Commit Graph

1167 Commits

Author SHA1 Message Date
matt335672
86d0d0e9fd Addressed review comments 2023-02-13 14:28:29 +00:00
matt335672
acdfd12cb6 Fix typo in chansrv_fuse.c
The code as it stands is checking two file descriptors for possible
input, but only one needs to be checked.
2023-02-13 14:28:29 +00:00
matt335672
78fa1c15b2 Replace select() system call with poll()
poll() is specified in POSIX.1-2001 as a simpler interface for
multiplexed file descriptors than select(). It also provides more
functionality.

This PR replaces the select() calls used in xrdp with poll()
equivalents.
2023-02-13 14:28:29 +00:00
matt335672
a27440c237
Merge pull request #2492 from derekschrock/randr-wait
Add xrdp-waitforx to wait for X to start with RandR outputs
2023-02-13 10:29:22 +00:00
metalefty
f3dc94448c
Merge pull request #2537 from metalefty/sound-log
sound: logging improvements
2023-02-13 10:38:31 +09:00
Derek Schrock
829378bba8 Add xrdp-waitforx to wait for X to start with RandR outputs
For some window managers (fvwm2 and fvwm3) if the X server isn't
running and has output it's possible for the window manager to fail or
reconfigure randr incorrectly.

With xrdp-waitfox:
 - Install xrdp-waitfox to the BIN dir.
 - sesman will run xrdp-waitfox as the logged in user.
 - Set an alarm to exit after 30 seconds.
 - Try to open env DISPLAY value's display (10 seconds).
 - Test for RandR extension.
 - Wait for outputs to appear (10 seconds).
2023-02-11 18:01:10 -05:00
Koichiro IWAO
9d7a817e87 chansrv/audin: return UNKNOWN when undefined value
is passed to audin_wave_format_tag_to_str.
2023-02-11 11:51:08 +09:00
Hiero32
1ffe7890d8
sound: fix noise between two playbacks for mp3/aac (#2519)
* sound: fix noise between two playbacks for mp3/aac
* fix sound stuttered on skip operation of vlc
2023-02-09 10:09:04 +09:00
Koichiro IWAO
73a8865561 chansrv/audin,sound: record index of formats array
It helps to know which audio format is in use.
2023-02-09 01:21:45 +09:00
Koichiro IWAO
a355b7bf98 chansrv/audin: record audin (microphone redirection) audio formats 2023-02-09 01:06:44 +09:00
Koichiro IWAO
264ee4a761 chansrv/sound: adjust log level and record wFormatTag as string
These log levels are unintendedly decreased during logging reworking.

Recording audio formats are useful to know which format is used in
current RDP session.
2023-02-09 01:06:44 +09:00
Koichiro IWAO
5f07c648e4 chansrv: add a utility function to convert wFormatTag into string 2023-02-09 01:06:44 +09:00
matt335672
04a9c76087
Merge pull request #2522 from akarl10/startwm-xsession-desktop-files
Debian: use startup command from /usr/share/xsession if DISPLAY_SESSION is set
2023-02-02 14:21:51 +00:00
akarl10
093baad9b0 try using startup command in /usr/share/xsessions
gnome shell has a way to start different desktop profiles, but all
use the same gnome-session binary.

currently implemented only for debian based distributions
2023-02-02 14:54:56 +01:00
matt335672
9e53b72c80
Merge pull request #2528 from akarl10/chansrv-fuse-display-variable
Add %d and %D to fuse mount path for local mounts.
2023-02-02 10:36:49 +00:00
akarl10
46398fcda5 [chansrv-fuse] refactoring to make compiler happier 2023-02-01 16:03:32 +01:00
Michael Saxl
2052664d69 [chansrv-fuse] do also % substitutions when relative paths are used 2023-01-31 20:11:26 +01:00
akarl10
3458210c1c [chansrv-fuse] Add %d and %D as path replacement variables
%d is the numeric display number
%D is the DISPLAY environment variable

this enables the concurrent use of fuse in multiple sessions of the same
user
2023-01-31 19:41:02 +01:00
matt335672
5ed9b96530 Add missing include guards 2023-01-31 09:30:36 +00:00
matt335672
02a3821f4d Remove libipm_msg_in_start()
The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
2023-01-30 14:31:16 +00:00
matt335672
5f030a95b7 Don't try to listen on the scard socket if it isn't there
If the scard local socket can't be created, there's no point
in trying to listen on it. This will just fill the chansrv log
file with errors.
2023-01-16 13:41:18 +00:00
matt335672
9b846b7b7e
Merge pull request #2473 from matt335672/bsd_setusercontext
Implement BSD setusercontext
2023-01-13 11:24:09 +00:00
matt335672
af69606e0b Remove support for x11rdp
X11rdp has been deprecated now since xrdp v0.9.7 (June 2018). This
commit removes support for it from xrdp itself.
2023-01-05 11:26:44 +00:00
matt335672
a35082e6c5 Call g_set_allusercontext() on appropriate systems 2023-01-05 10:52:08 +00:00
matt335672
cd58d14cef Fix compilation on OpenBSD 2023-01-05 10:52:08 +00:00
matt335672
851bed680c Update sesman tools for new interfaces
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.

sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.

sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
2022-12-22 11:35:02 +00:00
matt335672
fd99653957 Update sesman authentication processing
Update sesman to cope with separate authentication/authorization (AA) and
command processing.

Also, internally users are now tracked by UID rather thn username.
This addresses a problem found by some users using federated naming
services (e.g. Active Directory) where the same user can be referred to
in more than one way. See https://github.com/neutrinolabs/xrdp/issues/1823

The separation of AA in this way allows for multiple attempts to be made
on one connection to get a password right. This addresses MaxLoginRetry
not working (https://github.com/neutrinolabs/xrdp/issues/1739)
2022-12-22 11:35:02 +00:00
matt335672
c5b6479985 Update authtest utility
This change allows the authtest utility to exercise the updated
auth module interface which includes UDS authentication and
improved error logging.
2022-12-22 11:35:02 +00:00
matt335672
d2a5fcdcd8 Update other auth modules to use new interface
The previous commit introduced a new interface for the auth modules.  This
commit simply updates the other auth modules to use the new interface.

The basic auth module is also updated so that if a user has a shadow
password entry indicated, but the shadow entry cannot be found, an error
is logged rather than silently succeeding.

The BSD authentication module is also updated to allow it to be
compiled on a Linux system for basic testing.
2022-12-22 11:35:02 +00:00
matt335672
2a3cec4125 Update PAM auth module for UDS logins
An extra method auth_uds() is added to the PAM module to
allow a 'struct auth_info' to be created for a UDS login. The PAM stack
is used to check the UDS user can be authorized.

Also, an error code is returned from the auth module rather than a
simple boolean. This allows a more complete status to be communicated
to the user. See https://github.com/neutrinolabs/xrdp/discussions/1921
and also #909 and #642
2022-12-22 11:35:02 +00:00
matt335672
891efed9ad Remove nested includes from sesman.h
The intention is to improve decoupling of the modules making up
sesman.
2022-12-22 11:35:02 +00:00
matt335672
a16e56f711 Add function to get user information by UID
Moving to a uid_t to store the user information makes a lot
of sense. When doing this, we need a function to get information
about a user from the uid_t

As well as creating the function g_getuser_info_by_uid() we also
rename g_getuser_info() to g_getuser_info_by_name() and make the
parameter ordering more usual.
2022-12-22 11:35:02 +00:00
otaconix
c04bf92552
Tiny fix in pseudocode description of startwm.sh
I realize there's not much value in this PR, but I noticed this, so I thought I'd fix it 🙂
2022-12-21 11:54:05 +01:00
matt335672
a6714225e6 Changes to verify_user_kerberos.c 2022-12-13 11:09:33 +00:00
matt335672
767d861df4 Add authtest
Also, change the sesman Makefile generation to make it easy to pick the
correct authorization module for the authtest utility.
2022-12-13 11:09:33 +00:00
metalefty
321f124c73
Merge pull request #2459 from matt335672/pcscd_sock_permissions
Set permissions on pcsc socket dir to owner only
2022-12-10 21:11:44 +09:00
matt335672
b5b047458e Remove unused g_full_name_for_filesystem
Not only was this unused, the way it was read could lead to a
buffer overflow (CVE-2022-23480)
2022-12-09 18:11:03 +00:00
matt335672
ae7c17e1f6 CVE-2022-23480
Added length checking to redirector response parsing
2022-12-09 18:11:03 +00:00
matt335672
96afae1ec5 CVE-2022-23477
Prevent buffer overflow for oversized audio format from client
2022-12-09 17:33:34 +00:00
matt335672
89c873e4aa Set permissions on pcsc socket dir to owner only
There is no reason for any user other than the current one to be able
to communicate with the remote smartcard.
2022-12-09 11:55:31 +00:00
matt335672
8fc5610dad
Remove unnecesssary data from struct auth_info (#2438)
When using PAM authentication, a copy is made of the username and password in the auth_info structure.

The password copy is not cleared from memory when the structure is deallocated. This could mean the password is revealed to an attacker from a coredump.

One solution is to clear the password when the struct is deallocated. However, the username and password in the auth_info struct are only required for the duration of the PAM conversation function. A better solution is to remove the username and password from the auth_info struct entirely, and just use pointers for the duration of the time the callback function is used.
2022-11-28 10:05:20 +00:00
matt335672
3a0a932472 Add --reload option to sesman
Adds a --reload switch to sesman and plumbs this in
to systemctl reload xrdp-sesman.service
2022-11-09 09:46:36 +00:00
matt335672
660ac303f0 Replace various types used for auth_info
The loadable sesman authentication modules use different types for the
authentication handle returned from auth_userpass(). The PAM module
uses a pointer, and the other modules use (effectively) a boolean. Within
sesman itself, a long or tbus (intptr_t) is used.

This PR replaces all of these types with a pointer to an incomplete type.

Consequently:-
- A single better-labelled type is used it all places within sesman so
  it's more obvious what's being handled.
- There is no need to cast the authentication handle within the PAM
  module to a long and back again.
- The compiler can check function signatures between auth.h and the
  various verify modules.
2022-09-16 10:46:53 +01:00
Khem Raj
fc2d61e0c8 mark count with unused attribute
This may throw a warning with clang-15+ when devel logs are disabled
Fixes
../../../xrdp-0.9.19/sesman/chansrv/chansrv.c:198:9: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-09-05 22:58:07 -07:00
a1346054
5ff68740e5
remove executable bit from text files 2022-09-03 02:02:14 +00:00
a1346054
7fe18cc1c0
fix typos 2022-09-03 02:01:48 +00:00
matt335672
686bb4e075
Merge pull request #2348 from metalefty/sesman-ini
sesman.ini: mention FreeBSD Xorg path
2022-08-27 12:06:29 +01:00
Koichiro IWAO
235d264a02 sesman.ini: mention FreeBSD Xorg path 2022-08-26 13:56:52 +09:00
Koichiro IWAO
2c25e60abc
sesman: fix spacing in log
[20220301-18:25:01] [INFO ] Starting window manager on display 12from user home directory: /home/user/startwm.sh
                                                                ^^
2022-05-28 01:27:47 +09:00
matt335672
3e488773d7 Updated session allocation policy for sesman
Made session allocation policies more readable and maintainable.

The 'C' policy which was confusing before has been replaced with the
'Separate' keyword. This is a public interface change, but is unlikely
to affect many users.

The logging in session_get_bydata() is substantially improved, making
it far easier to spot why sessions are getting matched or not matched.
2022-05-18 12:35:07 +01:00
matt335672
a4c6c36cf2 Add PAM_RHOST support
Supplies the IP address that an authentication event is
received from as the PAM parameter PAM_RHOST for PAM-capable systems.
2022-05-18 12:35:07 +01:00
matt335672
79bec8110c Unify connection fields for the connected client
The connected client is currently described in two places in
the xrdp_client_info structure:-

1) In the connection_description field. This was introduced as
   field client_ip by commit d797b2cf49
   for xrdp v0.6.0

2) In the client_addr and client_port fields introduced by commit
   25369460a1 for xrdp v0.8.0

This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.

The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).

The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see #2239), and so now only
the IP field is passed to sesman.
2022-05-18 12:35:07 +01:00
matt335672
34fe9b60eb
Merge pull request #1983 from matt335672/pam_group_fix
Moved g_initgroups() call to before auth_start_session()
2022-05-04 09:29:15 +01:00
matt335672
8f1bdaa95e Remove TCP socket support fron chansrv
The code in xrdp_mm.c to connect to chansrv over a TCP socket has
been removed, with the move to UDS. This PR simply removes the
chansrv TCP listening code. Without doing this, some configurations
result in a failure of xrdp to connect to chansrv.
2022-05-03 10:57:41 +01:00
matt335672
0db849fc5c Move SCP to a Unix Domain Socket
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
2022-04-18 09:12:35 +01:00
matt335672
9c30d4c2f8 Add lock_uds module to sesman
When sesman used a standard TCP socket, we were guaranteed only one copy
of sesman could run on on address, as standard TCP listening rules
enforced this. This isn't the case with Unix Domain sockets. This
module implements a locking mechanism for a UDS which emulates the
standard TCP socket behaviour.
2022-04-18 09:09:46 +01:00
matt335672
4183d8ddbf Moved initgroups call to before auth_start_session()
This is required for PAM systems that depend on group membership being
available during PAM processing. This is used by pam_group on FreeBSD
and pam_group on Linux-PAM, although the functionality of both is
different.
2022-04-05 16:07:26 +01:00
matt335672
104304aad1 Open log in sesman before reading config 2022-03-28 19:00:23 +01:00
matt335672
8e27f231fd Add fail2ban logging to PAM authentication requests 2022-03-15 10:45:00 +00:00
matt335672
1746ac2f79 Remove SCP V0 and V1 files 2022-03-15 10:45:00 +00:00
matt335672
bb820cca87 tools: Moved to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
a952ff8542 Remove unused tcp module from tools 2022-03-15 10:45:00 +00:00
matt335672
32f644a907 Removed sestest utility 2022-03-15 10:45:00 +00:00
matt335672
c0cb03801c Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
8bd597a038 Fix signal handling in sesman 2022-03-04 11:37:45 +00:00
matt335672
2484928a5a Change 3rd parameter of log_start() to flags field 2022-03-04 11:37:45 +00:00
matt335672
fcd991844a sesman : Move global declarations to sesman.h 2022-03-03 17:01:55 +00:00
matt335672
b689707d15 Remove unnecessary log message 2022-02-16 11:59:56 +00:00
bin zhong
f8f18e27c5
Merge branch 'neutrinolabs:devel' into devel 2022-02-15 09:52:28 +08:00
zbstao
ff39ce719e Fixed possible infinite loop
Fixed possible infinite loop
2022-02-15 09:41:21 +08:00
matt335672
e1c6afa38e
Merge pull request #2144 from matt335672/remove_s_check
Remove s_check() macro
2022-02-14 09:00:21 +00:00
zbstao
35d400a899 Fixed possible SIGCHILD signal lost
When multiple(eg. 20) xrdp connections are disconnected at the same time(eg.  close all rdp client at the same time), zombie process may be spawned.
2022-02-10 22:18:14 +08:00
matt335672
e6c098e750 Remove s_check() macro 2022-02-09 10:18:15 +00:00
matt335672
eb4a8e342d Add lower bound to sesman data input size check 2022-02-02 10:39:50 +00:00
matt335672
d02059d967 Add missing ssl_sha1_clear()/ssl_md5_clear() calls 2022-01-20 16:43:00 +00:00
matt335672
cffce1f856 Only advertise X11 clip formats we can supply 2022-01-14 11:11:03 +00:00
Kentaro Hayashi
47bc56f5a4 Add sesman.ini new text/file/image restriction settings
RestrictInboundClipboard is added.

Then, RestrictOutboundClipboard/RestrictInboundClipboard configuration
is extended to accept comma separated list.

  * RestrictOutboundClipboard=none
  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image
  * RestrictOutboundClipboard=all
  * RestrictOutboundClipboard=text, image, file

For compatibility, the following configuration is also
accepted (alias)

  * RestrictOutboundClipboard=true
  * RestrictOutboundClipboard=false
  * RestrictOutboundClipboard=yes
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
1d6d80d14f Block inbound clipboard text/image/file respectively
Disable clipboard_event_selection_request call is overkill for
blocking text/image/file purpose.
For example, it breaks existing behavior (slow response from gedit,
gimp as a side effects)

Instead, in clipboard_event_selection_request, these media format will
be blocked respectively which depends on the following configurations
in sesman.ini [Security] section.

  * RestrictInboundClipboard=text
  * RestrictInboundClipboard=file
  * RestrictInboundClipboard=image

You can also set comma separated list.

  * RestrictInboundClipboard=text,file,image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
fb1c4ec945 Block outbound clipboard text/image/file respectively
RestrictOutboundClipboard kills all of test/file/image
transfer via clipboard.

For controlling each content type behavior,
clipboard_xevent is not appropriate place to block respectively.

Instead, in clipboard_event_selection_notify, these media type
will be blocked which depends on the following configurations in
sesman.ini [Security] section.

  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image

You can also set comma separated list

  * RestrictOutboundClipboard=text, file, image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
bd82084505 Extend In/Outbound text,file,image restriction respectively
It supports the extended configurations for sesman.ini:

Before:

  [Security]
  RestrictOutboundClipboard=true or false

After:

  [Security]
  RestrictInboundClipboard=[true or false | text or file or image | comma separated list]
  RestrictOutboundClipboard=[true or false | text or file or image | comma separated list]

Above configuration is disabled by default (false)
And it can be specified comma separated list like this:.

  RestrictInboundClipboard=file, image
  RestrictOutboundClipboard=text, file, image

Note that if RestrictOutboundClipboard=true,file is set,
file is ignored and it is treated as RestrictOutboundClipboard=true

It is same for RestrictInboundClipboard.
2022-01-14 10:17:02 +09:00
matt335672
ab0e141fa9
Merge pull request #2011 from matt335672/unify_scpv0_code
Unify scpv0 code #2011
2022-01-05 11:06:42 +00:00
Kentaro Hayashi
53027ad5af Use LOG instead of LOG_DEVEL
According to https://github.com/neutrinolabs/xrdp/wiki/Logging,
it may be better to emit this log message because this log is
useful for system administrator to know whether RestrictOutboundClipboard
configuration works or not

And raise log level to info because it is informative for system
administrator.
2021-12-23 12:58:35 +09:00
Kentaro Hayashi
23906383b6 clipboard: Fix wrong debug level log message for g_file_atom2
As g_file_atom2 is x-special/gnome-copied-files
(See g_file_atom2 definition in sesman/chansrv/clipboard.c),
it should be "x-special/gnome-copied-files" in this context.

Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
2021-12-06 12:40:41 +09:00
matt335672
5c610aee28 Modify sesrun to use common SCP V0 interface 2021-11-25 13:30:34 +00:00
matt335672
30a92cb095 Changes to libtrans interface 2021-11-25 13:30:34 +00:00
matt335672
5862a6123f Changes for unifying libscp code 2021-11-25 13:30:34 +00:00
matt335672
8b9b22c773 Create shared GUID module to simplify session guid handling 2021-11-25 13:29:55 +00:00
matt335672
ce23c824ea
Merge pull request #1976 from matt335672/fail2ban_support
Fail2ban support (#1076)
2021-11-18 10:11:12 +00:00
matt335672
a49144be73 Avoid deadlock in clipboard copy code 2021-10-25 16:16:59 +01:00
matt335672
b87b7f9ee8 Add xfuse_path_in_xfuse_fs() 2021-10-25 16:16:54 +01:00
matt335672
0b28fe05b6 Address review comments 2021-10-25 11:35:35 +01:00
matt335672
5fb621ca53 Logged IP address for fail2ban on login failure 2021-10-25 11:35:35 +01:00
matt335672
60016c1f75 Rename client_ip to connection_description 2021-10-25 11:35:35 +01:00
matt335672
d868c00e2c Adding (working) stanza for Apline to startwm.sh 2021-09-27 14:41:44 +01:00
matt335672
346f48401e Revert 57bf8b8a5c 2021-09-27 10:52:18 +01:00
matt335672
32d5d7cc27
Merge pull request #2001 from metalefty/clipfile-fail
clipboard file: Implement MS-RDPECLIP 3.1.5.4.7 compliance (#2001)
2021-09-21 10:37:35 +01:00
Koichiro IWAO
eb848747d2
clipboard file: adjust log level and add some detailed info 2021-09-21 18:19:47 +09:00
Koichiro IWAO
ad13956b12
clipboard file: Implement MS-RDPECLIP 3.1.5.4.7 compliance
If the requested file data could not be retrieved or the sender received
an unsuccessful Format List Response PDU (section 3.1.5.2.4), then the
clipHeader field MUST contain the CB_RESPONSE_FAIL (0x0002) flag and the
requestedFileContentsData field MUST contain no data (zero-length).

https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpeclip/5d3991e9-440d-4e4d-8b8d-391c324c4007

Fixes #1997.
2021-09-21 16:50:42 +09:00
matt335672
2dbec63327 Add Nautilus 3 compatibility 2021-09-16 10:02:02 +01:00
matt335672
253ea6eb6d Send clip response for string while file list is available 2021-09-16 10:02:02 +01:00
matt335672
d9988c340c Improve error checking and logging for returned CLIPRDR_FILELIST 2021-09-16 10:02:02 +01:00
matt335672
e1bbef99aa Check CLIPRDR_FILEDESCRIPTOR is present before reading it 2021-09-09 14:38:07 +01:00
matt335672
8fdf7b518c Correct filename padding skip in CLIPRDR_FILEDESCRIPTOR 2021-09-09 14:38:04 +01:00
matt335672
6a5895ce37 Remove unnecessary malloc/free 2021-09-09 14:37:35 +01:00
matt335672
9d8676f89d Corrected size of filename in struct clip_file_desc 2021-09-09 14:37:27 +01:00
matt335672
8e9fb8008f Addressed review comments 2021-09-08 11:51:21 +01:00
matt335672
d32953c405 Parse DEVICE_ANNOUNCE header correctly 2021-09-08 11:33:43 +01:00
matt335672
b481351ad7
Merge pull request #1954 from metalefty/clipboard-file-log
clipboard: log file transfer for the purpose of audit (#1954)
2021-08-11 09:19:16 +01:00
Koichiro IWAO
1722451715
clipboard: log file transfer for the purpose of audit
Sponsored by: @CyberTrust and @haw
2021-08-11 15:38:24 +09:00
Francesco Colista
57bf8b8a5c sesman/startwm.sh : add support for Alpine Linux 2021-08-09 16:52:11 +02:00
matt335672
5c9839a7f4 Address review comments 2021-07-27 13:36:34 +01:00
matt335672
d4c81229ba Module testing now OK 2021-07-27 13:36:34 +01:00
matt335672
c9afd804a4 Minor const and comment fixes 2021-07-27 13:36:34 +01:00
matt335672
a10de5c5aa Removed struct SCP_CONNECTION type entirely 2021-07-27 13:36:34 +01:00
matt335672
3643cc37ec Fix compile issues with SCP states 2021-07-27 13:36:34 +01:00
Jay Sorg
95d4de206d work on moving to trans for scp v1 2021-07-27 13:36:32 +01:00
Jay Sorg
738e346f81 sesman: work on moving sesman to trans, v0 scp working 2021-07-27 13:35:43 +01:00
matt335672
36ec662a13 Log a message for failed logins 2021-07-19 09:29:04 +01:00
matt335672
20ec03dbe0
Merge pull request #1900 from matt335672/issue1885
Rework VNC text clipboard interface (#1900)
2021-07-07 09:22:57 +01:00
matt335672
a79f5c00b1 Replace snprintf() with g_snprintf() 2021-06-17 15:15:59 +01:00
matt335672
87701051d3 Update conversation header following review 2021-06-10 15:45:49 +01:00
matt335672
ce666a02fa Bring the PAM module up to date 2021-06-10 15:45:49 +01:00
matt335672
87bbfd96ca Use symbolic names for static virtual channel name strings 2021-06-08 14:11:17 +01:00
matt335672
3ea19ef0cd Create ms-rdpeclip.h and update ms-rdpbcgr.h 2021-06-08 14:11:17 +01:00
matt335672
eda01f0853 Fix chansrv unterminated streams 2021-05-28 10:57:12 +01:00
matt335672
d0a8ed37e0 Fix file I/O buffer probs detected by --enable-devel-streamcheck 2021-05-28 10:57:12 +01:00
matt335672
52a52daddd Split development option into separate things 2021-05-28 10:57:12 +01:00
Alexandre Quesnel
52707ac686 Fixing formatting with astyle 2021-05-08 16:58:11 +00:00
Alexandre Quesnel
cbf6adb4be Adding logs to sesman/session.c 2021-04-14 04:41:54 +00:00
matt335672
86c87b6f15 Move get_display_num_from_display to string_calls module 2021-04-13 12:16:00 +01:00
matt335672
e7cb5bd64a Allow DISPLAY=:0 for chansrv and in other modules 2021-04-13 12:15:26 +01:00
matt335672
741be5a4a2 Enable FUSE in cirrus build 2021-04-09 10:04:30 +01:00
aquesnel
0ec471b02d
Add detailed logging to libxrdp (#1742)
* Added s_rem(s) for getting the remaining bytes in a stream
* Added s_rem_out() macro
* Fixed 15bpp pointer error checking
* Combined the 512 and 2048 bit certificate sending  code paths
* Other detailed comments and logging added following MS-RDPBCGR
2021-02-04 10:11:54 +00:00
matt335672
1e13533048 Remove output on stdout by default on daemon startuip 2021-01-07 10:50:16 +00:00
matt335672
8ab3a2e9f8 Bumped cppcheck version to 2.3
addressed resulting warnings
2020-12-31 11:27:14 +00:00
matt335672
8205559959 Fix regressions in auth modules 2020-12-29 09:48:01 +00:00
Khem Raj
d4e9b0f637 correct the location of errno.h
Fixes build on musl

Signed-off-by: Khem Raj <raj.khem@gmail.com>
2020-12-22 23:11:50 -08:00
matt335672
0a1a8f40e5 Moved a lot of string funcs to string_calls module 2020-12-22 11:57:24 +00:00
matt335672
5523847540 Allow FuseMountName for chansrv to be absolute path 2020-12-21 12:36:31 +00:00
metalefty
785db575ca
Merge pull request #1751 from matt335672/address-minor-user-comments
Cosmetic fixes for minor issues
2020-12-21 16:12:58 +09:00
metalefty
61fd63f028
Merge pull request #1756 from metalefty/delete-socket-files
sesman: address the issue of socket file leftovers
2020-12-21 13:49:20 +09:00
metalefty
835536b406
Merge pull request #1741 from matt335672/sesrun-improvements
sesrun improvements and doc fixes
2020-12-21 13:45:57 +09:00
Koichiro IWAO
31214f15a6
sesman: reflect review suggestions on cleanup_sockets
* Use LOG_LEVEL_WARNING for the deletion failure
* Log the error condition when the deletion failed
2020-12-21 13:28:53 +09:00
metalefty
5b73fb9c31
Merge pull request #1755 from metalefty/man
man page fixes after neutrinolabs/xorgxrdp#175
2020-12-19 14:03:49 +09:00
Koichiro IWAO
5114d1ee64 sesman: address the issue of socket file leftovers
There are two points.

Make sure cleanup files happen after chansrv and Xserver exit. If these
child processes lock socket files, the deletion might fail.

Usually, cleanup of xorgxrdp related socket files is handled by
xorgxrdp. Just in case it failed, perform cleanup also in sesman.

Fixes #1740. Thanks to @matt335672.

Sponsored by:   Cybertrust Japan
Sponsored by:   HAW International
2020-12-18 18:30:49 +09:00
Koichiro IWAO
6562c9d958 man page fixes after neutrinolabs/xorgxrdp#175 2020-12-18 15:21:21 +09:00
metalefty
87d710e89b
Merge pull request #1727 from RisingWater/devel
Update verify_user_pam.c
2020-12-17 16:15:43 +09:00
matt335672
7ddc43aeea Cosmetic fixes for minor issues 2020-12-14 11:35:31 +00:00
matt335672
633716bbad sesrun improvements and doc fixes 2020-12-09 11:44:17 +00:00
matt335672
e6c1df64d3 Added --config/-c to sesman 2020-12-09 10:19:14 +00:00
matt335672
8d994a547d Add log_config_init_for_console() for utilities 2020-11-30 11:04:21 +00:00
Alexandre Quesnel
0c61a15fc5 Migrating logging to LOG() and LOG_DEVEL() in sesman/* 2020-11-30 00:36:20 +00:00
RisingWater
9efdd92c2a
Update verify_user_pam.c
change to g_memset
2020-11-19 11:03:43 +08:00
RisingWater
5d8f451a41
Update verify_user_pam.c
when a system give a tip message in function verify_pam_conv, authenticate will fail.
so it need skip this message to make sure authenticate success.
2020-11-17 11:48:26 +08:00
D.V.Yacenko
a6a785d7a4
Allow parameters for XRDP run bash script
Allows run bash script with parameters on xrdp. For example rdesktop -s "myscript.sh params"
2020-10-22 16:12:55 +01:00
metalefty
176b4b15a2
Merge pull request #1702 from yifanjiang/devel
startwm.sh: Additionally support /usr/etc/X11/xdm/Xsession
2020-10-19 14:33:53 +09:00
Alexandre Quesnel
a9ec1ebd99 Unifying logging in chanserv
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
2020-10-19 05:10:47 +00:00
Yifan J
31a910a275 startwm.sh: Additionally support /usr/etc/X11/xdm/Xsession in SUSE
distributions

https://lists.opensuse.org/opensuse-factory/2019-08/msg00113.html
2020-10-19 09:35:03 +08:00
Alexandre Quesnel
12a0266f1e Use a single type for the fuse file handle callback context 2020-09-15 15:37:56 +00:00
matt335672
79b88d7f30
Merge pull request #1635 from matt335672/minus-c-option-chansrv
chansrv improved config support
2020-09-09 09:59:43 +01:00
Alexandre Quesnel
a7462404d5 Adding casts for narrowing to pointer width for issue #1678 2020-09-08 21:04:02 +00:00
matt335672
edda1b064d chansrv improved config support 2020-09-08 16:58:03 +01:00
matt335672
8bd7309d72 Updated sesman.ini comment for Policy= in line with the manpage 2020-08-26 10:04:33 +01:00
bolkedebruin
5cd36c511c Set max character buffer len to 512 per MS specification
The MS specs determine that the character buffer lenngths
for usernames, domains, passwords, alternate shells, etc
can be up to 512 characters including the mandatory null
terminator.
2020-08-17 10:35:35 +02:00
metalefty
f3e42fc209
Merge pull request #1640 from aquesnel/build_debug_werror
Fixing the build with --enable-xrdpdebug and CFLAGS=-Werror -Wall
2020-08-11 14:01:52 +09:00
Koichiro IWAO
00dca40bf8
sesman.ini: Update Xorg path for CentOS 8
Closes #1646.
2020-08-03 10:39:04 +09:00
Alexandre Quesnel
7e58209b19 Fixing the build with --enable-xrdpdebug and CFLAGS=-Werror -Wall 2020-07-25 23:53:26 +00:00
matt335672
7384f6e574 Fixed CVE-2020-4044 CI errors 2020-06-29 11:38:24 +01:00
matt335672
e593f58a82 Fix for CVE-2020-4044
Reported by: Ashley Newson
2020-06-26 20:06:02 +09:00
matt335672
3c4b42b1aa Implemented resize and multimon support for VNC backend 2020-06-04 15:10:35 +01:00
matt335672
aa0dbbae15 Added CHANNEL_NAME_LEN to ms-rdpbcgr.h 2020-04-27 15:01:56 +01:00
matt335672
617283eb34 Remove unnecessary g_malloc() call 2020-04-24 11:27:36 +01:00
matt335672
7ef01f7b0c Address memory allocation overflow security issues 2020-04-23 17:29:06 +01:00
Koichiro IWAO
1adb3c7b33
Fix Xorg path for Arch Linux
It has been moved: https://www.archlinux.org/packages/extra/x86_64/xorg-server/

Fixes: #1448
2020-04-02 16:18:06 +09:00
matt335672
a2266f23f6 Allow a redirected drive device_id to be zero (Guacamole support) 2020-03-03 16:16:09 +00:00
matt335672
a3d429b4f7 Minor fixes to drive redirection 2020-03-03 16:14:24 +00:00
matt335672
77686bf832 Fix cppcheck 1.89+1.90 warnings 2020-01-30 10:36:23 +00:00
metalefty
6d7cce3d34
Merge pull request #1484 from matt335672/cppc-chansrv-pcsc
xrdp_pcsc: Fix cppcheck 1.82 + 1.90 warnings
2020-01-30 10:28:36 +09:00
Derek Schrock
72bece526b return from xfs_delete_xfs_fs if NULL 2020-01-27 21:15:09 -05:00
matt335672
70d78dfb6f Fix cppcheck 1.82 + 1.90 warnings 2020-01-17 11:18:46 +00:00
metalefty
627da8da3e
Merge pull request #1470 from matt335672/rename-includes
Move MS-defined constants into separate includes
2020-01-16 15:01:18 +09:00
matt335672
6f881d47d3 Rationalise ms- constants
Constants from MS documents (MS-RDPBCGR etc) moved out of
common/xrdp_constants.h into includes named after the documents.

Similar includes moved from sesman/chansrv to the common area.
2020-01-06 15:46:37 +00:00
Ilya Shipitsin
00f17c3ffc sesman/chansrv/chansrv_fuse.c: resolve double free found by cppcheck
sesman/chansrv/chansrv_fuse.c:1719:9: error: Memory pointed to by 'full_path' is freed twice. [doubleFree]
2020-01-06 13:38:02 +05:00
matt335672
3820d279e2 Added includes for C/POSIX types referenced in chansrv_fuse.h to chansrv_fuse.h 2019-12-22 12:37:38 +00:00
matt335672
3ef2e7ce49 CI Fixes 2019-12-05 16:44:52 +00:00
matt335672
4d8f2b5a31 Significant remote file system improvements
- Reimplemented inode store in separate module chansrv_xfs.[hc]
- Allowed atimes and mtimes to be written to Windows side
- Mapped file user write bit to (inverted) Windows FILE_ATTRIBUTE_READONLY bit
- Mapped file user execute bit to Windows FILE_ATTRIBUTE_SYSTEM bit
- Implemented improved security for remotely mounted drives
- Implemented USB device removal, allowing hot-plug/remove of memory sticks
- Fixed pagefile.sys breaking Ubuntu file browser
- Fixed write offset bug
- Allowed renaming of open files
- Improved reported error codes
- Fixed various memory leaks
- Addressed valgrind errors related to struct fuse_file_info pointers.
2019-12-05 11:41:32 +00:00
Jay Sorg
d7b1f12d9b default rdpsnd audin off, can enable with --enable-rdpsndaudin 2019-10-22 22:48:15 -07:00
Jay Sorg
351c92dfba sesman: fix for sesman startup without startup script 2019-10-16 13:53:22 -07:00
Jay Sorg
cf67dd56bf chansrv: no logic change, fix typo 2019-07-10 11:18:07 -07:00
Jay Sorg
417bb71abf chansrv: env var to disable rdpsnd record 2019-07-08 22:45:58 -07:00
Jay Sorg
933394c6be chansrv: remove excessive logging 2019-07-08 22:40:31 -07:00
Jay Sorg
8aedd31762 chansrv: use rdpsnd record if supported, else try AUDIO_INPUT(MS-RDPEAI) 2019-07-08 22:03:27 -07:00
Jay Sorg
c5798df0bd chansrv: hook up audin 2019-07-08 18:25:59 -07:00
Jay Sorg
ae40ff27c8 chansrv: audin close should chose channel 2019-07-07 22:05:46 -07:00
Jay Sorg
a9a823b0da chansrv: audio in partial working 2019-07-04 23:52:18 -07:00
Jay Sorg
3c9241022a chansrv: add audin.c/h 2019-07-03 21:31:52 -07:00
Jay Sorg
e14ea4ff2e chansrv: drop g_sent_flag, not very useful and some clients skip acks 2019-06-23 20:52:55 -07:00
Jay Sorg
4ad9e48ff5 chansrv: don't let audio fall behind 2019-06-22 23:01:13 -07:00
Koichiro IWAO
ae2cbbb2e0
Fix build after #1327
Fixes #1335.

In file included from ./irp.h:27:
./chansrv_fuse.h:39:5: error: unknown type name 'time_t'
    time_t          atime;             /* Time of last access.              */
    ^
./chansrv_fuse.h:40:5: error: unknown type name 'time_t'
    time_t          mtime;             /* Time of last modification.        */
    ^
./chansrv_fuse.h:41:5: error: unknown type name 'time_t'
    time_t          ctime;             /* Time of last status change.       */
    ^
3 errors generated.
*** Error code 1
2019-04-18 14:25:46 +09:00
matt335672
fe97b983f5 Remove unnecessary reference from sesman/config.c
Following commit 81703c426f, there are
no longer any references to g_cfg from within this file, and so the
external reference can be removed.
2019-04-11 11:28:33 +01:00