Bug 248481 - net/xrdp: "login failed for display 0" when trying to login with RDP client
Summary: net/xrdp: "login failed for display 0" when trying to login with RDP client
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Many People
Assignee: Koichiro Iwao
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-05 09:04 UTC by Sascha Folie
Modified: 2020-08-11 17:39 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (meta)


Attachments
makefile-patch-1 (584 bytes, patch)
2020-08-06 08:28 UTC, Koichiro Iwao
no flags Details | Diff
FreeBSD 12.1 synth xrdp build log (203.90 KB, text/plain)
2020-08-06 20:00 UTC, Sascha Folie
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sascha Folie 2020-08-05 09:04:41 UTC
It is not possible to connect to xrdp because every login session will hang on "login failed for display 0".

FreeBSD Version: FreeBSD 13.0-CURRENT #0 r363759 (GENERIC-NODEBUG amd64)
Hardware: Tuxedo Notebook (Intel(R) Core(TM) i5-7200U CPU)
xrdp Version: xrdp-0.9.13.1,1

xrdp is compiled with synth-2.08 and the default options:
OPTIONS_FILE_UNSET+=DEBUG
OPTIONS_FILE_UNSET+=FUSE
OPTIONS_FILE_SET+=IPV6
OPTIONS_FILE_SET+=FDKAAC
OPTIONS_FILE_UNSET+=MP3LAME
OPTIONS_FILE_SET+=OPUS

How to test:

# install 
pkg install xrdp

# settings in /etc/rc.conf
xrdp_enable="YES" 
xrdp_sesman_enable="YES" 

# start services
service xrdp start
service xrdp-sesman start

# connect via RDP client (Archlinux freerdp 2.2.0 in this case)
Session: Xorg
username: username
password: password

# Connection Log (in RDP window):
connecting to sesman ip 127.0.0.1 port 3350
sesman connect ok
sending login info to session manager, please wait...
login failed for display 0

# fix Problem via change in PAM settings:
# /usr/local/etc/pam.d/xrdp-sesman (default)
#%PAM-1.0
auth        include     system-auth
account     include     system-auth
password    include     system-auth
session     include     system-auth

# change to:
#%PAM-1.0
auth        include     system
account     include     system
password    include     system
session     include     system

# connect via RDP again (same Session/user/pass)
RDP connection works and shows xterm
Comment 1 Koichiro Iwao freebsd_committer 2020-08-06 02:24:42 UTC
Thanks for the report. 

Yes, that's true `system-auth` won't work but `system` works. However, `system` should be default installation.

At 12.1-RELEASE:
# pkg install xrdp
# less /usr/local/etc/pam.d/xrdp-sesman
#%PAM-1.0
auth        include     system
account     include     system
password    include     system
session     include     system

I haven't looked into 13-CURRENT.  Will do it later.
Comment 2 Koichiro Iwao freebsd_committer 2020-08-06 08:28:05 UTC
Created attachment 217051 [details]
makefile-patch-1

Can you apply makefile-patch-1 and rebuild xrdp package?

I assume the "system" pam rule should be chosen automatically. However yours appears "system-auth"pam rule is unexpectedly mischosen. The patch explicitly specify the pam rule for FreeBSD.
Comment 3 Sascha Folie 2020-08-06 11:57:47 UTC
I've applied makefile-patch-1 and rebuilt xrdp. After a "pkg upgrade" from xrdp 0.9.13.1,1 to 0.9.13.1_1,1 the configuration in /usr/local/etc/pam.d/xrdp-sesman looks good and I was able to connect via RDP.

Thanks!
Comment 4 Sascha Folie 2020-08-06 20:00:41 UTC
Created attachment 217057 [details]
FreeBSD 12.1 synth xrdp build log

I've now tested with FreeBSD 12.1 too but it seems it's also broken. The xrdp package is from my own repo which is built with synth. Since your 12.1 package works there must be something that synth does different. I've attached the build log if someone wants to take a look.
Comment 5 commit-hook freebsd_committer 2020-08-07 08:38:08 UTC
A commit references this bug:

Author: meta
Date: Fri Aug  7 08:37:12 UTC 2020
New revision: 544315
URL: https://svnweb.freebsd.org/changeset/ports/544315

Log:
  net/xrdp: adjust configure arguments

  Set --enable-pam-config=freebsd explicitly. If this is not given, PAM
  configuration will be autodetected however it might be misdetected on some
  environments. Quit relying on autodetection.

  Force rebuild because built packages might include misconfigured pam files
  as reported in the bugzilla issue..

  PR:		248481
  Reported by:	Sascha Folie <sascha.folie@safo.at>
  Sponsored by:	HAW International

Changes:
  head/net/xrdp/Makefile
Comment 6 commit-hook freebsd_committer 2020-08-11 05:19:51 UTC
A commit references this bug:

Author: meta
Date: Tue Aug 11 05:19:30 UTC 2020
New revision: 544663
URL: https://svnweb.freebsd.org/changeset/ports/544663

Log:
  MFH: r544315

  net/xrdp: adjust configure arguments

  Set --enable-pam-config=freebsd explicitly. If this is not given, PAM
  configuration will be autodetected however it might be misdetected on some
  environments. Quit relying on autodetection.

  Force rebuild because built packages might include misconfigured pam files
  as reported in the bugzilla issue..

  PR:		248481
  Reported by:	Sascha Folie <sascha.folie@safo.at>
  Sponsored by:	HAW International

  Approved by:	portmgr blanket

Changes:
_U  branches/2020Q3/
  branches/2020Q3/net/xrdp/Makefile