The code in xrdp_mm.c to connect to chansrv over a TCP socket has
been removed, with the move to UDS. This PR simply removes the
chansrv TCP listening code. Without doing this, some configurations
result in a failure of xrdp to connect to chansrv.
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.
The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
When sesman used a standard TCP socket, we were guaranteed only one copy
of sesman could run on on address, as standard TCP listening rules
enforced this. This isn't the case with Unix Domain sockets. This
module implements a locking mechanism for a UDS which emulates the
standard TCP socket behaviour.
This is required for PAM systems that depend on group membership being
available during PAM processing. This is used by pam_group on FreeBSD
and pam_group on Linux-PAM, although the functionality of both is
different.
Disable clipboard_event_selection_request call is overkill for
blocking text/image/file purpose.
For example, it breaks existing behavior (slow response from gedit,
gimp as a side effects)
Instead, in clipboard_event_selection_request, these media format will
be blocked respectively which depends on the following configurations
in sesman.ini [Security] section.
* RestrictInboundClipboard=text
* RestrictInboundClipboard=file
* RestrictInboundClipboard=image
You can also set comma separated list.
* RestrictInboundClipboard=text,file,image
RestrictOutboundClipboard kills all of test/file/image
transfer via clipboard.
For controlling each content type behavior,
clipboard_xevent is not appropriate place to block respectively.
Instead, in clipboard_event_selection_notify, these media type
will be blocked which depends on the following configurations in
sesman.ini [Security] section.
* RestrictOutboundClipboard=text
* RestrictOutboundClipboard=file
* RestrictOutboundClipboard=image
You can also set comma separated list
* RestrictOutboundClipboard=text, file, image
It supports the extended configurations for sesman.ini:
Before:
[Security]
RestrictOutboundClipboard=true or false
After:
[Security]
RestrictInboundClipboard=[true or false | text or file or image | comma separated list]
RestrictOutboundClipboard=[true or false | text or file or image | comma separated list]
Above configuration is disabled by default (false)
And it can be specified comma separated list like this:.
RestrictInboundClipboard=file, image
RestrictOutboundClipboard=text, file, image
Note that if RestrictOutboundClipboard=true,file is set,
file is ignored and it is treated as RestrictOutboundClipboard=true
It is same for RestrictInboundClipboard.
According to https://github.com/neutrinolabs/xrdp/wiki/Logging,
it may be better to emit this log message because this log is
useful for system administrator to know whether RestrictOutboundClipboard
configuration works or not
And raise log level to info because it is informative for system
administrator.
As g_file_atom2 is x-special/gnome-copied-files
(See g_file_atom2 definition in sesman/chansrv/clipboard.c),
it should be "x-special/gnome-copied-files" in this context.
Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
