[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1026827: xrdp: initially xrdp worked ok, but later it broke, and the problem was /etc/xrdp/startwm.sh that changed

Package: xrdp
Version: 0.9.12-1.1
Severity: critical
Justification: breaks the whole system
X-Debbugs-Cc: alexbodn@gmail.com

Dear Maintainer,

   * What led up to the situation?
the remmina-rdp and android ms-rdesktop initially worked ok, 
but after this change began to show a black screen and close it.
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
upstream discussion led me to check /etc/xrdp/startwm.sh that not only seemed broken, 
but the version that seemed ok (and later worked indeed) was renamed to /etc/xrdp/startwm.sh0.
the broken version was also in a file /etc/xrdp/startwm.sh1.
   * What was the outcome of this action?
xrdp was initially working until the day before, when it showed a black window and disconnected.
   * What outcome did you expect instead?
after i suspected this file was broken, and replaced it with /etc/xrdp/startwm.sh0 that was by it's side.


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-20-cloud-amd64 (SMP w/6 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xrdp depends on:
ii  adduser              3.118
ii  init-system-helpers  1.60
ii  libc6                2.31-13+deb11u5
ii  libfuse2             2.9.9-5
ii  libjpeg62-turbo      1:2.0.6-4
ii  libopus0             1.3.1-0.1
ii  libpam0g             1.4.0-9+deb11u1
ii  libssl1.1            1.1.1n-0+deb11u3
ii  libx11-6             2:1.7.2-1
ii  libxfixes3           1:5.0.3-2
ii  libxrandr2           2:1.5.1-1
ii  lsb-base             11.1.0
ii  ssl-cert             1.1.0+nmu1

Versions of packages xrdp recommends:
ii  fuse3 [fuse]  3.10.3-2
ii  xorgxrdp      1:0.2.12-1

Versions of packages xrdp suggests:
pn  guacamole                  <none>
pn  xrdp-pulseaudio-installer  <none>

Versions of packages xorgxrdp depends on:
ii  libc6                                  2.31-13+deb11u5
ii  libepoxy0                              1.5.5-1
pn  xorg-input-abi-24                      <none>
ii  xserver-xorg-core [xorg-video-abi-24]  2:1.20.11-1+deb11u4

Versions of packages xorgxrdp recommends:
ii  xorg  1:7.7+22

Versions of packages xrdp is related to:
pn  vnc-server           <none>
ii  xserver-xorg-legacy  2:1.20.11-1+deb11u4

-- Configuration Files:
/etc/xrdp/startwm.sh changed:
if [ -r /etc/default/locale ]; then
. /etc/default/locale
export LANG LANGUAGE
fi
startxfce4

/etc/xrdp/xrdp.ini changed:
[Globals]
; xrdp.ini file version number
ini_version=1
; fork a new process for each incoming connection
fork=true
; ports to listen on, number alone means listen on all interfaces
; 0.0.0.0 or :: if ipv6 is configured
; space between multiple occurrences
;
; Examples:
;   port=3389
;   port=unix://./tmp/xrdp.socket
;   port=tcp://.:3389                           127.0.0.1:3389
;   port=tcp://:3389                            *:3389
;   port=tcp://<any ipv4 format addr>:3389      192.168.1.1:3389
;   port=tcp6://.:3389                          ::1:3389
;   port=tcp6://:3389                           *:3389
;   port=tcp6://{<any ipv6 format addr>}:3389   {FC00:0:0:0:0:0:0:1}:3389
;   port=vsock://<cid>:<port>
port=3389
;port=tcp://.:3389
; 'port' above should be connected to with vsock instead of tcp
; use this only with number alone in port above
; prefer use vsock://<cid>:<port> above
use_vsock=false
; regulate if the listening socket use socket option tcp_nodelay
; no buffering will be performed in the TCP stack
tcp_nodelay=true
; regulate if the listening socket use socket option keepalive
; if the network connection disappear without close messages the connection will be closed
tcp_keepalive=true
; set tcp send/recv buffer (for experts)
; security layer can be 'tls', 'rdp' or 'negotiate'
; for client compatible layer
security_layer=negotiate
; minimum security level allowed for client for classic RDP encryption
; use tls_ciphers to configure TLS encryption
; can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high
; X.509 certificate and private key
; openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
; note this needs the user xrdp to be a member of the ssl-cert group, do with e.g.
;$ sudo adduser xrdp ssl-cert
certificate=
key_file=
; set SSL protocols
; can be comma separated list of 'SSLv3', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3'
ssl_protocols=TLSv1.2, TLSv1.3
;ssl_protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
; set TLS cipher suites
; Section name to use for automatic login if the client sends username
; and password. If empty, the domain name sent by the client is used.
; If empty and no domain name is given, the first suitable section in
; this file will be used.
autorun=
allow_channels=true
allow_multimon=true
bitmap_cache=true
bitmap_compression=true
bulk_compression=true
max_bpp=32
new_cursors=true
; fastpath - can be 'input', 'output', 'both', 'none'
use_fastpath=both
; when true, userid/password *must* be passed on cmd line
; You can set the PAM error text in a gateway setup (MAX 256 chars)
;
; colors used by windows in RGB format
;
blue=009cb5
grey=dedede
;
; configure login screen
;
; Login Screen Window Title
; top level window background color in RGB format
ls_top_window_bg_color=009cb5
; width and height of login screen
ls_width=350
ls_height=430
; login screen background color in RGB format
ls_bg_color=dedede
; optional background image filename (bmp format).
; logo
; full path to bmp-file or file in shared folder
ls_logo_filename=
ls_logo_x_pos=55
ls_logo_y_pos=50
; for positioning labels such as username, password etc
ls_label_x_pos=30
ls_label_width=65
; for positioning text and combo boxes next to above labels
ls_input_x_pos=110
ls_input_width=210
; y pos for first label and combo box
ls_input_y_pos=220
; OK button
ls_btn_ok_x_pos=142
ls_btn_ok_y_pos=370
ls_btn_ok_width=85
ls_btn_ok_height=30
; Cancel button
ls_btn_cancel_x_pos=237
ls_btn_cancel_y_pos=370
ls_btn_cancel_width=85
ls_btn_cancel_height=30
[Logging]
LogFile=xrdp.log
LogLevel=DEBUG
EnableSyslog=true
SyslogLevel=DEBUG
; LogLevel and SysLogLevel could by any of: core, error, warning, info or debug
[Channels]
; Channel names not listed here will be blocked by XRDP.
; You can block any channel by setting its value to false.
; IMPORTANT! All channels are not supported in all use
; cases even if you set all values to true.
; You can override these settings on each session type
; These settings are only used if allow_channels=true
rdpdr=true
rdpsnd=true
drdynvc=true
cliprdr=true
rail=true
xrdpvr=true
tcutils=true
; for debugging xrdp, in section xrdp1, change port=-1 to this:
; for debugging xrdp, add following line to section xrdp1
;
; Session types
;
; Some session types such as Xorg, X11rdp and Xvnc start a display server.
; Startup command-line parameters for the display server are configured
; in sesman.ini. See and configure also sesman.ini.
[Xorg]
name=Xorg
lib=libxup.so
username=ask
password=ask
ip=127.0.0.1
port=-1
code=20
[Xvnc]
name=Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1
[vnc-any]
name=vnc-any
lib=libvnc.so
ip=ask
port=ask5900
username=na
password=ask
[neutrinordp-any]
name=neutrinordp-any
lib=libxrdpneutrinordp.so
ip=ask
port=ask3389
username=ask
password=ask
; You can override the common channel settings for each session type


-- no debconf information
Reply to: