From f096f1b0286c3879e0d36ba550f499a1a5cb9d98 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 10:58:19 +0900 Subject: [PATCH 01/25] docs: replace links s/xrdp.sf.net/www.xrdp.org/g --- docs/man/sesman.ini.5 | 2 +- docs/man/xrdp-chansrv.8 | 2 +- docs/man/xrdp-genkeymap.8 | 2 +- docs/man/xrdp-sesman.8 | 2 +- docs/man/xrdp-sesrun.8 | 2 +- docs/man/xrdp-sessvc.8 | 2 +- docs/man/xrdp.8 | 2 +- docs/man/xrdp.ini.5 | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/man/sesman.ini.5 b/docs/man/sesman.ini.5 index 0ae48caf..22965939 100644 --- a/docs/man/sesman.ini.5 +++ b/docs/man/sesman.ini.5 @@ -222,4 +222,4 @@ environment variables in the user's session. .BR xrdp (8), .BR xrdp.ini (5) -For more info on \fBxrdp\fR see http://xrdp.sf.net +For more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-chansrv.8 b/docs/man/xrdp-chansrv.8 index 33d16c06..f9260480 100644 --- a/docs/man/xrdp-chansrv.8 +++ b/docs/man/xrdp-chansrv.8 @@ -43,4 +43,4 @@ Log file used by \fBxrdp\-chansrv\fP(8). .BR xrdp\-sesman (8), .BR sesman.ini (5). -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-genkeymap.8 b/docs/man/xrdp-genkeymap.8 index 9c839187..621ea305 100644 --- a/docs/man/xrdp-genkeymap.8 +++ b/docs/man/xrdp-genkeymap.8 @@ -64,4 +64,4 @@ Simone Fedele .BR unicode (7), .URL "https://github.com/FreeRDP/FreeRDP/wiki/Keyboard" "Description of Keyboard Input mapping" . -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-sesman.8 b/docs/man/xrdp-sesman.8 index 9316e926..595bca26 100644 --- a/docs/man/xrdp-sesman.8 +++ b/docs/man/xrdp-sesman.8 @@ -44,4 +44,4 @@ Simone Fedele .BR xrdp (8), .BR xrdp.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-sesrun.8 b/docs/man/xrdp-sesrun.8 index c48c7eb5..67e61fca 100644 --- a/docs/man/xrdp-sesrun.8 +++ b/docs/man/xrdp-sesrun.8 @@ -47,4 +47,4 @@ Simone Fedele .BR xrdp (8), .BR xrdp.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-sessvc.8 b/docs/man/xrdp-sessvc.8 index 77f75e85..1b6babb7 100644 --- a/docs/man/xrdp-sessvc.8 +++ b/docs/man/xrdp-sessvc.8 @@ -23,4 +23,4 @@ The process ID of the forked Window Manager to monitor. .SH "SEE ALSO" .BR xrdp\-sesrun (8). -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp.8 b/docs/man/xrdp.8 index 6db90076..35806a76 100644 --- a/docs/man/xrdp.8 +++ b/docs/man/xrdp.8 @@ -43,4 +43,4 @@ Simone Fedele .BR sesman.ini (5), .BR sesrun (8) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index e608b1fa..1066c95c 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -245,4 +245,4 @@ ${XRDP_CFG_DIR}/xrdp.ini .BR sesrun (8), .BR sesman.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ From fc32099d25f4fe1e664ba26d71596e4ce9796cf4 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 16:52:17 +0900 Subject: [PATCH 02/25] docs: update man for sesman.ini Not to confuse the default value written in config and the default value will be used when not specified in config use the words "it not specified, defaults to foobar" for the latter. And other miscellaneous changes, - Fix typo - Emphasize the default value --- docs/man/sesman.ini.5 | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/docs/man/sesman.ini.5 b/docs/man/sesman.ini.5 index 22965939..ed380abf 100644 --- a/docs/man/sesman.ini.5 +++ b/docs/man/sesman.ini.5 @@ -47,11 +47,12 @@ Following parameters can be used in the \fB[Globals]\fR section. .TP \fBListenAddress\fR=\fIip address\fR -xrdp-sesman listening address. Default is 0.0.0.0 (all interfaces). +xrdp-sesman listening address. If not specified, defaults to \fI0.0.0.0\fR +(all interfaces). .TP \fBListenPort\fR=\fIport number\fR -xrdp-sesman listening port. Default is 3350. +xrdp-sesman listening port. If not specified, defaults to \fI3350\fR. .TP \fBEnableUserWindowManager\fR=\fI[0|1]\fR @@ -75,8 +76,8 @@ Following parameters can be used in the \fB[Logging]\fR section. .TP \fBLogFile\fR=\fIfilename\fR -Log file path. It can be either absolute or relative. The default is -\fI./sesman.log\fR +Log file path. It can be either absolute or relative. If not specified, +defaults to \fI./sesman.log\fR .TP \fBLogLevel\fR=\fIlevel\fR @@ -111,7 +112,8 @@ Following parameters can be used in the \fB[Sessions]\fR section. .TP \fBX11DisplayOffset\fR=\fInumber\fR The first X display number available for xrdp-sesman. This prevents -xrdp-sesman from interfering with real X11 servers. The default is 10. +xrdp-sesman from interfering with real X11 servers. If not specified, +defaults to \fI10\fR. .TP \fBMaxSessions\fR=\fInumber\fR @@ -170,8 +172,8 @@ terminal server. .TP \fBMaxLoginRetry\fR=\fInumber\fR The number of login attempts that are allowed on terminal server. If set -to \fI0\fR, unlimited attempts are allowed. The default value for this -field is \fI3\fR. +to \fI0\fR, unlimited attempts are allowed. If not specified, defaults to +\fI3\fR. .TP \fBTerminalServerUsers\fR=\fIgroup\fR @@ -207,10 +209,10 @@ Following parameters can be used in the \fB[Chansrv]\fR section. .TP \fBFuseMountName\fR=\fIstring\fR Directory for drive redirection, relative to the user home directory. -Created if it doesn't exist. Defaults to \fIxrdp_client\fR +Created if it doesn't exist. If not specified, defaults to \fIxrdp_client\fR. .SH "SESSIONS VARIABLES" -All entries it the \fB[SessionVariables]\fR section are set as +All entries in the \fB[SessionVariables]\fR section are set as environment variables in the user's session. .SH "FILES" From 4aa75ca2e3914b389c35da747ce3ec02fc9fc564 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 13:47:02 +0900 Subject: [PATCH 03/25] docs: update version to 0.9.0 --- docs/man/sesman.ini.5 | 2 +- docs/man/xrdp-chansrv.8 | 2 +- docs/man/xrdp-dis.1 | 2 +- docs/man/xrdp-genkeymap.8 | 2 +- docs/man/xrdp-keygen.8 | 2 +- docs/man/xrdp-sesman.8 | 2 +- docs/man/xrdp-sesrun.8 | 2 +- docs/man/xrdp-sessvc.8 | 2 +- docs/man/xrdp-xcon.8 | 2 +- docs/man/xrdp.8 | 2 +- docs/man/xrdp.ini.5 | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/man/sesman.ini.5 b/docs/man/sesman.ini.5 index ed380abf..f66a8784 100644 --- a/docs/man/sesman.ini.5 +++ b/docs/man/sesman.ini.5 @@ -1,5 +1,5 @@ .\" -.TH "sesman.ini" "5" "0.1.0" "xrdp team" "" +.TH "sesman.ini" "5" "0.9.0" "xrdp team" "" .SH "NAME" \fBsesman.ini\fR \- Configuration file for \fBxrdp-sesman\fR(8) diff --git a/docs/man/xrdp-chansrv.8 b/docs/man/xrdp-chansrv.8 index f9260480..9fefea57 100644 --- a/docs/man/xrdp-chansrv.8 +++ b/docs/man/xrdp-chansrv.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-chansrv" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-chansrv" "8" "0.9.0" "xrdp team" "" .SH "NAME" \fBxrdp\-chansrv\fR \- \fBxrdp\fR channel server diff --git a/docs/man/xrdp-dis.1 b/docs/man/xrdp-dis.1 index 1f0490c0..e387520e 100644 --- a/docs/man/xrdp-dis.1 +++ b/docs/man/xrdp-dis.1 @@ -1,4 +1,4 @@ -.TH "xrdp-dis" "8" "0.7.0" "xrdp team" +.TH "xrdp-dis" "8" "0.9.0" "xrdp team" .SH NAME xrdp\-dis \- xrdp disconnect utility diff --git a/docs/man/xrdp-genkeymap.8 b/docs/man/xrdp-genkeymap.8 index 621ea305..79baa108 100644 --- a/docs/man/xrdp-genkeymap.8 +++ b/docs/man/xrdp-genkeymap.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-genkeymap" "8" "0.1.0" "xrdp team" "" +.TH "xrdp\-genkeymap" "8" "0.9.0" "xrdp team" "" .de URL . \\$2 \(laURL: \\$1 \(ra\\$3 .. diff --git a/docs/man/xrdp-keygen.8 b/docs/man/xrdp-keygen.8 index 4a7e627e..b888953a 100644 --- a/docs/man/xrdp-keygen.8 +++ b/docs/man/xrdp-keygen.8 @@ -3,7 +3,7 @@ .\" Copyright © 2007, 2008 Vincent Bernat .\" License: GPL-2+ .\"- -.TH xrdp\-keygen 8 "0.7.0" "xrdp team" +.TH xrdp\-keygen 8 "0.9.0" "xrdp team" .SH NAME xrdp\-keygen \- xrdp RSA key generation utility diff --git a/docs/man/xrdp-sesman.8 b/docs/man/xrdp-sesman.8 index 595bca26..17d4c39a 100644 --- a/docs/man/xrdp-sesman.8 +++ b/docs/man/xrdp-sesman.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sesman" "8" "0.1.0" "xrdp team" "" +.TH "xrdp\-sesman" "8" "0.9.0" "xrdp team" "" .SH "NAME" xrdp\-sesman \- \fBxrdp\fR(8) session manager diff --git a/docs/man/xrdp-sesrun.8 b/docs/man/xrdp-sesrun.8 index 67e61fca..e8189d53 100644 --- a/docs/man/xrdp-sesrun.8 +++ b/docs/man/xrdp-sesrun.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sesrun" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-sesrun" "8" "0.9.0" "xrdp team" "" .SH "NAME" xrdp\-sesrun \- \fBsesman\fR(8) session launcher diff --git a/docs/man/xrdp-sessvc.8 b/docs/man/xrdp-sessvc.8 index 1b6babb7..fc7601b2 100644 --- a/docs/man/xrdp-sessvc.8 +++ b/docs/man/xrdp-sessvc.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sessvc" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-sessvc" "8" "0.9.0" "xrdp team" "" .SH "NAME" xrdp\-sessvc \- \fBxrdp\fR session supervisor diff --git a/docs/man/xrdp-xcon.8 b/docs/man/xrdp-xcon.8 index 9d83b646..8a530168 100644 --- a/docs/man/xrdp-xcon.8 +++ b/docs/man/xrdp-xcon.8 @@ -1,4 +1,4 @@ -.TH "xrdp-xcon" "8" "0.7.0" "xrdp team" +.TH "xrdp-xcon" "8" "0.9.0" "xrdp team" .SH NAME xrdp\-xcon \- X11 event loop debugging helper for XRDP diff --git a/docs/man/xrdp.8 b/docs/man/xrdp.8 index 35806a76..687a525d 100644 --- a/docs/man/xrdp.8 +++ b/docs/man/xrdp.8 @@ -1,4 +1,4 @@ -.TH "xrdp" "8" "0.1.0" "xrdp team" "" +.TH "xrdp" "8" "0.9.0" "xrdp team" "" .SH "NAME" \fBxrdp\fR \- a Remote Desktop Protocol (RDP) server diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 1066c95c..fdd00148 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -1,4 +1,4 @@ -.TH "xrdp.ini" "5" "0.7.0" "xrdp team" "" +.TH "xrdp.ini" "5" "0.9.0" "xrdp team" "" .SH "NAME" \fBxrdp.ini\fR \- Configuration file for \fBxrdp\fR(8) From 499abdcd41b0fd3aa5be13293d6c191b6368a32d Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 13:59:52 +0900 Subject: [PATCH 04/25] docs: correct section of xrdp-dis Document that xrdp-dis doen't support disconnecting xorgxrdp session. --- docs/man/xrdp-dis.1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/man/xrdp-dis.1 b/docs/man/xrdp-dis.1 index e387520e..dbf0800d 100644 --- a/docs/man/xrdp-dis.1 +++ b/docs/man/xrdp-dis.1 @@ -1,4 +1,4 @@ -.TH "xrdp-dis" "8" "0.9.0" "xrdp team" +.TH "xrdp-dis" "1" "0.9.0" "xrdp team" .SH NAME xrdp\-dis \- xrdp disconnect utility @@ -19,5 +19,9 @@ to get the default host and display number. .I /tmp/.xrdp/xrdp_disconnect_display_* UNIX socket used to communicate with the \fBxrdp\fP(8) session manager. +.SH KNOWN ISSUES +.TP +This utility doesn't support disconnecting xorgxrdp sessions so far. + .SH SEE ALSO -.BR xrdp (1). +.BR xrdp (8). From 5e297ce9ba1b0f24a7660d026987eb35d1672b99 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 14:06:29 +0900 Subject: [PATCH 05/25] docs: Capitalize country/language --- docs/man/xrdp-genkeymap.8 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/man/xrdp-genkeymap.8 b/docs/man/xrdp-genkeymap.8 index 79baa108..432bdd22 100644 --- a/docs/man/xrdp-genkeymap.8 +++ b/docs/man/xrdp-genkeymap.8 @@ -26,31 +26,31 @@ Files containing the keyboard mapping for language \fIXXXXXXXX\fP, which is a 8 .RS 8 .TP .B 00000405 -cs czech +cs Czech .TP .B 00000407 -de german +de German .TP .B 00000409 -en-us us english +en-us US English .TP .B 0000040c -fr french +fr French .TP .B 00000410 -it italy +it Italy .TP .B 00000416 br Portuguese (Brazil) .TP .B 00000419 -ru russian +ru Russian .TP .B 0000041d -se swedish +se Swedish .TP .B 00000809 -en-uk uk english +en-uk UK English .RE .SH "AUTHORS" From fe8eb5aa145dbfb20bc8e80a890b813a6e242fb8 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 14:08:33 +0900 Subject: [PATCH 06/25] docs: remove trailing space, put a period at a end of sentence --- docs/man/xrdp-sesman.8 | 22 +++++++++++----------- docs/man/xrdp-sesrun.8 | 18 +++++++++--------- docs/man/xrdp.ini.5 | 14 +++++++------- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/docs/man/xrdp-sesman.8 b/docs/man/xrdp-sesman.8 index 17d4c39a..db5d4f37 100644 --- a/docs/man/xrdp-sesman.8 +++ b/docs/man/xrdp-sesman.8 @@ -8,34 +8,34 @@ xrdp\-sesman \- \fBxrdp\fR(8) session manager .SH "DESCRIPTION" \fBxrdp\-sesman\fR is \fBxrdp\fR(8) session manager. -.br -It manages user sessions by authenticating the user and starting the appropriate Xserver +.br +It manages user sessions by authenticating the user and starting the appropriate Xserver. .SH "OPTIONS" -.TP -\fB\-n\fR, \fB\-\-nodaemon\fR +.TP +\fB\-n\fR, \fB\-\-nodaemon\fR Starts \fBxrdp\-sesman\fR in foreground instead of starting it as a daemon. -.TP +.TP \fB\-k\fR, \fB\-\-kill\fR Kills running \fBxrdp\-sesman\fR daemon. -.TP +.TP \fB\-h\fR, \fB\-\-help\fR Output help information and exit. .SH "FILES" ${SESMAN_BIN_DIR}/sesman -.br +.br ${SESMAN_BIN_DIR}/sesrun -.br +.br ${SESMAN_CFG_DIR}/sesman.ini -.br +.br ${SESMAN_LOG_DIR}/sesman.log -.br +.br ${SESMAN_PID_DIR}/sesman.pid .SH "AUTHORS" Jay Sorg -.br +.br Simone Fedele .SH "SEE ALSO" diff --git a/docs/man/xrdp-sesrun.8 b/docs/man/xrdp-sesrun.8 index e8189d53..7ae983c1 100644 --- a/docs/man/xrdp-sesrun.8 +++ b/docs/man/xrdp-sesrun.8 @@ -8,37 +8,37 @@ xrdp\-sesrun \- \fBsesman\fR(8) session launcher .SH "DESCRIPTION" \fBxrdp\-sesrun\fR starts a session using \fBxrdp\-sesman\fR(8). -.br +.br This is a tool useful for testing, it simply behaves like xrdp when some user logs in a new session and authenticates, thus starting a new session. .SH "OPTIONS" -.TP +.TP .I server Server on which sesman is running -.TP +.TP .I username user name of the session being started -.TP +.TP .I password user password -.TP +.TP .I width Screen width -.TP +.TP .I height Screen height -.TP +.TP .I bpp Session color depth .SH "FILES" ${SESMAN_BIN_DIR}/sesman -.br +.br ${SESMAN_BIN_DIR}/sesrun .SH "AUTHORS" Jay Sorg -.br +.br Simone Fedele .SH "SEE ALSO" diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index fdd00148..c21d1bec 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -20,7 +20,7 @@ It is composed by a number of sections, each one composed by a section name, enc .TP \fI[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. -.LP +.LP All options and values (except for file names and paths) are case insensitive, and are described in detail below. .SH "GLOBALS" @@ -189,29 +189,29 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for XRDP Video .SH "CONNECTIONS" A connection section is made of a section name, enclosed in square brackets, and the following entries: -.TP +.TP \fBname\fR=\fI\fR The name displayed in \fBxrdp\fR(8) login window's combo box. -.TP +.TP \fBlib\fR=\fI../vnc/libvnc.so\fR Sets the library to be used with this connection. -.TP +.TP \fBusername\fR=\fI\fR|\fIask\fR Specifies the username used for authenticating in the connection. If set to \fIask\fR, user name should be provided in the login window. -.TP +.TP \fBpassword\fR=\fI\fR|\fIask\fR Specifies the password used for authenticating in the connection. If set to \fIask\fR, password should be provided in the login window. -.TP +.TP \fBip\fR=\fI127.0.0.1\fR Specifies the ip address of the host to connect to. -.TP +.TP \fBport\fR=\fI\fR|\fI\-1\fR Specifies the port number to connect to. If set to \fI\-1\fR, the default port for the specified library is used. From 16dd94b8bcd330eaaffa862cf1d9c5bf70236345 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 15:04:03 +0900 Subject: [PATCH 07/25] docs: use bold for section headers, not italic --- docs/man/xrdp.ini.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index c21d1bec..41b4e962 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -18,7 +18,7 @@ It is composed by a number of sections, each one composed by a section name, enc \fB[Channels]\fP \- channel subsystem parameters .TP -\fI[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. +\fB[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. .LP All options and values (except for file names and paths) are case insensitive, and are described in detail below. From 681f2308212a1f69db1ce25a7ad3fc6a4e38a9d9 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 15:39:27 +0900 Subject: [PATCH 08/25] docs: document disableSSLv3 and tls_ciphers --- docs/man/xrdp.ini.5 | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 41b4e962..5d46fb74 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -103,6 +103,16 @@ If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. +.TP +\fBdisableSSLv3\fP=\fI[yes|no]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. + +.TP +\fBtls_ciphers\fP=\fIcipher_suite\fP +Specifies TLS cipher suite. The format of this parameter is equivalent to which \fBopenssl\fP(1) ciphers subcommand accepts. + +(ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') + .TP \fBblack\fP=\fI000000\fP .TP From 771321ab0ccde7cb3d38d8261411c3c4aceef105 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 16:00:25 +0900 Subject: [PATCH 09/25] docs: add 32 to max_bpp as it is actually supported --- docs/man/xrdp.ini.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 5d46fb74..e5015e55 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -85,7 +85,7 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\ If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages. .TP -\fBmax_bpp\fP=\fI[8|15|16|24]\fP +\fBmax_bpp\fP=\fI[8|15|16|24|32]\fP Limit the color depth by specifying the maximum number of bits per pixel. .TP From bb55e0118b89e8f445109aac50ec80378bb276f1 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 15:57:01 +0900 Subject: [PATCH 10/25] docs: unify all boolean values to true/false --- docs/man/sesman.ini.5 | 10 +++++----- docs/man/xrdp.ini.5 | 32 ++++++++++++++++---------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/docs/man/sesman.ini.5 b/docs/man/sesman.ini.5 index f66a8784..af9b35ab 100644 --- a/docs/man/sesman.ini.5 +++ b/docs/man/sesman.ini.5 @@ -55,7 +55,7 @@ xrdp-sesman listening address. If not specified, defaults to \fI0.0.0.0\fR xrdp-sesman listening port. If not specified, defaults to \fI3350\fR. .TP -\fBEnableUserWindowManager\fR=\fI[0|1]\fR +\fBEnableUserWindowManager\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables user specific startup script. That is, xrdp-sesman will execute the script specified by \fBUserWindowManager\fR if it exists. @@ -96,7 +96,7 @@ logged \fIregardless\fR of the selected logging level. debug mode, this options will output many more low\-level messages. .TP -\fBEnableSyslog\fR=\fI[0|1]\fR +\fBEnableSyslog\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables logging to syslog. @@ -121,7 +121,7 @@ Sets the maximum number of simultaneous sessions. If not set or set to \fI0\fR, unlimited session are allowed. .TP -\fBKillDisconnected\fR=\fI[0|1]\fR +\fBKillDisconnected\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed within 60 seconds after the user disconnects. @@ -165,7 +165,7 @@ off. For Xvnc connections, \fBDisplaySize\fR is always enabled as well. Following parameters can be used in the \fB[Security]\fR section. .TP -\fBAllowRootLogin\fR=\fI[0|1]\fR +\fBAllowRootLogin\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, enables root login on the terminal server. @@ -187,7 +187,7 @@ login for all users is enabled. have session management rights. .TP -\fBAlwaysGroupCheck\fR=\fI[0|1]\fR +\fBAlwaysGroupCheck\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, require group membership even if the group specified in \fBTerminalServerUsers\fR doesn't exist. diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index e5015e55..4883cbcb 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -37,19 +37,19 @@ By default a drop-down list with all available connections is shown. A connection can also be chosen by the connecting client by setting the \fBLOGIN DOMAIN\fP to a valid \fIsession name\fP. .TP -\fBbitmap_cache\fR=\fI[0|1]\fR +\fBbitmap_cache\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap caching in \fBxrdp\fR(8). .TP -\fBbitmap_compression\fR=\fI[0|1]\fR +\fBbitmap_compression\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap compression in \fBxrdp\fR(8). .TP -\fBbulk_compression\fP=\fI[0|1]\fP +\fBbulk_compression\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables compression of bulk data in \fBxrdp\fR(8). .TP -\fBchannel_code\fP=\fI[0|1]\fP +\fBchannel_code\fP=\fI[true|false]\fP If set to \fB0\fR, \fBfalse\fR or \fBno\fR this option disables all channels \fBxrdp\fR(8). See section \fBCHANNELS\fP below for more fine grained options. @@ -77,11 +77,11 @@ All data sent between the client and server is protected using Federal Informati .RE .TP -\fBfork\fP=\fI[0|1]\fP +\fBfork\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads. .TP -\fBhidelogwindow\fP=\fI[0|1]\fP +\fBhidelogwindow\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages. .TP @@ -94,17 +94,17 @@ Specify TCP port to listen on for incoming connections. The default for RDP is \fB3389\fP. .TP -\fBtcp_keepalive\fP=\fI[yes|no]\fP +\fBtcp_keepalive\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears without closing messages, the connection will be closed. .TP -\fBtcp_nodelay\fP=\fI[yes|no]\fP +\fBtcp_nodelay\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. .TP -\fBdisableSSLv3\fP=\fI[yes|no]\fP +\fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. .TP @@ -158,7 +158,7 @@ This option can have one of the following values: \fBDEBUG\fR or \fB4\fR \- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers .TP -\fBEnableSyslog\fR=\fI[0|1]\fR +\fBEnableSyslog\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled. .TP @@ -173,27 +173,27 @@ Not all channels are supported in all cases, so setting a value to \fItrue\fP is Channels can also be enabled or disabled on a per connection basis by prefixing each setting with \fBchannel.\fP in the channel section. .TP -\fBrdpdr\fP=\fI[0|1]\fP +\fBrdpdr\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for device redirection is allowed. .TP -\fBrdpsnd\fP=\fI[0|1]\fP +\fBrdpsnd\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for sound is allowed. .TP -\fBdrdynvc\fP=\fI[0|1]\fP +\fBdrdynvc\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel to initiate additional dynamic virtual channels is allowed. .TP -\fBcliprdr\fP=\fI[0|1]\fP +\fBcliprdr\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for clipboard redirection is allowed. .TP -\fBrail\fP=\fI[0|1]\fP +\fBrail\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for remote applications integrated locally (RAIL) is allowed. .TP -\fBxrdpvr\fP=\fI[0|1]\fP +\fBxrdpvr\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for XRDP Video streaming is allowed. .SH "CONNECTIONS" From 4f2d94505a27063578b6c2ea33f0c190d146233b Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 16:21:23 +0900 Subject: [PATCH 11/25] config: unify all boolean values in config to true/false --- sesman/sesman.ini | 13 ++++++------- xrdp/xrdp.ini | 22 +++++++++++----------- 2 files changed, 17 insertions(+), 18 deletions(-) diff --git a/sesman/sesman.ini b/sesman/sesman.ini index 5e70225e..98996a08 100644 --- a/sesman/sesman.ini +++ b/sesman/sesman.ini @@ -1,21 +1,20 @@ [Globals] ListenAddress=127.0.0.1 ListenPort=3350 -EnableUserWindowManager=1 +EnableUserWindowManager=true UserWindowManager=startwm.sh DefaultWindowManager=startwm.sh [Security] -AllowRootLogin=1 +AllowRootLogin=true MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins # When AlwaysGroupCheck = false access will be permitted # if the group TerminalServerUsers is not defined. -AlwaysGroupCheck = false +AlwaysGroupCheck=false [Sessions] - ## X11DisplayOffset - x11 display number offset # Type: integer # Default: 10 @@ -27,10 +26,10 @@ X11DisplayOffset=10 MaxSessions=50 ## KillDisconnected - kill disconnected sessions -# Type: integer -# Default: 0 +# Type: boolean +# Default: false # if 1, true, or yes, kill session after 60 seconds -KillDisconnected=0 +KillDisconnected=false ## IdleTimeLimit - when to disconnect idle sessions # Type: integer diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index 8acd8214..59a4f278 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -2,12 +2,12 @@ # xrdp.ini file version number ini_version=1 -bitmap_cache=yes -bitmap_compression=yes +bitmap_cache=true +bitmap_compression=true port=3389 allow_channels=true max_bpp=32 -fork=yes +fork=true # minimum security level allowed for client # can be 'none', 'low', 'medium', 'high', 'fips' crypt_level=high @@ -19,17 +19,17 @@ security_layer=negotiate certificate= key_file= # disable SSlv3 -#disableSSLv3=yes +#disableSSLv3=true # set TLS cipher suites #tls_ciphers=HIGH # regulate if the listening socket use socket option tcp_nodelay # no buffering will be performed in the TCP stack -tcp_nodelay=yes +tcp_nodelay=true # regulate if the listening socket use socket option keepalive # if the network connection disappear without close messages the connection will be closed -tcp_keepalive=yes +tcp_keepalive=true #tcp_send_buffer_bytes=32768 #tcp_recv_buffer_bytes=32768 @@ -49,20 +49,20 @@ grey=dedede #green=00ff00 #background=626c72 -#hidelogwindow=yes +#hidelogwindow=true # when true, userid/password *must* be passed on cmd line -# require_credentials=yes +# require_credentials=true # Section name to use for automatic login if the client sends username # and password autorun=X11rdp -bulk_compression=yes +bulk_compression=true # You can set the PAM error text in a gateway setup (MAX 256 chars) #pamerrortxt=change your password according to policy at http://url -new_cursors=yes +new_cursors=true allow_multimon=true # fastpath - can be set to input / output / both / none @@ -119,7 +119,7 @@ ls_btn_cancel_height=30 [Logging] LogFile=xrdp.log LogLevel=DEBUG -EnableSyslog=1 +EnableSyslog=true SyslogLevel=DEBUG # LogLevel and SysLogLevel could by any of: core, error, warning, info or debug From 181830bf613c40b8ba9197fa9429521990370504 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 16:27:52 +0900 Subject: [PATCH 12/25] config: Capitalize section title to fit documents --- xrdp/xrdp.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index 59a4f278..53a96214 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -1,4 +1,4 @@ -[globals] +[Globals] # xrdp.ini file version number ini_version=1 @@ -123,7 +123,7 @@ EnableSyslog=true SyslogLevel=DEBUG # LogLevel and SysLogLevel could by any of: core, error, warning, info or debug -[channels] +[Channels] # Channel names not listed here will be blocked by XRDP. # You can block any channel by setting its value to false. # IMPORTANT! All channels are not supported in all use From cb1960e0fc3aa4bb2cd2809508e8899f18c196ae Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 18:23:12 +0900 Subject: [PATCH 13/25] config: use semicolon to comment out descriptions in config files and use number sign to comment out actual configurations. For example: ; if set to true, enables foobar #foobar=true --- sesman/sesman.ini | 62 ++++++++++++------------- xrdp/xrdp.ini | 96 +++++++++++++++++++-------------------- xrdp/xrdp_keyboard.ini | 100 ++++++++++++++++++++--------------------- 3 files changed, 129 insertions(+), 129 deletions(-) diff --git a/sesman/sesman.ini b/sesman/sesman.ini index 98996a08..d1f18d9e 100644 --- a/sesman/sesman.ini +++ b/sesman/sesman.ini @@ -10,49 +10,49 @@ AllowRootLogin=true MaxLoginRetry=4 TerminalServerUsers=tsusers TerminalServerAdmins=tsadmins -# When AlwaysGroupCheck = false access will be permitted -# if the group TerminalServerUsers is not defined. +; When AlwaysGroupCheck=false access will be permitted +; if the group TerminalServerUsers is not defined. AlwaysGroupCheck=false [Sessions] -## X11DisplayOffset - x11 display number offset -# Type: integer -# Default: 10 +;; X11DisplayOffset - x11 display number offset +; Type: integer +; Default: 10 X11DisplayOffset=10 -## MaxSessions - maximum number of connections to an xrdp server -# Type: integer -# Default: 0 +;; MaxSessions - maximum number of connections to an xrdp server +; Type: integer +; Default: 0 MaxSessions=50 -## KillDisconnected - kill disconnected sessions -# Type: boolean -# Default: false -# if 1, true, or yes, kill session after 60 seconds +;; KillDisconnected - kill disconnected sessions +; Type: boolean +; Default: false +; if 1, true, or yes, kill session after 60 seconds KillDisconnected=false -## IdleTimeLimit - when to disconnect idle sessions -# Type: integer -# Default: 0 -# if not zero, the seconds without mouse or keyboard input before disconnect -# not complete yet +;; IdleTimeLimit - when to disconnect idle sessions +; Type: integer +; Default: 0 +; if not zero, the seconds without mouse or keyboard input before disconnect +; not complete yet IdleTimeLimit=0 -## DisconnectedTimeLimit - when to kill idle sessions -# Type: integer -# Default: 0 -# if not zero, the seconds before a disconnected session is killed -# min 60 seconds +;; DisconnectedTimeLimit - when to kill idle sessions +; Type: integer +; Default: 0 +; if not zero, the seconds before a disconnected session is killed +; min 60 seconds DisconnectedTimeLimit=0 -## Policy - session allocation policy -# Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ] -# Default: Xrdp: and Xvnc: -# "UBD" session per -# "UBI" session per -# "UBC" session per -# "UBDI" session per -# "UBDC" session per +;; Policy - session allocation policy +; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ] +; Default: Xrdp: and Xvnc: +; "UBD" session per +; "UBI" session per +; "UBC" session per +; "UBDI" session per +; "UBDC" session per Policy=Default [Logging] @@ -91,7 +91,7 @@ param=-logfile param=/dev/null [Chansrv] -# drive redirection, defaults to xrdp_client if not set +; drive redirection, defaults to xrdp_client if not set FuseMountName=thinclient_drives [SessionVariables] diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index 53a96214..9541257d 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -1,5 +1,5 @@ [Globals] -# xrdp.ini file version number +; xrdp.ini file version number ini_version=1 bitmap_cache=true @@ -8,35 +8,35 @@ port=3389 allow_channels=true max_bpp=32 fork=true -# minimum security level allowed for client -# can be 'none', 'low', 'medium', 'high', 'fips' +; minimum security level allowed for client +; can be 'none', 'low', 'medium', 'high', 'fips' crypt_level=high -# security layer can be 'tls', 'rdp' or 'negotiate' -# for client compatible layer +; security layer can be 'tls', 'rdp' or 'negotiate' +; for client compatible layer security_layer=negotiate -# X.509 certificate and private key -# openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 +; X.509 certificate and private key +; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= -# disable SSlv3 +; disable SSlv3 #disableSSLv3=true -# set TLS cipher suites +; set TLS cipher suites #tls_ciphers=HIGH -# regulate if the listening socket use socket option tcp_nodelay -# no buffering will be performed in the TCP stack +; regulate if the listening socket use socket option tcp_nodelay +; no buffering will be performed in the TCP stack tcp_nodelay=true -# regulate if the listening socket use socket option keepalive -# if the network connection disappear without close messages the connection will be closed +; regulate if the listening socket use socket option keepalive +; if the network connection disappear without close messages the connection will be closed tcp_keepalive=true #tcp_send_buffer_bytes=32768 #tcp_recv_buffer_bytes=32768 -# -# colors used by windows in RGB format -# +; +; colors used by windows in RGB format +; blue=009cb5 grey=dedede @@ -51,66 +51,66 @@ grey=dedede #hidelogwindow=true -# when true, userid/password *must* be passed on cmd line +; when true, userid/password *must* be passed on cmd line # require_credentials=true -# Section name to use for automatic login if the client sends username -# and password +; Section name to use for automatic login if the client sends username +; and password autorun=X11rdp bulk_compression=true -# You can set the PAM error text in a gateway setup (MAX 256 chars) +; You can set the PAM error text in a gateway setup (MAX 256 chars) #pamerrortxt=change your password according to policy at http://url new_cursors=true allow_multimon=true -# fastpath - can be set to input / output / both / none +; fastpath - can be set to input / output / both / none use_fastpath=both -# -# configure login screen -# +; +; configure login screen +; -# Login Screen Window Title +; Login Screen Window Title #ls_title=My Login Title -# top level window background color in RGB format +; top level window background color in RGB format ls_top_window_bg_color=009cb5 -# width and height of login screen +; width and height of login screen ls_width=350 ls_height=430 -# login screen background color in RGB format +; login screen background color in RGB format ls_bg_color=dedede -# optional background image filename (bmp format). +; optional background image filename (bmp format). #ls_background_image= -# logo -# full path to bmp-file or file in shared folder +; logo +; full path to bmp-file or file in shared folder ls_logo_filename= ls_logo_x_pos=55 ls_logo_y_pos=50 -# for positioning labels such as username, password etc +; for positioning labels such as username, password etc ls_label_x_pos=30 ls_label_width=60 -# for positioning text and combo boxes next to above labels +; for positioning text and combo boxes next to above labels ls_input_x_pos=110 ls_input_width=210 -# y pos for first label and combo box +; y pos for first label and combo box ls_input_y_pos=220 -# OK button +; OK button ls_btn_ok_x_pos=142 ls_btn_ok_y_pos=370 ls_btn_ok_width=85 ls_btn_ok_height=30 -# Cancel button +; Cancel button ls_btn_cancel_x_pos=237 ls_btn_cancel_y_pos=370 ls_btn_cancel_width=85 @@ -121,15 +121,15 @@ LogFile=xrdp.log LogLevel=DEBUG EnableSyslog=true SyslogLevel=DEBUG -# LogLevel and SysLogLevel could by any of: core, error, warning, info or debug +; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug [Channels] -# Channel names not listed here will be blocked by XRDP. -# You can block any channel by setting its value to false. -# IMPORTANT! All channels are not supported in all use -# cases even if you set all values to true. -# You can override these settings on each session type -# These settings are only used if allow_channels=true +; Channel names not listed here will be blocked by XRDP. +; You can block any channel by setting its value to false. +; IMPORTANT! All channels are not supported in all use +; cases even if you set all values to true. +; You can override these settings on each session type +; These settings are only used if allow_channels=true rdpdr=true rdpsnd=true drdynvc=true @@ -138,11 +138,11 @@ rail=true xrdpvr=true tcutils=true -# for debugging xrdp, in section xrdp1, change port=-1 to this: -# port=/tmp/.xrdp/xrdp_display_10 +; for debugging xrdp, in section xrdp1, change port=-1 to this: +#port=/tmp/.xrdp/xrdp_display_10 -# for debugging xrdp, add following line to section xrdp1 -# chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 +; for debugging xrdp, add following line to section xrdp1 +#chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 [X11rdp] name=X11rdp @@ -217,7 +217,7 @@ port=ask3389 username=ask password=ask -# You can override the common channel settings for each session type +; You can override the common channel settings for each session type #channel.rdpdr=true #channel.rdpsnd=true #channel.drdynvc=true diff --git a/xrdp/xrdp_keyboard.ini b/xrdp/xrdp_keyboard.ini index 21e27f1c..e185c76d 100644 --- a/xrdp/xrdp_keyboard.ini +++ b/xrdp/xrdp_keyboard.ini @@ -1,59 +1,59 @@ -# -# RDP Keyboard <-> X11 Keyboard layout map -# -# How this file works: -# 1. load the file and scan each section to find matching "keyboard_type" -# and "keyboard_subtype" based on the values received from the client. -# If not found, then jump to default section. -# 2. in the selected section, look for "rdp_layouts" and "layouts_map". -# Based on the "keylayout" value from the client, find the right x11 -# layout value. -# 3. model/variant are inferred based on the "keyboard_type" and -# "keyboard_subtype", but they can be overridden. -# +; +; RDP Keyboard <-> X11 Keyboard layout map +; +; How this file works: +; 1. load the file and scan each section to find matching "keyboard_type" +; and "keyboard_subtype" based on the values received from the client. +; If not found, then jump to default section. +; 2. in the selected section, look for "rdp_layouts" and "layouts_map". +; Based on the "keylayout" value from the client, find the right x11 +; layout value. +; 3. model/variant are inferred based on the "keyboard_type" and +; "keyboard_subtype", but they can be overridden. +; -# -# RDP Keyboard Type (http://msdn.microsoft.com/en-us/library/cc240563.aspx) -# -# 0 is not a valid value -# -# 1 - IBM PC/XT or compatible (83-key) keyboard -# 2 - Olivetti "ICO" (102-key) keyboard -# 3 - IBM PC/AT (84-key) or similar keyboard -# 4 - IBM enhanced (101- or 102-key) keyboard -# 5 - Nokia 1050 and similar keyboards -# 6 - Nokia 9140 and similar keyboards -# 7 - Japanese keyboard -# -# RDP Keyboard Subtype is vendor dependent. XRDP defines as follows: -# -# 0 is not a valid value -# -# 1 - Standard -# 2 - FreeRDP JP keyboard -# 3 - Macintosh -# ... - < any vendor dependent subtype > -# -# The list can be augmented. -# +; +; RDP Keyboard Type (http://msdn.microsoft.com/en-us/library/cc240563.aspx) +; +; 0 is not a valid value +; +; 1 - IBM PC/XT or compatible (83-key) keyboard +; 2 - Olivetti "ICO" (102-key) keyboard +; 3 - IBM PC/AT (84-key) or similar keyboard +; 4 - IBM enhanced (101- or 102-key) keyboard +; 5 - Nokia 1050 and similar keyboards +; 6 - Nokia 9140 and similar keyboards +; 7 - Japanese keyboard +; +; RDP Keyboard Subtype is vendor dependent. XRDP defines as follows: +; +; 0 is not a valid value +; +; 1 - Standard +; 2 - FreeRDP JP keyboard +; 3 - Macintosh +; ... - < any vendor dependent subtype > +; +; The list can be augmented. +; -# default +; default [default] -# keyboard_type and keyboard_subtype is not read for default section. It -# is only a placeholder to keep consistency. Default model/variant are -# platform dependent, and could be overridden if needed. +; keyboard_type and keyboard_subtype is not read for default section. It +; is only a placeholder to keep consistency. Default model/variant are +; platform dependent, and could be overridden if needed. keyboard_type=0 keyboard_subtype=0 -# user could override variant and model, but generally they should be inferred -# automatically based on keyboard type and subtype -#variant= -#model= +; user could override variant and model, but generally they should be inferred +; automatically based on keyboard type and subtype +;variant= +;model= -# A list of supported RDP keyboard layouts +; A list of supported RDP keyboard layouts rdp_layouts=default_rdp_layouts -# The map from RDP keyboard layout to X11 keyboard layout +; The map from RDP keyboard layout to X11 keyboard layout layouts_map=default_layouts_map [default_rdp_layouts] @@ -72,7 +72,7 @@ rdp_layout_pt=0x00000816 rdp_layout_br=0x00000416 rdp_layout_pl=0x00000415 -# = +; = [default_layouts_map] rdp_layout_us=us rdp_layout_de=de @@ -89,8 +89,8 @@ rdp_layout_pt=pt rdp_layout_br=br(abnt2) rdp_layout_pl=pl -# if two sections have the same keyboard_type and keyboard_subtype, then -# the latter could override the former. +; if two sections have the same keyboard_type and keyboard_subtype, then +; the latter could override the former. [rdp_keyboard_mac] keyboard_type=4 keyboard_subtype=3 From 1490da309ed82fc7c32bb3b96312546dc3fd0d8f Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 09:58:22 +0900 Subject: [PATCH 14/25] docs: document tcp_send/recv_buffer_bytes --- docs/man/xrdp.ini.5 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 4883cbcb..dd55e1fe 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -103,6 +103,12 @@ If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. +.TP +\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP +.TP +\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP +Specify send/recv buffer sizes in bytes. The default value depends on operating system. + .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. From f6fd8f16d7be9c42ddbf3167f5f9921a12391db9 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 10:57:53 +0900 Subject: [PATCH 15/25] docs: Capitalize section title --- docs/man/xrdp.ini.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index dd55e1fe..5fad9f4d 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -143,7 +143,7 @@ The lowest value that can be given to one of the light sources is 0 (hex 00). The highest value is 255 (hex FF). .SH "LOGGING" -The following parameters can be used in the \fB[logging]\fR section: +The following parameters can be used in the \fB[Logging]\fR section: .TP \fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR From 901bc9f40c80f2497798632c0b6f046985ab8a0e Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 11:06:54 +0900 Subject: [PATCH 16/25] docs: section "Connection" is not used --- docs/man/xrdp.ini.5 | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 5fad9f4d..f5caa341 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -17,9 +17,6 @@ It is composed by a number of sections, each one composed by a section name, enc .TP \fB[Channels]\fP \- channel subsystem parameters -.TP -\fB[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. - .LP All options and values (except for file names and paths) are case insensitive, and are described in detail below. From 7cb3ffc33f4f05250426a600d75f5a93ed9c11d4 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 11:08:03 +0900 Subject: [PATCH 17/25] docs: document use_fastpath, require_credentials, pamerrortxt --- docs/man/xrdp.ini.5 | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index f5caa341..02789a05 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -116,6 +116,18 @@ Specifies TLS cipher suite. The format of this parameter is equivalent to which (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') +.TP +\fBuse_fastpath\fP=\fI[input|output|both|none]\fP +If not specified, defaults to \fBnone\fP. + +.TP +\fBrequire_credentials\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and password initial connection phase. In other words, xrdp doesn't allow clients to show login screen if set to true. + +.TP +\fBpamerrortxt\fP=\fIerror_text\fP +Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP. + .TP \fBblack\fP=\fI000000\fP .TP From ad1b484e7a52f9395ba0fd31a27a693f45af7e76 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 14:02:24 +0900 Subject: [PATCH 18/25] docs: unify the rest boolean values to true/false --- docs/man/xrdp.ini.5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 02789a05..25809e76 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -249,8 +249,8 @@ This is an example \fBxrdp.ini\fR: .nf [Globals] -bitmap_cache=yes -bitmap_compression=yes +bitmap_cache=true +bitmap_compression=true [vnc1] name=sesman From 4b95a5f347586176a6093f6ef01ff08f69d871a1 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 15:47:31 +0900 Subject: [PATCH 19/25] docs: reword, add description for default value --- docs/man/xrdp.ini.5 | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 25809e76..656f9273 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -25,7 +25,7 @@ The options to be specified in the \fB[Globals]\fR section are the following: .TP \fBaddress\fP=\fIip address\fP -Specifies xrdp listening address. Default is 0.0.0.0 (all interfaces) +Specify xrdp listening address. If not specified, defaults to 0.0.0.0 (all interfaces). .TP \fBautorun\fP=\fIsession_name\fP @@ -80,10 +80,12 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\ .TP \fBhidelogwindow\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages. +If not specified, defaults to \fBfalse\fP. .TP \fBmax_bpp\fP=\fI[8|15|16|24|32]\fP Limit the color depth by specifying the maximum number of bits per pixel. +If not specified or set to \fB0\fP, unlimited. .TP \fBport\fP=\fIport\fP @@ -93,7 +95,8 @@ The default for RDP is \fB3389\fP. .TP \fBtcp_keepalive\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. -If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears without closing messages, the connection will be closed. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears +without closing messages, the connection will be closed. .TP \fBtcp_nodelay\fP=\fI[true|false]\fP @@ -109,10 +112,12 @@ Specify send/recv buffer sizes in bytes. The default value depends on operating .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. +If not specified, defaults to \fBfalse\fP. .TP \fBtls_ciphers\fP=\fIcipher_suite\fP -Specifies TLS cipher suite. The format of this parameter is equivalent to which \fBopenssl\fP(1) ciphers subcommand accepts. +Specifies TLS cipher suite. The format of this parameter is equivalent to which +\fBopenssl\fP(1) ciphers subcommand accepts. (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') @@ -122,7 +127,9 @@ If not specified, defaults to \fBnone\fP. .TP \fBrequire_credentials\fP=\fI[true|false]\fP -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and password initial connection phase. In other words, xrdp doesn't allow clients to show login screen if set to true. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and +password initial connection phase. In other words, xrdp doesn't allow clients to show login +screen if set to true. If not specified, defaults to \fBfalse\fP. .TP \fBpamerrortxt\fP=\fIerror_text\fP From b74b030891434e1a4438186b2067c89337f371cd Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 16:21:46 +0900 Subject: [PATCH 20/25] docs: document security_layer --- docs/man/xrdp.ini.5 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 656f9273..266c8df0 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -109,6 +109,25 @@ If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in th \fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP Specify send/recv buffer sizes in bytes. The default value depends on operating system. +.TP +\fBsecurity_layer\fP=\fI[tls|rdp|negotiate]\fP +Regulate security methods. If not specified, defaults to \fBnegotiate\fP. +.RS 8 +.TP +.B tls +Enhanced RDP Security is used. All security operations (encryption, decryption, data integrity +verification, and server authentication) are implemented by TLS. + +.TP +.B rdp +Standard RDP Security, which is not safe from man-in-the-middle attack, is used. The encryption level +of Standard RDP Security is controlled by \fBcrypt_level\fP. + +.TP +.B negotiate +Negotiate these security methods with clients. +.RE + .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. From d6e8435a72c16f7f6a8a9145eb7d40cdb54c1d42 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 16:46:29 +0900 Subject: [PATCH 21/25] docs: sort parameters in xrdp.ini.5 --- docs/man/xrdp.ini.5 | 56 ++++++++++++++++++++++----------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 266c8df0..6fddefa1 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -73,6 +73,11 @@ All data sent between the client and server is protected using Federal Informati .I This level is required for Windows clients (mstsc.exe) if the client's group policy enforces FIPS-compliance mode. .RE +.TP +\fBdisableSSLv3\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. +If not specified, defaults to \fBfalse\fP. + .TP \fBfork\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads. @@ -87,27 +92,20 @@ If not specified, defaults to \fBfalse\fP. Limit the color depth by specifying the maximum number of bits per pixel. If not specified or set to \fB0\fP, unlimited. +.TP +\fBpamerrortxt\fP=\fIerror_text\fP +Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP. + .TP \fBport\fP=\fIport\fP Specify TCP port to listen on for incoming connections. The default for RDP is \fB3389\fP. .TP -\fBtcp_keepalive\fP=\fI[true|false]\fP -Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. -If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears -without closing messages, the connection will be closed. - -.TP -\fBtcp_nodelay\fP=\fI[true|false]\fP -Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. - -.TP -\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP -.TP -\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP -Specify send/recv buffer sizes in bytes. The default value depends on operating system. +\fBrequire_credentials\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and +password initial connection phase. In other words, xrdp doesn't allow clients to show login +screen if set to true. If not specified, defaults to \fBfalse\fP. .TP \fBsecurity_layer\fP=\fI[tls|rdp|negotiate]\fP @@ -129,9 +127,21 @@ Negotiate these security methods with clients. .RE .TP -\fBdisableSSLv3\fP=\fI[true|false]\fP -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. -If not specified, defaults to \fBfalse\fP. +\fBtcp_keepalive\fP=\fI[true|false]\fP +Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears +without closing messages, the connection will be closed. + +.TP +\fBtcp_nodelay\fP=\fI[true|false]\fP +Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. + +.TP +\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP +.TP +\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP +Specify send/recv buffer sizes in bytes. The default value depends on operating system. .TP \fBtls_ciphers\fP=\fIcipher_suite\fP @@ -144,16 +154,6 @@ Specifies TLS cipher suite. The format of this parameter is equivalent to which \fBuse_fastpath\fP=\fI[input|output|both|none]\fP If not specified, defaults to \fBnone\fP. -.TP -\fBrequire_credentials\fP=\fI[true|false]\fP -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and -password initial connection phase. In other words, xrdp doesn't allow clients to show login -screen if set to true. If not specified, defaults to \fBfalse\fP. - -.TP -\fBpamerrortxt\fP=\fIerror_text\fP -Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP. - .TP \fBblack\fP=\fI000000\fP .TP From 13aa2fcc2a71492d98ddcb2f3ce2152369107988 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 17:15:24 +0900 Subject: [PATCH 22/25] docs: update descriptions for encryption - Add descriptions for certificate and key_file - xrdp actually supports 128-bit encryption in Standard RDP Security - change line breaks --- docs/man/xrdp.ini.5 | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 6fddefa1..0b5acfee 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -45,38 +45,57 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap compressio \fBbulk_compression\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables compression of bulk data in \fBxrdp\fR(8). +.TP +\fBcertificate\fP=\fI/path/to/certificate\fP +.TP +\fBkey_file\fP=\fI/path/to/private_key\fP +Set location of TLS certificate and private key. They must be written in PEM format. +If not specified, defaults to \fB${XRDP_CFG_DIR}/cert.pem\fP, \fB${XRDP_CFG_DIR}/key.pem\fP. + +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + .TP \fBchannel_code\fP=\fI[true|false]\fP If set to \fB0\fR, \fBfalse\fR or \fBno\fR this option disables all channels \fBxrdp\fR(8). See section \fBCHANNELS\fP below for more fine grained options. .TP -\fBcrypt_level\fP=\fIlow|medium|high|fips\fP +\fBcrypt_level\fP=\fI[low|medium|high|fips]\fP .\" -RDP connection are controlled by two encryption settings: \fIEncryption Level\fP and \fIEncryption Method\fP. -The only supported \fIEncryption Method\fP is \fB40BIT_ENCRYPTION\fP, \fB128BIT_ENCRYPTION\fP and \fB56BIT_ENCRYPTION\fP are currently not supported. +Regulate encryption level of Standard RDP Security. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBrdp\fP or \fBnegotiate\fP. + +Encryption in Standard RDP Security is controlled by two settings: \fIEncryption Level\fP +and \fIEncryption Method\fP. The only supported \fIEncryption Method\fP are \fB40BIT_ENCRYPTION\fP +and \fB128BIT_ENCRYPTION\fP. \fB56BIT_ENCRYPTION\fP is not supported. This option controls the \fIEncryption Level\fP: .RS 8 .TP .B low -All data sent from the client to the server is protected by encryption based on the maximum key strength supported by the client. +All data sent from the client to the server is protected by encryption based on +the maximum key strength supported by the client. .I This is the only level that the traffic sent by the server to client is not encrypted. .TP .B medium -All data sent between the client and the server is protected by encryption based on the maximum key strength supported by the client. +All data sent between the client and the server is protected by encryption based on +the maximum key strength supported by the client (client compatible). .TP .B high -All data sent between the client and server is protected by encryption based on the server's maximum key strength. +All data sent between the client and the server is protected by encryption based on +the server's maximum key strength (sever compatible). .TP .B fips -All data sent between the client and server is protected using Federal Information Processing Standard 140-1 validated encryption methods. -.I This level is required for Windows clients (mstsc.exe) if the client's group policy enforces FIPS-compliance mode. +All data sent between the client and server is protected using Federal Information +Processing Standard 140-1 validated encryption methods. +.I This level is required for Windows clients (mstsc.exe) if the client's group policy +.I enforces FIPS-compliance mode. .RE .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. If not specified, defaults to \fBfalse\fP. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. .TP \fBfork\fP=\fI[true|false]\fP @@ -150,6 +169,8 @@ Specifies TLS cipher suite. The format of this parameter is equivalent to which (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + .TP \fBuse_fastpath\fP=\fI[input|output|both|none]\fP If not specified, defaults to \fBnone\fP. From d74366a6f2a05e8611e4b24b6a71b681b036a71d Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 17:23:32 +0900 Subject: [PATCH 23/25] config: change order of parameters Put same layer configuration parameters together, bring low layer parameters earlier. --- xrdp/xrdp.ini | 75 ++++++++++++++++++++++++++------------------------- 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index 9541257d..f0bb5c00 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -2,42 +2,56 @@ ; xrdp.ini file version number ini_version=1 -bitmap_cache=true -bitmap_compression=true -port=3389 -allow_channels=true -max_bpp=32 +; fork a new process for each incoming connection fork=true -; minimum security level allowed for client -; can be 'none', 'low', 'medium', 'high', 'fips' -crypt_level=high +; tcp port to listen +port=3389 +; regulate if the listening socket use socket option tcp_nodelay +; no buffering will be performed in the TCP stack +tcp_nodelay=true +; regulate if the listening socket use socket option keepalive +; if the network connection disappear without close messages the connection will be closed +tcp_keepalive=true +#tcp_send_buffer_bytes=32768 +#tcp_recv_buffer_bytes=32768 + ; security layer can be 'tls', 'rdp' or 'negotiate' ; for client compatible layer security_layer=negotiate +; minimum security level allowed for client +; can be 'none', 'low', 'medium', 'high', 'fips' +crypt_level=high ; X.509 certificate and private key ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= -; disable SSlv3 +; regulate xrdp if to accept SSLv3 connections #disableSSLv3=true ; set TLS cipher suites #tls_ciphers=HIGH -; regulate if the listening socket use socket option tcp_nodelay -; no buffering will be performed in the TCP stack -tcp_nodelay=true - -; regulate if the listening socket use socket option keepalive -; if the network connection disappear without close messages the connection will be closed -tcp_keepalive=true +; Section name to use for automatic login if the client sends username +; and password +autorun=X11rdp -#tcp_send_buffer_bytes=32768 -#tcp_recv_buffer_bytes=32768 +allow_channels=true +allow_multimon=true +bitmap_cache=true +bitmap_compression=true +bulk_compression=true +#hidelogwindow=true +max_bpp=32 +new_cursors=true +; fastpath - can be 'input', 'output', 'both', 'none' +use_fastpath=both +; when true, userid/password *must* be passed on cmd line +#require_credentials=true +; You can set the PAM error text in a gateway setup (MAX 256 chars) +#pamerrortxt=change your password according to policy at http://url ; ; colors used by windows in RGB format ; - blue=009cb5 grey=dedede #black=000000 @@ -49,24 +63,6 @@ grey=dedede #green=00ff00 #background=626c72 -#hidelogwindow=true - -; when true, userid/password *must* be passed on cmd line -# require_credentials=true - -; Section name to use for automatic login if the client sends username -; and password -autorun=X11rdp - -bulk_compression=true - -; You can set the PAM error text in a gateway setup (MAX 256 chars) -#pamerrortxt=change your password according to policy at http://url -new_cursors=true -allow_multimon=true - -; fastpath - can be set to input / output / both / none -use_fastpath=both ; ; configure login screen ; @@ -144,6 +140,11 @@ tcutils=true ; for debugging xrdp, add following line to section xrdp1 #chansrvport=/tmp/.xrdp/xrdp_chansrv_socket_7210 + +; +; Session types +; + [X11rdp] name=X11rdp lib=libxup.so From 5ee3b9b96da18e0c3f18250197db9801cebd514f Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Wed, 16 Nov 2016 14:52:12 +0900 Subject: [PATCH 24/25] docs: s/Italy/Italian/ for language name --- docs/man/xrdp-genkeymap.8 | 2 +- genkeymap/dump-keymaps.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/man/xrdp-genkeymap.8 b/docs/man/xrdp-genkeymap.8 index 432bdd22..c11d8343 100644 --- a/docs/man/xrdp-genkeymap.8 +++ b/docs/man/xrdp-genkeymap.8 @@ -38,7 +38,7 @@ en-us US English fr French .TP .B 00000410 -it Italy +it Italian .TP .B 00000416 br Portuguese (Brazil) diff --git a/genkeymap/dump-keymaps.sh b/genkeymap/dump-keymaps.sh index 23c12eca..d47f13eb 100755 --- a/genkeymap/dump-keymaps.sh +++ b/genkeymap/dump-keymaps.sh @@ -19,7 +19,7 @@ setxkbmap -model pc105 -layout gb setxkbmap -model pc104 -layout de ./xrdp-genkeymap ../instfiles/km-00000407.ini -# Italy 'it' 0x00000410 +# Italian 'it' 0x00000410 setxkbmap -model pc104 -layout it ./xrdp-genkeymap ../instfiles/km-00000410.ini From 0a7f1bb00704d4b7f81b030ed448b7fb8d6b2195 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Wed, 16 Nov 2016 15:02:46 +0900 Subject: [PATCH 25/25] docs: revise description for disableSSLv3 in xrdp.ini --- xrdp/xrdp.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index f0bb5c00..1ebfd52e 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -25,7 +25,7 @@ crypt_level=high ; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 certificate= key_file= -; regulate xrdp if to accept SSLv3 connections +; specify whether SSLv3 should be disabled #disableSSLv3=true ; set TLS cipher suites #tls_ciphers=HIGH