- Use clearenv() if it exists
- Don't rely on <limits.h> being pulled in by <sys/param.h>
- Rename the DEFAULT_TYPE macro in sesrun.c. This name appears to be
used on Solaris. It's not a good choice.
Now we've made the XRDP_SOCKET_PATH only writeable by root, it's
safe to move the sesman socket back into this directory. We no longer
need a separate sesmanruntimedir
For some window managers (fvwm2 and fvwm3) if the X server isn't
running and has output it's possible for the window manager to fail or
reconfigure randr incorrectly.
With xrdp-waitfox:
- Install xrdp-waitfox to the BIN dir.
- sesman will run xrdp-waitfox as the logged in user.
- Set an alarm to exit after 30 seconds.
- Try to open env DISPLAY value's display (10 seconds).
- Test for RandR extension.
- Wait for outputs to appear (10 seconds).
Initial integration with cmocka.
The intent is to first apply this to the xrdp unit tests, but until
something uses it directly we'll hold off on updating the Makefile.
xrdp is updated to use the separate authenticate/authorization (AA) and
command processing interface now provided by sesman.
PAM processing has been removed entirely and moved into the seman PAM
module. As a result, gateway processing for proxy use-cases can be
made use of by non-PAM systems.
The version of freetype2 returned by pkg-config --modversion is
not the same as the product release version. Consequently, the
check for version >= 2.8.0 does not work.
To generate new fonts, the freetype2 library is required. This
can now be specified by configure in the usual way. If it's missing,
new fonts cannot be generated.
The TCP socket implementation of sesman has a number of limitations,
namely that it is affected by firewalls, and also that determining the
user on the other end requires a full authentication process.
The advantage of the TCP socket is that sesman and xrdp can be run on
separate machines. This is however not supported by the xorgxrdp
backend (shared memory), and is insecure, in that passwords are sent
in-the-clear, and the connection is susceptible to MitM attacks. This
architecture has been deprecated in release notes since xrdp v0.9.17,
and although it will continue to be supported in any further releases
in the x0.9.x series, it will not be supported in the next major
version.
