sesman: more options for session lookup from Fredy Paquet

This commit is contained in:
Jay Sorg 2014-04-20 00:42:19 -07:00
parent 03a5914609
commit 1934c9ea00
9 changed files with 190 additions and 23 deletions

View File

@ -2265,6 +2265,27 @@ g_strncmp(const char *c1, const char *c2, int len)
return strncmp(c1, c2, len);
}
/*****************************************************************************/
/* compare up to delim */
int APP_CC
g_strncmp_d(const char *s1, const char *s2, const char delim, int n)
{
char c1;
char c2;
while (n > 0)
{
c1 = *s1++;
c2 = *s2++;
if ((c1 == 0) || (c1 != c2) || (c1 == delim) || (c2 == delim))
{
return c1 - c2;
}
n--;
}
return c1 - c2;
}
/*****************************************************************************/
int APP_CC
g_strcasecmp(const char *c1, const char *c2)

View File

@ -115,6 +115,7 @@ char* APP_CC g_strdup(const char* in);
char* APP_CC g_strndup(const char* in, const unsigned int maxlen);
int APP_CC g_strcmp(const char* c1, const char* c2);
int APP_CC g_strncmp(const char* c1, const char* c2, int len);
int APP_CC g_strncmp_d(const char* c1, const char* c2, const char delim, int len);
int APP_CC g_strcasecmp(const char* c1, const char* c2);
int APP_CC g_strncasecmp(const char* c1, const char* c2, int len);
int APP_CC g_atoi(const char* str);

View File

@ -116,6 +116,31 @@ Sets the time(in seconds) limit before a disconnected session is killed.
If set to \fI0\fR, automatic killing is disabled.
.br
.TP
\fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR
Session allocation policy. By Default, a new session is created
for the combination <User,BitPerPixel> when using Xrdp, and
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
This behaviour can be changed by setting session policy to:
.br
.br
\fBUBD\fR - session per <User,BitPerPixel,DisplaySize>
.br
\fBUBI\fR - session per <User,BitPerPixel,IPAddr>
.br
\fBUBC\fR - session per <User,BitPerPixel,Connection>
.br
\fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr>
.br
\fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection>
.br
.br
Note that the criteria <User,BitPerPixel> can not be turned off
and <DisplaySize> will always be checkt when for Xvnc connections.
.br
.SH "SECURITY"
The following parameters can be used in the \fB[Sessions]\fR section:

View File

@ -337,6 +337,7 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n,
se->max_idle_time = 0;
se->max_disc_time = 0;
se->kill_disconnected = 0;
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
file_read_section(file, SESMAN_CFG_SESSIONS, param_n, param_v);
@ -368,15 +369,49 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n,
{
se->max_disc_time = g_atoi((char *)list_get_item(param_v, i));
}
if (0 == g_strcasecmp(buf, SESMAN_CFG_SESS_POLICY_S))
{
char *value = (char *)list_get_item(param_v, i);
if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_DFLT_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBD_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBD;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBI_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBI;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBC_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBC;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBDI_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBDI;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBDC_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBDC;
}
else /* silently ignore typos */
{
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
}
}
}
/* printing security config */
/* printing session config */
g_printf("session configuration:\r\n");
g_printf("\tMaxSessions: %i\r\n", se->max_sessions);
g_printf("\tX11DisplayOffset: %i\r\n", se->x11_display_offset);
g_printf("\tKillDisconnected: %i\r\n", se->kill_disconnected);
g_printf("\tIdleTimeLimit: %i\r\n", se->max_idle_time);
g_printf("\tDisconnectedTimeLimit: %i\r\n", se->max_idle_time);
g_printf("\tPolicy: %i\r\n", se->policy);
return 0;
}
@ -413,7 +448,7 @@ config_read_rdp_params(int file, struct config_sesman *cs, struct list *param_n,
/******************************************************************************/
int DEFAULT_CC
config_read_xorg_params(int file, struct config_sesman *cs,
config_read_xorg_params(int file, struct config_sesman *cs,
struct list *param_n, struct list *param_v)
{
int i;
@ -427,7 +462,7 @@ config_read_xorg_params(int file, struct config_sesman *cs,
for (i = 0; i < param_n->count; i++)
{
list_add_item(cs->xorg_params,
list_add_item(cs->xorg_params,
(long) g_strdup((char *) list_get_item(param_v, i)));
}
@ -436,7 +471,7 @@ config_read_xorg_params(int file, struct config_sesman *cs,
for (i = 0; i < cs->xorg_params->count; i++)
{
g_printf("\tParameter %02d %s\r\n",
g_printf("\tParameter %02d %s\r\n",
i, (char *) list_get_item(cs->xorg_params, i));
}

View File

@ -65,6 +65,29 @@
#define SESMAN_CFG_SESS_IDLE_LIMIT "IdleTimeLimit"
#define SESMAN_CFG_SESS_DISC_LIMIT "DisconnectedTimeLimit"
#define SESMAN_CFG_SESS_POLICY_S "Policy"
#define SESMAN_CFG_SESS_POLICY_DFLT_S "Default"
#define SESMAN_CFG_SESS_POLICY_UBD_S "UBD"
#define SESMAN_CFG_SESS_POLICY_UBI_S "UBI"
#define SESMAN_CFG_SESS_POLICY_UBC_S "UBC"
#define SESMAN_CFG_SESS_POLICY_UBDI_S "UBDI"
#define SESMAN_CFG_SESS_POLICY_UBDC_S "UBDC"
enum SESMAN_CFG_SESS_POLICY_BITS {
SESMAN_CFG_SESS_POLICY_D = 0x01,
SESMAN_CFG_SESS_POLICY_I = 0x02,
SESMAN_CFG_SESS_POLICY_C = 0x04
};
enum SESMAN_CFG_SESS_POLICY {
SESMAN_CFG_SESS_POLICY_DFLT = 0,
SESMAN_CFG_SESS_POLICY_UBD = SESMAN_CFG_SESS_POLICY_D,
SESMAN_CFG_SESS_POLICY_UBI = SESMAN_CFG_SESS_POLICY_I,
SESMAN_CFG_SESS_POLICY_UBC = SESMAN_CFG_SESS_POLICY_C,
SESMAN_CFG_SESS_POLICY_UBDI = SESMAN_CFG_SESS_POLICY_D | SESMAN_CFG_SESS_POLICY_I,
SESMAN_CFG_SESS_POLICY_UBDC = SESMAN_CFG_SESS_POLICY_D | SESMAN_CFG_SESS_POLICY_C
};
/**
*
* @struct config_security
@ -135,6 +158,11 @@ struct config_sessions
* @brief enables automatic killing of disconnected session
*/
int kill_disconnected;
/**
* @var policy
* @brief session allocation policy
*/
enum SESMAN_CFG_SESS_POLICY policy;
};
/**

View File

@ -74,7 +74,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
else if (data)
{
s_item = session_get_bydata(s->username, s->width, s->height,
s->bpp, s->type);
s->bpp, s->type, s->client_ip);
if (s_item != 0)
{

View File

@ -15,17 +15,47 @@ TerminalServerAdmins=tsadmins
AlwaysGroupCheck = false
[Sessions]
## X11DisplayOffset - x11 display number offset
# Type: integer
# Default: 10
X11DisplayOffset=10
## MaxSessions - maximum number of connections to an xrdp server
# Type: integer
# Default: 0
MaxSessions=50
## KillDisconnected - kill disconnected sessions
# Type: integer
# Default: 0
# if 1, true, or yes, kill session after 60 seconds
KillDisconnected=0
## IdleTimeLimit - when to disconnect idle sessions
# Type: integer
# Default: 0
# if not zero, the seconds without mouse or keyboard input before disconnect
# not complete yet
IdleTimeLimit=0
## DisconnectedTimeLimit - when to kill idle sessions
# Type: integer
# Default: 0
# if not zero, the seconds before a disconnected session is killed
# min 60 seconds
DisconnectedTimeLimit=0
## Policy - session allocation policy
# Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
# Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
# "UBD" session per <User,BitPerPixel,DisplaySize>
# "UBI" session per <User,BitPerPixel,IPAddr>
# "UBC" session per <User,BitPerPixel,Connection>
# "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
# "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
Policy=Default
[Logging]
LogFile=xrdp-sesman.log
LogLevel=DEBUG

View File

@ -90,9 +90,10 @@ dumpItemsToString(struct list *self, char *outstr, int len)
/******************************************************************************/
struct session_item *DEFAULT_CC
session_get_bydata(char *name, int width, int height, int bpp, int type)
session_get_bydata(char *name, int width, int height, int bpp, int type, char *client_ip)
{
struct session_chain *tmp;
enum SESMAN_CFG_SESS_POLICY policy = g_cfg->sess.policy;
/*THREAD-FIX require chain lock */
lock_chain_acquire();
@ -104,6 +105,7 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
{
case SCP_SESSION_TYPE_XVNC: /* 0 */
type = SESMAN_SESSION_TYPE_XVNC; /* 2 */
policy |= SESMAN_CFG_SESS_POLICY_D; /* Xvnc cannot resize */
break;
case SCP_SESSION_TYPE_XRDP: /* 1 */
type = SESMAN_SESSION_TYPE_XRDP; /* 1 */
@ -116,14 +118,36 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
return 0;
}
#if 0
log_message(LOG_LEVEL_INFO,
"session_get_bydata: search policy %d U %s W %d H %d bpp %d T %d IP %s",
policy, name, width, height, bpp, type, client_ip);
#endif
while (tmp != 0)
{
#if 0
log_message(LOG_LEVEL_INFO,
"session_get_bydata: try %p U %s W %d H %d bpp %d T %d IP %s",
tmp->item,
tmp->item->name,
tmp->item->width, tmp->item->height,
tmp->item->bpp, tmp->item->type,
tmp->item->client_ip);
#endif
if (type == SESMAN_SESSION_TYPE_XRDP)
{
/* only name and bpp need to match for X11rdp, it can resize */
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
tmp->item->bpp == bpp &&
tmp->item->type == type)
(!(policy & SESMAN_CFG_SESS_POLICY_D) ||
(tmp->item->width == width && tmp->item->height == height)) &&
(!(policy & SESMAN_CFG_SESS_POLICY_I) ||
(g_strncmp_d(client_ip, tmp->item->client_ip, ':', 255) == 0)) &&
(!(policy & SESMAN_CFG_SESS_POLICY_C) ||
(g_strncmp(client_ip, tmp->item->client_ip, 255) == 0)) &&
tmp->item->bpp == bpp &&
tmp->item->type == type)
{
/*THREAD-FIX release chain lock */
lock_chain_release();
@ -132,10 +156,13 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
}
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
tmp->item->width == width &&
tmp->item->height == height &&
tmp->item->bpp == bpp &&
tmp->item->type == type)
(tmp->item->width == width && tmp->item->height == height) &&
(!(policy & SESMAN_CFG_SESS_POLICY_I) ||
(g_strncmp_d(client_ip, tmp->item->client_ip, ':', 255) == 0)) &&
(!(policy & SESMAN_CFG_SESS_POLICY_C) ||
(g_strncmp(client_ip, tmp->item->client_ip, 255) == 0)) &&
tmp->item->bpp == bpp &&
tmp->item->type == type)
{
/*THREAD-FIX release chain lock */
lock_chain_release();
@ -577,11 +604,11 @@ session_start_fork(int width, int height, int bpp, char *username,
g_snprintf(text, 255, "%d", g_cfg->sess.kill_disconnected);
g_setenv("XRDP_SESMAN_KILL_DISCONNECTED", text, 1);
if (type == SESMAN_SESSION_TYPE_XORG)
{
if (type == SESMAN_SESSION_TYPE_XORG)
{
xserver_params = list_create();
xserver_params->auto_free = 1;
/* these are the must have parameters */
list_add_item(xserver_params, (long) g_strdup("/usr/bin/Xorg"));
list_add_item(xserver_params, (long) g_strdup(screen));
@ -599,18 +626,18 @@ session_start_fork(int width, int height, int bpp, char *username,
/* some args are passed via env vars */
g_sprintf(geometry, "%d", width);
g_setenv("XRDP_START_WIDTH", geometry, 1);
g_sprintf(geometry, "%d", height);
g_setenv("XRDP_START_HEIGHT", geometry, 1);
/* fire up Xorg */
/* fire up Xorg */
g_execvp("/usr/bin/Xorg", pp1);
}
}
else if (type == SESMAN_SESSION_TYPE_XVNC)
{
xserver_params = list_create();
xserver_params->auto_free = 1;
/* these are the must have parameters */
list_add_item(xserver_params, (long)g_strdup("Xvnc"));
list_add_item(xserver_params, (long)g_strdup(screen));
@ -636,7 +663,7 @@ session_start_fork(int width, int height, int bpp, char *username,
{
xserver_params = list_create();
xserver_params->auto_free = 1;
/* these are the must have parameters */
list_add_item(xserver_params, (long)g_strdup("X11rdp"));
list_add_item(xserver_params, (long)g_strdup(screen));

View File

@ -91,9 +91,9 @@ struct session_chain
*
*/
struct session_item* DEFAULT_CC
session_get_bydata(char* name, int width, int height, int bpp, int type);
session_get_bydata(char* name, int width, int height, int bpp, int type, char *client_ip);
#ifndef session_find_item
#define session_find_item(a, b, c, d, e) session_get_bydata(a, b, c, d, e);
#define session_find_item(a, b, c, d, e, f) session_get_bydata(a, b, c, d, e, f);
#endif
/**