Description
xrdp version
0.10.0
Detailed xrdp version, build options
[maico:/home/fredy] xrdp-sesman -V
xrdp-sesman 0.10.0
The xrdp session manager
Copyright (C) 2004-2024 Jay Sorg, Neutrino Labs, and all contributors.
See https://github.com/neutrinolabs/xrdp for more information.
Configure options:
--build=x86_64-redhat-linux-gnu
--host=x86_64-redhat-linux-gnu
--program-prefix=
--disable-dependency-tracking
--prefix=/usr
--exec-prefix=/usr
--bindir=/usr/bin
--sbindir=/usr/sbin
--sysconfdir=/etc
--datadir=/usr/share
--includedir=/usr/include
--libdir=/usr/lib64
--libexecdir=/usr/libexec
--localstatedir=/var
--sharedstatedir=/var/lib
--mandir=/usr/share/man
--infodir=/usr/share/info
--enable-fuse
--enable-pixman
--enable-painter
--enable-vsock
--enable-ipv6
--with-socketdir=/run/xrdp
--with-imlib2
build_alias=x86_64-redhat-linux-gnu
host_alias=x86_64-redhat-linux-gnu
CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld
CXXFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig
Operating system & version
RHEL8, RHEL9
Installation method
dnf / apt / zypper / pkg / etc
Which backend do you use?
Xvnc
What desktop environment do you use?
Xfce
Environment xrdp running on
VM
What's your client?
Remmina
Area(s) with issue?
Session manager (sesman)
Steps to reproduce
Set Policy to UBDI in sesman.ini
- Connect and open a session
- Disconnect without closing the application
- Reconnect with same user/depth/dimension/IP
✔️ Expected Behavior
Should reconnect to the running session
❌ Actual Behavior
Always opens a new session
Anything else?
Activating debug output shows, that session_list.c::session_list_get_bydata(363ff) is always receiving psi->start_ip_addr NULL.
Causing IP check always to fail in same function at line 401.
[2024-07-18T11:47:16.539+0200] [DEBUG] session_list_get_bydata: search policy=I type=Xvnc U=1080 B=32 D=(800x600) I=
[2024-07-18T11:47:16.545+0200] [DEBUG] session_list_get_bydata: try 0x559944747b60 type=Xvnc U=1080 B=32 D=(800x600) I=::ffff:192.1.1.48
[2024-07-18T11:47:16.551+0200] [DEBUG] session_list_get_bydata: IPs don't match for 'I' policy
[2024-07-18T11:47:16.557+0200] [DEBUG] session_list_get_bydata: try 0x55994474e960 type=Xvnc U=1080 B=32 D=(800x600) I=::ffff:192.1.1.48
[2024-07-18T11:47:16.563+0200] [DEBUG] session_list_get_bydata: IPs don't match for 'I' policy
[2024-07-18T11:47:16.569+0200] [DEBUG] session_list_get_bydata: No matches found
In V0.9.26, the IP check is working as expected.
It seams that the field psi->start_ip_addr is not filled when a new connection arrives.
We found a call to session_list_get_bydata() in scp_process.c::process_create_session_request(411)
but didn't find out where psi get's initialized upon reception of a new connection.
Activity
matt335672 commentedon Jul 18, 2024
@fpaquet - thank you for an excellent fault report.
If you're in a position where you can take a patch, this will fix it for you:-
After you've had to spend so much time on this, I feel I owe you an explanation.
The basic explanation, is that I omitted to initialise this field, so not being able to find where it is initialised is not surprising!
The more detailed explanation needs an understanding of the Session Management Architecture
The IP address for a login attempt is passed from sesman to sesexec when the user is authenticated. This IP address is received back from sesexec via a 'session announce' event, and this is used to populate the session entry. This is a little convoluted, but it's there to support sesman restarts in the future. The idea is that when sesman restarts, all the sesexec processes send a session announce event to sesman, and sesman is able to reconstruct its state.
At the moment though, this isn't implemented.
If you can't take a patch, I'll add a PR here and we'll get this in the next xrdp release. Being on EPEL, you will get this when we release it.
fpaquet commentedon Jul 18, 2024
Hello Matt
Great to hear you found and fixed it so quickly.
For the time being, we can live with installing the old xrdp-0.9.25-2.el8.x86_64.rpm on RHEL8,
downloaded from https://rpm.pbone.net/info_idpl_85646712_distro_redhatel8_com_xrdp-0.9.25-2.el8.x86_64.rpm.html
(the link maybe helpful for others)
We'll give it a try when new release is out.
The new feature seams very useful to us, to prevent lost sessions when restarting sesman.
Super!
matt335672 commentedon Jul 18, 2024
I'll keep this open for now, so I don't lose track of it...
fpaquet commentedon Aug 27, 2024
Hello Matt
While switching to the Workaround with xrdp 0.9.25, we found a bug in the Policy comment.
The quotes around the policy string shoud be removed in the comment, in sesman.ini
;; Policy - session allocation policy
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
; "Default" session per <User,BitPerPixel>
; "UBD" session per <User,BitPerPixel,DisplaySize>
; "UBI" session per <User,BitPerPixel,IPAddr>
; "UBC" session per <User,BitPerPixel,Connection>
; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
Using the following setting fails:
Policy="UBDI"
Using this setting is very successful:
Policy=UBDI
regards
fp
matt335672 commentedon Aug 27, 2024
Thanks for raising this @fpaquet