From a009df5bb773222fa9f02dd3ef4ee2cb784188b9 Mon Sep 17 00:00:00 2001 From: Bojan Smojver Date: Mar 21 2017 08:34:04 +0000 Subject: Revert "Correct the patch for CVE-2017-6967." This reverts commit 39eedd2899fa849e035032ed0adda1cc2ca4db3b. --- diff --git a/xrdp-0.9.1-CVE-2017-6967.patch b/xrdp-0.9.1-CVE-2017-6967.patch index 63fa0d5..2397c99 100644 --- a/xrdp-0.9.1-CVE-2017-6967.patch +++ b/xrdp-0.9.1-CVE-2017-6967.patch @@ -1,3 +1,821 @@ +From 9d9c842b7861ef7a419c78d69b72202f7a7dbfc8 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Tue, 14 Mar 2017 09:53:17 -0700 +Subject: [PATCH 01/10] sesman: auth session before fork + +--- + sesman/session.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sesman/session.c b/sesman/session.c +index 06e44cf..2241e54 100644 +--- a/sesman/session.c ++++ b/sesman/session.c +@@ -531,6 +531,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) + g_getpid()); + } + #endif ++ auth_start_session(data, display); + wmpid = g_fork(); /* parent becomes X, + child forks wm, and waits, todo */ + if (wmpid == -1) +@@ -539,7 +540,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) + else if (wmpid == 0) + { + wait_for_xserver(display); +- auth_start_session(data, display); + pampid = g_fork(); /* parent waits, todo + child becomes wm */ + if (pampid == -1) + +From 49e7de2621ca73999cdeb28990d0d06ea67b7205 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Wed, 15 Mar 2017 20:47:06 -0700 +Subject: [PATCH 02/10] sesman: do not start up sessvc, just do wait, kill in + sesman + +--- + sesman/scp_v0.c | 6 +- + sesman/scp_v1.c | 4 +- + sesman/session.c | 275 +++++++++++++++++++++++-------------------------------- + sesman/session.h | 3 +- + 4 files changed, 121 insertions(+), 167 deletions(-) + +diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c +index a6a1060..a1c919e 100644 +--- a/sesman/scp_v0.c ++++ b/sesman/scp_v0.c +@@ -122,18 +122,18 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + if (SCP_SESSION_TYPE_XVNC == s->type) + { + log_message( LOG_LEVEL_INFO, "starting Xvnc session..."); +- display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s); ++ display = session_start(data, SESMAN_SESSION_TYPE_XVNC, c, s); + } + else if (SCP_SESSION_TYPE_XRDP == s->type) + { + log_message(LOG_LEVEL_INFO, "starting X11rdp session..."); +- display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s); ++ display = session_start(data, SESMAN_SESSION_TYPE_XRDP, c, s); + } + else if (SCP_SESSION_TYPE_XORG == s->type) + { + /* type is SCP_SESSION_TYPE_XORG */ + log_message(LOG_LEVEL_INFO, "starting Xorg session..."); +- display = session_start(data, SESMAN_SESSION_TYPE_XORG, s); ++ display = session_start(data, SESMAN_SESSION_TYPE_XORG, c, s); + } + } + else +diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c +index 74668ef..f865271 100644 +--- a/sesman/scp_v1.c ++++ b/sesman/scp_v1.c +@@ -126,12 +126,12 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + if (SCP_SESSION_TYPE_XVNC == s->type) + { + log_message(LOG_LEVEL_INFO, "starting Xvnc session..."); +- display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s); ++ display = session_start(data, SESMAN_SESSION_TYPE_XVNC, c, s); + } + else + { + log_message(LOG_LEVEL_INFO, "starting X11rdp session..."); +- display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s); ++ display = session_start(data, SESMAN_SESSION_TYPE_XRDP, c, s); + } + + e = scp_v1s_connect_new_session(c, display); +diff --git a/sesman/session.c b/sesman/session.c +index 2241e54..d3f30a6 100644 +--- a/sesman/session.c ++++ b/sesman/session.c +@@ -269,77 +269,6 @@ x_server_running(int display) + } + + /******************************************************************************/ +-static void +-session_start_sessvc(int xpid, int wmpid, long data, char *username, int display) +-{ +- struct list *sessvc_params = (struct list *)NULL; +- char wmpid_str[25]; +- char xpid_str[25]; +- char exe_path[262]; +- int i = 0; +- +- /* initialize (zero out) local variables: */ +- g_memset(wmpid_str, 0, sizeof(char) * 25); +- g_memset(xpid_str, 0, sizeof(char) * 25); +- g_memset(exe_path, 0, sizeof(char) * 262); +- +- /* new style waiting for clients */ +- g_sprintf(wmpid_str, "%d", wmpid); +- g_sprintf(xpid_str, "%d", xpid); +- log_message(LOG_LEVEL_INFO, +- "starting xrdp-sessvc - xpid=%s - wmpid=%s", +- xpid_str, wmpid_str); +- +- sessvc_params = list_create(); +- sessvc_params->auto_free = 1; +- +- /* building parameters */ +- g_snprintf(exe_path, 261, "%s/xrdp-sessvc", XRDP_SBIN_PATH); +- +- list_add_item(sessvc_params, (tintptr)g_strdup(exe_path)); +- list_add_item(sessvc_params, (tintptr)g_strdup(xpid_str)); +- list_add_item(sessvc_params, (tintptr)g_strdup(wmpid_str)); +- list_add_item(sessvc_params, 0); /* mandatory */ +- +- env_set_user(username, +- 0, +- display, +- g_cfg->session_variables1, +- g_cfg->session_variables2); +- +- /* executing sessvc */ +- g_execvp(exe_path, ((char **)sessvc_params->items)); +- +- /* should not get here */ +- log_message(LOG_LEVEL_ALWAYS, +- "error starting xrdp-sessvc - pid %d - xpid=%s - wmpid=%s", +- g_getpid(), xpid_str, wmpid_str); +- +- /* logging parameters */ +- /* no problem calling strerror for thread safety: other threads +- are blocked */ +- log_message(LOG_LEVEL_DEBUG, "errno: %d, description: %s", +- g_get_errno(), g_get_strerror()); +- log_message(LOG_LEVEL_DEBUG, "execve parameter list:"); +- +- for (i = 0; i < (sessvc_params->count); i++) +- { +- log_message(LOG_LEVEL_DEBUG, " argv[%d] = %s", i, +- (char *)list_get_item(sessvc_params, i)); +- } +- +- list_delete(sessvc_params); +- +- /* keep the old waitpid if some error occurs during execlp */ +- g_waitpid(wmpid); +- g_sigterm(xpid); +- g_sigterm(wmpid); +- g_sleep(1000); +- auth_end(data); +- g_exit(0); +-} +- +-/******************************************************************************/ + /* called with the main thread + returns boolean */ + static int +@@ -420,15 +349,48 @@ wait_for_xserver(int display) + } + + /******************************************************************************/ ++static int ++session_start_chansrv(char *username, int display) ++{ ++ struct list *chansrv_params; ++ char exe_path[262]; ++ int cspid; ++ ++ cspid = g_fork(); ++ if (cspid == 0) ++ { ++ chansrv_params = list_create(); ++ chansrv_params->auto_free = 1; ++ ++ /* building parameters */ ++ g_snprintf(exe_path, 261, "%s/xrdp-chansrv", XRDP_SBIN_PATH); ++ ++ list_add_item(chansrv_params, (intptr_t) g_strdup(exe_path)); ++ list_add_item(chansrv_params, 0); /* mandatory */ ++ ++ env_set_user(username, 0, display, ++ g_cfg->session_variables1, ++ g_cfg->session_variables2); ++ ++ /* executing chansrv */ ++ g_execvp(exe_path, (char **) (chansrv_params->items)); ++ /* failed */ ++ g_exit(1); ++ } ++ return cspid; ++} ++ ++/******************************************************************************/ + /* called with the main thread */ + static int +-session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) ++session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c, ++ struct SCP_SESSION *s) + { + int display = 0; + int pid = 0; + int wmpid = 0; +- int pampid = 0; + int xpid = 0; ++ int cspid = 0; + int i = 0; + char geometry[32]; + char depth[32]; +@@ -540,100 +502,85 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) + else if (wmpid == 0) + { + wait_for_xserver(display); +- pampid = g_fork(); /* parent waits, todo +- child becomes wm */ +- if (pampid == -1) +- { +- } +- else if (pampid == 0) ++ env_set_user(s->username, ++ 0, ++ display, ++ g_cfg->session_variables1, ++ g_cfg->session_variables2); ++ if (x_server_running(display)) + { +- env_set_user(s->username, +- 0, +- display, +- g_cfg->session_variables1, +- g_cfg->session_variables2); +- if (x_server_running(display)) ++ auth_set_env(data); ++ if (s->directory != 0) + { +- auth_set_env(data); +- if (s->directory != 0) ++ if (s->directory[0] != 0) + { +- if (s->directory[0] != 0) +- { +- g_set_current_dir(s->directory); +- } ++ g_set_current_dir(s->directory); + } +- if (s->program != 0) +- { +- if (s->program[0] != 0) +- { +- g_execlp3(s->program, s->program, 0); +- log_message(LOG_LEVEL_ALWAYS, +- "error starting program %s for user %s - pid %d", +- s->program, s->username, g_getpid()); +- } +- } +- /* try to execute user window manager if enabled */ +- if (g_cfg->enable_user_wm) ++ } ++ if (s->program != 0) ++ { ++ if (s->program[0] != 0) + { +- g_sprintf(text, "%s/%s", g_getenv("HOME"), g_cfg->user_wm); +- if (g_file_exist(text)) +- { +- g_execlp3(text, g_cfg->user_wm, 0); +- log_message(LOG_LEVEL_ALWAYS, "error starting user " +- "wm for user %s - pid %d", s->username, g_getpid()); +- /* logging parameters */ +- log_message(LOG_LEVEL_DEBUG, "errno: %d, " +- "description: %s", g_get_errno(), g_get_strerror()); +- log_message(LOG_LEVEL_DEBUG, "execlp3 parameter " +- "list:"); +- log_message(LOG_LEVEL_DEBUG, " argv[0] = %s", +- text); +- log_message(LOG_LEVEL_DEBUG, " argv[1] = %s", +- g_cfg->user_wm); +- } ++ g_execlp3(s->program, s->program, 0); ++ log_message(LOG_LEVEL_ALWAYS, ++ "error starting program %s for user %s - pid %d", ++ s->program, s->username, g_getpid()); + } +- /* if we're here something happened to g_execlp3 +- so we try running the default window manager */ +- g_sprintf(text, "%s/%s", XRDP_CFG_PATH, g_cfg->default_wm); +- g_execlp3(text, g_cfg->default_wm, 0); +- +- log_message(LOG_LEVEL_ALWAYS, "error starting default " +- "wm for user %s - pid %d", s->username, g_getpid()); +- /* logging parameters */ +- log_message(LOG_LEVEL_DEBUG, "errno: %d, description: " +- "%s", g_get_errno(), g_get_strerror()); +- log_message(LOG_LEVEL_DEBUG, "execlp3 parameter list:"); +- log_message(LOG_LEVEL_DEBUG, " argv[0] = %s", +- text); +- log_message(LOG_LEVEL_DEBUG, " argv[1] = %s", +- g_cfg->default_wm); +- +- /* still a problem starting window manager just start xterm */ +- g_execlp3("xterm", "xterm", 0); +- +- /* should not get here */ +- log_message(LOG_LEVEL_ALWAYS, "error starting xterm " +- "for user %s - pid %d", s->username, g_getpid()); +- /* logging parameters */ +- log_message(LOG_LEVEL_DEBUG, "errno: %d, description: " +- "%s", g_get_errno(), g_get_strerror()); + } +- else ++ /* try to execute user window manager if enabled */ ++ if (g_cfg->enable_user_wm) + { +- log_message(LOG_LEVEL_ERROR, "another Xserver might " +- "already be active on display %d - see log", display); ++ g_sprintf(text, "%s/%s", g_getenv("HOME"), g_cfg->user_wm); ++ if (g_file_exist(text)) ++ { ++ g_execlp3(text, g_cfg->user_wm, 0); ++ log_message(LOG_LEVEL_ALWAYS, "error starting user " ++ "wm for user %s - pid %d", s->username, g_getpid()); ++ /* logging parameters */ ++ log_message(LOG_LEVEL_DEBUG, "errno: %d, " ++ "description: %s", g_get_errno(), g_get_strerror()); ++ log_message(LOG_LEVEL_DEBUG, "execlp3 parameter " ++ "list:"); ++ log_message(LOG_LEVEL_DEBUG, " argv[0] = %s", ++ text); ++ log_message(LOG_LEVEL_DEBUG, " argv[1] = %s", ++ g_cfg->user_wm); ++ } + } ++ /* if we're here something happened to g_execlp3 ++ so we try running the default window manager */ ++ g_sprintf(text, "%s/%s", XRDP_CFG_PATH, g_cfg->default_wm); ++ g_execlp3(text, g_cfg->default_wm, 0); + +- log_message(LOG_LEVEL_DEBUG, "aborting connection..."); +- g_exit(0); ++ log_message(LOG_LEVEL_ALWAYS, "error starting default " ++ "wm for user %s - pid %d", s->username, g_getpid()); ++ /* logging parameters */ ++ log_message(LOG_LEVEL_DEBUG, "errno: %d, description: " ++ "%s", g_get_errno(), g_get_strerror()); ++ log_message(LOG_LEVEL_DEBUG, "execlp3 parameter list:"); ++ log_message(LOG_LEVEL_DEBUG, " argv[0] = %s", ++ text); ++ log_message(LOG_LEVEL_DEBUG, " argv[1] = %s", ++ g_cfg->default_wm); ++ ++ /* still a problem starting window manager just start xterm */ ++ g_execlp3("xterm", "xterm", 0); ++ ++ /* should not get here */ ++ log_message(LOG_LEVEL_ALWAYS, "error starting xterm " ++ "for user %s - pid %d", s->username, g_getpid()); ++ /* logging parameters */ ++ log_message(LOG_LEVEL_DEBUG, "errno: %d, description: " ++ "%s", g_get_errno(), g_get_strerror()); + } + else + { +- g_waitpid(pampid); +- auth_stop_session(data); +- g_deinit(); +- g_exit(0); ++ log_message(LOG_LEVEL_ERROR, "another Xserver might " ++ "already be active on display %d - see log", display); + } ++ ++ log_message(LOG_LEVEL_DEBUG, "aborting connection..."); ++ g_exit(0); + } + else + { +@@ -828,12 +775,17 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) + else + { + wait_for_xserver(display); +- g_snprintf(text, 255, "%d", display); +- g_setenv("XRDP_SESSVC_DISPLAY", text, 1); +- g_snprintf(text, 255, ":%d.0", display); +- g_setenv("DISPLAY", text, 1); +- /* new style waiting for clients */ +- session_start_sessvc(xpid, wmpid, data, s->username, display); ++ g_sck_close(c->in_sck); ++ log_end(); ++ cspid = session_start_chansrv(s->username, display); ++ g_waitpid(wmpid); ++ auth_stop_session(data); ++ auth_end(data); ++ g_sigterm(xpid); ++ g_sigterm(wmpid); ++ g_sigterm(cspid); ++ g_deinit(); ++ g_exit(0); + } + } + } +@@ -911,9 +863,10 @@ session_reconnect_fork(int display, char *username) + /* called by a worker thread, ask the main thread to call session_sync_start + and wait till done */ + int +-session_start(long data, tui8 type, struct SCP_SESSION *s) ++session_start(long data, tui8 type, struct SCP_CONNECTION *c, ++ struct SCP_SESSION *s) + { +- return session_start_fork(data, type, s); ++ return session_start_fork(data, type, c, s); + } + + /******************************************************************************/ +diff --git a/sesman/session.h b/sesman/session.h +index 4533a1a..a9884a2 100644 +--- a/sesman/session.h ++++ b/sesman/session.h +@@ -105,7 +105,8 @@ session_get_bydata(const char *name, int width, int height, int bpp, int type, + * + */ + int +-session_start(long data, tui8 type, struct SCP_SESSION *s); ++session_start(long data, tui8 type, struct SCP_CONNECTION *c, ++ struct SCP_SESSION *s); + + int + session_reconnect(int display, char* username); + +From e40b9e3142033a5a67ef22ae645c47dd7574a983 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Wed, 15 Mar 2017 21:36:10 -0700 +Subject: [PATCH 03/10] sesman: remove sessvc from build + +--- + configure.ac | 1 - + sesman/Makefile.am | 1 - + sesman/sessvc/Makefile.am | 16 ----- + sesman/sessvc/sessvc.c | 166 ---------------------------------------------- + 4 files changed, 184 deletions(-) + delete mode 100644 sesman/sessvc/Makefile.am + delete mode 100644 sesman/sessvc/sessvc.c + +diff --git a/configure.ac b/configure.ac +index 68620e1..0e2aaf7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -328,7 +328,6 @@ AC_CONFIG_FILES([ + sesman/chansrv/Makefile + sesman/libscp/Makefile + sesman/Makefile +- sesman/sessvc/Makefile + sesman/tools/Makefile + vnc/Makefile + xrdpapi/Makefile +diff --git a/sesman/Makefile.am b/sesman/Makefile.am +index d965f46..e1ccaaa 100644 +--- a/sesman/Makefile.am ++++ b/sesman/Makefile.am +@@ -82,5 +82,4 @@ dist_sesmansysconf_SCRIPTS = \ + SUBDIRS = \ + libscp \ + tools \ +- sessvc \ + chansrv +diff --git a/sesman/sessvc/Makefile.am b/sesman/sessvc/Makefile.am +deleted file mode 100644 +index c2714b9..0000000 +--- a/sesman/sessvc/Makefile.am ++++ /dev/null +@@ -1,16 +0,0 @@ +- +-AM_CPPFLAGS = \ +- -DXRDP_CFG_PATH=\"${sysconfdir}/xrdp\" \ +- -DXRDP_SBIN_PATH=\"${sbindir}\" \ +- -DXRDP_SHARE_PATH=\"${datadir}/xrdp\" \ +- -DXRDP_PID_PATH=\"${localstatedir}/run\" \ +- -I$(top_srcdir)/common +- +-sbin_PROGRAMS = \ +- xrdp-sessvc +- +-xrdp_sessvc_SOURCES = \ +- sessvc.c +- +-xrdp_sessvc_LDADD = \ +- $(top_builddir)/common/libcommon.la +diff --git a/sesman/sessvc/sessvc.c b/sesman/sessvc/sessvc.c +deleted file mode 100644 +index 2426b69..0000000 +--- a/sesman/sessvc/sessvc.c ++++ /dev/null +@@ -1,166 +0,0 @@ +-/** +- * xrdp: A Remote Desktop Protocol server. +- * +- * Copyright (C) Jay Sorg 2004-2013 +- * +- * Licensed under the Apache License, Version 2.0 (the "License"); +- * you may not use this file except in compliance with the License. +- * You may obtain a copy of the License at +- * +- * http://www.apache.org/licenses/LICENSE-2.0 +- * +- * Unless required by applicable law or agreed to in writing, software +- * distributed under the License is distributed on an "AS IS" BASIS, +- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +- * See the License for the specific language governing permissions and +- * limitations under the License. +- */ +- +-/** +- * +- * @file sessvc.c +- * @brief Session supervisor +- * @author Simone Fedele +- * +- */ +- +-#if defined(HAVE_CONFIG_H) +-#include "config_ac.h" +-#endif +-#include "file_loc.h" +-#include "os_calls.h" +-#include "arch.h" +- +-static int g_term = 0; +- +-/*****************************************************************************/ +-void +-term_signal_handler(int sig) +-{ +- g_writeln("xrdp-sessvc: term_signal_handler: got signal %d", sig); +- g_term = 1; +-} +- +-/*****************************************************************************/ +-void +-nil_signal_handler(int sig) +-{ +- g_writeln("xrdp-sessvc: nil_signal_handler: got signal %d", sig); +-} +- +-/******************************************************************************/ +-/* chansrv can exit at any time without cleaning up, it's an xlib app */ +-int +-chansrv_cleanup(int pid) +-{ +- char text[256]; +- +- g_snprintf(text, 255, "/tmp/.xrdp/xrdp_chansrv_%8.8x_main_term", pid); +- +- if (g_file_exist(text)) +- { +- g_file_delete(text); +- } +- +- g_snprintf(text, 255, "/tmp/.xrdp/xrdp_chansrv_%8.8x_thread_done", pid); +- +- if (g_file_exist(text)) +- { +- g_file_delete(text); +- } +- +- return 0; +-} +- +-/******************************************************************************/ +-int +-main(int argc, char **argv) +-{ +- int ret = 0; +- int chansrv_pid = 0; +- int wm_pid = 0; +- int x_pid = 0; +- int lerror = 0; +- char exe_path[262]; +- +- g_init("xrdp-sessvc"); +- g_memset(exe_path, 0, sizeof(exe_path)); +- +- if (argc < 3) +- { +- g_writeln("xrdp-sessvc: exiting, not enough parameters"); +- g_deinit(); +- return 1; +- } +- +- g_signal_terminate(term_signal_handler); /* SIGTERM */ +- g_signal_user_interrupt(term_signal_handler); /* SIGINT */ +- g_signal_pipe(nil_signal_handler); /* SIGPIPE */ +- x_pid = g_atoi(argv[1]); +- wm_pid = g_atoi(argv[2]); +- g_writeln("xrdp-sessvc: waiting for X (pid %d) and WM (pid %d)", +- x_pid, wm_pid); +- /* run xrdp-chansrv as a separate process */ +- chansrv_pid = g_fork(); +- +- if (chansrv_pid == -1) +- { +- g_writeln("xrdp-sessvc: fork error"); +- g_deinit(); +- return 1; +- } +- else if (chansrv_pid == 0) /* child */ +- { +- g_set_current_dir(XRDP_SBIN_PATH); +- g_snprintf(exe_path, 261, "%s/xrdp-chansrv", XRDP_SBIN_PATH); +- g_execlp3(exe_path, "xrdp-chansrv", 0); +- /* should not get here */ +- g_writeln("xrdp-sessvc: g_execlp3() failed"); +- g_deinit(); +- return 1; +- } +- +- lerror = 0; +- /* wait for window manager to get done */ +- ret = g_waitpid(wm_pid); +- +- while ((ret == 0) && !g_term) +- { +- ret = g_waitpid(wm_pid); +- g_sleep(1); +- } +- +- if (ret < 0) +- { +- lerror = g_get_errno(); +- } +- +- g_writeln("xrdp-sessvc: WM is dead (waitpid said %d, errno is %d) " +- "exiting...", ret, lerror); +- /* kill channel server */ +- g_writeln("xrdp-sessvc: stopping channel server"); +- g_sigterm(chansrv_pid); +- ret = g_waitpid(chansrv_pid); +- +- while ((ret == 0) && !g_term) +- { +- ret = g_waitpid(chansrv_pid); +- g_sleep(1); +- } +- +- chansrv_cleanup(chansrv_pid); +- /* kill X server */ +- g_writeln("xrdp-sessvc: stopping X server"); +- g_sigterm(x_pid); +- ret = g_waitpid(x_pid); +- +- while ((ret == 0) && !g_term) +- { +- ret = g_waitpid(x_pid); +- g_sleep(1); +- } +- +- g_writeln("xrdp-sessvc: clean exit"); +- g_deinit(); +- return 0; +-} + +From 30b0831cf4925753e8490a4dbbd930f6546e7627 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Wed, 15 Mar 2017 21:42:35 -0700 +Subject: [PATCH 04/10] sesman: close in_sck with other cleanup + +--- + sesman/session.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sesman/session.c b/sesman/session.c +index d3f30a6..31c1f83 100644 +--- a/sesman/session.c ++++ b/sesman/session.c +@@ -462,6 +462,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c, + { + g_delete_wait_obj(g_term_event); + g_tcp_close(g_sck); ++ g_tcp_close(c->in_sck); + g_sprintf(geometry, "%dx%d", s->width, s->height); + g_sprintf(depth, "%d", s->bpp); + g_sprintf(screen, ":%d", display); +@@ -775,7 +776,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c, + else + { + wait_for_xserver(display); +- g_sck_close(c->in_sck); + log_end(); + cspid = session_start_chansrv(s->username, display); + g_waitpid(wmpid); + +From cd145b26327eda3129989774430df02ea7ae2377 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Wed, 15 Mar 2017 21:51:28 -0700 +Subject: [PATCH 05/10] docs: remove sessvc from man pages + +--- + docs/man/Makefile.am | 3 +-- + docs/man/xrdp-sessvc.8.in | 26 -------------------------- + 2 files changed, 1 insertion(+), 28 deletions(-) + delete mode 100644 docs/man/xrdp-sessvc.8.in + +diff --git a/docs/man/Makefile.am b/docs/man/Makefile.am +index 705def0..39b2216 100644 +--- a/docs/man/Makefile.am ++++ b/docs/man/Makefile.am +@@ -8,8 +8,7 @@ man_MANS = \ + xrdp-keygen.8 \ + xrdp-sesadmin.8 \ + xrdp-sesman.8 \ +- xrdp-sesrun.8 \ +- xrdp-sessvc.8 ++ xrdp-sesrun.8 + + EXTRA_DIST = $(man_MANS:=.in) + +diff --git a/docs/man/xrdp-sessvc.8.in b/docs/man/xrdp-sessvc.8.in +deleted file mode 100644 +index 92ca7c2..0000000 +--- a/docs/man/xrdp-sessvc.8.in ++++ /dev/null +@@ -1,26 +0,0 @@ +-.TH "xrdp\-sessvc" "8" "@PACKAGE_VERSION@" "xrdp team" "" +-.SH "NAME" +-xrdp\-sessvc \- \fBxrdp\fR session supervisor +- +-.SH "SYNTAX" +-.B xrdp\-sessvc +-.I x_pid wm_pid +- +-.SH "DESCRIPTION" +-\fBxrdp\-sessvc\fR is the \fBxrdp\fR(8) session supervisor, which monitors the running X server and Windows Manager. +-As soon as one of them quits, the other process is terminated as well. +-.br +-This program is only executed internally by \fBxrdp\-sesman\fP(8). +- +-.SH "OPTIONS" +-.TP +-.I x_pid +-The process ID of the forked X server to monitor. +-.TP +-.I wm_pid +-The process ID of the forked Window Manager to monitor. +- +-.SH "SEE ALSO" +-.BR xrdp\-sesrun (8). +- +-for more info on \fBxrdp\fR see http://www.xrdp.org/ + +From c6e831a491145dcd215abd1631df802f89b5e38c Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Wed, 15 Mar 2017 22:47:03 -0700 +Subject: [PATCH 06/10] sesman: log if chansrv can not start up + +--- + sesman/session.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/sesman/session.c b/sesman/session.c +index 31c1f83..0d734ec 100644 +--- a/sesman/session.c ++++ b/sesman/session.c +@@ -374,7 +374,10 @@ session_start_chansrv(char *username, int display) + + /* executing chansrv */ + g_execvp(exe_path, (char **) (chansrv_params->items)); +- /* failed */ ++ /* should not get here */ ++ log_message(LOG_LEVEL_ALWAYS, "error starting chansrv " ++ "- user %s - pid %d", username, g_getpid()); ++ list_delete(chansrv_params); + g_exit(1); + } + return cspid; +@@ -776,7 +779,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c, + else + { + wait_for_xserver(display); +- log_end(); + cspid = session_start_chansrv(s->username, display); + g_waitpid(wmpid); + auth_stop_session(data); + +From 4dab6c3606ebfb307179b1984f07e96e4772cf55 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Wed, 15 Mar 2017 23:06:02 -0700 +Subject: [PATCH 07/10] sesman: add some logging + +--- + sesman/session.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/sesman/session.c b/sesman/session.c +index 0d734ec..d13a3d0 100644 +--- a/sesman/session.c ++++ b/sesman/session.c +@@ -780,7 +780,11 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c, + { + wait_for_xserver(display); + cspid = session_start_chansrv(s->username, display); ++ log_message(LOG_LEVEL_ALWAYS, "waiting for window manager " ++ "pid(%d) to exit", wmpid); + g_waitpid(wmpid); ++ log_message(LOG_LEVEL_ALWAYS, "window manager pid(%d) did " ++ "exit, cleaning up session", wmpid); + auth_stop_session(data); + auth_end(data); + g_sigterm(xpid); + From 44129acd210c803fc8bbcfaf1b0db05e5bb4034f Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Thu, 16 Mar 2017 20:36:50 -0700 @@ -87,3 +905,95 @@ index d13a3d0..775795b 100644 log_message(LOG_LEVEL_INFO, "++ terminated session: username %s, display :%d.0, session_pid %d, ip %s", tmp->item->name, tmp->item->display, tmp->item->pid, tmp->item->client_ip); g_free(tmp->item); +From 8ec23e005c77d4f9e349b735357a059a80ab3b42 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Thu, 16 Mar 2017 20:50:24 -0700 +Subject: [PATCH 09/10] sesman: fix a warning + +--- + sesman/scp_v0.c | 2 +- + sesman/scp_v1.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c +index 2780196..11c1652 100644 +--- a/sesman/scp_v0.c ++++ b/sesman/scp_v0.c +@@ -42,7 +42,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + int errorcode = 0; + + data = auth_userpass(s->username, s->password, &errorcode); +- if (data != NULL) ++ if (data != 0) + { + auth_start_session(data, display); + } +diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c +index 509a9a0..b0f6b20 100644 +--- a/sesman/scp_v1.c ++++ b/sesman/scp_v1.c +@@ -56,7 +56,7 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + + data = auth_userpass(s->username, s->password,NULL); + /*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/ +- if (data != NULL) ++ if (data != 0) + { + auth_start_session(data, display); + } + +From c0df4bc26afdc8a0c96c3035be462e36c86d1cf4 Mon Sep 17 00:00:00 2001 +From: Jay Sorg +Date: Thu, 16 Mar 2017 21:13:03 -0700 +Subject: [PATCH 10/10] sesman: auth_start_session needs to be in + session_start_fork for display + +--- + sesman/scp_v0.c | 4 ---- + sesman/scp_v1.c | 5 ----- + sesman/session.c | 1 + + 3 files changed, 1 insertion(+), 9 deletions(-) + +diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c +index 11c1652..3eb11f5 100644 +--- a/sesman/scp_v0.c ++++ b/sesman/scp_v0.c +@@ -42,10 +42,6 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + int errorcode = 0; + + data = auth_userpass(s->username, s->password, &errorcode); +- if (data != 0) +- { +- auth_start_session(data, display); +- } + + if (s->type == SCP_GW_AUTHENTICATION) + { +diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c +index b0f6b20..7266072 100644 +--- a/sesman/scp_v1.c ++++ b/sesman/scp_v1.c +@@ -56,11 +56,6 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + + data = auth_userpass(s->username, s->password,NULL); + /*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/ +- if (data != 0) +- { +- auth_start_session(data, display); +- } +- + while ((!data) && ((retries == 0) || (current_try > 0))) + { + LOG_DBG("data %d - retry %d - currenttry %d - expr %d", +diff --git a/sesman/session.c b/sesman/session.c +index 775795b..f8e5844 100644 +--- a/sesman/session.c ++++ b/sesman/session.c +@@ -455,6 +455,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c, + return 0; + } + ++ auth_start_session(data, display); + pid = g_fork(); /* parent is fork from tcp accept, + child forks X and wm, then becomes scp */ +