Commit Graph

4079 Commits

Author SHA1 Message Date
matt335672
2dc01f2749 Don't ask user to remove IP setting for VNC connection 2022-04-20 11:08:51 +01:00
matt335672
6a6f7bb83e
Merge pull request #2233 from matt335672/uds_fix_ip
Fix regression introduced with UDS
2022-04-20 09:53:39 +01:00
matt335672
902c951648 Fix regression introduced with UDS 2022-04-20 09:40:36 +01:00
matt335672
829106d793
Merge pull request #2219 from matt335672/off_by_one
Fix off-by-one errors in monitor resize logic
2022-04-19 09:11:58 +01:00
jsorg71
fd3f81e720
Merge pull request #2231 from jsorg71/va_arg
va_list parameter passing change
2022-04-18 11:53:32 -07:00
matt335672
dd4abcb27a
Merge pull request #2207 from matt335672/move_to_uds
Move to Unix Domain Socket for SCP (sesman)
2022-04-18 09:25:59 +01:00
matt335672
0db849fc5c Move SCP to a Unix Domain Socket
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
2022-04-18 09:12:35 +01:00
matt335672
9c30d4c2f8 Add lock_uds module to sesman
When sesman used a standard TCP socket, we were guaranteed only one copy
of sesman could run on on address, as standard TCP listening rules
enforced this. This isn't the case with Unix Domain sockets. This
module implements a locking mechanism for a UDS which emulates the
standard TCP socket behaviour.
2022-04-18 09:09:46 +01:00
Jay Sorg
b91b9a3c62 va_list parameter passing change 2022-04-17 00:18:29 -07:00
matt335672
0a54106866 Added g_umask_hex() call 2022-04-15 11:12:01 +01:00
matt335672
4bfeddbbed
Merge pull request #2226 from matt335672/freebsd12_3
Bump FreeBSD CI version to 12.3
2022-04-15 11:11:02 +01:00
matt335672
54c2cab5ff Bump FreeBSD CI version to 12.3 2022-04-15 11:00:25 +01:00
matt335672
ffc6fa66a0
Merge pull request #2204 from matt335672/trans_connect
Rework transport connect logic
2022-04-15 10:33:11 +01:00
matt335672
7cfd3bb3d8 Fix off-by-one errors in monitor resize logic 2022-04-08 12:11:14 +01:00
matt335672
94a6f6282f Fixes a stream overflow in the test suite
This is triggered when xrdp is built with --enable-devel-logging

Also, the logging sub-system is initialised for libxrdp tests
2022-04-06 11:59:23 +01:00
matt335672
4183d8ddbf Moved initgroups call to before auth_start_session()
This is required for PAM systems that depend on group membership being
available during PAM processing. This is used by pam_group on FreeBSD
and pam_group on Linux-PAM, although the functionality of both is
different.
2022-04-05 16:07:26 +01:00
matt335672
dc72ca269b Set closed RDP socket to -1 rather than 0 2022-04-01 13:00:33 +01:00
matt335672
1d190c6ea8 Prevent unnecessary close of sck = -1 in trans_listen_address() 2022-04-01 11:51:11 +01:00
matt335672
275eaf7683 Rework transport connect logic
There are a number of ways the existing transport connect logic in
trans_connect could be improved for POSIX compatibility, and also
slightly tidied up:-
1) The same socket is re-used for multiple connect attempts following
   failure which isn't behaviour defined by POSIX.1-2017 (although it
   works on Linux).
2) An asynchronous connect is started, and then after a short
   delay connect() is called again on the same socket. POSIX.1-2017
   is clear that in this situation EALREADY is returned before the
   connection is established, but is silent on the behaviour expected
   when the connection is established. Returning success is an option,
   but so is returning EISCONN. The current code assumes the connect()
   call will succeed.
3) The code contains two virtually identical, quite complex loops for
   TCP and UNIX sockets, differing only in the calls to create a socket
   and connect it.
4) trans_connect() contains looping and retry logic, but this isn't
   seen as sufficient by the chansrv connect code in xrdp/xrdp_mm.c and
   the Xorg connect code in xup/xup.c. Both of these implement their own
   looping and retry logic on top of the logic in trans_connect(),
   resulting in slightly unpredictable behaviour with regard to
   timeouts.
5) A socket number can technically be zero, but in a couple of places
   this isn't allowed for.

This PR attempts to correct the implementation of trans_connect(),
and also to simplify the areas it is called from.

As part of the PR, the signature of the server_is_term member of the
xrdp module interface is changed to match the signature expected by the
is_term member of a struct trans. This allows for trans_connect()
in xrdp modules to directly access g_is_term() within the main xrdp
executable. At the moment this functionality is only used by the xup
module.
2022-03-31 20:48:07 +01:00
matt335672
cd1af4772c
Merge pull request #2201 from matt335672/neutrinordp_regression
Fix neutrinordp regression caused by bd9147d1
2022-03-29 10:59:15 +01:00
matt335672
d2be050911 Fix neutrinordp regression caused by bd9147d18f 2022-03-29 10:40:32 +01:00
matt335672
bf16cb5f2a
Merge pull request #2198 from matt335672/start_log_before_config
Open log in sesman before reading config
2022-03-29 09:34:16 +01:00
matt335672
46e23ebcab
Merge pull request #1895 from Nexarian/unify_monitor_description_processing_resize_sec
Unify monitor processing logic.
2022-03-29 09:32:39 +01:00
matt335672
104304aad1 Open log in sesman before reading config 2022-03-28 19:00:23 +01:00
Christopher Pitstick
bd9147d18f Updating to refactor xrdp_client_info
- Eliminate duplicaiton for display_size_description
- monitorCount needs to be uint32_t
- width/height -> session_width/session_height
- Update CLIENT_INFO_CURRENT_VERSION
- Also some misc unit test updates.
- Minor log updates.
2022-03-27 16:38:32 -04:00
Christopher Pitstick
4a0db63be7 Unify monitor processing logic.
There are two places where monitor descriptions are passed through the
RDP protocol:

- TS_UD_CS_MONITOR ([MS-RDPBCGR] 2.2.1.3.6 Client Monitor Data)
- DISPLAYCONTROL_PDU_TYPE_MONITOR_LAYOUT ([MS-RDPEDISP] 2.2.2.2)

The processing logic for both of them is similar enough that they should be unified.

Also update to define the constants for the maximum and minimum desktop width/height for monitors and total area.

Also a large number of clarifications for the constants and protocol
requirements.

Note that this is also the first step to making resizing work with the extension GFX channel as well as an important
foundational step to enable HiDPI compatibility.

Also some misc logging updates.
2022-03-26 23:45:16 -04:00
matt335672
f3c37e2694
Merge pull request #2185 from matt335672/xrdpapi_linker_fix
Explicitly link libxrdpapi with libcommon
2022-03-23 09:33:19 +00:00
matt335672
d37c87a7ef Explicitly link libxrdpapi with libcommon 2022-03-22 09:28:14 +00:00
matt335672
dd968a98b0
Merge pull request #2163 from matt335672/newipc
Replace SCP V0 and V1 with new IPC mechanism
2022-03-17 11:32:19 +00:00
metalefty
4b09265483
Merge pull request #2176 from metalefty/release
Release v0.9.19
2022-03-17 13:01:23 +09:00
Koichiro IWAO
3fa6e9852b Bump version to v0.9.19 2022-03-16 10:16:44 +09:00
Koichiro IWAO
68abf67a05 Update NEWS for v0.9.19 2022-03-16 10:16:39 +09:00
Koichiro IWAO
0ad7bac693 Update NEWS for v0.9.18.1 2022-03-16 10:16:39 +09:00
matt335672
3d91ba6a22 libipm: Make sockets always non-blocking 2022-03-15 10:45:00 +00:00
matt335672
8e27f231fd Add fail2ban logging to PAM authentication requests 2022-03-15 10:45:00 +00:00
matt335672
1746ac2f79 Remove SCP V0 and V1 files 2022-03-15 10:45:00 +00:00
matt335672
bb820cca87 tools: Moved to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
a952ff8542 Remove unused tcp module from tools 2022-03-15 10:45:00 +00:00
matt335672
32f644a907 Removed sestest utility 2022-03-15 10:45:00 +00:00
matt335672
a55992b1a0 Move xrdp to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
c0cb03801c Move sesman to new SCP interface 2022-03-15 10:45:00 +00:00
matt335672
6cf053c9df Add libipm test suite 2022-03-15 10:23:27 +00:00
matt335672
e059336dff Add libipm facility 2022-03-15 10:23:27 +00:00
matt335672
8f4860cb55 Add subclassing capability to struct trans 2022-03-15 10:23:27 +00:00
matt335672
d5f99f41ac Add autotools SIZEOF_INT macro 2022-03-15 10:23:27 +00:00
matt335672
2ec28aca62
Merge pull request #2168 from matt335672/fix_sesman_signals
Fix sesman signal processing
2022-03-15 09:53:16 +00:00
matt335672
8bd597a038 Fix signal handling in sesman 2022-03-04 11:37:45 +00:00
matt335672
2484928a5a Change 3rd parameter of log_start() to flags field 2022-03-04 11:37:45 +00:00
matt335672
a94ddce0bd logging : Remove processing for unused variables 2022-03-03 17:02:18 +00:00
matt335672
fcd991844a sesman : Move global declarations to sesman.h 2022-03-03 17:01:55 +00:00