diff --git a/sesman/Makefile.am b/sesman/Makefile.am index 6b71e4bf..89b99f54 100644 --- a/sesman/Makefile.am +++ b/sesman/Makefile.am @@ -57,6 +57,8 @@ xrdp_sesman_SOURCES = \ session.h \ sig.c \ sig.h \ + xauth.c \ + xauth.h \ $(AUTH_C) xrdp_sesman_LDADD = \ diff --git a/sesman/session.c b/sesman/session.c index 783665cf..4e51867f 100644 --- a/sesman/session.c +++ b/sesman/session.c @@ -39,6 +39,7 @@ #include "sesman.h" #include "libscp_types.h" +#include "xauth.h" #ifndef PR_SET_NO_NEW_PRIVS #define PR_SET_NO_NEW_PRIVS 38 @@ -441,6 +442,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) struct list *xserver_params = (struct list *)NULL; struct tm stime; time_t ltime; + char authfile[256]; /* The filename for storing xauth informations */ /* initialize (zero out) local variables: */ g_memset(<ime, 0, sizeof(time_t)); @@ -676,6 +678,22 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) g_snprintf(text, 255, "%d", g_cfg->sess.kill_disconnected); g_setenv("XRDP_SESMAN_KILL_DISCONNECTED", text, 1); + /* prepare the Xauthority stuff */ + if (g_getenv("XAUTHORITY") != NULL) + { + g_snprintf(authfile, 255, "%s", g_getenv("XAUTHORITY")); + } + else + { + g_snprintf(authfile, 255, "%s", ".Xauthority"); + } + + /* Add the entry in XAUTHORITY file or exit if error */ + if (add_xauth_cookie(display, authfile) != 0) + { + g_exit(1); + } + if (type == SESMAN_SESSION_TYPE_XORG) { #ifdef HAVE_SYS_PRCTL_H @@ -702,6 +720,8 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) /* these are the must have parameters */ list_add_item(xserver_params, (tintptr) g_strdup(xserver)); list_add_item(xserver_params, (tintptr) g_strdup(screen)); + list_add_item(xserver_params, (tintptr) g_strdup("-auth")); + list_add_item(xserver_params, (tintptr) g_strdup(authfile)); /* additional parameters from sesman.ini file */ list_append_list_strdup(g_cfg->xorg_params, xserver_params, 1); @@ -737,6 +757,8 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) /* these are the must have parameters */ list_add_item(xserver_params, (tintptr)g_strdup(xserver)); list_add_item(xserver_params, (tintptr)g_strdup(screen)); + list_add_item(xserver_params, (tintptr)g_strdup("-auth")); + list_add_item(xserver_params, (tintptr)g_strdup(authfile)); list_add_item(xserver_params, (tintptr)g_strdup("-geometry")); list_add_item(xserver_params, (tintptr)g_strdup(geometry)); list_add_item(xserver_params, (tintptr)g_strdup("-depth")); @@ -768,6 +790,8 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s) /* these are the must have parameters */ list_add_item(xserver_params, (tintptr)g_strdup(xserver)); list_add_item(xserver_params, (tintptr)g_strdup(screen)); + list_add_item(xserver_params, (tintptr)g_strdup("-auth")); + list_add_item(xserver_params, (tintptr)g_strdup(authfile)); list_add_item(xserver_params, (tintptr)g_strdup("-geometry")); list_add_item(xserver_params, (tintptr)g_strdup(geometry)); list_add_item(xserver_params, (tintptr)g_strdup("-depth")); diff --git a/sesman/xauth.c b/sesman/xauth.c new file mode 100644 index 00000000..003fb866 --- /dev/null +++ b/sesman/xauth.c @@ -0,0 +1,62 @@ +/** + * xrdp: A Remote Desktop Protocol server. + * + * Copyright (C) Emmanuel Blindauer 2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * + * @file xauth.c + * @brief XAUTHORITY handling code + * + */ + +#include +#include "log.h" +#include "os_calls.h" + + +/******************************************************************************/ +int DEFAULT_CC +add_xauth_cookie(int display, const char *file) +{ + FILE *dp; + char cookie_str[33]; + char cookie_bin[16]; + char xauth_str[256]; + int ret; + + g_random(cookie_bin, 16); + g_bytes_to_hexstr(cookie_bin, 16, cookie_str, 33); + + g_sprintf(xauth_str, "xauth -q -f %s add :%d . %s", + file, display, cookie_str); + + dp = popen(xauth_str, "r"); + if (dp == NULL) + { + log_message(LOG_LEVEL_ERROR, "Unable to launch xauth"); + return 1; + } + + ret = pclose(dp); + if (ret < 0) + { + log_message(LOG_LEVEL_ERROR, "An error occurred while running xauth"); + return 1; + } + + return 0; +} diff --git a/sesman/xauth.h b/sesman/xauth.h new file mode 100644 index 00000000..3254d635 --- /dev/null +++ b/sesman/xauth.h @@ -0,0 +1,41 @@ +/** + * xrdp: A Remote Desktop Protocol server. + * + * Copyright (C) Emmanuel Blindauer 2016 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * + * @file xauth.c + * @brief XAUTHORITY handling code + * + */ + +#ifndef XAUTH_H +#define XAUTH_H + +/** + * + * @brief create the XAUTHORITY file for the user according to the display and the cookie + * xauth uses XAUTHORITY if defined, ~/.Xauthority otherwise + * @param display The session display + * @param file If not NULL, write the authorization in the file instead of default location + * @return 0 if adding the cookie is ok + */ + +int DEFAULT_CC +add_xauth_cookie(int display, const char *file); + +#endif