Thanks for the update - it's good to hear when things get fixed. I don't have any ideas where your
thinclie directory is coming from I.m afraid.
I'm not surprised you're having problems with TLS termination. The same think happens with protocols which use
STARTTLS which is effectively what RDP is doing:-
Don't understand this fully. Where is the script running? In the context of the logged-in user?
This might be the same as #392 which is currently unresolved.
Hi! Sorry if this is a dumb question, but setting sesman.ini:MaxLoginRetry=X and restarting xrdp doesn't do what I would expect; it just lets me retry logins endlessly.
Am I missing something? I assumed xrdp-sesman would disconnect me after X failed login attempts. Observed with xrdp 0.9.12 as shipped with Ubuntu 20.04 LTS.
scp_v0.c doesn't seem to have any concept of maximum retries. scp_v1 does, yet nothing happens.
I've recently looked through this code and as far as I can tell the scp version is hard coded to use v0
Code that sends the login request to sesman: https://github.com/neutrinolabs/xrdp/blob/devel/xrdp/xrdp_mm.c#L275-L276
Sesman code that parses the request and decides which version of scp to use: https://github.com/neutrinolabs/xrdp/blob/devel/sesman/libscp/libscp_vX.c#L44-L46
The state of SCP is an interesting topic, and one I've been thinking about for a while. I've just posted a summary of where we are with SCP on the developer conversation.
You're right in that SCP V0 doesn't have a dialog with the user regarding authentication. As a result,
MaxLoginRetries is effectively 1. It looks like it's unlimited as the XRDP front end allows for a new attempt to be started if the last one fails authentication.
A proper retry (to my mind) should just ask for a password and not a username and password. We're a long way from implementing that, but I think something could be added to sesman to improve the current situation.
@dmwarren - please raise an issue on github about this. I think it needs to be tracked.