As the Debian patch[1] expresses, spitting messages on the console when
a process starts in background is a bad idea. Everything should be
written to log file and daemon should start silently. This is a first
step to shut up daemons.
Got some idea from Debian Remote Maintainers and Thorsten Glaser,
thanks!
[1] 2751ad4d62/debian/patches/shutup-daemon.diff
to improve fscd(8)[1] compatibility. fscd(8) monitors daemons and
restarts after daemons crashed. We usually want to start, stop, and
restart xrdp and xrdp-sesman separately because restarting xrdp-sesman
means losing existing sessions. This change will enable fscd(8) not to
restart xrdp-sesman together when only xrdp daemon crashes.
Now rc.d/xrdp mainly has following commands:
* start - starts xrdp
* stop - stops xrdp
* restart - stops xrdp, then starts it again
* allstart - starts both xrdp and xrdp-sesman
* allstop - stops both
* allrestart - stops both, then start them again
* status - returns status of xrdp
rc.d/xrdp-sesman doesn't have all- prefixed commands.
[1] https://www.freshports.org/sysutils/fsc/
If you run xrdp with a Unix Domain Socket (UDS) for the port specified in
/etc/xrdp/xrdp.ini then the first connection succeeds but subsequent
connections fail. In fact the UDS is deleted from the filesystem as soon
as the first connection is established.
Test case:
1. Edit /etc/xrdp/xrdp.ini to set "port=/var/run/xrdp-local.socket".
2. Restart xrdp.
3. Run the following. When rdesktop starts up and the logon dialog is
displayed, press "Cancel".
sudo socat TCP-LISTEN:12345 UNIX-CONNECT:/var/run/xrdp-local.socket &
rdesktop localhost:12345
4. Run the following:
sudo socat TCP-LISTEN:12346 UNIX-CONNECT:/var/run/xrdp-local.socket &
rdesktop localhost:12346
Expected behaviour: rdesktop starts up and displays the logon dialog.
Observed behaviour: rdesktop exits with "ERROR: Connection closed" and
socat exits with "No such file or directory.
This is because in the child process after forking, xrdp_listen_fork()
calls trans_delete() which deletes the UDS. Simply commenting out the
g_file_delete() and g_free() fixes this, but that isn't a proper solution
because trans_delete() is called from elsewhere where the UDS might no
longer be wanted.
Fix by adding a function trans_delete_from_child() that frees and clears
listen_filename before calling trans_delete(), and call the new function
from xrdp_listen_fork().
(Workaround: set "fork=false" in /etc/xrdp/xrdp.ini, because
trans_delete() is then not called.)
In common/arch.h, the endianness detection considers all powerpc
architectures as big endian. Since that is not true for ppc64el, I
added a verification that checks other preprocessor macros, only for
ppc cases.
Signed-off-by: Fernando Seiti Furusato <ferseiti@gmail.com>
make it possible to use regular (non EC) EDH ciphers. To make this
possible a Diffie-Hellman parameter must be passed to the openssl
library. There are a few options possible as described in the manuals at
[1] and [2]. Simplest approach is to generate a DH parameter using
openssl dhparam -C <lenght> and include the code into the application.
The lenght used for this commit is 2236 bits long, which is the longest
possible without risking backward incompatibilities with old systems as
stated in [1]. Newer systems should use ECDH anyway, so it makes sense
to keep this method as compatible with older system as possible.
Paramters longer than 2048 should still be secure enough at the time of
writing.
[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3)
Koichiro IWAO