Commit Graph

120 Commits

Author SHA1 Message Date
matt335672
1a48527df9 Update xrdp for separate AA and session creation
xrdp is updated to use the separate authenticate/authorization (AA) and
command processing interface now provided by sesman.

PAM processing has been removed entirely and moved into the seman PAM
module. As a result, gateway processing for proxy use-cases can be
made use of by non-PAM systems.
2022-12-22 11:35:02 +00:00
matt335672
851bed680c Update sesman tools for new interfaces
The sesman tools sesrun and sesadmin now use the separate
authentication/authorization (AA) interface introduced to
sesman by the previous comment.

sesrun can use either password or UDS authentication. With some
limitations, this can allow for automatic creation of sessions for local
users without a password being needed.

sesadmin now operates using UDS logins only and so a username and
password are not required. To use sesadmin for another user, use
su/sudo/doas to authenticate as the other user.
2022-12-22 11:35:02 +00:00
matt335672
cce78b0698
Merge pull request #2407 from alexpevzner/devel
LogFile=- redirects log to stdout, which is useful for debugging
2022-12-12 20:33:04 +00:00
Alexander Pevzner
5d6123a046 Documentation of log file redirection to <stdout> updated
Since multiple processes can write logs simultaneously, and there
is no explicit synchronization between them, logs redirected to
stdout may interleave. When logging to the disk file, synchronization
is obtained by using a combination of O_APPEND and O_SYNC flags when
log file is being opened, which is not possible when <stdout>
redirection is in use.

So documentation is updated to cleanly notify that this is debug-only
feature, not for regular use
2022-12-12 19:14:54 +03:00
matt335672
3a0a932472 Add --reload option to sesman
Adds a --reload switch to sesman and plumbs this in
to systemctl reload xrdp-sesman.service
2022-11-09 09:46:36 +00:00
Alexander Pevzner
6c2bc83ec9 LogFile in sesman.ini(5) updated too
docs/man/sesman.ini.5.in
2022-11-04 22:34:53 +03:00
Alexander Pevzner
d6e888cf38 Use LogFile=<stdiut> instead of LogFile=- to redirect log to stdout 2022-11-03 14:44:58 +03:00
Alexander Pevzner
59ca0e1c58 LogFile=- redirects log to stdout, which is useful for debugging 2022-11-02 17:00:44 +03:00
Alexander Georgievskiy
fa138f80f7
xrdp.ini.5.in: Fix mixed up config options 2022-10-12 17:10:34 +03:00
matt335672
a417ab0542 Add font control variables to xrdp.ini
This commit adds the variables fv1_select and default_dpi to
xrdp.ini. These variables allow for a different font to be
loaded, depending on the DPI of the login screen.
2022-09-06 09:42:14 +01:00
matt335672
ae6a55dbac Replace Windows font utility with native utilities
To generate new fonts, the freetype2 library is required. This
can now be specified by configure in the usual way. If it's missing,
new fonts cannot be generated.
2022-09-06 09:31:47 +01:00
a1346054
7fe18cc1c0
fix typos 2022-09-03 02:01:48 +00:00
matt335672
3e488773d7 Updated session allocation policy for sesman
Made session allocation policies more readable and maintainable.

The 'C' policy which was confusing before has been replaced with the
'Separate' keyword. This is a public interface change, but is unlikely
to affect many users.

The logging in session_get_bydata() is substantially improved, making
it far easier to spot why sessions are getting matched or not matched.
2022-05-18 12:35:07 +01:00
matt335672
0db849fc5c Move SCP to a Unix Domain Socket
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.

The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
2022-04-18 09:12:35 +01:00
Kentaro Hayashi
8487c298ba Update sesman.ini.5 explanation about RestrictOutboundClipboard,RestrictOutboundClipboard
RestrictOutboundClipboard,RestrictOutboundClipboard are extended to
accept text,file,image configuration value.
2022-01-14 10:17:02 +09:00
matt335672
2dbec63327 Add Nautilus 3 compatibility 2021-09-16 10:02:02 +01:00
matt335672
32b676472a Add DISPLAY(n) ass a valid form of chansrvport 2021-04-13 12:16:02 +01:00
matt335672
9d229d2318 Minor manpage fixes 2021-01-20 12:55:35 +00:00
matt335672
1e13533048 Remove output on stdout by default on daemon startuip 2021-01-07 10:50:16 +00:00
matt335672
aa5c5daf7e
Merge pull request #1703 from matt335672/issue1048-2
Allow FuseMountName for chansrv to be absolute path (#1048)
Move string funcs from os_calls.h to string_calls.h
2020-12-22 12:10:43 +00:00
aquesnel
4f4458c3a9
Fix typo in sesman.ini man page
The ChansrvLogging section name was added and changed in #1633 but this documentation line was missed when renaming the section name.
2020-12-21 11:43:24 -05:00
matt335672
5523847540 Allow FuseMountName for chansrv to be absolute path 2020-12-21 12:36:31 +00:00
metalefty
835536b406
Merge pull request #1741 from matt335672/sesrun-improvements
sesrun improvements and doc fixes
2020-12-21 13:45:57 +09:00
Koichiro IWAO
6562c9d958 man page fixes after neutrinolabs/xorgxrdp#175 2020-12-18 15:21:21 +09:00
matt335672
633716bbad sesrun improvements and doc fixes 2020-12-09 11:44:17 +00:00
matt335672
e6c1df64d3 Added --config/-c to sesman 2020-12-09 10:19:14 +00:00
robertoetcheverryr
8270331646 Updated man and .ini file regarding address:port parameters. 2020-10-20 23:25:13 -03:00
Alexandre Quesnel
a9ec1ebd99 Unifying logging in chanserv
This commit adds:
* replace multiple logging macros with LOG and LOG_DEVEL
* logging configuration for chanserv
* logging configuration for console output
* logging configuration for per file or method log level filtering for
debug builds
* file, line, and method name in log message for debug builds
2020-10-19 05:10:47 +00:00
matt335672
ebc21fe180 Added -c / --config to xrdp 2020-10-16 10:55:23 +01:00
matt335672
68f0fa7e4d
Merge pull request #1668 from bolkedebruin/enable_token_sso
Add support for token authentication
2020-09-09 10:10:13 +01:00
Bolke de Bruin
0b82f19318 Improve documentation 2020-09-09 09:13:37 +02:00
matt335672
edda1b064d chansrv improved config support 2020-09-08 16:58:03 +01:00
matt335672
a2ca01fdf5 Minor manpage fixes 2020-06-18 12:23:32 +01:00
matt335672
3c4b42b1aa Implemented resize and multimon support for VNC backend 2020-06-04 15:10:35 +01:00
matt335672
4d8f2b5a31 Significant remote file system improvements
- Reimplemented inode store in separate module chansrv_xfs.[hc]
- Allowed atimes and mtimes to be written to Windows side
- Mapped file user write bit to (inverted) Windows FILE_ATTRIBUTE_READONLY bit
- Mapped file user execute bit to Windows FILE_ATTRIBUTE_SYSTEM bit
- Implemented improved security for remotely mounted drives
- Implemented USB device removal, allowing hot-plug/remove of memory sticks
- Fixed pagefile.sys breaking Ubuntu file browser
- Fixed write offset bug
- Allowed renaming of open files
- Improved reported error codes
- Fixed various memory leaks
- Addressed valgrind errors related to struct fuse_file_info pointers.
2019-12-05 11:41:32 +00:00
Koichiro IWAO
46b4a9b7c8
docs: sesman and sesrun now have xrdp- prefix 2019-03-20 16:55:02 +09:00
Krzysztof Adamski
751cd97018 reapply outboud-resitrcted clipboard 2019-02-26 07:40:17 +01:00
Koichiro IWAO
5ea403430a
Sort & reword description of IdleTimeLimit 2018-10-16 16:53:33 +09:00
Koichiro IWAO
f84f3de478
docs: ressurect IdleTimeLimit
This reverts commit 513f767996.
2018-10-10 17:47:12 +09:00
Koichiro IWAO
1ad8cbb2a0
Document TLSv1.3 support 2018-09-14 11:50:55 +09:00
Koichiro IWAO
5d9ff0f544
docs: fix xrdp's LogFile path in man 2018-07-12 18:04:32 +09:00
Koichiro IWAO
6fb18cd5fa
docs: document configurable reconnect script path 2018-06-16 16:44:37 +09:00
Koichiro IWAO
d103e1d83d
docs: '!' is no longer a comment out symbol 2018-04-17 10:57:52 +09:00
Koichiro IWAO
c40baf03e6 docs: document base64 prefill credentials 2017-08-01 08:40:30 +09:00
Koichiro IWAO
1b11c1888f docs: document change of xrdp-chansrv log path 2017-07-06 12:36:47 +09:00
Pavel Roskin
43899b7e0c Allocate space for tls_ciphers dynamically 2017-03-21 10:39:40 -07:00
Jay Sorg
05c599666d sesman: remove sessvc, one less process to manage 2017-03-19 17:16:36 -07:00
Pavel Roskin
58c9cb43e9 Make socket directory configurable, don't hardcode /tmp/.xrdp
Use XRDP_SOCKET_PATH in file_loc.h

Don't define any non-socket paths in file_loc.h, they should come from
the makefiles.

Define all paths unconditionally, they should not be defined elsewhere.

Pass XRDP_SOCKET_PATH as environment variable to the backends.
2017-03-17 22:25:05 -07:00
Koichiro IWAO
849c1a22a2 TLS: switch ssl_protocols to a comma separated list 2017-02-27 14:17:25 +09:00
Koichiro IWAO
03b5be5fd0 docs: document maximum length of tls_ciphers 2017-02-27 14:17:25 +09:00