From: Thorsten Glaser Subject: change location of the socket path to something less racy also, rely on the initscript to create it with correct permissions and ownership --- a/common/file_loc.h +++ b/common/file_loc.h @@ -46,23 +46,23 @@ #endif #if !defined(XRDP_CHANSRV_STR) -#define XRDP_CHANSRV_STR "/tmp/.xrdp/xrdp_chansrv_socket_%d" +#define XRDP_CHANSRV_STR "/var/run/xrdp/sockdir/xrdp_chansrv_socket_%d" #endif #if !defined(CHANSRV_PORT_OUT_STR) -#define CHANSRV_PORT_OUT_STR "/tmp/.xrdp/xrdp_chansrv_audio_out_socket_%d" +#define CHANSRV_PORT_OUT_STR "/var/run/xrdp/sockdir/xrdp_chansrv_audio_out_socket_%d" #endif #if !defined(CHANSRV_PORT_IN_STR) -#define CHANSRV_PORT_IN_STR "/tmp/.xrdp/xrdp_chansrv_audio_in_socket_%d" +#define CHANSRV_PORT_IN_STR "/var/run/xrdp/sockdir/xrdp_chansrv_audio_in_socket_%d" #endif #if !defined(CHANSRV_API_STR) -#define CHANSRV_API_STR "/tmp/.xrdp/xrdpapi_%d" +#define CHANSRV_API_STR "/var/run/xrdp/sockdir/xrdpapi_%d" #endif #if !defined(XRDP_X11RDP_STR) -#define XRDP_X11RDP_STR "/tmp/.xrdp/xrdp_display_%d" +#define XRDP_X11RDP_STR "/var/run/xrdp/sockdir/xrdp_display_%d" #endif #endif --- a/common/os_calls.c +++ b/common/os_calls.c @@ -111,18 +111,10 @@ g_rm_temp_dir(void) int APP_CC g_mk_temp_dir(const char *app_name) { - if (!g_directory_exist("/tmp/.xrdp")) + if (!g_directory_exist("/var/run/xrdp/sockdir")) { - if (!g_create_dir("/tmp/.xrdp")) - { - /* if failed, still check if it got created by someone else */ - if (!g_directory_exist("/tmp/.xrdp")) - { - printf("g_mk_temp_dir: g_create_dir failed\n"); + printf("g_mk_temp_dir: /var/run/xrdp/sockdir does not exist\n"); return 1; - } - } - g_chmod_hex("/tmp/.xrdp", 0x3777); } return 0; } --- a/docs/man/xrdp-chansrv.8 +++ b/docs/man/xrdp-chansrv.8 @@ -30,10 +30,10 @@ Dynamic Virtual Channel .SH FILES .TP -.I /tmp/.xrdp/xrdp_chansrv_socket_* +.I /var/run/xrdp/sockdir/xrdp_chansrv_socket_* UNIX socket used by external programs to implement channels. .TP -.I /tmp/.xrdp/xrdp_api_* +.I /var/run/xrdp/sockdir/xrdp_api_* UNIX socket used by \fBxrdp\-chansrv\fP to communicate with \fBxrdp\-sesman\fP. .TP .I $XDG_DATA_HOME/xrdp/xrdp-chansrv.log --- a/docs/man/xrdp-dis.1 +++ b/docs/man/xrdp-dis.1 @@ -16,7 +16,7 @@ to get the default host and display numb .SH FILES .TP -.I /tmp/.xrdp/xrdp_disconnect_display_* +.I /var/run/xrdp/sockdir/xrdp_disconnect_display_* UNIX socket used to communicate with the \fBxrdp\fP(8) session manager. .SH KNOWN ISSUES --- a/instfiles/xrdp.service +++ b/instfiles/xrdp.service @@ -8,8 +8,11 @@ Type=forking PIDFile=/var/run/xrdp.pid EnvironmentFile=-/etc/sysconfig/xrdp EnvironmentFile=-/etc/default/xrdp +PermissionsStartOnly=true +ExecStartPre=/bin/sh /usr/share/xrdp/socksetup ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS ExecStop=/usr/sbin/xrdp $XRDP_OPTIONS --kill +ExecStopPost=/bin/rm -rf /var/run/xrdp/sockdir [Install] WantedBy=multi-user.target --- a/sesman/chansrv/pulse/module-xrdp-sink.c +++ b/sesman/chansrv/pulse/module-xrdp-sink.c @@ -84,7 +84,7 @@ PA_MODULE_USAGE( #define DEFAULT_SINK_NAME "xrdp-sink" #define BLOCK_USEC 30000 //#define BLOCK_USEC (PA_USEC_PER_SEC * 2) -#define CHANSRV_PORT_STR "/tmp/.xrdp/xrdp_chansrv_audio_out_socket_%d" +#define CHANSRV_PORT_STR "/var/run/xrdp/sockdir/xrdp_chansrv_audio_out_socket_%d" struct userdata { pa_core *core; --- a/sesman/chansrv/pulse/module-xrdp-source.c +++ b/sesman/chansrv/pulse/module-xrdp-source.c @@ -72,7 +72,7 @@ PA_MODULE_USAGE( #define DEFAULT_SOURCE_NAME "xrdp-source" #define DEFAULT_LATENCY_TIME 10 #define MAX_LATENCY_USEC 1000 -#define CHANSRV_PORT_STR "/tmp/.xrdp/xrdp_chansrv_audio_in_socket_%d" +#define CHANSRV_PORT_STR "/var/run/xrdp/sockdir/xrdp_chansrv_audio_in_socket_%d" struct userdata { pa_core *core; --- a/sesman/sessvc/sessvc.c +++ b/sesman/sessvc/sessvc.c @@ -55,14 +55,14 @@ chansrv_cleanup(int pid) { char text[256]; - g_snprintf(text, 255, "/tmp/.xrdp/xrdp_chansrv_%8.8x_main_term", pid); + g_snprintf(text, 255, "/var/run/xrdp/sockdir/xrdp_chansrv_%8.8x_main_term", pid); if (g_file_exist(text)) { g_file_delete(text); } - g_snprintf(text, 255, "/tmp/.xrdp/xrdp_chansrv_%8.8x_thread_done", pid); + g_snprintf(text, 255, "/var/run/xrdp/sockdir/xrdp_chansrv_%8.8x_thread_done", pid); if (g_file_exist(text)) { --- a/sesman/tools/dis.c +++ b/sesman/tools/dis.c @@ -50,7 +50,7 @@ int main(int argc, char **argv) dis = strtol(display + 1, &p, 10); memset(&sa, 0, sizeof(sa)); sa.sun_family = AF_UNIX; - sprintf(sa.sun_path, "/tmp/.xrdp/xrdp_disconnect_display_%d", dis); + sprintf(sa.sun_path, "/var/run/xrdp/sockdir/xrdp_disconnect_display_%d", dis); if (access(sa.sun_path, F_OK) != 0) { --- a/xorg/X11R7.6/rdp/rdpmain.c +++ b/xorg/X11R7.6/rdp/rdpmain.c @@ -769,7 +769,7 @@ ddxGiveUp(void) { sprintf(unixSocketName, "/tmp/.X11-unix/X%s", display); unlink(unixSocketName); - sprintf(unixSocketName, "/tmp/.xrdp/xrdp_disconnect_display_%s", display); + sprintf(unixSocketName, "/var/run/xrdp/sockdir/xrdp_disconnect_display_%s", display); unlink(unixSocketName); if (g_uds_data[0] != 0) @@ -823,7 +823,7 @@ ddxUseMsg(void) ErrorF("X11rdp specific options\n"); ErrorF("-geometry WxH set framebuffer width & height\n"); ErrorF("-depth D set framebuffer depth\n"); - ErrorF("-uds create and listen on /tmp/.xrdp/xrdp_display_x\n"); + ErrorF("-uds create and listen on /var/run/xrdp/sockdir/xrdp_display_x\n"); ErrorF("\n"); exit(1); } --- a/xorg/X11R7.6/rdp/rdpup.c +++ b/xorg/X11R7.6/rdp/rdpup.c @@ -1234,15 +1234,10 @@ rdpup_init(void) char *ptext; int i; - if (!g_directory_exist("/tmp/.xrdp")) + if (!g_directory_exist("/var/run/xrdp/sockdir")) { - if (!g_create_dir("/tmp/.xrdp")) - { - LLOGLN(0, ("rdpup_init: g_create_dir failed")); + LLOGLN(0, ("rdpup_init: /var/run/xrdp/sockdir does not exist")); return 0; - } - - g_chmod_hex("/tmp/.xrdp", 0x3777); } i = atoi(display); @@ -1266,7 +1261,7 @@ rdpup_init(void) if (g_use_uds) { - g_sprintf(g_uds_data, "/tmp/.xrdp/xrdp_display_%s", display); + g_sprintf(g_uds_data, "/var/run/xrdp/sockdir/xrdp_display_%s", display); if (g_listen_sck == 0) { @@ -1304,7 +1299,7 @@ rdpup_init(void) if (g_dis_listen_sck != 0) { - g_sprintf(text, "/tmp/.xrdp/xrdp_disconnect_display_%s", display); + g_sprintf(text, "/var/run/xrdp/sockdir/xrdp_disconnect_display_%s", display); if (g_tcp_local_bind(g_dis_listen_sck, text) == 0) { --- a/xorgxrdp/module/rdpClientCon.c +++ b/xorgxrdp/module/rdpClientCon.c @@ -1166,17 +1166,10 @@ rdpClientConInit(rdpPtr dev) { int i; - if (!g_directory_exist("/tmp/.xrdp")) + if (!g_directory_exist("/var/run/xrdp/sockdir")) { - if (!g_create_dir("/tmp/.xrdp")) - { - if (!g_directory_exist("/tmp/.xrdp")) - { - LLOGLN(0, ("rdpup_init: g_create_dir failed")); + LLOGLN(0, ("rdpup_init: /var/run/xrdp/sockdir does not exist")); return 0; - } - } - g_chmod_hex("/tmp/.xrdp", 0x3777); } i = atoi(display); if (i < 1) @@ -1184,7 +1177,7 @@ rdpClientConInit(rdpPtr dev) LLOGLN(0, ("rdpClientConInit: can not run at display < 1")); return 0; } - g_sprintf(dev->uds_data, "/tmp/.xrdp/xrdp_display_%s", display); + g_sprintf(dev->uds_data, "/var/run/xrdp/sockdir/xrdp_display_%s", display); if (dev->listen_sck == 0) { unlink(dev->uds_data); --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -137,10 +137,10 @@ xrdpvr=true tcutils=true ; for debugging xrdp, in section xrdp1, change port=-1 to this: -#port=/tmp/.xrdp/xrdp_display_10 +#port=/var/run/xrdp/sockdir/xrdp_display_10 ; for debugging xrdp, add following line to section xrdp1 -#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 +#chansrvport=/var/run/xrdp/sockdir/xrdp_chansrv_socket_7210 ; --- a/xrdpapi/xrdpapi.c +++ b/xrdpapi/xrdpapi.c @@ -144,7 +144,7 @@ WTSVirtualChannelOpenEx(unsigned int Ses memset(&s, 0, sizeof(struct sockaddr_un)); s.sun_family = AF_UNIX; bytes = sizeof(s.sun_path); - snprintf(s.sun_path, bytes - 1, "/tmp/.xrdp/xrdpapi_%d", wts->display_num); + snprintf(s.sun_path, bytes - 1, "/var/run/xrdp/sockdir/xrdpapi_%d", wts->display_num); s.sun_path[bytes - 1] = 0; bytes = sizeof(struct sockaddr_un);