Skip to content

Commit

Permalink
Unify connection fields for the connected client
Browse files Browse the repository at this point in the history 
The connected client is currently described in two places in
the xrdp_client_info structure:-

1) In the connection_description field. This was introduced as
   field client_ip by commit d797b2c
   for xrdp v0.6.0

2) In the client_addr and client_port fields introduced by commit
   2536946 for xrdp v0.8.0

This commit unifies these two sets of fields into a single
set of fields describing the connection IP and port (for
AF_INET/AF_INET6 connections only) and a connection description
for all connection types.

The code in os_calls to provide client logging has been simplified
somewhat which should make it easier to add new connection types (e.g.
AF_VSOCK).

The old connection_description field used to be passed to sesman to
inform sesman of the IP address of the client, and also to provide
a string for 'C' field session policy matching. 'C' field session policy
matching does not actually need this string (see neutrinolabs#2239), and so now only
the IP field is passed to sesman.
  • Loading branch information
@matt335672
matt335672 committed May 5, 2022
1 parent 34fe9b6 commit 66213af
Show file tree
Hide file tree
Showing 19 changed files with 282 additions and 440 deletions.
416 changes: 138 additions & 278 deletions common/os_calls.c
View file

Large diffs are not rendered by default.

37 changes: 26 additions & 11 deletions common/os_calls.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,28 +84,43 @@ int g_sck_vsock_bind(int sck, const char *port);
int g_sck_vsock_bind_address(int sck, const char *port, const char *address);
int g_tcp_bind_address(int sck, const char *port, const char *address);
int g_sck_listen(int sck);
int g_tcp_accept(int sck);
int g_sck_accept(int sck, char *addr, int addr_bytes,
char *port, int port_bytes);
int g_sck_accept(int sck);
int g_sck_recv(int sck, void *ptr, int len, int flags);
int g_sck_send(int sck, const void *ptr, int len, int flags);
int g_sck_last_error_would_block(int sck);
int g_sck_socket_ok(int sck);
int g_sck_can_send(int sck, int millis);
int g_sck_can_recv(int sck, int millis);
int g_sck_select(int sck1, int sck2);
void g_write_connection_description(int rcv_sck,
char *description, int bytes);
/**
* Extracts the IP address from the connection description
* @param description Connection description (from
* g_write_connection_description())
* Gets the IP address of a connected peer, if it has one
* @param sck File descriptor for peer
* @param ip buffer to write IP address to
* @param bytes Size of ip buffer
* @param bytes Size of ip buffer. Should be at least MAX_IP_ADDRSTRLEN
* @param[out] portptr Optional variable to receive the port number
* @return Pointer to IP for convenience
*
* If the peer has no IP address (for example, it is a Unix Domain Socket),
* or the specified buffer is too small, the returned string is ""
*/
const char *
g_sck_get_peer_ip_address(int sck,
char *ip, unsigned int bytes,
unsigned short *port);
/**
* Gets a description for a connected peer
* @param sck File descriptor for peer
* @param desc buffer to write description to
* @param bytes Size of description buffer. Should be at least
* MAX_PEER_DESCSTRLEN
* @return Pointer to desc for convenience
*
* Unlike g_sck_get_peer_ip_address(), this will return a
* description of some sort for any socket type.
*/
const char *g_get_ip_from_description(const char *description,
char *ip, int bytes);
const char *
g_sck_get_peer_description(int sck,
char *desc, unsigned int bytes);
void g_sleep(int msecs);
tintptr g_create_wait_obj(const char *name);
tintptr g_create_wait_obj_from_socket(tintptr socket, int write);
Expand Down
8 changes: 1 addition & 7 deletions common/trans.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,9 +330,7 @@ trans_check_wait_objs(struct trans *self)
{
if (g_sck_can_recv(self->sck, 0))
{
in_sck = g_sck_accept(self->sck, self->addr, sizeof(self->addr),
self->port, sizeof(self->port));

in_sck = g_sck_accept(self->sck);
if (in_sck == -1)
{
if (g_tcp_last_error_would_block(self->sck))
Expand All @@ -357,10 +355,6 @@ trans_check_wait_objs(struct trans *self)
in_trans->type1 = TRANS_TYPE_SERVER;
in_trans->status = TRANS_STATUS_UP;
in_trans->is_term = self->is_term;
g_strncpy(in_trans->addr, self->addr,
sizeof(self->addr) - 1);
g_strncpy(in_trans->port, self->port,
sizeof(self->port) - 1);
g_sck_set_non_blocking(in_sck);
if (self->trans_conn_in(self, in_trans) != 0)
{
Expand Down
2 changes: 0 additions & 2 deletions common/trans.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,8 +104,6 @@ struct trans
char *listen_filename;
tis_term is_term; /* used to test for exit */
struct stream *wait_s;
char addr[256];
char port[256];
int no_stream_init_on_data_in;
int extra_flags; /* user defined */
void *extra_data; /* user defined */
Expand Down
9 changes: 5 additions & 4 deletions common/xrdp_client_info.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ struct xrdp_client_info
int rdp5_performanceflags;
int brush_cache_code; /* 0 = no cache 1 = 8x8 standard cache
2 = arbitrary dimensions */
char connection_description[256];

int max_bpp;
int jpeg; /* non standard bitmap cache v2 cap */
int offscreen_support_level;
Expand Down Expand Up @@ -146,8 +146,6 @@ struct xrdp_client_info
int pointer_flags; /* 0 color, 1 new, 2 no new */
int use_fast_path;
int require_credentials; /* when true, credentials *must* be passed on cmd line */
char client_addr[256];
char client_port[256];

int security_layer; /* 0 = rdp, 1 = tls , 2 = hybrid */
int multimon; /* 0 = deny , 1 = allow */
Expand Down Expand Up @@ -191,6 +189,9 @@ struct xrdp_client_info
long ssl_protocols;
char *tls_ciphers;

char client_ip[MAX_PEER_ADDRSTRLEN];
char client_description[MAX_PEER_DESCSTRLEN];

int client_os_major;
int client_os_minor;

Expand All @@ -207,6 +208,6 @@ struct xrdp_client_info
};

/* yyyymmdd of last incompatible change to xrdp_client_info */
#define CLIENT_INFO_CURRENT_VERSION 20220320
#define CLIENT_INFO_CURRENT_VERSION 20220428

#endif
15 changes: 15 additions & 0 deletions common/xrdp_constants.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,22 @@
* ms-erref.h
******************************************************************************/

/**
* Size of buffer including terminator for an IP address as returned
* by g_sck_get_peer_ip_address(). See POSIX INET6_ADDRSTRLEN
*/
#define MAX_PEER_ADDRSTRLEN 46

/**
* Size of buffer including terminator for a socket description, as
* returned by g_sck_get_peer_description()
* Currently the largest is an IPv6 address (INET6_ADDRSTRLEN), plus
* []:<port> characters
*/
#define MAX_PEER_DESCSTRLEN (46 + 2 + 1 + 5)

#define INFO_CLIENT_NAME_BYTES 32

/**
* Maximum length of a string including the mandatory null terminator
* [MS-RDPBCGR] TS_INFO_PACKET(2.2.1.11.1.1)
Expand Down
29 changes: 14 additions & 15 deletions libipm/scp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ int
scp_send_gateway_request(struct trans *trans,
const char *username,
const char *password,
const char *connection_description)
const char *ip_addr)
{
int rv;

Expand All @@ -227,7 +227,7 @@ scp_send_gateway_request(struct trans *trans,
"sss",
username,
password,
connection_description);
ip_addr);

/* Wipe the output buffer to remove the password */
libipm_msg_out_erase(trans);
Expand All @@ -241,13 +241,13 @@ int
scp_get_gateway_request(struct trans *trans,
const char **username,
const char **password,
const char **connection_description)
const char **ip_addr)
{
/* Make sure the buffer is cleared after processing this message */
libipm_set_flags(trans, LIBIPM_E_MSG_IN_ERASE_AFTER_USE);

return libipm_msg_in_parse(trans, "sss", username, password,
connection_description);
ip_addr);
}

/*****************************************************************************/
Expand Down Expand Up @@ -290,7 +290,7 @@ scp_send_create_session_request(struct trans *trans,
unsigned char bpp,
const char *shell,
const char *directory,
const char *connection_description)
const char *ip_addr)
{
int rv = libipm_msg_out_simple_send(
trans,
Expand All @@ -304,7 +304,7 @@ scp_send_create_session_request(struct trans *trans,
bpp,
shell,
directory,
connection_description);
ip_addr);

/* Wipe the output buffer to remove the password */
libipm_msg_out_erase(trans);
Expand All @@ -324,7 +324,7 @@ scp_get_create_session_request(struct trans *trans,
unsigned char *bpp,
const char **shell,
const char **directory,
const char **connection_description)
const char **ip_addr)
{
/* Intermediate values */
uint8_t i_type;
Expand All @@ -346,7 +346,7 @@ scp_get_create_session_request(struct trans *trans,
&i_bpp,
shell,
directory,
connection_description);
ip_addr);

if (rv == 0)
{
Expand Down Expand Up @@ -475,7 +475,7 @@ scp_send_list_sessions_response(
info->bpp,
info->start_time,
info->username,
info->connection_description);
info->start_ip_addr);
}

return rv;
Expand Down Expand Up @@ -512,7 +512,7 @@ scp_get_list_sessions_response(
uint8_t i_bpp;
int64_t i_start_time;
char *i_username;
char *i_connection_description;
char *i_start_ip_addr;

rv = libipm_msg_in_parse(
trans,
Expand All @@ -525,15 +525,15 @@ scp_get_list_sessions_response(
&i_bpp,
&i_start_time,
&i_username,
&i_connection_description);
&i_start_ip_addr);

if (rv == 0)
{
/* Allocate a block of memory large enough for the
* structure result, and the strings it contains */
unsigned int len = sizeof(struct scp_session_info) +
g_strlen(i_username) + 1 +
g_strlen(i_connection_description) + 1;
g_strlen(i_start_ip_addr) + 1;
if ((p = (struct scp_session_info *)g_malloc(len, 1)) == NULL)
{
*status = E_SCP_LS_NO_MEMORY;
Expand All @@ -543,7 +543,7 @@ scp_get_list_sessions_response(
/* Set up the string pointers in the block to point
* into the memory allocated after the block */
p->username = (char *)p + sizeof(struct scp_session_info);
p->connection_description =
p->start_ip_addr =
p->username + g_strlen(i_username) + 1;

/* Copy the data over */
Expand All @@ -555,8 +555,7 @@ scp_get_list_sessions_response(
p->bpp = i_bpp;
p->start_time = i_start_time;
g_strcpy(p->username, i_username);
g_strcpy(p->connection_description,
i_connection_description);
g_strcpy(p->start_ip_addr, i_start_ip_addr);
}
}
}
Expand Down
16 changes: 8 additions & 8 deletions libipm/scp.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,7 +177,7 @@ scp_msg_in_reset(struct trans *trans);
* @param trans SCP transport
* @param username Username
* @param password Password
* @param connection_description Description of the connection
* @param ip_addr IP address for the client (or "" if not known)
* @return != 0 for error
*
* Server replies with E_SCP_GATEWAY_RESPONSE
Expand All @@ -186,22 +186,22 @@ int
scp_send_gateway_request(struct trans *trans,
const char *username,
const char *password,
const char *connection_description);
const char *ip_addr);

/**
* Parse an incoming E_SCP_GATEWAY_REQUEST message (SCP server)
*
* @param trans SCP transport
* @param[out] username Username
* @param[out] password Password
* @param[out] connection_description Description of the connection
* @param[out] ip_addr IP address for the client. May be ""
* @return != 0 for error
*/
int
scp_get_gateway_request(struct trans *trans,
const char **username,
const char **password,
const char **connection_description);
const char **ip_addr);

/**
* Send an E_SCP_GATEWAY_RESPONSE (SCP server)
Expand Down Expand Up @@ -239,7 +239,7 @@ scp_get_gateway_response(struct trans *trans,
* @param bpp Session bits-per-pixel (ignored for Xorg sessions)
* @param shell User program to run. May be ""
* @param directory Directory to run the program in. May be ""
* @param connection_description Description of the connection
* @param ip_addr IP address for the client (or "" if not known)
* @return != 0 for error
*
* Server replies with E_SCP_CREATE_SESSION_RESPONSE
Expand All @@ -254,7 +254,7 @@ scp_send_create_session_request(struct trans *trans,
unsigned char bpp,
const char *shell,
const char *directory,
const char *connection_description);
const char *ip_addr);


/**
Expand All @@ -269,7 +269,7 @@ scp_send_create_session_request(struct trans *trans,
* @param[out] bpp Session bits-per-pixel (ignored for Xorg sessions)
* @param[out] shell User program to run. May be ""
* @param[out] directory Directory to run the program in. May be ""
* @param[out] connection_description Description of the connection
* @param[out] ip_addr IP address for the client. May be ""
* @return != 0 for error
*
* Returned string pointers are valid until scp_msg_in_reset() is
Expand All @@ -285,7 +285,7 @@ scp_get_create_session_request(struct trans *trans,
unsigned char *bpp,
const char **shell,
const char **directory,
const char **connection_description);
const char **ip_addr);

/**
* Send an E_SCP_CREATE_SESSION_RESPONSE (SCP server)
Expand Down
2 changes: 1 addition & 1 deletion libipm/scp_application_types.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ struct scp_session_info
unsigned char bpp; ///< Session bits-per-pixel
time_t start_time; ///< When sesion was created
char *username; ///< Username for session
char *connection_description; ///< Initial connection to session
char *start_ip_addr; ///< IP address of starting client
};


Expand Down
Loading

0 comments on commit 66213af

Please sign in to comment.