pool/xrdp
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 423916 from home:zhangxiaofei:branches:X11:RemoteDesktop

Browse Source 
- Add xrdp-disable-8-bpp-vnc-support.patch:
  Disable 8 bpp vnc support. Xvnc drops support for 8 bpp since
  1.4.0. Trying to launch Xvnc in 8 bpp will cause it to dump core
  (bsc#991059).
- Add obs source services:
  + tar_scm
  + recompress
  + set_version
- Update to version 0.9.0~git.1456906198.f422461:
  Fix tarball naming from 0.9.0git to 0.9.0~git to conform openSUSE
  naming scheme for pre-release version.
  + Numlock out of sync fix
  + neutrinordp: minor changes, coding style, log level
  + Update faq-compile.txt
  + Change to allow authentication against all authentication
    methods.
  + Add details for crypt_level=fips to man page
  + libxrdp: no logic change, tabs to spaces
  + libxrdp: opps, fix typeo
  + Fix "\ _" on jp keyboard
  + xrdp_keyboard.ini: Fix jp keyboard model
  + update xorgxrdp
  + add keyboard options to xrdp_client_info
  + xorgxrdp=68412e5
- Add an extra legacy service action force_stop:
  Forcefully killing xrdp processes when it cannot be stopped
  normally.
  Usage:
    $ service xrdp force_stop
    or

OBS-URL: https://build.opensuse.org/request/show/423916
OBS-URL: https://build.opensuse.org/package/show/X11:RemoteDesktop/xrdp?expand=0&rev=5
This commit is contained in:
Dirk Mueller 2016-09-21 11:37:09 +00:00 committed by Git OBS Bridge
parent 7b52d1fa2d
commit f047e239d0
19 changed files with 1931 additions and 237 deletions

9
_service

@ -1,12 +1,15 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/neutrinolabs/xrdp.git</param>
<param name="scm">git</param>
<param name="versionprefix">0.9.0git</param>
<param name="url">https://github.com/neutrinolabs/xrdp.git</param>
<param name="filename">xrdp</param>
<param name="versionprefix">0.9.0~git</param>
<param name="versionformat">%ct.%h</param>
<param name="changesgenerate">enable</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
<param name="compression">xz</param>
<param name="compression">gz</param>
</service>
<service name="set_version" mode="disabled"/>
</services>

4
_servicedata Normal file

@ -0,0 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/neutrinolabs/xrdp.git</param>
<param name="changesrevision">f4224615c97668236826d115fa37b6ce805bea96</param></service></servicedata>

27
force_stop Normal file

@ -0,0 +1,27 @@
#!/bin/sh -e
DAEMON=${BASE}/sbin/xrdp
SDAEMON=${BASE}/sbin/xrdp-sesman
PIDDIR=/var/run/xrdp/
force_stop() {
DELAY=1
PROCLIST="xrdp-sesman xrdp-sessvc xrdp-chansrv X11rdp Xvnc"
for p in $PROCLIST; do
pgrep -x $p >/dev/null && pkill -x $p
sleep $DELAY
pgrep -x $p >/dev/null && pkill -9 -x $p
done
# let's not kill ourselves - the init script is called xrdp as well
pgrep -fx $DAEMON >/dev/null && pkill -fx $DAEMON
sleep $DELAY
pgrep -fx $DAEMON >/dev/null && pkill -9 -fx $DAEMON
rm -f $PIDDIR/xrdp*.pid
}
$0 stop
# because it doesn't allways die the right way
force_stop

15
sysconfig.xrdp

@ -1,2 +1,17 @@
## Path: Network/Remote X11
## Description: xrdp sesman setting
## Type: string
## Default: ""
#
# Options for xrdp
#
#SESMAN_OPTIONS=""
## Path: Network/Remote X11
## Description: xrdp setting
## Type: string
## Default: ""
#
# Options for xrdp
#
#XRDP_OPTIONS=""

3
xrdp-0.9.0git.1420692256.tar.xz

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:41ac83d15bdfc4fbd8526302369278876b7fb025b9d2c96f780de44ee434ef24
size 1498600

3
xrdp-0.9.0~git.1456906198.f422461.tar.gz Normal file

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c5e04b46d3568d6a1d034d0919208ac4e14ee30be1cb8cde26dd32ce779018ba
size 2184315

219
xrdp-avahi.diff Normal file

@ -0,0 +1,219 @@
From 71ebbe34d841d3f29ae2d21fbae25889de5d4a57 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Mon, 1 Aug 2016 17:04:31 +0800
Subject: [PATCH] avahi
---
configure.ac | 1 +
xrdp/Makefile.am | 9 +++--
xrdp/xrdp.h | 8 ++++
xrdp/xrdp_avahi.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++
xrdp/xrdp_listen.c | 2 +-
5 files changed, 133 insertions(+), 4 deletions(-)
create mode 100644 xrdp/xrdp_avahi.c
diff --git a/configure.ac b/configure.ac
index e1a150e..2cfe026 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,6 +7,7 @@ AM_INIT_AUTOMAKE([1.6 foreign])
AC_PROG_CC
AC_C_CONST
AC_PROG_LIBTOOL
+PKG_CHECK_MODULES(AVAHI, avahi-client >= 0.6.4)
PKG_PROG_PKG_CONFIG
AC_ARG_WITH([systemdsystemunitdir],
AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
diff --git a/xrdp/Makefile.am b/xrdp/Makefile.am
index 4fd9a68..e00bc2f 100644
--- a/xrdp/Makefile.am
+++ b/xrdp/Makefile.am
@@ -33,7 +33,8 @@ INCLUDES = \
-I$(top_builddir) \
-I$(top_srcdir)/common \
-I$(top_srcdir)/libxrdp \
- $(EXTRA_INCLUDES)
+ $(EXTRA_INCLUDES) \
+ $(AVAHI_CFLAGS)
sbin_PROGRAMS = \
xrdp
@@ -52,12 +53,14 @@ xrdp_SOURCES = \
xrdp_process.c \
xrdp_region.c \
xrdp_wm.c \
- xrdp_encoder.c
+ xrdp_encoder.c \
+ xrdp_avahi.c
xrdp_LDADD = \
$(top_builddir)/common/libcommon.la \
$(top_builddir)/libxrdp/libxrdp.la \
- $(EXTRA_LIBS)
+ $(EXTRA_LIBS) \
+ $(AVAHI_LIBS)
xrdp_LDFLAGS = \
$(EXTRA_FLAGS)
diff --git a/xrdp/xrdp.h b/xrdp/xrdp.h
index 67488a6..e71fb9b 100644
--- a/xrdp/xrdp.h
+++ b/xrdp/xrdp.h
@@ -164,6 +164,8 @@ void APP_CC
xrdp_listen_delete(struct xrdp_listen* self);
int APP_CC
xrdp_listen_main_loop(struct xrdp_listen* self);
+int APP_CC
+xrdp_listen_get_port(char* port, int port_bytes);
/* xrdp_region.c */
struct xrdp_region* APP_CC
@@ -510,3 +512,9 @@ int DEFAULT_CC
server_add_char_alpha(struct xrdp_mod* mod, int font, int charactor,
int offset, int baseline,
int width, int height, char* data);
+
+/* xrdp_avahi.c */
+int APP_CC
+xrdp_avahi_init(void);
+void APP_CC
+xrdp_avahi_fini(void);
diff --git a/xrdp/xrdp_avahi.c b/xrdp/xrdp_avahi.c
new file mode 100644
index 0000000..7fa1656
--- /dev/null
+++ b/xrdp/xrdp_avahi.c
@@ -0,0 +1,117 @@
+/*
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+ xrdp: A Remote Desktop Protocol server.
+ Copyright (C) Novell, Inc. 2008
+
+ avahi integration
+
+*/
+
+#include "xrdp.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <avahi-client/client.h>
+#include <avahi-client/publish.h>
+#include <avahi-common/thread-watch.h>
+
+static AvahiClient *client = NULL;
+static AvahiThreadedPoll *threaded_poll = NULL;
+static AvahiEntryGroup *avahi_group = NULL;
+
+static const char *_service_name = "RDP service on %s";
+
+static void
+avahi_client_callback (AvahiClient *c,
+ AvahiClientState state,
+ void *userdata)
+{
+ switch (state) {
+ case AVAHI_CLIENT_S_RUNNING:
+ avahi_group = avahi_entry_group_new (c, 0, 0);
+ if (avahi_group)
+ {
+ char hname[512];
+ char name[576];
+ char port[8];
+ /* dummy parameters */
+ char address[256];
+ struct xrdp_startup_params* startup_param = {"", 0, 0, 0, 0};
+
+ if (gethostname (hname, sizeof (hname)))
+ break;
+
+ sprintf (name, _service_name, hname);
+
+ xrdp_listen_get_port_address (port, sizeof (port),
+ address, sizeof (address),
+ startup_param);
+
+ avahi_entry_group_add_service (avahi_group,
+ AVAHI_IF_UNSPEC,
+ AVAHI_PROTO_UNSPEC,
+ 0,
+ name,
+ "_rdp._tcp",
+ 0,
+ 0,
+ atoi (port),
+ NULL);
+
+ avahi_entry_group_commit (avahi_group);
+ }
+ break;
+ case AVAHI_CLIENT_FAILURE:
+ case AVAHI_CLIENT_S_COLLISION:
+ case AVAHI_CLIENT_CONNECTING:
+ break;
+ case AVAHI_CLIENT_S_REGISTERING:
+ if (avahi_group)
+ avahi_entry_group_reset (avahi_group);
+ default:
+ break;
+ }
+}
+
+int APP_CC
+xrdp_avahi_init (void)
+{
+ if (!(threaded_poll = avahi_threaded_poll_new ()))
+ return 1;
+
+ if (!(client = avahi_client_new (avahi_threaded_poll_get (threaded_poll),
+ 0,
+ avahi_client_callback,
+ NULL,
+ NULL)))
+ return 1;
+
+ if (avahi_threaded_poll_start (threaded_poll) < 0)
+ return 1;
+
+ return 0;
+}
+
+void APP_CC
+xrdp_avahi_fini (void)
+{
+ avahi_threaded_poll_stop (threaded_poll);
+ if (avahi_group)
+ avahi_entry_group_free (avahi_group);
+ avahi_client_free (client);
+ avahi_threaded_poll_free (threaded_poll);
+}
diff --git a/xrdp/xrdp_listen.c b/xrdp/xrdp_listen.c
index b2b19ca..c1ae4c5 100644
--- a/xrdp/xrdp_listen.c
+++ b/xrdp/xrdp_listen.c
@@ -145,7 +145,7 @@ xrdp_process_run(void *in_val)
}
/*****************************************************************************/
-static int
+int
xrdp_listen_get_port_address(char *port, int port_bytes,
char *address, int address_bytes,
int *tcp_nodelay, int *tcp_keepalive,
--
2.6.6

68
xrdp-bsc965647-allow-admin-choose-desktop.patch Normal file

@ -0,0 +1,68 @@
From b14f40d4567b884623936a8b3c20350d1ea37ffd Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Mon, 1 Aug 2016 17:55:35 +0800
Subject: [PATCH] bsc#965647 allow admin choose desktop
---
sesman/startwm.sh | 44 +++++++++++++++++++++-----------------------
1 file changed, 21 insertions(+), 23 deletions(-)
diff --git a/sesman/startwm.sh b/sesman/startwm.sh
index ee48263..ace62a0 100755
--- a/sesman/startwm.sh
+++ b/sesman/startwm.sh
@@ -3,30 +3,28 @@
#start the window manager
wm_start()
{
- if [ -r /etc/default/locale ]; then
- . /etc/default/locale
- export LANG LANGUAGE
- fi
-
- # debian
- if [ -r /etc/X11/Xsession ]; then
- . /etc/X11/Xsession
- exit 0
- fi
-
- # el
- if [ -r /etc/X11/xinit/Xsession ]; then
- . /etc/X11/xinit/Xsession
- exit 0
- fi
+ #Customize your preferred session mode here
+ SESSION="sle"
- # suse
- if [ -r /etc/X11/xdm/Xsession ]; then
- . /etc/X11/xdm/Xsession
- exit 0
- fi
-
- xterm
+ case $SESSION in
+ sle)
+ if [ -r /usr/bin/gnome-session ]; then
+ export GNOME_SHELL_SESSION_MODE=classic
+ export SLE_CLASSIC_MODE=1
+ /usr/bin/gnome-session --session gnome-classic
+ fi
+ ;;
+ gnome)
+ if [ -r /usr/bin/gnome-session ]; then
+ /usr/bin/gnome-session
+ fi
+ ;;
+ icewm)
+ if [ -r /usr/bin/icewm-session ]; then
+ /usr/bin/icewm-session
+ fi
+ ;;
+ esac
}
#Execution sequence for interactive login shell
--
2.6.6

96
xrdp-default-config.patch

@ -1,27 +1,41 @@
diff -ur a/instfiles/xrdp.service b/instfiles/xrdp.service
--- a/instfiles/xrdp.service 2015-10-03 19:58:45.000000000 +0530
+++ b/instfiles/xrdp.service 2015-10-03 20:03:22.000000000 +0530
From 9359e6228d702dc4d3cc8057c05e2b3bae267406 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Wed, 17 Aug 2016 17:07:32 +0800
Subject: [PATCH] default config
---
instfiles/xrdp.service | 7 +++---
instfiles/xrdp.sh | 4 ++--
sesman/sesman.ini | 18 ++++-----------
xrdp/xrdp.ini | 62 ++++++++------------------------------------------
4 files changed, 20 insertions(+), 71 deletions(-)
diff --git a/instfiles/xrdp.service b/instfiles/xrdp.service
index 7bb076d..93117d4 100644
--- a/instfiles/xrdp.service
+++ b/instfiles/xrdp.service
@@ -1,14 +1,13 @@
[Unit]
Description=xrdp daemon
-Requires=xrdp-sesman.service
-After=syslog.target network.target xrdp-sesman.service
+After=syslog.target network.target
+After=syslog.target network.target
[Service]
Type=forking
PIDFile=/var/run/xrdp.pid
EnvironmentFile=/etc/sysconfig/xrdp
-ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS --nodaemon
-ExecStart=/usr/sbin/xrdp $XRDP_OPTIONS
-ExecStop=/usr/sbin/xrdp $XRDP_OPTIONS --kill
+ExecStart=/etc/xrdp/xrdp.sh start
+ExecStop=/etc/xrdp/xrdp.sh stop
[Install]
WantedBy=multi-user.target
diff -ur a/instfiles/xrdp.sh b/instfiles/xrdp.sh
--- a/instfiles/xrdp.sh 2015-10-03 19:58:45.000000000 +0530
+++ b/instfiles/xrdp.sh 2015-10-03 19:59:17.000000000 +0530
diff --git a/instfiles/xrdp.sh b/instfiles/xrdp.sh
index 3e72743..630fa5b 100755
--- a/instfiles/xrdp.sh
+++ b/instfiles/xrdp.sh
@@ -17,8 +17,8 @@
# Description: starts xrdp
### END INIT INFO
@ -33,10 +47,25 @@ diff -ur a/instfiles/xrdp.sh b/instfiles/xrdp.sh
CFGDIR=/etc/xrdp
if ! test -x $SBINDIR/xrdp
diff -ur a/sesman/sesman.ini b/sesman/sesman.ini
--- a/sesman/sesman.ini 2015-10-03 19:58:45.000000000 +0530
+++ b/sesman/sesman.ini 2015-10-03 19:59:17.000000000 +0530
@@ -58,16 +58,9 @@
diff --git a/sesman/sesman.ini b/sesman/sesman.ini
index a58af38..e60aaa9 100644
--- a/sesman/sesman.ini
+++ b/sesman/sesman.ini
@@ -15,11 +15,10 @@ TerminalServerAdmins=tsadmins
AlwaysGroupCheck = false
[Sessions]
-
## X11DisplayOffset - x11 display number offset
# Type: integer
-# Default: 10
-X11DisplayOffset=10
+# Default: 200
+X11DisplayOffset=200
## MaxSessions - maximum number of connections to an xrdp server
# Type: integer
@@ -58,16 +57,9 @@ Policy=Default
[Logging]
LogFile=xrdp-sesman.log
@ -56,29 +85,20 @@ diff -ur a/sesman/sesman.ini b/sesman/sesman.ini
[Xvnc]
param1=-bs
diff -ur a/xrdp/xrdp.ini b/xrdp/xrdp.ini
--- a/xrdp/xrdp.ini 2015-10-03 19:58:45.000000000 +0530
+++ b/xrdp/xrdp.ini 2015-10-03 19:59:17.000000000 +0530
@@ -70,7 +70,8 @@
diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini
index 34adb07..a48ec48 100644
--- a/xrdp/xrdp.ini
+++ b/xrdp/xrdp.ini
@@ -70,7 +70,7 @@ use_fastpath=both
#ls_title=My Login Title
# top level window background color in RGB format
-ls_top_window_bg_color=009cb5
+#ls_top_window_bg_color=009cb5
+ls_top_window_bg_color=000000
# width and height of login screen
ls_width=350
@@ -84,7 +85,7 @@
# logo
# full path to bmp-file or file in shared folder
-ls_logo_filename=
+ls_logo_filename=/usr/share/xrdp/openSUSE.bmp
ls_logo_x_pos=55
ls_logo_y_pos=50
@@ -113,9 +114,9 @@
@@ -113,9 +113,9 @@ ls_btn_cancel_height=30
[Logging]
LogFile=xrdp.log
@ -91,7 +111,7 @@ diff -ur a/xrdp/xrdp.ini b/xrdp/xrdp.ini
# LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
[channels]
@@ -140,16 +141,6 @@
@@ -140,67 +140,25 @@ tcutils=true
# chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210
[xrdp1]
@ -108,19 +128,25 @@ diff -ur a/xrdp/xrdp.ini b/xrdp/xrdp.ini
name=sesman-Xvnc
lib=libvnc.so
username=ask
@@ -158,7 +149,7 @@
password=ask
ip=127.0.0.1
port=-1
#delay_ms=2000
-#delay_ms=2000
+# delay in milliseconds before connecting to Xvnc
+# to avoid race condition:
+# https://github.com/neutrinolabs/xrdp/issues/182
+delay_ms=2000
-[xrdp3]
+[xrdp2]
name=console
lib=libvnc.so
ip=127.0.0.1
@@ -167,40 +158,6 @@
port=5900
username=na
password=ask
#delay_ms=2000
-#delay_ms=2000
-
-[xrdp4]
-name=vnc-any
-lib=libvnc.so
@ -155,6 +181,10 @@ diff -ur a/xrdp/xrdp.ini b/xrdp/xrdp.ini
-port=ask3389
-username=ask
-password=ask
+delay_ms=2000
[Session manager]
name=Session manager
--
2.6.6

44
xrdp-disable-8-bpp-vnc-support.patch Normal file

@ -0,0 +1,44 @@
From a0c6305f00fa61e48b79c1edd6de83fb8107e386 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Tue, 30 Aug 2016 20:03:35 +0800
Subject: [PATCH] disable 8 bpp vnc support
Xvnc drops support for 8 bpp since 1.4.0. Trying to launch Xvnc in
8 bpp will cause it to dump core (bsc#991059).
---
vnc/vnc.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/vnc/vnc.c b/vnc/vnc.c
index bb04726..c3ee3bf 100644
--- a/vnc/vnc.c
+++ b/vnc/vnc.c
@@ -950,11 +950,14 @@ lib_mod_connect(struct vnc *v)
check_sec_result = 1;
/* only support 8 and 16 bpp connections from rdp client */
- if ((v->server_bpp != 8) && (v->server_bpp != 15) &&
+ if ((v->server_bpp != 15) &&
(v->server_bpp != 16) && (v->server_bpp != 24))
{
- v->server_msg(v, "VNC error - only supporting 8, 15, 16 and 24 bpp rdp "
+ v->server_msg(v, "VNC error - only supporting 15, 16 and 24 bpp "
"connections", 0);
+ if (v->server_bpp == 8)
+ v->server_msg(v, "VNC error - 8 bpp support is dropped "
+ "since Xvnc 1.4.0", 0);
return 1;
}
@@ -985,7 +988,7 @@ lib_mod_connect(struct vnc *v)
v->server_msg(v, text, 0);
g_sleep(v->delay_ms);
}
-
+
g_sprintf(text, "VNC connecting to %s %s", v->ip, con_port);
v->server_msg(v, text, 0);
error = g_tcp_connect(v->sck, v->ip, con_port);
--
2.6.6

845
xrdp-fate318398-change-expired-password.patch Normal file

@ -0,0 +1,845 @@
From 7eed33d99e93432c2b425a8ce1d2955b3532da39 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Mon, 1 Aug 2016 17:26:41 +0800
Subject: [PATCH] FATE#318398: Enable xrdp to allow a required password change
for users
---
sesman/auth.h | 2 +
sesman/libscp/libscp_session.c | 30 ++++++++
sesman/libscp/libscp_types.h | 2 +
sesman/libscp/libscp_v0.c | 23 ++++--
sesman/libscp/libscp_v0.h | 2 +-
sesman/scp_v0.c | 13 +++-
sesman/verify_user_pam.c | 95 ++++++++++++++++++++++++
xrdp/xrdp_login_wnd.c | 155 +++++++++++++++++++++++++++++++++++++-
xrdp/xrdp_mm.c | 164 ++++++++++++++++++++++++++++++-----------
xrdp/xrdp_types.h | 1 +
xrdp/xrdp_wm.c | 41 ++++++++++-
11 files changed, 475 insertions(+), 53 deletions(-)
diff --git a/sesman/auth.h b/sesman/auth.h
index e06b9eb..ee33e94 100644
--- a/sesman/auth.h
+++ b/sesman/auth.h
@@ -106,4 +106,6 @@ auth_check_pwd_chg(char* user);
int DEFAULT_CC
auth_change_pwd(char* user, char* newpwd);
+int DEFAULT_CC
+auth_change_pwd_pam(char* user, char* pass, char* newpwd);
#endif
diff --git a/sesman/libscp/libscp_session.c b/sesman/libscp/libscp_session.c
index d25fc64..35bc223 100644
--- a/sesman/libscp/libscp_session.c
+++ b/sesman/libscp/libscp_session.c
@@ -71,6 +71,10 @@ scp_session_set_type(struct SCP_SESSION *s, tui8 type)
s->type = SCP_GW_AUTHENTICATION;
break;
+ case SCP_GW_CHAUTHTOK:
+ s->type = SCP_GW_CHAUTHTOK;
+ break;
+
case SCP_SESSION_TYPE_MANAGE:
s->type = SCP_SESSION_TYPE_MANAGE;
s->mng = (struct SCP_MNG_DATA *)g_malloc(sizeof(struct SCP_MNG_DATA), 1);
@@ -231,6 +235,32 @@ scp_session_set_password(struct SCP_SESSION *s, char *str)
/*******************************************************************/
int
+scp_session_set_newpass(struct SCP_SESSION *s, char *str)
+{
+ if (0 == str)
+ {
+ log_message(LOG_LEVEL_WARNING, "[session:%d] set_newpass: null newpass", __LINE__);
+ return 1;
+ }
+
+ if (0 != s->newpass)
+ {
+ g_free(s->newpass);
+ }
+
+ s->newpass = g_strdup(str);
+
+ if (0 == s->newpass)
+ {
+ log_message(LOG_LEVEL_WARNING, "[session:%d] set_newpass: strdup error", __LINE__);
+ return 1;
+ }
+
+ return 0;
+}
+
+/*******************************************************************/
+int
scp_session_set_domain(struct SCP_SESSION *s, char *str)
{
if (0 == str)
diff --git a/sesman/libscp/libscp_types.h b/sesman/libscp/libscp_types.h
index de85186..f6be582 100644
--- a/sesman/libscp/libscp_types.h
+++ b/sesman/libscp/libscp_types.h
@@ -47,6 +47,7 @@
* XRDP sends this command to let sesman verify if the user is allowed
* to use the gateway */
#define SCP_GW_AUTHENTICATION 0x04
+#define SCP_GW_CHAUTHTOK 0x05
#define SCP_ADDRESS_TYPE_IPV4 0x00
#define SCP_ADDRESS_TYPE_IPV6 0x01
@@ -81,6 +82,7 @@ struct SCP_SESSION
char locale[18];
char* username;
char* password;
+ char* newpass;
char* hostname;
tui8 addr_type;
tui32 ipv4addr;
diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c
index 8cf1340..2b3d203 100644
--- a/sesman/libscp/libscp_v0.c
+++ b/sesman/libscp/libscp_v0.c
@@ -306,9 +306,8 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
}
}
}
- else if (code == SCP_GW_AUTHENTICATION)
+ else if (code == SCP_GW_AUTHENTICATION || code == SCP_GW_CHAUTHTOK)
{
- /* g_writeln("Command is SCP_GW_AUTHENTICATION"); */
session = scp_session_create();
if (0 == session)
@@ -318,7 +317,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
}
scp_session_set_version(session, version);
- scp_session_set_type(session, SCP_GW_AUTHENTICATION);
+ scp_session_set_type(session, code);
/* reading username */
in_uint16_be(c->in_s, sz);
buf[sz] = '\0';
@@ -344,6 +343,19 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk)
/* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */
return SCP_SERVER_STATE_INTERNAL_ERR;
}
+ if (code == SCP_GW_CHAUTHTOK)
+ {
+ /* reading new password */
+ in_uint16_be(c->in_s, sz);
+ buf[sz] = '\0';
+ in_uint8a(c->in_s, buf, sz);
+
+ if (0 != scp_session_set_newpass(session, buf))
+ {
+ scp_session_destroy(session);
+ return SCP_SERVER_STATE_INTERNAL_ERR;
+ }
+ }
}
else
{
@@ -399,12 +411,13 @@ scp_v0s_deny_connection(struct SCP_CONNECTION *c)
/******************************************************************************/
enum SCP_SERVER_STATES_E
-scp_v0s_replyauthentication(struct SCP_CONNECTION *c, unsigned short int value)
+scp_v0s_replyauthentication(struct SCP_CONNECTION *c, unsigned short int value, tui8 type)
{
out_uint32_be(c->out_s, 0); /* version */
out_uint32_be(c->out_s, 14); /* size */
/* cmd SCP_GW_AUTHENTICATION means authentication reply */
- out_uint16_be(c->out_s, SCP_GW_AUTHENTICATION);
+ /* cmd SCP_GW_CHAUTHTOK means chauthtok reply */
+ out_uint16_be(c->out_s, type);
out_uint16_be(c->out_s, value); /* reply code */
out_uint16_be(c->out_s, 0); /* dummy data */
s_mark_end(c->out_s);
diff --git a/sesman/libscp/libscp_v0.h b/sesman/libscp/libscp_v0.h
index 16e49e0..3199db0 100644
--- a/sesman/libscp/libscp_v0.h
+++ b/sesman/libscp/libscp_v0.h
@@ -79,6 +79,6 @@ scp_v0s_deny_connection(struct SCP_CONNECTION* c);
* @return
*/
enum SCP_SERVER_STATES_E
-scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value);
+scp_v0s_replyauthentication(struct SCP_CONNECTION* c, unsigned short int value, tui8 type);
#endif
diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c
index ce528d4..3fc788f 100644
--- a/sesman/scp_v0.c
+++ b/sesman/scp_v0.c
@@ -37,6 +37,13 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
struct session_item *s_item;
int errorcode = 0 ;
+ if (s->type == SCP_GW_CHAUTHTOK)
+ {
+ errorcode = auth_change_pwd_pam(s->username, s->password, s->newpass);
+ scp_v0s_replyauthentication(c, errorcode, SCP_GW_CHAUTHTOK);
+ return ;
+ }
+
data = auth_userpass(s->username, s->password,&errorcode);
if (s->type == SCP_GW_AUTHENTICATION)
@@ -48,14 +55,14 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
if (1 == access_login_allowed(s->username))
{
/* the user is member of the correct groups. */
- scp_v0s_replyauthentication(c, errorcode);
+ scp_v0s_replyauthentication(c, errorcode, SCP_GW_AUTHENTICATION);
log_message(LOG_LEVEL_INFO, "Access permitted for user: %s",
s->username);
/* g_writeln("Connection allowed"); */
}
else
{
- scp_v0s_replyauthentication(c, 32+3); /* all first 32 are reserved for PAM errors */
+ scp_v0s_replyauthentication(c, 32 + 3, SCP_GW_AUTHENTICATION); /* all first 32 are reserved for PAM errors */
log_message(LOG_LEVEL_INFO, "Username okey but group problem for "
"user: %s", s->username);
/* g_writeln("user password ok, but group problem"); */
@@ -66,7 +73,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s)
/* g_writeln("username or password error"); */
log_message(LOG_LEVEL_INFO, "Username or password error for user: %s",
s->username);
- scp_v0s_replyauthentication(c, errorcode);
+ scp_v0s_replyauthentication(c, errorcode, SCP_GW_AUTHENTICATION);
}
auth_end(data);
diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c
index a2b3f93..4eb61fa 100644
--- a/sesman/verify_user_pam.c
+++ b/sesman/verify_user_pam.c
@@ -34,6 +34,7 @@ struct t_user_pass
{
char user[256];
char pass[256];
+ char newpwd[256];
};
struct t_auth_info
@@ -82,6 +83,55 @@ verify_pam_conv(int num_msg, const struct pam_message **msg,
}
/******************************************************************************/
+static int DEFAULT_CC
+chauth_pam_conv(int num_msg, const struct pam_message **msg,
+ struct pam_response **resp, void *appdata_ptr)
+{
+ int i;
+ struct pam_response *reply;
+ struct t_user_pass *user_pass;
+
+ reply = g_malloc(sizeof(struct pam_response) * num_msg, 1);
+
+ for (i = 0; i < num_msg; i++)
+ {
+ switch (msg[i]->msg_style)
+ {
+ case PAM_PROMPT_ECHO_ON: /* username */
+ user_pass = appdata_ptr;
+ reply[i].resp = g_strdup(user_pass->user);
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_PROMPT_ECHO_OFF: /* password */
+ user_pass = appdata_ptr;
+ /* only prompt for old password starts with '('
+ old pass: "(current) UNIX password:"
+ new pass: "New password:"
+ retype new pass: "Retype new password:" */
+ if (*(msg[i]->msg) == '(')
+ {
+ reply[i].resp = g_strdup(user_pass->pass);
+ }
+ else
+ {
+ reply[i].resp = g_strdup(user_pass->newpwd);
+ }
+ reply[i].resp_retcode = PAM_SUCCESS;
+ break;
+ case PAM_TEXT_INFO: /* useless messages */
+ break;
+ default:
+ g_printf("unknown in verify_pam_conv\r\n");
+ g_free(reply);
+ return PAM_CONV_ERR;
+ }
+ }
+
+ *resp = reply;
+ return PAM_SUCCESS;
+}
+
+/******************************************************************************/
static void DEFAULT_CC
get_service_name(char *service_name)
{
@@ -309,3 +359,48 @@ auth_set_env(long in_val)
return 0;
}
+/******************************************************************************/
+/* returns boolean */
+/* update to the new pass */
+int DEFAULT_CC
+auth_change_pwd_pam(char *user, char *pass, char *newpwd)
+{
+ int error;
+ struct t_auth_info *auth_info;
+ char service_name[256];
+
+ get_service_name(service_name);
+ auth_info = g_malloc(sizeof(struct t_auth_info), 1);
+ g_strncpy(auth_info->user_pass.user, user, 255);
+ g_strncpy(auth_info->user_pass.pass, pass, 255);
+ g_strncpy(auth_info->user_pass.newpwd, newpwd, 255);
+ auth_info->pamc.conv = &chauth_pam_conv;
+ auth_info->pamc.appdata_ptr = &(auth_info->user_pass);
+ error = pam_start(service_name, 0, &(auth_info->pamc), &(auth_info->ph));
+
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_start failed: %s\r\n", pam_strerror(auth_info->ph, error));
+ pam_end(auth_info->ph, error);
+ g_free(auth_info);
+ return error;
+ }
+
+ error = pam_set_item(auth_info->ph, PAM_TTY, service_name);
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_set_item failed: %s\r\n",
+ pam_strerror(auth_info->ph, error));
+ }
+
+ error = pam_chauthtok(auth_info->ph, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (error != PAM_SUCCESS)
+ {
+ g_printf("pam_chauthtok failed: %s\r\n",
+ pam_strerror(auth_info->ph, error));
+ pam_end(auth_info->ph, error);
+ g_free(auth_info);
+ return error;
+ }
+ return error;
+}
diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c
index 357b4e2..c74eedd 100644
--- a/xrdp/xrdp_login_wnd.c
+++ b/xrdp/xrdp_login_wnd.c
@@ -178,7 +178,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitmap *wnd)
{
if (wnd->wm != 0)
{
- if (wnd->wm->pro_layer != 0)
+ struct xrdp_bitmap *b1;
+ b1 = xrdp_bitmap_get_child_by_id(wnd, 201);
+ if (b1 != 0 )
+ {
+ /* go back to login window when canceling new password creation */
+ xrdp_wm_set_login_mode(wnd->wm, 0);
+ }
+ else if (wnd->wm->pro_layer != 0)
{
g_set_wait_obj(wnd->wm->pro_layer->self_term_event);
}
@@ -236,7 +243,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd)
}
else
{
- log_message(LOG_LEVEL_ERROR, "Combo is 0 - potential programming error");
+ struct xrdp_bitmap *b1;
+ struct xrdp_bitmap *b2;
+ struct xrdp_bitmap *b3;
+ b1 = xrdp_bitmap_get_child_by_id(wnd, 201);
+ b2 = xrdp_bitmap_get_child_by_id(wnd, 203);
+ b3 = xrdp_bitmap_get_child_by_id(wnd, 250);
+ if (b1 != 0 && b2 != 0 && b3 != 0)
+ {
+ if (g_strlen(b1->caption1) > 0 && g_strncmp (b1->caption1, b2->caption1, 255) == 0)
+ {
+ list_add_item (wm->mm->login_names,(tbus)g_strdup("newpass"));
+ list_add_item (wm->mm->login_values,(tbus)g_strdup(b2->caption1));
+ xrdp_wm_set_login_mode (wm, 22);
+ }
+ else
+ {
+ xrdp_wm_set_login_mode(wm, 20);
+ }
+ }
+ else
+ {
+ log_message(LOG_LEVEL_ERROR, "Window not recognized - potential programming error");
+ }
}
return 0;
@@ -520,6 +549,31 @@ xrdp_wm_login_notify(struct xrdp_bitmap *wnd,
return 0;
}
+/*****************************************************************************/
+/* change new password window events go here */
+static int DEFAULT_CC
+xrdp_wm_newpass_notify(struct xrdp_bitmap *wnd,
+ struct xrdp_bitmap *sender,
+ int msg, long param1, long param2)
+{
+ if (wnd->modal_dialog != 0 && msg != 100)
+ {
+ return 0;
+ }
+
+ if (msg == 1) /* click */
+ {
+ if (sender->id == 2) /* cancel button */
+ {
+ xrdp_wm_cancel_clicked(wnd);
+ }
+ else if (sender->id == 3) /* ok button */
+ {
+ xrdp_wm_ok_clicked(wnd);
+ }
+ }
+ return 0;
+}
/******************************************************************************/
static int APP_CC
@@ -767,6 +821,103 @@ xrdp_login_wnd_create(struct xrdp_wm *self)
return 0;
}
+/******************************************************************************/
+int APP_CC
+xrdp_newpass_wnd_create(struct xrdp_wm *self)
+{
+ struct xrdp_bitmap *but;
+ struct xrdp_cfg_globals *globals;
+ int i;
+
+ globals = &self->xrdp_config->cfg_globals;
+
+ self->newpass_window = xrdp_bitmap_create(globals->ls_width, globals->ls_height, self->screen->bpp,
+ WND_TYPE_WND, self);
+ list_add_item(self->screen->child_list, (long)self->newpass_window);
+ self->newpass_window->parent = self->screen;
+ self->newpass_window->owner = self->screen;
+ self->newpass_window->bg_color = globals->ls_bg_color;
+
+ self->newpass_window->left = self->screen->width / 2 -
+ self->newpass_window->width / 2;
+
+ self->newpass_window->top = self->screen->height / 2 -
+ self->newpass_window->height / 2;
+
+ self->newpass_window->notify = xrdp_wm_newpass_notify;
+
+ set_string(&self->newpass_window->caption1, "Input new password");
+
+ /* OK button */
+ but = xrdp_bitmap_create(globals->ls_btn_ok_width, globals->ls_btn_ok_height,
+ self->screen->bpp, WND_TYPE_BUTTON, self);
+ list_add_item(self->newpass_window->child_list, (long)but);
+ but->parent = self->newpass_window;
+ but->owner = self->newpass_window;
+ but->left = globals->ls_btn_ok_x_pos;
+ but->top = globals->ls_btn_ok_y_pos;
+ but->id = 3;
+ set_string(&but->caption1, "OK");
+ but->tab_stop = 1;
+ self->newpass_window->default_button = but;
+
+ /* Cancel button */
+ but = xrdp_bitmap_create(globals->ls_btn_cancel_width,
+ globals->ls_btn_cancel_height, self->screen->bpp,
+ WND_TYPE_BUTTON, self);
+ list_add_item(self->newpass_window->child_list, (long)but);
+ but->parent = self->newpass_window;
+ but->owner = self->newpass_window;
+ but->left = globals->ls_btn_cancel_x_pos;
+ but->top = globals->ls_btn_cancel_y_pos;
+ but->id = 2;
+ set_string(&but->caption1, "Cancel");
+ but->tab_stop = 1;
+ self->newpass_window->esc_button = but;
+
+ /* labels and edits */
+ /* id starts between 200 and 249 */
+ char captions [][256] = {"New Pass", "Confirm"};
+ for (i = 0; i < 2; i++)
+ {
+ but = xrdp_bitmap_create(95, DEFAULT_EDIT_H, self->screen->bpp,
+ WND_TYPE_LABEL, self);
+ list_add_item(self->newpass_window->child_list, (long)but);
+ but->parent = self->newpass_window;
+ but->owner = self->newpass_window;
+ but->left = globals->ls_label_x_pos;
+ but->top = globals->ls_input_y_pos + (DEFAULT_COMBO_H +5) * i;
+ but->id = 200 + 2 * i;
+ set_string(&but->caption1, captions[i]);
+
+ but = xrdp_bitmap_create(DEFAULT_EDIT_W, DEFAULT_EDIT_H, self->screen->bpp,
+ WND_TYPE_EDIT, self);
+ list_add_item(self->newpass_window->child_list, (long)but);
+ but->parent = self->newpass_window;
+ but->owner = self->newpass_window;
+ but->left = globals->ls_input_x_pos;
+ but->top = globals->ls_input_y_pos + (DEFAULT_COMBO_H +5) * i;
+ but->id = 201 + 2 * i;
+ but->pointer = 1;
+ but->tab_stop = 1;
+ but->caption1 = (char *)g_malloc(256, 1);
+ but->password_char = '*';
+ }
+ /* error message label */
+ but = xrdp_bitmap_create (300, DEFAULT_EDIT_H, self->screen->bpp,
+ WND_TYPE_LABEL, self);
+ list_add_item(self->newpass_window->child_list, (long)but);
+ but->parent = self->newpass_window;
+ but->owner = self->newpass_window;
+ but->left = globals->ls_label_x_pos;
+ but->top = globals->ls_input_y_pos + (DEFAULT_COMBO_H +5) * 2;
+ but->id = 250;
+ but->caption1 = (char *)g_malloc(256, 1);
+ set_string(&but->caption1, "");
+
+ return 0;
+}
+
/**
* Load configuration from xrdp.ini file
*
diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c
index 76957ad..0ab173b 100644
--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@@ -1425,7 +1425,7 @@ xrdp_mm_sesman_data_in(struct trans *trans)
/*********************************************************************/
/* return 0 on success */
static int APP_CC
-access_control(char *username, char *password, char *srv)
+access_control(char *username, char *password, char *newpass, char *srv, int type)
{
int reply;
int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */
@@ -1451,7 +1451,8 @@ access_control(char *username, char *password, char *srv)
make_stream(out_s);
init_stream(out_s, 500);
s_push_layer(out_s, channel_hdr, 8);
- out_uint16_be(out_s, 4); /*0x04 means SCP_GW_AUTHENTICATION*/
+ out_uint16_be(out_s, type); /*0x04 means SCP_GW_AUTHENTICATION*/
+ /*0x05 means SCP_GW_CHAUTHTOK*/
index = g_strlen(username);
out_uint16_be(out_s, index);
out_uint8a(out_s, username, index);
@@ -1459,6 +1460,14 @@ access_control(char *username, char *password, char *srv)
index = g_strlen(password);
out_uint16_be(out_s, index);
out_uint8a(out_s, password, index);
+
+ if (type == 5)
+ {
+ index = g_strlen(newpass);
+ out_uint16_be(out_s, index);
+ out_uint8a(out_s, newpass, index);
+ }
+
s_mark_end(out_s);
s_pop_layer(out_s, channel_hdr);
out_uint32_be(out_s, 0); /* version */
@@ -1488,15 +1497,19 @@ access_control(char *username, char *password, char *srv)
in_uint16_be(in_s, pAM_errorcode); /* this variable holds the PAM error code if the variable is >32 it is a "invented" code */
in_uint16_be(in_s, dummy);
- if (code != 4) /*0x04 means SCP_GW_AUTHENTICATION*/
+ if (code == 4) /*0x04 means SCP_GW_AUTHENTICATION*/
{
- log_message(LOG_LEVEL_ERROR, "Returned cmd code from "
- "sesman is corrupt");
+ rec = pAM_errorcode; /* here we read the reply from the access control */
}
- else
+ else if (code == 5) /*0x05 means SCP_GW_CHAUTHTOK*/
{
rec = pAM_errorcode; /* here we read the reply from the access control */
}
+ else
+ {
+ log_message(LOG_LEVEL_ERROR, "Returned cmd code from "
+ "sesman is corrupt");
+ }
}
else
{
@@ -1709,7 +1722,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
char chansrvport[256];
#ifdef ACCESS
#ifndef USE_NOPAM
- int use_pam_auth = 0;
+ int use_pam_auth_explicit = 0;
char pam_auth_sessionIP[256];
char pam_auth_password[256];
char pam_auth_username[256];
@@ -1752,7 +1765,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
#ifndef USE_NOPAM
else if (g_strcasecmp(name, "pamusername") == 0)
{
- use_pam_auth = 1;
+ use_pam_auth_explicit = 1;
g_strncpy(pam_auth_username, value, 255);
}
else if (g_strcasecmp(name, "pamsessionmng") == 0)
@@ -1783,51 +1796,67 @@ xrdp_mm_connect(struct xrdp_mm *self)
#ifdef ACCESS
#ifndef USE_NOPAM
- if (use_pam_auth)
+ int reply;
+ char replytxt[128];
+ char pam_error[128];
+ const char *additionalError;
+ xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control...");
+
+ /* g_writeln("we use pam modules to check if we can approve this user"); */
+
+ /* use pam either way, copy from normal user name when not explicitly inputed */
+ if (use_pam_auth_explicit == 0)
{
- int reply;
- char replytxt[128];
- char pam_error[128];
- const char *additionalError;
- xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control...");
+ log_message(LOG_LEVEL_DEBUG, "pam parameters not defined, copy from user input");
+ g_strncpy(pam_auth_username, username, 255);
+ g_strncpy(pam_auth_password, password, 255);
+ g_strncpy(pam_auth_sessionIP, "127.0.0.1", 255);
+ }
- /* g_writeln("we use pam modules to check if we can approve this user"); */
- if (!g_strncmp(pam_auth_username, "same", 255))
- {
- log_message(LOG_LEVEL_DEBUG, "pamusername copied from username - same: %s", username);
- g_strncpy(pam_auth_username, username, 255);
- }
+ if (!g_strncmp(pam_auth_username, "same", 255))
+ {
+ log_message(LOG_LEVEL_DEBUG, "pamusername copied from username - same: %s", username);
+ g_strncpy(pam_auth_username, username, 255);
+ }
- if (!g_strncmp(pam_auth_password, "same", 255))
- {
- log_message(LOG_LEVEL_DEBUG, "pam_auth_password copied from username - same: %s", password);
- g_strncpy(pam_auth_password, password, 255);
- }
+ if (!g_strncmp(pam_auth_password, "same", 255))
+ {
+ log_message(LOG_LEVEL_DEBUG, "pam_auth_password copied from username - same: %s", password);
+ g_strncpy(pam_auth_password, password, 255);
+ }
- /* access_control return 0 on success */
- reply = access_control(pam_auth_username, pam_auth_password, pam_auth_sessionIP);
+ /* access_control return 0 on success */
+ reply = access_control(pam_auth_username, pam_auth_password, NULL, pam_auth_sessionIP, 4);
- g_sprintf(replytxt, "Reply from access control: %s",
- getPAMError(reply, pam_error, 127));
+ g_sprintf(replytxt, "Reply from access control: %s",
+ getPAMError(reply, pam_error, 127));
- xrdp_wm_log_msg(self->wm, replytxt);
- log_message(LOG_LEVEL_INFO, replytxt);
- additionalError = getPAMAdditionalErrorInfo(reply, self);
- if (additionalError)
+ xrdp_wm_log_msg(self->wm, replytxt);
+ log_message(LOG_LEVEL_INFO, replytxt);
+ additionalError = getPAMAdditionalErrorInfo(reply, self);
+ if (additionalError)
+ {
+ g_snprintf(replytxt, 127, "%s", additionalError);
+ if (replytxt[0])
{
- g_snprintf(replytxt, 127, "%s", additionalError);
- if (replytxt[0])
- {
- xrdp_wm_log_msg(self->wm, replytxt);
- }
+ xrdp_wm_log_msg(self->wm, replytxt);
}
+ }
+
+ if (reply != 0)
+ {
+ /* show PAM errors */
+ xrdp_wm_show_log(self->wm);
- if (reply != 0)
+ if (reply == PAM_NEW_AUTHTOK_REQD)
{
- rv = 1;
- return rv;
+ /* show new password window */
+ xrdp_wm_set_login_mode(self->wm, 20);
}
+ rv = 1;
+ return rv;
}
+
#endif
#endif
@@ -1923,6 +1952,59 @@ xrdp_mm_connect(struct xrdp_mm *self)
}
/*****************************************************************************/
+/* return 0 on success */
+int APP_CC
+xrdp_mm_change_expired_password(struct xrdp_mm *self)
+{
+ int rv = -1;
+ int index;
+ int count;
+ int old_idx;
+ int new_idx;
+ char *username;
+ char *password;
+ char *newpass;
+ char sessionIP[256];
+ char *name;
+ char *value;
+
+ username = 0;
+ password = 0;
+ count = self->login_names->count;
+
+ for (index = 0; index < count; index++)
+ {
+ name = (char *)list_get_item(self->login_names, index);
+ value = (char *)list_get_item(self->login_values, index);
+
+ if (g_strcasecmp(name, "username") == 0)
+ {
+ username = value;
+ }
+ else if (g_strcasecmp(name, "password") == 0)
+ {
+ password = value;
+ old_idx = index;
+ }
+ else if (g_strcasecmp(name, "newpass") == 0)
+ {
+ newpass = value;
+ new_idx = index;
+ }
+ g_strncpy(sessionIP, "127.0.0.1", 255);
+ }
+ rv = access_control(username, password, newpass, sessionIP, 5);
+ if (rv == 0)
+ {
+ list_remove_item (self->login_names, old_idx);
+ list_remove_item (self->login_values, old_idx);
+ list_add_item (self->login_names, (tbus)g_strdup("password"));
+ list_add_item (self->login_values, (tbus)g_strdup(newpass));
+ }
+ return rv;
+}
+
+/*****************************************************************************/
int APP_CC
xrdp_mm_get_wait_objs(struct xrdp_mm *self,
tbus *read_objs, int *rcount,
diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h
index 29aaac8..498e8dd 100644
--- a/xrdp/xrdp_types.h
+++ b/xrdp/xrdp_types.h
@@ -335,6 +335,7 @@ struct xrdp_wm
struct xrdp_cache* cache;
int palette[256];
struct xrdp_bitmap* login_window;
+ struct xrdp_bitmap* newpass_window;
/* generic colors */
int black;
int grey;
diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c
index 39bd038..7661408 100644
--- a/xrdp/xrdp_wm.c
+++ b/xrdp/xrdp_wm.c
@@ -1786,6 +1786,34 @@ xrdp_wm_login_mode_changed(struct xrdp_wm *self)
self->dragging = 0;
xrdp_wm_set_login_mode(self, 11);
}
+ else if (self->login_mode == 20)
+ {
+ /* keep log window open */
+ if (self->log_wnd == 0)
+ {
+ xrdp_wm_delete_all_childs(self);
+ }
+ /* show update expired password window */
+ self->dragging = 0;
+ xrdp_newpass_wnd_create(self);
+ xrdp_bitmap_invalidate(self->screen, 0);
+ xrdp_wm_set_focused(self, self->newpass_window);
+ xrdp_wm_set_login_mode(self, 21);
+ }
+ else if (self->login_mode == 22)
+ {
+ /* do change expired password session */
+ xrdp_wm_delete_all_childs(self);
+ self->dragging = 0;
+ if (xrdp_mm_change_expired_password(self->mm) == 0)
+ {
+ xrdp_wm_set_login_mode(self, 2); /* with password updated, connect again */
+ }
+ else
+ {
+ xrdp_wm_set_login_mode(self, 20); /* try to change password again */
+ }
+ }
return 0;
}
@@ -1830,11 +1858,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitmap *wnd,
xrdp_bitmap_invalidate(wm->screen, &rect);
/* if module is gone, reset the session when ok is clicked */
+ /* unless we are to update password */
if (wm->mm->mod_handle == 0)
{
/* make sure autologin is off */
wm->session->client_info->rdp_autologin = 0;
- xrdp_wm_set_login_mode(wm, 0); /* reset session */
+ if (wm->login_mode == 21)
+ {
+ xrdp_wm_set_login_mode(wm, 20); /* try update password again */
+ }
+ else
+ {
+ xrdp_wm_set_login_mode(wm, 0); /* reset session */
+ }
}
}
}
@@ -1893,6 +1929,9 @@ xrdp_wm_show_log(struct xrdp_wm *self)
return 0;
}
+ /* delete all dialogs, they will be created when needed anyway */
+ xrdp_wm_delete_all_childs(self);
+
if (self->log_wnd == 0)
{
w = DEFAULT_WND_LOG_W;
--
2.6.6

46
xrdp-filter-tab-from-mstsc-on-focus-change.patch Normal file

@ -0,0 +1,46 @@
From b8c6e8a1ef89d53d2c6a3e0e45c97d270ca1b94b Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Fri, 22 Apr 2016 07:27:31 +0800
Subject: [PATCH] xrdp filter tab from mstsc on focus change
---
xrdp/xrdp_wm.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c
index 362d0d0..9a2e013 100644
--- a/xrdp/xrdp_wm.c
+++ b/xrdp/xrdp_wm.c
@@ -1427,6 +1427,7 @@ xrdp_wm_key(struct xrdp_wm *self, int device_flags, int scan_code)
{
int msg;
struct xrdp_key_info *ki;
+ static int last_key_status = -1;
/*g_printf("count %d\n", self->key_down_list->count);*/
scan_code = scan_code % 128;
@@ -1472,7 +1473,12 @@ xrdp_wm_key(struct xrdp_wm *self, int device_flags, int scan_code)
if (ki != 0)
{
- self->mm->mod->mod_event(self->mm->mod, msg, ki->chr, ki->sym,
+ if ((last_key_status != WM_KEYDOWN) && (scan_code == 15) && (device_flags == KBD_FLAG_UP))
+ {
+ g_writeln("Don't track Tab keys from Windows when Max/Min or Move the rdp client window.\n");
+ }
+ else
+ self->mm->mod->mod_event(self->mm->mod, msg, ki->chr, ki->sym,
scan_code, device_flags);
}
}
@@ -1483,6 +1489,7 @@ xrdp_wm_key(struct xrdp_wm *self, int device_flags, int scan_code)
msg, scan_code, device_flags);
}
+ last_key_status = msg;
return 0;
}
--
2.6.6

59
xrdp-fix-buildtime-warnings.patch Normal file

@ -0,0 +1,59 @@
commit ded462ab8eb4e8bd3e275961854a77dc9adb6537
Author: Jay Sorg <jay.sorg@gmail.com>
Date: Tue Dec 29 13:28:15 2015 -0800
chansrv: fix some warnings
diff --git a/sesman/chansrv/chansrv_fuse.c b/sesman/chansrv/chansrv_fuse.c
index bf194a0..ed18045 100644
--- a/sesman/chansrv/chansrv_fuse.c
+++ b/sesman/chansrv/chansrv_fuse.c
@@ -62,8 +62,8 @@ char g_fuse_clipboard_path[256] = ""; /* for clipboard use */
#include "chansrv_fuse.h"
/* dummy calls when XRDP_FUSE is not defined */
-int xfuse_init() { return 0; }
-int xfuse_deinit() { return 0; }
+int xfuse_init(void) { return 0; }
+int xfuse_deinit(void) { return 0; }
int xfuse_check_wait_objs(void) { return 0; }
int xfuse_get_wait_objs(tbus *objs, int *count, int *timeout) { return 0; }
int xfuse_clear_clip_dir(void) { return 0; }
@@ -74,7 +74,7 @@ int xfuse_create_share(tui32 device_id, char *dirname) { r
void xfuse_devredir_cb_open_file(void *vp, tui32 IoStatus, tui32 DeviceId, tui32 FileId) {}
void xfuse_devredir_cb_write_file(void *vp, char *buf, size_t length) {}
void xfuse_devredir_cb_read_file(void *vp, char *buf, size_t length) {}
-int xfuse_devredir_cb_enum_dir(void *vp, struct xrdp_inode *xinode) {}
+int xfuse_devredir_cb_enum_dir(void *vp, struct xrdp_inode *xinode) { return 0; }
void xfuse_devredir_cb_enum_dir_done(void *vp, tui32 IoStatus) {}
void xfuse_devredir_cb_rmdir_or_file(void *vp, tui32 IoStatus) {}
void xfuse_devredir_cb_rename_file(void *vp, tui32 IoStatus) {}
@@ -253,8 +253,8 @@ static int g_fd = 0;
static tintptr g_bufsize = 0;
/* forward declarations for internal access */
-static int xfuse_init_xrdp_fs();
-static int xfuse_deinit_xrdp_fs();
+static int xfuse_init_xrdp_fs(void);
+static int xfuse_deinit_xrdp_fs(void);
static int xfuse_init_lib(struct fuse_args *args);
static int xfuse_is_inode_valid(int ino);
@@ -264,7 +264,7 @@ static void xfuse_create_file(fuse_req_t req, fuse_ino_t parent,
const char *name, mode_t mode, int type);
#endif
-static void xfuse_dump_fs();
+static void xfuse_dump_fs(void);
static void xfuse_dump_xrdp_inode(struct xrdp_inode *xino);
static tui32 xfuse_get_device_id_for_inode(tui32 ino, char *full_path);
static void fuse_reverse_pathname(char *full_path, char *reverse_path);
@@ -281,7 +281,7 @@ static int xfuse_delete_file(int parent, char *name);
static int xfuse_delete_file_with_xinode(XRDP_INODE *xinode);
static int xfuse_delete_dir_with_xinode(XRDP_INODE *xinode);
static int xfuse_recursive_delete_dir_with_xinode(XRDP_INODE *xinode);
-static void xfuse_update_xrdpfs_size();
+static void xfuse_update_xrdpfs_size(void);
static void xfuse_enum_dir(fuse_req_t req, fuse_ino_t ino, size_t size,
off_t off, struct fuse_file_info *fi);

11
xrdp-implicit-definitions.patch

@ -1,11 +0,0 @@
diff -ur a/xrdp/xrdp.h b/xrdp/xrdp.h
--- a/xrdp/xrdp.h 2015-10-03 15:43:22.000000000 +0530
+++ b/xrdp/xrdp.h 2015-10-03 15:45:12.000000000 +0530
@@ -37,6 +37,7 @@
#include "file.h"
#include "file_loc.h"
#include "xrdp_client_info.h"
+#include "string.h"
/* xrdp.c */
long APP_CC

25
xrdp-openSUSE-logo.patch Normal file

@ -0,0 +1,25 @@
From f90a6e8ec3f15adca3af5716f550412dc0f56fc8 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Fri, 5 Aug 2016 17:03:50 +0800
Subject: [PATCH] change logo in login dialog for openSUSE
---
xrdp/xrdp.ini | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini
index df3f97e..d49826a 100644
--- a/xrdp/xrdp.ini
+++ b/xrdp/xrdp.ini
@@ -84,7 +84,7 @@ ls_bg_color=dedede
# logo
# full path to bmp-file or file in shared folder
-ls_logo_filename=
+ls_logo_filename=/usr/share/xrdp/openSUSE.bmp
ls_logo_x_pos=55
ls_logo_y_pos=50
--
2.6.6

27
xrdp-pam.patch Normal file

@ -0,0 +1,27 @@
From d744afa31f03fdc182343d483e54f7594a385478 Mon Sep 17 00:00:00 2001
From: Felix Zhang <fezhang@suse.com>
Date: Mon, 1 Aug 2016 17:08:04 +0800
Subject: [PATCH] pam
---
instfiles/pam.d/xrdp-sesman | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/instfiles/pam.d/xrdp-sesman b/instfiles/pam.d/xrdp-sesman
index 789ce8f..745f75c 100644
--- a/instfiles/pam.d/xrdp-sesman
+++ b/instfiles/pam.d/xrdp-sesman
@@ -1,5 +1,6 @@
#%PAM-1.0
-@include common-auth
-@include common-account
-@include common-session
-@include common-password
+auth include common-auth
+account include common-account
+password include common-password
+session include common-session
+session required pam_loginuid.so
--
2.6.6

384
xrdp.changes

@ -1,54 +1,378 @@
-------------------------------------------------------------------
Mon Oct 5 08:35:34 UTC 2015 - cyberorg@opensuse.org
Tue Aug 30 12:28:07 UTC 2016 - fezhang@suse.com
- fix rsakeys generation test
- Add xrdp-disable-8-bpp-vnc-support.patch:
Disable 8 bpp vnc support. Xvnc drops support for 8 bpp since
1.4.0. Trying to launch Xvnc in 8 bpp will cause it to dump core
(bsc#991059).
-------------------------------------------------------------------
Mon Oct 5 05:11:43 UTC 2015 - cyberorg@opensuse.org
Mon Aug 01 07:28:34 UTC 2016 - fezhang@suse.com
- remove pam patch, using the one provided by the package
- Add obs source services:
+ tar_scm
+ recompress
+ set_version
- Update to version 0.9.0~git.1456906198.f422461:
Fix tarball naming from 0.9.0git to 0.9.0~git to conform openSUSE
naming scheme for pre-release version.
+ Numlock out of sync fix
+ neutrinordp: minor changes, coding style, log level
+ Update faq-compile.txt
+ Change to allow authentication against all authentication
methods.
+ Add details for crypt_level=fips to man page
+ libxrdp: no logic change, tabs to spaces
+ libxrdp: opps, fix typeo
+ Fix "\ _" on jp keyboard
+ xrdp_keyboard.ini: Fix jp keyboard model
+ update xorgxrdp
+ add keyboard options to xrdp_client_info
+ xorgxrdp=68412e5
- Add an extra legacy service action force_stop:
Forcefully killing xrdp processes when it cannot be stopped
normally.
Usage:
$ service xrdp force_stop
or
$ rcxrdp force_stop
- Merge X11:RemoteDesktop and SLE package, unfortunately we have to
drop the original X11:RemoteDesktop xrdp changelog due to
unresolvable chronological inconsistences with the SLE changelog.
+ Add xrdp-default-config.patch:
Rebased from contribution of cyberorg@opensuse.org in original
X11:RemoteDesktop package. Adjust various default settings to
openSUSE standards including removing dysfunctional backend
entries from xrdp login UI (bsc#989309).
+ Add xrdp-openSUSE-logo.patch:
Split from xrdp-default-config.patch. Add openSUSE logo to xrdp
login UI.
Add openSUSE.bmp:
Taken from the original X11:RemoteDesktop package, the logo.
+ Add xrdp-fix-buildtime-warnings.patch:
Fix buid time warnings, backported from commit ded462a.
+ Drop xrdp-lsb.patch:
SysV and LSB init scripts are no longer supported by systemd
(bnc#442211).
+ Update xrdp-avahi.diff (bnc#586785).
+ Update xrdp-pam.patch (bnc#441750).
+ Update xrdp-bsc965647-allow-admin-choose-desktop.patch
(bsc#984834).
+ Upbate xrdp-fate318398-change-expired-password.patch
(FATE#318398).
+ Cleanup specfile.
-------------------------------------------------------------------
Sat Oct 3 13:24:19 UTC 2015 - cyberorg@opensuse.org
Wed Jun 15 12:08:19 UTC 2016 - fezhang@suse.com
- fetch new tarball version 1420692256
- fixes boo #944739
- Split patch into more patches with descriptive names
- Add Requires: xorg-x11-Xvnc
- Update xrdp-bsc965647-allow-admin-choose-desktop.patch:
Fix startwm.sh broken by changed gnome-session environments
(bsc#965647, bsc#984834).
-------------------------------------------------------------------
Mon Dec 1 12:01:00 UTC 2014 - rmilasan@suse.com
Wed Jun 1 08:52:52 UTC 2016 - fezhang@suse.com
- Fix generation of rsakeys.ini
- Fix failed builds on older releases.
- Update xrdp-fate318398-change-expired-password.patch:
Fixed some internal bugs (FATE#318398).
-------------------------------------------------------------------
Mon Jun 9 13:27:30 UTC 2014 - cyberorg@opensuse.org
Mon May 30 13:09:26 UTC 2016 - fezhang@suse.com
- add openSUSE logo and colors closer to openSUSE default theme
- Add xrdp-fate318398-change-expired-password.patch:
Enable the user to update expired password in login window
(FATE#318398).
-------------------------------------------------------------------
Mon Jun 2 21:59:44 UTC 2014 - aj@ajaissle.de
Fri Apr 22 08:10:16 UTC 2016 - fezhang@suse.com
- add sesman.ini.example and xrdp.ini.example
- some spec cleanup
- prevent rsakeys to be replaced on every update
- add sysconfig.xrdp
- add xrdp-rpmlintrc
- Update to version 0.9.0, git master branch id f422461
(FATE#319910).
+ Added FIPS support.
- Drop xrdp-change-default-crypto_level.patch:
fixed upstream (bnc#764044).
- Drop xrdp-some-minor-changes-to-arch.h.patch:
fixed upstream (bnc#910824).
- Drop xrdp-fix-segfaults-in-xrdp-chansrv-code.patch:
fixed upstream (bnc#899105).
- Drop xrdp-add-systemd-support.patch:
fixed upstream (bnc#899105).
- Drop xrdp-tab-from-mstsc-updated.patch:
merged into xrdp-filter-tab-from-mstsc-on-focus-change.patch,
which introduced the bug fixed by this patch (bnc#623534).
- Rebase xrdp-avahi.diff (bnc#586785).
- Rebase xrdp-pam.patch (bnc#441750).
- Rebase xrdp-bsc965647-allow-admin-choose-desktop.patch
(bsc#965647).
- Rebase xrdp-lsb.patch (bnc#442211).
- Rebase xrdp-filter-tab-from-mstsc-on-focus-change.patch
(bnc#601996, bnc#623534).
-------------------------------------------------------------------
Sat May 31 06:28:14 UTC 2014 - cyberorg@opensuse.org
Wed Apr 13 15:25:40 UTC 2016 - fezhang@suse.com
- add xrdp-get-it-working.patch
fixes /etc/pam.d/xrdp-sesman
sane log levels
remove sessions not working properly
- remove devel package as it did not have any real devel files,
it just had symlinks to libs that are needed by xrdp to function
- fix post to add missing files so xrdp can start
- fix rsakeys generation test (bsc#973130) in xrdp.spec.
-------------------------------------------------------------------
Thu May 29 11:07:53 UTC 2014 - aj@ajaissle.de
Wed Mar 2 08:24:46 UTC 2016 - fezhang@suse.com
- Initial package, based on 0.9.0
- allow admin choose desktop (bsc#965647)
add xrdp-bsc965647-allow-admin-choose-desktop.patch
-------------------------------------------------------------------
Tue Dec 23 09:55:03 UTC 2014 - rmilasan@suse.com
- Fix endian issues (bnc#910824).
xrdp-some-minor-changes-to-arch.h.patch.
-------------------------------------------------------------------
Fri Nov 21 09:47:55 CET 2014 - rmilasan@suse.de
- add systemd support into xrdp (bnc#899105).
- fix some segfaults in xrdp-chansrv (bnc#899105).
-------------------------------------------------------------------
Fri Apr 25 08:26:53 UTC 2014 - fezhang@suse.com
- update source to version 0.6.1.
- rebase the following patches (bnc#871761)
- xrdp-avahi.diff (bnc#586785)
- xrdp-lsb.patch (bnc#442211)
- xrdp-pam.patch (bnc#441750)
- xrdp-filter-tab-from-mstsc-on-focus-change.patch (bnc#601996)
- xrdp-tab-from-mstsc-updated.patch (bnc#623534)
- xrdp-change-default-crypto_level.patch (bnc#764044)
- drop the following patches (bnc#871761)
- xrdp-0.4.1..48f00f.diff.bz2
- xrdp-NOMAD.diff
- xrdp-558195-display-id.patch
- xrdp-xdmx-backend-cfg.patch
- xrdp-auth-fix.patch
- xrdp-clean-auth-file.patch
- bug-569797_xrdp-sesman-ini-add-dmx-args.diff
- xrdp-available-display.patch
- xrdp-xdmx-setxkbmap-params.patch
- xrdp-xkb.patch
- xrdp-807610-24-bpp.patch
- xrdp-810265-port-not-available.patch
-------------------------------------------------------------------
Sat May 4 03:08:22 UTC 2013 - dliang@suse.com
- add xrdp-810265-port-not-available.patch to fix bnc#810265
-------------------------------------------------------------------
Mon Mar 25 12:33:54 UTC 2013 - dliang@suse.com
- xrdp-807610-24-bpp.patch add 24 bpp support (bnc#807610)
-------------------------------------------------------------------
Thu Jun 7 06:10:04 UTC 2012 - lzwang@suse.com
- set default crypt level to high. (bnc#764044)
-------------------------------------------------------------------
Mon Jan 9 21:04:22 UTC 2012 - sreeves@suse.com
- Update xrdp-NOMAD.diff to fix remaining issues in bnc#442182.
-------------------------------------------------------------------
Thu Nov 3 10:00:56 UTC 2011 - lzwang@suse.com
- Add xkb support.(bnc#497578)
-------------------------------------------------------------------
Tue Oct 12 08:22:00 UTC 2010 - lzwang@novell.com
- Add xrdp-xdmx-setxkbmap-params.patch to fix bnc#597298.
-------------------------------------------------------------------
Mon Sep 20 16:04:32 CST 2010 - dliang@novell.com
- Update xrdp-clean-auth-file.patch as Marcus Meissner's advice
- Update xrdp-available-display.patch to fix bnc#616761
bnc#616744
- Add xrdp-tab-from-mstsc-updated.patch to fix bnc#623534
-------------------------------------------------------------------
Thu Aug 12 12:19:33 CEST 2010 - ro@suse.de
- fix broken patch xrdp-avahi.diff including a duplicate
hunk from xrdp-NOMAD.diff
-------------------------------------------------------------------
Tue Jun 29 11:57:17 CST 2010 - dliang@novell.com
- xrdp-xdmx-backend-cfg.patch bnc#505015
- add backend option to use different 'depth'
xrdp-filter-tab-from-mstsc-on-focus-change.patch bnc#601996
- filter the fake tab key which is used to notify the session
xrdp-auth-fix.patch bnc#503677
- login even if the first attemp was done by root.
xrdp-clean-auth-file.patch bnc#505015
- clean the auth file when a session was end
bug-569797_xrdp-sesman-ini-add-dmx-args.diff bnc#569797
- disable the compose effect by default.
done by Lance Wang (lzwang@novell.com)
xrdp-available-display.patch : updated patch of bnc#558195
-------------------------------------------------------------------
Thu Apr 1 16:43:18 CST 2010 - dliang@novell.com
- Update xrdp-avahi.diff and xrdp-NOMAD.diff (bnc#586785)
-------------------------------------------------------------------
Thu Mar 4 15:39:01 CST 2010 - dliang@novell.com
- Get the valid unused display id. (bnc#558195)
-------------------------------------------------------------------
Wed Mar 18 18:38:47 EDT 2009 - davidr@novell.com
- Send complete login info requests to sesman. (bnc#486632)
-------------------------------------------------------------------
Tue Mar 17 12:02:39 EDT 2009 - davidr@novell.com
- Use correct X11 rdp port number when display number is
greater than 99. (bnc#484086)
-------------------------------------------------------------------
Wed Feb 25 12:29:27 EST 2009 - davidr@novell.com
- Allow up to 128 simultaneous sessions. (bnc#477376)
-------------------------------------------------------------------
Wed Feb 11 11:20:48 EST 2009 - davidr@novell.com
- Fix a number of vulnerabilities. (bnc#442182) (bnc#466373)
- Don't reset username/password. (bnc#442293)
- Fix xrdp-sesrun. (bnc#466373)
- Fix user name selection support. (bnc#474840)
-------------------------------------------------------------------
Thu Feb 5 13:13:32 EST 2009 - davidr@novell.com
- Add proper Xdmx keyboard layout handling and allow X server to
reset when last client disconnects. (bnc#447682) (bnc#442292)
-------------------------------------------------------------------
Thu Jan 22 16:15:25 EST 2009 - davidr@novell.com
- Fall-back to regular RDP connection when X11 channel
fails. (bnc#450142)
- Make sure multiple RDP connections to the same DMX
session can exist at the same.
-------------------------------------------------------------------
Fri Jan 9 14:57:30 EST 2009 - davidr@novell.com
- Fix multiple buffer overflows. (bnc#450898)
-------------------------------------------------------------------
Tue Jan 6 10:01:45 CET 2009 - davidr@novell.com
- Properly install firewall definition file. (bnc#460835)
-------------------------------------------------------------------
Mon Jan 5 11:27:17 EST 2009 - davidr@novell.com
- Register session as remote. (bnc#441751)
-------------------------------------------------------------------
Tue Dec 23 11:34:28 EST 2008 - hfiguiere@suse.de
- Fixed xrdp-pam.patch according the the last comment in bnc#441750
-------------------------------------------------------------------
Tue Dec 23 12:09:04 CET 2008 - davidr@novell.com
- Add firewall definition (bnc#460835)
source: xrdp.fw
-------------------------------------------------------------------
Tue Dec 9 13:52:52 EST 2008 - hfiguiere@suse.de
- Added patch xrdp-pam.patch: fix pam config file, and fix pam
calls to use the proper service name (bnc#441750)
-------------------------------------------------------------------
Sun Nov 23 08:04:48 EST 2008 - davidr@novell.com
- Use authorization files for all sessions. (bnc#442223)
- Use authorization file for X11rdp. (bnc#442223)
-------------------------------------------------------------------
Tue Nov 18 16:37:57 EST 2008 - davidr@novell.com
- Fix initial screen resolution.
-------------------------------------------------------------------
Wed Nov 12 16:00:48 EST 2008 - davidr@novell.com
- Fix X server startup issue.
* Avoid using unix domain socket files to determine the
presence of X servers.
-------------------------------------------------------------------
Fri Nov 7 14:37:38 EST 2008 - hfiguiere@suse.de
- Remove fuzz from xrdp-avahi.diff
- Add xrdp-lsb.patch
* Make the init script LSB compliant (bnc#442211)
-------------------------------------------------------------------
Fri Nov 7 12:58:50 EST 2008 - hfiguiere@suse.de
- Add /usr/sbin/rcxrdp (bnc#442692)
-------------------------------------------------------------------
Thu Nov 6 17:34:36 CET 2008 - ro@suse.de
- fix last change (just adding "#" does not work for multiline rpm
macros).
-------------------------------------------------------------------
Wed Nov 5 09:43:03 EST 2008 - hfiguiere@suse.de
- Don't enable xrdp by default (bnc#441742)
-------------------------------------------------------------------
Mon Oct 27 15:51:42 EDT 2008 - davidr@novell.com
- Include .so files for modules.
-------------------------------------------------------------------
Mon Oct 27 13:20:18 EDT 2008 - davidr@novell.com
- Update xrdp-NOMAD.diff
* Fix zlib compression.
-------------------------------------------------------------------
Sun Oct 12 12:18:21 EDT 2008 - hfiguiere@suse.de
- Update xrdp-NOMAD.diff
* Fix openSUSE branding
-------------------------------------------------------------------
Wed Oct 8 17:14:18 EDT 2008 - hfiguiere@suse.de
- Update xrdp-avahi.diff
* remove warnings for missing prototypes.
-------------------------------------------------------------------
Wed Sep 17 17:34:08 EDT 2008 - hfiguiere@suse.de
- Update xrdp-NOMAD.diff
* Fix Xdmx command line arguments
* Fix session data matching for XDMX sessions
-------------------------------------------------------------------
Thu Sep 11 19:41:49 EDT 2008 - hfiguiere@suse.de
- Add Avahi support.
- More comprehensive support of NOMAD.
-------------------------------------------------------------------
Tue Sep 2 18:00:38 EDT 2008 - hfiguiere@suse.de
- Initial release.

6
xrdp.fw Normal file

@ -0,0 +1,6 @@
## Name: Remote Desktop Protocol
## Description: Opens ports for Remote Desktop Protocol
# space separated list of allowed TCP ports
TCP="3389"

277
xrdp.spec

@ -1,7 +1,7 @@
#
# spec file for package xrdp
#
# Copyright (c) 2014 Aeneas Jaißle <aj@ajaissle.de>
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -16,197 +16,160 @@
#
%if 0%{?suse_version} >= 1310
%define with_systemd 1
%else
%define with_systemd 0
%endif
%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services
Name: xrdp
Version: 0.9.0git.1420692256
Version: 0.9.0~git.1456906198.f422461
Release: 0
Summary: An open source RDP server
License: Apache-2.0
Summary: Open Source remote desktop protocol (RDP) server
License: Apache-2.0 and GPL-2.0+
Group: System/X11/Utilities
Url: http://www.xrdp.org/
Source0: %{name}-%{version}.tar.xz
Source1: sysconfig.%{name}
Source2: openSUSE.bmp
Url: https://github.com/neutrinolabs/xrdp
Source0: xrdp-%{version}.tar.gz
Source1: xrdp.fw
Source2: sysconfig.xrdp
Source3: force_stop
Source4: openSUSE.bmp
Source100: %{name}-rpmlintrc
# PATCH-FIX-SUSE -- get rid of implicit-definitions warning
Patch0: %{name}-implicit-definitions.patch
# PATCH-FIX-SUSE -- Adjust default settings to openSUSE standards
Patch1: %{name}-default-config.patch
# PATCH-FIX-OPENSUSE xrdp-pam.patch bnc#441750 - hfiguiere@novell.com
Patch1: xrdp-pam.patch
# PATCH-FIX-UPSTREAM xrdp-fix-buildtime-warnings.patch - fezhang@suse.com -- fix warnings in build time, backported from upstream devel branch
Patch2: xrdp-fix-buildtime-warnings.patch
# PATCH-FIX-OPENSUSE xrdp-default-config.patch - cyberorg@opensuse.org -- Adjust default settings to openSUSE standards
Patch3: xrdp-default-config.patch
# PATCH-FIX-OPENSUSE xrdp-disable-8-bpp-vnc-support.patch bsc#991059 - fezhang@suse.com -- disable 8 bpp support for vnc connections
Patch4: xrdp-disable-8-bpp-vnc-support.patch
# PATCH-FEATURE-SLE xrdp-avahi.diff bnc#586785 - hfiguiere@novell.com -- Add Avahi support
Patch11: xrdp-avahi.diff
# PATCH-FIX-SLE xrdp-filter-tab-from-mstsc-on-focus-change.patch bnc#601996 bnc#623534 - dliang@novell.com -- filter the fake tab key which is used to notify the session
Patch12: xrdp-filter-tab-from-mstsc-on-focus-change.patch
# PATCH-FIX-SLE xrdp-bsc965647-allow-admin-choose-desktop.patch bsc#965647 - fezhang@suse.com -- Allow administrator choose the desktop displayed
Patch13: xrdp-bsc965647-allow-admin-choose-desktop.patch
# PATCH-FEATURE-SLE xrdp-fate318398-change-expired-password.patch fate#318398 - fezhang@suse.com -- enable user to update expired password via PAM
Patch14: xrdp-fate318398-change-expired-password.patch
# PATCH-FIX-OPENSUSE xrdp-openSUSE-logo.patch - fezhang@suse.com -- use openSUSE logo in login dialog
Patch21: xrdp-openSUSE-logo.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fuse-devel
BuildRequires: libopenssl-devel
BuildRequires: libtool
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: fdupes
BuildRequires: libX11-devel
BuildRequires: libXfixes-devel
BuildRequires: libXrandr-devel
Requires: xorg-x11-Xvnc
BuildRequires: libavahi-devel
BuildRequires: libtool
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: pkgconfig(systemd)
Requires: xorg-x11-Xvnc
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if 0%{?with_systemd} == 1
%systemd_requires
%else
Requires(pre): %insserv_prereq
%endif
Requires(pre): %fillup_prereq
%description
Based on the work of FreeRDP and rdesktop, xrdp uses the remote desktop
protocol to present a GUI to the user.
The goal of this project is to provide a fully functional Linux terminal
server, capable of accepting connections from rdesktop, freerdp, and
Microsoft's own terminal server / remote desktop clients.
A full functionnal Linux terminal server, capable of accepting
connection from rdesktop and Microsoft's own terminal server / remote
desktop clients.
%prep
%setup -q
cp sesman/sesman.ini sesman/sesman.ini.example
cp xrdp/xrdp.ini xrdp/xrdp.ini.example
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%if ! 0%{?is_opensuse}
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%else
%patch21 -p1
%endif
%build
./bootstrap
%{configure} \
%if 0%{?with_systemd} == 1
--with-systemdsystemunitdir=%{_unitdir} \
%endif
--enable-fuse \
--disable-static
# More confgiure options:
# --enable-jpeg \
# --enable-kerberos \
# --enable-loadpulsemodules \
# --enable-neutrinordp \
# --enable-pamuserpass \
# --enable-simplesound \
# --enable-tjpeg \
# --enable-xrdpdebug \
# --enable-xrdpvr \
%{__make} %{?_smp_mflags}
sh ./bootstrap
%configure \
--with-systemdsystemunitdir=%{_unitdir}
make %{?_smp_mflags}
%install
%{__make} install DESTDIR=%{buildroot}
%if 0%{?with_systemd} == 1
%if 0%{?suse_version} >= 1230
%{__ln_s} %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
%{__ln_s} %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-sesman
%else
%{__ln_s} /sbin/service %{buildroot}%{_sbindir}/rc%{name}
%{__ln_s} /sbin/service %{buildroot}%{_sbindir}/rc%{name}-sesman
%endif
%else
%{__ln_s} %{_initrddir}/%{name} %{buildroot}%{_sbindir}/rc%{name}
make %{?_smp_mflags} DESTDIR=%{buildroot} install
find %{buildroot} -name '*.a' -exec rm {} \;
find %{buildroot} -type f -name "*.la" -delete -print
mkdir -p %{buildroot}/%{_fwdefdir}
install -m 644 %{SOURCE1} %{buildroot}/%{_fwdefdir}/xrdp
mkdir -p %{buildroot}/%{_localstatedir}/adm/fillup-templates
install -m 644 %{SOURCE2} %{buildroot}/%{_localstatedir}/adm/fillup-templates/sysconfig.xrdp
mkdir -p %{buildroot}/%{_prefix}/lib/initscripts/legacy-actions/xrdp
install -m 755 %{SOURCE3} %{buildroot}/%{_prefix}/lib/initscripts/legacy-actions/xrdp/force_stop
%if 0%{?is_opensuse}
install %{SOURCE4} %{buildroot}%{_datadir}/%{name}/
%endif
# create sysconfig file and ghost rsakeys.ini
install -d %{buildroot}%{_localstatedir}/adm/fillup-templates
install %{SOURCE1} %{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
install %{SOURCE2} %{buildroot}%{_datadir}/%{name}/
install instfiles/pam.d/xrdp-sesman.other %{buildroot}%{_sysconfdir}/pam.d/%{name}-sesman
# remove libtool cruft
find %{buildroot}%{_libdir}/%{name} -name *.la -delete
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxrdp
ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcxrdp-sesman
# remove init script that conflicts with systemd service
rm -rf %{buildroot}/%{_initddir}
%fdupes -s %{buildroot}
%if 0%{?with_systemd} == 1
%pre
%service_add_pre %{name}.service
%service_add_pre %{name}-sesman.service
%endif
%preun
%if 0%{?with_systemd} == 1
%service_del_preun %{name}.service
%service_del_preun %{name}-sesman.service
%else
%stop_on_removal
%endif
%service_add_pre xrdp-sesman.service
%service_add_pre xrdp.service
%post
/sbin/ldconfig
%if 0%{?with_systemd} == 1
%service_add_post %{name}.service
%service_add_post %{name}-sesman.service
%fillup_only
%else
%fillup_and_insserv
%endif
# generate a keypair used to perform authentication to the remote client
if [ ! -e %{_sysconfdir}/%{name}/rsakeys.ini ]; then
xrdp-keygen xrdp %{_sysconfdir}/%{name}/rsakeys.ini
if [ $? != 0 ]; then
echo "Could not generate rsakeys.ini, please check manually!"
%service_add_post xrdp-sesman.service
%service_add_post xrdp.service
%{fillup_only -n xrdp}
if [ ! -e %{_sysconfdir}/xrdp/rsakeys.ini ]; then
xrdp-keygen xrdp %{_sysconfdir}/xrdp/rsakeys.ini
if [ $? -ne 0 ] || [ ! -e %{_sysconfdir}/xrdp/rsakeys.ini ]; then
echo "Could not generate rsakeys.ini, please check manually!"
fi
fi
exit 0
%preun
%stop_on_removal
%service_del_preun xrdp.service
%service_del_preun xrdp-sesman.service
%postun
/sbin/ldconfig
%if 0%{?with_systemd} == 1
%service_add_post %{name}.service
%service_add_post %{name}-sesman.service
%else
%insserv_cleanup
%endif
%service_del_postun xrdp.service
%service_del_postun xrdp-sesman.service
%restart_on_update
%files
%defattr(-, root, root, -)
%doc COPYING sesman/sesman.ini.example xrdp/xrdp.ini.example
%config %{_sysconfdir}/pam.d/%{name}-sesman
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/pulse
%config %{_sysconfdir}/%{name}/pulse/default.pa
%config %{_sysconfdir}/%{name}/km-*.ini
%config %{_sysconfdir}/%{name}/xrdp_keyboard.ini
%ghost %config(noreplace) %{_sysconfdir}/%{name}/rsakeys.ini
%config(noreplace) %{_sysconfdir}/%{name}/sesman.ini
%config(noreplace) %{_sysconfdir}/%{name}/startwm.sh
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.ini
%config(noreplace) %{_sysconfdir}/%{name}/%{name}.sh
%config %{_localstatedir}/adm/fillup-templates/sysconfig.%{name}
%{_bindir}/%{name}-dis
%{_bindir}/%{name}-genkeymap
%{_bindir}/%{name}-keygen
%{_bindir}/%{name}-sesadmin
%{_bindir}/%{name}-sesrun
%{_sbindir}/%{name}
%{_sbindir}/%{name}-chansrv
%{_sbindir}/%{name}-sesman
%{_sbindir}/%{name}-sessvc
%{_sbindir}/rc%{name}
%if 0%{?with_systemd} == 1
%{_unitdir}/%{name}.service
%{_unitdir}/%{name}-sesman.service
%{_sbindir}/rc%{name}-sesman
%else
%{_initrddir}/%{name}
%endif
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/libcommon.so*
%{_libdir}/%{name}/libmc.so*
%{_libdir}/%{name}/librdp.so*
%{_libdir}/%{name}/libscp.so*
%{_libdir}/%{name}/libvnc.so*
%{_libdir}/%{name}/libxrdp.so*
%{_libdir}/%{name}/libxrdpapi.so*
%{_libdir}/%{name}/libxup.so*
%{_mandir}/man*/%{name}*.gz
%{_mandir}/man5/sesman.ini.5.gz
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/*
%defattr(-,root,root)
%dir %{_datadir}/xrdp
%dir %{_libdir}/xrdp
%dir %{_sysconfdir}/xrdp
%dir %{_sysconfdir}/xrdp/pulse
%config %{_fwdefdir}/xrdp
%config(noreplace) %{_sysconfdir}/default/xrdp
%config(noreplace) %{_sysconfdir}/pam.d/xrdp-sesman
%config(noreplace) %{_sysconfdir}/xrdp/sesman.ini
%config(noreplace) %{_sysconfdir}/xrdp/xrdp.ini
%doc COPYING *.txt
%{_bindir}/xrdp*
%{_datadir}/xrdp/*
%{_libdir}/xrdp/*
%{_mandir}/man1/*
%{_mandir}/man5/*
%{_mandir}/man8/*
%{_prefix}/lib/initscripts/legacy-actions/xrdp
%{_sbindir}/rc*
%{_sbindir}/xrdp*
%{_sysconfdir}/xrdp/km*.ini
%{_sysconfdir}/xrdp/pulse/default.pa
%{_sysconfdir}/xrdp/xrdp_keyboard.ini
%{_unitdir}/xrdp*
%ghost %{_localstatedir}/log/xrdp-sesman.log
%config(noreplace) %{_sysconfdir}/xrdp/
%ghost %config(noreplace) %{_sysconfdir}/xrdp/rsakeys.ini
%config %{_localstatedir}/adm/fillup-templates/sysconfig.xrdp
%changelog