Hello community, here is the log from the commit of package xrdp for openSUSE:Factory checked in at 2017-07-01 14:05:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xrdp (Old) and /work/SRC/openSUSE:Factory/.xrdp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xrdp" Sat Jul 1 14:05:51 2017 rev:7 rq:507245 version:0.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/xrdp/xrdp.changes 2017-06-08 15:04:40.668842532 +0200 +++ /work/SRC/openSUSE:Factory/.xrdp.new/xrdp.changes 2017-07-01 14:05:54.529023395 +0200 @@ -1,0 +2,9 @@ +Sun Jun 25 16:56:29 UTC 2017 - [email protected] + +- Rebase SLE patches: + + xrdp-avahi.diff + + xrdp-bsc965647-allow-admin-choose-desktop.patch + + xrdp-fate318398-change-expired-password.patch + + xrdp-fate319683-allow-vnc-resizing.patch + +------------------------------------------------------------------- @@ -42,0 +52 @@ + + xrdp-dont-set-LANG.patch @@ -52,0 +63,15 @@ + +------------------------------------------------------------------- +Thu May 18 09:08:57 UTC 2017 - [email protected] + +- Add xrdp-dont-set-LANG.patch: Backport upstream commit 5575197, + sesman should stop setting LANG and let initialization scripts + take care of it (bsc#1023988). + +------------------------------------------------------------------- +Thu May 11 04:12:48 UTC 2017 - [email protected] + +- Update xrdp-fate319683-allow-vnc-resizing.patch: + + Fix a crash caused by double freeing stream (bsc#1034606). + + Remove DisplaySize from Xvnc default policy to enable it + resizing. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xrdp-avahi.diff ++++++ --- /var/tmp/diff_new_pack.waDiIc/_old 2017-07-01 14:05:55.764849493 +0200 +++ /var/tmp/diff_new_pack.waDiIc/_new 2017-07-01 14:05:55.764849493 +0200 @@ -1,89 +1,75 @@ -From 71ebbe34d841d3f29ae2d21fbae25889de5d4a57 Mon Sep 17 00:00:00 2001 -From: Felix Zhang <[email protected]> -Date: Mon, 1 Aug 2016 17:04:31 +0800 -Subject: [PATCH] avahi - ---- - configure.ac | 1 + - xrdp/Makefile.am | 9 +++-- - xrdp/xrdp.h | 8 ++++ - xrdp/xrdp_avahi.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - xrdp/xrdp_listen.c | 2 +- - 5 files changed, 133 insertions(+), 4 deletions(-) - create mode 100644 xrdp/xrdp_avahi.c - diff --git a/configure.ac b/configure.ac -index e1a150e..2cfe026 100644 +index 47212ec..b011897 100644 --- a/configure.ac +++ b/configure.ac -@@ -7,6 +7,7 @@ AM_INIT_AUTOMAKE([1.6 foreign]) - AC_PROG_CC +@@ -9,6 +9,7 @@ AC_PROG_CC AC_C_CONST AC_PROG_LIBTOOL + +PKG_CHECK_MODULES(AVAHI, avahi-client >= 0.6.4) PKG_PROG_PKG_CONFIG - AC_ARG_WITH([systemdsystemunitdir], - AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), + if test "x$PKG_CONFIG" = "x"; then + AC_MSG_ERROR([please install pkg-config]) diff --git a/xrdp/Makefile.am b/xrdp/Makefile.am -index 4fd9a68..e00bc2f 100644 +index a259ef3..2cbb762 100644 --- a/xrdp/Makefile.am +++ b/xrdp/Makefile.am -@@ -33,7 +33,8 @@ INCLUDES = \ +@@ -12,7 +12,9 @@ AM_CPPFLAGS = \ + -DXRDP_SOCKET_PATH=\"${socketdir}\" \ -I$(top_builddir) \ -I$(top_srcdir)/common \ - -I$(top_srcdir)/libxrdp \ -- $(EXTRA_INCLUDES) -+ $(EXTRA_INCLUDES) \ +- -I$(top_srcdir)/libxrdp ++ -I$(top_srcdir)/libxrdp \ + $(AVAHI_CFLAGS) ++ - sbin_PROGRAMS = \ - xrdp -@@ -52,12 +53,14 @@ xrdp_SOURCES = \ - xrdp_process.c \ - xrdp_region.c \ - xrdp_wm.c \ -- xrdp_encoder.c -+ xrdp_encoder.c \ -+ xrdp_avahi.c + XRDP_EXTRA_LIBS = +@@ -46,6 +48,7 @@ xrdp_SOURCES = \ + lang.c \ + xrdp.c \ + xrdp.h \ ++ xrdp_avahi.c \ + xrdp_bitmap.c \ + xrdp_cache.c \ + xrdp_encoder.c \ +@@ -63,7 +66,8 @@ xrdp_SOURCES = \ xrdp_LDADD = \ $(top_builddir)/common/libcommon.la \ $(top_builddir)/libxrdp/libxrdp.la \ -- $(EXTRA_LIBS) -+ $(EXTRA_LIBS) \ +- $(XRDP_EXTRA_LIBS) ++ $(XRDP_EXTRA_LIBS) \ + $(AVAHI_LIBS) - xrdp_LDFLAGS = \ - $(EXTRA_FLAGS) + xrdpsysconfdir=$(sysconfdir)/xrdp + diff --git a/xrdp/xrdp.h b/xrdp/xrdp.h -index 67488a6..e71fb9b 100644 +index 82e8a57..ae70874 100644 --- a/xrdp/xrdp.h +++ b/xrdp/xrdp.h -@@ -164,6 +164,8 @@ void APP_CC +@@ -163,6 +163,8 @@ void xrdp_listen_delete(struct xrdp_listen* self); - int APP_CC + int xrdp_listen_main_loop(struct xrdp_listen* self); -+int APP_CC ++int +xrdp_listen_get_port(char* port, int port_bytes); /* xrdp_region.c */ - struct xrdp_region* APP_CC -@@ -510,3 +512,9 @@ int DEFAULT_CC - server_add_char_alpha(struct xrdp_mod* mod, int font, int charactor, - int offset, int baseline, - int width, int height, char* data); -+ + struct xrdp_region* +@@ -514,3 +516,8 @@ server_add_char_alpha(struct xrdp_mod* mod, int font, int character, + int + server_session_info(struct xrdp_mod *mod, const char *data, int data_bytes); + +/* xrdp_avahi.c */ -+int APP_CC ++int +xrdp_avahi_init(void); -+void APP_CC ++void +xrdp_avahi_fini(void); diff --git a/xrdp/xrdp_avahi.c b/xrdp/xrdp_avahi.c -new file mode 100644 -index 0000000..7fa1656 ---- /dev/null +index e69de29..642a333 100644 +--- a/xrdp/xrdp_avahi.c +++ b/xrdp/xrdp_avahi.c -@@ -0,0 +1,117 @@ +@@ -0,0 +1,115 @@ +/* + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by @@ -106,10 +92,8 @@ + +*/ + -+#include "xrdp.h" -+ -+#include <stdlib.h> +#include <stdio.h> ++#include <stdlib.h> +#include <unistd.h> +#include <avahi-client/client.h> +#include <avahi-client/publish.h> @@ -136,7 +120,7 @@ + char port[8]; + /* dummy parameters */ + char address[256]; -+ struct xrdp_startup_params* startup_param = {"", 0, 0, 0, 0}; ++ struct xrdp_startup_params* startup_param = {(const char[]) {""}, 0, 0, 0, 0, 0, 0, 0}; + + if (gethostname (hname, sizeof (hname))) + break; @@ -173,7 +157,7 @@ + } +} + -+int APP_CC ++int +xrdp_avahi_init (void) +{ + if (!(threaded_poll = avahi_threaded_poll_new ())) @@ -192,7 +176,7 @@ + return 0; +} + -+void APP_CC ++void +xrdp_avahi_fini (void) +{ + avahi_threaded_poll_stop (threaded_poll); @@ -202,10 +186,10 @@ + avahi_threaded_poll_free (threaded_poll); +} diff --git a/xrdp/xrdp_listen.c b/xrdp/xrdp_listen.c -index b2b19ca..c1ae4c5 100644 +index 0fbe61f..ed0af63 100644 --- a/xrdp/xrdp_listen.c +++ b/xrdp/xrdp_listen.c -@@ -145,7 +145,7 @@ xrdp_process_run(void *in_val) +@@ -149,7 +149,7 @@ xrdp_process_run(void *in_val) } /*****************************************************************************/ @@ -214,6 +198,3 @@ xrdp_listen_get_port_address(char *port, int port_bytes, char *address, int address_bytes, int *tcp_nodelay, int *tcp_keepalive, --- -2.6.6 - ++++++ xrdp-bsc965647-allow-admin-choose-desktop.patch ++++++ --- /var/tmp/diff_new_pack.waDiIc/_old 2017-07-01 14:05:55.780847241 +0200 +++ /var/tmp/diff_new_pack.waDiIc/_new 2017-07-01 14:05:55.780847241 +0200 @@ -1,20 +1,117 @@ -From b14f40d4567b884623936a8b3c20350d1ea37ffd Mon Sep 17 00:00:00 2001 -From: Felix Zhang <[email protected]> -Date: Mon, 1 Aug 2016 17:55:35 +0800 -Subject: [PATCH] bsc#965647 allow admin choose desktop - ---- - sesman/startwm.sh | 44 +++++++++++++++++++++----------------------- - 1 file changed, 21 insertions(+), 23 deletions(-) - diff --git a/sesman/startwm.sh b/sesman/startwm.sh -index ee48263..ace62a0 100755 +index 452917a..ace62a0 100755 --- a/sesman/startwm.sh +++ b/sesman/startwm.sh -@@ -3,30 +3,28 @@ - #start the window manager - wm_start() +@@ -1,33 +1,62 @@ + #!/bin/sh + +-# Execution sequence for interactive login shell - pseudocode +-# +-# IF /etc/profile is readable THEN +-# execute ~/.bash_profile +-# END IF +-# IF ~/.bash_profile is readable THEN +-# execute ~/.bash_profile +-# ELSE +-# IF ~/.bash_login is readable THEN +-# execute ~/.bash_login +-# ELSE +-# IF ~/.profile is readable THEN +-# execute ~/.profile +-# END IF +-# END IF +-# END IF ++#start the window manager ++wm_start() ++{ ++ #Customize your preferred session mode here ++ SESSION="sle" ++ ++ case $SESSION in ++ sle) ++ if [ -r /usr/bin/gnome-session ]; then ++ export GNOME_SHELL_SESSION_MODE=classic ++ export SLE_CLASSIC_MODE=1 ++ /usr/bin/gnome-session --session gnome-classic ++ fi ++ ;; ++ gnome) ++ if [ -r /usr/bin/gnome-session ]; then ++ /usr/bin/gnome-session ++ fi ++ ;; ++ icewm) ++ if [ -r /usr/bin/icewm-session ]; then ++ /usr/bin/icewm-session ++ fi ++ ;; ++ esac ++} ++ ++#Execution sequence for interactive login shell ++#Following pseudo code explains the sequence of execution of these files. ++#execute /etc/profile ++#IF ~/.bash_profile exists THEN ++# execute ~/.bash_profile ++#ELSE ++# IF ~/.bash_login exist THEN ++# execute ~/.bash_login ++# ELSE ++# IF ~/.profile exist THEN ++# execute ~/.profile ++# END IF ++# END IF ++#END IF + pre_start() + { +- if [ -r /etc/profile ]; then ++ if [ -f /etc/profile ] ++ then + . /etc/profile + fi +- if [ -r ~/.bash_profile ]; then ++ if [ -f ~/.bash_profile ] ++ then + . ~/.bash_profile + else +- if [ -r ~/.bash_login ]; then ++ if [ -f ~/.bash_login ] ++ then + . ~/.bash_login + else +- if [ -r ~/.profile ]; then ++ if [ -f ~/.profile ] ++ then + . ~/.profile + fi + fi +@@ -35,56 +64,20 @@ pre_start() + return 0 + } + +-# When loging out from the interactive shell, the execution sequence is: +-# +-# IF ~/.bash_logout exists THEN +-# execute ~/.bash_logout +-# END IF ++#When you logout of the interactive shell, following is the ++#sequence of execution: ++#IF ~/.bash_logout exists THEN ++# execute ~/.bash_logout ++#END IF + post_start() { +- if [ -r ~/.bash_logout ]; then ++ if [ -f ~/.bash_logout ] ++ then + . ~/.bash_logout + fi + return 0 + } + +-#start the window manager +-wm_start() +-{ - if [ -r /etc/default/locale ]; then - . /etc/default/locale - export LANG LANGUAGE @@ -22,47 +119,42 @@ - - # debian - if [ -r /etc/X11/Xsession ]; then +- pre_start - . /etc/X11/Xsession +- post_start - exit 0 - fi - - # el - if [ -r /etc/X11/xinit/Xsession ]; then +- pre_start - . /etc/X11/xinit/Xsession +- post_start - exit 0 - fi -+ #Customize your preferred session mode here -+ SESSION="sle" - +- - # suse - if [ -r /etc/X11/xdm/Xsession ]; then +- # since the following script run a user login shell, +- # do not execute the pseudo login shell scripts - . /etc/X11/xdm/Xsession - exit 0 - fi - +- pre_start - xterm -+ case $SESSION in -+ sle) -+ if [ -r /usr/bin/gnome-session ]; then -+ export GNOME_SHELL_SESSION_MODE=classic -+ export SLE_CLASSIC_MODE=1 -+ /usr/bin/gnome-session --session gnome-classic -+ fi -+ ;; -+ gnome) -+ if [ -r /usr/bin/gnome-session ]; then -+ /usr/bin/gnome-session -+ fi -+ ;; -+ icewm) -+ if [ -r /usr/bin/icewm-session ]; then -+ /usr/bin/icewm-session -+ fi -+ ;; -+ esac - } +- post_start +-} +- + #. /etc/environment + #export PATH=$PATH + #export LANG=$LANG +@@ -99,6 +92,8 @@ wm_start() + # includes + # auth required pam_env.so readenv=1 + ++pre_start + wm_start ++post_start - #Execution sequence for interactive login shell --- -2.6.6 - + exit 1 ++++++ xrdp-fate318398-change-expired-password.patch ++++++ --- /var/tmp/diff_new_pack.waDiIc/_old 2017-07-01 14:05:55.804843864 +0200 +++ /var/tmp/diff_new_pack.waDiIc/_new 2017-07-01 14:05:55.804843864 +0200 @@ -1,39 +1,19 @@ -From 7eed33d99e93432c2b425a8ce1d2955b3532da39 Mon Sep 17 00:00:00 2001 -From: Felix Zhang <[email protected]> -Date: Mon, 1 Aug 2016 17:26:41 +0800 -Subject: [PATCH] FATE#318398: Enable xrdp to allow a required password change - for users - ---- - sesman/auth.h | 2 + - sesman/libscp/libscp_session.c | 30 ++++++++ - sesman/libscp/libscp_types.h | 2 + - sesman/libscp/libscp_v0.c | 23 ++++-- - sesman/libscp/libscp_v0.h | 2 +- - sesman/scp_v0.c | 13 +++- - sesman/verify_user_pam.c | 95 ++++++++++++++++++++++++ - xrdp/xrdp_login_wnd.c | 155 +++++++++++++++++++++++++++++++++++++- - xrdp/xrdp_mm.c | 164 ++++++++++++++++++++++++++++++----------- - xrdp/xrdp_types.h | 1 + - xrdp/xrdp_wm.c | 41 ++++++++++- - 11 files changed, 475 insertions(+), 53 deletions(-) - diff --git a/sesman/auth.h b/sesman/auth.h -index e06b9eb..ee33e94 100644 +index 56f7809..4dd3836 100644 --- a/sesman/auth.h +++ b/sesman/auth.h -@@ -106,4 +106,6 @@ auth_check_pwd_chg(char* user); - int DEFAULT_CC - auth_change_pwd(char* user, char* newpwd); +@@ -106,4 +106,6 @@ auth_check_pwd_chg(const char *user); + int + auth_change_pwd(const char *user, const char *newpwd); -+int DEFAULT_CC ++int +auth_change_pwd_pam(char* user, char* pass, char* newpwd); #endif diff --git a/sesman/libscp/libscp_session.c b/sesman/libscp/libscp_session.c -index d25fc64..35bc223 100644 +index 8df34b3..54d08ae 100644 --- a/sesman/libscp/libscp_session.c +++ b/sesman/libscp/libscp_session.c -@@ -71,6 +71,10 @@ scp_session_set_type(struct SCP_SESSION *s, tui8 type) +@@ -75,6 +75,10 @@ scp_session_set_type(struct SCP_SESSION *s, tui8 type) s->type = SCP_GW_AUTHENTICATION; break; @@ -44,7 +24,7 @@ case SCP_SESSION_TYPE_MANAGE: s->type = SCP_SESSION_TYPE_MANAGE; s->mng = (struct SCP_MNG_DATA *)g_malloc(sizeof(struct SCP_MNG_DATA), 1); -@@ -231,6 +235,32 @@ scp_session_set_password(struct SCP_SESSION *s, char *str) +@@ -236,6 +240,32 @@ scp_session_set_password(struct SCP_SESSION *s, const char *str) /*******************************************************************/ int @@ -74,11 +54,11 @@ + +/*******************************************************************/ +int - scp_session_set_domain(struct SCP_SESSION *s, char *str) + scp_session_set_domain(struct SCP_SESSION *s, const char *str) { if (0 == str) diff --git a/sesman/libscp/libscp_types.h b/sesman/libscp/libscp_types.h -index de85186..f6be582 100644 +index 8cb9166..b4441da 100644 --- a/sesman/libscp/libscp_types.h +++ b/sesman/libscp/libscp_types.h @@ -47,6 +47,7 @@ @@ -89,7 +69,7 @@ #define SCP_ADDRESS_TYPE_IPV4 0x00 #define SCP_ADDRESS_TYPE_IPV6 0x01 -@@ -81,6 +82,7 @@ struct SCP_SESSION +@@ -77,6 +78,7 @@ struct SCP_SESSION char locale[18]; char* username; char* password; @@ -98,10 +78,10 @@ tui8 addr_type; tui32 ipv4addr; diff --git a/sesman/libscp/libscp_v0.c b/sesman/libscp/libscp_v0.c -index 8cf1340..2b3d203 100644 +index 5a0c8bf..4b3fc98 100644 --- a/sesman/libscp/libscp_v0.c +++ b/sesman/libscp/libscp_v0.c -@@ -306,9 +306,8 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) +@@ -317,9 +317,8 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) } } } @@ -112,7 +92,7 @@ session = scp_session_create(); if (0 == session) -@@ -318,7 +317,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) +@@ -329,7 +328,7 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) } scp_session_set_version(session, version); @@ -121,8 +101,8 @@ /* reading username */ in_uint16_be(c->in_s, sz); buf[sz] = '\0'; -@@ -344,6 +343,19 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) - /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting password", __LINE__); */ +@@ -342,6 +341,19 @@ scp_v0s_accept(struct SCP_CONNECTION *c, struct SCP_SESSION **s, int skipVchk) + /* until syslog merge log_message(s_log, LOG_LEVEL_WARNING, "[v0:%d] connection aborted: error setting username", __LINE__);*/ return SCP_SERVER_STATE_INTERNAL_ERR; } + if (code == SCP_GW_CHAUTHTOK) @@ -138,10 +118,10 @@ + return SCP_SERVER_STATE_INTERNAL_ERR; + } + } - } - else - { -@@ -399,12 +411,13 @@ scp_v0s_deny_connection(struct SCP_CONNECTION *c) + + /* reading password */ + in_uint16_be(c->in_s, sz); +@@ -417,12 +429,13 @@ scp_v0s_deny_connection(struct SCP_CONNECTION *c) /******************************************************************************/ enum SCP_SERVER_STATES_E @@ -158,7 +138,7 @@ out_uint16_be(c->out_s, 0); /* dummy data */ s_mark_end(c->out_s); diff --git a/sesman/libscp/libscp_v0.h b/sesman/libscp/libscp_v0.h -index 16e49e0..3199db0 100644 +index 21fc16c..ae54619 100644 --- a/sesman/libscp/libscp_v0.h +++ b/sesman/libscp/libscp_v0.h @@ -79,6 +79,6 @@ scp_v0s_deny_connection(struct SCP_CONNECTION* c); @@ -170,12 +150,12 @@ #endif diff --git a/sesman/scp_v0.c b/sesman/scp_v0.c -index ce528d4..3fc788f 100644 +index de00068..51f1af7 100644 --- a/sesman/scp_v0.c +++ b/sesman/scp_v0.c -@@ -37,6 +37,13 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) - struct session_item *s_item; - int errorcode = 0 ; +@@ -42,6 +42,13 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) + int errorcode = 0; + bool_t do_auth_end = 1; + if (s->type == SCP_GW_CHAUTHTOK) + { @@ -184,10 +164,10 @@ + return ; + } + - data = auth_userpass(s->username, s->password,&errorcode); + data = auth_userpass(s->username, s->password, &errorcode); if (s->type == SCP_GW_AUTHENTICATION) -@@ -48,14 +55,14 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +@@ -53,14 +60,14 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) if (1 == access_login_allowed(s->username)) { /* the user is member of the correct groups. */ @@ -199,25 +179,25 @@ } else { -- scp_v0s_replyauthentication(c, 32+3); /* all first 32 are reserved for PAM errors */ +- scp_v0s_replyauthentication(c, 32 + 3); /* all first 32 are reserved for PAM errors */ + scp_v0s_replyauthentication(c, 32 + 3, SCP_GW_AUTHENTICATION); /* all first 32 are reserved for PAM errors */ log_message(LOG_LEVEL_INFO, "Username okey but group problem for " "user: %s", s->username); /* g_writeln("user password ok, but group problem"); */ -@@ -66,7 +73,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) +@@ -71,7 +78,7 @@ scp_v0_process(struct SCP_CONNECTION *c, struct SCP_SESSION *s) /* g_writeln("username or password error"); */ log_message(LOG_LEVEL_INFO, "Username or password error for user: %s", s->username); - scp_v0s_replyauthentication(c, errorcode); + scp_v0s_replyauthentication(c, errorcode, SCP_GW_AUTHENTICATION); } - - auth_end(data); + } + else if (data) diff --git a/sesman/verify_user_pam.c b/sesman/verify_user_pam.c -index a2b3f93..4eb61fa 100644 +index 15174c2..d996470 100644 --- a/sesman/verify_user_pam.c +++ b/sesman/verify_user_pam.c -@@ -34,6 +34,7 @@ struct t_user_pass +@@ -38,6 +38,7 @@ struct t_user_pass { char user[256]; char pass[256]; @@ -225,11 +205,11 @@ }; struct t_auth_info -@@ -82,6 +83,55 @@ verify_pam_conv(int num_msg, const struct pam_message **msg, +@@ -86,6 +87,55 @@ verify_pam_conv(int num_msg, const struct pam_message **msg, } /******************************************************************************/ -+static int DEFAULT_CC ++static int +chauth_pam_conv(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ @@ -278,17 +258,16 @@ +} + +/******************************************************************************/ - static void DEFAULT_CC + static void get_service_name(char *service_name) { -@@ -309,3 +359,48 @@ auth_set_env(long in_val) - - return 0; +@@ -102,6 +152,52 @@ get_service_name(char *service_name) } -+/******************************************************************************/ + + /******************************************************************************/ +/* returns boolean */ +/* update to the new pass */ -+int DEFAULT_CC ++int +auth_change_pwd_pam(char *user, char *pass, char *newpwd) +{ + int error; @@ -330,11 +309,16 @@ + } + return error; +} ++ ++/******************************************************************************/ + /* returns long, zero is no go + Stores the detailed error code in the errorcode variable*/ + diff --git a/xrdp/xrdp_login_wnd.c b/xrdp/xrdp_login_wnd.c -index 357b4e2..c74eedd 100644 +index 49477a1..160a1ef 100644 --- a/xrdp/xrdp_login_wnd.c +++ b/xrdp/xrdp_login_wnd.c -@@ -178,7 +178,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitmap *wnd) +@@ -181,7 +181,14 @@ xrdp_wm_cancel_clicked(struct xrdp_bitmap *wnd) { if (wnd->wm != 0) { @@ -350,7 +334,7 @@ { g_set_wait_obj(wnd->wm->pro_layer->self_term_event); } -@@ -236,7 +243,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd) +@@ -239,7 +246,29 @@ xrdp_wm_ok_clicked(struct xrdp_bitmap *wnd) } else { @@ -381,13 +365,13 @@ } return 0; -@@ -520,6 +549,31 @@ xrdp_wm_login_notify(struct xrdp_bitmap *wnd, - +@@ -516,6 +545,32 @@ xrdp_wm_login_notify(struct xrdp_bitmap *wnd, return 0; } + +/*****************************************************************************/ +/* change new password window events go here */ -+static int DEFAULT_CC ++static int +xrdp_wm_newpass_notify(struct xrdp_bitmap *wnd, + struct xrdp_bitmap *sender, + int msg, long param1, long param2) @@ -410,15 +394,16 @@ + } + return 0; +} - ++ /******************************************************************************/ - static int APP_CC -@@ -767,6 +821,103 @@ xrdp_login_wnd_create(struct xrdp_wm *self) + static int + xrdp_wm_login_fill_in_combo(struct xrdp_wm *self, struct xrdp_bitmap *b) +@@ -789,6 +844,103 @@ xrdp_login_wnd_create(struct xrdp_wm *self) return 0; } +/******************************************************************************/ -+int APP_CC ++int +xrdp_newpass_wnd_create(struct xrdp_wm *self) +{ + struct xrdp_bitmap *but; @@ -518,19 +503,19 @@ * Load configuration from xrdp.ini file * diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c -index 76957ad..0ab173b 100644 +index ba4227c..4e15f88 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c -@@ -1425,7 +1425,7 @@ xrdp_mm_sesman_data_in(struct trans *trans) +@@ -1458,7 +1458,7 @@ xrdp_mm_sesman_data_in(struct trans *trans) /*********************************************************************/ /* return 0 on success */ - static int APP_CC + static int -access_control(char *username, char *password, char *srv) +access_control(char *username, char *password, char *newpass, char *srv, int type) { int reply; int rec = 32+1; /* 32 is reserved for PAM failures this means connect failure */ -@@ -1451,7 +1451,8 @@ access_control(char *username, char *password, char *srv) +@@ -1484,7 +1484,8 @@ access_control(char *username, char *password, char *srv) make_stream(out_s); init_stream(out_s, 500); s_push_layer(out_s, channel_hdr, 8); @@ -540,7 +525,7 @@ index = g_strlen(username); out_uint16_be(out_s, index); out_uint8a(out_s, username, index); -@@ -1459,6 +1460,14 @@ access_control(char *username, char *password, char *srv) +@@ -1492,6 +1493,14 @@ access_control(char *username, char *password, char *srv) index = g_strlen(password); out_uint16_be(out_s, index); out_uint8a(out_s, password, index); @@ -555,7 +540,7 @@ s_mark_end(out_s); s_pop_layer(out_s, channel_hdr); out_uint32_be(out_s, 0); /* version */ -@@ -1488,15 +1497,19 @@ access_control(char *username, char *password, char *srv) +@@ -1521,15 +1530,19 @@ access_control(char *username, char *password, char *srv) in_uint16_be(in_s, pAM_errorcode); /* this variable holds the PAM error code if the variable is >32 it is a "invented" code */ in_uint16_be(in_s, dummy); @@ -579,16 +564,16 @@ } else { -@@ -1709,7 +1722,7 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1847,7 +1860,7 @@ xrdp_mm_connect(struct xrdp_mm *self) + char port[8]; char chansrvport[256]; - #ifdef ACCESS #ifndef USE_NOPAM - int use_pam_auth = 0; + int use_pam_auth_explicit = 0; char pam_auth_sessionIP[256]; char pam_auth_password[256]; char pam_auth_username[256]; -@@ -1752,7 +1765,7 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1887,7 +1900,7 @@ xrdp_mm_connect(struct xrdp_mm *self) #ifndef USE_NOPAM else if (g_strcasecmp(name, "pamusername") == 0) { @@ -597,32 +582,22 @@ g_strncpy(pam_auth_username, value, 255); } else if (g_strcasecmp(name, "pamsessionmng") == 0) -@@ -1783,51 +1796,67 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -1915,45 +1928,56 @@ xrdp_mm_connect(struct xrdp_mm *self) + } - #ifdef ACCESS #ifndef USE_NOPAM - if (use_pam_auth) +- { +- int reply; +- char pam_error[128]; +- const char *additionalError; +- xrdp_wm_log_msg(self->wm, LOG_LEVEL_DEBUG, +- "Please wait, we now perform access control..."); + int reply; + char replytxt[128]; + char pam_error[128]; + const char *additionalError; -+ xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control..."); -+ -+ /* g_writeln("we use pam modules to check if we can approve this user"); */ -+ -+ /* use pam either way, copy from normal user name when not explicitly inputed */ -+ if (use_pam_auth_explicit == 0) - { -- int reply; -- char replytxt[128]; -- char pam_error[128]; -- const char *additionalError; -- xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control..."); -+ log_message(LOG_LEVEL_DEBUG, "pam parameters not defined, copy from user input"); -+ g_strncpy(pam_auth_username, username, 255); -+ g_strncpy(pam_auth_password, password, 255); -+ g_strncpy(pam_auth_sessionIP, "127.0.0.1", 255); -+ } ++ xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, "Please wait, we now perform access control..."); - /* g_writeln("we use pam modules to check if we can approve this user"); */ - if (!g_strncmp(pam_auth_username, "same", 255)) @@ -630,10 +605,13 @@ - log_message(LOG_LEVEL_DEBUG, "pamusername copied from username - same: %s", username); - g_strncpy(pam_auth_username, username, 255); - } -+ if (!g_strncmp(pam_auth_username, "same", 255)) ++ /* use pam either way, copy from normal user name when not explicitly inputed */ ++ if (use_pam_auth_explicit == 0) + { -+ log_message(LOG_LEVEL_DEBUG, "pamusername copied from username - same: %s", username); ++ log_message(LOG_LEVEL_DEBUG, "pam parameters not defined, copy from user input"); + g_strncpy(pam_auth_username, username, 255); ++ g_strncpy(pam_auth_password, password, 255); ++ g_strncpy(pam_auth_sessionIP, "127.0.0.1", 255); + } - if (!g_strncmp(pam_auth_password, "same", 255)) @@ -641,49 +619,45 @@ - log_message(LOG_LEVEL_DEBUG, "pam_auth_password copied from username - same: %s", password); - g_strncpy(pam_auth_password, password, 255); - } -+ if (!g_strncmp(pam_auth_password, "same", 255)) ++ if (!g_strncmp(pam_auth_username, "same", 255)) + { -+ log_message(LOG_LEVEL_DEBUG, "pam_auth_password copied from username - same: %s", password); -+ g_strncpy(pam_auth_password, password, 255); ++ log_message(LOG_LEVEL_DEBUG, "pamusername copied from username - same: %s", username); ++ g_strncpy(pam_auth_username, username, 255); + } - /* access_control return 0 on success */ - reply = access_control(pam_auth_username, pam_auth_password, pam_auth_sessionIP); ++ if (!g_strncmp(pam_auth_password, "same", 255)) ++ { ++ log_message(LOG_LEVEL_DEBUG, "pam_auth_password copied from password - same: %s", password); ++ g_strncpy(pam_auth_password, password, 255); ++ } + +- xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, +- "Reply from access control: %s", +- getPAMError(reply, pam_error, 127)); + /* access_control return 0 on success */ + reply = access_control(pam_auth_username, pam_auth_password, NULL, pam_auth_sessionIP, 4); ++ xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, ++ "Reply from access control: %s", ++ getPAMError(reply, pam_error, 127)); -- g_sprintf(replytxt, "Reply from access control: %s", -- getPAMError(reply, pam_error, 127)); -+ g_sprintf(replytxt, "Reply from access control: %s", -+ getPAMError(reply, pam_error, 127)); - -- xrdp_wm_log_msg(self->wm, replytxt); -- log_message(LOG_LEVEL_INFO, replytxt); - additionalError = getPAMAdditionalErrorInfo(reply, self); -- if (additionalError) -+ xrdp_wm_log_msg(self->wm, replytxt); -+ log_message(LOG_LEVEL_INFO, replytxt); +- if (additionalError && additionalError[0]) +- { +- xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, "%s", additionalError); +- } + additionalError = getPAMAdditionalErrorInfo(reply, self); -+ if (additionalError) ++ if (additionalError && additionalError[0]) + { -+ g_snprintf(replytxt, 127, "%s", additionalError); -+ if (replytxt[0]) - { -- g_snprintf(replytxt, 127, "%s", additionalError); -- if (replytxt[0]) -- { -- xrdp_wm_log_msg(self->wm, replytxt); -- } -+ xrdp_wm_log_msg(self->wm, replytxt); - } ++ xrdp_wm_log_msg(self->wm, LOG_LEVEL_INFO, "%s", additionalError); + } -+ + +- if (reply != 0) + if (reply != 0) + { + /* show PAM errors */ + xrdp_wm_show_log(self->wm); - -- if (reply != 0) + if (reply == PAM_NEW_AUTHTOK_REQD) { - rv = 1; @@ -694,16 +668,14 @@ + rv = 1; + return rv; } -+ - #endif #endif -@@ -1923,6 +1952,59 @@ xrdp_mm_connect(struct xrdp_mm *self) +@@ -2047,6 +2071,59 @@ xrdp_mm_connect(struct xrdp_mm *self) } /*****************************************************************************/ +/* return 0 on success */ -+int APP_CC ++int +xrdp_mm_change_expired_password(struct xrdp_mm *self) +{ + int rv = -1; @@ -755,14 +727,14 @@ +} + +/*****************************************************************************/ - int APP_CC + int xrdp_mm_get_wait_objs(struct xrdp_mm *self, tbus *read_objs, int *rcount, diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h -index 29aaac8..498e8dd 100644 +index 75c70ee..344e7fc 100644 --- a/xrdp/xrdp_types.h +++ b/xrdp/xrdp_types.h -@@ -335,6 +335,7 @@ struct xrdp_wm +@@ -325,6 +325,7 @@ struct xrdp_wm struct xrdp_cache* cache; int palette[256]; struct xrdp_bitmap* login_window; @@ -771,10 +743,10 @@ int black; int grey; diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c -index 39bd038..7661408 100644 +index 8a6695f..238c5cf 100644 --- a/xrdp/xrdp_wm.c +++ b/xrdp/xrdp_wm.c -@@ -1786,6 +1786,34 @@ xrdp_wm_login_mode_changed(struct xrdp_wm *self) +@@ -1855,6 +1855,34 @@ xrdp_wm_login_mode_changed(struct xrdp_wm *self) self->dragging = 0; xrdp_wm_set_login_mode(self, 11); } @@ -783,7 +755,7 @@ + /* keep log window open */ + if (self->log_wnd == 0) + { -+ xrdp_wm_delete_all_childs(self); ++ xrdp_wm_delete_all_children(self); + } + /* show update expired password window */ + self->dragging = 0; @@ -795,7 +767,7 @@ + else if (self->login_mode == 22) + { + /* do change expired password session */ -+ xrdp_wm_delete_all_childs(self); ++ xrdp_wm_delete_all_children(self); + self->dragging = 0; + if (xrdp_mm_change_expired_password(self->mm) == 0) + { @@ -809,7 +781,7 @@ return 0; } -@@ -1830,11 +1858,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitmap *wnd, +@@ -1899,11 +1927,19 @@ xrdp_wm_log_wnd_notify(struct xrdp_bitmap *wnd, xrdp_bitmap_invalidate(wm->screen, &rect); /* if module is gone, reset the session when ok is clicked */ @@ -830,16 +802,13 @@ } } } -@@ -1893,6 +1929,9 @@ xrdp_wm_show_log(struct xrdp_wm *self) +@@ -1965,6 +2001,9 @@ xrdp_wm_show_log(struct xrdp_wm *self) return 0; } + /* delete all dialogs, they will be created when needed anyway */ -+ xrdp_wm_delete_all_childs(self); ++ xrdp_wm_delete_all_children(self); + if (self->log_wnd == 0) { w = DEFAULT_WND_LOG_W; --- -2.6.6 - ++++++ xrdp-fate319683-allow-vnc-resizing.patch ++++++ --- /var/tmp/diff_new_pack.waDiIc/_old 2017-07-01 14:05:55.816842176 +0200 +++ /var/tmp/diff_new_pack.waDiIc/_new 2017-07-01 14:05:55.816842176 +0200 @@ -1,21 +1,36 @@ +diff --git a/sesman/sesman.ini b/sesman/sesman.ini +index 37c7816..4a428ec 100644 +--- a/sesman/sesman.ini ++++ b/sesman/sesman.ini +@@ -40,7 +40,7 @@ DisconnectedTimeLimit=0 + + ;; Policy - session allocation policy + ; Type: enum [ "Default" | "UBD" | "UBI" | "UBC" | "UBDI" | "UBDC" ] +-; Default: Xrdp:<User,BitPerPixel> and Xvnc:<User,BitPerPixel,DisplaySize> ++; Default: Xrdp and Xvnc:<User,BitPerPixel> + ; "UBD" session per <User,BitPerPixel,DisplaySize> + ; "UBI" session per <User,BitPerPixel,IPAddr> + ; "UBC" session per <User,BitPerPixel,Connection> diff --git a/sesman/session.c b/sesman/session.c -index 4ea48d3..def4179 100644 +index 0b8bb6a..3a0164b 100644 --- a/sesman/session.c +++ b/sesman/session.c -@@ -105,7 +105,6 @@ session_get_bydata(char *name, int width, int height, int bpp, int type, char *c +@@ -105,9 +105,6 @@ session_get_bydata(const char *name, int width, int height, int bpp, int type, { case SCP_SESSION_TYPE_XVNC: /* 0 */ type = SESMAN_SESSION_TYPE_XVNC; /* 2 */ -- policy |= SESMAN_CFG_SESS_POLICY_D; /* Xvnc cannot resize */ +- /* Xvnc cannot resize */ +- policy = (enum SESMAN_CFG_SESS_POLICY) +- (policy | SESMAN_CFG_SESS_POLICY_D); break; case SCP_SESSION_TYPE_XRDP: /* 1 */ type = SESMAN_SESSION_TYPE_XRDP; /* 1 */ diff --git a/vnc/vnc.c b/vnc/vnc.c -index c3ee3bf..03bb5b5 100644 +index db593da..0db68b9 100644 --- a/vnc/vnc.c +++ b/vnc/vnc.c -@@ -359,7 +359,8 @@ lib_mod_event(struct vnc *v, int msg, long param1, long param2, - /* FrambufferUpdateRequest */ +@@ -383,7 +383,8 @@ lib_mod_event(struct vnc *v, int msg, long param1, long param2, + /* FramebufferUpdateRequest */ init_stream(s, 8192); out_uint8(s, 3); - out_uint8(s, 0); @@ -24,7 +39,7 @@ x = (param1 >> 16) & 0xffff; out_uint16_be(s, x); y = param1 & 0xffff; -@@ -707,7 +708,24 @@ lib_framebuffer_update(struct vnc *v) +@@ -724,7 +725,24 @@ lib_framebuffer_update(struct vnc *v) { v->mod_width = cx; v->mod_height = cy; @@ -50,11 +65,10 @@ } else { -@@ -724,13 +742,23 @@ lib_framebuffer_update(struct vnc *v) +@@ -740,12 +758,22 @@ lib_framebuffer_update(struct vnc *v) + error = v->server_end_update(v); } - g_free(data); -+ free_stream(s); + if (v->mod_width != v->server_width || v->mod_height != v->server_height) + { + /* perform actual resize outside the update */ @@ -63,10 +77,10 @@ + error = v->server_reset(v, v->mod_width, v->mod_height, v->mod_bpp); + v->incremental = 0; + } - ++ if (error == 0) { - /* FrambufferUpdateRequest */ + /* FramebufferUpdateRequest */ init_stream(s, 8192); out_uint8(s, 3); - out_uint8(s, 1); @@ -75,7 +89,7 @@ out_uint16_be(s, 0); out_uint16_be(s, 0); out_uint16_be(s, v->mod_width); -@@ -1238,13 +1266,14 @@ lib_mod_connect(struct vnc *v) +@@ -1327,11 +1355,12 @@ lib_mod_connect(struct vnc *v) init_stream(s, 8192); out_uint8(s, 2); out_uint8(s, 0); @@ -87,13 +101,10 @@ out_uint32_be(s, 0xffffff21); /* desktop size */ + out_uint32_be(s, 0xfffffecc); /* extended desktop resize */ v->server_msg(v, "VNC sending encodings", 0); -- error = lib_send(v, s->data, 4 + 4 * 4); -+ error = lib_send(v, s->data, 4 + 5 * 4); - } - - if (error == 0) -@@ -1257,7 +1286,8 @@ lib_mod_connect(struct vnc *v) - /* FrambufferUpdateRequest */ + s_mark_end(s); + error = trans_force_write_s(v->trans, s); +@@ -1347,7 +1376,8 @@ lib_mod_connect(struct vnc *v) + /* FramebufferUpdateRequest */ init_stream(s, 8192); out_uint8(s, 3); - out_uint8(s, 0); @@ -103,12 +114,14 @@ out_uint16_be(s, 0); out_uint16_be(s, v->mod_width); diff --git a/vnc/vnc.h b/vnc/vnc.h -index 6d265be..69e899b 100644 +index 3eee4e0..1990778 100644 --- a/vnc/vnc.h +++ b/vnc/vnc.h -@@ -116,4 +116,5 @@ struct vnc - int clip_data_size; - tbus sck_obj; +@@ -113,6 +113,7 @@ struct vnc + int clip_chanid; + struct stream *clip_data_s; int delay_ms; + int incremental; - }; + struct trans *trans; + int got_guid; + tui8 guid[16];
