Commit Graph

4425 Commits

Author SHA1 Message Date
matt335672
ac65538a48 Re-implement fifo code
Following informal option testing, a more performant fifo
implementation has been chosen which makes fewer, larger
allocations, but which does not have bad edge-case performance

Clearing the contents of a fifo is a common operation which generally
involves freeing memory. Support has been added to the fifo interface
for doing this.
2023-05-22 14:43:22 +01:00
matt335672
8535f8e08c
Merge pull request #2675 from matt335672/fix_chansrv_signal_handling
Fix signal handling in chansrv.c
2023-05-22 10:03:02 +01:00
matt335672
2fa92be379
Merge pull request #2672 from iskunk/new-2
Simplify interaction with systemd
2023-05-17 11:05:53 +01:00
jsorg71
24d115824d
Merge pull request #2670 from jsorg71/large_cursor_posix
add large cursor support, posix shm
2023-05-16 22:41:36 -07:00
Jay Sorg
c250529e8e add large cursor support, posix shm 2023-05-16 10:20:24 -07:00
matt335672
544ead05e7
Merge pull request #2265 from iskunk/apparmor-harden
Hardening xrdp with AppArmor
2023-05-16 09:57:09 +01:00
Daniel Richard G
fdfe47668b Add XorgNoNewPrivileges configuration option
This allows Linux's no_new_privs restriction to be disabled when starting
the X server, which may be desirable if xrdp is running inside a kernel
confinement framework such as AppArmor or SELinux.
2023-05-15 17:40:46 -04:00
Daniel Richard G
b191d87e33 Move Linux's no_new_privs call into os_calls
This helps keep the application code free of platform-specific cruft.
Also remove a needless #include<sys/prctl.h> from sesman/session_list.c.
2023-05-15 17:40:46 -04:00
Daniel Richard G
1c0c923ad1 Split g_file_open() into _ro() and _rw() variants
Rename g_file_open() to g_file_open_rw(), and add a new g_file_open_ro()
call that wraps the common g_file_open_ex(file, 1, 0, 0, 0) idiom. This
will make the file access mode more explicit in the code.

Change all calls to g_file_open() to the _ro() or _rw() variant as
appropriate, and replace g_file_open_ex(file, 1, 0, 0, 0) with the _ro()
call.

Lastly, add tests for the two new calls to test_os_calls.c (code
courteously provided by matt335672).
2023-05-15 17:38:31 -04:00
Daniel Richard G
e199dba32f Simplify interaction with systemd 2023-05-15 11:05:35 -04:00
matt335672
0a44594f51 Fix signal handling in chansrv.c
Signal handlers now only use signal-safe code

See signal-safety(7) on Linux
2023-05-15 14:16:29 +01:00
matt335672
4b37e1a508
Merge pull request #2674 from matt335672/ci_fix
Fix (again) broken 32-bit CI
2023-05-15 11:27:37 +01:00
matt335672
41ae2f4efa Fix (again) broken 32-bit CI 2023-05-15 11:17:14 +01:00
matt335672
f57e0b959f
Merge pull request #2667 from iskunk/new-1
Use config_ac.h consistently and correctly
2023-05-13 10:17:32 +01:00
Daniel Richard G
42d32e7496 Use config_ac.h consistently and correctly 2023-05-12 13:49:53 -04:00
matt335672
7fe7ce9434
Merge pull request #2644 from matt335672/split_session_driver
Split sesman into sesman and sesexec
2023-05-09 10:23:51 +01:00
matt335672
8853b1c4ee New files for sesexec 2023-05-02 11:55:23 +01:00
matt335672
ae94891ab7 Add sesexec to .gitignore 2023-05-02 11:55:23 +01:00
matt335672
4dcaa84fbe Changes to autotools stuff for sesexec 2023-05-02 11:55:23 +01:00
matt335672
c5971b535d sesexec: Changes to existing files from sesman
env.c : The value of XRDP_SESSION in the environment is now set to the
        PID of the sesexec process, which ties up the session with the
        output of "xrdp-sesadmin -c=list".

        Later versions of xrdp-sesadmin can use this value to get
        information about the current process.
2023-05-02 11:55:23 +01:00
matt335672
74cd7d1837 Rework sesman with new files 2023-05-02 11:55:23 +01:00
matt335672
3895954b75 Add libipm interfaces to sesman
Add modules to sesman to handle incoming EICP and ERCP messages
2023-05-02 11:55:22 +01:00
matt335672
9c2c43693c Move files from sesman to sesexec directory 2023-05-02 11:55:22 +01:00
matt335672
8e291846d5 Create pre-session list
This is made from the old sesman_con structure. It describes
a connection to sesman which is not yet running a session.
2023-05-02 11:55:22 +01:00
matt335672
dadb393443 Add sesexec control module
This module provides a secure way for sesman to start the sesexec program
and establish a private communications channel with it.
2023-05-02 11:55:22 +01:00
matt335672
3d95954d87 Move session_list to struct list *
This commit now uses the standard list module to manage the active
session list, rather than having special code to do this.
2023-05-02 11:55:22 +01:00
matt335672
1a9d15bef0 Remove explicit auth_stop_session() call
Now that authentication/authorization and session creation are
happening in the same process, there is no need for a separate call
to finish an auth session. This change prevents the upper software
layers from needing to track whether auth_start_session() has been
called or not.
2023-05-02 11:55:22 +01:00
matt335672
82ede29388 libsesman: Make x11_display_offset and max_sessions unsigned 2023-05-02 11:55:22 +01:00
matt335672
06580ec448 sesman config: Add MaxDisplayNumber
When allocating a display number, we should be aware that
IANA only allow TCP displays up to :63. This PR adds that restriction in
to sesman.ini as a default, to prevent us allocating unavailable TCP
ports.

By default TCP ports are not enabled for X servers, but users can easily
change this if they wish to access X displays directly over the network.

This restriction is in addition to the MaxSessions limit already present
in sesman.ini
2023-05-02 11:55:22 +01:00
matt335672
970d936106 libsesman config: Define default sesman.ini name 2023-05-02 11:55:22 +01:00
matt335672
dec05f91fa libipm: Add ERCP 2023-05-02 11:55:22 +01:00
matt335672
8064a463c9 libipm: Add libipm_change_facility() call 2023-05-02 11:55:22 +01:00
matt335672
c3f02f5107 libipm: Add EICP 2023-05-02 11:55:22 +01:00
matt335672
f79f8bfa70 SCP: Add scp_init_trans_from_fd() 2023-05-02 11:55:22 +01:00
matt335672
e96d77bac1 Remove g_mk_socket_path() from codepaths
The socket dir is only used if we are starting a session
with sesman. Consequently, it only makes sense to create
this directory within sesman itself.
2023-05-02 11:55:22 +01:00
matt335672
cf5e1961d3 os_calls: Add g_setpgid() 2023-05-02 11:55:22 +01:00
matt335672
65ff618479 os_calls: Add g_executable_exist() 2023-05-02 11:55:22 +01:00
matt335672
ff24984cf3 os_calls: Add g_file_is_open() 2023-05-02 11:55:22 +01:00
matt335672
563cfaf009
Merge pull request #2643 from matt335672/close_unwanted_fds
Fix leaking file descriptors
2023-05-02 11:54:05 +01:00
matt335672
c0ed83a022
Merge pull request #2651 from matt335672/allow_longer_user_wm_str
Allow longer UserWindowManager strings
2023-05-02 11:53:46 +01:00
matt335672
b3b12b1be5 Allow longer UserWindowManager strings
The UserWindowManager is limited to 31 characters. There appears
to be no good reason for this.
2023-05-01 11:52:21 +01:00
matt335672
0d0004f3cb
Merge pull request #2649 from jat001/patch-1
remove unnecessary include `check.h`
2023-04-28 10:14:43 +01:00
Jat
2a58ba40c9
remove unnecessary include check.h 2023-04-28 10:25:21 +08:00
matt335672
f08355a325 Ensure commonly used file descriptors are close-on-exec 2023-04-24 14:20:14 +01:00
matt335672
adb7476187 Add LOG_DEVEL_LEAKING_FDS calls to the application 2023-04-24 14:20:14 +01:00
matt335672
1c798cee47 Logging: Add LOG_DEVEL_LOG_LEAKING_FDS 2023-04-24 14:20:14 +01:00
matt335672
cf9e07d341 Add basic tests for cloexec and get_open_fds functions 2023-04-24 14:20:14 +01:00
matt335672
d712f3527a os_calls: Add g_get_open_fds() 2023-04-24 11:57:38 +01:00
matt335672
b811fdb36b os_calls: Add g_file_{get,set}_cloexec() functions
Allows us to avoid file descriptor leaks when running a new executable
2023-04-24 11:11:04 +01:00
matt335672
184287d81e
Merge pull request #2640 from matt335672/report_broken_sesman
Fail xrdp immediately on sesman connection failure
2023-04-24 11:06:45 +01:00