sesman: more options for session lookup from Fredy Paquet
This commit is contained in:
parent
03a5914609
commit
1934c9ea00
@ -2265,6 +2265,27 @@ g_strncmp(const char *c1, const char *c2, int len)
|
|||||||
return strncmp(c1, c2, len);
|
return strncmp(c1, c2, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
/* compare up to delim */
|
||||||
|
int APP_CC
|
||||||
|
g_strncmp_d(const char *s1, const char *s2, const char delim, int n)
|
||||||
|
{
|
||||||
|
char c1;
|
||||||
|
char c2;
|
||||||
|
|
||||||
|
while (n > 0)
|
||||||
|
{
|
||||||
|
c1 = *s1++;
|
||||||
|
c2 = *s2++;
|
||||||
|
if ((c1 == 0) || (c1 != c2) || (c1 == delim) || (c2 == delim))
|
||||||
|
{
|
||||||
|
return c1 - c2;
|
||||||
|
}
|
||||||
|
n--;
|
||||||
|
}
|
||||||
|
return c1 - c2;
|
||||||
|
}
|
||||||
|
|
||||||
/*****************************************************************************/
|
/*****************************************************************************/
|
||||||
int APP_CC
|
int APP_CC
|
||||||
g_strcasecmp(const char *c1, const char *c2)
|
g_strcasecmp(const char *c1, const char *c2)
|
||||||
|
@ -115,6 +115,7 @@ char* APP_CC g_strdup(const char* in);
|
|||||||
char* APP_CC g_strndup(const char* in, const unsigned int maxlen);
|
char* APP_CC g_strndup(const char* in, const unsigned int maxlen);
|
||||||
int APP_CC g_strcmp(const char* c1, const char* c2);
|
int APP_CC g_strcmp(const char* c1, const char* c2);
|
||||||
int APP_CC g_strncmp(const char* c1, const char* c2, int len);
|
int APP_CC g_strncmp(const char* c1, const char* c2, int len);
|
||||||
|
int APP_CC g_strncmp_d(const char* c1, const char* c2, const char delim, int len);
|
||||||
int APP_CC g_strcasecmp(const char* c1, const char* c2);
|
int APP_CC g_strcasecmp(const char* c1, const char* c2);
|
||||||
int APP_CC g_strncasecmp(const char* c1, const char* c2, int len);
|
int APP_CC g_strncasecmp(const char* c1, const char* c2, int len);
|
||||||
int APP_CC g_atoi(const char* str);
|
int APP_CC g_atoi(const char* str);
|
||||||
|
@ -116,6 +116,31 @@ Sets the time(in seconds) limit before a disconnected session is killed.
|
|||||||
If set to \fI0\fR, automatic killing is disabled.
|
If set to \fI0\fR, automatic killing is disabled.
|
||||||
.br
|
.br
|
||||||
|
|
||||||
|
.TP
|
||||||
|
\fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR
|
||||||
|
Session allocation policy. By Default, a new session is created
|
||||||
|
for the combination <User,BitPerPixel> when using Xrdp, and
|
||||||
|
for the combination <User,BitPerPixel,DisplaySize> when using Xvnc.
|
||||||
|
This behaviour can be changed by setting session policy to:
|
||||||
|
.br
|
||||||
|
|
||||||
|
.br
|
||||||
|
\fBUBD\fR - session per <User,BitPerPixel,DisplaySize>
|
||||||
|
.br
|
||||||
|
\fBUBI\fR - session per <User,BitPerPixel,IPAddr>
|
||||||
|
.br
|
||||||
|
\fBUBC\fR - session per <User,BitPerPixel,Connection>
|
||||||
|
.br
|
||||||
|
\fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr>
|
||||||
|
.br
|
||||||
|
\fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection>
|
||||||
|
.br
|
||||||
|
|
||||||
|
.br
|
||||||
|
Note that the criteria <User,BitPerPixel> can not be turned off
|
||||||
|
and <DisplaySize> will always be checkt when for Xvnc connections.
|
||||||
|
.br
|
||||||
|
|
||||||
.SH "SECURITY"
|
.SH "SECURITY"
|
||||||
The following parameters can be used in the \fB[Sessions]\fR section:
|
The following parameters can be used in the \fB[Sessions]\fR section:
|
||||||
|
|
||||||
|
@ -337,6 +337,7 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n,
|
|||||||
se->max_idle_time = 0;
|
se->max_idle_time = 0;
|
||||||
se->max_disc_time = 0;
|
se->max_disc_time = 0;
|
||||||
se->kill_disconnected = 0;
|
se->kill_disconnected = 0;
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
|
||||||
|
|
||||||
file_read_section(file, SESMAN_CFG_SESSIONS, param_n, param_v);
|
file_read_section(file, SESMAN_CFG_SESSIONS, param_n, param_v);
|
||||||
|
|
||||||
@ -368,15 +369,49 @@ config_read_sessions(int file, struct config_sessions *se, struct list *param_n,
|
|||||||
{
|
{
|
||||||
se->max_disc_time = g_atoi((char *)list_get_item(param_v, i));
|
se->max_disc_time = g_atoi((char *)list_get_item(param_v, i));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (0 == g_strcasecmp(buf, SESMAN_CFG_SESS_POLICY_S))
|
||||||
|
{
|
||||||
|
char *value = (char *)list_get_item(param_v, i);
|
||||||
|
if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_DFLT_S))
|
||||||
|
{
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
|
||||||
|
}
|
||||||
|
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBD_S))
|
||||||
|
{
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_UBD;
|
||||||
|
}
|
||||||
|
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBI_S))
|
||||||
|
{
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_UBI;
|
||||||
|
}
|
||||||
|
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBC_S))
|
||||||
|
{
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_UBC;
|
||||||
|
}
|
||||||
|
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBDI_S))
|
||||||
|
{
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_UBDI;
|
||||||
|
}
|
||||||
|
else if (0 == g_strcasecmp(value, SESMAN_CFG_SESS_POLICY_UBDC_S))
|
||||||
|
{
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_UBDC;
|
||||||
|
}
|
||||||
|
else /* silently ignore typos */
|
||||||
|
{
|
||||||
|
se->policy = SESMAN_CFG_SESS_POLICY_DFLT;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* printing security config */
|
/* printing session config */
|
||||||
g_printf("session configuration:\r\n");
|
g_printf("session configuration:\r\n");
|
||||||
g_printf("\tMaxSessions: %i\r\n", se->max_sessions);
|
g_printf("\tMaxSessions: %i\r\n", se->max_sessions);
|
||||||
g_printf("\tX11DisplayOffset: %i\r\n", se->x11_display_offset);
|
g_printf("\tX11DisplayOffset: %i\r\n", se->x11_display_offset);
|
||||||
g_printf("\tKillDisconnected: %i\r\n", se->kill_disconnected);
|
g_printf("\tKillDisconnected: %i\r\n", se->kill_disconnected);
|
||||||
g_printf("\tIdleTimeLimit: %i\r\n", se->max_idle_time);
|
g_printf("\tIdleTimeLimit: %i\r\n", se->max_idle_time);
|
||||||
g_printf("\tDisconnectedTimeLimit: %i\r\n", se->max_idle_time);
|
g_printf("\tDisconnectedTimeLimit: %i\r\n", se->max_idle_time);
|
||||||
|
g_printf("\tPolicy: %i\r\n", se->policy);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
@ -65,6 +65,29 @@
|
|||||||
#define SESMAN_CFG_SESS_IDLE_LIMIT "IdleTimeLimit"
|
#define SESMAN_CFG_SESS_IDLE_LIMIT "IdleTimeLimit"
|
||||||
#define SESMAN_CFG_SESS_DISC_LIMIT "DisconnectedTimeLimit"
|
#define SESMAN_CFG_SESS_DISC_LIMIT "DisconnectedTimeLimit"
|
||||||
|
|
||||||
|
#define SESMAN_CFG_SESS_POLICY_S "Policy"
|
||||||
|
#define SESMAN_CFG_SESS_POLICY_DFLT_S "Default"
|
||||||
|
#define SESMAN_CFG_SESS_POLICY_UBD_S "UBD"
|
||||||
|
#define SESMAN_CFG_SESS_POLICY_UBI_S "UBI"
|
||||||
|
#define SESMAN_CFG_SESS_POLICY_UBC_S "UBC"
|
||||||
|
#define SESMAN_CFG_SESS_POLICY_UBDI_S "UBDI"
|
||||||
|
#define SESMAN_CFG_SESS_POLICY_UBDC_S "UBDC"
|
||||||
|
|
||||||
|
enum SESMAN_CFG_SESS_POLICY_BITS {
|
||||||
|
SESMAN_CFG_SESS_POLICY_D = 0x01,
|
||||||
|
SESMAN_CFG_SESS_POLICY_I = 0x02,
|
||||||
|
SESMAN_CFG_SESS_POLICY_C = 0x04
|
||||||
|
};
|
||||||
|
|
||||||
|
enum SESMAN_CFG_SESS_POLICY {
|
||||||
|
SESMAN_CFG_SESS_POLICY_DFLT = 0,
|
||||||
|
SESMAN_CFG_SESS_POLICY_UBD = SESMAN_CFG_SESS_POLICY_D,
|
||||||
|
SESMAN_CFG_SESS_POLICY_UBI = SESMAN_CFG_SESS_POLICY_I,
|
||||||
|
SESMAN_CFG_SESS_POLICY_UBC = SESMAN_CFG_SESS_POLICY_C,
|
||||||
|
SESMAN_CFG_SESS_POLICY_UBDI = SESMAN_CFG_SESS_POLICY_D | SESMAN_CFG_SESS_POLICY_I,
|
||||||
|
SESMAN_CFG_SESS_POLICY_UBDC = SESMAN_CFG_SESS_POLICY_D | SESMAN_CFG_SESS_POLICY_C
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @struct config_security
|
* @struct config_security
|
||||||
@ -135,6 +158,11 @@ struct config_sessions
|
|||||||
* @brief enables automatic killing of disconnected session
|
* @brief enables automatic killing of disconnected session
|
||||||
*/
|
*/
|
||||||
int kill_disconnected;
|
int kill_disconnected;
|
||||||
|
/**
|
||||||
|
* @var policy
|
||||||
|
* @brief session allocation policy
|
||||||
|
*/
|
||||||
|
enum SESMAN_CFG_SESS_POLICY policy;
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -74,7 +74,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
|
|||||||
else if (data)
|
else if (data)
|
||||||
{
|
{
|
||||||
s_item = session_get_bydata(s->username, s->width, s->height,
|
s_item = session_get_bydata(s->username, s->width, s->height,
|
||||||
s->bpp, s->type);
|
s->bpp, s->type, s->client_ip);
|
||||||
|
|
||||||
if (s_item != 0)
|
if (s_item != 0)
|
||||||
{
|
{
|
||||||
|
@ -15,17 +15,47 @@ TerminalServerAdmins=tsadmins
|
|||||||
AlwaysGroupCheck = false
|
AlwaysGroupCheck = false
|
||||||
|
|
||||||
[Sessions]
|
[Sessions]
|
||||||
|
|
||||||
|
## X11DisplayOffset - x11 display number offset
|
||||||
|
# Type: integer
|
||||||
|
# Default: 10
|
||||||
X11DisplayOffset=10
|
X11DisplayOffset=10
|
||||||
|
|
||||||
|
## MaxSessions - maximum number of connections to an xrdp server
|
||||||
|
# Type: integer
|
||||||
|
# Default: 0
|
||||||
MaxSessions=50
|
MaxSessions=50
|
||||||
|
|
||||||
|
## KillDisconnected - kill disconnected sessions
|
||||||
|
# Type: integer
|
||||||
|
# Default: 0
|
||||||
# if 1, true, or yes, kill session after 60 seconds
|
# if 1, true, or yes, kill session after 60 seconds
|
||||||
KillDisconnected=0
|
KillDisconnected=0
|
||||||
|
|
||||||
|
## IdleTimeLimit - when to disconnect idle sessions
|
||||||
|
# Type: integer
|
||||||
|
# Default: 0
|
||||||
# if not zero, the seconds without mouse or keyboard input before disconnect
|
# if not zero, the seconds without mouse or keyboard input before disconnect
|
||||||
# not complete yet
|
# not complete yet
|
||||||
IdleTimeLimit=0
|
IdleTimeLimit=0
|
||||||
|
|
||||||
|
## DisconnectedTimeLimit - when to kill idle sessions
|
||||||
|
# Type: integer
|
||||||
|
# Default: 0
|
||||||
# if not zero, the seconds before a disconnected session is killed
|
# if not zero, the seconds before a disconnected session is killed
|
||||||
# min 60 seconds
|
# min 60 seconds
|
||||||
DisconnectedTimeLimit=0
|
DisconnectedTimeLimit=0
|
||||||
|
|
||||||
|
## Policy - session allocation policy
|
||||||
|
# Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
|
||||||
|
# Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
|
||||||
|
# "UBD" session per <User,BitPerPixel,DisplaySize>
|
||||||
|
# "UBI" session per <User,BitPerPixel,IPAddr>
|
||||||
|
# "UBC" session per <User,BitPerPixel,Connection>
|
||||||
|
# "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
|
||||||
|
# "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
|
||||||
|
Policy=Default
|
||||||
|
|
||||||
[Logging]
|
[Logging]
|
||||||
LogFile=xrdp-sesman.log
|
LogFile=xrdp-sesman.log
|
||||||
LogLevel=DEBUG
|
LogLevel=DEBUG
|
||||||
|
@ -90,9 +90,10 @@ dumpItemsToString(struct list *self, char *outstr, int len)
|
|||||||
|
|
||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
struct session_item *DEFAULT_CC
|
struct session_item *DEFAULT_CC
|
||||||
session_get_bydata(char *name, int width, int height, int bpp, int type)
|
session_get_bydata(char *name, int width, int height, int bpp, int type, char *client_ip)
|
||||||
{
|
{
|
||||||
struct session_chain *tmp;
|
struct session_chain *tmp;
|
||||||
|
enum SESMAN_CFG_SESS_POLICY policy = g_cfg->sess.policy;
|
||||||
|
|
||||||
/*THREAD-FIX require chain lock */
|
/*THREAD-FIX require chain lock */
|
||||||
lock_chain_acquire();
|
lock_chain_acquire();
|
||||||
@ -104,6 +105,7 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
|
|||||||
{
|
{
|
||||||
case SCP_SESSION_TYPE_XVNC: /* 0 */
|
case SCP_SESSION_TYPE_XVNC: /* 0 */
|
||||||
type = SESMAN_SESSION_TYPE_XVNC; /* 2 */
|
type = SESMAN_SESSION_TYPE_XVNC; /* 2 */
|
||||||
|
policy |= SESMAN_CFG_SESS_POLICY_D; /* Xvnc cannot resize */
|
||||||
break;
|
break;
|
||||||
case SCP_SESSION_TYPE_XRDP: /* 1 */
|
case SCP_SESSION_TYPE_XRDP: /* 1 */
|
||||||
type = SESMAN_SESSION_TYPE_XRDP; /* 1 */
|
type = SESMAN_SESSION_TYPE_XRDP; /* 1 */
|
||||||
@ -116,12 +118,34 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
log_message(LOG_LEVEL_INFO,
|
||||||
|
"session_get_bydata: search policy %d U %s W %d H %d bpp %d T %d IP %s",
|
||||||
|
policy, name, width, height, bpp, type, client_ip);
|
||||||
|
#endif
|
||||||
|
|
||||||
while (tmp != 0)
|
while (tmp != 0)
|
||||||
{
|
{
|
||||||
|
#if 0
|
||||||
|
log_message(LOG_LEVEL_INFO,
|
||||||
|
"session_get_bydata: try %p U %s W %d H %d bpp %d T %d IP %s",
|
||||||
|
tmp->item,
|
||||||
|
tmp->item->name,
|
||||||
|
tmp->item->width, tmp->item->height,
|
||||||
|
tmp->item->bpp, tmp->item->type,
|
||||||
|
tmp->item->client_ip);
|
||||||
|
#endif
|
||||||
|
|
||||||
if (type == SESMAN_SESSION_TYPE_XRDP)
|
if (type == SESMAN_SESSION_TYPE_XRDP)
|
||||||
{
|
{
|
||||||
/* only name and bpp need to match for X11rdp, it can resize */
|
/* only name and bpp need to match for X11rdp, it can resize */
|
||||||
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
|
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
|
||||||
|
(!(policy & SESMAN_CFG_SESS_POLICY_D) ||
|
||||||
|
(tmp->item->width == width && tmp->item->height == height)) &&
|
||||||
|
(!(policy & SESMAN_CFG_SESS_POLICY_I) ||
|
||||||
|
(g_strncmp_d(client_ip, tmp->item->client_ip, ':', 255) == 0)) &&
|
||||||
|
(!(policy & SESMAN_CFG_SESS_POLICY_C) ||
|
||||||
|
(g_strncmp(client_ip, tmp->item->client_ip, 255) == 0)) &&
|
||||||
tmp->item->bpp == bpp &&
|
tmp->item->bpp == bpp &&
|
||||||
tmp->item->type == type)
|
tmp->item->type == type)
|
||||||
{
|
{
|
||||||
@ -132,8 +156,11 @@ session_get_bydata(char *name, int width, int height, int bpp, int type)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
|
if (g_strncmp(name, tmp->item->name, 255) == 0 &&
|
||||||
tmp->item->width == width &&
|
(tmp->item->width == width && tmp->item->height == height) &&
|
||||||
tmp->item->height == height &&
|
(!(policy & SESMAN_CFG_SESS_POLICY_I) ||
|
||||||
|
(g_strncmp_d(client_ip, tmp->item->client_ip, ':', 255) == 0)) &&
|
||||||
|
(!(policy & SESMAN_CFG_SESS_POLICY_C) ||
|
||||||
|
(g_strncmp(client_ip, tmp->item->client_ip, 255) == 0)) &&
|
||||||
tmp->item->bpp == bpp &&
|
tmp->item->bpp == bpp &&
|
||||||
tmp->item->type == type)
|
tmp->item->type == type)
|
||||||
{
|
{
|
||||||
|
@ -91,9 +91,9 @@ struct session_chain
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
struct session_item* DEFAULT_CC
|
struct session_item* DEFAULT_CC
|
||||||
session_get_bydata(char* name, int width, int height, int bpp, int type);
|
session_get_bydata(char* name, int width, int height, int bpp, int type, char *client_ip);
|
||||||
#ifndef session_find_item
|
#ifndef session_find_item
|
||||||
#define session_find_item(a, b, c, d, e) session_get_bydata(a, b, c, d, e);
|
#define session_find_item(a, b, c, d, e, f) session_get_bydata(a, b, c, d, e, f);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user