[Feature Request] Remote IP

[Ramalama2]

Hi, is it possible somehow, to put the remote IP into User Environment, or any file or somewhere at all?

I need to get the Remote IP somehow/sowhere for the session...
doesnt matter for me from where i get the Remote IP, just need any ideas...

Cheers

[Ramalama2]

Ive got it, testing here,

ive put into
sesman/env.c

under the line: char hostname[256];
this: char client_ip[256];
and
under the line: g_setenv("SHELL", pw_shell, 1);
this new line: g_setenv("R_CLIENT_IP", client_ip, 1);

Testing now and will report back, if anyone wants the same....

[Ramalama2]

Didnt worked...
i get in the environment:

R_CLIENT_IP=/tmp/.X11-unix/X10

dunno what this is, but definitive not the remote ip....

Any Help? :-))

[Ramalama2]

Ive got it working after hours of trying...
I have no clue of c...

I have changed 3 Files:
env.c env.h and session.c

env.c:

LINE 92:
--env_set_user(const char *username, char **passwd_file, int display,
--             const struct list *env_names, const struct list *env_values)
++ env_set_user(const char *username, char **passwd_file, int display,
++             const struct list *env_names, const struct list *env_values,
++             const char *client_ip)

LINE 136:
++            g_setenv("R_CLIENT_IP", client_ip, 1);

env.h:

LINE 53:
--env_set_user(const char *username, char **passwd_file, int display,
--             const struct list *env_names, const struct list *env_values);
++env_set_user(const char *username, char **passwd_file, int display,
++             const struct list *env_names, const struct list *env_values,
++             const char *client_ip);

session.c

LINE 373:
--        env_set_user(username, 0, display,
--                     g_cfg->env_names,
--                     g_cfg->env_values);
++        env_set_user(username, 0, display,
++                     g_cfg->env_names,
++                     g_cfg->env_values,
++                     username);

LINE 573:
--            env_set_user(s->username,
--                         0,
--                         display,
--                         g_cfg->env_names,
--                         g_cfg->env_values);
++            env_set_user(s->username,
++                         0,
++                         display,
++                         g_cfg->env_names,
++                         g_cfg->env_values,
++                         s->client_ip);

LINE 628:
--                    env_set_user(s->username,
--                                 &passwd_file,
--                                 display,
--                                 g_cfg->env_names,
--                                 g_cfg->env_values);
++                    env_set_user(s->username,
++                                 &passwd_file,
++                                 display,
++                                 g_cfg->env_names,
++                                 g_cfg->env_values,
++                                 s->client_ip);

LINE 637:
--                    env_set_user(s->username,
--                                 0,
--                                 display,
--                                 g_cfg->env_names,
--                                 g_cfg->env_values);
++                    env_set_user(s->username,
++                                 0,
++                                 display,
++                                 g_cfg->env_names,
++                                 g_cfg->env_values,
++                                 s->client_ip);

LINE 882:
--        env_set_user(username,
--                     0,
--                     display,
--                     g_cfg->env_names,
--                     g_cfg->env_values);
++        env_set_user(username,
++                     0,
++                     display,
++                     g_cfg->env_names,
++                     g_cfg->env_values,
++                     username);

Sometime i use instead "username" because "s->client_ip" doesnt work there...
However it works now...

If anyone will optimize that, you are welcome :-)
I have no clue of c...

Cheers :-)

[Stricklyspeaking]

You should be able to get the remote IP by reviewing your Router/Firewall logs. You may have to setup a special rule to log the information as connection come in to xrdp port 3389 or what ever port you are using.

You can also see the port loging in by reviewing /var/log/xrdp.log

[danielperna84]

You can also see the port loging in by reviewing /var/log/xrdp.log

This is not true anymore since this has been merged I believe. The log now always shows the IP+port of the server, not the client.

Before the change:

[20151109-14:50:36] [INFO] An established connection closed to endpoint: 127.0.0.1:3350 - socket: 14
[20151109-14:50:36] [INFO] An established connection closed to endpoint: NULL:NULL - socket: 9
[20151109-14:51:59] [INFO] An established connection closed to endpoint: 172.16.47.1:62770 - socket: 10
[20151109-14:51:59] [DEBUG] xrdp_mm_module_cleanup

After the change:

[20191112-15:36:48] [DEBUG] Closed socket 18 (AF_UNIX)
[20191112-15:36:48] [DEBUG] Closed socket 12 (AF_INET6 ::ffff:172.16.47.69 port 3389)
[20191112-15:36:48] [DEBUG] xrdp_mm_module_cleanup
[20191112-15:36:48] [DEBUG] Closed socket 17 (AF_UNIX)

And everything is logged as debug now. For auditing purposes I'd actually prefer seeing this as a warning. Ideally it should be possible to use the log with something like Graylog to gather xrdp-usage metrics.