Patch CVE-2017-6967.

This commit is contained in:
Bojan Smojver 2017-03-21 19:12:27 +11:00
parent fdd3ba2522
commit 34847db9aa
2 changed files with 1004 additions and 1 deletions

View File

@ -0,0 +1,999 @@
From 9d9c842b7861ef7a419c78d69b72202f7a7dbfc8 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Tue, 14 Mar 2017 09:53:17 -0700
Subject: [PATCH 01/10] sesman: auth session before fork
---
sesman/session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sesman/session.c b/sesman/session.c
index 06e44cf..2241e54 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -531,6 +531,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
g_getpid());
}
#endif
+ auth_start_session(data, display);
wmpid = g_fork(); /* parent becomes X,
child forks wm, and waits, todo */
if (wmpid == -1)
@@ -539,7 +540,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
else if (wmpid == 0)
{
wait_for_xserver(display);
- auth_start_session(data, display);
pampid = g_fork(); /* parent waits, todo
child becomes wm */
if (pampid == -1)
From 49e7de2621ca73999cdeb28990d0d06ea67b7205 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Wed, 15 Mar 2017 20:47:06 -0700
Subject: [PATCH 02/10] sesman: do not start up sessvc, just do wait, kill in
sesman
---
sesman/scp_v0.c | 6 +-
sesman/scp_v1.c | 4 +-
sesman/session.c | 275 +++++++++++++++++++++++--------------------------------
sesman/session.h | 3 +-
4 files changed, 121 insertions(+), 167 deletions(-)
diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c
index a6a1060..a1c919e 100644
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
@@ -122,18 +122,18 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
if (SCP_SESSION_TYPE_XVNC == s->type)
{
log_message( LOG_LEVEL_INFO, "starting Xvnc session...");
- display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s);
+ display = session_start(data, SESMAN_SESSION_TYPE_XVNC, c, s);
}
else if (SCP_SESSION_TYPE_XRDP == s->type)
{
log_message(LOG_LEVEL_INFO, "starting X11rdp session...");
- display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s);
+ display = session_start(data, SESMAN_SESSION_TYPE_XRDP, c, s);
}
else if (SCP_SESSION_TYPE_XORG == s->type)
{
/* type is SCP_SESSION_TYPE_XORG */
log_message(LOG_LEVEL_INFO, "starting Xorg session...");
- display = session_start(data, SESMAN_SESSION_TYPE_XORG, s);
+ display = session_start(data, SESMAN_SESSION_TYPE_XORG, c, s);
}
}
else
diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c
index 74668ef..f865271 100644
--- a/sesman/scp_v1.c
+++ b/sesman/scp_v1.c
@@ -126,12 +126,12 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
if (SCP_SESSION_TYPE_XVNC == s->type)
{
log_message(LOG_LEVEL_INFO, "starting Xvnc session...");
- display = session_start(data, SESMAN_SESSION_TYPE_XVNC, s);
+ display = session_start(data, SESMAN_SESSION_TYPE_XVNC, c, s);
}
else
{
log_message(LOG_LEVEL_INFO, "starting X11rdp session...");
- display = session_start(data, SESMAN_SESSION_TYPE_XRDP, s);
+ display = session_start(data, SESMAN_SESSION_TYPE_XRDP, c, s);
}
e = scp_v1s_connect_new_session(c, display);
diff --git a/sesman/session.c b/sesman/session.c
index 2241e54..d3f30a6 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -269,77 +269,6 @@ x_server_running(int display)
}
/******************************************************************************/
-static void
-session_start_sessvc(int xpid, int wmpid, long data, char *username, int display)
-{
- struct list *sessvc_params = (struct list *)NULL;
- char wmpid_str[25];
- char xpid_str[25];
- char exe_path[262];
- int i = 0;
-
- /* initialize (zero out) local variables: */
- g_memset(wmpid_str, 0, sizeof(char) * 25);
- g_memset(xpid_str, 0, sizeof(char) * 25);
- g_memset(exe_path, 0, sizeof(char) * 262);
-
- /* new style waiting for clients */
- g_sprintf(wmpid_str, "%d", wmpid);
- g_sprintf(xpid_str, "%d", xpid);
- log_message(LOG_LEVEL_INFO,
- "starting xrdp-sessvc - xpid=%s - wmpid=%s",
- xpid_str, wmpid_str);
-
- sessvc_params = list_create();
- sessvc_params->auto_free = 1;
-
- /* building parameters */
- g_snprintf(exe_path, 261, "%s/xrdp-sessvc", XRDP_SBIN_PATH);
-
- list_add_item(sessvc_params, (tintptr)g_strdup(exe_path));
- list_add_item(sessvc_params, (tintptr)g_strdup(xpid_str));
- list_add_item(sessvc_params, (tintptr)g_strdup(wmpid_str));
- list_add_item(sessvc_params, 0); /* mandatory */
-
- env_set_user(username,
- 0,
- display,
- g_cfg->session_variables1,
- g_cfg->session_variables2);
-
- /* executing sessvc */
- g_execvp(exe_path, ((char **)sessvc_params->items));
-
- /* should not get here */
- log_message(LOG_LEVEL_ALWAYS,
- "error starting xrdp-sessvc - pid %d - xpid=%s - wmpid=%s",
- g_getpid(), xpid_str, wmpid_str);
-
- /* logging parameters */
- /* no problem calling strerror for thread safety: other threads
- are blocked */
- log_message(LOG_LEVEL_DEBUG, "errno: %d, description: %s",
- g_get_errno(), g_get_strerror());
- log_message(LOG_LEVEL_DEBUG, "execve parameter list:");
-
- for (i = 0; i < (sessvc_params->count); i++)
- {
- log_message(LOG_LEVEL_DEBUG, " argv[%d] = %s", i,
- (char *)list_get_item(sessvc_params, i));
- }
-
- list_delete(sessvc_params);
-
- /* keep the old waitpid if some error occurs during execlp */
- g_waitpid(wmpid);
- g_sigterm(xpid);
- g_sigterm(wmpid);
- g_sleep(1000);
- auth_end(data);
- g_exit(0);
-}
-
-/******************************************************************************/
/* called with the main thread
returns boolean */
static int
@@ -420,15 +349,48 @@ wait_for_xserver(int display)
}
/******************************************************************************/
+static int
+session_start_chansrv(char *username, int display)
+{
+ struct list *chansrv_params;
+ char exe_path[262];
+ int cspid;
+
+ cspid = g_fork();
+ if (cspid == 0)
+ {
+ chansrv_params = list_create();
+ chansrv_params->auto_free = 1;
+
+ /* building parameters */
+ g_snprintf(exe_path, 261, "%s/xrdp-chansrv", XRDP_SBIN_PATH);
+
+ list_add_item(chansrv_params, (intptr_t) g_strdup(exe_path));
+ list_add_item(chansrv_params, 0); /* mandatory */
+
+ env_set_user(username, 0, display,
+ g_cfg->session_variables1,
+ g_cfg->session_variables2);
+
+ /* executing chansrv */
+ g_execvp(exe_path, (char **) (chansrv_params->items));
+ /* failed */
+ g_exit(1);
+ }
+ return cspid;
+}
+
+/******************************************************************************/
/* called with the main thread */
static int
-session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
+session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
+ struct SCP_SESSION *s)
{
int display = 0;
int pid = 0;
int wmpid = 0;
- int pampid = 0;
int xpid = 0;
+ int cspid = 0;
int i = 0;
char geometry[32];
char depth[32];
@@ -540,100 +502,85 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
else if (wmpid == 0)
{
wait_for_xserver(display);
- pampid = g_fork(); /* parent waits, todo
- child becomes wm */
- if (pampid == -1)
- {
- }
- else if (pampid == 0)
+ env_set_user(s->username,
+ 0,
+ display,
+ g_cfg->session_variables1,
+ g_cfg->session_variables2);
+ if (x_server_running(display))
{
- env_set_user(s->username,
- 0,
- display,
- g_cfg->session_variables1,
- g_cfg->session_variables2);
- if (x_server_running(display))
+ auth_set_env(data);
+ if (s->directory != 0)
{
- auth_set_env(data);
- if (s->directory != 0)
+ if (s->directory[0] != 0)
{
- if (s->directory[0] != 0)
- {
- g_set_current_dir(s->directory);
- }
+ g_set_current_dir(s->directory);
}
- if (s->program != 0)
- {
- if (s->program[0] != 0)
- {
- g_execlp3(s->program, s->program, 0);
- log_message(LOG_LEVEL_ALWAYS,
- "error starting program %s for user %s - pid %d",
- s->program, s->username, g_getpid());
- }
- }
- /* try to execute user window manager if enabled */
- if (g_cfg->enable_user_wm)
+ }
+ if (s->program != 0)
+ {
+ if (s->program[0] != 0)
{
- g_sprintf(text, "%s/%s", g_getenv("HOME"), g_cfg->user_wm);
- if (g_file_exist(text))
- {
- g_execlp3(text, g_cfg->user_wm, 0);
- log_message(LOG_LEVEL_ALWAYS, "error starting user "
- "wm for user %s - pid %d", s->username, g_getpid());
- /* logging parameters */
- log_message(LOG_LEVEL_DEBUG, "errno: %d, "
- "description: %s", g_get_errno(), g_get_strerror());
- log_message(LOG_LEVEL_DEBUG, "execlp3 parameter "
- "list:");
- log_message(LOG_LEVEL_DEBUG, " argv[0] = %s",
- text);
- log_message(LOG_LEVEL_DEBUG, " argv[1] = %s",
- g_cfg->user_wm);
- }
+ g_execlp3(s->program, s->program, 0);
+ log_message(LOG_LEVEL_ALWAYS,
+ "error starting program %s for user %s - pid %d",
+ s->program, s->username, g_getpid());
}
- /* if we're here something happened to g_execlp3
- so we try running the default window manager */
- g_sprintf(text, "%s/%s", XRDP_CFG_PATH, g_cfg->default_wm);
- g_execlp3(text, g_cfg->default_wm, 0);
-
- log_message(LOG_LEVEL_ALWAYS, "error starting default "
- "wm for user %s - pid %d", s->username, g_getpid());
- /* logging parameters */
- log_message(LOG_LEVEL_DEBUG, "errno: %d, description: "
- "%s", g_get_errno(), g_get_strerror());
- log_message(LOG_LEVEL_DEBUG, "execlp3 parameter list:");
- log_message(LOG_LEVEL_DEBUG, " argv[0] = %s",
- text);
- log_message(LOG_LEVEL_DEBUG, " argv[1] = %s",
- g_cfg->default_wm);
-
- /* still a problem starting window manager just start xterm */
- g_execlp3("xterm", "xterm", 0);
-
- /* should not get here */
- log_message(LOG_LEVEL_ALWAYS, "error starting xterm "
- "for user %s - pid %d", s->username, g_getpid());
- /* logging parameters */
- log_message(LOG_LEVEL_DEBUG, "errno: %d, description: "
- "%s", g_get_errno(), g_get_strerror());
}
- else
+ /* try to execute user window manager if enabled */
+ if (g_cfg->enable_user_wm)
{
- log_message(LOG_LEVEL_ERROR, "another Xserver might "
- "already be active on display %d - see log", display);
+ g_sprintf(text, "%s/%s", g_getenv("HOME"), g_cfg->user_wm);
+ if (g_file_exist(text))
+ {
+ g_execlp3(text, g_cfg->user_wm, 0);
+ log_message(LOG_LEVEL_ALWAYS, "error starting user "
+ "wm for user %s - pid %d", s->username, g_getpid());
+ /* logging parameters */
+ log_message(LOG_LEVEL_DEBUG, "errno: %d, "
+ "description: %s", g_get_errno(), g_get_strerror());
+ log_message(LOG_LEVEL_DEBUG, "execlp3 parameter "
+ "list:");
+ log_message(LOG_LEVEL_DEBUG, " argv[0] = %s",
+ text);
+ log_message(LOG_LEVEL_DEBUG, " argv[1] = %s",
+ g_cfg->user_wm);
+ }
}
+ /* if we're here something happened to g_execlp3
+ so we try running the default window manager */
+ g_sprintf(text, "%s/%s", XRDP_CFG_PATH, g_cfg->default_wm);
+ g_execlp3(text, g_cfg->default_wm, 0);
- log_message(LOG_LEVEL_DEBUG, "aborting connection...");
- g_exit(0);
+ log_message(LOG_LEVEL_ALWAYS, "error starting default "
+ "wm for user %s - pid %d", s->username, g_getpid());
+ /* logging parameters */
+ log_message(LOG_LEVEL_DEBUG, "errno: %d, description: "
+ "%s", g_get_errno(), g_get_strerror());
+ log_message(LOG_LEVEL_DEBUG, "execlp3 parameter list:");
+ log_message(LOG_LEVEL_DEBUG, " argv[0] = %s",
+ text);
+ log_message(LOG_LEVEL_DEBUG, " argv[1] = %s",
+ g_cfg->default_wm);
+
+ /* still a problem starting window manager just start xterm */
+ g_execlp3("xterm", "xterm", 0);
+
+ /* should not get here */
+ log_message(LOG_LEVEL_ALWAYS, "error starting xterm "
+ "for user %s - pid %d", s->username, g_getpid());
+ /* logging parameters */
+ log_message(LOG_LEVEL_DEBUG, "errno: %d, description: "
+ "%s", g_get_errno(), g_get_strerror());
}
else
{
- g_waitpid(pampid);
- auth_stop_session(data);
- g_deinit();
- g_exit(0);
+ log_message(LOG_LEVEL_ERROR, "another Xserver might "
+ "already be active on display %d - see log", display);
}
+
+ log_message(LOG_LEVEL_DEBUG, "aborting connection...");
+ g_exit(0);
}
else
{
@@ -828,12 +775,17 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
else
{
wait_for_xserver(display);
- g_snprintf(text, 255, "%d", display);
- g_setenv("XRDP_SESSVC_DISPLAY", text, 1);
- g_snprintf(text, 255, ":%d.0", display);
- g_setenv("DISPLAY", text, 1);
- /* new style waiting for clients */
- session_start_sessvc(xpid, wmpid, data, s->username, display);
+ g_sck_close(c->in_sck);
+ log_end();
+ cspid = session_start_chansrv(s->username, display);
+ g_waitpid(wmpid);
+ auth_stop_session(data);
+ auth_end(data);
+ g_sigterm(xpid);
+ g_sigterm(wmpid);
+ g_sigterm(cspid);
+ g_deinit();
+ g_exit(0);
}
}
}
@@ -911,9 +863,10 @@ session_reconnect_fork(int display, char *username)
/* called by a worker thread, ask the main thread to call session_sync_start
and wait till done */
int
-session_start(long data, tui8 type, struct SCP_SESSION *s)
+session_start(long data, tui8 type, struct SCP_CONNECTION *c,
+ struct SCP_SESSION *s)
{
- return session_start_fork(data, type, s);
+ return session_start_fork(data, type, c, s);
}
/******************************************************************************/
diff --git a/sesman/session.h b/sesman/session.h
index 4533a1a..a9884a2 100644
--- a/sesman/session.h
+++ b/sesman/session.h
@@ -105,7 +105,8 @@ session_get_bydata(const char *name, int width, int height, int bpp, int type,
*
*/
int
-session_start(long data, tui8 type, struct SCP_SESSION *s);
+session_start(long data, tui8 type, struct SCP_CONNECTION *c,
+ struct SCP_SESSION *s);
int
session_reconnect(int display, char* username);
From e40b9e3142033a5a67ef22ae645c47dd7574a983 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Wed, 15 Mar 2017 21:36:10 -0700
Subject: [PATCH 03/10] sesman: remove sessvc from build
---
configure.ac | 1 -
sesman/Makefile.am | 1 -
sesman/sessvc/Makefile.am | 16 -----
sesman/sessvc/sessvc.c | 166 ----------------------------------------------
4 files changed, 184 deletions(-)
delete mode 100644 sesman/sessvc/Makefile.am
delete mode 100644 sesman/sessvc/sessvc.c
diff --git a/configure.ac b/configure.ac
index 68620e1..0e2aaf7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -328,7 +328,6 @@ AC_CONFIG_FILES([
sesman/chansrv/Makefile
sesman/libscp/Makefile
sesman/Makefile
- sesman/sessvc/Makefile
sesman/tools/Makefile
vnc/Makefile
xrdpapi/Makefile
diff --git a/sesman/Makefile.am b/sesman/Makefile.am
index d965f46..e1ccaaa 100644
--- a/sesman/Makefile.am
+++ b/sesman/Makefile.am
@@ -82,5 +82,4 @@ dist_sesmansysconf_SCRIPTS = \
SUBDIRS = \
libscp \
tools \
- sessvc \
chansrv
diff --git a/sesman/sessvc/Makefile.am b/sesman/sessvc/Makefile.am
deleted file mode 100644
index c2714b9..0000000
--- a/sesman/sessvc/Makefile.am
+++ /dev/null
@@ -1,16 +0,0 @@
-
-AM_CPPFLAGS = \
- -DXRDP_CFG_PATH=\"${sysconfdir}/xrdp\" \
- -DXRDP_SBIN_PATH=\"${sbindir}\" \
- -DXRDP_SHARE_PATH=\"${datadir}/xrdp\" \
- -DXRDP_PID_PATH=\"${localstatedir}/run\" \
- -I$(top_srcdir)/common
-
-sbin_PROGRAMS = \
- xrdp-sessvc
-
-xrdp_sessvc_SOURCES = \
- sessvc.c
-
-xrdp_sessvc_LDADD = \
- $(top_builddir)/common/libcommon.la
diff --git a/sesman/sessvc/sessvc.c b/sesman/sessvc/sessvc.c
deleted file mode 100644
index 2426b69..0000000
--- a/sesman/sessvc/sessvc.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/**
- * xrdp: A Remote Desktop Protocol server.
- *
- * Copyright (C) Jay Sorg 2004-2013
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- *
- * @file sessvc.c
- * @brief Session supervisor
- * @author Simone Fedele
- *
- */
-
-#if defined(HAVE_CONFIG_H)
-#include "config_ac.h"
-#endif
-#include "file_loc.h"
-#include "os_calls.h"
-#include "arch.h"
-
-static int g_term = 0;
-
-/*****************************************************************************/
-void
-term_signal_handler(int sig)
-{
- g_writeln("xrdp-sessvc: term_signal_handler: got signal %d", sig);
- g_term = 1;
-}
-
-/*****************************************************************************/
-void
-nil_signal_handler(int sig)
-{
- g_writeln("xrdp-sessvc: nil_signal_handler: got signal %d", sig);
-}
-
-/******************************************************************************/
-/* chansrv can exit at any time without cleaning up, it's an xlib app */
-int
-chansrv_cleanup(int pid)
-{
- char text[256];
-
- g_snprintf(text, 255, "/tmp/.xrdp/xrdp_chansrv_%8.8x_main_term", pid);
-
- if (g_file_exist(text))
- {
- g_file_delete(text);
- }
-
- g_snprintf(text, 255, "/tmp/.xrdp/xrdp_chansrv_%8.8x_thread_done", pid);
-
- if (g_file_exist(text))
- {
- g_file_delete(text);
- }
-
- return 0;
-}
-
-/******************************************************************************/
-int
-main(int argc, char **argv)
-{
- int ret = 0;
- int chansrv_pid = 0;
- int wm_pid = 0;
- int x_pid = 0;
- int lerror = 0;
- char exe_path[262];
-
- g_init("xrdp-sessvc");
- g_memset(exe_path, 0, sizeof(exe_path));
-
- if (argc < 3)
- {
- g_writeln("xrdp-sessvc: exiting, not enough parameters");
- g_deinit();
- return 1;
- }
-
- g_signal_terminate(term_signal_handler); /* SIGTERM */
- g_signal_user_interrupt(term_signal_handler); /* SIGINT */
- g_signal_pipe(nil_signal_handler); /* SIGPIPE */
- x_pid = g_atoi(argv[1]);
- wm_pid = g_atoi(argv[2]);
- g_writeln("xrdp-sessvc: waiting for X (pid %d) and WM (pid %d)",
- x_pid, wm_pid);
- /* run xrdp-chansrv as a separate process */
- chansrv_pid = g_fork();
-
- if (chansrv_pid == -1)
- {
- g_writeln("xrdp-sessvc: fork error");
- g_deinit();
- return 1;
- }
- else if (chansrv_pid == 0) /* child */
- {
- g_set_current_dir(XRDP_SBIN_PATH);
- g_snprintf(exe_path, 261, "%s/xrdp-chansrv", XRDP_SBIN_PATH);
- g_execlp3(exe_path, "xrdp-chansrv", 0);
- /* should not get here */
- g_writeln("xrdp-sessvc: g_execlp3() failed");
- g_deinit();
- return 1;
- }
-
- lerror = 0;
- /* wait for window manager to get done */
- ret = g_waitpid(wm_pid);
-
- while ((ret == 0) && !g_term)
- {
- ret = g_waitpid(wm_pid);
- g_sleep(1);
- }
-
- if (ret < 0)
- {
- lerror = g_get_errno();
- }
-
- g_writeln("xrdp-sessvc: WM is dead (waitpid said %d, errno is %d) "
- "exiting...", ret, lerror);
- /* kill channel server */
- g_writeln("xrdp-sessvc: stopping channel server");
- g_sigterm(chansrv_pid);
- ret = g_waitpid(chansrv_pid);
-
- while ((ret == 0) && !g_term)
- {
- ret = g_waitpid(chansrv_pid);
- g_sleep(1);
- }
-
- chansrv_cleanup(chansrv_pid);
- /* kill X server */
- g_writeln("xrdp-sessvc: stopping X server");
- g_sigterm(x_pid);
- ret = g_waitpid(x_pid);
-
- while ((ret == 0) && !g_term)
- {
- ret = g_waitpid(x_pid);
- g_sleep(1);
- }
-
- g_writeln("xrdp-sessvc: clean exit");
- g_deinit();
- return 0;
-}
From 30b0831cf4925753e8490a4dbbd930f6546e7627 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Wed, 15 Mar 2017 21:42:35 -0700
Subject: [PATCH 04/10] sesman: close in_sck with other cleanup
---
sesman/session.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sesman/session.c b/sesman/session.c
index d3f30a6..31c1f83 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -462,6 +462,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
{
g_delete_wait_obj(g_term_event);
g_tcp_close(g_sck);
+ g_tcp_close(c->in_sck);
g_sprintf(geometry, "%dx%d", s->width, s->height);
g_sprintf(depth, "%d", s->bpp);
g_sprintf(screen, ":%d", display);
@@ -775,7 +776,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
else
{
wait_for_xserver(display);
- g_sck_close(c->in_sck);
log_end();
cspid = session_start_chansrv(s->username, display);
g_waitpid(wmpid);
From cd145b26327eda3129989774430df02ea7ae2377 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Wed, 15 Mar 2017 21:51:28 -0700
Subject: [PATCH 05/10] docs: remove sessvc from man pages
---
docs/man/Makefile.am | 3 +--
docs/man/xrdp-sessvc.8.in | 26 --------------------------
2 files changed, 1 insertion(+), 28 deletions(-)
delete mode 100644 docs/man/xrdp-sessvc.8.in
diff --git a/docs/man/Makefile.am b/docs/man/Makefile.am
index 705def0..39b2216 100644
--- a/docs/man/Makefile.am
+++ b/docs/man/Makefile.am
@@ -8,8 +8,7 @@ man_MANS = \
xrdp-keygen.8 \
xrdp-sesadmin.8 \
xrdp-sesman.8 \
- xrdp-sesrun.8 \
- xrdp-sessvc.8
+ xrdp-sesrun.8
EXTRA_DIST = $(man_MANS:=.in)
diff --git a/docs/man/xrdp-sessvc.8.in b/docs/man/xrdp-sessvc.8.in
deleted file mode 100644
index 92ca7c2..0000000
--- a/docs/man/xrdp-sessvc.8.in
+++ /dev/null
@@ -1,26 +0,0 @@
-.TH "xrdp\-sessvc" "8" "@PACKAGE_VERSION@" "xrdp team" ""
-.SH "NAME"
-xrdp\-sessvc \- \fBxrdp\fR session supervisor
-
-.SH "SYNTAX"
-.B xrdp\-sessvc
-.I x_pid wm_pid
-
-.SH "DESCRIPTION"
-\fBxrdp\-sessvc\fR is the \fBxrdp\fR(8) session supervisor, which monitors the running X server and Windows Manager.
-As soon as one of them quits, the other process is terminated as well.
-.br
-This program is only executed internally by \fBxrdp\-sesman\fP(8).
-
-.SH "OPTIONS"
-.TP
-.I x_pid
-The process ID of the forked X server to monitor.
-.TP
-.I wm_pid
-The process ID of the forked Window Manager to monitor.
-
-.SH "SEE ALSO"
-.BR xrdp\-sesrun (8).
-
-for more info on \fBxrdp\fR see http://www.xrdp.org/
From c6e831a491145dcd215abd1631df802f89b5e38c Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Wed, 15 Mar 2017 22:47:03 -0700
Subject: [PATCH 06/10] sesman: log if chansrv can not start up
---
sesman/session.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/sesman/session.c b/sesman/session.c
index 31c1f83..0d734ec 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -374,7 +374,10 @@ session_start_chansrv(char *username, int display)
/* executing chansrv */
g_execvp(exe_path, (char **) (chansrv_params->items));
- /* failed */
+ /* should not get here */
+ log_message(LOG_LEVEL_ALWAYS, "error starting chansrv "
+ "- user %s - pid %d", username, g_getpid());
+ list_delete(chansrv_params);
g_exit(1);
}
return cspid;
@@ -776,7 +779,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
else
{
wait_for_xserver(display);
- log_end();
cspid = session_start_chansrv(s->username, display);
g_waitpid(wmpid);
auth_stop_session(data);
From 4dab6c3606ebfb307179b1984f07e96e4772cf55 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Wed, 15 Mar 2017 23:06:02 -0700
Subject: [PATCH 07/10] sesman: add some logging
---
sesman/session.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sesman/session.c b/sesman/session.c
index 0d734ec..d13a3d0 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -780,7 +780,11 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
{
wait_for_xserver(display);
cspid = session_start_chansrv(s->username, display);
+ log_message(LOG_LEVEL_ALWAYS, "waiting for window manager "
+ "pid(%d) to exit", wmpid);
g_waitpid(wmpid);
+ log_message(LOG_LEVEL_ALWAYS, "window manager pid(%d) did "
+ "exit, cleaning up session", wmpid);
auth_stop_session(data);
auth_end(data);
g_sigterm(xpid);
From 44129acd210c803fc8bbcfaf1b0db05e5bb4034f Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Thu, 16 Mar 2017 20:36:50 -0700
Subject: [PATCH 08/10] sesman: call auth_start_session, auth_stop_session,
auth_end only from main process
---
sesman/scp_v0.c | 5 ++++-
sesman/scp_v1.c | 5 ++++-
sesman/session.c | 7 ++++---
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c
index a1c919e..2780196 100644
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
@@ -42,6 +42,10 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
int errorcode = 0;
data = auth_userpass(s->username, s->password, &errorcode);
+ if (data != NULL)
+ {
+ auth_start_session(data, display);
+ }
if (s->type == SCP_GW_AUTHENTICATION)
{
@@ -155,5 +159,4 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
{
scp_v0s_deny_connection(c);
}
- auth_end(data);
}
diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c
index f865271..509a9a0 100644
--- a/sesman/scp_v1.c
+++ b/sesman/scp_v1.c
@@ -56,6 +56,10 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
data = auth_userpass(s->username, s->password,NULL);
/*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/
+ if (data != NULL)
+ {
+ auth_start_session(data, display);
+ }
while ((!data) && ((retries == 0) || (current_try > 0)))
{
@@ -201,7 +205,6 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
}
/* cleanup */
- auth_end(data);
g_free(slist);
}
diff --git a/sesman/session.c b/sesman/session.c
index d13a3d0..775795b 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -497,7 +497,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
g_getpid());
}
#endif
- auth_start_session(data, display);
wmpid = g_fork(); /* parent becomes X,
child forks wm, and waits, todo */
if (wmpid == -1)
@@ -785,8 +784,6 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
g_waitpid(wmpid);
log_message(LOG_LEVEL_ALWAYS, "window manager pid(%d) did "
"exit, cleaning up session", wmpid);
- auth_stop_session(data);
- auth_end(data);
g_sigterm(xpid);
g_sigterm(wmpid);
g_sigterm(cspid);
@@ -917,6 +914,10 @@ session_kill(int pid)
if (tmp->item->pid == pid)
{
+
+ auth_stop_session(tmp->item->data);
+ auth_end(tmp->item->data);
+
/* deleting the session */
log_message(LOG_LEVEL_INFO, "++ terminated session: username %s, display :%d.0, session_pid %d, ip %s", tmp->item->name, tmp->item->display, tmp->item->pid, tmp->item->client_ip);
g_free(tmp->item);
From 8ec23e005c77d4f9e349b735357a059a80ab3b42 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Thu, 16 Mar 2017 20:50:24 -0700
Subject: [PATCH 09/10] sesman: fix a warning
---
sesman/scp_v0.c | 2 +-
sesman/scp_v1.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c
index 2780196..11c1652 100644
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
@@ -42,7 +42,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
int errorcode = 0;
data = auth_userpass(s->username, s->password, &errorcode);
- if (data != NULL)
+ if (data != 0)
{
auth_start_session(data, display);
}
diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c
index 509a9a0..b0f6b20 100644
--- a/sesman/scp_v1.c
+++ b/sesman/scp_v1.c
@@ -56,7 +56,7 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
data = auth_userpass(s->username, s->password,NULL);
/*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/
- if (data != NULL)
+ if (data != 0)
{
auth_start_session(data, display);
}
From c0df4bc26afdc8a0c96c3035be462e36c86d1cf4 Mon Sep 17 00:00:00 2001
From: Jay Sorg <jay.sorg@gmail.com>
Date: Thu, 16 Mar 2017 21:13:03 -0700
Subject: [PATCH 10/10] sesman: auth_start_session needs to be in
session_start_fork for display
---
sesman/scp_v0.c | 4 ----
sesman/scp_v1.c | 5 -----
sesman/session.c | 1 +
3 files changed, 1 insertion(+), 9 deletions(-)
diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c
index 11c1652..3eb11f5 100644
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
@@ -42,10 +42,6 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
int errorcode = 0;
data = auth_userpass(s->username, s->password, &errorcode);
- if (data != 0)
- {
- auth_start_session(data, display);
- }
if (s->type == SCP_GW_AUTHENTICATION)
{
diff --git a/sesman/scp_v1.c b/sesman/scp_v1.c
index b0f6b20..7266072 100644
--- a/sesman/scp_v1.c
+++ b/sesman/scp_v1.c
@@ -56,11 +56,6 @@ scp_v1_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
data = auth_userpass(s->username, s->password,NULL);
/*LOG_DBG("user: %s\npass: %s", s->username, s->password);*/
- if (data != 0)
- {
- auth_start_session(data, display);
- }
-
while ((!data) && ((retries == 0) || (current_try > 0)))
{
LOG_DBG("data %d - retry %d - currenttry %d - expr %d",
diff --git a/sesman/session.c b/sesman/session.c
index 775795b..f8e5844 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -455,6 +455,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_CONNECTION *c,
return 0;
}
+ auth_start_session(data, display);
pid = g_fork(); /* parent is fork from tcp accept,
child forks X and wm, then becomes scp */

View File

@ -4,7 +4,7 @@ Summary: Open source remote desktop protocol (RDP) server
Name: xrdp
Epoch: 1
Version: 0.9.1
Release: 8%{?dist}
Release: 9%{?dist}
License: ASL 2.0
Group: Applications/Internet
URL: http://www.xrdp.org/
@ -17,6 +17,7 @@ Patch0: xrdp-0.9.1-sesman.patch
Patch1: xrdp-0.9.1-xrdp-ini.patch
Patch2: xrdp-0.9.1-service.patch
Patch3: xrdp-0.9.1-fastpath.patch
Patch4: xrdp-0.9.1-CVE-2017-6967.patch
BuildRequires: libX11-devel
BuildRequires: libXfixes-devel
@ -186,6 +187,9 @@ systemctl try-restart xrdp.service >/dev/null 2>&1 || :
%{_libdir}/pkgconfig/xrdp.pc
%changelog
* Tue Mar 21 2017 Bojan Smojver <bojan@rexurive.com> - 1:0.9.1-9
- Patch CVE-2017-6967
* Tue Mar 14 2017 Bojan Smojver <bojan@rexurive.com> - 1:0.9.1-8
- Require tigervnc-server-minimal again, make it default
- Comment out references to X11rdp