diff options
Diffstat (limited to 'docs/man')
| -rw-r--r-- | docs/man/Makefile.am | 4 | ||||
| -rw-r--r-- | docs/man/sesman.ini.5 | 311 | ||||
| -rw-r--r-- | docs/man/xrdp-chansrv.8 | 6 | ||||
| -rw-r--r-- | docs/man/xrdp-dis.1 | 10 | ||||
| -rw-r--r-- | docs/man/xrdp-genkeymap.8 | 42 | ||||
| -rw-r--r-- | docs/man/xrdp-keygen.8 | 6 | ||||
| -rw-r--r-- | docs/man/xrdp-sesadmin.8 | 2 | ||||
| -rw-r--r-- | docs/man/xrdp-sesman.8 | 26 | ||||
| -rw-r--r-- | docs/man/xrdp-sesrun.8 | 22 | ||||
| -rw-r--r-- | docs/man/xrdp-sessvc.8 | 6 | ||||
| -rw-r--r-- | docs/man/xrdp-xcon.8 | 2 | ||||
| -rw-r--r-- | docs/man/xrdp.8 | 4 | ||||
| -rw-r--r-- | docs/man/xrdp.ini.5 | 181 |
13 files changed, 368 insertions, 254 deletions
diff --git a/docs/man/Makefile.am b/docs/man/Makefile.am index 507809bd..48c26559 100644 --- a/docs/man/Makefile.am +++ b/docs/man/Makefile.am @@ -1,4 +1,4 @@ -man_MANS = \ +dist_man_MANS = \ xrdp-dis.1 \ sesman.ini.5 \ xrdp.ini.5 \ @@ -14,4 +14,4 @@ man_MANS = \ noinst_man_MANS = \ xrdp-xcon.8 -EXTRA_DIST = $(man_MANS) $(noinst_man_MANS) +EXTRA_DIST = $(noinst_man_MANS) diff --git a/docs/man/sesman.ini.5 b/docs/man/sesman.ini.5 index a1ba3a50..b8ced28f 100644 --- a/docs/man/sesman.ini.5 +++ b/docs/man/sesman.ini.5 @@ -1,206 +1,225 @@ -.\" -.TH "sesman.ini" "5" "0.1.0" "xrdp team" "" +.\" +.TH "sesman.ini" "5" "0.9.1" "xrdp team" "" .SH "NAME" -\fBsesman.ini\fR \- Configuration file for \fBsesman\fR(8) +\fBsesman.ini\fR \- Configuration file for \fBxrdp-sesman\fR(8) .SH "DESCRIPTION" -This is the man page for \fBsesman.ini\fR, \fBsesman\fR(8) configuration file. -It is composed by a number of sections, each one composed by a section name, enclosed by square brackets, folowed by a list of \fI<parameter>\fR=\fI<value>\fR lines. +\fBsesman.ini\fR consists of several sections. Each section starts with +the section name in square brackets, followed by a list of +\fIparameter\fR=\fIvalue\fR lines. Following sections are recognized: -\fBsesman.ini\fR supports the following sections: +.TP +\fB[Globals]\fR +Global configuration -.TP -\fB[Globals]\fR \- sesman global configuration section, +.TP +\fB[Logging]\fR +Logging subsystem -.TP -\fB[Logging]\fR \- logging subsystem parameters +.TP +\fB[Sessions]\fR +Session management -.TP -\fB[Security]\fR \- Access control parameters +.TP +\fB[Security]\fR +Access control -.TP -\fB[Sessions]\fR \- Session management parameters +.TP +\fB[X11rdp]\fR, \fB[Xvnc]\fR, \fB[Xorg]\fR +X11 server settings for supported servers -.LP -All options and values (except for file names and paths) are case insensitive, and are described in detail below. +.TP +\fB[Chansrv]\fR +Settings for xrdp-chansrv(8) -.LP -For any of the following parameter, if it's specified more than one time the last entry encountered will be used. +.TP +\fB[SessionVariables]\fR +Environment variables for the session -\fBNOTE\fR: if any of these options is specified outside its section, it will be \fIignored\fR. +.LP +All parameters and values (except for file names and paths) are case +insensitive, and are described in detail below. If any parameter is +specified more than once, the last entry will be used. Options specified +outside their proper section will be \fIignored\fR. .SH "GLOBALS" -The options to be specified in the \fB[globals]\fR section are the following: +Following parameters can be used in the \fB[Globals]\fR section. -.TP +.TP \fBListenAddress\fR=\fIip address\fR -Specifies sesman listening address. Default is 0.0.0.0 (all interfaces) +xrdp-sesman listening address. If not specified, defaults to \fI0.0.0.0\fR +(all interfaces). -.TP +.TP \fBListenPort\fR=\fIport number\fR -Specifies sesman listening port. Default is 3350 +xrdp-sesman listening port. If not specified, defaults to \fI3350\fR. -.TP -\fBEnableUserWindowManager\fR=\fI[0|1]\fR -If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables user specific window manager, that is, anyone can define it's own script executed by sesman when starting a new session, specified by \fBUserWindowManager\fR +.TP +\fBEnableUserWindowManager\fR=\fI[true|false]\fR +If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables user +specific startup script. That is, xrdp-sesman will execute the script +specified by \fBUserWindowManager\fR if it exists. -.TP -\fBUserWindowManager\fR=\fIstartwm.sh\fR -This option specifies the script run by sesman when starting a session and per\-user window manager is enabled. -.br -The path is relative to user's HOME directory +.TP +\fBUserWindowManager\fR=\fIfilename\fR +Name of the startup script relative to the user's home directory. If +present and enabled by \fBEnableUserWindowManager\fR, that script is +executed instead of \fBDefaultWindowManager\fR. -.TP -\fBDefaultWindowManager\fR=\fI${SESMAN_BIN_DIR}/startwm.sh\fR -This contains full path to the default window manager startup script used by sesman to start a session +.TP +\fBDefaultWindowManager\fR=\fIfilename\fR +Full path to the default startup script used by xrdp-sesman to start a +session if the user script is disabled or missing. .SH "LOGGING" -The following parameters can be used in the \fB[logging]\fR section: +Following parameters can be used in the \fB[Logging]\fR section. -.TP -\fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR -This options contains the path to logfile. It can be either absolute or relative, and the default is \fI${SESMAN_LOG_DIR}/sesman.log\fR +.TP +\fBLogFile\fR=\fIfilename\fR +Log file path. It can be either absolute or relative. If not specified, +defaults to \fI./sesman.log\fR -.TP +.TP \fBLogLevel\fR=\fIlevel\fR This option can have one of the following values: -\fBCORE\fR or \fB0\fR \- Log only core messages. these messages are _always_ logged, regardless the logging level selected. +\fBCORE\fR or \fB0\fR \- Log only core messages. Those messages are +logged \fIregardless\fR of the selected logging level. -\fBERROR\fR or \fB1\fR \- Log only error messages +\fBERROR\fR or \fB1\fR \- Log only error messages. -\fBWARNING\fR, \fBWARN\fR or \fB2\fR \- Logs warnings and error messages +\fBWARNING\fR, \fBWARN\fR or \fB2\fR \- Logs warnings and error messages. -\fBINFO\fR or \fB3\fR \- Logs errors, warnings and informational messages +\fBINFO\fR or \fB3\fR \- Log errors, warnings and informational messages. -\fBDEBUG\fR or \fB4\fR \- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers +\fBDEBUG\fR or \fB4\fR \- Log everything. If xrdp-sesman is compiled in +debug mode, this options will output many more low\-level messages. -.TP -\fBEnableSyslog\fR=\fI[0|1]\fR -If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled. +.TP +\fBEnableSyslog\fR=\fI[true|false]\fR +If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables logging to +syslog. -.TP +.TP \fBSyslogLevel\fR=\fIlevel\fR -This option sets the logging level for syslog. It can have the same values of \fBLogLevel\fR. If \fBSyslogLevel\fR is greater than \fBLogLevel\fR, its value is lowered to that of \fBLogLevel\fR. +Logging level for syslog. It can have the same values as \fBLogLevel\fR. +If \fBSyslogLevel\fR and \fBLogLevel\fR differ, the least verbose setting +takes effect for syslog. .SH "SESSIONS" -The following parameters can be used in the \fB[Sessions]\fR section: - -.TP -\fBX11DisplayOffset\fR=\fI<number>\fR -Specifies the first X display number available for \fBsesman\fP(8). This prevents sesman from interfering with real X11 servers. The default is 10. - -.TP -\fBMaxSessions\fR=\fI<number>\fR -Sets the maximum number of simultaneous session on terminal server. -.br -If unset or set to \fI0\fR, unlimited session are allowed. - -.TP -\fBKillDisconnected\fR=\fI[0|1]\fR -If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed within 60 seconds when the user disconnects. -.br - -.TP -\fBIdleTimeLimit\fR=\fI<number>\fR -Sets the the time limit before an idle session is disconnected. -.br -If set to \fI0\fR, automatic disconnection is disabled. -.br -\fI\-this option is currently ignored!\-\fR - -.TP -\fBDisconnectedTimeLimit\fR=\fI<number>\fR -Sets the time(in seconds) limit before a disconnected session is killed. -.br +Following parameters can be used in the \fB[Sessions]\fR section. + +.TP +\fBX11DisplayOffset\fR=\fInumber\fR +The first X display number available for xrdp-sesman. This prevents +xrdp-sesman from interfering with real X11 servers. If not specified, +defaults to \fI10\fR. + +.TP +\fBMaxSessions\fR=\fInumber\fR +Sets the maximum number of simultaneous sessions. If not set or set to +\fI0\fR, unlimited session are allowed. + +.TP +\fBKillDisconnected\fR=\fI[true|false]\fR +If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed +within 60 seconds after the user disconnects. + +.TP +\fBIdleTimeLimit\fR=\fInumber\fR +\fI\This option is currently ignored!\fR Time limit before an idle +session is disconnected. If set to \fI0\fR, automatic disconnection is +disabled. + +.TP +\fBDisconnectedTimeLimit\fR=\fInumber\fR +Sets the time limit (in seconds) before a disconnected session is killed. If set to \fI0\fR, automatic killing is disabled. -.br -.TP +.TP \fBPolicy\fR=\fI[Default|UBD|UBI|UBC|UBDI|UBDC]\fR -Session allocation policy. By Default, a new session is created -for the combination <User,BitPerPixel> when using Xrdp, and +Session allocation policy. By default, a new session is created +for the combination <User,BitPerPixel> when using Xrdp, and for the combination <User,BitPerPixel,DisplaySize> when using Xvnc. -This behaviour can be changed by setting session policy to: +This behavior can be changed by setting session policy to: .br -.br +.br \fBUBD\fR - session per <User,BitPerPixel,DisplaySize> -.br +.br \fBUBI\fR - session per <User,BitPerPixel,IPAddr> -.br +.br \fBUBC\fR - session per <User,BitPerPixel,Connection> -.br +.br \fBUBDI\fR - session per <User,BitPerPixel,DisplaySize,IPAddr> -.br +.br \fBUBDC\fR - session per <User,BitPerPixel,DisplaySize,Connection> .br .br -Note that the criteria <User,BitPerPixel> can not be turned off -and <DisplaySize> will always be checkt when for Xvnc connections. +Note that the \fBUser\fR and \fBBitPerPixel\fR criteria cannot be turned +off. For Xvnc connections, \fBDisplaySize\fR is always enabled as well. .br .SH "SECURITY" -The following parameters can be used in the \fB[Sessions]\fR section: - -.TP -\fBAllowRootLogin\fR=\fI[0|1]\fR -If set to \fB1\fR, \fBtrue\fR or \fByes\fR enables root login on the terminal server - -.TP -\fBMaxLoginRetry\fR=\fI[0|1]\fR -The number of login attempts that are allowed on terminal server. If set to \fI0\fR, unlimited attempts are allowed. The default value for this field is \fI3\fR. - -.TP -\fBTerminalServerUsers\fR=\fItsusers\fR -Only the users belonging to the group \fItsusers\fR are allowed to login on terminal server. -.br -If unset or set to an invalid or non\-existent group, login for all users is enabled. - -.TP -\fBTerminalServerAdmins\fR=\fItsadmins\fR -Sets the group which a user shall belong to have session management rights. -.br -\fI\-this option is currently ignored!\-\fR - -.SH "EXAMPLES" -This is an example \fBsesman.ini\fR: - -.nf -[Globals] -ListenAddress=127.0.0.1 -ListenPort=3350 -EnableUserWindowManager=1 -UserWindowManager=startwm.sh -DefaultWindowManager=startwm.sh - -[Logging] -LogFile=/usr/local/xrdp/sesman.log -LogLevel=DEBUG -EnableSyslog=0 -SyslogLevel=DEBUG - -[Sessions] -MaxSessions=10 -KillDisconnected=0 -IdleTimeLimit=0 -DisconnectedTimeLimit=0 - -[Security] -AllowRootLogin=1 -MaxLoginRetry=3 -TerminalServerUsers=tsusers -TerminalServerAdmins=tsadmins -.fi +Following parameters can be used in the \fB[Security]\fR section. + +.TP +\fBAllowRootLogin\fR=\fI[true|false]\fR +If set to \fB1\fR, \fBtrue\fR or \fByes\fR, enables root login on the +terminal server. + +.TP +\fBMaxLoginRetry\fR=\fInumber\fR +The number of login attempts that are allowed on terminal server. If set +to \fI0\fR, unlimited attempts are allowed. If not specified, defaults to +\fI3\fR. + +.TP +\fBTerminalServerUsers\fR=\fIgroup\fR +Only the users belonging to the specified group are allowed to login on +terminal server. If unset or set to an invalid or non\-existent group, +login for all users is enabled. + +.TP +\fBTerminalServerAdmins\fR=\fIgroup\fR +\fIThis option is currently ignored!\fR Only members of this group can +have session management rights. + +.TP +\fBAlwaysGroupCheck\fR=\fI[true|false]\fR +If set to \fB1\fR, \fBtrue\fR or \fByes\fR, require group membership even +if the group specified in \fBTerminalServerUsers\fR doesn't exist. + +.SH "X11 SERVER" +Following parameters can be used in the \fB[X11rdp]\fR, \fB[Xvnc]\fR and +\fB[Xorg]\fR sections. + +.TP +\fBparam\fR=\fIstring\fR +Multiple \fIparam\fR lines are supported. This first line specifies the +path to the X11 server executable. Following lines specify command line +arguments passed to the X11 server. + +.SH "CHANSRV" +Following parameters can be used in the \fB[Chansrv]\fR section. + +.TP +\fBFuseMountName\fR=\fIstring\fR +Directory for drive redirection, relative to the user home directory. +Created if it doesn't exist. If not specified, defaults to \fIxrdp_client\fR. + +.SH "SESSIONS VARIABLES" +All entries in the \fB[SessionVariables]\fR section are set as +environment variables in the user's session. .SH "FILES" -${SESMAN_CFG_DIR}/sesman.ini +/etc/xrdp/sesman.ini .SH "SEE ALSO" -.BR sesman (8), -.BR sesrun (8), +.BR xrdp-sesman (8), +.BR xrdp-sesrun (8), .BR xrdp (8), .BR xrdp.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +For more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-chansrv.8 b/docs/man/xrdp-chansrv.8 index aa4747d8..c1deb085 100644 --- a/docs/man/xrdp-chansrv.8 +++ b/docs/man/xrdp-chansrv.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-chansrv" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-chansrv" "8" "0.9.1" "xrdp team" "" .SH "NAME" \fBxrdp\-chansrv\fR \- \fBxrdp\fR channel server @@ -36,11 +36,11 @@ UNIX socket used by external programs to implement channels. .I /tmp/.xrdp/xrdp_api_* UNIX socket used by \fBxrdp\-chansrv\fP to communicate with \fBxrdp\-sesman\fP. .TP -.I $HOME/xrdp-chansrv.log +.I $XDG_DATA_HOME/xrdp/xrdp-chansrv.log Log file used by \fBxrdp\-chansrv\fP(8). .SH "SEE ALSO" .BR xrdp\-sesman (8), .BR sesman.ini (5). -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-dis.1 b/docs/man/xrdp-dis.1 index 089621ae..09de5f10 100644 --- a/docs/man/xrdp-dis.1 +++ b/docs/man/xrdp-dis.1 @@ -1,4 +1,4 @@ -.TH "xrdp-dis" "8" "0.7.0" "xrdp team" +.TH "xrdp-dis" "1" "0.9.1" "xrdp team" .SH NAME xrdp\-dis \- xrdp disconnect utility @@ -7,7 +7,7 @@ xrdp\-dis \- xrdp disconnect utility .SH DESCRIPTION .PP -\fBxrdp\-dix\fP is run with no parameters to disconnect your xrdp session. +\fBxrdp\-dis\fP is run with no parameters to disconnect your xrdp session. .SH ENVIRONMENT .TP @@ -19,5 +19,9 @@ to get the default host and display number. .I /tmp/.xrdp/xrdp_disconnect_display_* UNIX socket used to communicate with the \fBxrdp\fP(8) session manager. +.SH KNOWN ISSUES +.TP +This utility doesn't support disconnecting xorgxrdp sessions so far. + .SH SEE ALSO -.BR xrdp (1). +.BR xrdp (8). diff --git a/docs/man/xrdp-genkeymap.8 b/docs/man/xrdp-genkeymap.8 index 068f04dd..aa9f866c 100644 --- a/docs/man/xrdp-genkeymap.8 +++ b/docs/man/xrdp-genkeymap.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-genkeymap" "8" "0.1.0" "xrdp team" "" +.TH "xrdp\-genkeymap" "8" "0.9.1" "xrdp team" "" .de URL . \\$2 \(laURL: \\$1 \(ra\\$3 .. @@ -21,36 +21,36 @@ The key map information is stored in the file named \fIoutfile\fP. .SH "FILES" .TP -.I /etc/xrdp/km-XXXX.ini -Files containing the keyboard mapping for language \fIXXXX\fP, which is a 4 digit hexadecimal number identifying the country and language code. +.I /etc/xrdp/km-XXXXXXXX.ini +Files containing the keyboard mapping for language \fIXXXXXXXX\fP, which is a 8 digit hexadecimal number identifying the country and language code. .RS 8 .TP -.B 0405 -cs czech +.B 00000405 +cs Czech .TP -.B 0407 -de german +.B 00000407 +de German .TP -.B 0409 -en-us us english +.B 00000409 +en-us US English .TP -.B 040c -fr french +.B 0000040c +fr French .TP -.B 0410 -it italy +.B 00000410 +it Italian .TP -.B 0416 +.B 00000416 br Portuguese (Brazil) .TP -.B 0419 -ru russian +.B 00000419 +ru Russian .TP -.B 041d -se swedish +.B 0000041d +se Swedish .TP -.B 0809 -en-uk uk english +.B 00000809 +en-uk UK English .RE .SH "AUTHORS" @@ -64,4 +64,4 @@ Simone Fedele <ilsimo@users.sourceforge.net> .BR unicode (7), .URL "https://github.com/FreeRDP/FreeRDP/wiki/Keyboard" "Description of Keyboard Input mapping" . -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-keygen.8 b/docs/man/xrdp-keygen.8 index 71269f5c..84d4eafd 100644 --- a/docs/man/xrdp-keygen.8 +++ b/docs/man/xrdp-keygen.8 @@ -1,5 +1,9 @@ .\" Hey, EMACS: -*- nroff -*- -.TH xrdp\-keygen 8 "0.7.0" "xrdp team" +.\"- +.\" Copyright © 2007, 2008 Vincent Bernat <bernat@debian.org> +.\" License: GPL-2+ +.\"- +.TH xrdp\-keygen 8 "0.9.1" "xrdp team" .SH NAME xrdp\-keygen \- xrdp RSA key generation utility diff --git a/docs/man/xrdp-sesadmin.8 b/docs/man/xrdp-sesadmin.8 index ade1dd58..29e14c18 100644 --- a/docs/man/xrdp-sesadmin.8 +++ b/docs/man/xrdp-sesadmin.8 @@ -1,4 +1,4 @@ -.TH "xrdp-sesadmin" "8" "0.7.0" "xrdp team" +.TH "xrdp-sesadmin" "8" "0.9.1" "xrdp team" .SH NAME xrdp\-sesadmin \- console XRDP sessions administration tool diff --git a/docs/man/xrdp-sesman.8 b/docs/man/xrdp-sesman.8 index 9316e926..cca68e3e 100644 --- a/docs/man/xrdp-sesman.8 +++ b/docs/man/xrdp-sesman.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sesman" "8" "0.1.0" "xrdp team" "" +.TH "xrdp\-sesman" "8" "0.9.1" "xrdp team" "" .SH "NAME" xrdp\-sesman \- \fBxrdp\fR(8) session manager @@ -8,34 +8,34 @@ xrdp\-sesman \- \fBxrdp\fR(8) session manager .SH "DESCRIPTION" \fBxrdp\-sesman\fR is \fBxrdp\fR(8) session manager. -.br -It manages user sessions by authenticating the user and starting the appropriate Xserver +.br +It manages user sessions by authenticating the user and starting the appropriate Xserver. .SH "OPTIONS" -.TP -\fB\-n\fR, \fB\-\-nodaemon\fR +.TP +\fB\-n\fR, \fB\-\-nodaemon\fR Starts \fBxrdp\-sesman\fR in foreground instead of starting it as a daemon. -.TP +.TP \fB\-k\fR, \fB\-\-kill\fR Kills running \fBxrdp\-sesman\fR daemon. -.TP +.TP \fB\-h\fR, \fB\-\-help\fR Output help information and exit. .SH "FILES" ${SESMAN_BIN_DIR}/sesman -.br +.br ${SESMAN_BIN_DIR}/sesrun -.br +.br ${SESMAN_CFG_DIR}/sesman.ini -.br +.br ${SESMAN_LOG_DIR}/sesman.log -.br +.br ${SESMAN_PID_DIR}/sesman.pid .SH "AUTHORS" Jay Sorg <jsorg71@users.sourceforge.net> -.br +.br Simone Fedele <ilsimo@users.sourceforge.net> .SH "SEE ALSO" @@ -44,4 +44,4 @@ Simone Fedele <ilsimo@users.sourceforge.net> .BR xrdp (8), .BR xrdp.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-sesrun.8 b/docs/man/xrdp-sesrun.8 index c48c7eb5..c66d773c 100644 --- a/docs/man/xrdp-sesrun.8 +++ b/docs/man/xrdp-sesrun.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sesrun" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-sesrun" "8" "0.9.1" "xrdp team" "" .SH "NAME" xrdp\-sesrun \- \fBsesman\fR(8) session launcher @@ -8,37 +8,37 @@ xrdp\-sesrun \- \fBsesman\fR(8) session launcher .SH "DESCRIPTION" \fBxrdp\-sesrun\fR starts a session using \fBxrdp\-sesman\fR(8). -.br +.br This is a tool useful for testing, it simply behaves like xrdp when some user logs in a new session and authenticates, thus starting a new session. .SH "OPTIONS" -.TP +.TP .I server Server on which sesman is running -.TP +.TP .I username user name of the session being started -.TP +.TP .I password user password -.TP +.TP .I width Screen width -.TP +.TP .I height Screen height -.TP +.TP .I bpp Session color depth .SH "FILES" ${SESMAN_BIN_DIR}/sesman -.br +.br ${SESMAN_BIN_DIR}/sesrun .SH "AUTHORS" Jay Sorg <jsorg71@users.sourceforge.net> -.br +.br Simone Fedele <ilsimo@users.sourceforge.net> .SH "SEE ALSO" @@ -47,4 +47,4 @@ Simone Fedele <ilsimo@users.sourceforge.net> .BR xrdp (8), .BR xrdp.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-sessvc.8 b/docs/man/xrdp-sessvc.8 index 322c968a..9a4e8189 100644 --- a/docs/man/xrdp-sessvc.8 +++ b/docs/man/xrdp-sessvc.8 @@ -1,9 +1,9 @@ -.TH "xrdp\-sessvc" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-sessvc" "8" "0.9.1" "xrdp team" "" .SH "NAME" xrdp\-sessvc \- \fBxrdp\fR session supervisor .SH "SYNTAX" -.B xrdp\-sessman +.B xrdp\-sessvc .I x_pid wm_pid .SH "DESCRIPTION" @@ -23,4 +23,4 @@ The process ID of the forked Window Manager to monitor. .SH "SEE ALSO" .BR xrdp\-sesrun (8). -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp-xcon.8 b/docs/man/xrdp-xcon.8 index 9d83b646..4863bc9e 100644 --- a/docs/man/xrdp-xcon.8 +++ b/docs/man/xrdp-xcon.8 @@ -1,4 +1,4 @@ -.TH "xrdp-xcon" "8" "0.7.0" "xrdp team" +.TH "xrdp-xcon" "8" "0.9.1" "xrdp team" .SH NAME xrdp\-xcon \- X11 event loop debugging helper for XRDP diff --git a/docs/man/xrdp.8 b/docs/man/xrdp.8 index 6db90076..f838c203 100644 --- a/docs/man/xrdp.8 +++ b/docs/man/xrdp.8 @@ -1,4 +1,4 @@ -.TH "xrdp" "8" "0.1.0" "xrdp team" "" +.TH "xrdp" "8" "0.9.1" "xrdp team" "" .SH "NAME" \fBxrdp\fR \- a Remote Desktop Protocol (RDP) server @@ -43,4 +43,4 @@ Simone Fedele <ilsimo@users.sourceforge.net> .BR sesman.ini (5), .BR sesrun (8) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 131c0796..c202b01a 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -1,4 +1,4 @@ -.TH "xrdp.ini" "5" "0.7.0" "xrdp team" "" +.TH "xrdp.ini" "5" "0.9.1" "xrdp team" "" .SH "NAME" \fBxrdp.ini\fR \- Configuration file for \fBxrdp\fR(8) @@ -17,10 +17,7 @@ It is composed by a number of sections, each one composed by a section name, enc .TP \fB[Channels]\fP \- channel subsystem parameters -.TP -\fI[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. - -.LP +.LP All options and values (except for file names and paths) are case insensitive, and are described in detail below. .SH "GLOBALS" @@ -28,65 +25,99 @@ The options to be specified in the \fB[Globals]\fR section are the following: .TP \fBaddress\fP=\fIip address\fP -Specifies xrdp listening address. Default is 0.0.0.0 (all interfaces) +Specify xrdp listening address. If not specified, defaults to 0.0.0.0 (all interfaces). .TP \fBautorun\fP=\fIsession_name\fP -Automatically run the connection specified by \fIsession_name\fP, which must match a section as described below. -By default a drop-down list with all available connections is shown. -A connection can also be chosen by the connecting client by setting the \fBLOGIN DOMAIN\fP to a valid \fIsession name\fP. +Section name for automatic login. If set and the client supplies valid +username and password, the user will be logged in automatically using the +connection specified by \fIsession_name\fP. + +If \fIsession_name\fP is empty, the \fBLOGIN DOMAIN\fR from the client +with be used to select the section. If no domain name is supplied, the +first suitable section will be used for automatic login. .TP -\fBbitmap_cache\fR=\fI[0|1]\fR +\fBbitmap_cache\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap caching in \fBxrdp\fR(8). .TP -\fBbitmap_compression\fR=\fI[0|1]\fR +\fBbitmap_compression\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap compression in \fBxrdp\fR(8). .TP -\fBbulk_compression\fP=\fI[0|1]\fP +\fBbulk_compression\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables compression of bulk data in \fBxrdp\fR(8). .TP -\fBchannel_code\fP=\fI[0|1]\fP +\fBcertificate\fP=\fI/path/to/certificate\fP +.TP +\fBkey_file\fP=\fI/path/to/private_key\fP +Set location of TLS certificate and private key. They must be written in PEM format. +If not specified, defaults to \fB${XRDP_CFG_DIR}/cert.pem\fP, \fB${XRDP_CFG_DIR}/key.pem\fP. + +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + +.TP +\fBchannel_code\fP=\fI[true|false]\fP If set to \fB0\fR, \fBfalse\fR or \fBno\fR this option disables all channels \fBxrdp\fR(8). See section \fBCHANNELS\fP below for more fine grained options. .TP -\fBcrypt_level\fP=\fIlow|medium|high|fips\fP +\fBcrypt_level\fP=\fI[low|medium|high|fips]\fP .\" <http://blogs.msdn.com/b/openspecification/archive/2011/12/08/encryption-negotiation-in-rdp-connection.aspx> -RDP connection are controlled by two encryption settings: \fIEncryption Level\fP and \fIEncryption Method\fP. -The only supported \fIEncryption Method\fP is \fB40BIT_ENCRYPTION\fP, \fB128BIT_ENCRYPTION\fP and \fB56BIT_ENCRYPTION\fP are currently not supported. +Regulate encryption level of Standard RDP Security. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBrdp\fP or \fBnegotiate\fP. + +Encryption in Standard RDP Security is controlled by two settings: \fIEncryption Level\fP +and \fIEncryption Method\fP. The only supported \fIEncryption Method\fP are \fB40BIT_ENCRYPTION\fP +and \fB128BIT_ENCRYPTION\fP. \fB56BIT_ENCRYPTION\fP is not supported. This option controls the \fIEncryption Level\fP: .RS 8 .TP .B low -All data sent from the client to the server is protected by encryption based on the maximum key strength supported by the client. +All data sent from the client to the server is protected by encryption based on +the maximum key strength supported by the client. .I This is the only level that the traffic sent by the server to client is not encrypted. .TP .B medium -All data sent between the client and the server is protected by encryption based on the maximum key strength supported by the client. +All data sent between the client and the server is protected by encryption based on +the maximum key strength supported by the client (client compatible). .TP .B high -All data sent between the client and server is protected by encryption based on the server's maximum key strength. +All data sent between the client and the server is protected by encryption based on +the server's maximum key strength (sever compatible). .TP .B fips -All data sent between the client and server is protected using Federal Information Processing Standard 140-1 validated encryption methods. -.I This level is required for Windows clients (mstsc.exe) if the client's group policy enforces FIPS-compliance mode. +All data sent between the client and server is protected using Federal Information +Processing Standard 140-1 validated encryption methods. +.I This level is required for Windows clients (mstsc.exe) if the client's group policy +.I enforces FIPS-compliance mode. .RE .TP -\fBfork\fP=\fI[0|1]\fP +\fBdisableSSLv3\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. +If not specified, defaults to \fBfalse\fP. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + +.TP +\fBfork\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads. .TP -\fBhidelogwindow\fP=\fI[0|1]\fP +\fBhidelogwindow\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages. +If not specified, defaults to \fBfalse\fP. .TP -\fBmax_bpp\fP=\fI[8|15|16|24]\fP +\fBmax_bpp\fP=\fI[8|15|16|24|32]\fP Limit the color depth by specifying the maximum number of bits per pixel. +If not specified or set to \fB0\fP, unlimited. + +.TP +\fBpamerrortxt\fP=\fIerror_text\fP +Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP. .TP \fBport\fP=\fIport\fP @@ -94,16 +125,61 @@ Specify TCP port to listen on for incoming connections. The default for RDP is \fB3389\fP. .TP -\fBtcp_keepalive\fP=\fI[yes|no]\fP +\fBrequire_credentials\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and +password initial connection phase. In other words, xrdp doesn't allow clients to show login +screen if set to true. If not specified, defaults to \fBfalse\fP. + +.TP +\fBsecurity_layer\fP=\fI[tls|rdp|negotiate]\fP +Regulate security methods. If not specified, defaults to \fBnegotiate\fP. +.RS 8 +.TP +.B tls +Enhanced RDP Security is used. All security operations (encryption, decryption, data integrity +verification, and server authentication) are implemented by TLS. + +.TP +.B rdp +Standard RDP Security, which is not safe from man-in-the-middle attack, is used. The encryption level +of Standard RDP Security is controlled by \fBcrypt_level\fP. + +.TP +.B negotiate +Negotiate these security methods with clients. +.RE + +.TP +\fBtcp_keepalive\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. -If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears without closing messages, the connection will be closed. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears +without closing messages, the connection will be closed. .TP -\fBtcp_nodelay\fP=\fI[yes|no]\fP +\fBtcp_nodelay\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. .TP +\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP +.TP +\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP +Specify send/recv buffer sizes in bytes. The default value depends on operating system. + +.TP +\fBtls_ciphers\fP=\fIcipher_suite\fP +Specifies TLS cipher suite. The format of this parameter is equivalent to which +\fBopenssl\fP(1) ciphers subcommand accepts. + +(ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') + +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + +.TP +\fBuse_fastpath\fP=\fI[input|output|both|none]\fP +If not specified, defaults to \fBnone\fP. + +.TP \fBblack\fP=\fI000000\fP .TP \fBgrey\fP=\fIc0c0c0\fP @@ -127,7 +203,7 @@ The lowest value that can be given to one of the light sources is 0 (hex 00). The highest value is 255 (hex FF). .SH "LOGGING" -The following parameters can be used in the \fB[logging]\fR section: +The following parameters can be used in the \fB[Logging]\fR section: .TP \fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR @@ -148,7 +224,7 @@ This option can have one of the following values: \fBDEBUG\fR or \fB4\fR \- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers .TP -\fBEnableSyslog\fR=\fI[0|1]\fR +\fBEnableSyslog\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled. .TP @@ -158,70 +234,81 @@ This option sets the logging level for syslog. It can have the same values of \f .SH "CHANNELS" The Remote Desktop Protocol supports several channels, which are used to transfer additional data like sound, clipboard data and others. Channel names not listed here will be blocked by \fBxrdp\fP. -Not all channels are supported in all cases, so setting a value to \fItrue\fP is a pre-requisite, but does not force it's use. +Not all channels are supported in all cases, so setting a value to \fItrue\fP is a prerequisite, but does not force its use. .br Channels can also be enabled or disabled on a per connection basis by prefixing each setting with \fBchannel.\fP in the channel section. .TP -\fBrdpdr\fP=\fI[0|1]\fP -If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for device re-direction is allowed. +\fBrdpdr\fP=\fI[true|false]\fP +If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for device redirection is allowed. .TP -\fBrdpsnd\fP=\fI[0|1]\fP +\fBrdpsnd\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for sound is allowed. .TP -\fBdrdynvc\fP=\fI[0|1]\fP +\fBdrdynvc\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel to initiate additional dynamic virtual channels is allowed. .TP -\fBcliprdr\fP=\fI[0|1]\fP -If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for clipboard re-direction is allowed. +\fBcliprdr\fP=\fI[true|false]\fP +If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for clipboard redirection is allowed. .TP -\fBrail\fP=\fI[0|1]\fP +\fBrail\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for remote applications integrated locally (RAIL) is allowed. .TP -\fBxrdpvr\fP=\fI[0|1]\fP +\fBxrdpvr\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for XRDP Video streaming is allowed. .SH "CONNECTIONS" A connection section is made of a section name, enclosed in square brackets, and the following entries: -.TP +.TP \fBname\fR=\fI<session name>\fR The name displayed in \fBxrdp\fR(8) login window's combo box. -.TP +.TP \fBlib\fR=\fI../vnc/libvnc.so\fR Sets the library to be used with this connection. -.TP +.TP \fBusername\fR=\fI<username>\fR|\fIask\fR Specifies the username used for authenticating in the connection. If set to \fIask\fR, user name should be provided in the login window. -.TP +.TP \fBpassword\fR=\fI<password>\fR|\fIask\fR Specifies the password used for authenticating in the connection. If set to \fIask\fR, password should be provided in the login window. -.TP +.TP \fBip\fR=\fI127.0.0.1\fR Specifies the ip address of the host to connect to. -.TP +.TP \fBport\fR=\fI<number>\fR|\fI\-1\fR Specifies the port number to connect to. If set to \fI\-1\fR, the default port for the specified library is used. +.TP +\fBxserverbpp\fR=\fI<number>\fR +Specifies color depth of the backend X server. The default is the color +depth of the client. Only Xvnc and X11rdp use that setting. Xorg runs at +\fI24\fR bpp. + +.TP +\fBcode\fR=\fI<number>\fR|\fI0\fR +Specifies the session type. The default, \fI0\fR, is Xvnc, \fI10\fR is +X11rdp, and \fI20\fR is Xorg with xorgxrdp modules. + .SH "EXAMPLES" This is an example \fBxrdp.ini\fR: .nf [Globals] -bitmap_cache=yes -bitmap_compression=yes +bitmap_cache=true +bitmap_compression=true [vnc1] name=sesman @@ -241,4 +328,4 @@ ${XRDP_CFG_DIR}/xrdp.ini .BR sesrun (8), .BR sesman.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ |