Commit Graph

4646 Commits

Author SHA1 Message Date
matt335672
e0ffa11495
Merge pull request #2821 from matt335672/add_waitpid_interrupted_check
Check waitpid is not interrupted by a signal
2023-10-09 21:11:47 +01:00
matt335672
ad5916c5e4 Check waitpid is not interrupted by a signal
Checks that the waitpid() call isn't interrupted by a
signal when the handler for the signal is set to not
interrupt the call
2023-10-09 19:53:16 +01:00
matt335672
93dfc1839e
Merge pull request #2813 from matt335672/remove_signal_call
Remove dependency on signal() function
2023-10-09 14:45:50 +01:00
matt335672
d098214531 Add tests for signal functions in os_calls.c 2023-10-09 14:10:38 +01:00
matt335672
d11617adbe Remove dependency on signal() function
Replaces uses of signal() with sigaction() which should be far
more portable.
2023-10-09 14:05:29 +01:00
matt335672
bce303c3a8
Merge pull request #2815 from matt335672/groups_patch
Improve tsusers/tsadmins group support
2023-10-06 10:48:04 +01:00
matt335672
cf5c2718af Update logging in sesman access control
Improve the built-in access checks for sesman/sesexec:-
- Group existence is checked for at login-time rather than program
  start time
- The name of the group is now included in the message

Also, check for UID == 0 when checking for root, rather than just
checking the name (which might be an alias)
2023-10-05 13:22:49 +01:00
matt335672
5837deae04 access_login_allowed: Remove primary group check
This check is now performed within g_check_user_in_group()
2023-10-05 12:25:40 +01:00
matt335672
cf677da22c Add getgrouplist() support to os_calls
On enterprise systems, using getgrouplist() (if available)
is more efficient than iterating over the members of the group,
and is also more likely to work
2023-10-04 11:02:07 +01:00
matt335672
84a0befd30 Add getgrouplist() detection functionality
Defines the macro HAVE_GETGROUPLIST if getgrouplist() is
available, and defines the type passed to the GID array as
GETGROUPS_T
2023-10-03 10:36:56 +01:00
matt335672
284c17c0b2 Remove client-server shortcut paste code
When significant amounts of data is coming from the client in a
fragmented CLIPRDR_DATA_RESPONSE PDU, this code provides a way to
start copying it to a requesting client before it is all read.

The only advantage of this code is to provide a slight speedup
before a paste is visible on the server.

There are significant problems with this code. Notably, it is
very difficult to parse Unicode text coming through this route. Each
UTF-16 character can occupy up to 4 bytes, and a fragmentation
boundary could occur at any point within a UTF-16 character.
2023-09-29 12:07:19 +01:00
metalefty
89ceaf0c52
Merge pull request #2798 from ziggythehamster/freebsd-vsock
Implement vsock support for FreeBSD
2023-09-28 04:16:48 +09:00
metalefty
73acbe1f79
Merge pull request from GHSA-2hjx-rm4f-r9hw
CVE-2023-42822
2023-09-27 17:37:24 +09:00
matt335672
bc3ea01b3e CVE-2023-42822
- font_items in struct xrdp_font renamed to chars to catch all
  accesses to it. This name is consistent with the type of
  the array elements (struct xrdp_font_char).
- Additional fields added to struct xrdp_font to allow for range
  checking and for a default character to be provided
- Additional checks and logic added to xrdp_font_create()
- New macro XRDP_FONT_GET_CHAR() added to perform checked access
  to chars field in struct xrdp_font
2023-09-26 09:29:56 +01:00
matt335672
98ad496072
Merge pull request #2805 from jsorg71/valgrind_font
fix valgrind warning on font
2023-09-26 09:01:57 +01:00
matt335672
fea7d80723
Merge pull request #2804 from matt335672/update_comments
Update comments in smartcard code
2023-09-26 08:54:17 +01:00
Jay Sorg
433c05eb36 fix valgrind warning on font 2023-09-25 20:57:07 -07:00
matt335672
e138c1a601 Update comments in smartcard code
Most of the Microsoft RDP documentation describes PDUs on-the-wire.
However, [MS-RDPESC] doesn't do this. It uses DCE IDL to describe the
contents of the PDUs sent over the File System Virtual Channel.

Ideally we'd use an IDL compiler to generate the interfaces in
[MS-RDPESC]. We don't have one though, so all PDUs are read and written
with the low-level streaming routines. It's not clear in the existing
code how IDL is mapped down to this level.

This commit updates the smartcard code with comments which will enable
maintainers to better understand the IDL-to-streaming mappings.
2023-09-25 16:13:00 +01:00
Keith Gable
6decef6046 Change vsock to actually check for AF_HYPERV 2023-09-24 12:52:11 -07:00
Keith Gable
9305008ba8 Tolerate XRDP_ENABLE_VSOCK being defined but the platform is neither FreeBSD nor Linux 2023-09-24 12:32:10 -07:00
Keith Gable
5ffca14b2f Change indent style to allman 2023-09-24 12:27:00 -07:00
Keith Gable
572ee7686d On FreeBSD, use AF_HYPERV in place of vsock 2023-09-23 21:28:24 -07:00
Keith Gable
36a1a33b84 Define XRDP_ENABLE_VSOCK when requested in FreeBSD 2023-09-23 21:24:57 -07:00
Jay Sorg
bfdcdb0082 posix shm, can not unmap shmem_ptr until encoder is done with it 2023-09-09 14:18:52 -07:00
matt335672
def567c2e0
Merge pull request #2792 from metalefty/login_mode_log
Record login state as string
2023-09-08 10:22:35 +01:00
Koichiro Iwao
16d45a8f4f Record login state as string
Closes: #2790
2023-09-08 16:58:35 +09:00
matt335672
98f45baff3
Merge pull request #2787 from firewave/unusedVariable
fixed Cppcheck `unusedVariable` warnings
2023-09-05 16:43:19 +01:00
firewave
27d34e784d fixed Cppcheck unusedVariable warnings 2023-09-04 23:47:56 +02:00
matt335672
deb8a317ba
Merge pull request #2780 from matt335672/update_pam_configs
Add GNOME/KDE keyring support for Debian/Arch
2023-09-04 10:16:42 +01:00
matt335672
d8446c263f
Merge pull request #2783 from metalefty/waitforx-build
waitforx: fix build
2023-09-04 10:14:07 +01:00
matt335672
aae4f33602
Merge pull request #2782 from firewave/z3
Cppcheck 2.8 removed the dependency on z3
2023-09-04 10:00:44 +01:00
Koichiro Iwao
a978b58f11 waitforx: fix build
--- waitforx ---
CCLD     waitforx
ld: error: unable to find library -lX11
ld: error: unable to find library -lXrandr
cc: error: linker command failed with exit code 1 (use -v to see invocation)
*** [waitforx] Error code 1
2023-09-04 17:33:27 +09:00
firewave
c37ce6fa47 Cppcheck 2.8 removed the dependency on z3 2023-09-04 10:01:09 +02:00
matt335672
8fb5bd9096 Add keyring support for Debian and Arch
Adds optional calls to GNOME and KDE keyrings for Debian and Arch.

Also upstreams a current Debian patch to call pam_env.so
2023-08-30 12:37:44 +01:00
metalefty
a111a0fdfe
Merge pull request from GHSA-f489-557v-47jq
Check auth_start_session() result
2023-08-24 10:14:48 +09:00
matt335672
25a1fab5b6 Check auth_start_session() result 2023-08-19 13:35:26 +01:00
Jay Sorg
4b1482b5df move to posix shm 2023-08-13 13:08:16 -07:00
matt335672
67c297d273
Merge pull request #2766 from matt335672/clipboard_updates
Clipboard updates
2023-08-09 14:39:36 +01:00
matt335672
84ae372a58 clipboard: Fix TODO action in clipboard_common.h
Use the official Windows clipboard format names where appropriate

Replace g_file_format_id with g_file_group_descriptor_format_id
as the latter name is more descriptive of what is described in
[MS-ECLIP]
2023-08-07 15:11:04 +01:00
matt335672
8eed7a395e clipboard: Only advertise text to X11 clients if it is available 2023-08-07 15:11:04 +01:00
matt335672
45ca9fe098 clipboard: Tell the X11 client if a selection is unavailable 2023-08-07 14:45:11 +01:00
matt335672
9bbb2ec68f
Merge pull request #2759 from matt335672/update_issue_template
Clarify RHEL support options
2023-08-02 12:12:54 +01:00
matt335672
1d6997001e
Merge pull request #2697 from iskunk/new-3
Add syscall filtering to xrdp systemd unit
2023-07-31 16:25:07 +01:00
matt335672
90c80ce855 Exclude RHEL from supported operating systems 2023-07-31 15:11:37 +01:00
matt335672
463cd8a543
Merge pull request #2719 from matt335672/log_xrdp_termination_signal
Log xrdp termination signals
2023-07-31 11:24:20 +01:00
matt335672
ae43cee4b3
Merge pull request #2737 from matt335672/bump_cppcheck_to_2_11
Bump cppcheck to v2.11
2023-06-23 15:41:23 +01:00
matt335672
1ac6206af6 Use all available CPUs to build cppcheck 2023-06-23 15:30:24 +01:00
matt335672
d77b0b3b9d Bump cppcheck to v2.11
This fixes the following errors:-

sesman/tools/authtest.c:64:14: error: syntax error [syntaxError]
    g_printf("xrdp auth module tester v" PACKAGE_VERSION "\n");
             ^
sesman/tools/sesrun.c:165:14: error: syntax error [syntaxError]
    g_printf("xrdp session starter v" PACKAGE_VERSION "\n");
             ^
vrplayer/decoder.h:35:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
vrplayer/playaudio.h:45:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
vrplayer/dlgabout.h:22:13: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    private slots:
            ^
vrplayer/playvideo.h:49:12: error: There is an unknown macro here somewhere. Configuration is required. If slots is a macro then please configure it. [unknownMacro]
    public slots:
           ^
Additionally, cppcheck now makes use of all available CPUs
2023-06-23 15:12:51 +01:00
metalefty
14b224f7ae
Merge pull request #2727 from metalefty/issue-template
Introduce Issue template
2023-06-13 19:15:33 +09:00
Koichiro IWAO
6e192995cb Tip is not allowed here anymore
https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms
2023-06-13 09:50:25 +09:00