Commit Graph

19 Commits

Author SHA1 Message Date
matt335672
efd871b37d Add session create status code for failed X server 2023-03-24 10:54:04 +00:00
matt335672
b9a12257fc Fix doxygen warnings for libipm 2023-02-13 20:44:52 +00:00
matt335672
c9adb3a2a6 libipm: Add support for receiving file descriptors 2023-01-30 14:31:16 +00:00
matt335672
8a71322fe4 libipm: Add support for sending file descriptors 2023-01-30 14:31:16 +00:00
matt335672
02a3821f4d Remove libipm_msg_in_start()
The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
2023-01-30 14:31:16 +00:00
matt335672
305db83de0 Fix Doxygen warnings 2023-01-09 14:25:27 +00:00
matt335672
dfc636f587 Fix parameter order inconsistency.
The parameter odering of some of the append routines is
inconsistent both with the function comment headers, and
with libipm_recv.c
2023-01-09 14:24:14 +00:00
matt335672
af69606e0b Remove support for x11rdp
X11rdp has been deprecated now since xrdp v0.9.7 (June 2018). This
commit removes support for it from xrdp itself.
2023-01-05 11:26:44 +00:00
matt335672
4c4bdc9782 SCP: separate authentication from session creation
Messaging changes:-
- Implement sys_login request message with username, password and
  IP address
- Implement UDS login message for current user connected to sesman
- Implement common login response message for login requests
- Implement logout message so gateway authentications can be handled
- with login/logout messages
- Remove login info from the create session request
- Existing gateway request/response messages removed
- Add close connection message so that sesman can close terminated
  connections without displaying ERROR messages in the log.
- Add a set_peername message so clients can send a name to sesman
  for improved logging.

Other changes:-
- Add status types for logging in and session creation, so that the
  front-end can supply the user with more informative errors in the
  event of an error occurring.
- Users identities are now carried by UID rather than username, as
  xrdp and sesman are guaranteed to be on the same machine.
2022-12-22 11:35:02 +00:00
matt335672
5d1cb432ca Changes to cope with trans->header_size being unsigned 2022-12-09 17:54:53 +00:00
a1346054
7fe18cc1c0
fix typos 2022-09-03 02:01:48 +00:00
matt335672
79bec8110c Unify connection fields for the connected client
The connected client is currently described in two places in
the xrdp_client_info structure:-

1) In the connection_description field. This was introduced as
   field client_ip by commit d797b2cf49
   for xrdp v0.6.0

2) In the client_addr and client_port fields introduced by commit
   25369460a1 for xrdp v0.8.0

This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.

The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).

The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see #2239), and so now only
the IP field is passed to sesman.
2022-05-18 12:35:07 +01:00
jsorg71
fd3f81e720
Merge pull request #2231 from jsorg71/va_arg
va_list parameter passing change
2022-04-18 11:53:32 -07:00
matt335672
0db849fc5c Move SCP to a Unix Domain Socket
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
2022-04-18 09:12:35 +01:00
Jay Sorg
b91b9a3c62 va_list parameter passing change 2022-04-17 00:18:29 -07:00
matt335672
275eaf7683 Rework transport connect logic
There are a number of ways the existing transport connect logic in
trans_connect could be improved for POSIX compatibility, and also
slightly tidied up:-
1) The same socket is re-used for multiple connect attempts following
   failure which isn't behaviour defined by POSIX.1-2017 (although it
   works on Linux).
2) An asynchronous connect is started, and then after a short
   delay connect() is called again on the same socket. POSIX.1-2017
   is clear that in this situation EALREADY is returned before the
   connection is established, but is silent on the behaviour expected
   when the connection is established. Returning success is an option,
   but so is returning EISCONN. The current code assumes the connect()
   call will succeed.
3) The code contains two virtually identical, quite complex loops for
   TCP and UNIX sockets, differing only in the calls to create a socket
   and connect it.
4) trans_connect() contains looping and retry logic, but this isn't
   seen as sufficient by the chansrv connect code in xrdp/xrdp_mm.c and
   the Xorg connect code in xup/xup.c. Both of these implement their own
   looping and retry logic on top of the logic in trans_connect(),
   resulting in slightly unpredictable behaviour with regard to
   timeouts.
5) A socket number can technically be zero, but in a couple of places
   this isn't allowed for.

This PR attempts to correct the implementation of trans_connect(),
and also to simplify the areas it is called from.

As part of the PR, the signature of the server_is_term member of the
xrdp module interface is changed to match the signature expected by the
is_term member of a struct trans. This allows for trans_connect()
in xrdp modules to directly access g_is_term() within the main xrdp
executable. At the moment this functionality is only used by the xup
module.
2022-03-31 20:48:07 +01:00
matt335672
3d91ba6a22 libipm: Make sockets always non-blocking 2022-03-15 10:45:00 +00:00
matt335672
8e27f231fd Add fail2ban logging to PAM authentication requests 2022-03-15 10:45:00 +00:00
matt335672
e059336dff Add libipm facility 2022-03-15 10:23:27 +00:00