Bug 248481

Summary: net/xrdp: "login failed for display 0" when trying to login with RDP client
Product: Ports & Packages Reporter: Sascha Folie <sascha.folie>
Component: Individual Port(s)Assignee: Koichiro Iwao <meta>
Status: Closed FIXED    
Severity: Affects Many People CC: meta
Priority: --- Flags: bugzilla: maintainer-feedback? (meta)
Version: Latest   
Hardware: amd64   
OS: Any   
Attachments:
Description Flags
makefile-patch-1
none
FreeBSD 12.1 synth xrdp build log none

Description Sascha Folie 2020-08-05 09:04:41 UTC 
It is not possible to connect to xrdp because every login session will hang on "login failed for display 0".

FreeBSD Version: FreeBSD 13.0-CURRENT #0 r363759 (GENERIC-NODEBUG amd64)
Hardware: Tuxedo Notebook (Intel(R) Core(TM) i5-7200U CPU)
xrdp Version: xrdp-0.9.13.1,1

xrdp is compiled with synth-2.08 and the default options:
OPTIONS_FILE_UNSET+=DEBUG
OPTIONS_FILE_UNSET+=FUSE
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=FDKAAC
OPTIONS_FILE_UNSET+=MP3LAME
OPTIONS_FILE_SET+=OPUS

How to test:

# install 
pkg install xrdp

# settings in /etc/rc.conf
xrdp_enable="YES" 
xrdp_sesman_enable="YES" 

# start services
service xrdp start
service xrdp-sesman start

# connect via RDP client (Archlinux freerdp 2.2.0 in this case)
Session: Xorg
username: username
password: password

# Connection Log (in RDP window):
connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait...
login failed for display 0

# fix Problem via change in PAM settings:
# /usr/local/etc/pam.d/xrdp-sesman (default)
#%PAM-1.0
auth        include     system-auth
account     include     system-auth
password    include     system-auth
session     include     system-auth

# change to:
#%PAM-1.0
auth        include     system
account     include     system
password    include     system
session     include     system

# connect via RDP again (same Session/user/pass)
RDP connection works and shows xterm
Comment 1 Koichiro Iwao freebsd_committer freebsd_triage 2020-08-06 02:24:42 UTC 
Thanks for the report. 

Yes, that's true `system-auth` won't work but `system` works. However, `system` should be default installation.

At 12.1-RELEASE:
# pkg install xrdp
# less /usr/local/etc/pam.d/xrdp-sesman
#%PAM-1.0
auth        include     system
account     include     system
password    include     system
session     include     system

I haven't looked into 13-CURRENT.  Will do it later.
Comment 2 Koichiro Iwao freebsd_committer freebsd_triage 2020-08-06 08:28:05 UTC 
Created attachment 217051 [details]
makefile-patch-1

Can you apply makefile-patch-1 and rebuild xrdp package?

I assume the "system" pam rule should be chosen automatically. However yours appears "system-auth"pam rule is unexpectedly mischosen. The patch explicitly specify the pam rule for FreeBSD.
Comment 3 Sascha Folie 2020-08-06 11:57:47 UTC 
I've applied makefile-patch-1 and rebuilt xrdp. After a "pkg upgrade" from xrdp 0.9.13.1,1 to 0.9.13.1_1,1 the configuration in /usr/local/etc/pam.d/xrdp-sesman looks good and I was able to connect via RDP.

Thanks!
Comment 4 Sascha Folie 2020-08-06 20:00:41 UTC 
Created attachment 217057 [details]
FreeBSD 12.1 synth xrdp build log

I've now tested with FreeBSD 12.1 too but it seems it's also broken. The xrdp package is from my own repo which is built with synth. Since your 12.1 package works there must be something that synth does different. I've attached the build log if someone wants to take a look.
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-08-07 08:38:08 UTC 
A commit references this bug:

Author: meta
Date: Fri Aug  7 08:37:12 UTC 2020
New revision: 544315
URL: https://svnweb.freebsd.org/changeset/ports/544315

Log:
  net/xrdp: adjust configure arguments

  Set --enable-pam-config=freebsd explicitly. If this is not given, PAM
  configuration will be autodetected however it might be misdetected on some
  environments. Quit relying on autodetection.

  Force rebuild because built packages might include misconfigured pam files
  as reported in the bugzilla issue..

  PR:		248481
  Reported by:	Sascha Folie <sascha.folie@safo.at>
  Sponsored by:	HAW International

Changes:
  head/net/xrdp/Makefile
Comment 6 commit-hook freebsd_committer freebsd_triage 2020-08-11 05:19:51 UTC 
A commit references this bug:

Author: meta
Date: Tue Aug 11 05:19:30 UTC 2020
New revision: 544663
URL: https://svnweb.freebsd.org/changeset/ports/544663

Log:
  MFH: r544315

  net/xrdp: adjust configure arguments

  Set --enable-pam-config=freebsd explicitly. If this is not given, PAM
  configuration will be autodetected however it might be misdetected on some
  environments. Quit relying on autodetection.

  Force rebuild because built packages might include misconfigured pam files
  as reported in the bugzilla issue..

  PR:		248481
  Reported by:	Sascha Folie <sascha.folie@safo.at>
  Sponsored by:	HAW International

  Approved by:	portmgr blanket

Changes:
_U  branches/2020Q3/
  branches/2020Q3/net/xrdp/Makefile