Commit Graph

977 Commits

Author SHA1 Message Date
Koichiro IWAO
cde22e3b4d chansrv/audin: record audin (microphone redirection) audio formats 2023-02-17 10:52:41 +09:00
Koichiro IWAO
b765304a43 chansrv/sound: adjust log level and record wFormatTag as string
These log levels are unintendedly decreased during logging reworking.

Recording audio formats are useful to know which format is used in
current RDP session.
2023-02-17 10:52:34 +09:00
Koichiro IWAO
58921a972e chansrv: add a utility function to convert wFormatTag into string 2023-02-17 10:52:26 +09:00
Hiero32
46b4ee2e95 sound: fix noise between two playbacks for mp3/aac (#2519)
* sound: fix noise between two playbacks for mp3/aac
* fix sound stuttered on skip operation of vlc
2023-02-17 10:49:40 +09:00
matt335672
f31fee3052
Merge pull request #2508 from matt335672/v0_9_otaconix_patch_1
[V0.9] Tiny fix in pseudocode description of startwm.sh
2023-01-18 15:29:34 +00:00
otaconix
a80e66e2d2 Tiny fix in pseudocode description of startwm.sh
I realize there's not much value in this PR, but I noticed this, so I thought I'd fix it 🙂
2023-01-18 15:07:10 +00:00
matt335672
6aac2e942d Don't try to listen on the scard socket if it isn't there
If the scard local socket can't be created, there's no point
in trying to listen on it. This will just fill the chansrv log
file with errors.
2023-01-18 14:40:02 +00:00
matt335672
814d56317c Remove double '!' from test
Commit 7ad7b05261 introduced a regression
which prevented remote drives being accessible. I picked it up in testing,
but then failed to commit the change.
2022-12-09 18:12:25 +00:00
matt335672
fbf374c8b0
Merge pull request #2461 from metalefty/ci-fix
Fix CI failure after 8484767
2022-12-09 17:21:49 +00:00
metalefty
36c54d9776
Merge pull request #2460 from matt335672/v0_9_pcscd_sock_permissions
Set permissions on pcsc socket dir to owner only
2022-12-10 00:12:02 +09:00
Koichiro IWAO
2f1196bdc4 Fix CI failure after 8484767
libscp_v0.c:228:52: error: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Werror=sign-compare]
  228 |         if ((trans->in_s->end - trans->in_s->data) < trans->header_size)
      |             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~
2022-12-09 23:21:26 +09:00
metalefty
0418502eb3
Merge pull request from GHSA-3jmx-f6hv-95wg
CVE-2022-23480
2022-12-09 22:10:33 +09:00
matt335672
413678ef3d Set permissions on pcsc socket dir to owner only
There is no reason for any user other than the current one to be able
to communicate with the remote smartcard.
2022-12-09 11:57:46 +00:00
matt335672
191ed3e3fa Remove unused g_full_name_for_filesystem
Not only was this unused, the way it was read could lead to a
buffer overflow (CVE-2022-23480)
2022-12-08 14:13:48 +00:00
matt335672
7ad7b05261 CVE-2022-23480
Added length checking to redirector response parsing
2022-12-08 10:36:40 +00:00
matt335672
d49f269af8 CVE-2022-23477
Prevent buffer overflow for oversized audio format from client
2022-12-08 10:26:08 +00:00
matt335672
4a8e5d3493 Clear password when session ends
Any password stored in SCP_SESSION is now cleared before storage
is returned to the heap
2022-11-28 10:44:09 +00:00
matt335672
56a7c3efdd Remove unnecessary data from struct t_auth_info
8fc5610dad back-ported to v0.9
2022-11-28 10:20:58 +00:00
a1346054
6acf8398dd fix typos
(cherry picked from commit 7fe18cc1c0)
2022-09-11 11:47:11 +09:00
a1346054
1a3a9bb479 remove executable bit from text files
(cherry picked from commit 5ff68740e5)
2022-09-11 10:50:43 +09:00
Khem Raj
d64be8a1cd mark count with unused attribute
This may throw a warning with clang-15+ when devel logs are disabled
Fixes
../../../xrdp-0.9.19/sesman/chansrv/chansrv.c:198:9: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit fc2d61e0c8)
2022-09-11 10:47:56 +09:00
Koichiro IWAO
44e9982119 sesman: fix spacing in log
[20220301-18:25:01] [INFO ] Starting window manager on display 12from user home directory: /home/user/startwm.sh
                                                                ^^

(cherry picked from commit 2c25e60abc)
2022-09-11 10:46:54 +09:00
Koichiro IWAO
c5e0e4962c sesman.ini: mention FreeBSD Xorg path 2022-08-26 14:11:17 +09:00
matt335672
87cbab2148 Open log in sesman before reading config 2022-05-19 09:18:41 +09:00
matt335672
8bd597a038 Fix signal handling in sesman 2022-03-04 11:37:45 +00:00
matt335672
2484928a5a Change 3rd parameter of log_start() to flags field 2022-03-04 11:37:45 +00:00
matt335672
fcd991844a sesman : Move global declarations to sesman.h 2022-03-03 17:01:55 +00:00
matt335672
b689707d15 Remove unnecessary log message 2022-02-16 11:59:56 +00:00
bin zhong
f8f18e27c5
Merge branch 'neutrinolabs:devel' into devel 2022-02-15 09:52:28 +08:00
zbstao
ff39ce719e Fixed possible infinite loop
Fixed possible infinite loop
2022-02-15 09:41:21 +08:00
matt335672
e1c6afa38e
Merge pull request #2144 from matt335672/remove_s_check
Remove s_check() macro
2022-02-14 09:00:21 +00:00
zbstao
35d400a899 Fixed possible SIGCHILD signal lost
When multiple(eg. 20) xrdp connections are disconnected at the same time(eg.  close all rdp client at the same time), zombie process may be spawned.
2022-02-10 22:18:14 +08:00
matt335672
e6c098e750 Remove s_check() macro 2022-02-09 10:18:15 +00:00
matt335672
eb4a8e342d Add lower bound to sesman data input size check 2022-02-02 10:39:50 +00:00
matt335672
d02059d967 Add missing ssl_sha1_clear()/ssl_md5_clear() calls 2022-01-20 16:43:00 +00:00
matt335672
cffce1f856 Only advertise X11 clip formats we can supply 2022-01-14 11:11:03 +00:00
Kentaro Hayashi
47bc56f5a4 Add sesman.ini new text/file/image restriction settings
RestrictInboundClipboard is added.

Then, RestrictOutboundClipboard/RestrictInboundClipboard configuration
is extended to accept comma separated list.

  * RestrictOutboundClipboard=none
  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image
  * RestrictOutboundClipboard=all
  * RestrictOutboundClipboard=text, image, file

For compatibility, the following configuration is also
accepted (alias)

  * RestrictOutboundClipboard=true
  * RestrictOutboundClipboard=false
  * RestrictOutboundClipboard=yes
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
1d6d80d14f Block inbound clipboard text/image/file respectively
Disable clipboard_event_selection_request call is overkill for
blocking text/image/file purpose.
For example, it breaks existing behavior (slow response from gedit,
gimp as a side effects)

Instead, in clipboard_event_selection_request, these media format will
be blocked respectively which depends on the following configurations
in sesman.ini [Security] section.

  * RestrictInboundClipboard=text
  * RestrictInboundClipboard=file
  * RestrictInboundClipboard=image

You can also set comma separated list.

  * RestrictInboundClipboard=text,file,image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
fb1c4ec945 Block outbound clipboard text/image/file respectively
RestrictOutboundClipboard kills all of test/file/image
transfer via clipboard.

For controlling each content type behavior,
clipboard_xevent is not appropriate place to block respectively.

Instead, in clipboard_event_selection_notify, these media type
will be blocked which depends on the following configurations in
sesman.ini [Security] section.

  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image

You can also set comma separated list

  * RestrictOutboundClipboard=text, file, image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
bd82084505 Extend In/Outbound text,file,image restriction respectively
It supports the extended configurations for sesman.ini:

Before:

  [Security]
  RestrictOutboundClipboard=true or false

After:

  [Security]
  RestrictInboundClipboard=[true or false | text or file or image | comma separated list]
  RestrictOutboundClipboard=[true or false | text or file or image | comma separated list]

Above configuration is disabled by default (false)
And it can be specified comma separated list like this:.

  RestrictInboundClipboard=file, image
  RestrictOutboundClipboard=text, file, image

Note that if RestrictOutboundClipboard=true,file is set,
file is ignored and it is treated as RestrictOutboundClipboard=true

It is same for RestrictInboundClipboard.
2022-01-14 10:17:02 +09:00
matt335672
ab0e141fa9
Merge pull request #2011 from matt335672/unify_scpv0_code
Unify scpv0 code #2011
2022-01-05 11:06:42 +00:00
Kentaro Hayashi
53027ad5af Use LOG instead of LOG_DEVEL
According to https://github.com/neutrinolabs/xrdp/wiki/Logging,
it may be better to emit this log message because this log is
useful for system administrator to know whether RestrictOutboundClipboard
configuration works or not

And raise log level to info because it is informative for system
administrator.
2021-12-23 12:58:35 +09:00
Kentaro Hayashi
23906383b6 clipboard: Fix wrong debug level log message for g_file_atom2
As g_file_atom2 is x-special/gnome-copied-files
(See g_file_atom2 definition in sesman/chansrv/clipboard.c),
it should be "x-special/gnome-copied-files" in this context.

Signed-off-by: Kentaro Hayashi <hayashi@clear-code.com>
2021-12-06 12:40:41 +09:00
matt335672
5c610aee28 Modify sesrun to use common SCP V0 interface 2021-11-25 13:30:34 +00:00
matt335672
30a92cb095 Changes to libtrans interface 2021-11-25 13:30:34 +00:00
matt335672
5862a6123f Changes for unifying libscp code 2021-11-25 13:30:34 +00:00
matt335672
8b9b22c773 Create shared GUID module to simplify session guid handling 2021-11-25 13:29:55 +00:00
matt335672
ce23c824ea
Merge pull request #1976 from matt335672/fail2ban_support
Fail2ban support (#1076)
2021-11-18 10:11:12 +00:00
matt335672
a49144be73 Avoid deadlock in clipboard copy code 2021-10-25 16:16:59 +01:00
matt335672
b87b7f9ee8 Add xfuse_path_in_xfuse_fs() 2021-10-25 16:16:54 +01:00