- Use clearenv() if it exists
- Don't rely on <limits.h> being pulled in by <sys/param.h>
- Rename the DEFAULT_TYPE macro in sesrun.c. This name appears to be
used on Solaris. It's not a good choice.
The top level socket directory is now called XRDP_SOCKET_ROOT_PATH.
Below that are user-specific directories referred to with the
XRDP_SOCKET_PATH macro - this name is hard-coded into xorgxrdp and
the audio modules as an environment variable.
XRDP_SOCKET_PATH now looks like $XRDP_SOCKET_ROOT_PATH/<uid>
XRDP_SOCKET_PATH is only writeable by the user, and readable by the user
and the xrdp process.
This fixes the following errors:-
sesman/tools/authtest.c:64:14: error: syntax error [syntaxError]
g_printf("xrdp auth module tester v" PACKAGE_VERSION "\n");
^
sesman/tools/sesrun.c:165:14: error: syntax error [syntaxError]
g_printf("xrdp session starter v" PACKAGE_VERSION "\n");
^
vrplayer/decoder.h:35:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
public slots:
^
vrplayer/playaudio.h:45:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
public slots:
^
vrplayer/dlgabout.h:22:13: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
private slots:
^
vrplayer/playvideo.h:49:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
public slots:
^
Additionally, cppcheck now makes use of all available CPUs
Now that authentication/authorization and session creation are
happening in the same process, there is no need for a separate call
to finish an auth session. This change prevents the upper software
layers from needing to track whether auth_start_session() has been
called or not.
poll() is specified in POSIX.1-2001 as a simpler interface for
multiplexed file descriptors than select(). It also provides more
functionality.
This PR replaces the select() calls used in xrdp with poll()
equivalents.
The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.
sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.
sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
The connected client is currently described in two places in
the xrdp_client_info structure:-
1) In the connection_description field. This was introduced as
field client_ip by commit d797b2cf49
for xrdp v0.6.0
2) In the client_addr and client_port fields introduced by commit
25369460a1 for xrdp v0.8.0
This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.
The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).
The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see #2239), and so now only
the IP field is passed to sesman.
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.
The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
Use XRDP_SOCKET_PATH in file_loc.h
Don't define any non-socket paths in file_loc.h, they should come from
the makefiles.
Define all paths unconditionally, they should not be defined elsewhere.
Pass XRDP_SOCKET_PATH as environment variable to the backends.
If scp_v1c_mng_get_session_list() returns an error, report it to the
user and exit. Session list is not initialized in that case and should
not be freed.
g_free() already checks its argument for being to NULL, remove an extra
check.
In C, an empty argument list in a declaration means that the function
can accept any arguments. Use "void" instead, it means "no arguments".
C++ treats void and empty list as "no arguments".
