pool/xrdp
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 862119 from X11:RemoteDesktop

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/862119
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xrdp?expand=0&rev=40
This commit is contained in:
Dominique Leuenberger 2021-01-11 16:13:11 +00:00 committed by Git OBS Bridge
commit 5ed16e9695
13 changed files with 492 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
sesman.ini Normal file
View File

@ -0,0 +1,113 @@
;; See `man 5 sesman.ini` for details
[Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=true
; Give in relative path to user's home directory
UserWindowManager=startwm.sh
; Give in full path or relative path to /etc/xrdp
DefaultWindowManager=startwm.sh
; Give in full path or relative path to /etc/xrdp
ReconnectScript=reconnectwm.sh
[Security]
AllowRootLogin=true
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins
; When AlwaysGroupCheck=false access will be permitted
; if the group TerminalServerUsers is not defined.
AlwaysGroupCheck=false
; When RestrictOutboundClipboard=true clipboard from the
; server is not pushed to the client.
RestrictOutboundClipboard=false
[Sessions]
;; X11DisplayOffset - x11 display number offset
; Type: integer
; Default: 10
X11DisplayOffset=200
;; MaxSessions - maximum number of connections to an xrdp server
; Type: integer
; Default: 0
MaxSessions=50
;; KillDisconnected - kill disconnected sessions
; Type: boolean
; Default: false
; if 1, true, or yes, kill session after 60 seconds
KillDisconnected=false
;; DisconnectedTimeLimit - when to kill idle sessions
; Type: integer
; Default: 0
; if not zero, the seconds before a disconnected session is killed
; min 60 seconds
DisconnectedTimeLimit=0
;; IdleTimeLimit (specify in second) - wait before disconnect idle sessions
; Type: integer
; Default: 0
; Set to 0 to disable idle disconnection.
IdleTimeLimit=0
;; Policy - session allocation policy
; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ]
; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize>
; "UBD" session per <User,BitPerPixel,DisplaySize>
; "UBI" session per <User,BitPerPixel,IPAddr>
; "UBC" session per <User,BitPerPixel,Connection>
; "UBDI" session per <User,BitPerPixel,DisplaySize,IPAddr>
; "UBDC" session per <User,BitPerPixel,DisplaySize,Connection>
Policy=Default
[Logging]
LogFile=xrdp-sesman.log
LogLevel=ERROR
EnableSyslog=0
SyslogLevel=ERROR
;
; Session definitions - startup command-line parameters for each session type
;
[Xorg]
; Specify the path of non-suid Xorg executable. It might differ depending
; on your distribution and version. The typical path is shown as follows:
;
; Fedora 26 or later : param=/usr/libexec/Xorg
; Debian 9 or later : param=/usr/lib/xorg/Xorg
; Ubuntu 16.04 or later : param=/usr/lib/xorg/Xorg
; Arch Linux : param=/usr/lib/xorg-server/Xorg
; CentOS 7 : param=/usr/bin/Xorg or param=Xorg
;
param=Xorg
; Leave the rest paramaters as-is unless you understand what will happen.
param=-config
param=xrdp/xorg.conf
param=-noreset
param=-nolisten
param=tcp
param=-logfile
param=.xorgxrdp.%s.log
[Xvnc]
param=Xvnc
param=-bs
param=-nolisten
param=tcp
param=-localhost
param=-dpi
param=96
[Chansrv]
; drive redirection, defaults to xrdp_client if not set
FuseMountName=thinclient_drives
; this value allows only the user to acess their own mapped drives.
; Make this more permissive (e.g. 022) if required.
FileUmask=077
[SessionVariables]
PULSE_SCRIPT=/etc/xrdp/pulse/default.pa

3
xrdp-0.9.14.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e3a9d27da7881dbfb7fd22b33c11dd7390d42ca8ff94541e88f552b8dce1b5d2
size 1885201

16
xrdp-0.9.14.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEGKuDipBxZ3RZFIcZA5k7QGXnGTsFAl9Mmh0ACgkQA5k7QGXn
GTuY+g/7Bx+1EW2wqMOwN8dgwtxWu87ixET4MDJ8JKT99uS/ERGVAZHDaAIBsaTA
4xGlx92zRXR1JNH6IwOIZy/l4YuYfuO6LVZBRab1dfz6YU7pU4OG1vqM98YMz4TR
Oca3VzgiIi/XuklJu42+d6S4C7k5IiquWK7JcjW+zd+Yn4e5iUnecDdswbuPeA+W
8/Gdfbytunh2PTKPy3egDluYBSYT+68Vla6YEo8GRdT4W7SAMwZqY6Sv1+iItTcU
dPGqrTVUyC5PXXJ8rOklZZtbQ3hTYg8ajrJhXawGJWuef12msjaZgODYM9HqYGlz
cXibCQEWhQj/hwyLDXHBmCFNmzWD0f5IEwXPJGNfpp3XrXjO43vC+pONZsxJQm/C
DLbA0wticzO22oRPaUAf1hmIWRAdj5htxpJO/oOncKAOlBPq7r3IIvwXpgpKLwe8
Hm1uTYom6oeVh6D/Vkb7LIacdzXoEisG03NkHgnIgBlAZOfv4aV+mTUC/H7RKQfJ
11OUaMa2xLhwNQLXqKFkOTAwL2KurPQtjNEXY3ETRJc5BOV+i4HsS3QKppjJ6LaW
i52+kQIxA3Rsn6TP1cfac3JYTUFHMc8I5bOdxi7zFDDhXCvhy9bFL4nuiva5Wxk9
a+8CTpzf9lejBdWZzB5X4Jfv2nEXX5uwGcbC05FV93Njn7oSfqw=
=519h
-----END PGP SIGNATURE-----

3
xrdp-0.9.15.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ad0381e45fe5236c34ff750850df9545c5bef45fc3b3c9386217cb65a6f9b541
size 1902890

16
xrdp-0.9.15.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEGKuDipBxZ3RZFIcZA5k7QGXnGTsFAl/p5sgACgkQA5k7QGXn
GTsqJxAAgIRtif005RncuXLOjFxPP/zdVYMW2/LlssmwRpmHEWBsBLk28ArmacyC
gJ+KKtsJKYQjnWewp7x/YTvN0/RbY/qTGG2NDcQoxHDEPP6NgrGa6X80FO0X/Hp/
CQWWe91Xr6pfHFYlttWvNhbfwrSlStCE+C3x6s8Vk0l8BkHzAM5kYS712SUQQr60
w0BZhBRfri0sfaI2h009ZhNd8Ezr0VbxaZYBvH9hPB9E/Vn56Vonn2qukh+nCVXG
fO7s1bmYAuw7CpUcVCyLGlfNI87/KtkGBqf6WgkU60c0FIqQdpXM071R/sv2Ju4w
5wwYr+tpqjxN7ZJN97r0iv8cSHgPficjC6DXxA6e3OaSsYAlhNWMrWo4+v/t/tas
6JMuQvRfSay6Zmk47HHhmo4Lcn+wrME/vK5Y8OFHGgmrMP/sRjSLLVvwF1/gl2GT
AqFiTmLCcdWNvHEZs9HRXpVz5ByqMjg5E+wFPEAMKF1DqHQl2VPXWIqx69tv6xB3
SjXxE7vWbZVytbnX1kCZMJvwrGG1y+kzsASpvoYfEPOwShO/K08F4qEUTrt0bqLD
856HAeIWNaXLtLSA+WgyOLK7knQKHhfjIWz5Z/j38P3VuGSGIxUiQi0A2G63YwaY
BqeWr3TygrxCnm5b5JNoLiNY+0rD8Ig8FGkrnp6Dno7KgkdNSPU=
=EIEA
-----END PGP SIGNATURE-----

36
xrdp-avahi.diff
View File

@ -1,7 +1,7 @@
Index: b/configure.ac
Index: xrdp-0.9.15/configure.ac
===================================================================
--- a/configure.ac 2020-03-11 15:31:17.466041360 +0800
+++ b/configure.ac 2020-03-11 15:31:17.466041360 +0800
--- xrdp-0.9.15.orig/configure.ac
+++ xrdp-0.9.15/configure.ac
@@ -9,6 +9,7 @@ AC_PROG_CC
AC_C_CONST
AC_PROG_LIBTOOL
@ -10,10 +10,10 @@ Index: b/configure.ac
PKG_PROG_PKG_CONFIG
if test "x$PKG_CONFIG" = "x"; then
AC_MSG_ERROR([please install pkg-config])
Index: b/xrdp/Makefile.am
Index: xrdp-0.9.15/xrdp/Makefile.am
===================================================================
--- a/xrdp/Makefile.am 2020-03-11 15:31:17.466041360 +0800
+++ b/xrdp/Makefile.am 2020-03-11 15:31:17.466041360 +0800
--- xrdp-0.9.15.orig/xrdp/Makefile.am
+++ xrdp-0.9.15/xrdp/Makefile.am
@@ -12,7 +12,9 @@ AM_CPPFLAGS = \
-DXRDP_SOCKET_PATH=\"${socketdir}\" \
-I$(top_builddir) \
@ -43,11 +43,11 @@ Index: b/xrdp/Makefile.am
xrdpsysconfdir=$(sysconfdir)/xrdp
Index: b/xrdp/xrdp.h
Index: xrdp-0.9.15/xrdp/xrdp.h
===================================================================
--- a/xrdp/xrdp.h 2020-03-11 15:31:17.466041360 +0800
+++ b/xrdp/xrdp.h 2020-03-11 15:31:17.466041360 +0800
@@ -527,3 +527,10 @@ server_add_char_alpha(struct xrdp_mod* m
--- xrdp-0.9.15.orig/xrdp/xrdp.h
+++ xrdp-0.9.15/xrdp/xrdp.h
@@ -523,3 +523,10 @@ server_add_char_alpha(struct xrdp_mod* m
int
server_session_info(struct xrdp_mod *mod, const char *data, int data_bytes);
@ -58,11 +58,11 @@ Index: b/xrdp/xrdp.h
+xrdp_avahi_fini(void);
+void
+xrdp_avahi_get_port(char *port);
Index: b/xrdp/xrdp_avahi.c
Index: xrdp-0.9.15/xrdp/xrdp_avahi.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ b/xrdp/xrdp_avahi.c 2020-03-11 15:46:17.611966870 +0800
@@ -0,0 +1,176 @@
--- /dev/null
+++ xrdp-0.9.15/xrdp/xrdp_avahi.c
@@ -0,0 +1,178 @@
+/*
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
@ -91,6 +91,8 @@ Index: b/xrdp/xrdp_avahi.c
+#include <avahi-client/client.h>
+#include <avahi-client/publish.h>
+#include <avahi-common/thread-watch.h>
+
+#include <common/string_calls.h>
+#include <xrdp.h>
+
+static AvahiClient *client = NULL;
@ -239,10 +241,10 @@ Index: b/xrdp/xrdp_avahi.c
+ if (fd != -1)
+ g_file_close(fd);
+}
Index: b/common/arch.h
Index: xrdp-0.9.15/common/arch.h
===================================================================
--- a/common/arch.h 2020-03-11 15:31:17.466041360 +0800
+++ b/common/arch.h 2020-03-11 15:31:17.466041360 +0800
--- xrdp-0.9.15.orig/common/arch.h
+++ xrdp-0.9.15/common/arch.h
@@ -20,28 +20,7 @@
#define ARCH_H

13
xrdp-buildfix.patch
View File

@ -1,13 +0,0 @@
Index: b/genkeymap/genkeymap.c
===================================================================
--- a/genkeymap/genkeymap.c 2020-08-26 10:32:21.000000000 +0800
+++ b/genkeymap/genkeymap.c 2020-09-14 13:38:46.498825240 +0800
@@ -44,7 +44,7 @@
#include <X11/XKBlib.h>
#include <locale.h>
-extern int xfree86_to_evdev[137-8];
+extern int xfree86_to_evdev[137-8+1];
int main(int argc, char **argv)
{

52
xrdp-default-config.patch
View File

@ -1,52 +0,0 @@
Index: b/sesman/sesman.ini
===================================================================
--- a/sesman/sesman.ini 2020-09-14 13:14:33.645606549 +0800
+++ b/sesman/sesman.ini 2020-09-14 13:14:43.105484131 +0800
@@ -27,7 +27,7 @@ RestrictOutboundClipboard=false
;; X11DisplayOffset - x11 display number offset
; Type: integer
; Default: 10
-X11DisplayOffset=10
+X11DisplayOffset=200
;; MaxSessions - maximum number of connections to an xrdp server
; Type: integer
@@ -65,9 +65,9 @@ Policy=Default
[Logging]
LogFile=xrdp-sesman.log
-LogLevel=DEBUG
-EnableSyslog=1
-SyslogLevel=DEBUG
+LogLevel=ERROR
+EnableSyslog=0
+SyslogLevel=ERROR
;
; Session definitions - startup command-line parameters for each session type
Index: b/xrdp/xrdp.ini
===================================================================
--- a/xrdp/xrdp.ini 2020-09-14 13:14:33.645606549 +0800
+++ b/xrdp/xrdp.ini 2020-09-14 13:14:43.105484131 +0800
@@ -101,7 +101,7 @@ grey=dedede
#ls_title=My Login Title
; top level window background color in RGB format
-ls_top_window_bg_color=009cb5
+ls_top_window_bg_color=000000
; width and height of login screen
ls_width=350
@@ -144,9 +144,9 @@ ls_btn_cancel_height=30
[Logging]
LogFile=xrdp.log
-LogLevel=DEBUG
-EnableSyslog=true
-SyslogLevel=DEBUG
+LogLevel=ERROR
+EnableSyslog=false
+SyslogLevel=ERROR
; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
[Channels]

144
xrdp-fate318398-change-expired-password.patch
View File

@ -1,7 +1,7 @@
Index: xrdp-0.9.14/sesman/auth.h
Index: xrdp-0.9.15/sesman/auth.h
===================================================================
--- xrdp-0.9.14.orig/sesman/auth.h
+++ xrdp-0.9.14/sesman/auth.h
--- xrdp-0.9.15.orig/sesman/auth.h
+++ xrdp-0.9.15/sesman/auth.h
@@ -106,4 +106,6 @@ auth_check_pwd_chg(const char *user);
int
auth_change_pwd(const char *user, const char *newpwd);
@ -9,11 +9,11 @@ Index: xrdp-0.9.14/sesman/auth.h
+int
+auth_change_pwd_pam(char* user, char* pass, char* newpwd);
#endif
Index: xrdp-0.9.14/sesman/libscp/libscp_session.c
Index: xrdp-0.9.15/sesman/libscp/libscp_session.c
===================================================================
--- xrdp-0.9.14.orig/sesman/libscp/libscp_session.c
+++ xrdp-0.9.14/sesman/libscp/libscp_session.c
@@ -75,6 +75,10 @@ scp_session_set_type(struct SCP_SESSION
--- xrdp-0.9.15.orig/sesman/libscp/libscp_session.c
+++ xrdp-0.9.15/sesman/libscp/libscp_session.c
@@ -76,6 +76,10 @@ scp_session_set_type(struct SCP_SESSION
s->type = SCP_GW_AUTHENTICATION;
break;
@ -24,7 +24,7 @@ Index: xrdp-0.9.14/sesman/libscp/libscp_session.c
case SCP_SESSION_TYPE_MANAGE:
s->type = SCP_SESSION_TYPE_MANAGE;
s->mng = (struct SCP_MNG_DATA *)g_malloc(sizeof(struct SCP_MNG_DATA), 1);
@@ -231,6 +235,32 @@ scp_session_set_password(struct SCP_SESS
@@ -232,6 +236,32 @@ scp_session_set_password(struct SCP_SESS
return 1;
}
@ -57,10 +57,10 @@ Index: xrdp-0.9.14/sesman/libscp/libscp_session.c
return 0;
}
Index: xrdp-0.9.14/sesman/libscp/libscp_types.h
Index: xrdp-0.9.15/sesman/libscp/libscp_types.h
===================================================================
--- xrdp-0.9.14.orig/sesman/libscp/libscp_types.h
+++ xrdp-0.9.14/sesman/libscp/libscp_types.h
--- xrdp-0.9.15.orig/sesman/libscp/libscp_types.h
+++ xrdp-0.9.15/sesman/libscp/libscp_types.h
@@ -47,6 +47,7 @@
* XRDP sends this command to let sesman verify if the user is allowed
* to use the gateway */
@ -77,11 +77,11 @@ Index: xrdp-0.9.14/sesman/libscp/libscp_types.h
char* hostname;
tui8 addr_type;
tui32 ipv4addr;
Index: xrdp-0.9.14/sesman/libscp/libscp_v0.c
Index: xrdp-0.9.15/sesman/libscp/libscp_v0.c
===================================================================
--- xrdp-0.9.14.orig/sesman/libscp/libscp_v0.c
+++ xrdp-0.9.14/sesman/libscp/libscp_v0.c
@@ -383,9 +383,9 @@ scp_v0s_init_session(struct SCP_CONNECTI
--- xrdp-0.9.15.orig/sesman/libscp/libscp_v0.c
+++ xrdp-0.9.15/sesman/libscp/libscp_v0.c
@@ -367,9 +367,9 @@ scp_v0s_init_session(struct SCP_CONNECTI
}
}
}
@ -91,16 +91,16 @@ Index: xrdp-0.9.14/sesman/libscp/libscp_v0.c
- scp_session_set_type(session, SCP_GW_AUTHENTICATION);
+ scp_session_set_type(session, code);
/* reading username */
if (!in_string16(c->in_s, buf, "username", __LINE__))
if (!in_string16(c->in_s, buf, "username"))
{
@@ -399,6 +399,23 @@ scp_v0s_init_session(struct SCP_CONNECTI
@@ -383,6 +383,23 @@ scp_v0s_init_session(struct SCP_CONNECTI
return SCP_SERVER_STATE_INTERNAL_ERR;
}
+ if (code == SCP_GW_CHAUTHTOK)
+ {
+ /* reading new password */
+ if (!in_string16(c->in_s, buf, "passwd", __LINE__))
+ if (!in_string16(c->in_s, buf, "passwd"))
+ {
+ return SCP_SERVER_STATE_SIZE_ERR;
+ }
@ -115,9 +115,9 @@ Index: xrdp-0.9.14/sesman/libscp/libscp_v0.c
+ }
+
/* reading password */
if (!in_string16(c->in_s, buf, "passwd", __LINE__))
if (!in_string16(c->in_s, buf, "passwd"))
{
@@ -530,12 +547,13 @@ scp_v0s_deny_connection(struct SCP_CONNE
@@ -512,12 +529,13 @@ scp_v0s_deny_connection(struct SCP_CONNE
/******************************************************************************/
enum SCP_SERVER_STATES_E
@ -133,10 +133,10 @@ Index: xrdp-0.9.14/sesman/libscp/libscp_v0.c
out_uint16_be(c->out_s, value); /* reply code */
out_uint16_be(c->out_s, 0); /* dummy data */
s_mark_end(c->out_s);
Index: xrdp-0.9.14/sesman/libscp/libscp_v0.h
Index: xrdp-0.9.15/sesman/libscp/libscp_v0.h
===================================================================
--- xrdp-0.9.14.orig/sesman/libscp/libscp_v0.h
+++ xrdp-0.9.14/sesman/libscp/libscp_v0.h
--- xrdp-0.9.15.orig/sesman/libscp/libscp_v0.h
+++ xrdp-0.9.15/sesman/libscp/libscp_v0.h
@@ -79,6 +79,6 @@ scp_v0s_deny_connection(struct SCP_CONNE
* @return
*/
@ -145,10 +145,10 @@ Index: xrdp-0.9.14/sesman/libscp/libscp_v0.h
+scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value, tui8 type);
#endif
Index: xrdp-0.9.14/sesman/scp_v0.c
Index: xrdp-0.9.15/sesman/scp_v0.c
===================================================================
--- xrdp-0.9.14.orig/sesman/scp_v0.c
+++ xrdp-0.9.14/sesman/scp_v0.c
--- xrdp-0.9.15.orig/sesman/scp_v0.c
+++ xrdp-0.9.15/sesman/scp_v0.c
@@ -42,6 +42,13 @@ scp_v0_process(struct SCP_CONNECTION *c,
int errorcode = 0;
bool_t do_auth_end = 1;
@ -169,7 +169,7 @@ Index: xrdp-0.9.14/sesman/scp_v0.c
/* the user is member of the correct groups. */
- scp_v0s_replyauthentication(c, errorcode);
+ scp_v0s_replyauthentication(c, errorcode, SCP_GW_AUTHENTICATION);
log_message(LOG_LEVEL_INFO, "Access permitted for user: %s",
LOG(LOG_LEVEL_INFO, "Access permitted for user: %s",
s->username);
/* g_writeln("Connection allowed"); */
}
@ -177,23 +177,23 @@ Index: xrdp-0.9.14/sesman/scp_v0.c
{
- scp_v0s_replyauthentication(c, 32 + 3); /* all first 32 are reserved for PAM errors */
+ scp_v0s_replyauthentication(c, 32 + 3, SCP_GW_AUTHENTICATION); /* all first 32 are reserved for PAM errors */
log_message(LOG_LEVEL_INFO, "Username okey but group problem for "
LOG(LOG_LEVEL_INFO, "Username okey but group problem for "
"user: %s", s->username);
/* g_writeln("user password ok, but group problem"); */
@@ -71,7 +78,7 @@ scp_v0_process(struct SCP_CONNECTION *c,
/* g_writeln("username or password error"); */
log_message(LOG_LEVEL_INFO, "Username or password error for user: %s",
LOG(LOG_LEVEL_INFO, "Username or password error for user: %s",
s->username);
- scp_v0s_replyauthentication(c, errorcode);
+ scp_v0s_replyauthentication(c, errorcode, SCP_GW_AUTHENTICATION);
}
}
else if (data)
Index: xrdp-0.9.14/sesman/verify_user_pam.c
Index: xrdp-0.9.15/sesman/verify_user_pam.c
===================================================================
--- xrdp-0.9.14.orig/sesman/verify_user_pam.c
+++ xrdp-0.9.14/sesman/verify_user_pam.c
@@ -41,6 +41,7 @@ struct t_user_pass
--- xrdp-0.9.15.orig/sesman/verify_user_pam.c
+++ xrdp-0.9.15/sesman/verify_user_pam.c
@@ -42,6 +42,7 @@ struct t_user_pass
{
char user[MAX_BUF];
char pass[MAX_BUF];
@ -201,7 +201,7 @@ Index: xrdp-0.9.14/sesman/verify_user_pam.c
};
struct t_auth_info
@@ -89,6 +90,55 @@ verify_pam_conv(int num_msg, const struc
@@ -93,6 +94,55 @@ verify_pam_conv(int num_msg, const struc
}
/******************************************************************************/
@ -257,7 +257,7 @@ Index: xrdp-0.9.14/sesman/verify_user_pam.c
static void
get_service_name(char *service_name)
{
@@ -106,6 +156,52 @@ get_service_name(char *service_name)
@@ -110,6 +160,52 @@ get_service_name(char *service_name)
}
/******************************************************************************/
@ -310,11 +310,11 @@ Index: xrdp-0.9.14/sesman/verify_user_pam.c
/* returns long, zero is no go
Stores the detailed error code in the errorcode variable*/
Index: xrdp-0.9.14/xrdp/xrdp_login_wnd.c
Index: xrdp-0.9.15/xrdp/xrdp_login_wnd.c
===================================================================
--- xrdp-0.9.14.orig/xrdp/xrdp_login_wnd.c
+++ xrdp-0.9.14/xrdp/xrdp_login_wnd.c
@@ -187,7 +187,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitma
--- xrdp-0.9.15.orig/xrdp/xrdp_login_wnd.c
+++ xrdp-0.9.15/xrdp/xrdp_login_wnd.c
@@ -188,7 +188,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitma
{
if (wnd->wm != 0)
{
@ -330,7 +330,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_login_wnd.c
{
g_set_wait_obj(wnd->wm->pro_layer->self_term_event);
}
@@ -245,7 +252,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *w
@@ -246,7 +253,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *w
}
else
{
@ -361,7 +361,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_login_wnd.c
}
return 0;
@@ -545,6 +574,32 @@ xrdp_wm_login_notify(struct xrdp_bitmap
@@ -546,6 +575,32 @@ xrdp_wm_login_notify(struct xrdp_bitmap
return 0;
}
@ -394,7 +394,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_login_wnd.c
/******************************************************************************/
static int
xrdp_wm_login_fill_in_combo(struct xrdp_wm *self, struct xrdp_bitmap *b)
@@ -825,6 +880,103 @@ xrdp_login_wnd_create(struct xrdp_wm *se
@@ -827,6 +882,103 @@ xrdp_login_wnd_create(struct xrdp_wm *se
return 0;
}
@ -498,11 +498,11 @@ Index: xrdp-0.9.14/xrdp/xrdp_login_wnd.c
/**
* Load configuration from xrdp.ini file
Index: xrdp-0.9.14/xrdp/xrdp_mm.c
Index: xrdp-0.9.15/xrdp/xrdp_mm.c
===================================================================
--- xrdp-0.9.14.orig/xrdp/xrdp_mm.c
+++ xrdp-0.9.14/xrdp/xrdp_mm.c
@@ -1781,7 +1781,7 @@ xrdp_mm_sesman_data_in(struct trans *tra
--- xrdp-0.9.15.orig/xrdp/xrdp_mm.c
+++ xrdp-0.9.15/xrdp/xrdp_mm.c
@@ -1787,7 +1787,7 @@ xrdp_mm_sesman_data_in(struct trans *tra
/*********************************************************************/
/* return 0 on success */
static int
@ -511,7 +511,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
{
int reply;
int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */
@@ -1809,7 +1809,8 @@ access_control(char *username, char *pas
@@ -1815,7 +1815,8 @@ access_control(char *username, char *pas
make_stream(out_s);
init_stream(out_s, 500);
s_push_layer(out_s, channel_hdr, 8);
@ -521,7 +521,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
index = g_strlen(username);
out_uint16_be(out_s, index);
out_uint8a(out_s, username, index);
@@ -1817,6 +1818,14 @@ access_control(char *username, char *pas
@@ -1823,6 +1824,14 @@ access_control(char *username, char *pas
index = g_strlen(password);
out_uint16_be(out_s, index);
out_uint8a(out_s, password, index);
@ -536,7 +536,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
s_mark_end(out_s);
s_pop_layer(out_s, channel_hdr);
out_uint32_be(out_s, 0); /* version */
@@ -1846,15 +1855,19 @@ access_control(char *username, char *pas
@@ -1852,15 +1861,19 @@ access_control(char *username, char *pas
in_uint16_be(in_s, pAM_errorcode); /* this variable holds the PAM error code if the variable is >32 it is a "invented" code */
in_uint16_be(in_s, dummy);
@ -560,7 +560,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
}
else
{
@@ -2172,7 +2185,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
@@ -2178,7 +2191,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
char port[8];
char chansrvport[256];
#ifndef USE_NOPAM
@ -569,7 +569,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
char pam_auth_sessionIP[256];
char pam_auth_password[256];
char pam_auth_username[256];
@@ -2212,7 +2225,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
@@ -2218,7 +2231,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
#ifndef USE_NOPAM
else if (g_strcasecmp(name, "pamusername") == 0)
{
@ -578,7 +578,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
g_strncpy(pam_auth_username, value, 255);
}
else if (g_strcasecmp(name, "pamsessionmng") == 0)
@@ -2240,45 +2253,55 @@ xrdp_mm_connect(struct xrdp_mm *self)
@@ -2246,45 +2259,55 @@ xrdp_mm_connect(struct xrdp_mm *self)
}
#ifndef USE_NOPAM
@ -665,7 +665,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
}
#endif
@@ -2374,6 +2397,59 @@ xrdp_mm_connect(struct xrdp_mm *self)
@@ -2380,6 +2403,59 @@ xrdp_mm_connect(struct xrdp_mm *self)
return rv;
}
@ -725,11 +725,11 @@ Index: xrdp-0.9.14/xrdp/xrdp_mm.c
/*****************************************************************************/
int
xrdp_mm_get_wait_objs(struct xrdp_mm *self,
Index: xrdp-0.9.14/xrdp/xrdp_types.h
Index: xrdp-0.9.15/xrdp/xrdp_types.h
===================================================================
--- xrdp-0.9.14.orig/xrdp/xrdp_types.h
+++ xrdp-0.9.14/xrdp/xrdp_types.h
@@ -329,6 +329,7 @@ struct xrdp_wm
--- xrdp-0.9.15.orig/xrdp/xrdp_types.h
+++ xrdp-0.9.15/xrdp/xrdp_types.h
@@ -332,6 +332,7 @@ struct xrdp_wm
struct xrdp_cache* cache;
int palette[256];
struct xrdp_bitmap* login_window;
@ -737,11 +737,11 @@ Index: xrdp-0.9.14/xrdp/xrdp_types.h
/* generic colors */
int black;
int grey;
Index: xrdp-0.9.14/xrdp/xrdp_wm.c
Index: xrdp-0.9.15/xrdp/xrdp_wm.c
===================================================================
--- xrdp-0.9.14.orig/xrdp/xrdp_wm.c
+++ xrdp-0.9.14/xrdp/xrdp_wm.c
@@ -1996,6 +1996,34 @@ xrdp_wm_login_mode_changed(struct xrdp_w
--- xrdp-0.9.15.orig/xrdp/xrdp_wm.c
+++ xrdp-0.9.15/xrdp/xrdp_wm.c
@@ -1997,6 +1997,34 @@ xrdp_wm_login_mode_changed(struct xrdp_w
self->dragging = 0;
xrdp_wm_set_login_mode(self, 11);
}
@ -776,7 +776,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_wm.c
return 0;
}
@@ -2040,11 +2068,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitma
@@ -2041,11 +2069,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitma
xrdp_bitmap_invalidate(wm->screen, &rect);
/* if module is gone, reset the session when ok is clicked */
@ -797,7 +797,7 @@ Index: xrdp-0.9.14/xrdp/xrdp_wm.c
}
}
}
@@ -2106,6 +2142,9 @@ xrdp_wm_show_log(struct xrdp_wm *self)
@@ -2107,6 +2143,9 @@ xrdp_wm_show_log(struct xrdp_wm *self)
return 0;
}
@ -807,20 +807,20 @@ Index: xrdp-0.9.14/xrdp/xrdp_wm.c
if (self->log_wnd == 0)
{
w = DEFAULT_WND_LOG_W;
Index: xrdp-0.9.14/xrdp/xrdp.h
Index: xrdp-0.9.15/xrdp/xrdp.h
===================================================================
--- xrdp-0.9.14.orig/xrdp/xrdp.h
+++ xrdp-0.9.14/xrdp/xrdp.h
@@ -360,6 +360,8 @@ int
--- xrdp-0.9.15.orig/xrdp/xrdp.h
+++ xrdp-0.9.15/xrdp/xrdp.h
@@ -358,6 +358,8 @@ int
xrdp_login_wnd_create(struct xrdp_wm* self);
int
load_xrdp_config(struct xrdp_config *config, int bpp);
load_xrdp_config(struct xrdp_config *config, const char *xrdp_ini, int bpp);
+int
+xrdp_newpass_wnd_create(struct xrdp_wm *self);
/* xrdp_bitmap_compress.c */
int
@@ -394,6 +396,8 @@ xrdp_mm_check_wait_objs(struct xrdp_mm*
@@ -392,6 +394,8 @@ xrdp_mm_check_wait_objs(struct xrdp_mm*
int
xrdp_mm_frame_ack(struct xrdp_mm *self, int frame_id);
int
@ -829,10 +829,10 @@ Index: xrdp-0.9.14/xrdp/xrdp.h
server_begin_update(struct xrdp_mod* mod);
int
server_end_update(struct xrdp_mod* mod);
Index: xrdp-0.9.14/sesman/libscp/libscp_session.h
Index: xrdp-0.9.15/sesman/libscp/libscp_session.h
===================================================================
--- xrdp-0.9.14.orig/sesman/libscp/libscp_session.h
+++ xrdp-0.9.14/sesman/libscp/libscp_session.h
--- xrdp-0.9.15.orig/sesman/libscp/libscp_session.h
+++ xrdp-0.9.15/sesman/libscp/libscp_session.h
@@ -94,6 +94,9 @@ scp_session_set_errstr(struct SCP_SESSIO
int
scp_session_set_guid(struct SCP_SESSION *s, const tui8 *guid);

14
xrdp-usr-etc-support.patch
View File

@ -1,14 +0,0 @@
Index: xrdp-0.9.14/sesman/startwm.sh
===================================================================
--- xrdp-0.9.14.orig/sesman/startwm.sh
+++ xrdp-0.9.14/sesman/startwm.sh
@@ -85,6 +85,9 @@ wm_start()
# do not execute the pseudo login shell scripts
. /etc/X11/xdm/Xsession
exit 0
+ elif [ -r /usr/etc/X11/xdm/Xsession ]; then
+ . /usr/etc/X11/xdm/Xsession
+ exit 0
fi
pre_start

34
xrdp.changes
View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Wed Jan 6 07:06:23 UTC 2021 - Felix Zhang <fzhang.foss@gmail.com>
- Update to version 0.9.15
+ New features
- Allow token sign in without autologon for SSO (#1667 #1668)
- Norwegian keyboard support (#1675)
- Improved config support for chansrv (#1635)
- Unified chansrv, sesman and libxrdp logging (#1633 #1708
#1738)
- Support SUSE move to /usr/etc (#1702)
- Parameters may now be specified for user-specified shell
(#1270 #1695)
- xrdp executables now allow alternative config files to be
specified with -c (#1588 #1650 #1651)
- sesrun improvements (#1741)
- Drive redirection location can now be specified (#1048)
+ Bug fixes
- Additional buffer overflow checks (#1662)
- genkeymap array size conflict fixed (#1691)
- Buffering issue with neutrinordp over a slow link fixed
(#1608 1634)
- Prevent PAM info message from causing authentication failure
(#1727)
- Try harder to clean up socket files on session exit (#1740
#1756)
- xrdp-chansrv become defunct in docker while file copy (#1658)
- Drop xrdp-buildfix.patch: fixed upstream
- Drop xrdp-default-config.patch. Add patched sources xrdp.ini and
sesman.ini to avoid frequent rebases
- Drop xrdp-usr-etc-support.patch: fixed upstream
- Rebase xrdp-avahi.diff
- Rebase xrdp-fate318398-change-expired-password.patch
-------------------------------------------------------------------
Mon Oct 19 02:32:24 UTC 2020 - Yifan Jiang <yfjiang@suse.com>

226
xrdp.ini Normal file
View File

@ -0,0 +1,226 @@
[Globals]
; xrdp.ini file version number
ini_version=1
; fork a new process for each incoming connection
fork=true
; ports to listen on, number alone means listen on all interfaces
; 0.0.0.0 or :: if ipv6 is configured
; space between multiple occurrences
;
; Examples:
; port=3389
; port=unix://./tmp/xrdp.socket
; port=tcp://.:3389 127.0.0.1:3389
; port=tcp://:3389 *:3389
; port=tcp://<any ipv4 format addr>:3389 192.168.1.1:3389
; port=tcp6://.:3389 ::1:3389
; port=tcp6://:3389 *:3389
; port=tcp6://{<any ipv6 format addr>}:3389 {FC00:0:0:0:0:0:0:1}:3389
; port=vsock://<cid>:<port>
port=3389
; 'port' above should be connected to with vsock instead of tcp
; use this only with number alone in port above
; prefer use vsock://<cid>:<port> above
use_vsock=false
; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true
; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true
; set tcp send/recv buffer (for experts)
#tcp_send_buffer_bytes=32768
#tcp_recv_buffer_bytes=32768
; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate
; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high
; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
certificate=
key_file=
; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
; set TLS cipher suites
#tls_ciphers=HIGH
; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=
allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
#hidelogwindow=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
#require_credentials=true
; You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url
;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
#black=000000
#dark_grey=808080
#blue=08246b
#dark_blue=08246b
#white=ffffff
#red=ff0000
#green=00ff00
#background=626c72
;
; configure login screen
;
; Login Screen Window Title
#ls_title=My Login Title
; top level window background color in RGB format
ls_top_window_bg_color=000000
; width and height of login screen
ls_width=350
ls_height=430
; login screen background color in RGB format
ls_bg_color=dedede
; optional background image filename (bmp format).
#ls_background_image=
; logo
; full path to bmp-file or file in shared folder
ls_logo_filename=
ls_logo_x_pos=55
ls_logo_y_pos=50
; for positioning labels such as username, password etc
ls_label_x_pos=30
ls_label_width=65
; for positioning text and combo boxes next to above labels
ls_input_x_pos=110
ls_input_width=210
; y pos for first label and combo box
ls_input_y_pos=220
; OK button
ls_btn_ok_x_pos=142
ls_btn_ok_y_pos=370
ls_btn_ok_width=85
ls_btn_ok_height=30
; Cancel button
ls_btn_cancel_x_pos=237
ls_btn_cancel_y_pos=370
ls_btn_cancel_width=85
ls_btn_cancel_height=30
[Logging]
LogFile=xrdp.log
LogLevel=ERROR
EnableSyslog=false
SyslogLevel=ERROR
; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
[Channels]
; Channel names not listed here will be blocked by XRDP.
; You can block any channel by setting its value to false.
; IMPORTANT! All channels are not supported in all use
; cases even if you set all values to true.
; You can override these settings on each session type
; These settings are only used if allow_channels=true
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true
; for debugging xrdp, in section xrdp1, change port=-1 to this:
#port=/tmp/.xrdp/xrdp_display_10
; for debugging xrdp, add following line to section xrdp1
#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210
;
; Session types
;
; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
[Xvnc]
name=Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1
#xserverbpp=24
delay_ms=2000
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20
[vnc-any]
name=vnc-any
lib=libvnc.so
ip=ask
port=ask5900
username=na
password=ask
#pamusername=asksame
#pampassword=asksame
#pamsessionmng=127.0.0.1
#delay_ms=2000
[neutrinordp-any]
name=neutrinordp-any
lib=libxrdpneutrinordp.so
ip=ask
port=ask3389
username=ask
password=ask
; You can override the common channel settings for each session type
#channel.rdpdr=true
#channel.rdpsnd=true
#channel.drdynvc=true
#channel.cliprdr=true
#channel.rail=true
#channel.xrdpvr=true

17
xrdp.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package xrdp
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@
%endif
Name: xrdp
Version: 0.9.14
Version: 0.9.15
Release: 0
Summary: Remote desktop protocol (RDP) server
License: Apache-2.0 AND GPL-2.0-or-later
@ -33,19 +33,17 @@ Source1: https://github.com/neutrinolabs/%{name}/releases/download/v%{ver
Source2: xrdp.keyring
Source4: sysconfig.xrdp
Source5: force_stop
Source6: xrdp.ini
Source7: sesman.ini
Source100: %{name}-rpmlintrc
# PATCH-FIX-OPENSUSE xrdp-pam.patch - hfiguiere@novell.com refreshed by ftake@geeko.jp
Patch1: xrdp-pam.patch
# PATCH-FIX-OPENSUSE xrdp-default-config.patch - cyberorg@opensuse.org refreshed by ftake@geeko.jp -- Adjust default settings to openSUSE standards
Patch3: xrdp-default-config.patch
# PATCH-FIX-OPENSUSE xrdp-disable-8-bpp-vnc-support.patch bsc#991059 - fezhang@suse.com -- disable 8 bpp support for vnc connections
Patch4: xrdp-disable-8-bpp-vnc-support.patch
# PATCH-FIX-OPENSUSE xrdp-support-KillDisconnected-for-Xvnc.patch boo#1101506 - fezhang@suse.com -- Support the KillDisconnected option for TigerVNC Xvnc sessions
Patch5: xrdp-support-KillDisconnected-for-Xvnc.patch
# PATCH-FIX-OPENSUSE xrdp-systemd-services.patch boo#1138954 boo#1144327 - fezhang@suse.com -- Let systemd handle the daemons
Patch6: xrdp-systemd-services.patch
# PATCH-FEATURE-UPSTREAM xrdp-usr-etc-support.patch bsc#1177779 - yfjiang@suse.com gh#neutrinolabs/xrdp!1702 -- Support /usr/etc configuration change
Patch7: xrdp-usr-etc-support.patch
# PATCH-FEATURE-SLE xrdp-avahi.diff bnc#586785 - hfiguiere@novell.com -- Add Avahi support.
Patch11: xrdp-avahi.diff
# PATCH-FIX-SLE xrdp-filter-tab-from-mstsc-on-focus-change.patch bnc#601996 bnc#623534 - dliang@novell.com -- filter the fake tab key which is used to notify the session
@ -54,7 +52,6 @@ Patch12: xrdp-filter-tab-from-mstsc-on-focus-change.patch
Patch13: xrdp-bsc965647-allow-admin-choose-desktop.patch
# PATCH-FEATURE-SLE xrdp-fate318398-change-expired-password.patch fate#318398 - fezhang@suse.com -- enable user to update expired password via PAM
Patch14: xrdp-fate318398-change-expired-password.patch
Patch16: xrdp-buildfix.patch
BuildRequires: autoconf
BuildRequires: automake
@ -103,18 +100,15 @@ This package contains libraries for the JPEG2000 codec for RDP.
%prep
%setup -q
%patch1 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch11 -p1
%if 0%{?sle_version}
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%endif
%patch16 -p1
%build
sh ./bootstrap
@ -133,6 +127,7 @@ mkdir -p %{buildroot}/%{_fillupdir}
install -m 644 %{SOURCE4} %{buildroot}/%{_fillupdir}/sysconfig.xrdp
mkdir -p %{buildroot}/%{_libexecdir}/initscripts/legacy-actions/xrdp
install -m 755 %{SOURCE5} %{buildroot}/%{_libexecdir}/initscripts/legacy-actions/xrdp/force_stop
install -m 644 %{SOURCE6} %{SOURCE7} %{buildroot}/%{_sysconfdir}/xrdp/
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxrdp
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxrdp-sesman