Commit Graph

3361 Commits

Author SHA1 Message Date
metalefty
80d349cbd6
Merge pull request #1193 from metalefty/TLSv1.3
TLSv1.3
2018-09-14 16:18:33 +09:00
Koichiro IWAO
171f8e79ed
xrdp: deprecate TLSv1 and TLSv1.1
Most websites disabled TLSv1 (1.0) and TLSv1.1 since March 2018
[1][2][3]. It is HTTPS context but there's few differences between HTTPS
and other TLS connections. Users can whenever re-enable these deprecated
TLS versions by editing xrdp.ini but not enabled by default.

[1] https://www.globalsign.com/en/blog/disable-tls-10-and-all-ssl-versions/
[2] https://www.thesslstore.com/blog/deprecation-tls-1-0-1-1-underway/
[3] https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1/
2018-09-14 11:50:55 +09:00
Koichiro IWAO
1ad8cbb2a0
Document TLSv1.3 support 2018-09-14 11:50:55 +09:00
Koichiro IWAO
74497752dc
Add TLSv1.3 support
Actually, TLSv1.3 will be enabled without this change if xrdp is compiled
with OpenSSL or alternatives which support TLSv1.3. This commit makes to
enable or disable TLSv1.3 explicitly.  Also, this commit adds a log
"TLSv1.3 enabled by config, but not supported by system OpenSSL". if
xrdp installation doesn't support TLSv1.3. It should be user-friendly.
2018-09-14 11:50:55 +09:00
metalefty
98e8cec83d
Merge pull request #1206 from metalefty/xrdp-dis
show more helpful message if xrdp-dis failed
2018-09-12 15:51:07 +09:00
Koichiro IWAO
2a85a65d08
show more helpful message if xrdp-dis failed 2018-09-11 11:58:44 +09:00
jsane
fadbd20baf xrdp: Use configured values instead of hardcoded ones in login_wnd inputs.
Configured ls_label_width and ls_input_width currently only apply to the combo l
abel and dropdown. Other labels and inputs (username, password, port, ...) use hardcoded defaults.

Also had to change the default label width; for the previous value of 60, "username" ends up just a few pixels too wide.
2018-09-07 14:50:45 +02:00
metalefty
5f30ca2f87
Merge pull request #1198 from metalefty/pulse-socket-env
sesman: pass pulse socket name via environment variable
2018-09-04 16:20:09 +09:00
Koichiro IWAO
d6992cf62d
sesman: add XRDP_ prefix to xrdp related environment variable
and remove CHANSRV, use the shorter name
2018-09-04 16:01:40 +09:00
Koichiro IWAO
59f3a79fe4
sesman: pass pulse socket name via environment variable 2018-09-04 16:01:40 +09:00
Jay Sorg
e189be9d2e .gitignore, change configure_params.h to xrdp_configure_options.h 2018-08-13 22:33:45 -07:00
metalefty
1e08bd041c
Merge pull request #1186 from speidy/pulse-remove
chansrv: remove pulseaudio modules from xrdp source tree
2018-08-11 21:54:31 +09:00
Idan Freiberg
5d2c5b1410 chansrv: remove pulseaudio modules from xrdp source tree
its actually an independent code which is not part of xrdp
moved to its own repoistory: https://github.com/neutrinolabs/pulseaudio-modules

Signed-off-by: Idan Freiberg <speidy@gmail.com>
2018-08-03 06:12:53 +03:00
Koichiro IWAO
ff85cb4530
Merge branch 'wfix-pulsechansrv-makefile' into devel 2018-08-03 10:05:46 +09:00
Brandon Wooldridge
8427c3601b Corrected spacing between arguments to cc for Pulseaudio chanserv Makefile 2018-08-02 15:24:46 -07:00
metalefty
b8c7aadcb6
Merge pull request #1168 from metalefty/fix-xrdp-log-path-in-man
docs: fix xrdp's LogFile path in man
2018-07-20 09:15:39 +09:00
metalefty
5b77d2dc7f
Merge pull request #1140 from matt335672/chansrv-atexit
Add atexit() handler to unmount the filesystem on fatal X error
2018-07-20 09:15:18 +09:00
matt335672
c467ba6b04 Add handler for fatal X server conditions
Unless X server failures are caught, these can cause a premature
exit of chansrv, giving it no chance to clean up. This is currently a
particular problem for fuser mounts.
2018-07-19 08:16:29 +01:00
Koichiro IWAO
5d9ff0f544
docs: fix xrdp's LogFile path in man 2018-07-12 18:04:32 +09:00
metalefty
a9e2dcc99f
Merge pull request #1160 from metalefty/prepare-release
Prepare release
2018-06-29 16:58:51 +09:00
Koichiro IWAO
52fd17af0f
Update v0.9.7 release date 2018-06-29 00:37:06 +09:00
Koichiro IWAO
2d3170c007
Bump version to v0.9.7 2018-06-29 00:04:25 +09:00
Koichiro IWAO
860d01cf16
Update NEWS for v0.9.7 2018-06-29 00:04:14 +09:00
metalefty
cb06a28180
Merge pull request #1156 from metalefty/configure_echo
xrdp: print configure options to --version more pretty
2018-06-27 15:27:11 +09:00
Koichiro IWAO
c0c7c3f106
xrdp: unify inconsistent mixed use of
* configure params
* configure options
* configure string
2018-06-27 09:00:55 +09:00
Koichiro IWAO
be05afb30b
xrdp: print configure options to --version more pretty 2018-06-27 09:00:52 +09:00
metalefty
e7c0b11336
Merge pull request #1153 from metalefty/rc-script
FreeBSD: separate rc script into xrdp and xrdp-sesman
2018-06-21 09:24:54 +09:00
metalefty
dbee05d9ed
Merge pull request #1147 from metalefty/defaultwm-fullpath
Accept full path for DefaultWindowManager
2018-06-19 13:06:04 +09:00
Koichiro IWAO
eda1842825
sesman: add comments, no logic change 2018-06-19 12:57:30 +09:00
Koichiro IWAO
6e16b38ecc
sesman: fix potential buffer over flow 2018-06-16 16:44:37 +09:00
Koichiro IWAO
9192e95c96
sesman: fix logging after default_wm change 2018-06-16 16:44:37 +09:00
Koichiro IWAO
6fb18cd5fa
docs: document configurable reconnect script path 2018-06-16 16:44:37 +09:00
Koichiro IWAO
a39b413746
sesman: make the path of reconnect script configurable 2018-06-16 16:44:37 +09:00
Koichiro IWAO
e82f212f34
sesman: accept full path for DefaultWindowManager
Solves: #1143

Also, this idea is inspired by Fedora's patch [1]. Some distro wants to
put all scripts in libexec directory due to SELinux. This enables
distros to put such scripts anywhere.

[1] https://src.fedoraproject.org/cgit/rpms/xrdp.git/tree/xrdp-0.9.6-scripts-libexec.patch?id=02f845c1b8cea781313cf3e9efcd6d7d50341824
2018-06-16 16:44:37 +09:00
Idan Freiberg
036c292120
Merge pull request #1146 from metalefty/sesman-leak
sesman: fix leak in struct config_sesman
2018-06-14 12:43:02 +03:00
metalefty
f83d967f46
Merge pull request #1120 from matt335672/set-env-on-reconnect
Copy the PAM session environment for the reconnect script
2018-06-14 11:04:43 +09:00
Koichiro IWAO
037d4eeece
sesman: fix leak in struct config_sesman 2018-06-13 17:20:03 +09:00
metalefty
91c5ee4475
Merge pull request #1142 from metalefty/dont-spit-on-the-console-sesman
Dont spit on the console (sesman)
2018-06-11 11:56:40 +09:00
Koichiro IWAO
2262f1361f
sesman: close stdout/stderr earlier
not to spit on the console
2018-06-05 00:19:36 +09:00
Koichiro IWAO
6ae3052a0f
sesman: don't spit on the console when starting
As the Debian patch[1] expresses, spitting messages on the console when
a process starts in background is a bad idea. Everything should be
written to log file and daemon should start silently. This is a first
step to shut up daemons.

Got some idea from Debian Remote Maintainers and Thorsten Glaser,
thanks!

[1] 2751ad4d62/debian/patches/shutup-daemon.diff
2018-06-05 00:19:36 +09:00
Koichiro IWAO
19fa26a27e
sesman: don't print config in reader function
reader function should just read. Add config_dump function to print read
config.
2018-06-05 00:19:35 +09:00
Koichiro IWAO
de33a7832e
sesman: s/XOrg/Xorg/g, no logic change
X.Org is usually spelled X.Org or Xorg.
2018-06-05 00:19:35 +09:00
Koichiro IWAO
e4857b13fa
sesman: config_read_logging function no longer exists 2018-06-05 00:19:33 +09:00
matt335672
cde5b09129 Copy the PAM session environment for the reconnect script
This provides access to variables set at login which may be
required by the script (e.g. KRB5CCNAME)
2018-05-31 10:54:38 +01:00
Koichiro IWAO
72b5088449
FreeBSD: separate rc script into xrdp and xrdp-sesman
to improve fscd(8)[1] compatibility. fscd(8) monitors daemons and
restarts after daemons crashed. We usually want to start, stop, and
restart xrdp and xrdp-sesman separately because restarting xrdp-sesman
means losing existing sessions. This change will enable fscd(8) not to
restart xrdp-sesman together when only xrdp daemon crashes.

Now rc.d/xrdp mainly has following commands:

* start      - starts xrdp
* stop       - stops xrdp
* restart    - stops xrdp, then starts it again
* allstart   - starts both xrdp and xrdp-sesman
* allstop    - stops both
* allrestart - stops both, then start them again
* status     - returns status of xrdp

rc.d/xrdp-sesman doesn't have all- prefixed commands.

[1] https://www.freshports.org/sysutils/fsc/
2018-05-30 01:27:23 +09:00
jsorg71
57015aa088
Merge pull request #1132 from daixj-shterm/devel
fix issue #1112: set SSL object's read_ahead flag to be 0
2018-05-27 01:09:14 -07:00
Jay Sorg
f6d3fd46b6 don't remove configure_params.h on make clean, only make distclean 2018-05-27 01:05:08 -07:00
Jay Sorg
04a5a0582e distclean remove configure_params.h 2018-05-25 22:17:31 -07:00
Jay Sorg
349616a35d add ipv6only to configure echo and add configure parameter to xrdp -h output 2018-05-25 22:17:31 -07:00
daixj
88b3c06311 fix issue #1112: set SSL object's read_ahead flag to be 0 2018-05-21 11:08:41 +08:00