The code to determine the socket address of chansrv when using
a manually started xrdp-chansrv may need some help determining
the UID of the session.
This commit allows a UID to be optionally specified in the
DISPLAY() function, if the code is unable to determine the
UID automatically from the connection parameters.
If a manual chansrvport is entered, xrdp now logs what it is
connecting to, to assist in debugging.
This commit allows a keycode_set to be specified as a module parameter
in xrdp.ini. This has the following effects:-
1) xrdp loads the specified keycode set for mapping RDP scancodes to
X11 keycodes. These are then passed to xorgxrdp as part of key press/
key release events.
2) The name of the XKB rules which use the specified keycode set are
passed to xorgxrdp so that XKB can be configured with rules which
match the chosen keycodes.
The effect is to remove all keycode set dependencies from xorgxrdp.
Normally evdev rules and evdev keycodes will be used but base rules and
base keycodes can be used instead for applications that require them.
Also, any systems which do not ship the evdev rules can be made to
work with base rules.
Files included in distribution tarball must always be enumerated,
not be enumerated conditionally.
Resolves: #3149
(cherry picked from commit e83dcc52eb)
If the setting require_credentials is true, there should be no way
for the user to get to a login screen.
This commit makes the following changes if this flag is active:-
- Makes the checks around TS_INFO_PACKET more explicit.
- Closes the connection if the first login attempt fails.
On Linux, the TCP send buffer size is increased to 32768 if it is less
that this (which it normally is). This however has the effect of disabling
dynamic buffer sizing, leading to a maximum available bandwidth of
max_bandwidth = 262144 (bits) / round_trip_time (secs)
This is not noticeable on a LAN with an RTT of around 0.5ms, but
very noticeable on a WAN with an RTT of 0.25s.
Comments in the config file and manpage in this area are improved, as
is the logging if the parameters are actually set.
Now we've made the XRDP_SOCKET_PATH only writeable by root, it's
safe to move the sesman socket back into this directory. We no longer
need a separate sesmanruntimedir
The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.
XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>
XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
This allows Linux's no_new_privs restriction to be disabled when starting
the X server, which may be desirable if xrdp is running inside a kernel
confinement framework such as AppArmor or SELinux.
When allocating a display number, we should be aware that
IANA only allow TCP displays up to :63. This PR adds that restriction in
to sesman.ini as a default, to prevent us allocating unavailable TCP
ports.
By default TCP ports are not enabled for X servers, but users can easily
change this if they wish to access X displays directly over the network.
This restriction is in addition to the MaxSessions limit already present
in sesman.ini
By setting the new config value 'AllowAlternateShell' to 'no' it is now
possible to prevent the use of an alternate shell, which can be set by
the connecting user.
The default remains unchanged and any shell is allowed if the config
value is not specified. It can also be set explicitly to 'yes' to achieve
the same outcome.
Fixes: #850
xrdp is updated to use the separate authenticate/authorization (AA) and
command processing interface now provided by sesman.
PAM processing has been removed entirely and moved into the seman PAM
module. As a result, gateway processing for proxy use-cases can be
made use of by non-PAM systems.
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.
sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.
sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
Since multiple processes can write logs simultaneously, and there
is no explicit synchronization between them, logs redirected to
stdout may interleave. When logging to the disk file, synchronization
is obtained by using a combination of O_APPEND and O_SYNC flags when
log file is being opened, which is not possible when <stdout>
redirection is in use.
So documentation is updated to cleanly notify that this is debug-only
feature, not for regular use
This commit adds the variables fv1_select and default_dpi to
xrdp.ini. These variables allow for a different font to be
loaded, depending on the DPI of the login screen.
To generate new fonts, the freetype2 library is required. This
can now be specified by configure in the usual way. If it's missing,
new fonts cannot be generated.
Made session allocation policies more readable and maintainable.
The 'C' policy which was confusing before has been replaced with the
'Separate' keyword. This is a public interface change, but is unlikely
to affect many users.
The logging in session_get_bydata() is substantially improved, making
it far easier to spot why sessions are getting matched or not matched.
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.
The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds