fe9b60eb
Merge pull request #1983 from matt335672/pam_group_fix
Moved g_initgroups() call to before auth_start_session()
2022-05-04 09:29:15 +01:00
matt335672
8f1bdaa95e Remove TCP socket support fron chansrv
The code in xrdp_mm.c to connect to chansrv over a TCP socket has
been removed, with the move to UDS. This PR simply removes the
chansrv TCP listening code. Without doing this, some configurations
result in a failure of xrdp to connect to chansrv.
2022-05-03 10:57:41 +01:00
matt335672
0db849fc5c Move SCP to a Unix Domain Socket
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
2022-04-18 09:12:35 +01:00
matt335672
9c30d4c2f8 Add lock_uds module to sesman
When sesman used a standard TCP socket, we were guaranteed only one copy
of sesman could run on on address, as standard TCP listening rules
enforced this. This isn't the case with Unix Domain sockets. This
module implements a locking mechanism for a UDS which emulates the
standard TCP socket behaviour.
2022-04-18 09:09:46 +01:00
matt335672
4183d8ddbf Moved initgroups call to before auth_start_session()
This is required for PAM systems that depend on group membership being
available during PAM processing. This is used by pam_group on FreeBSD
and pam_group on Linux-PAM, although the functionality of both is
different.
2022-04-05 16:07:26 +01:00
matt335672
104304aad1 Open log in sesman before reading config 2022-03-28 19:00:23 +01:00
matt335672
8e27f231fd Add fail2ban logging to PAM authentication requests 2022-03-15 10:45:00 +00:00
matt335672
1746ac2f79 Remove SCP V0 and V1 files 2022-03-15 10:45:00 +00:00
matt335672
bb820cca87 tools: Moved to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
a952ff8542 Remove unused tcp module from tools 2022-03-15 10:45:00 +00:00
matt335672
32f644a907 Removed sestest utility 2022-03-15 10:45:00 +00:00
matt335672
c0cb03801c Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
8bd597a038 Fix signal handling in sesman 2022-03-04 11:37:45 +00:00
matt335672
2484928a5a Change 3rd parameter of log_start() to flags field 2022-03-04 11:37:45 +00:00
matt335672
fcd991844a sesman : Move global declarations to sesman.h 2022-03-03 17:01:55 +00:00
matt335672
b689707d15 Remove unnecessary log message 2022-02-16 11:59:56 +00:00
bin zhong
f8f18e27c5
Merge branch 'neutrinolabs:devel' into devel 2022-02-15 09:52:28 +08:00
zbstao
ff39ce719e Fixed possible infinite loop
Fixed possible infinite loop
2022-02-15 09:41:21 +08:00
matt335672
e1c6afa38e
Merge pull request #2144 from matt335672/remove_s_check
Remove s_check() macro
2022-02-14 09:00:21 +00:00
zbstao
35d400a899 Fixed possible SIGCHILD signal lost
When multiple(eg. 20) xrdp connections are disconnected at the same time(eg.  close all rdp client at the same time), zombie process may be spawned.
2022-02-10 22:18:14 +08:00
matt335672
e6c098e750 Remove s_check() macro 2022-02-09 10:18:15 +00:00
matt335672
eb4a8e342d Add lower bound to sesman data input size check 2022-02-02 10:39:50 +00:00
matt335672
d02059d967 Add missing ssl_sha1_clear()/ssl_md5_clear() calls 2022-01-20 16:43:00 +00:00
matt335672
cffce1f856 Only advertise X11 clip formats we can supply 2022-01-14 11:11:03 +00:00
Kentaro Hayashi
47bc56f5a4 Add sesman.ini new text/file/image restriction settings
RestrictInboundClipboard is added.

Then, RestrictOutboundClipboard/RestrictInboundClipboard configuration
is extended to accept comma separated list.

  * RestrictOutboundClipboard=none
  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image
  * RestrictOutboundClipboard=all
  * RestrictOutboundClipboard=text, image, file

For compatibility, the following configuration is also
accepted (alias)

  * RestrictOutboundClipboard=true
  * RestrictOutboundClipboard=false
  * RestrictOutboundClipboard=yes
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
1d6d80d14f Block inbound clipboard text/image/file respectively
Disable clipboard_event_selection_request call is overkill for
blocking text/image/file purpose.
For example, it breaks existing behavior (slow response from gedit,
gimp as a side effects)

Instead, in clipboard_event_selection_request, these media format will
be blocked respectively which depends on the following configurations
in sesman.ini [Security] section.

  * RestrictInboundClipboard=text
  * RestrictInboundClipboard=file
  * RestrictInboundClipboard=image

You can also set comma separated list.

  * RestrictInboundClipboard=text,file,image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
fb1c4ec945 Block outbound clipboard text/image/file respectively
RestrictOutboundClipboard kills all of test/file/image
transfer via clipboard.

For controlling each content type behavior,
clipboard_xevent is not appropriate place to block respectively.

Instead, in clipboard_event_selection_notify, these media type
will be blocked which depends on the following configurations in
sesman.ini [Security] section.

  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image

You can also set comma separated list

  * RestrictOutboundClipboard=text, file, image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
bd82084505 Extend In/Outbound text,file,image restriction respectively
It supports the extended configurations for sesman.ini:

Before:

  [Security]
  RestrictOutboundClipboard=true or false

After:

  [Security]
  RestrictInboundClipboard=[true or false | text or file or image | comma separated list]
  RestrictOutboundClipboard=[true or false | text or file or image | comma separated list]

Above configuration is disabled by default (false)
And it can be specified comma separated list like this:.

  RestrictInboundClipboard=file, image
  RestrictOutboundClipboard=text, file, image

Note that if RestrictOutboundClipboard=true,file is set,
file is ignored and it is treated as RestrictOutboundClipboard=true

It is same for RestrictInboundClipboard.
2022-01-14 10:17:02 +09:00
matt335672
ab0e141fa9
Merge pull request #2011 from matt335672/unify_scpv0_code
Unify scpv0 code #2011
2022-01-05 11:06:42 +00:00
Kentaro Hayashi
53027ad5af Use LOG instead of LOG_DEVEL
According to https://github.com/neutrinolabs/xrdp/wiki/Logging,
it may be better to emit this log message because this log is
useful for system administrator to know whether RestrictOutboundClipboard
configuration works or not

And raise log level to info because it is informative for system
administrator.
2021-12-23 12:58:35 +09:00
Kentaro Hayashi
23906383b6 clipboard: Fix wrong debug level log message for g_file_atom2
As g_file_atom2 is x-special/gnome-copied-files
(See g_file_atom2 definition in sesman/chansrv/clipboard.c),
it should be "x-special/gnome-copied-files" in this context.

Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
2021-12-06 12:40:41 +09:00
matt335672
5c610aee28 Modify sesrun to use common SCP V0 interface 2021-11-25 13:30:34 +00:00
matt335672
30a92cb095 Changes to libtrans interface 2021-11-25 13:30:34 +00:00
matt335672
5862a6123f Changes for unifying libscp code 2021-11-25 13:30:34 +00:00
matt335672
8b9b22c773 Create shared GUID module to simplify session guid handling 2021-11-25 13:29:55 +00:00
matt335672
ce23c824ea
Merge pull request #1976 from matt335672/fail2ban_support
Fail2ban support (#1076)
2021-11-18 10:11:12 +00:00
matt335672
a49144be73 Avoid deadlock in clipboard copy code 2021-10-25 16:16:59 +01:00
matt335672
b87b7f9ee8 Add xfuse_path_in_xfuse_fs() 2021-10-25 16:16:54 +01:00
matt335672
0b28fe05b6 Address review comments 2021-10-25 11:35:35 +01:00
matt335672
5fb621ca53 Logged IP address for fail2ban on login failure 2021-10-25 11:35:35 +01:00
matt335672
60016c1f75 Rename client_ip to connection_description 2021-10-25 11:35:35 +01:00
matt335672
d868c00e2c Adding (working) stanza for Apline to startwm.sh 2021-09-27 14:41:44 +01:00
matt335672
346f48401e Revert 57bf8b8a5c 2021-09-27 10:52:18 +01:00
matt335672
32d5d7cc27
Merge pull request #2001 from metalefty/clipfile-fail
clipboard file: Implement MS-RDPECLIP 3.1.5.4.7 compliance (#2001)
2021-09-21 10:37:35 +01:00
Koichiro IWAO
eb848747d2
clipboard file: adjust log level and add some detailed info 2021-09-21 18:19:47 +09:00
Koichiro IWAO
ad13956b12
clipboard file: Implement MS-RDPECLIP 3.1.5.4.7 compliance
If the requested file data could not be retrieved or the sender received
an unsuccessful Format List Response PDU (section 3.1.5.2.4), then the
clipHeader field MUST contain the CB_RESPONSE_FAIL (0x0002) flag and the
requestedFileContentsData field MUST contain no data (zero-length).

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpeclip/5d3991e9-440d-4e4d-8b8d-391c324c4007

Fixes #1997.
2021-09-21 16:50:42 +09:00
matt335672
2dbec63327 Add Nautilus 3 compatibility 2021-09-16 10:02:02 +01:00
matt335672
253ea6eb6d Send clip response for string while file list is available 2021-09-16 10:02:02 +01:00
matt335672
d9988c340c Improve error checking and logging for returned CLIPRDR_FILELIST 2021-09-16 10:02:02 +01:00
matt335672
e1bbef99aa Check CLIPRDR_FILEDESCRIPTOR is present before reading it 2021-09-09 14:38:07 +01:00
matt335672
8fdf7b518c Correct filename padding skip in CLIPRDR_FILEDESCRIPTOR 2021-09-09 14:38:04 +01:00
matt335672
6a5895ce37 Remove unnecessary malloc/free 2021-09-09 14:37:35 +01:00