From 0ff734bbbb4a262561bae9d7ced9dcbd0e83f1f4 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Mon, 23 Sep 2024 14:33:30 +0100 Subject: [PATCH] Add optional UID to DISPLAY() in chansrvport The code to determine the socket address of chansrv when using a manually started xrdp-chansrv may need some help determining the UID of the session. This commit allows a UID to be optionally specified in the DISPLAY() function, if the code is unable to determine the UID automatically from the connection parameters. If a manual chansrvport is entered, xrdp now logs what it is connecting to, to assist in debugging. (cherry picked from commit d17d12d078025e1e54f9594bb339512275ef7cc1) --- docs/man/xrdp.ini.5.in | 9 ++++--- xrdp/xrdp.ini.in | 13 ++++++---- xrdp/xrdp_mm.c | 54 +++++++++++++++++++++++++++++++++++------- 3 files changed, 60 insertions(+), 16 deletions(-) diff --git a/docs/man/xrdp.ini.5.in b/docs/man/xrdp.ini.5.in index 5f8a00e97e..1118cc568b 100644 --- a/docs/man/xrdp.ini.5.in +++ b/docs/man/xrdp.ini.5.in @@ -358,14 +358,17 @@ Specifies the session type. The default, \fI0\fR, is Xvnc, and \fI20\fR is Xorg with xorgxrdp modules. .TP -\fBchansrvport\fR=\fBDISPLAY(\fR\fIn\fR\fB)\fR|\fI/path/to/domain-socket\fR +\fBchansrvport\fR=\fBDISPLAY(\fR\fIn\fR\fB)\fR|\fBDISPLAY(\fR\fIn,u\fR\fB)\fR||\fI/path/to/domain-socket\fR Asks xrdp to connect to a manually started \fBxrdp-chansrv\fR instance. This can be useful if you wish to use to use xrdp to connect to a VNC session which has been started other than by \fBxrdp-sesman\fR, as you can then make use of \fBxrdp\-chansrv\fR facilities in the VNC session. -The first form of this setting is recommended, replacing \fIn\fR with the -X11 display number of the session. +Either the first or second form of this setting is recommended. Replace +\fIn\fR with the X11 display number of the session, and (if applicable) +\fIu\fR with the numeric ID of the session. The second form is only +required if \fBxrdp\fR is unable to determine the session uid from the +other values in the connection block. .SH "EXAMPLES" This is an example \fBxrdp.ini\fR: diff --git a/xrdp/xrdp.ini.in b/xrdp/xrdp.ini.in index c240ebfdde..4bb318c41a 100644 --- a/xrdp/xrdp.ini.in +++ b/xrdp/xrdp.ini.in @@ -255,10 +255,6 @@ port=-1 ; Disable requested encodings to support buggy VNC servers ; (1 = ExtendedDesktopSize) #disabled_encodings_mask=0 -; Use this to connect to a chansrv instance created outside of sesman -; (e.g. as part of an x11vnc console session). Replace '0' with the -; display number of the session -#chansrvport=DISPLAY(0) ; Generic VNC Proxy ; Tailor this to specific hosts and VNC instances by specifying an ip @@ -273,6 +269,15 @@ password=ask #pamusername=asksame #pampassword=asksame #delay_ms=2000 +; Use one of these to connect to a chansrv instance created outside of sesman +; (e.g. as part of an x11vnc console session). Replace 'n' with the +; display number of the session, and (if applicable) 'u' with the numeric +; UID of the session. +; +; If 'username' or 'pamusername' is set, you probably don't need to use +; the two parameter variant with 'u'. +#chansrvport=DISPLAY(n) +#chansrvport=DISPLAY(n,u) ; Generic RDP proxy using NeutrinoRDP ; Tailor this to specific hosts by specifying an ip and port and setting diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c index 6b29640bb8..efe327cfe0 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c @@ -2859,28 +2859,60 @@ static int parse_chansrvport(const char *value, char *dest, int dest_size, int uid) { int rv = 0; + int dnum = 0; if (g_strncmp(value, "DISPLAY(", 8) == 0) { const char *p = value + 8; const char *end = p; - /* Check next chars are digits followed by ')' */ + /* Check next chars are digits */ while (isdigit(*end)) { ++end; } - if (end == p || *end != ')') + if (end == p) { - LOG(LOG_LEVEL_WARNING, "Ignoring invalid chansrvport string '%s'", + LOG(LOG_LEVEL_WARNING, + "Ignoring chansrvport string with bad display number '%s'", value); - rv = -1; + return -1; } - else + + dnum = g_atoi(p); + + if (*end == ',') { - g_snprintf(dest, dest_size, XRDP_CHANSRV_STR, uid, g_atoi(p)); + /* User has specified a UID override + * Check next chars are digits */ + p = end + 1; + end = p; + + while (isdigit(*end)) + { + ++end; + } + + if (end == p) + { + LOG(LOG_LEVEL_WARNING, + "Ignoring chansrvport string with bad uid '%s'", + value); + return -1; + } + uid = g_atoi(p); } + + if (*end != ')') + { + LOG(LOG_LEVEL_WARNING, + "Ignoring badly-terminated chansrvport string '%s'", + value); + return -1; + } + + g_snprintf(dest, dest_size, XRDP_CHANSRV_STR, uid, dnum); } else { @@ -3152,13 +3184,14 @@ xrdp_mm_connect_sm(struct xrdp_mm *self) case MMCS_SESSION_LOGIN: { // Finished with the gateway login + // Leave the UID set in case we need it for the chansrvport + // string if (self->use_gw_login) { xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, "access control check was successful"); // No reply needed for this one status = scp_send_logout_request(self->sesman_trans); - self->uid = -1; } if (status == 0 && self->use_sesman) @@ -3232,12 +3265,12 @@ xrdp_mm_connect_sm(struct xrdp_mm *self) { char portbuff[XRDP_SOCKETS_MAXPATH]; - xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, - "Connecting to chansrv"); if (self->use_sesman) { g_snprintf(portbuff, sizeof(portbuff), XRDP_CHANSRV_STR, self->uid, self->display); + xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, + "Connecting to chansrv"); } else { @@ -3246,6 +3279,9 @@ xrdp_mm_connect_sm(struct xrdp_mm *self) parse_chansrvport(cp, portbuff, sizeof(portbuff), self->uid); + xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, + "Connecting to chansrv on %s", + portbuff); } xrdp_mm_update_allowed_channels(self); xrdp_mm_chansrv_connect(self, portbuff);