summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--sesman/Makefile.am2
-rw-r--r--sesman/session.c24
-rw-r--r--sesman/xauth.c62
-rw-r--r--sesman/xauth.h41
4 files changed, 129 insertions, 0 deletions
diff --git a/sesman/Makefile.am b/sesman/Makefile.am
index 6b71e4bf..89b99f54 100644
--- a/sesman/Makefile.am
+++ b/sesman/Makefile.am
@@ -57,6 +57,8 @@ xrdp_sesman_SOURCES = \
session.h \
sig.c \
sig.h \
+ xauth.c \
+ xauth.h \
$(AUTH_C)
xrdp_sesman_LDADD = \
diff --git a/sesman/session.c b/sesman/session.c
index 783665cf..4e51867f 100644
--- a/sesman/session.c
+++ b/sesman/session.c
@@ -39,6 +39,7 @@
#include "sesman.h"
#include "libscp_types.h"
+#include "xauth.h"
#ifndef PR_SET_NO_NEW_PRIVS
#define PR_SET_NO_NEW_PRIVS 38
@@ -441,6 +442,7 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
struct list *xserver_params = (struct list *)NULL;
struct tm stime;
time_t ltime;
+ char authfile[256]; /* The filename for storing xauth informations */
/* initialize (zero out) local variables: */
g_memset(&ltime, 0, sizeof(time_t));
@@ -676,6 +678,22 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
g_snprintf(text, 255, "%d", g_cfg->sess.kill_disconnected);
g_setenv("XRDP_SESMAN_KILL_DISCONNECTED", text, 1);
+ /* prepare the Xauthority stuff */
+ if (g_getenv("XAUTHORITY") != NULL)
+ {
+ g_snprintf(authfile, 255, "%s", g_getenv("XAUTHORITY"));
+ }
+ else
+ {
+ g_snprintf(authfile, 255, "%s", ".Xauthority");
+ }
+
+ /* Add the entry in XAUTHORITY file or exit if error */
+ if (add_xauth_cookie(display, authfile) != 0)
+ {
+ g_exit(1);
+ }
+
if (type == SESMAN_SESSION_TYPE_XORG)
{
#ifdef HAVE_SYS_PRCTL_H
@@ -702,6 +720,8 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
/* these are the must have parameters */
list_add_item(xserver_params, (tintptr) g_strdup(xserver));
list_add_item(xserver_params, (tintptr) g_strdup(screen));
+ list_add_item(xserver_params, (tintptr) g_strdup("-auth"));
+ list_add_item(xserver_params, (tintptr) g_strdup(authfile));
/* additional parameters from sesman.ini file */
list_append_list_strdup(g_cfg->xorg_params, xserver_params, 1);
@@ -737,6 +757,8 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
/* these are the must have parameters */
list_add_item(xserver_params, (tintptr)g_strdup(xserver));
list_add_item(xserver_params, (tintptr)g_strdup(screen));
+ list_add_item(xserver_params, (tintptr)g_strdup("-auth"));
+ list_add_item(xserver_params, (tintptr)g_strdup(authfile));
list_add_item(xserver_params, (tintptr)g_strdup("-geometry"));
list_add_item(xserver_params, (tintptr)g_strdup(geometry));
list_add_item(xserver_params, (tintptr)g_strdup("-depth"));
@@ -768,6 +790,8 @@ session_start_fork(tbus data, tui8 type, struct SCP_SESSION *s)
/* these are the must have parameters */
list_add_item(xserver_params, (tintptr)g_strdup(xserver));
list_add_item(xserver_params, (tintptr)g_strdup(screen));
+ list_add_item(xserver_params, (tintptr)g_strdup("-auth"));
+ list_add_item(xserver_params, (tintptr)g_strdup(authfile));
list_add_item(xserver_params, (tintptr)g_strdup("-geometry"));
list_add_item(xserver_params, (tintptr)g_strdup(geometry));
list_add_item(xserver_params, (tintptr)g_strdup("-depth"));
diff --git a/sesman/xauth.c b/sesman/xauth.c
new file mode 100644
index 00000000..003fb866
--- /dev/null
+++ b/sesman/xauth.c
@@ -0,0 +1,62 @@
+/**
+ * xrdp: A Remote Desktop Protocol server.
+ *
+ * Copyright (C) Emmanuel Blindauer 2016
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ *
+ * @file xauth.c
+ * @brief XAUTHORITY handling code
+ *
+ */
+
+#include <stdio.h>
+#include "log.h"
+#include "os_calls.h"
+
+
+/******************************************************************************/
+int DEFAULT_CC
+add_xauth_cookie(int display, const char *file)
+{
+ FILE *dp;
+ char cookie_str[33];
+ char cookie_bin[16];
+ char xauth_str[256];
+ int ret;
+
+ g_random(cookie_bin, 16);
+ g_bytes_to_hexstr(cookie_bin, 16, cookie_str, 33);
+
+ g_sprintf(xauth_str, "xauth -q -f %s add :%d . %s",
+ file, display, cookie_str);
+
+ dp = popen(xauth_str, "r");
+ if (dp == NULL)
+ {
+ log_message(LOG_LEVEL_ERROR, "Unable to launch xauth");
+ return 1;
+ }
+
+ ret = pclose(dp);
+ if (ret < 0)
+ {
+ log_message(LOG_LEVEL_ERROR, "An error occurred while running xauth");
+ return 1;
+ }
+
+ return 0;
+}
diff --git a/sesman/xauth.h b/sesman/xauth.h
new file mode 100644
index 00000000..3254d635
--- /dev/null
+++ b/sesman/xauth.h
@@ -0,0 +1,41 @@
+/**
+ * xrdp: A Remote Desktop Protocol server.
+ *
+ * Copyright (C) Emmanuel Blindauer 2016
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ *
+ * @file xauth.c
+ * @brief XAUTHORITY handling code
+ *
+ */
+
+#ifndef XAUTH_H
+#define XAUTH_H
+
+/**
+ *
+ * @brief create the XAUTHORITY file for the user according to the display and the cookie
+ * xauth uses XAUTHORITY if defined, ~/.Xauthority otherwise
+ * @param display The session display
+ * @param file If not NULL, write the authorization in the file instead of default location
+ * @return 0 if adding the cookie is ok
+ */
+
+int DEFAULT_CC
+add_xauth_cookie(int display, const char *file);
+
+#endif