Commit Graph

3980 Commits

Author SHA1 Message Date
matt335672
fcd991844a sesman : Move global declarations to sesman.h 2022-03-03 17:01:55 +00:00
matt335672
50028e8623
Merge pull request #2153 from matt335672/remove_extra_msg
Remove unnecessary log message (regression)
2022-02-16 12:20:48 +00:00
matt335672
b689707d15 Remove unnecessary log message 2022-02-16 11:59:56 +00:00
matt335672
4030dbad8e
Merge pull request #2152 from Nexarian/fix-minor-logging-bugs
Minor logging fixes in xrdp_iso.c
2022-02-16 10:50:35 +00:00
matt335672
df23c01c37
Merge pull request #2151 from zbstao/devel
Fixed possible infinite loop (regression on #2146)
2022-02-16 10:44:25 +00:00
zbstao
1309ea405e Fixed g_waitpid function
Fixed g_waitpid function
2022-02-15 22:32:46 +08:00
Nexarian
d23f7328f8 Minor logging fixes in xrdp_iso.c
Two logging errors found while working in these files.
2022-02-15 08:29:42 -05:00
bin zhong
f8f18e27c5
Merge branch 'neutrinolabs:devel' into devel 2022-02-15 09:52:28 +08:00
zbstao
ff39ce719e Fixed possible infinite loop
Fixed possible infinite loop
2022-02-15 09:41:21 +08:00
matt335672
371c0dc873
Merge pull request #2150 from Nexarian/create_xrdp_channel_header
Move DRDYNVC_STATUS_* to xrdp_channel.h
2022-02-14 20:35:02 +00:00
matt335672
8f0f848a9a
Merge pull request #2149 from Nexarian/fix-npe-log-cofig-copy
Fix NPEs in log.c
2022-02-14 20:32:13 +00:00
Nexarian
773a8f7da1 Move DRDYNVC_STATUS_* to xrdp_channel.h
These statuses are necessary for egfx resizing, as visibility to channel
status is a pre-req for closing and re-opening a channel.
2022-02-14 14:53:37 -05:00
Nexarian
a0f4d94cfe Fix NPEs in log.c
Multiple NPEs can happen in the internal_log_config_copy procedure,
and we need to address this before we merge in changes for egfx.
2022-02-14 14:45:43 -05:00
matt335672
e1c6afa38e
Merge pull request #2144 from matt335672/remove_s_check
Remove s_check() macro
2022-02-14 09:00:21 +00:00
matt335672
82b1aab9ba
Merge pull request #2146 from zbstao/devel
Fixed possible SIGCHILD signal lost
2022-02-10 16:54:22 +00:00
zbstao
35d400a899 Fixed possible SIGCHILD signal lost
When multiple(eg. 20) xrdp connections are disconnected at the same time(eg.  close all rdp client at the same time), zombie process may be spawned.
2022-02-10 22:18:14 +08:00
matt335672
e6c098e750 Remove s_check() macro 2022-02-09 10:18:15 +00:00
matt335672
a13742f097
Merge pull request #2140 from matt335672/cpprelease_27
Move to cppcheck 2.7 and bump default threads to 2
2022-02-08 09:27:43 +00:00
matt335672
baf62457a3 Move to cppcheck 2.7 and bump default threads to 2 2022-02-07 09:31:34 +00:00
metalefty
2651682be9
Merge pull request #2138 from metalefty/typo
Fix typo in past CVE number
2022-02-07 16:51:14 +09:00
Koichiro IWAO
79bc7c040e
Fix typo in past CVE number 2022-02-07 15:54:56 +09:00
metalefty
4def30ab8e
Merge pull request from GHSA-8h98-h426-xf32
Add lower bound to sesman data input size check
2022-02-07 15:18:15 +09:00
matt335672
eb4a8e342d Add lower bound to sesman data input size check 2022-02-02 10:39:50 +00:00
matt335672
934a91fc29
Merge pull request #2130 from matt335672/ssl3_fixes
OpenSSL3 fixes (#2130)
2022-01-31 09:39:20 +00:00
matt335672
7b1316fd1b
Merge pull request #2124 from matt335672/fedora_check
Fix problems with check 0.15.2 (F36)
2022-01-31 09:34:52 +00:00
matt335672
4699dced14 Implement base64 without openssl 2022-01-28 12:23:40 +00:00
matt335672
8b8cfbe119 Improve wrapping of openssl module 2022-01-28 12:23:40 +00:00
matt335672
e79bc7f181 Fix banner comments in test results 2022-01-28 12:23:40 +00:00
matt335672
c894ba5b40 Better logging of classic connection security 2022-01-28 12:23:40 +00:00
matt335672
6cebade78e OpenSSL 3.x compatibility 2022-01-20 16:45:25 +00:00
matt335672
fde161bac3 Add unit tests for SSL calls 2022-01-20 16:44:49 +00:00
matt335672
d02059d967 Add missing ssl_sha1_clear()/ssl_md5_clear() calls 2022-01-20 16:43:00 +00:00
matt335672
d853228c19 const fixes for SSL calls 2022-01-19 11:11:37 +00:00
matt335672
3146e624c4 Fix problems with check 0.15.2 (F36) 2022-01-19 11:08:13 +00:00
matt335672
e528a1f452
Merge pull request #2123 from matt335672/update_ver
README : Make latest version dynamic
2022-01-18 14:29:10 +00:00
matt335672
bf4c5f2631 README : Make latest version dynamic 2022-01-17 10:54:54 +00:00
matt335672
db982ec1dd
Merge pull request #2119 from matt335672/readme_typo
Fix typo in README.md
2022-01-14 12:47:35 +00:00
matt335672
307bfc1f4a Fix typo in README.md 2022-01-14 12:40:22 +00:00
matt335672
dfd64e2147
Merge pull request #2082 from kenhys/extend-inbound-outbound-restriction
Extend inbound/outbound clipboard restriction
2022-01-14 11:17:49 +00:00
matt335672
cffce1f856 Only advertise X11 clip formats we can supply 2022-01-14 11:11:03 +00:00
Kentaro Hayashi
8487c298ba Update sesman.ini.5 explanation about RestrictOutboundClipboard,RestrictOutboundClipboard
RestrictOutboundClipboard,RestrictOutboundClipboard are extended to
accept text,file,image configuration value.
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
47bc56f5a4 Add sesman.ini new text/file/image restriction settings
RestrictInboundClipboard is added.

Then, RestrictOutboundClipboard/RestrictInboundClipboard configuration
is extended to accept comma separated list.

  * RestrictOutboundClipboard=none
  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image
  * RestrictOutboundClipboard=all
  * RestrictOutboundClipboard=text, image, file

For compatibility, the following configuration is also
accepted (alias)

  * RestrictOutboundClipboard=true
  * RestrictOutboundClipboard=false
  * RestrictOutboundClipboard=yes
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
1d6d80d14f Block inbound clipboard text/image/file respectively
Disable clipboard_event_selection_request call is overkill for
blocking text/image/file purpose.
For example, it breaks existing behavior (slow response from gedit,
gimp as a side effects)

Instead, in clipboard_event_selection_request, these media format will
be blocked respectively which depends on the following configurations
in sesman.ini [Security] section.

  * RestrictInboundClipboard=text
  * RestrictInboundClipboard=file
  * RestrictInboundClipboard=image

You can also set comma separated list.

  * RestrictInboundClipboard=text,file,image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
fb1c4ec945 Block outbound clipboard text/image/file respectively
RestrictOutboundClipboard kills all of test/file/image
transfer via clipboard.

For controlling each content type behavior,
clipboard_xevent is not appropriate place to block respectively.

Instead, in clipboard_event_selection_notify, these media type
will be blocked which depends on the following configurations in
sesman.ini [Security] section.

  * RestrictOutboundClipboard=text
  * RestrictOutboundClipboard=file
  * RestrictOutboundClipboard=image

You can also set comma separated list

  * RestrictOutboundClipboard=text, file, image
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
bd82084505 Extend In/Outbound text,file,image restriction respectively
It supports the extended configurations for sesman.ini:

Before:

  [Security]
  RestrictOutboundClipboard=true or false

After:

  [Security]
  RestrictInboundClipboard=[true or false | text or file or image | comma separated list]
  RestrictOutboundClipboard=[true or false | text or file or image | comma separated list]

Above configuration is disabled by default (false)
And it can be specified comma separated list like this:.

  RestrictInboundClipboard=file, image
  RestrictOutboundClipboard=text, file, image

Note that if RestrictOutboundClipboard=true,file is set,
file is ignored and it is treated as RestrictOutboundClipboard=true

It is same for RestrictInboundClipboard.
2022-01-14 10:17:02 +09:00
Kentaro Hayashi
69ea406440 Add g_str_to_bitmask utility function
It should be used for comma separated configuration to bitmask.

e.g. RestrictOutboundClipboard = text, file, image
2022-01-14 10:17:02 +09:00
matt335672
d27e5472dd
Merge pull request #2118 from matt335672/rhel7_imlib2
Support imlib2 on RHEL 7
2022-01-13 10:23:14 +00:00
matt335672
3de1e966b4 Support imlib2 on RHEL 7 2022-01-12 11:41:26 +00:00
metalefty
d76732b342
Merge pull request #2109 from metalefty/release
Release v0.9.18
2022-01-11 09:19:22 +09:00
Koichiro IWAO
1ce2215aac Bump version to v0.9.18 2022-01-11 09:00:27 +09:00