g_strncpy() is the wrong function for copying strings in struct utmp[x]
as it always terminates strings.
strncpy() itself would be a good choice, but is marked by many compilers
as being unsafe to use.
str2memcpy() is taken from util-linux, and is exactly right for this
application.
POSIX.1 doesn't define ut_host in struct utmpx. Also, Linux has support
for an exit status value in ut_exit. This commit adds conditional code
for both ut_host and ut_exit to maximise portability.
- renamed the two files, including the header was conflicting with official headers
- configure look for utmp/utmpx headers, wo we know which struct to use
- reworked the usage for linux, works mostly (last still showing 'gone' for loggued users)
- Use clearenv() if it exists
- Don't rely on <limits.h> being pulled in by <sys/param.h>
- Rename the DEFAULT_TYPE macro in sesrun.c. This name appears to be
used on Solaris. It's not a good choice.
Now we've made the XRDP_SOCKET_PATH only writeable by root, it's
safe to move the sesman socket back into this directory. We no longer
need a separate sesmanruntimedir
The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.
XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>
XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
The sockdir is only used when sesman is active. The
call g_mk_socket_path() is removed from os_calls and moved to
sesman.
We also change the permissions on this directory to
0755 rather than 01777 (01000 is the 'sticky bit', S_ISVTX).
The behaviour of g_create_dir() has been modified to not
set S_ISVTX on Linux directories. This is implementation-defined
behaviour according to 1003.1, and is no longer required for the
sockdir.
- added (temporary) suppression of Cppcheck `shiftTooManyBits` false positives in `libxrdp/xrdp_mppc_enc.c`
- added (temporary) suppression of Cppcheck `uninitMemberVar` true positives in `ulalaca/ulalaca.cpp` until fixes land downstream
- fix Cppcheck `nullPointerRedundantCheck` in `sesman/chansrv/clipboard.c`
- fix Cppcheck `syntaxError` in `fontutils/mkfv1.c` because it doesn't see the `freetype/fterrors.h` header / removed astyle workaround
Improve the built-in access checks for sesman/sesexec:-
- Group existence is checked for at login-time rather than program
start time
- The name of the group is now included in the message
Also, check for UID == 0 when checking for root, rather than just
checking the name (which might be an alias)
When significant amounts of data is coming from the client in a
fragmented CLIPRDR_DATA_RESPONSE PDU, this code provides a way to
start copying it to a requesting client before it is all read.
The only advantage of this code is to provide a slight speedup
before a paste is visible on the server.
There are significant problems with this code. Notably, it is
very difficult to parse Unicode text coming through this route. Each
UTF-16 character can occupy up to 4 bytes, and a fragmentation
boundary could occur at any point within a UTF-16 character.
Most of the Microsoft RDP documentation describes PDUs on-the-wire.
However, [MS-RDPESC] doesn't do this. It uses DCE IDL to describe the
contents of the PDUs sent over the File System Virtual Channel.
Ideally we'd use an IDL compiler to generate the interfaces in
[MS-RDPESC]. We don't have one though, so all PDUs are read and written
with the low-level streaming routines. It's not clear in the existing
code how IDL is mapped down to this level.
This commit updates the smartcard code with comments which will enable
maintainers to better understand the IDL-to-streaming mappings.