gnome shell has a way to start different desktop profiles, but all
use the same gnome-session binary.
currently implemented only for debian based distributions
The semantics of this call allowed it to be called more than once when
parsing a message to restart a parse. This is not likely to be
useful in practice, and it also makes reading file descriptors
more complicated. Consequently this function has been removed and
replaced with with libipm_msg_in_get_msgno()
Normally the test runners run in 'forking mode'. When a lot of
messages are logged to stdout, the child process can still be writing
data when the parent writes 'ok' or 'not ok'. This can confuse
the tap-driver.sh process.
- This isn't hooked up to anything yet. That will come later with
further EGFX commits.
- There are some TODO items in this code around the way XRDP handles
caps negotiation and monitor storage.
- This is a great candidate for unit testing in the future.
Although there is nothing in the specification to prevent automatic
logons with empty passwords, this is not a secure default.
The autologon flag INFO_AUTOLOGON ([MS-RDPBCGR] 2.2.1.11.1.1) is now
ignored for empty passwords.
xrdp is updated to use the separate authenticate/authorization (AA) and
command processing interface now provided by sesman.
PAM processing has been removed entirely and moved into the seman PAM
module. As a result, gateway processing for proxy use-cases can be
made use of by non-PAM systems.
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.
sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.
sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
Update sesman to cope with separate authentication/authorization (AA) and
command processing.
Also, internally users are now tracked by UID rather thn username.
This addresses a problem found by some users using federated naming
services (e.g. Active Directory) where the same user can be referred to
in more than one way. See https://github.com/neutrinolabs/xrdp/issues/1823
The separation of AA in this way allows for multiple attempts to be made
on one connection to get a password right. This addresses MaxLoginRetry
not working (https://github.com/neutrinolabs/xrdp/issues/1739)
The previous commit introduced a new interface for the auth modules. This
commit simply updates the other auth modules to use the new interface.
The basic auth module is also updated so that if a user has a shadow
password entry indicated, but the shadow entry cannot be found, an error
is logged rather than silently succeeding.
The BSD authentication module is also updated to allow it to be
compiled on a Linux system for basic testing.
