sesman: more options for session lookup from Fredy Paquet

This commit is contained in:
Jay Sorg 2014-04-20 00:42:19 -07:00
parent 03a5914609
commit 1934c9ea00
9 changed files with 190 additions and 23 deletions

View File

@ -2265,6 +2265,27 @@ g_strncmp(const char *c1, const char *c2, int len)
return strncmp(c1, c2, len); return strncmp(c1, c2, len);
} }
/*****************************************************************************/
/* compare up to delim */
int APP_CC
g_strncmp_d(const char *s1, const char *s2, const char delim, int n)
{
char c1;
char c2;
while (n > 0)
{
c1 = *s1++;
c2 = *s2++;
if ((c1 == 0) || (c1 != c2) || (c1 == delim) || (c2 == delim))
{
return c1 - c2;
}
n--;
}
return c1 - c2;
}
/*****************************************************************************/ /*****************************************************************************/
int APP_CC int APP_CC
g_strcasecmp(const char *c1, const char *c2) g_strcasecmp(const char *c1, const char *c2)

View File

@ -115,6 +115,7 @@ char* APP_CC g_strdup(const char* in);
char* APP_CC g_strndup(const char* in, const unsigned int maxlen); char* APP_CC g_strndup(const char* in, const unsigned int maxlen);
int APP_CC g_strcmp(const char* c1, const char* c2); int APP_CC g_strcmp(const char* c1, const char* c2);
int APP_CC g_strncmp(const char* c1, const char* c2, int len); int APP_CC g_strncmp(const char* c1, const char* c2, int len);
int APP_CC g_strncmp_d(const char* c1, const char* c2, const char delim, int len);
int APP_CC g_strcasecmp(const char* c1, const char* c2); int APP_CC g_strcasecmp(const char* c1, const char* c2);
int APP_CC g_strncasecmp(const char* c1, const char* c2, int len); int APP_CC g_strncasecmp(const char* c1, const char* c2, int len);
int APP_CC g_atoi(const char* str); int APP_CC g_atoi(const char* str);

View File

@ -116,6 +116,31 @@ Sets the time(in seconds) limit before a disconnected session is killed.
If set to \fI0\fR, automatic killing is disabled. If set to \fI0\fR, automatic killing is disabled.
.br .br
.TP
\fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR
Session allocation policy. By Default, a new session is created
for the combination <User,BitPerPixel> when using Xrdp, and
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
This behaviour can be changed by setting session policy to:
.br
.br
\fBUBD\fR - session per <User,BitPerPixel,DisplaySize>
.br
\fBUBI\fR - session per <User,BitPerPixel,IPAddr>
.br
\fBUBC\fR - session per <User,BitPerPixel,Connection>
.br
\fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr>
.br
\fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection>
.br
.br
Note that the criteria <User,BitPerPixel> can not be turned off
and <DisplaySize> will always be checkt when for Xvnc connections.
.br
.SH "SECURITY" .SH "SECURITY"
The following parameters can be used in the \fB[Sessions]\fR section: The following parameters can be used in the \fB[Sessions]\fR section:

View File

@ -337,6 +337,7 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n,
se->max_idle_time = 0; se->max_idle_time = 0;
se->max_disc_time = 0; se->max_disc_time = 0;
se->kill_disconnected = 0; se->kill_disconnected = 0;
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
file_read_section(file, SESMAN_CFG_SESSIONS, param_n, param_v); file_read_section(file, SESMAN_CFG_SESSIONS, param_n, param_v);
@ -368,15 +369,49 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n,
{ {
se->max_disc_time = g_atoi((char *)list_get_item(param_v, i)); se->max_disc_time = g_atoi((char *)list_get_item(param_v, i));
} }
if (0 == g_strcasecmp(buf, SESMAN_CFG_SESS_POLICY_S))
{
char *value = (char *)list_get_item(param_v, i);
if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_DFLT_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBD_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBD;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBI_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBI;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBC_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBC;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBDI_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBDI;
}
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBDC_S))
{
se->policy = SESMAN_CFG_SESS_POLICY_UBDC;
}
else /* silently ignore typos */
{
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
}
}
} }
/* printing security config */ /* printing session config */
g_printf("session configuration:\r\n"); g_printf("session configuration:\r\n");
g_printf("\tMaxSessions: %i\r\n", se->max_sessions); g_printf("\tMaxSessions: %i\r\n", se->max_sessions);
g_printf("\tX11DisplayOffset: %i\r\n", se->x11_display_offset); g_printf("\tX11DisplayOffset: %i\r\n", se->x11_display_offset);
g_printf("\tKillDisconnected: %i\r\n", se->kill_disconnected); g_printf("\tKillDisconnected: %i\r\n", se->kill_disconnected);
g_printf("\tIdleTimeLimit: %i\r\n", se->max_idle_time); g_printf("\tIdleTimeLimit: %i\r\n", se->max_idle_time);
g_printf("\tDisconnectedTimeLimit: %i\r\n", se->max_idle_time); g_printf("\tDisconnectedTimeLimit: %i\r\n", se->max_idle_time);
g_printf("\tPolicy: %i\r\n", se->policy);
return 0; return 0;
} }

View File

@ -65,6 +65,29 @@
#define SESMAN_CFG_SESS_IDLE_LIMIT "IdleTimeLimit" #define SESMAN_CFG_SESS_IDLE_LIMIT "IdleTimeLimit"
#define SESMAN_CFG_SESS_DISC_LIMIT "DisconnectedTimeLimit" #define SESMAN_CFG_SESS_DISC_LIMIT "DisconnectedTimeLimit"
#define SESMAN_CFG_SESS_POLICY_S "Policy"
#define SESMAN_CFG_SESS_POLICY_DFLT_S "Default"
#define SESMAN_CFG_SESS_POLICY_UBD_S "UBD"
#define SESMAN_CFG_SESS_POLICY_UBI_S "UBI"
#define SESMAN_CFG_SESS_POLICY_UBC_S "UBC"
#define SESMAN_CFG_SESS_POLICY_UBDI_S "UBDI"
#define SESMAN_CFG_SESS_POLICY_UBDC_S "UBDC"
enum SESMAN_CFG_SESS_POLICY_BITS {
SESMAN_CFG_SESS_POLICY_D = 0x01,
SESMAN_CFG_SESS_POLICY_I = 0x02,
SESMAN_CFG_SESS_POLICY_C = 0x04
};
enum SESMAN_CFG_SESS_POLICY {
SESMAN_CFG_SESS_POLICY_DFLT = 0,
SESMAN_CFG_SESS_POLICY_UBD = SESMAN_CFG_SESS_POLICY_D,
SESMAN_CFG_SESS_POLICY_UBI = SESMAN_CFG_SESS_POLICY_I,
SESMAN_CFG_SESS_POLICY_UBC = SESMAN_CFG_SESS_POLICY_C,
SESMAN_CFG_SESS_POLICY_UBDI = SESMAN_CFG_SESS_POLICY_D | SESMAN_CFG_SESS_POLICY_I,
SESMAN_CFG_SESS_POLICY_UBDC = SESMAN_CFG_SESS_POLICY_D | SESMAN_CFG_SESS_POLICY_C
};
/** /**
* *
* @struct config_security * @struct config_security
@ -135,6 +158,11 @@ struct config_sessions
* @brief enables automatic killing of disconnected session * @brief enables automatic killing of disconnected session
*/ */
int kill_disconnected; int kill_disconnected;
/**
* @var policy
* @brief session allocation policy
*/
enum SESMAN_CFG_SESS_POLICY policy;
}; };
/** /**

View File

@ -74,7 +74,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
else if (data) else if (data)
{ {
s_item = session_get_bydata(s->username, s->width, s->height, s_item = session_get_bydata(s->username, s->width, s->height,
s->bpp, s->type); s->bpp, s->type, s->client_ip);
if (s_item != 0) if (s_item != 0)
{ {

View File

@ -15,17 +15,47 @@ TerminalServerAdmins=tsadmins
AlwaysGroupCheck = false AlwaysGroupCheck = false
[Sessions] [Sessions]
## X11DisplayOffset - x11 display number offset
# Type: integer
# Default: 10
X11DisplayOffset=10 X11DisplayOffset=10
## MaxSessions - maximum number of connections to an xrdp server
# Type: integer
# Default: 0
MaxSessions=50 MaxSessions=50
## KillDisconnected - kill disconnected sessions
# Type: integer
# Default: 0
# if 1, true, or yes, kill session after 60 seconds # if 1, true, or yes, kill session after 60 seconds
KillDisconnected=0 KillDisconnected=0
## IdleTimeLimit - when to disconnect idle sessions
# Type: integer
# Default: 0
# if not zero, the seconds without mouse or keyboard input before disconnect # if not zero, the seconds without mouse or keyboard input before disconnect
# not complete yet # not complete yet
IdleTimeLimit=0 IdleTimeLimit=0
## DisconnectedTimeLimit - when to kill idle sessions
# Type: integer
# Default: 0
# if not zero, the seconds before a disconnected session is killed # if not zero, the seconds before a disconnected session is killed
# min 60 seconds # min 60 seconds
DisconnectedTimeLimit=0 DisconnectedTimeLimit=0
## Policy - session allocation policy
# Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
# Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
# "UBD" session per <User,BitPerPixel,DisplaySize>
# "UBI" session per <User,BitPerPixel,IPAddr>
# "UBC" session per <User,BitPerPixel,Connection>
# "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
# "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
Policy=Default
[Logging] [Logging]
LogFile=xrdp-sesman.log LogFile=xrdp-sesman.log
LogLevel=DEBUG LogLevel=DEBUG

View File

@ -90,9 +90,10 @@ dumpItemsToString(struct list *self, char *outstr, int len)
/******************************************************************************/ /******************************************************************************/
struct session_item *DEFAULT_CC struct session_item *DEFAULT_CC
session_get_bydata(char *name, int width, int height, int bpp, int type) session_get_bydata(char *name, int width, int height, int bpp, int type, char *client_ip)
{ {
struct session_chain *tmp; struct session_chain *tmp;
enum SESMAN_CFG_SESS_POLICY policy = g_cfg->sess.policy;
/*THREAD-FIX require chain lock */ /*THREAD-FIX require chain lock */
lock_chain_acquire(); lock_chain_acquire();
@ -104,6 +105,7 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
{ {
case SCP_SESSION_TYPE_XVNC: /* 0 */ case SCP_SESSION_TYPE_XVNC: /* 0 */
type = SESMAN_SESSION_TYPE_XVNC; /* 2 */ type = SESMAN_SESSION_TYPE_XVNC; /* 2 */
policy |= SESMAN_CFG_SESS_POLICY_D; /* Xvnc cannot resize */
break; break;
case SCP_SESSION_TYPE_XRDP: /* 1 */ case SCP_SESSION_TYPE_XRDP: /* 1 */
type = SESMAN_SESSION_TYPE_XRDP; /* 1 */ type = SESMAN_SESSION_TYPE_XRDP; /* 1 */
@ -116,12 +118,34 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
return 0; return 0;
} }
#if 0
log_message(LOG_LEVEL_INFO,
"session_get_bydata: search policy %d U %s W %d H %d bpp %d T %d IP %s",
policy, name, width, height, bpp, type, client_ip);
#endif
while (tmp != 0) while (tmp != 0)
{ {
#if 0
log_message(LOG_LEVEL_INFO,
"session_get_bydata: try %p U %s W %d H %d bpp %d T %d IP %s",
tmp->item,
tmp->item->name,
tmp->item->width, tmp->item->height,
tmp->item->bpp, tmp->item->type,
tmp->item->client_ip);
#endif
if (type == SESMAN_SESSION_TYPE_XRDP) if (type == SESMAN_SESSION_TYPE_XRDP)
{ {
/* only name and bpp need to match for X11rdp, it can resize */ /* only name and bpp need to match for X11rdp, it can resize */
if (g_strncmp(name, tmp->item->name, 255) == 0 && if (g_strncmp(name, tmp->item->name, 255) == 0 &&
(!(policy & SESMAN_CFG_SESS_POLICY_D) ||
(tmp->item->width == width && tmp->item->height == height)) &&
(!(policy & SESMAN_CFG_SESS_POLICY_I) ||
(g_strncmp_d(client_ip, tmp->item->client_ip, ':', 255) == 0)) &&
(!(policy & SESMAN_CFG_SESS_POLICY_C) ||
(g_strncmp(client_ip, tmp->item->client_ip, 255) == 0)) &&
tmp->item->bpp == bpp && tmp->item->bpp == bpp &&
tmp->item->type == type) tmp->item->type == type)
{ {
@ -132,8 +156,11 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
} }
if (g_strncmp(name, tmp->item->name, 255) == 0 && if (g_strncmp(name, tmp->item->name, 255) == 0 &&
tmp->item->width == width && (tmp->item->width == width && tmp->item->height == height) &&
tmp->item->height == height && (!(policy & SESMAN_CFG_SESS_POLICY_I) ||
(g_strncmp_d(client_ip, tmp->item->client_ip, ':', 255) == 0)) &&
(!(policy & SESMAN_CFG_SESS_POLICY_C) ||
(g_strncmp(client_ip, tmp->item->client_ip, 255) == 0)) &&
tmp->item->bpp == bpp && tmp->item->bpp == bpp &&
tmp->item->type == type) tmp->item->type == type)
{ {

View File

@ -91,9 +91,9 @@ struct session_chain
* *
*/ */
struct session_item* DEFAULT_CC struct session_item* DEFAULT_CC
session_get_bydata(char* name, int width, int height, int bpp, int type); session_get_bydata(char* name, int width, int height, int bpp, int type, char *client_ip);
#ifndef session_find_item #ifndef session_find_item
#define session_find_item(a, b, c, d, e) session_get_bydata(a, b, c, d, e); #define session_find_item(a, b, c, d, e, f) session_get_bydata(a, b, c, d, e, f);
#endif #endif
/** /**