jh163888/xrdp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Log user-friendly message when certificate/privkey is inaccessible

Browse Source 
We shouldn't assume that xrdp daemon is running under root privilege.
In many cases, root privilege is not really needed for xrdp daemon.
xrdp may fail to load certificate/privkey due to lack of permissions
when running under user privilege. Checking existence of files is not
enough and xrdp should output user-friendly log in such case.

Reported by Debian user in bug 856436 [1].

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856436
This commit is contained in:
Koichiro IWAO 2017-03-08 13:30:14 +09:00 committed by metalefty
parent 0299d64fa8
commit 65c1fe87d7
3 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
common/os_calls.c
View File

@ -2233,6 +2233,18 @@ g_file_exist(const char *filename)
#endif #endif
} }
/*****************************************************************************/
/* returns boolean, non zero if the file is readable */
int
g_file_readable(const char *filename)
{
#if defined(_WIN32)
return 0; /* TODO: what should be done here? */
#else
return access(filename, R_OK) == 0;
#endif
}
/*****************************************************************************/ /*****************************************************************************/
/* returns boolean, non zero if the directory exists */ /* returns boolean, non zero if the directory exists */
int int

1
common/os_calls.h
View File

@ -109,6 +109,7 @@ int g_mkdir(const char* dirname);
char* g_get_current_dir(char* dirname, int maxlen); char* g_get_current_dir(char* dirname, int maxlen);
int g_set_current_dir(const char *dirname); int g_set_current_dir(const char *dirname);
int g_file_exist(const char* filename); int g_file_exist(const char* filename);
int g_file_readable(const char *filename);
int g_directory_exist(const char* dirname); int g_directory_exist(const char* dirname);
int g_create_dir(const char* dirname); int g_create_dir(const char* dirname);
int g_create_path(const char* path); int g_create_path(const char* path);

12
libxrdp/xrdp_rdp.c
View File

@ -269,6 +269,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
/* use user defined certificate */ /* use user defined certificate */
g_strncpy(client_info->certificate, value, 1023); g_strncpy(client_info->certificate, value, 1023);
} }
if (!g_file_readable(client_info->certificate))
{
log_message(LOG_LEVEL_ERROR, "Cannot open certificate file %s: %s",
client_info->certificate, g_get_strerror());
}
} }
else if (g_strcasecmp(item, "key_file") == 0) else if (g_strcasecmp(item, "key_file") == 0)
{ {
@ -293,6 +299,12 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
/* use user defined key_file */ /* use user defined key_file */
g_strncpy(client_info->key_file, value, 1023); g_strncpy(client_info->key_file, value, 1023);
} }
if (!g_file_readable(client_info->key_file))
{
log_message(LOG_LEVEL_ERROR, "Cannot open private key file %s: %s",
client_info->key_file, g_get_strerror());
}
} }
} }