Restrict outbound clipboard #1298

jaroslaw-osmanski · 2019-02-26T11:53:05Z

This patch adds configuration option to xrdp-chansrv that turns copying from the session to clipboard.

metalefty · 2019-02-27T06:56:16Z

Awesome! Good work!

metalefty · 2019-02-27T07:05:12Z

Existing codes use environment variable to pass config parameter. For example, CHANSRV_LOG_PATH.
Of course environment variable is not the best way but consider using environment variable or let's discuss.

sesman/chansrv/clipboard.c

jaroslaw-osmanski · 2019-03-01T08:55:00Z

Should env be the only way of setting restriction on the clipboard or additional method? In my opinion config is less surprising. @metalefty

metalefty · 2019-03-01T12:12:28Z

One unacceptable point is chansrv is opening and reading sesman's config file sesman.ini. Please don't do that. Then you'll see how clipboard restriction flag should be passed sesman to chansrv.

metalefty · 2019-03-01T12:18:13Z

Adding RestrictOutboundClipboard parameter to sesman.ini is OK. It's not surprising at all. The parameter must be fetched by sesman because it is sesman.ini.

jaroslaw-osmanski · 2019-03-01T12:55:02Z

OK. Sesman gathers info from sesman.ini and then passes information about restriction to chansrv, right?

jaroslaw-osmanski · 2019-03-01T13:08:46Z

chnsrv is already reading sesman.ini here: https://github.com/neutrinolabs/xrdp/blob/devel/sesman/chansrv/chansrv.c#L1639
So it is config.c that shouldn't be used?

… was set

metalefty · 2019-03-02T01:32:50Z

Indeed. That should be fixed but not at this time. I'll change it later.

I'm thinking of this. Similar thing is done as CHANSRV_LOG_LEVEL to set chansrv log level. The difference is setting environment variable directly or via config parameter.

sesman

sesman read if RestrictOutboundClipboard is on/off
sesman sets env var something like RESTRICT_OUTBOUND_CLIPBOARD to something like 1, yes, true
start chansrv with that env var

chansrv

read the env var at startup
if set to 1, restrict outbound clipboard

jaroslaw-osmanski · 2019-03-05T12:14:51Z

@metalefty Can I do something more to improve the code?

metalefty · 2019-03-08T00:53:16Z

@jaroslaw-osmanski Give me some time to test.

sesman/chansrv/clipboard.c

sesman/chansrv/chansrv.c

sesman/config.h

sesman/session.c

sesman/config.c

metalefty · 2019-03-08T01:49:12Z

I commented on some style & format issues but logic looks OK. After some test, I'll merge. I'd appreciate if you fix style & format before I merge.

jaroslaw-osmanski · 2019-03-08T08:17:42Z

@metalefty Fixed style and format

metalefty · 2019-03-20T00:44:31Z

I'm testing this today and will be merged shortly. Sorry for the delay and thank you very much for your work!

metalefty · 2019-03-20T01:37:31Z

Tested. Clipboard text/image/file LGTM.

black1220 · 2020-12-17T02:25:11Z

Can I only pass text copy&paste and limit file transfer ?

Jaroslaw Osmanski and others added 3 commits February 26, 2019 07:40

astyle formatting for sesman config.h and chansrv clipboard

0d8a49a

reapply outboud-resitrcted clipboard

751cd97

Read sesman config in clipboard

46c33dd

metalefty reviewed Feb 27, 2019

View reviewed changes

sesman/chansrv/clipboard.c Show resolved Hide resolved

Log when outbound copy was rejected because RestrictOutboundClipboard…

1b6bfa6

… was set

Use CHANSRV_RESTRICT_OUTBOUND_CLIPBOARD env between sesman -> chansrv

7d7e818