| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|\
| |
| | |
configure: set default value for enable_strict_locations
|
|/
|
|
| |
This change prints yes or no to configure summary introduced in #1118.
|
| |
|
|\
| |
| | |
sesrun support start other session based on session_code argument
|
| | |
|
|\ \
| | |
| | | |
sesman: Update Xorg help comment for Arch Linux
|
| |/
| |
| |
| | |
As reported in #1106, Arch Linux looks to me like using Xorg wrapper now.
|
|\ \
| | |
| | | |
Remove x11rdp
|
| | | |
|
| |/
| |
| |
| |
| | |
Now x11rdp is replaced with xorgxrdp. Deprecating it.
Repository moved to https://github.com/neutrinolabs/x11rdp.
|
|\ \
| |/
|/| |
docs: '!' is no longer a comment out symbol
|
|/ |
|
|\
| |
| | |
Show OpenSSL version to --version
|
| | |
|
| |
| |
| |
| | |
While here, cleanup --help, --version, and when unknown option.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If you run xrdp with a Unix Domain Socket (UDS) for the port specified in
/etc/xrdp/xrdp.ini then the first connection succeeds but subsequent
connections fail. In fact the UDS is deleted from the filesystem as soon
as the first connection is established.
Test case:
1. Edit /etc/xrdp/xrdp.ini to set "port=/var/run/xrdp-local.socket".
2. Restart xrdp.
3. Run the following. When rdesktop starts up and the logon dialog is
displayed, press "Cancel".
sudo socat TCP-LISTEN:12345 UNIX-CONNECT:/var/run/xrdp-local.socket &
rdesktop localhost:12345
4. Run the following:
sudo socat TCP-LISTEN:12346 UNIX-CONNECT:/var/run/xrdp-local.socket &
rdesktop localhost:12346
Expected behaviour: rdesktop starts up and displays the logon dialog.
Observed behaviour: rdesktop exits with "ERROR: Connection closed" and
socat exits with "No such file or directory.
This is because in the child process after forking, xrdp_listen_fork()
calls trans_delete() which deletes the UDS. Simply commenting out the
g_file_delete() and g_free() fixes this, but that isn't a proper solution
because trans_delete() is called from elsewhere where the UDS might no
longer be wanted.
Fix by adding a function trans_delete_from_child() that frees and clears
listen_filename before calling trans_delete(), and call the new function
from xrdp_listen_fork().
(Workaround: set "fork=false" in /etc/xrdp/xrdp.ini, because
trans_delete() is then not called.)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In common/arch.h, the endianness detection considers all powerpc
architectures as big endian. Since that is not true for ppc64el, I
added a verification that checks other preprocessor macros, only for
ppc cases.
Signed-off-by: Fernando Seiti Furusato <ferseiti@gmail.com>
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 5daa09171e1e6e65a1a3ab969775fdf8affffc37.
Causes "double free". Fix #990 was not correct.
```
[1271363627]: DEV_REDIR dev_redir_proc_device_iocompletion: 738 : entered: IoStatus=0x0 CompletionId=1
[1271363627]: DEV_REDIR dev_redir_proc_device_iocompletion: 839 : got CID_DIRECTORY_CONTROL
[1271363627]: DEV_REDIR dev_redir_proc_query_dir_response: 933 : processing FILE_DIRECTORY_INFORMATION structs
[1271363627]: DEV_REDIR dev_redir_proc_query_dir_response: 968 : FileName: .
[1271363627]: DEV_REDIR devredir_fuse_data_peek: 1335 : returning 0x7f2a9c013410
*** Error in `/usr/sbin/xrdp-chansrv': double free or corruption (out): 0x00007f2a9c13a330 ***
```
Closes: #1025
|
|
|
|
|
| |
also fixes some memory leak introduced in PR#1024.
and adds a check that DH params generated successfully. write a proper log message if not.
|
| |
|
|
|
|
| |
until make it possible to use generated DH parameters per installation.
|
|
|
|
|
| |
as it sources bash_profile. And add comments.
Closes #1009.
|
|
|
| |
Add the missing Swiss French rdp_layout_ definitions, ch(fr) in X11
|
|
|
|
| |
Generated by: openssl dhparam -C 2236
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make it possible to use regular (non EC) EDH ciphers. To make this
possible a Diffie-Hellman parameter must be passed to the openssl
library. There are a few options possible as described in the manuals at
[1] and [2]. Simplest approach is to generate a DH parameter using
openssl dhparam -C <lenght> and include the code into the application.
The lenght used for this commit is 2236 bits long, which is the longest
possible without risking backward incompatibilities with old systems as
stated in [1]. Newer systems should use ECDH anyway, so it makes sense
to keep this method as compatible with older system as possible.
Paramters longer than 2048 should still be secure enough at the time of
writing.
[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3)
|
|
|
|
|
|
|
|
|
|
|
| |
Openssl 1.1.0 and later are enabling ECDH automatically, but for older
version it must be enabled explicitly or all Perfect Forward Secrecy
ciphers will be silently ignored. See also [1]. This commit applies the
same fix as found in CnetOS 7 httpd package to enable automatic ECDH as
found in [2].
[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://git.centos.org/blob/rpms!httpd.git/c7/SOURCES!httpd-2.4.6-ssl-ecdh-auto.patch
|
|
|
|
| |
Related to #1033.
|
|
|
|
|
|
|
|
|
| |
It is not used anywhere in default config. Some config like
`tls_ciphers` might contain `!` like this:
tls_ciphers=FIPS:!aNULL:!eNULL
Fixes #1033.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pull request #650 is not valid to avoid run session twice.
It certainly stops running session twice but causes #1016.
In FreeBSD, sesman process will run like this. The intermediate
sesman is needed to detect session termination correctly.
xrdp-sesman (daemon)
|
+- xrdp-sesman (FreeBSD specific intermediate sesman)
|
+- xrdp-sesman (bsd sesion leader & each session)
|
+- Xorg
+- startwm.sh
+- xrdp-chansrv
To stop runninng session twice correctly, just exit before the
intermediate sesman executes Xorg, WM and chansrv.
|
| |
|
|
|
|
| |
Pointed out by: #919
|
| |
|