From cda85ddfcc88d6ee1a45ed3a87e4fe197bf4a423 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sun, 21 May 2017 18:48:08 +0000 Subject: [PATCH] #1105: * add "system-proxy-socket" option for contacting the system-wide proxy server * add hidden "request-start" subcommand for testing "start session" requests * don't setsid if we're changing uid git-svn-id: https://xpra.org/svn/Xpra/trunk@15906 3bb7dfac-3a0b-4e04-842a-767bc560f471 --- src/xpra/platform/features.py | 2 ++ src/xpra/platform/win32/features.py | 3 +++ src/xpra/scripts/config.py | 10 +++++---- src/xpra/scripts/main.py | 29 +++++++++++++++++++++++---- src/xpra/server/proxy/proxy_server.py | 2 +- src/xpra/server/vfb_util.py | 3 ++- 6 files changed, 39 insertions(+), 10 deletions(-) diff --git a/src/xpra/platform/features.py b/src/xpra/platform/features.py index 426b2797ed..e12d6e1b49 100644 --- a/src/xpra/platform/features.py +++ b/src/xpra/platform/features.py @@ -17,6 +17,8 @@ INPUT_DEVICES = ["auto"] +SYSTEM_PROXY_SOCKET = "/var/run/xpra/system" + CLIPBOARDS = [] CLIPBOARD_WANT_TARGETS = envbool("XPRA_CLIPBOARD_WANT_TARGETS") CLIPBOARD_GREEDY = envbool("XPRA_CLIPBOARD_GREEDY") diff --git a/src/xpra/platform/win32/features.py b/src/xpra/platform/win32/features.py index a5cb17cc8a..78b665a252 100644 --- a/src/xpra/platform/win32/features.py +++ b/src/xpra/platform/win32/features.py @@ -19,3 +19,6 @@ DEFAULT_PULSEAUDIO_CONFIGURE_COMMANDS = [] PRINT_COMMAND = "" DEFAULT_SSH_COMMAND="plink -ssh -agent" + +#not implemented: +SYSTEM_PROXY_SOCKET = "" diff --git a/src/xpra/scripts/config.py b/src/xpra/scripts/config.py index b3b3aec16e..8ee3e6d2f5 100755 --- a/src/xpra/scripts/config.py +++ b/src/xpra/scripts/config.py @@ -459,6 +459,7 @@ def may_create_user_config(xpra_conf_filename=DEFAULT_XPRA_CONF_FILENAME): "ssh" : str, "systemd-run" : str, "systemd-run-args" : str, + "system-proxy-socket" : str, "xvfb" : str, "socket-dir" : str, "mmap" : str, @@ -652,9 +653,9 @@ def may_create_user_config(xpra_conf_filename=DEFAULT_XPRA_CONF_FILENAME): "exit-with-children", "exit-with-client", "av-sync", "global-menus", "printing", "file-transfer", "download-path", "open-command", "open-files", "start-new-commands", - #"mmap", "mmap-group", "mdns", - #"auth", "vsock-auth", "tcp-auth", "ssl-auth", - #"bind", "bind-vsock", "bind-tcp", "bind-ssl", + "mmap", "mmap-group", "mdns", + "auth", "vsock-auth", "tcp-auth", "ssl-auth", + "bind", "bind-vsock", "bind-tcp", "bind-ssl", "start", "start-child", "start-after-connect", "start-child-after-connect", "start-on-connect", "start-child-on-connect", @@ -711,7 +712,7 @@ def get_defaults(): if GLOBAL_DEFAULTS is not None: return GLOBAL_DEFAULTS from xpra.platform.features import DEFAULT_SSH_COMMAND, OPEN_COMMAND, DEFAULT_PULSEAUDIO_CONFIGURE_COMMANDS, DEFAULT_PULSEAUDIO_COMMAND, \ - DEFAULT_ENV, CAN_DAEMONIZE + DEFAULT_ENV, CAN_DAEMONIZE, SYSTEM_PROXY_SOCKET from xpra.platform.paths import get_download_dir, get_remote_run_xpra_scripts try: from xpra.platform.info import get_username @@ -790,6 +791,7 @@ def addtrailingslash(v): "ssh" : DEFAULT_SSH_COMMAND, "systemd-run" : get_default_systemd_run(), "systemd-run-args" : "", + "system-proxy-socket" : SYSTEM_PROXY_SOCKET, "xvfb" : " ".join(xvfb), "socket-dir" : "", "log-dir" : "auto", diff --git a/src/xpra/scripts/main.py b/src/xpra/scripts/main.py index eb7e9a81ea..71aba3953b 100755 --- a/src/xpra/scripts/main.py +++ b/src/xpra/scripts/main.py @@ -912,6 +912,9 @@ def ignore(defaults): group.add_option("--socket-dir", action="store", dest="socket_dir", default=defaults.socket_dir, help="Directory to place/look for the socket files in. Default: '%s'." % default_socket_dir_str) + group.add_option("--system-proxy-socket", action="store", + dest="system_proxy_socket", default=defaults.system_proxy_socket, + help="The socket path to use to contact the system-wide proxy serevr. Default: '%default'.") group.add_option("-d", "--debug", action="store", dest="debug", default=defaults.debug, metavar="FILTER1,FILTER2,...", help="List of categories to enable debugging for (you can also use \"all\" or \"help\", default: '%default')") @@ -1341,7 +1344,7 @@ def attach_client(): getChildReaper().add_process(proc, "client-attach", cmd, ignore=True, forget=False) add_when_ready(attach_client) return run_server(error_cb, options, mode, script_file, args, current_display) - elif mode in ("attach", "detach", "screenshot", "version", "info", "control", "_monitor", "print", "connect-test"): + elif mode in ("attach", "detach", "screenshot", "version", "info", "control", "_monitor", "print", "connect-test", "request-start"): return run_client(error_cb, options, args, mode) elif mode in ("stop", "exit") and (supports_server or supports_shadow): nox() @@ -2250,6 +2253,20 @@ def handshake_complete(*args): if hasattr(app, "after_handshake"): app.after_handshake(handshake_complete) app.init_ui(opts, extra_args) + if mode=="request-start": + sns = { + "mode" : "start", + } + if len(extra_args)==1: + sns["display"] = extra_args[0] + #override extra args: + extra_args = ["socket:%s" % opts.system_proxy_socket] + for x in START_COMMAND_OPTIONS: + fn = x.replace("-", "_") + v = getattr(opts, fn) + if v: + sns[x] = v + app.hello_extra = {"start-new-session" : sns} try: conn, display_desc = connect() #UGLY warning: connect will parse the display string, @@ -2506,13 +2523,17 @@ def start_server_subprocess(script_file, args, mode, opts, uid=getuid(), gid=get proc.wait() proc = None else: - def preexec(): - setsid() + preexec_fn = None cmd.append("--systemd-run=no") if os.name=="posix" and getuid()==0 and (uid!=0 or gid!=0): + #we need to change uid / gid: cmd.append("--uid=%i" % uid) cmd.append("--gid=%i" % gid) - proc = Popen(cmd, shell=False, close_fds=True, preexec_fn=setsid) + preexec_fn = setsid + #alternative using systemd-run to change uid: + #sdcmd = systemd_run_command(mode, opts.systemd_run_args, False) + ["--uid=%i" % uid, "--gid=%i" % gid] + #cmd = sdcmd + cmd + proc = Popen(cmd, shell=False, close_fds=True, preexec_fn=preexec_fn) socket_path = identify_new_socket(proc, dotxpra, existing_sockets, matching_display, new_server_uuid, display_name, uid) return proc, socket_path diff --git a/src/xpra/server/proxy/proxy_server.py b/src/xpra/server/proxy/proxy_server.py index 254c9870cb..100f248c29 100644 --- a/src/xpra/server/proxy/proxy_server.py +++ b/src/xpra/server/proxy/proxy_server.py @@ -353,7 +353,7 @@ def start_new_session(self, uid, gid, new_session_dict={}): log.warn("Warning: ignoring invalid start override") log.warn(" %s=%s", k, v) continue - log.info("start override: %s=%s", k, v) + log("start override: %s=%s", k, v) if v is not None: fn = k.replace("-", "_") setattr(opts, fn, v) diff --git a/src/xpra/server/vfb_util.py b/src/xpra/server/vfb_util.py index 6f25f437f1..d82b601454 100644 --- a/src/xpra/server/vfb_util.py +++ b/src/xpra/server/vfb_util.py @@ -135,9 +135,10 @@ def preexec(): xvfb_cmd[0] = "%s-for-Xpra-%s" % (xvfb_executable, display_name) xvfb_cmd.append(display_name) def preexec(): - setsid() if getuid()==0 and (uid!=0 or gid!=0): setuidgid(uid, gid) + else: + setsid() xvfb = subprocess.Popen(xvfb_cmd, executable=xvfb_executable, close_fds=True, stdin=subprocess.PIPE, preexec_fn=preexec) xauth_data = xauth_add(display_name)