diff options
Diffstat (limited to 'system')
-rw-r--r-- | system/xrdp/doinst.sh | 23 | ||||
-rw-r--r-- | system/xrdp/sesman.ini.patch | 27 | ||||
-rw-r--r-- | system/xrdp/xrdp-v0.6.1_cleanup-state.diff | 51 | ||||
-rw-r--r-- | system/xrdp/xrdp-v0.6.1_crypt.diff | 116 | ||||
-rw-r--r-- | system/xrdp/xrdp-v0.6.1_disabled.diff | 26 | ||||
-rw-r--r-- | system/xrdp/xrdp.SlackBuild | 36 | ||||
-rw-r--r-- | system/xrdp/xrdp.info | 6 |
7 files changed, 27 insertions, 258 deletions
diff --git a/system/xrdp/doinst.sh b/system/xrdp/doinst.sh index fc2aca6ccd67..68884e8cc82e 100644 --- a/system/xrdp/doinst.sh +++ b/system/xrdp/doinst.sh @@ -11,21 +11,20 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } -# Keep same perms on rc.xrdp.new: -if [ -e etc/rc.d/rc.xrdp ]; then - cp -a etc/rc.d/rc.xrdp etc/rc.d/rc.xrdp.new.incoming - cat etc/rc.d/rc.xrdp.new > etc/rc.d/rc.xrdp.new.incoming - mv etc/rc.d/rc.xrdp.new.incoming etc/rc.d/rc.xrdp.new -fi +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} config etc/rc.d/rc.xrdp.new config etc/xrdp/xrdp-xinitrc.new config etc/xrdp/rsakeys.ini.new config etc/xrdp/sesman.ini.new config etc/xrdp/xrdp.ini.new -config etc/xrdp/km-0407.ini.new -config etc/xrdp/km-0409.ini.new -config etc/xrdp/km-040c.ini.new -config etc/xrdp/km-0410.ini.new -config etc/xrdp/km-0419.ini.new -config etc/xrdp/km-041d.ini.new +preserve_perms etc/rc.d/rc.xrdp.new diff --git a/system/xrdp/sesman.ini.patch b/system/xrdp/sesman.ini.patch deleted file mode 100644 index b077cf53bf6c..000000000000 --- a/system/xrdp/sesman.ini.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -Naur xrdp-v0.6.0-orig/sesman/sesman.ini xrdp-v0.6.0/sesman/sesman.ini ---- xrdp-v0.6.0-orig/sesman/sesman.ini 2012-02-21 14:00:55.000000000 -0500 -+++ xrdp-v0.6.0/sesman/sesman.ini 2013-09-07 18:48:37.377849867 -0400 -@@ -2,11 +2,11 @@ - ListenAddress=127.0.0.1 - ListenPort=3350 - EnableUserWindowManager=1 --UserWindowManager=startwm.sh --DefaultWindowManager=startwm.sh -+UserWindowManager=.xrdp-xinitrc -+DefaultWindowManager=xrdp-xinitrc - - [Security] --AllowRootLogin=1 -+AllowRootLogin=0 - MaxLoginRetry=4 - TerminalServerUsers=tsusers - TerminalServerAdmins=tsadmins -@@ -20,7 +20,7 @@ - - [Logging] - LogFile=/var/log/xrdp-sesman.log --LogLevel=DEBUG -+LogLevel=INFO - EnableSyslog=0 - SyslogLevel=DEBUG - diff --git a/system/xrdp/xrdp-v0.6.1_cleanup-state.diff b/system/xrdp/xrdp-v0.6.1_cleanup-state.diff deleted file mode 100644 index 32d8cb59ef68..000000000000 --- a/system/xrdp/xrdp-v0.6.1_cleanup-state.diff +++ /dev/null @@ -1,51 +0,0 @@ -From fca088da8caab209534db2c6ff9dcda277a529a7 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1 AT zoho DOT com> -Date: Wed, 18 Feb 2015 -Subject: Clean our state - -Make sure our state is clean when we're at the login window. This -code, adapted from upstream's development branch, ensures settings -from previous connections are cleared. - ---- - xrdp/xrdp_mm.c | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - ---- a/xrdp/xrdp_mm.c -+++ b/xrdp/xrdp_mm.c -@@ -899,6 +899,25 @@ xrdp_mm_sesman_data_in(struct trans* tra - } - - /*****************************************************************************/ -+static void APP_CC -+cleanup_states(struct xrdp_mm *self) -+{ -+ if (self != NULL) -+ { -+ self-> connected_state = 0; /* true if connected to sesman else false */ -+ self-> sesman_trans = NULL; /* connection to sesman */ -+ self-> sesman_trans_up = 0; /* true once connected to sesman */ -+ self-> delete_sesman_trans = 0; /* boolean set when done with sesman connection */ -+ self-> display = 0; /* 10 for :10.0, 11 for :11.0, etc */ -+ self-> code = 0; /* 0 Xvnc session, 10 X11rdp session, 20 Xorg session */ -+ self-> sesman_controlled = 0; /* true if this is a sesman session */ -+ self-> chan_trans = NULL; /* connection to chansrv */ -+ self-> chan_trans_up = 0; /* true once connected to chansrv */ -+ self-> delete_chan_trans = 0; /* boolean set when done with channel connection */ -+ } -+} -+ -+/*****************************************************************************/ - int APP_CC - xrdp_mm_connect(struct xrdp_mm* self) - { -@@ -916,6 +939,9 @@ xrdp_mm_connect(struct xrdp_mm* self) - char text[256]; - char port[8]; - -+ /* make sure we start in correct state */ -+ cleanup_states(self); -+ - g_memset(ip,0,sizeof(char) * 256); - g_memset(errstr,0,sizeof(char) * 256); - g_memset(text,0,sizeof(char) * 256); diff --git a/system/xrdp/xrdp-v0.6.1_crypt.diff b/system/xrdp/xrdp-v0.6.1_crypt.diff deleted file mode 100644 index 1e6948a9148c..000000000000 --- a/system/xrdp/xrdp-v0.6.1_crypt.diff +++ /dev/null @@ -1,116 +0,0 @@ -From 33feceb1573cbb6ba7fb326bb7872de75bca6b9e Mon Sep 17 00:00:00 2001 -From: mancha <mancha1 AT zoho DOT com> -Date: Wed, 18 Feb 2015 -Subject: Fix account validation with glibc crypt - -Starting with glibc 2.17, crypt() can return NULL which can cause -xrdp-sesman to segfault. This patch backports upstream's fix for -this as well as changes auth_userpass so it can validate SHA-256 -and SHA-512 hashed passwords. - ---- - sesman/verify_user.c | 87 ++++++++++++++++------------------------- - 1 file changed, 35 insertions(+), 52 deletions(-) - ---- a/sesman/verify_user.c -+++ b/sesman/verify_user.c -@@ -51,64 +51,47 @@ auth_account_disabled(struct spwd* stp); - long DEFAULT_CC - auth_userpass(char* user, char* pass) - { -- char salt[13] = "$1$"; -- char hash[35] = ""; -- char* encr = 0; -- struct passwd* spw; -- struct spwd* stp; -- int saltcnt = 0; -- -- spw = getpwnam(user); -- if (spw == 0) -- { -- return 0; -- } -- if (g_strncmp(spw->pw_passwd, "x", 3) == 0) -- { -- /* the system is using shadow */ -- stp = getspnam(user); -- if (stp == 0) -+ const char *encr; -+ const char *epass; -+ struct passwd *spw; -+ struct spwd *stp; -+ -+ spw = getpwnam(user); -+ -+ if (spw == 0) -+ { -+ return 0; -+ } -+ -+ if (g_strncmp(spw->pw_passwd, "x", 3) == 0) - { -- return 0; -+ /* the system is using shadow */ -+ stp = getspnam(user); -+ -+ if (stp == 0) -+ { -+ return 0; -+ } -+ -+ if (1 == auth_account_disabled(stp)) -+ { -+ log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user); -+ return 0; -+ } -+ -+ encr = stp->sp_pwdp; - } -- if (1==auth_account_disabled(stp)) -+ else - { -- log_message(&(g_cfg->log), LOG_LEVEL_INFO, "account %s is disabled", user); -- return 0; -+ /* old system with only passwd */ -+ encr = spw->pw_passwd; - } -- g_strncpy(hash, stp->sp_pwdp, 34); -- } -- else -- { -- /* old system with only passwd */ -- g_strncpy(hash, spw->pw_passwd, 34); -- } -- hash[34] = '\0'; -- if (g_strncmp(hash, "$1$", 3) == 0) -- { -- /* gnu style crypt(); */ -- saltcnt = 3; -- while ((hash[saltcnt] != '$') && (saltcnt < 11)) -+ epass = crypt(pass, encr); -+ if (epass == 0) - { -- salt[saltcnt] = hash[saltcnt]; -- saltcnt++; -+ return 0; - } -- salt[saltcnt] = '$'; -- salt[saltcnt + 1] = '\0'; -- } -- else -- { -- /* classic two char salt */ -- salt[0] = hash[0]; -- salt[1] = hash[1]; -- salt[2] = '\0'; -- } -- encr = crypt(pass,salt); -- if (g_strncmp(encr, hash, 34) != 0) -- { -- return 0; -- } -- return 1; -+ return (strcmp(encr, epass) == 0); - } - - /******************************************************************************/ diff --git a/system/xrdp/xrdp-v0.6.1_disabled.diff b/system/xrdp/xrdp-v0.6.1_disabled.diff deleted file mode 100644 index 42855c89d30f..000000000000 --- a/system/xrdp/xrdp-v0.6.1_disabled.diff +++ /dev/null @@ -1,26 +0,0 @@ -From 6f195b64890e08d3fbbbb792f45a7d94d641c914 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1 AT zoho DOT com> -Date: Wed, 18 Feb 2015 -Subject: Fix inactive account determination - -sesman: fix so shadow accounts aren't incorrectly classified "inactive" -as might happen if sp_max/sp_inact fields are empty or sp_lstchg=0. - ---- - sesman/verify_user.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - ---- a/sesman/verify_user.c -+++ b/sesman/verify_user.c -@@ -323,7 +323,10 @@ auth_account_disabled(struct spwd* stp) - return 1; - } - -- if (today >= (stp->sp_lstchg+stp->sp_max+stp->sp_inact)) -+ if ((stp->sp_max >= 0) && -+ (stp->sp_inact >= 0) && -+ (stp->sp_lstchg > 0) && -+ (today >= (stp->sp_lstchg + stp->sp_max + stp->sp_inact))) - { - return 1; - } diff --git a/system/xrdp/xrdp.SlackBuild b/system/xrdp/xrdp.SlackBuild index 0a18e3aadaa5..d5ff39cc11c8 100644 --- a/system/xrdp/xrdp.SlackBuild +++ b/system/xrdp/xrdp.SlackBuild @@ -4,13 +4,13 @@ # Written by Phillip Warner <pc_warner@yahoo.com> PRGNAM=xrdp -VERSION=${VERSION:-0.6.1} -BUILD=${BUILD:-2} +VERSION=${VERSION:-0.9.4} +BUILD=${BUILD:-1} TAG=${TAG:-_SBo} if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) ARCH=i486 ;; + i?86) ARCH=i586 ;; arm*) ARCH=arm ;; *) ARCH=$( uname -m ) ;; esac @@ -25,8 +25,8 @@ OUTPUT=${OUTPUT:-/tmp} # then run this script as: "USE_PAM=YES ./xrdp.SlackBuild" USE_PAM=${USE_PAM:-NO} -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" @@ -44,9 +44,9 @@ set -e rm -rf $PKG mkdir -p $TMP $PKG $OUTPUT cd $TMP -rm -rf $PRGNAM-v$VERSION -tar xvf $CWD/$PRGNAM-v$VERSION.tar.gz -cd $PRGNAM-v$VERSION +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION chown -R root:root . find -L . \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \ @@ -58,16 +58,11 @@ find -L . \ autoreconf -vfi if [ "$USE_PAM" = "NO" ]; then - NOPAM_OPT="--enable-nopam" + NOPAM_OPT="--disable-pam" else NOPAM_OPT="" fi -# patches from Mancha -patch -p1 < $CWD/xrdp-v0.6.1_disabled.diff -patch -p1 < $CWD/xrdp-v0.6.1_crypt.diff -patch -p1 < $CWD/xrdp-v0.6.1_cleanup-state.diff - # Optional config options if built with FreeRDP: # --enable-freerdp Build freerdp module (default: no) # --enable-freerdp1 Build freerdp1 module (default: no) @@ -81,6 +76,8 @@ CPPFLAGS="$SLKCFLAGS" \ --mandir=/usr/man \ --docdir=/usr/doc/$PRGNAM-$VERSION \ --build=$ARCH-slackware-linux \ + --disable-painter \ + --disable-rfxcodec \ $NOPAM_OPT # Fix path in what will become the init script @@ -89,13 +86,6 @@ sed -i "s/SBINDIR=\/usr\/local\/sbin/SBINDIR=\/usr\/sbin/" instfiles/xrdp.sh # Change xinit script name to xrdp-xinitrc sed -i "s/startwm.sh/xrdp-xinitrc/" instfiles/xrdp.sh -# Change LogLevel to INFO instead of DEBUG -# Disable Root logins by default -# Set user-specific RDP session script to ~/.xrdp-xinitrc -# Set default RDP session xinit script to /etc/xrdp/xrdp-xinitrc -# Note: LogFile now at /var/log/xrdp-sesman.log -patch -d sesman/ -p2 < $CWD/sesman.ini.patch - # Build fails if a copy of config.{c,h} is not in sesman/tools/ cp -v sesman/config.{c,h} sesman/tools/ @@ -118,7 +108,6 @@ mv $PKG/etc/$PRGNAM/startwm.sh $PKG/etc/$PRGNAM/xrdp-xinitrc.new mv rsakeys.ini rsakeys.ini.new mv sesman.ini sesman.ini.new mv xrdp.ini xrdp.ini.new - rename ini ini.new km-????.ini ) # Install the xrdp-xwmconfig utility @@ -131,7 +120,8 @@ find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ find $PKG/usr/man -type f -exec gzip -9 {} \; mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a COPYING design.txt install.txt readme.txt faq-*.txt $PKG/usr/doc/$PRGNAM-$VERSION +cp -a COPYING design.txt install.txt README.md faq-*.txt $PKG/usr/doc/$PRGNAM-$VERSION + # Keep a backup copy of startwm.sh in the docs cat sesman/startwm.sh > $PKG/usr/doc/$PRGNAM-$VERSION/startwm.sh-example cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild diff --git a/system/xrdp/xrdp.info b/system/xrdp/xrdp.info index 2269d68a098d..b35d21b43b28 100644 --- a/system/xrdp/xrdp.info +++ b/system/xrdp/xrdp.info @@ -1,8 +1,8 @@ PRGNAM="xrdp" -VERSION="0.6.1" +VERSION="0.9.4" HOMEPAGE="http://xrdp.sourceforge.net/" -DOWNLOAD="http://downloads.sourceforge.net/project/xrdp/xrdp/0.6.1/xrdp-v0.6.1.tar.gz" -MD5SUM="26099c6588943262023607c1b4e774d8" +DOWNLOAD="https://github.com/neutrinolabs/xrdp/archive/v0.9.4/xrdp-0.9.4.tar.gz" +MD5SUM="d6e5b1b3222716feda18e620a590c9e5" DOWNLOAD_x86_64="" MD5SUM_x86_64="" REQUIRES="" |