@metalefty - I've been looking at #1684 recently. The design choices made by the systemd team are requiring the PAM auth and session code to be called from the same process, which currently isn't the case - at the moment the auth code is called from the main sesman process and the session code is called from the first fork() process.
That's relatively simple to fix for the SCP V0 code, but a bit messy. The SCP V1 code is harder. This code also has a denial-of-service problem I've just found which I'll send you privately.
I've had a look back through the git logs for SCP V1, and nothing significant has happened to it since 2008, when you made some changes.
My proposal at the moment is to disable the V1 code we're not using and fix the V0 code for #1684. After that, I think a bigger change is required to use separate forked processes to handle all authentication requests as part of an improved V1 API. This will let us implement things like password changes and proper 2FA, but will take a bit longer to implement and be more disruptive.
How does that sound to you?
OK - thanks for the clarification.
I'm happy to stick with the current way of doing things with SCP V2, but I was wondering if you had any thoughts on maybe using a more modern style protocol based on something like JSON. We don't need a lot of performance from the sesman interface. The disadvantage would be more dependencies, but we'd gain (potentially) an interface that's easier to debug and tools could be written in a scripting language which might make the whole project a bit more accessible.
I don't personally have any particular technologies to suggest or recommend in this area. At the moment I'm just interested in what your thoughts are.
Meanwhile I'll get on with a fix for V0 and disabling V1.
but we'd gain (potentially) an interface that's easier to debug and tools could be written in a scripting language which might make the whole project a bit more accessible.
I totally agree with this. I personally don't hesitate to introduce modern style protocol at all. The current sesman is a maze to me.
I absolutely agree about the sesman implementation. It needs a bit of tidying up. I'll put it on the longer-term list of things to look at.
The mixed declaration/statements were introduced in C99, so personally I think that should be OK. I can't think anyone will be running a compiler on our target platforms which doesn't support it.
I'm posting this developer info here in response to a query on the xrdp-questions thread.
Should I put this on the wiki maybe?
As far as I can tell, the current state of affairs with SCP V1 is as follows:-
It will also be obvious to the reader that SCP V1 is pretty code-heavy and hence has a high maintenance overhead. For example, there's no need for the protocol to handle password changes. The protocol should simply be wrapping the PAM dialog and xrdp should be prompting the user as appropriate. This would also allow for proper 2FA to be introduced with barely any changes to our code.
Other badly needed system functions are reconnection and NLA. Both of these will require a dialog between xrdp and sesman. Having a simpler protocol will make it easier to get these implemented.
My current plan is to remove the unused SCP V1 code in the near future (i.e. when we get #1708 merged). This should make the existing libscp a little easier to navigate.
A replacement protocol needs to satisfy the following requirements:-
unlinkto debug. Maybe unlink needs to be retried sometime.