If xrdp is running with dropped privileges it won't be able to delete
the PID file it's created. Places where xrdp is stopped need to cater
for this.
It's prefereable to do this than make the PID file writeable by xrdp
with dropped privileges, as this can still lead to DoS attacks if an
attacker manages to modify the PID file from a compromised xrdp
process.
- Fix a problem that the xrdp.service fail to auto-start when instructed to listen on a specific interface
- By changing the "network.target" systemd dependency to "network-online.target"
- The "network-online.target", in short, means at least one network interface has finished IP level setup.
- The previously used "network.target" is vague and does not provide such guarantee (ref: man systemd.special(7)).
- Which often cause "xrdp.service" fail to auto-start when the service is configured to listen on a specific interface (e.g. in xrdp.ini, "port=tcp://192.168.0.1:3389"). Because the interface may have not finish setting up its IP, when "xrdp.service" starts.
- The command 'systemd-analyze syscall-filter' shows that the group
@system-service added to the xrdp-service SystemCallFilter
actually includes all of the other listed groups and individual
services. Consequently this line can be simplified to just specify
@system-service.
- (reversion) The SystemCallErrorNumber setting in xrdp.service has been
removed so that unauthorized system calls cause an immediate process exit.
On newer builds of openSUSE tumbleweed the path of pam.d has moved from
/usr/etc/pam.d to /usr/lib/pam.d, which prevents install script to
correctly guess pam rules. Updating path in mkpamrules solves the
problem.
This patch will add the keyboard layout identifier for the Programmer
Dvorak keyboard layout, so that if a Windows client has that layout
active, it will be mapped to the corresponding xkeyboard-config layout
in the X server.
An XFreeRDP client knows about this layout too, and will correspondingly
map it to the identifier given here, making the layout propagate
correctly through X-to-X connections as well.
To replicate the full Windows keyboard layout several options have to
be set as well as the main layout. To avoid having these options spill
over to other layouts that are dumped, the old settings are stored
before the dump and then restored afterwards.
to improve fscd(8)[1] compatibility. fscd(8) monitors daemons and
restarts after daemons crashed. We usually want to start, stop, and
restart xrdp and xrdp-sesman separately because restarting xrdp-sesman
means losing existing sessions. This change will enable fscd(8) not to
restart xrdp-sesman together when only xrdp daemon crashes.
Now rc.d/xrdp mainly has following commands:
* start - starts xrdp
* stop - stops xrdp
* restart - stops xrdp, then starts it again
* allstart - starts both xrdp and xrdp-sesman
* allstop - stops both
* allrestart - stops both, then start them again
* status - returns status of xrdp
rc.d/xrdp-sesman doesn't have all- prefixed commands.
[1] https://www.freshports.org/sysutils/fsc/