From f096f1b0286c3879e0d36ba550f499a1a5cb9d98 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 10:58:19 +0900 Subject: docs: replace links s/xrdp.sf.net/www.xrdp.org/g --- docs/man/xrdp.ini.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index e608b1fa..1066c95c 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -245,4 +245,4 @@ ${XRDP_CFG_DIR}/xrdp.ini .BR sesrun (8), .BR sesman.ini (5) -for more info on \fBxrdp\fR see http://xrdp.sf.net +for more info on \fBxrdp\fR see http://www.xrdp.org/ -- cgit v1.2.3 From 4aa75ca2e3914b389c35da747ce3ec02fc9fc564 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 13:47:02 +0900 Subject: docs: update version to 0.9.0 --- docs/man/sesman.ini.5 | 2 +- docs/man/xrdp-chansrv.8 | 2 +- docs/man/xrdp-dis.1 | 2 +- docs/man/xrdp-genkeymap.8 | 2 +- docs/man/xrdp-keygen.8 | 2 +- docs/man/xrdp-sesman.8 | 2 +- docs/man/xrdp-sesrun.8 | 2 +- docs/man/xrdp-sessvc.8 | 2 +- docs/man/xrdp-xcon.8 | 2 +- docs/man/xrdp.8 | 2 +- docs/man/xrdp.ini.5 | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/sesman.ini.5 b/docs/man/sesman.ini.5 index ed380abf..f66a8784 100644 --- a/docs/man/sesman.ini.5 +++ b/docs/man/sesman.ini.5 @@ -1,5 +1,5 @@ .\" -.TH "sesman.ini" "5" "0.1.0" "xrdp team" "" +.TH "sesman.ini" "5" "0.9.0" "xrdp team" "" .SH "NAME" \fBsesman.ini\fR \- Configuration file for \fBxrdp-sesman\fR(8) diff --git a/docs/man/xrdp-chansrv.8 b/docs/man/xrdp-chansrv.8 index f9260480..9fefea57 100644 --- a/docs/man/xrdp-chansrv.8 +++ b/docs/man/xrdp-chansrv.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-chansrv" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-chansrv" "8" "0.9.0" "xrdp team" "" .SH "NAME" \fBxrdp\-chansrv\fR \- \fBxrdp\fR channel server diff --git a/docs/man/xrdp-dis.1 b/docs/man/xrdp-dis.1 index 1f0490c0..e387520e 100644 --- a/docs/man/xrdp-dis.1 +++ b/docs/man/xrdp-dis.1 @@ -1,4 +1,4 @@ -.TH "xrdp-dis" "8" "0.7.0" "xrdp team" +.TH "xrdp-dis" "8" "0.9.0" "xrdp team" .SH NAME xrdp\-dis \- xrdp disconnect utility diff --git a/docs/man/xrdp-genkeymap.8 b/docs/man/xrdp-genkeymap.8 index 621ea305..79baa108 100644 --- a/docs/man/xrdp-genkeymap.8 +++ b/docs/man/xrdp-genkeymap.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-genkeymap" "8" "0.1.0" "xrdp team" "" +.TH "xrdp\-genkeymap" "8" "0.9.0" "xrdp team" "" .de URL . \\$2 \(laURL: \\$1 \(ra\\$3 .. diff --git a/docs/man/xrdp-keygen.8 b/docs/man/xrdp-keygen.8 index 4a7e627e..b888953a 100644 --- a/docs/man/xrdp-keygen.8 +++ b/docs/man/xrdp-keygen.8 @@ -3,7 +3,7 @@ .\" Copyright © 2007, 2008 Vincent Bernat .\" License: GPL-2+ .\"- -.TH xrdp\-keygen 8 "0.7.0" "xrdp team" +.TH xrdp\-keygen 8 "0.9.0" "xrdp team" .SH NAME xrdp\-keygen \- xrdp RSA key generation utility diff --git a/docs/man/xrdp-sesman.8 b/docs/man/xrdp-sesman.8 index 595bca26..17d4c39a 100644 --- a/docs/man/xrdp-sesman.8 +++ b/docs/man/xrdp-sesman.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sesman" "8" "0.1.0" "xrdp team" "" +.TH "xrdp\-sesman" "8" "0.9.0" "xrdp team" "" .SH "NAME" xrdp\-sesman \- \fBxrdp\fR(8) session manager diff --git a/docs/man/xrdp-sesrun.8 b/docs/man/xrdp-sesrun.8 index 67e61fca..e8189d53 100644 --- a/docs/man/xrdp-sesrun.8 +++ b/docs/man/xrdp-sesrun.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sesrun" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-sesrun" "8" "0.9.0" "xrdp team" "" .SH "NAME" xrdp\-sesrun \- \fBsesman\fR(8) session launcher diff --git a/docs/man/xrdp-sessvc.8 b/docs/man/xrdp-sessvc.8 index 1b6babb7..fc7601b2 100644 --- a/docs/man/xrdp-sessvc.8 +++ b/docs/man/xrdp-sessvc.8 @@ -1,4 +1,4 @@ -.TH "xrdp\-sessvc" "8" "0.7.0" "xrdp team" "" +.TH "xrdp\-sessvc" "8" "0.9.0" "xrdp team" "" .SH "NAME" xrdp\-sessvc \- \fBxrdp\fR session supervisor diff --git a/docs/man/xrdp-xcon.8 b/docs/man/xrdp-xcon.8 index 9d83b646..8a530168 100644 --- a/docs/man/xrdp-xcon.8 +++ b/docs/man/xrdp-xcon.8 @@ -1,4 +1,4 @@ -.TH "xrdp-xcon" "8" "0.7.0" "xrdp team" +.TH "xrdp-xcon" "8" "0.9.0" "xrdp team" .SH NAME xrdp\-xcon \- X11 event loop debugging helper for XRDP diff --git a/docs/man/xrdp.8 b/docs/man/xrdp.8 index 35806a76..687a525d 100644 --- a/docs/man/xrdp.8 +++ b/docs/man/xrdp.8 @@ -1,4 +1,4 @@ -.TH "xrdp" "8" "0.1.0" "xrdp team" "" +.TH "xrdp" "8" "0.9.0" "xrdp team" "" .SH "NAME" \fBxrdp\fR \- a Remote Desktop Protocol (RDP) server diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 1066c95c..fdd00148 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -1,4 +1,4 @@ -.TH "xrdp.ini" "5" "0.7.0" "xrdp team" "" +.TH "xrdp.ini" "5" "0.9.0" "xrdp team" "" .SH "NAME" \fBxrdp.ini\fR \- Configuration file for \fBxrdp\fR(8) -- cgit v1.2.3 From fe8eb5aa145dbfb20bc8e80a890b813a6e242fb8 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Fri, 11 Nov 2016 14:08:33 +0900 Subject: docs: remove trailing space, put a period at a end of sentence --- docs/man/xrdp-sesman.8 | 22 +++++++++++----------- docs/man/xrdp-sesrun.8 | 18 +++++++++--------- docs/man/xrdp.ini.5 | 14 +++++++------- 3 files changed, 27 insertions(+), 27 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp-sesman.8 b/docs/man/xrdp-sesman.8 index 17d4c39a..db5d4f37 100644 --- a/docs/man/xrdp-sesman.8 +++ b/docs/man/xrdp-sesman.8 @@ -8,34 +8,34 @@ xrdp\-sesman \- \fBxrdp\fR(8) session manager .SH "DESCRIPTION" \fBxrdp\-sesman\fR is \fBxrdp\fR(8) session manager. -.br -It manages user sessions by authenticating the user and starting the appropriate Xserver +.br +It manages user sessions by authenticating the user and starting the appropriate Xserver. .SH "OPTIONS" -.TP -\fB\-n\fR, \fB\-\-nodaemon\fR +.TP +\fB\-n\fR, \fB\-\-nodaemon\fR Starts \fBxrdp\-sesman\fR in foreground instead of starting it as a daemon. -.TP +.TP \fB\-k\fR, \fB\-\-kill\fR Kills running \fBxrdp\-sesman\fR daemon. -.TP +.TP \fB\-h\fR, \fB\-\-help\fR Output help information and exit. .SH "FILES" ${SESMAN_BIN_DIR}/sesman -.br +.br ${SESMAN_BIN_DIR}/sesrun -.br +.br ${SESMAN_CFG_DIR}/sesman.ini -.br +.br ${SESMAN_LOG_DIR}/sesman.log -.br +.br ${SESMAN_PID_DIR}/sesman.pid .SH "AUTHORS" Jay Sorg -.br +.br Simone Fedele .SH "SEE ALSO" diff --git a/docs/man/xrdp-sesrun.8 b/docs/man/xrdp-sesrun.8 index e8189d53..7ae983c1 100644 --- a/docs/man/xrdp-sesrun.8 +++ b/docs/man/xrdp-sesrun.8 @@ -8,37 +8,37 @@ xrdp\-sesrun \- \fBsesman\fR(8) session launcher .SH "DESCRIPTION" \fBxrdp\-sesrun\fR starts a session using \fBxrdp\-sesman\fR(8). -.br +.br This is a tool useful for testing, it simply behaves like xrdp when some user logs in a new session and authenticates, thus starting a new session. .SH "OPTIONS" -.TP +.TP .I server Server on which sesman is running -.TP +.TP .I username user name of the session being started -.TP +.TP .I password user password -.TP +.TP .I width Screen width -.TP +.TP .I height Screen height -.TP +.TP .I bpp Session color depth .SH "FILES" ${SESMAN_BIN_DIR}/sesman -.br +.br ${SESMAN_BIN_DIR}/sesrun .SH "AUTHORS" Jay Sorg -.br +.br Simone Fedele .SH "SEE ALSO" diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index fdd00148..c21d1bec 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -20,7 +20,7 @@ It is composed by a number of sections, each one composed by a section name, enc .TP \fI[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. -.LP +.LP All options and values (except for file names and paths) are case insensitive, and are described in detail below. .SH "GLOBALS" @@ -189,29 +189,29 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for XRDP Video .SH "CONNECTIONS" A connection section is made of a section name, enclosed in square brackets, and the following entries: -.TP +.TP \fBname\fR=\fI\fR The name displayed in \fBxrdp\fR(8) login window's combo box. -.TP +.TP \fBlib\fR=\fI../vnc/libvnc.so\fR Sets the library to be used with this connection. -.TP +.TP \fBusername\fR=\fI\fR|\fIask\fR Specifies the username used for authenticating in the connection. If set to \fIask\fR, user name should be provided in the login window. -.TP +.TP \fBpassword\fR=\fI\fR|\fIask\fR Specifies the password used for authenticating in the connection. If set to \fIask\fR, password should be provided in the login window. -.TP +.TP \fBip\fR=\fI127.0.0.1\fR Specifies the ip address of the host to connect to. -.TP +.TP \fBport\fR=\fI\fR|\fI\-1\fR Specifies the port number to connect to. If set to \fI\-1\fR, the default port for the specified library is used. -- cgit v1.2.3 From 16dd94b8bcd330eaaffa862cf1d9c5bf70236345 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 15:04:03 +0900 Subject: docs: use bold for section headers, not italic --- docs/man/xrdp.ini.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index c21d1bec..41b4e962 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -18,7 +18,7 @@ It is composed by a number of sections, each one composed by a section name, enc \fB[Channels]\fP \- channel subsystem parameters .TP -\fI[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. +\fB[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. .LP All options and values (except for file names and paths) are case insensitive, and are described in detail below. -- cgit v1.2.3 From 681f2308212a1f69db1ce25a7ad3fc6a4e38a9d9 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 15:39:27 +0900 Subject: docs: document disableSSLv3 and tls_ciphers --- docs/man/xrdp.ini.5 | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 41b4e962..5d46fb74 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -103,6 +103,16 @@ If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. +.TP +\fBdisableSSLv3\fP=\fI[yes|no]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. + +.TP +\fBtls_ciphers\fP=\fIcipher_suite\fP +Specifies TLS cipher suite. The format of this parameter is equivalent to which \fBopenssl\fP(1) ciphers subcommand accepts. + +(ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') + .TP \fBblack\fP=\fI000000\fP .TP -- cgit v1.2.3 From 771321ab0ccde7cb3d38d8261411c3c4aceef105 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 16:00:25 +0900 Subject: docs: add 32 to max_bpp as it is actually supported --- docs/man/xrdp.ini.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 5d46fb74..e5015e55 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -85,7 +85,7 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\ If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages. .TP -\fBmax_bpp\fP=\fI[8|15|16|24]\fP +\fBmax_bpp\fP=\fI[8|15|16|24|32]\fP Limit the color depth by specifying the maximum number of bits per pixel. .TP -- cgit v1.2.3 From bb55e0118b89e8f445109aac50ec80378bb276f1 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Mon, 14 Nov 2016 15:57:01 +0900 Subject: docs: unify all boolean values to true/false --- docs/man/sesman.ini.5 | 10 +++++----- docs/man/xrdp.ini.5 | 32 ++++++++++++++++---------------- 2 files changed, 21 insertions(+), 21 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/sesman.ini.5 b/docs/man/sesman.ini.5 index f66a8784..af9b35ab 100644 --- a/docs/man/sesman.ini.5 +++ b/docs/man/sesman.ini.5 @@ -55,7 +55,7 @@ xrdp-sesman listening address. If not specified, defaults to \fI0.0.0.0\fR xrdp-sesman listening port. If not specified, defaults to \fI3350\fR. .TP -\fBEnableUserWindowManager\fR=\fI[0|1]\fR +\fBEnableUserWindowManager\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables user specific startup script. That is, xrdp-sesman will execute the script specified by \fBUserWindowManager\fR if it exists. @@ -96,7 +96,7 @@ logged \fIregardless\fR of the selected logging level. debug mode, this options will output many more low\-level messages. .TP -\fBEnableSyslog\fR=\fI[0|1]\fR +\fBEnableSyslog\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, this option enables logging to syslog. @@ -121,7 +121,7 @@ Sets the maximum number of simultaneous sessions. If not set or set to \fI0\fR, unlimited session are allowed. .TP -\fBKillDisconnected\fR=\fI[0|1]\fR +\fBKillDisconnected\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, every session will be killed within 60 seconds after the user disconnects. @@ -165,7 +165,7 @@ off. For Xvnc connections, \fBDisplaySize\fR is always enabled as well. Following parameters can be used in the \fB[Security]\fR section. .TP -\fBAllowRootLogin\fR=\fI[0|1]\fR +\fBAllowRootLogin\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, enables root login on the terminal server. @@ -187,7 +187,7 @@ login for all users is enabled. have session management rights. .TP -\fBAlwaysGroupCheck\fR=\fI[0|1]\fR +\fBAlwaysGroupCheck\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR, require group membership even if the group specified in \fBTerminalServerUsers\fR doesn't exist. diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index e5015e55..4883cbcb 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -37,19 +37,19 @@ By default a drop-down list with all available connections is shown. A connection can also be chosen by the connecting client by setting the \fBLOGIN DOMAIN\fP to a valid \fIsession name\fP. .TP -\fBbitmap_cache\fR=\fI[0|1]\fR +\fBbitmap_cache\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap caching in \fBxrdp\fR(8). .TP -\fBbitmap_compression\fR=\fI[0|1]\fR +\fBbitmap_compression\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap compression in \fBxrdp\fR(8). .TP -\fBbulk_compression\fP=\fI[0|1]\fP +\fBbulk_compression\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables compression of bulk data in \fBxrdp\fR(8). .TP -\fBchannel_code\fP=\fI[0|1]\fP +\fBchannel_code\fP=\fI[true|false]\fP If set to \fB0\fR, \fBfalse\fR or \fBno\fR this option disables all channels \fBxrdp\fR(8). See section \fBCHANNELS\fP below for more fine grained options. @@ -77,11 +77,11 @@ All data sent between the client and server is protected using Federal Informati .RE .TP -\fBfork\fP=\fI[0|1]\fP +\fBfork\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads. .TP -\fBhidelogwindow\fP=\fI[0|1]\fP +\fBhidelogwindow\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages. .TP @@ -94,17 +94,17 @@ Specify TCP port to listen on for incoming connections. The default for RDP is \fB3389\fP. .TP -\fBtcp_keepalive\fP=\fI[yes|no]\fP +\fBtcp_keepalive\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears without closing messages, the connection will be closed. .TP -\fBtcp_nodelay\fP=\fI[yes|no]\fP +\fBtcp_nodelay\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. .TP -\fBdisableSSLv3\fP=\fI[yes|no]\fP +\fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. .TP @@ -158,7 +158,7 @@ This option can have one of the following values: \fBDEBUG\fR or \fB4\fR \- Log everything. If \fBsesman\fR is compiled in debug mode, this options will output many more low\-level message, useful for developers .TP -\fBEnableSyslog\fR=\fI[0|1]\fR +\fBEnableSyslog\fR=\fI[true|false]\fR If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables logging to syslog. Otherwise syslog is disabled. .TP @@ -173,27 +173,27 @@ Not all channels are supported in all cases, so setting a value to \fItrue\fP is Channels can also be enabled or disabled on a per connection basis by prefixing each setting with \fBchannel.\fP in the channel section. .TP -\fBrdpdr\fP=\fI[0|1]\fP +\fBrdpdr\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for device redirection is allowed. .TP -\fBrdpsnd\fP=\fI[0|1]\fP +\fBrdpsnd\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for sound is allowed. .TP -\fBdrdynvc\fP=\fI[0|1]\fP +\fBdrdynvc\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel to initiate additional dynamic virtual channels is allowed. .TP -\fBcliprdr\fP=\fI[0|1]\fP +\fBcliprdr\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for clipboard redirection is allowed. .TP -\fBrail\fP=\fI[0|1]\fP +\fBrail\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for remote applications integrated locally (RAIL) is allowed. .TP -\fBxrdpvr\fP=\fI[0|1]\fP +\fBxrdpvr\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR using the RDP channel for XRDP Video streaming is allowed. .SH "CONNECTIONS" -- cgit v1.2.3 From 1490da309ed82fc7c32bb3b96312546dc3fd0d8f Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 09:58:22 +0900 Subject: docs: document tcp_send/recv_buffer_bytes --- docs/man/xrdp.ini.5 | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 4883cbcb..dd55e1fe 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -103,6 +103,12 @@ If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. +.TP +\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP +.TP +\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP +Specify send/recv buffer sizes in bytes. The default value depends on operating system. + .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. -- cgit v1.2.3 From f6fd8f16d7be9c42ddbf3167f5f9921a12391db9 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 10:57:53 +0900 Subject: docs: Capitalize section title --- docs/man/xrdp.ini.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index dd55e1fe..5fad9f4d 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -143,7 +143,7 @@ The lowest value that can be given to one of the light sources is 0 (hex 00). The highest value is 255 (hex FF). .SH "LOGGING" -The following parameters can be used in the \fB[logging]\fR section: +The following parameters can be used in the \fB[Logging]\fR section: .TP \fBLogFile\fR=\fI${SESMAN_LOG_DIR}/sesman.log\fR -- cgit v1.2.3 From 901bc9f40c80f2497798632c0b6f046985ab8a0e Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 11:06:54 +0900 Subject: docs: section "Connection" is not used --- docs/man/xrdp.ini.5 | 3 --- 1 file changed, 3 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 5fad9f4d..f5caa341 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -17,9 +17,6 @@ It is composed by a number of sections, each one composed by a section name, enc .TP \fB[Channels]\fP \- channel subsystem parameters -.TP -\fB[Connection]\fP \- contain the info on which services \fBxrdp\fR(8) can connect to. - .LP All options and values (except for file names and paths) are case insensitive, and are described in detail below. -- cgit v1.2.3 From 7cb3ffc33f4f05250426a600d75f5a93ed9c11d4 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 11:08:03 +0900 Subject: docs: document use_fastpath, require_credentials, pamerrortxt --- docs/man/xrdp.ini.5 | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index f5caa341..02789a05 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -116,6 +116,18 @@ Specifies TLS cipher suite. The format of this parameter is equivalent to which (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') +.TP +\fBuse_fastpath\fP=\fI[input|output|both|none]\fP +If not specified, defaults to \fBnone\fP. + +.TP +\fBrequire_credentials\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and password initial connection phase. In other words, xrdp doesn't allow clients to show login screen if set to true. + +.TP +\fBpamerrortxt\fP=\fIerror_text\fP +Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP. + .TP \fBblack\fP=\fI000000\fP .TP -- cgit v1.2.3 From ad1b484e7a52f9395ba0fd31a27a693f45af7e76 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 14:02:24 +0900 Subject: docs: unify the rest boolean values to true/false --- docs/man/xrdp.ini.5 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 02789a05..25809e76 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -249,8 +249,8 @@ This is an example \fBxrdp.ini\fR: .nf [Globals] -bitmap_cache=yes -bitmap_compression=yes +bitmap_cache=true +bitmap_compression=true [vnc1] name=sesman -- cgit v1.2.3 From 4b95a5f347586176a6093f6ef01ff08f69d871a1 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 15:47:31 +0900 Subject: docs: reword, add description for default value --- docs/man/xrdp.ini.5 | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 25809e76..656f9273 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -25,7 +25,7 @@ The options to be specified in the \fB[Globals]\fR section are the following: .TP \fBaddress\fP=\fIip address\fP -Specifies xrdp listening address. Default is 0.0.0.0 (all interfaces) +Specify xrdp listening address. If not specified, defaults to 0.0.0.0 (all interfaces). .TP \fBautorun\fP=\fIsession_name\fP @@ -80,10 +80,12 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\ .TP \fBhidelogwindow\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not show a window for log messages. +If not specified, defaults to \fBfalse\fP. .TP \fBmax_bpp\fP=\fI[8|15|16|24|32]\fP Limit the color depth by specifying the maximum number of bits per pixel. +If not specified or set to \fB0\fP, unlimited. .TP \fBport\fP=\fIport\fP @@ -93,7 +95,8 @@ The default for RDP is \fB3389\fP. .TP \fBtcp_keepalive\fP=\fI[true|false]\fP Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. -If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears without closing messages, the connection will be closed. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears +without closing messages, the connection will be closed. .TP \fBtcp_nodelay\fP=\fI[true|false]\fP @@ -109,10 +112,12 @@ Specify send/recv buffer sizes in bytes. The default value depends on operating .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. +If not specified, defaults to \fBfalse\fP. .TP \fBtls_ciphers\fP=\fIcipher_suite\fP -Specifies TLS cipher suite. The format of this parameter is equivalent to which \fBopenssl\fP(1) ciphers subcommand accepts. +Specifies TLS cipher suite. The format of this parameter is equivalent to which +\fBopenssl\fP(1) ciphers subcommand accepts. (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') @@ -122,7 +127,9 @@ If not specified, defaults to \fBnone\fP. .TP \fBrequire_credentials\fP=\fI[true|false]\fP -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and password initial connection phase. In other words, xrdp doesn't allow clients to show login screen if set to true. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and +password initial connection phase. In other words, xrdp doesn't allow clients to show login +screen if set to true. If not specified, defaults to \fBfalse\fP. .TP \fBpamerrortxt\fP=\fIerror_text\fP -- cgit v1.2.3 From b74b030891434e1a4438186b2067c89337f371cd Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 16:21:46 +0900 Subject: docs: document security_layer --- docs/man/xrdp.ini.5 | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 656f9273..266c8df0 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -109,6 +109,25 @@ If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in th \fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP Specify send/recv buffer sizes in bytes. The default value depends on operating system. +.TP +\fBsecurity_layer\fP=\fI[tls|rdp|negotiate]\fP +Regulate security methods. If not specified, defaults to \fBnegotiate\fP. +.RS 8 +.TP +.B tls +Enhanced RDP Security is used. All security operations (encryption, decryption, data integrity +verification, and server authentication) are implemented by TLS. + +.TP +.B rdp +Standard RDP Security, which is not safe from man-in-the-middle attack, is used. The encryption level +of Standard RDP Security is controlled by \fBcrypt_level\fP. + +.TP +.B negotiate +Negotiate these security methods with clients. +.RE + .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. -- cgit v1.2.3 From d6e8435a72c16f7f6a8a9145eb7d40cdb54c1d42 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 16:46:29 +0900 Subject: docs: sort parameters in xrdp.ini.5 --- docs/man/xrdp.ini.5 | 56 ++++++++++++++++++++++++++--------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 266c8df0..6fddefa1 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -73,6 +73,11 @@ All data sent between the client and server is protected using Federal Informati .I This level is required for Windows clients (mstsc.exe) if the client's group policy enforces FIPS-compliance mode. .RE +.TP +\fBdisableSSLv3\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. +If not specified, defaults to \fBfalse\fP. + .TP \fBfork\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR for each incoming connection \fBxrdp\fR(8) forks a sub-process instead of using threads. @@ -87,27 +92,20 @@ If not specified, defaults to \fBfalse\fP. Limit the color depth by specifying the maximum number of bits per pixel. If not specified or set to \fB0\fP, unlimited. +.TP +\fBpamerrortxt\fP=\fIerror_text\fP +Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP. + .TP \fBport\fP=\fIport\fP Specify TCP port to listen on for incoming connections. The default for RDP is \fB3389\fP. .TP -\fBtcp_keepalive\fP=\fI[true|false]\fP -Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. -If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears -without closing messages, the connection will be closed. - -.TP -\fBtcp_nodelay\fP=\fI[true|false]\fP -Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. - -.TP -\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP -.TP -\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP -Specify send/recv buffer sizes in bytes. The default value depends on operating system. +\fBrequire_credentials\fP=\fI[true|false]\fP +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and +password initial connection phase. In other words, xrdp doesn't allow clients to show login +screen if set to true. If not specified, defaults to \fBfalse\fP. .TP \fBsecurity_layer\fP=\fI[tls|rdp|negotiate]\fP @@ -129,9 +127,21 @@ Negotiate these security methods with clients. .RE .TP -\fBdisableSSLv3\fP=\fI[true|false]\fP -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. -If not specified, defaults to \fBfalse\fP. +\fBtcp_keepalive\fP=\fI[true|false]\fP +Regulate if the listening socket uses socket option \fBSO_KEEPALIVE\fP. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP and the network connection disappears +without closing messages, the connection will be closed. + +.TP +\fBtcp_nodelay\fP=\fI[true|false]\fP +Regulate if the listening socket uses socket option \fBTCP_NODELAY\fP. +If set to \fB1\fP, \fBtrue\fP or \fByes\fP, no buffering will be performed in the TCP stack. + +.TP +\fBtcp_send_buffer_bytes\fP=\fIbuffer_size\fP +.TP +\fBtcp_recv_buffer_bytes\fP=\fIbuffer_size\fP +Specify send/recv buffer sizes in bytes. The default value depends on operating system. .TP \fBtls_ciphers\fP=\fIcipher_suite\fP @@ -144,16 +154,6 @@ Specifies TLS cipher suite. The format of this parameter is equivalent to which \fBuse_fastpath\fP=\fI[input|output|both|none]\fP If not specified, defaults to \fBnone\fP. -.TP -\fBrequire_credentials\fP=\fI[true|false]\fP -If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP requires clients to include username and -password initial connection phase. In other words, xrdp doesn't allow clients to show login -screen if set to true. If not specified, defaults to \fBfalse\fP. - -.TP -\fBpamerrortxt\fP=\fIerror_text\fP -Specify text passed to PAM when authentication failed. The maximum length is \fB256\fP. - .TP \fBblack\fP=\fI000000\fP .TP -- cgit v1.2.3 From 13aa2fcc2a71492d98ddcb2f3ce2152369107988 Mon Sep 17 00:00:00 2001 From: Koichiro IWAO Date: Tue, 15 Nov 2016 17:15:24 +0900 Subject: docs: update descriptions for encryption - Add descriptions for certificate and key_file - xrdp actually supports 128-bit encryption in Standard RDP Security - change line breaks --- docs/man/xrdp.ini.5 | 37 +++++++++++++++++++++++++++++-------- 1 file changed, 29 insertions(+), 8 deletions(-) (limited to 'docs/man/xrdp.ini.5') diff --git a/docs/man/xrdp.ini.5 b/docs/man/xrdp.ini.5 index 6fddefa1..0b5acfee 100644 --- a/docs/man/xrdp.ini.5 +++ b/docs/man/xrdp.ini.5 @@ -45,38 +45,57 @@ If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables bitmap compressio \fBbulk_compression\fP=\fI[true|false]\fP If set to \fB1\fR, \fBtrue\fR or \fByes\fR this option enables compression of bulk data in \fBxrdp\fR(8). +.TP +\fBcertificate\fP=\fI/path/to/certificate\fP +.TP +\fBkey_file\fP=\fI/path/to/private_key\fP +Set location of TLS certificate and private key. They must be written in PEM format. +If not specified, defaults to \fB${XRDP_CFG_DIR}/cert.pem\fP, \fB${XRDP_CFG_DIR}/key.pem\fP. + +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + .TP \fBchannel_code\fP=\fI[true|false]\fP If set to \fB0\fR, \fBfalse\fR or \fBno\fR this option disables all channels \fBxrdp\fR(8). See section \fBCHANNELS\fP below for more fine grained options. .TP -\fBcrypt_level\fP=\fIlow|medium|high|fips\fP +\fBcrypt_level\fP=\fI[low|medium|high|fips]\fP .\" -RDP connection are controlled by two encryption settings: \fIEncryption Level\fP and \fIEncryption Method\fP. -The only supported \fIEncryption Method\fP is \fB40BIT_ENCRYPTION\fP, \fB128BIT_ENCRYPTION\fP and \fB56BIT_ENCRYPTION\fP are currently not supported. +Regulate encryption level of Standard RDP Security. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBrdp\fP or \fBnegotiate\fP. + +Encryption in Standard RDP Security is controlled by two settings: \fIEncryption Level\fP +and \fIEncryption Method\fP. The only supported \fIEncryption Method\fP are \fB40BIT_ENCRYPTION\fP +and \fB128BIT_ENCRYPTION\fP. \fB56BIT_ENCRYPTION\fP is not supported. This option controls the \fIEncryption Level\fP: .RS 8 .TP .B low -All data sent from the client to the server is protected by encryption based on the maximum key strength supported by the client. +All data sent from the client to the server is protected by encryption based on +the maximum key strength supported by the client. .I This is the only level that the traffic sent by the server to client is not encrypted. .TP .B medium -All data sent between the client and the server is protected by encryption based on the maximum key strength supported by the client. +All data sent between the client and the server is protected by encryption based on +the maximum key strength supported by the client (client compatible). .TP .B high -All data sent between the client and server is protected by encryption based on the server's maximum key strength. +All data sent between the client and the server is protected by encryption based on +the server's maximum key strength (sever compatible). .TP .B fips -All data sent between the client and server is protected using Federal Information Processing Standard 140-1 validated encryption methods. -.I This level is required for Windows clients (mstsc.exe) if the client's group policy enforces FIPS-compliance mode. +All data sent between the client and server is protected using Federal Information +Processing Standard 140-1 validated encryption methods. +.I This level is required for Windows clients (mstsc.exe) if the client's group policy +.I enforces FIPS-compliance mode. .RE .TP \fBdisableSSLv3\fP=\fI[true|false]\fP If set to \fB1\fP, \fBtrue\fP or \fByes\fP, \fBxrdp\fP will not accept SSLv3 connections. If not specified, defaults to \fBfalse\fP. +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. .TP \fBfork\fP=\fI[true|false]\fP @@ -150,6 +169,8 @@ Specifies TLS cipher suite. The format of this parameter is equivalent to which (ex. $ openssl ciphers 'HIGH:!ADH:!SHA1') +This parameter is effective only if \fBsecurity_layer\fP is set to \fBtls\fP or \fBnegotiate\fP. + .TP \fBuse_fastpath\fP=\fI[input|output|both|none]\fP If not specified, defaults to \fBnone\fP. -- cgit v1.2.3