X-Git-Url: https://git.tld-linux.org/?a=blobdiff_plain;f=config.patch;h=fddebd73f6fef65b88808fed32294581b4d411e0;hb=refs%2Fheads%2Fmaster;hp=553344cdb740de1114be8a1212ee9d54a6b7a69b;hpb=bf524922b592ede951bacfb56ea09c3dca93b462;p=packages%2Fxrdp.git diff --git a/config.patch b/config.patch index 553344c..fddebd7 100644 --- a/config.patch +++ b/config.patch @@ -1,36 +1,44 @@ -diff -ur xrdp-0.9.7.orig/sesman/sesman.ini xrdp-0.9.7/sesman/sesman.ini ---- xrdp-0.9.7.orig/sesman/sesman.ini 2018-06-29 08:18:27.000000000 +0000 -+++ xrdp-0.9.7/sesman/sesman.ini 2018-07-04 18:54:10.174090693 +0000 -@@ -14,11 +14,11 @@ +diff -ur xrdp-0.10.0.orig/sesman/sesman.ini xrdp-0.10.0/sesman/sesman.ini +--- xrdp-0.10.0.orig/sesman/sesman.ini 2024-05-10 16:14:05.000000000 +0200 ++++ xrdp-0.10.0/sesman/sesman.ini 2024-06-13 19:35:30.492411263 +0200 +@@ -12,13 +12,13 @@ + ReconnectScript=reconnectwm.sh + [Security] - AllowRootLogin=true +-AllowRootLogin=true ++AllowRootLogin=false MaxLoginRetry=4 -TerminalServerUsers=tsusers -TerminalServerAdmins=tsadmins -+TerminalServerUsers=users ++TerminalServerUsers=xrdp +TerminalServerAdmins=root ; When AlwaysGroupCheck=false access will be permitted ; if the group TerminalServerUsers is not defined. -AlwaysGroupCheck=false +AlwaysGroupCheck=true - - [Sessions] - ;; X11DisplayOffset - x11 display number offset -@@ -55,10 +55,10 @@ - Policy=Default + ; When RestrictOutboundClipboard=all clipboard from the + ; server is not pushed to the client. + ; In addition, you can control text/file/image transfer restrictions +@@ -109,13 +109,13 @@ [Logging] + ; Note: Log levels can be any of: core, error, warning, info, debug, or trace -LogFile=xrdp-sesman.log --LogLevel=DEBUG +LogFile=/dev/null -+LogLevel=INFO - EnableSyslog=1 --SyslogLevel=DEBUG + LogLevel=INFO + EnableSyslog=true +-#SyslogLevel=INFO +-#EnableConsole=false +-#ConsoleLevel=INFO +-#EnableProcessId=false +SyslogLevel=INFO ++EnableConsole=false ++ConsoleLevel=INFO ++EnableProcessId=false - ; - ; Session definitions - startup command-line parameters for each session type -@@ -81,8 +81,8 @@ + [LoggingPerLogger] + ; Note: per logger configuration is only used if xrdp is built with +@@ -147,8 +147,8 @@ param=-noreset param=-nolisten param=tcp @@ -39,27 +47,42 @@ diff -ur xrdp-0.9.7.orig/sesman/sesman.ini xrdp-0.9.7/sesman/sesman.ini +#param=-logfile +#param=.xorgxrdp.%s.log - [X11rdp] - param=X11rdp -diff -ur xrdp-0.9.7.orig/xrdp/xrdp.ini xrdp-0.9.7/xrdp/xrdp.ini ---- xrdp-0.9.7.orig/xrdp/xrdp.ini 2018-06-29 08:18:27.000000000 +0000 -+++ xrdp-0.9.7/xrdp/xrdp.ini 2018-07-04 18:55:55.985084386 +0000 -@@ -118,10 +118,10 @@ - ls_btn_cancel_height=30 + [Xvnc] + param=Xvnc +diff -ur xrdp-0.10.0.orig/xrdp/xrdp.ini xrdp-0.10.0/xrdp/xrdp.ini +--- xrdp-0.10.0.orig/xrdp/xrdp.ini 2024-05-10 16:14:05.000000000 +0200 ++++ xrdp-0.10.0/xrdp/xrdp.ini 2024-06-13 19:36:33.477301111 +0200 +@@ -5,6 +5,9 @@ + ; fork a new process for each incoming connection + fork=true + ++; IP address to listen ++#address=127.0.0.1 ++ + ; ports to listen on, number alone means listen on all interfaces + ; 0.0.0.0 or :: if ipv6 is configured + ; space between multiple occurrences +@@ -195,13 +198,13 @@ [Logging] + ; Note: Log levels can be any of: core, error, warning, info, debug, or trace -LogFile=xrdp.log --LogLevel=DEBUG +LogFile=/dev/null -+LogLevel=INFO + LogLevel=INFO EnableSyslog=true --SyslogLevel=DEBUG +-#SyslogLevel=INFO +-#EnableConsole=false +-#ConsoleLevel=INFO +-#EnableProcessId=false +SyslogLevel=INFO - ; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug ++EnableConsole=false ++ConsoleLevel=INFO ++EnableProcessId=false - [Channels] -@@ -153,24 +153,24 @@ - ; Some session types such as Xorg, X11rdp and Xvnc start a display server. + [LoggingPerLogger] + ; Note: per logger configuration is only used if xrdp is built with +@@ -234,13 +237,13 @@ + ; Some session types such as Xorg and Xvnc start a display server. ; Startup command-line parameters for the display server are configured ; in sesman.ini. See and configure also sesman.ini. -[Xorg] @@ -67,60 +90,22 @@ diff -ur xrdp-0.9.7.orig/xrdp/xrdp.ini xrdp-0.9.7/xrdp/xrdp.ini -lib=libxup.so -username=ask -password=ask --ip=127.0.0.1 -port=-1 -code=20 -- --[X11rdp] --name=X11rdp --lib=libxup.so --username=ask --password=ask --ip=127.0.0.1 --port=-1 --xserverbpp=24 --code=10 +#[Xorg] +#name=Xorg +#lib=libxup.so +#username=ask +#password=ask -+#ip=127.0.0.1 +#port=-1 +#code=20 -+ -+#[X11rdp] -+#name=X11rdp -+#lib=libxup.so -+#username=ask -+#password=ask -+#ip=127.0.0.1 -+#port=-1 -+#xserverbpp=24 -+#code=10 [Xvnc] name=Xvnc -@@ -182,43 +182,43 @@ - #xserverbpp=24 - #delay_ms=2000 - --[console] --name=console --lib=libvnc.so --ip=127.0.0.1 --port=5900 --username=na --password=ask -+#[console] -+#name=console -+#lib=libvnc.so -+#ip=127.0.0.1 -+#port=5900 -+#username=na -+#password=ask - #delay_ms=2000 - +@@ -262,13 +265,13 @@ + ; Generic VNC Proxy + ; Tailor this to specific hosts and VNC instances by specifying an ip + ; and port and setting a suitable name. -[vnc-any] -name=vnc-any -lib=libvnc.so @@ -137,39 +122,27 @@ diff -ur xrdp-0.9.7.orig/xrdp/xrdp.ini xrdp-0.9.7/xrdp/xrdp.ini +#password=ask #pamusername=asksame #pampassword=asksame - #pamsessionmng=127.0.0.1 #delay_ms=2000 - --[sesman-any] --name=sesman-any --lib=libvnc.so --ip=ask --port=-1 --username=ask --password=ask -+#[sesman-any] -+#name=sesman-any -+#lib=libvnc.so -+#ip=ask -+#port=-1 -+#username=ask -+#password=ask - #delay_ms=2000 - +@@ -276,15 +279,15 @@ + ; Generic RDP proxy using NeutrinoRDP + ; Tailor this to specific hosts by specifying an ip and port and setting + ; a suitable name. -[neutrinordp-any] -name=neutrinordp-any ++#[neutrinordp-any] ++#name=neutrinordp-any + ; To use this section, you should build xrdp with configure option + ; --enable-neutrinordp. -lib=libxrdpneutrinordp.so -ip=ask -port=ask3389 -username=ask -password=ask -+#[neutrinordp-any] -+#name=neutrinordp-any +#lib=libxrdpneutrinordp.so +#ip=ask +#port=ask3389 +#username=ask +#password=ask - - ; You can override the common channel settings for each session type - #channel.rdpdr=true + ; Uncomment the following lines to enable PAM authentication for proxy + ; connections. + #pamusername=ask