search

neutrinolabs / xrdp

xrdp: an open source RDP server
http://www.xrdp.org/
Apache License 2.0
5.56k stars 1.73k forks source link

xrdp-sesman namespace login error #3095

Closed tsz8899 closed 2 months ago

tsz8899 commented 2 months ago

xrdp version

0.10

Detailed xrdp version, build options

xrdp --version
xrdp 0.10.80

Operating system & version

debian 12

Installation method

git clone & make install

Which backend do you use?

xorgxrdp

What desktop environment do you use?

xfce

Environment xrdp running on

No response

What's your client?

any

Area(s) with issue?

Session manager (sesman)

Steps to reproduce

If the system does not enable the namespace functionality, everything works fine. After enable namespace isolation for the /tmp directory, errors occur.

When the system has namespace enabled: 1.cat /etc/security/namespace.conf /tmp /tmp-inst/ level root 2.cat /etc/pam.d/common-session or cat /etc/pam.d/xrdp-sesman session required pam_namespace.so

error: 1.The first and second logged-in users work fine. 2.if open session>2 3.session 3 4 5... "Starting X server on display" is always "10", causing login issues.

✔️ Expected Behavior

xrdp can be used in an environment where namespace is activated.

❌ Actual Behavior

cat /var/log/xrdp-sesman.log [2024-05-28T19:07:46.800+0800] [INFO ] Socket 13: connection accepted from AF_UNIX [2024-05-28T19:07:46.969+0800] [INFO ] Received system login request from xrdp for user: aaa IP: 192.168.116.20 [2024-05-28T19:07:46.105+0800] [INFO ] starting xrdp-sesexec with pid 2145 [2024-05-28T19:07:46.113+0800] [INFO ] User aaa is in TerminalServerUsers group tsusers. Access granted [2024-05-28T19:07:46.119+0800] [INFO ] Access permitted for user: aaa [2024-05-28T19:07:46.124+0800] [INFO ] Received sys login status for aaa : logged in [2024-05-28T19:07:46.135+0800] [INFO ] Received request from xrdp to create a session for user aaa [2024-05-28T19:07:46.141+0800] [INFO ] PAM: Last login: Tue May 28 19:06:05 CST 2024 from 192.168.116.20 on :10 [2024-05-28T19:07:46.307+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log [2024-05-28T19:07:47.310+0800] [INFO ] X server :10 is working [2024-05-28T19:07:47.317+0800] [INFO ] Starting window manager for display :10 [2024-05-28T19:07:47.323+0800] [INFO ] Starting the xrdp channel server for display :10 [2024-05-28T19:07:47.323+0800] [INFO ] Using the default window manager on display 10: /etc/xrdp/startwm.sh [2024-05-28T19:07:47.329+0800] [INFO ] Session in progress on display :10. Waiting until the window manager (pid 2230) exits to end the session [2024-05-28T19:07:56.486+0800] [INFO ] Socket 13: connection accepted from AF_UNIX [2024-05-28T19:07:56.507+0800] [INFO ] Received system login request from xrdp for user: bbb IP: 192.168.116.20 [2024-05-28T19:07:56.519+0800] [INFO ] starting xrdp-sesexec with pid 2538 [2024-05-28T19:07:56.529+0800] [INFO ] User bbb is in TerminalServerUsers group tsusers. Access granted [2024-05-28T19:07:56.535+0800] [INFO ] Access permitted for user: bbb [2024-05-28T19:07:56.541+0800] [INFO ] Received sys login status for bbb : logged in [2024-05-28T19:07:56.553+0800] [INFO ] Received request from xrdp to create a session for user bbb [2024-05-28T19:07:56.560+0800] [INFO ] PAM: Last login: Tue May 28 19:06:13 CST 2024 from 192.168.116.20 on :11 [2024-05-28T19:07:56.702+0800] [INFO ] Starting X server on display 11: Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log [2024-05-28T19:07:57.706+0800] [INFO ] X server :11 is working [2024-05-28T19:07:57.714+0800] [INFO ] Starting window manager for display :11 [2024-05-28T19:07:57.721+0800] [INFO ] Starting the xrdp channel server for display :11 [2024-05-28T19:07:57.722+0800] [INFO ] Using the default window manager on display 11: /etc/xrdp/startwm.sh [2024-05-28T19:07:57.729+0800] [INFO ] Session in progress on display :11. Waiting until the window manager (pid 2623) exits to end the session [2024-05-28T19:08:04.547+0800] [INFO ] Socket 13: connection accepted from AF_UNIX [2024-05-28T19:08:04.567+0800] [INFO ] Received system login request from xrdp for user: ccc IP: 192.168.116.20 [2024-05-28T19:08:04.579+0800] [INFO ] starting xrdp-sesexec with pid 2919 [2024-05-28T19:08:04.590+0800] [INFO ] User ccc is in TerminalServerUsers group tsusers. Access granted [2024-05-28T19:08:04.596+0800] [INFO ] Access permitted for user: ccc [2024-05-28T19:08:04.602+0800] [INFO ] Received sys login status for ccc : logged in [2024-05-28T19:08:04.614+0800] [INFO ] Received request from xrdp to create a session for user ccc [2024-05-28T19:08:04.621+0800] [INFO ] PAM: Last login: Tue May 28 19:06:20 CST 2024 from 192.168.116.20 on :10 [2024-05-28T19:08:04.801+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log [2024-05-28T19:08:04.802+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:05.803+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:06.803+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:07.804+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:08.805+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:09.805+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:10.806+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:11.806+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:12.697+0800] [INFO ] Socket 13: connection accepted from AF_UNIX [2024-05-28T19:08:12.711+0800] [INFO ] Received system login request from xrdp for user: ddd IP: 192.168.116.20 [2024-05-28T19:08:12.725+0800] [INFO ] starting xrdp-sesexec with pid 3043 [2024-05-28T19:08:12.734+0800] [INFO ] User ddd is in TerminalServerUsers group tsusers. Access granted [2024-05-28T19:08:12.740+0800] [INFO ] Access permitted for user: ddd [2024-05-28T19:08:12.745+0800] [INFO ] Received sys login status for ddd : logged in [2024-05-28T19:08:12.751+0800] [INFO ] Received request from xrdp to create a session for user ddd [2024-05-28T19:08:12.757+0800] [INFO ] PAM: Last login: Tue May 28 19:02:27 CST 2024 from 192.168.116.20 on :13 [2024-05-28T19:08:12.807+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:12.948+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log [2024-05-28T19:08:12.949+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:13.807+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:13.949+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:14.808+0800] [ERROR] waitforx: Unable to open display :10 [2024-05-28T19:08:14.815+0800] [ERROR] X server failed to start [2024-05-28T19:08:14.821+0800] [INFO ] Session on display 10 has finished. [2024-05-28T19:08:14.950+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:15.950+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:16.951+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:17.952+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key [2024-05-28T19:08:18.952+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key

Anything else?

No response

matt335672 commented 2 months ago

Having checked out all the codepaths, I suspect this is something else.

There's a dependency on \tmp in that when sesman allocates a display for a session it will check that the display is not already active by looking in /tmp. However, this is a backstop. sesman also maintains a list of all the displays it's allocated. It has to do this to prevent a race condition where session creation requests come in very quickly on top of each other. This is the primary way that display collisions are avoided. It has nothing to do with /tmp

This list is held in memory however, and if sesman is restarted it will be forgotten. This will lead to exactly the symptoms you describe if /tmp is namespaced. See #800 for other symptoms.

Have you possibly restarted sesman after creating the first two sessions?

tsz8899 commented 2 months ago

thank you

confused why the second user can connect

What files in /tmp does sesman need to monitor, is it /tmp/.X10-lock or /tmp/.X11-unix/? After namespace is enabled, the directory structure changes to

find /tmp
/tmp
/tmp/.X11-unix
/tmp/.ICE-unix
/tmp/.XIM-unix
/tmp/.font-unix
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-systemd-timesyncd.service-iSSFyX
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-systemd-timesyncd.service-iSSFyX/tmp
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-systemd-logind.service-rngByp
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-systemd-logind.service-rngByp/tmp
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-upower.service-9pvZL8
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-upower.service-9pvZL8/tmp
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-colord.service-61IWV5
/tmp/systemd-private-2f789ca713964454b929bf63d067ebd4-colord.service-61IWV5/tmp
find /tmp-inst/
/tmp-inst/
/tmp-inst/aaa
/tmp-inst/aaa/.X10-lock
/tmp-inst/aaa/.X11-unix
/tmp-inst/aaa/.X11-unix/X10
/tmp-inst/aaa/.ICE-unix
/tmp-inst/aaa/.ICE-unix/997
/tmp-inst/aaa/.ICE-unix/2030
/tmp-inst/bbb
/tmp-inst/bbb/.X11-lock
/tmp-inst/bbb/.X11-unix
/tmp-inst/bbb/.X11-unix/X11
/tmp-inst/bbb/ssh-XXXXXXZbW1GF
/tmp-inst/bbb/ssh-XXXXXXZbW1GF/agent.1447
/tmp-inst/bbb/.ICE-unix
/tmp-inst/bbb/.ICE-unix/1447
/tmp-inst/bbb/.xfsm-ICE-Z0JEO2
/tmp-inst/ccc
/tmp-inst/ddd

error changes after xrdp-sesman.service is restarted

  1. The first and second users log in properly
  2. The third user fails to log in
  3. systemctl restart xrdp-sesman.service --> All user sessions are disconnected
  4. The first user logs in properly,but 2 3 4 sessions fail

restart xrdp-sesman.service log:

cat /var/log/xrdp-sesman.log
[2024-05-30T23:40:34.171+0800] [INFO ] Socket 13: connection accepted from AF_UNIX
[2024-05-30T23:40:34.208+0800] [INFO ] Received system login request from xrdp for user: aaa IP: 192.168.116.20
[2024-05-30T23:40:34.229+0800] [INFO ] starting xrdp-sesexec with pid 900
[2024-05-30T23:40:34.247+0800] [INFO ] User aaa is in TerminalServerUsers group tsusers. Access granted
[2024-05-30T23:40:34.265+0800] [INFO ] Access permitted for user: aaa
[2024-05-30T23:40:34.280+0800] [INFO ] Received sys login status for aaa : logged in
[2024-05-30T23:40:34.298+0800] [INFO ] Received request from xrdp to create a session for user aaa
[2024-05-30T23:40:34.312+0800] [INFO ] PAM: Last login: Tue May 28 19:02:04 CST 2024 from 192.168.116.20 on :11
[2024-05-30T23:40:34.495+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[2024-05-30T23:40:35.503+0800] [INFO ] X server :10 is working
[2024-05-30T23:40:35.511+0800] [INFO ] Starting window manager for display :10
[2024-05-30T23:40:35.521+0800] [INFO ] Starting the xrdp channel server for display :10
[2024-05-30T23:40:35.522+0800] [INFO ] Using the default window manager on display 10: /etc/xrdp/startwm.sh
[2024-05-30T23:40:35.534+0800] [INFO ] Session in progress on display :10. Waiting until the window manager (pid 997) exits to end the session
[2024-05-30T23:40:45.172+0800] [INFO ] Socket 13: connection accepted from AF_UNIX
[2024-05-30T23:40:45.209+0800] [INFO ] Received system login request from xrdp for user: bbb IP: 192.168.116.20
[2024-05-30T23:40:45.229+0800] [INFO ] starting xrdp-sesexec with pid 1352
[2024-05-30T23:40:45.248+0800] [INFO ] User bbb is in TerminalServerUsers group tsusers. Access granted
[2024-05-30T23:40:45.258+0800] [INFO ] Access permitted for user: bbb
[2024-05-30T23:40:45.269+0800] [INFO ] Received sys login status for bbb : logged in
[2024-05-30T23:40:45.303+0800] [INFO ] Received request from xrdp to create a session for user bbb
[2024-05-30T23:40:45.311+0800] [INFO ] PAM: Last login: Tue May 28 19:01:54 CST 2024 from 192.168.116.20 on :10
[2024-05-30T23:40:45.442+0800] [INFO ] Starting X server on display 11: Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[2024-05-30T23:40:46.446+0800] [INFO ] X server :11 is working
[2024-05-30T23:40:46.462+0800] [INFO ] Starting window manager for display :11
[2024-05-30T23:40:46.475+0800] [INFO ] Starting the xrdp channel server for display :11
[2024-05-30T23:40:46.476+0800] [INFO ] Using the default window manager on display 11: /etc/xrdp/startwm.sh
[2024-05-30T23:40:46.491+0800] [INFO ] Session in progress on display :11. Waiting until the window manager (pid 1447) exits to end the session
[2024-05-30T23:40:53.827+0800] [INFO ] Socket 13: connection accepted from AF_UNIX
[2024-05-30T23:40:53.908+0800] [INFO ] Received system login request from xrdp for user: ccc IP: 192.168.116.20
[2024-05-30T23:40:53.925+0800] [INFO ] starting xrdp-sesexec with pid 1731
[2024-05-30T23:40:53.941+0800] [INFO ] User ccc is in TerminalServerUsers group tsusers. Access granted
[2024-05-30T23:40:53.955+0800] [INFO ] Access permitted for user: ccc
[2024-05-30T23:40:53.973+0800] [INFO ] Received sys login status for ccc : logged in
[2024-05-30T23:40:53.999+0800] [INFO ] Received request from xrdp to create a session for user ccc
[2024-05-30T23:40:54.119+0800] [INFO ] PAM: Last login: Tue May 28 19:02:13 CST 2024 from 192.168.116.20 on :12
[2024-05-30T23:40:54.231+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[2024-05-30T23:40:54.232+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:40:55.233+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:40:56.233+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:40:57.234+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:40:58.234+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:40:59.235+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:00.235+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:01.236+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:02.236+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:03.237+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:04.237+0800] [ERROR] waitforx: Unable to open display :10
[2024-05-30T23:41:04.258+0800] [ERROR] X server failed to start
[2024-05-30T23:41:04.266+0800] [INFO ] Session on display 10 has finished.
[2024-05-30T23:41:14.462+0800] [INFO ] sesman_main_loop: sesman asked to terminate
[2024-05-30T23:41:14.484+0800] [ERROR] sesexec_main_loop: trans_check_wait_objs failed for ECP transport
[2024-05-30T23:41:14.484+0800] [ERROR] sesexec_main_loop: trans_check_wait_objs failed for ECP transport
[2024-05-30T23:41:14.493+0800] [INFO ] starting xrdp-sesman with pid 1954
[2024-05-30T23:41:14.519+0800] [INFO ] Sesman now listening on /var/run/xrdp/sesman.socket
[2024-05-30T23:41:25.317+0800] [INFO ] Socket 13: connection accepted from AF_UNIX
[2024-05-30T23:41:25.352+0800] [INFO ] Received system login request from xrdp for user: aaa IP: 192.168.116.20
[2024-05-30T23:41:25.411+0800] [INFO ] starting xrdp-sesexec with pid 2024
[2024-05-30T23:41:25.429+0800] [INFO ] User aaa is in TerminalServerUsers group tsusers. Access granted
[2024-05-30T23:41:25.444+0800] [INFO ] Access permitted for user: aaa
[2024-05-30T23:41:25.461+0800] [INFO ] Received sys login status for aaa : logged in
[2024-05-30T23:41:25.490+0800] [INFO ] Received request from xrdp to create a session for user aaa
[2024-05-30T23:41:25.500+0800] [INFO ] PAM: Last login: Thu May 30 23:40:34 CST 2024 from 192.168.116.20 on :10
[2024-05-30T23:41:25.545+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[2024-05-30T23:41:25.549+0800] [INFO ] X server :10 is working
[2024-05-30T23:41:25.578+0800] [INFO ] Starting window manager for display :10
[2024-05-30T23:41:25.594+0800] [INFO ] Starting the xrdp channel server for display :10
[2024-05-30T23:41:25.595+0800] [INFO ] Using the default window manager on display 10: /etc/xrdp/startwm.sh
[2024-05-30T23:41:25.606+0800] [INFO ] Session in progress on display :10. Waiting until the window manager (pid 2030) exits to end the session
[2024-05-30T23:41:25.638+0800] [INFO ] X server pid 2026 on display :10 finished
[2024-05-30T23:41:25.817+0800] [INFO ] Window manager (pid 2030, display 10) finished normally in 0 secs
[2024-05-30T23:41:25.833+0800] [WARN ] Window manager (pid 2030, display 10) exited quickly (0 secs). This could indicate a window manager config problem
[2024-05-30T23:41:25.866+0800] [INFO ] Terminating the xrdp channel server (pid 2031) on display :10
[2024-05-30T23:41:26.181+0800] [INFO ] xrdp channel server pid 2031 on display :10 finished
[2024-05-30T23:41:26.198+0800] [INFO ] Session on display 10 has finished.
[2024-05-30T23:41:30.800+0800] [INFO ] Socket 13: connection accepted from AF_UNIX
[2024-05-30T23:41:30.107+0800] [INFO ] Received system login request from xrdp for user: bbb IP: 192.168.116.20
[2024-05-30T23:41:30.129+0800] [INFO ] starting xrdp-sesexec with pid 2132
[2024-05-30T23:41:30.163+0800] [INFO ] User bbb is in TerminalServerUsers group tsusers. Access granted
[2024-05-30T23:41:30.170+0800] [INFO ] Access permitted for user: bbb
[2024-05-30T23:41:30.180+0800] [INFO ] Received sys login status for bbb : logged in
[2024-05-30T23:41:30.206+0800] [INFO ] Received request from xrdp to create a session for user bbb
[2024-05-30T23:41:30.224+0800] [INFO ] PAM: Last login: Thu May 30 23:40:45 CST 2024 from 192.168.116.20 on :11
[2024-05-30T23:41:30.341+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[2024-05-30T23:41:30.343+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:31.343+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:32.344+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:33.345+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:34.345+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:35.346+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:36.346+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:37.347+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:38.347+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:39.348+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:40.811+0800] [INFO ] Socket 13: connection accepted from AF_UNIX
[2024-05-30T23:41:40.116+0800] [INFO ] Received system login request from xrdp for user: ccc IP: 192.168.116.20
[2024-05-30T23:41:40.140+0800] [INFO ] starting xrdp-sesexec with pid 2200
[2024-05-30T23:41:40.151+0800] [INFO ] User ccc is in TerminalServerUsers group tsusers. Access granted
[2024-05-30T23:41:40.162+0800] [INFO ] Access permitted for user: ccc
[2024-05-30T23:41:40.176+0800] [INFO ] Received sys login status for ccc : logged in
[2024-05-30T23:41:40.191+0800] [INFO ] Received request from xrdp to create a session for user ccc
[2024-05-30T23:41:40.219+0800] [INFO ] PAM: Last login: Thu May 30 23:40:54 CST 2024 from 192.168.116.20 on :10
[2024-05-30T23:41:40.348+0800] [ERROR] waitforx: Unable to open display :10
[2024-05-30T23:41:40.359+0800] [ERROR] X server failed to start
[2024-05-30T23:41:40.373+0800] [INFO ] Session on display 10 has finished.
[2024-05-30T23:41:40.405+0800] [INFO ] Starting X server on display 11: Xorg :11 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[2024-05-30T23:41:40.407+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:41.408+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:42.408+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:43.409+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:44.409+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:45.410+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:46.411+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:47.411+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:47.864+0800] [INFO ] Socket 13: connection accepted from AF_UNIX
[2024-05-30T23:41:47.952+0800] [INFO ] Received system login request from xrdp for user: ddd IP: 192.168.116.20
[2024-05-30T23:41:47.977+0800] [INFO ] starting xrdp-sesexec with pid 2325
[2024-05-30T23:41:47.996+0800] [INFO ] User ddd is in TerminalServerUsers group tsusers. Access granted
[2024-05-30T23:41:48.133+0800] [INFO ] Access permitted for user: ddd
[2024-05-30T23:41:48.276+0800] [INFO ] Received sys login status for ddd : logged in
[2024-05-30T23:41:48.558+0800] [INFO ] Received request from xrdp to create a session for user ddd
[2024-05-30T23:41:48.768+0800] [INFO ] PAM: Last login: Tue May 28 19:02:27 CST 2024 from 192.168.116.20 on :13
[2024-05-30T23:41:48.249+0800] [INFO ] Starting X server on display 10: Xorg :10 -auth .Xauthority -config xrdp/xorg.conf -noreset -nolisten tcp -logfile .xorgxrdp.%s.log
[2024-05-30T23:41:48.249+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:48.412+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:49.250+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:49.412+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:50.251+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:50.413+0800] [ERROR] waitforx: Unable to open display :11
[2024-05-30T23:41:50.481+0800] [ERROR] X server failed to start
[2024-05-30T23:41:50.493+0800] [INFO ] Session on display 11 has finished.
[2024-05-30T23:41:51.251+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:52.252+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:53.252+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:54.253+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:55.253+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:56.254+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:57.254+0800] [ERROR] waitforx: Invalid MIT-MAGIC-COOKIE-1 key
[2024-05-30T23:41:58.254+0800] [ERROR] waitforx: Unable to open display :10
[2024-05-30T23:41:58.273+0800] [ERROR] X server failed to start
[2024-05-30T23:41:58.285+0800] [INFO ] Session on display 10 has finished.
matt335672 commented 2 months ago

@tsz8899 - there's nothing in /tmp which should be necessary for this to work.

I'll try to reproduce this and get back to you.

matt335672 commented 2 months ago

Can you also tell me what commit you're building? git show HEAD | head -10 should be adequate.

tsz8899 commented 2 months ago

try Commits on May 8, 2024--Commits on May 28, 2024

Current

 git show HEAD | head -10
commit 00332aca179c237024eae80e4c4ac3bd49bb7c2d
Merge: e622f051 4dcf59c8
Author: jsorg71 <jay.sorg@gmail.com>
Date:   Tue May 28 11:18:57 2024 -0700

try ./configure and ./configure --enable-fuse --enable-rfxcodec --enable-sound --enable-ipv6 --enable-rdpsndaudin --enable-ibus --enable-utmp ./configure --enable-fuse --enable-sound --enable-ipv6 --enable-rdpsndaudin Current 

xrdp -v
xrdp 0.10.80
  A Remote Desktop Protocol Server.
  Copyright (C) 2004-2024 Jay Sorg, Neutrino Labs, and all contributors.
  See https://github.com/neutrinolabs/xrdp for more information.

  Configure options:
      --enable-fuse
      --enable-sound
      --enable-ipv6
      --enable-rdpsndaudin
matt335672 commented 2 months ago

I've managed to reproduce this, and I can confirm it doesn't happen unless namespaces are enabled.

matt335672 commented 2 months ago

@tsz8899 - can you try this patch?

It works for me, up to 4 users. I've tested the erroneous code up to 7 in a rig.

PR to follow for v0.10 and devel.

--- a/sesman/session_list.c
+++ b/sesman/session_list.c
@@ -209,9 +209,12 @@ x_server_running_check_ports(int display)
 /******************************************************************************/
 /* Helper function for get_sorted_display_list():qsort() */
 static int
-icmp(const void *i1, const void *i2)
+icmp(const void *v1, const void *v2)
 {
-    return *(const unsigned int *)i2 - *(const unsigned int *)i1;
+    // Pointers point to unsigned ints
+    unsigned int i1 = *(unsigned int *)v1;
+    unsigned int i2 = *(unsigned int *)v2;
+    return (i1 < i2) ? -1 : (i1 > i2) ? 1 : 0;
 }

 /******************************************************************************/

When I wrote this function I managed to get 2 errors in 4 lines. It's not quite a personal best, but it isn't far off!

matt335672 commented 2 months ago

BTW - thanks for your excellent problem reporting. It really helped to find this one.

tsz8899 commented 2 months ago

Thank

With Linux enable namespaces,simulated 20 users connecting simultaneously. Everything is working fine.

This enhances the security and flexibility of xrdp in multi-user scenario.

matt335672 commented 2 months ago

Thanks for raising the PR in the first place, and for testing the patch.