diff options
| author | ArvidNorr <norrarvid@gmail.com> | 2013-02-01 10:00:39 +0100 |
|---|---|---|
| committer | ArvidNorr <norrarvid@gmail.com> | 2013-02-01 10:00:39 +0100 |
| commit | fe69d2f07bf13e5df13382e1f088f05fe70d5de4 (patch) | |
| tree | 59b19754aefef0848d0e93952dbac1259e6c5a98 | |
| parent | 6c2c4a9b11450114b2e4a7766c081a05a0f1fc30 (diff) | |
| download | xrdp-proprietary-fe69d2f07bf13e5df13382e1f088f05fe70d5de4.tar.gz xrdp-proprietary-fe69d2f07bf13e5df13382e1f088f05fe70d5de4.zip | |
Comments and debug when blocking channels added. Fix for potential vulnerability in log.c
| -rw-r--r-- | common/log.c | 2 | ||||
| -rw-r--r-- | libxrdp/xrdp_rdp.c | 6 | ||||
| -rw-r--r-- | libxrdp/xrdp_sec.c | 3 | ||||
| -rw-r--r-- | xrdp/xrdp.ini | 18 | ||||
| -rw-r--r-- | xrdp/xrdp_mm.c | 24 |
5 files changed, 28 insertions, 25 deletions
diff --git a/common/log.c b/common/log.c index e8e005f0..d8279600 100644 --- a/common/log.c +++ b/common/log.c @@ -617,7 +617,7 @@ log_message(const enum logLevels lvl, const char *msg, ...) if (lvl <= staticLogConfig->log_level) { /* log to console */ - g_printf(buff); + g_printf("%s", buff); /* log to application logfile */ #ifdef LOG_ENABLE_THREAD diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index eff2a654..7136e36a 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -114,17 +114,17 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) } else { - g_writeln("Warning: Your configured crypt level is" + log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured crypt level is" "undefined 'high' will be used"); client_info->crypt_level = 3; } } - else if (g_strcasecmp(item, "channel_code") == 0) + else if (g_strcasecmp(item, "allow_channels") == 0) { client_info->channel_code = text2bool(value); if (client_info->channel_code == 0) { - g_writeln("Info: All channels are disabled"); + log_message(LOG_LEVEL_DEBUG,"Info - All channels are disabled"); } } else if (g_strcasecmp(item, "max_bpp") == 0) diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index 17348274..2cc2d424 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -19,6 +19,7 @@ */ #include "libxrdp.h" +#include "log.h" /* some compilers need unsigned char to avoid warnings */ static tui8 g_pad_54[40] = @@ -1056,7 +1057,7 @@ xrdp_sec_incoming(struct xrdp_sec *self) if (file_by_name_read_section(key_file, "keys", items, values) != 0) { /* this is a show stopper */ - g_writeln("xrdp_sec_incoming: error reading %s file", key_file); + log_message(LOG_LEVEL_ALWAYS,"XRDP cannot read file: %s (check permissions)", key_file); list_delete(items); list_delete(values); return 1; diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index d4a99dfb..498525bc 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -4,7 +4,7 @@ bitmap_cache=yes bitmap_compression=yes port=3389 crypt_level=low -channel_code=1 +allow_channels=true max_bpp=24 fork=yes # regulate if the listening socket use socket option tcp_nodelay @@ -40,6 +40,8 @@ SyslogLevel=DEBUG # You can block any channel by setting its value to false. # IMPORTANT! All channels are not supported in all use # cases even if you set all values to true. +# You can override these settings on each session type +# These settings are only used if allow_channels=true rdpdr=true rdpsnd=true drdynvc=true @@ -104,10 +106,10 @@ ip=ask port=ask3389 username=ask password=ask - -channel.rdpdr=true -channel.rdpsnd=true -channel.drdynvc=true -channel.cliprdr=true -channel.rail=true -channel.xrdpvr=true +# You can override the common channel settings for each session type +#channel.rdpdr=true +#channel.rdpsnd=true +#channel.drdynvc=true +#channel.cliprdr=true +#channel.rail=true +#channel.xrdpvr=true diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c index 9b6ff5e7..1f5acaaf 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c @@ -2174,8 +2174,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values) { int reply = 0; /*means not in the list*/ int index; - char *val; - char *name; + char *val; index = find_name_in_lists(inName, names); if ( index >= 0 ) @@ -2184,9 +2183,13 @@ is_channel_enabled(char *inName, struct list *names, struct list *values) reply = text2bool(val); if (reply == 0) { - log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", name); + log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", inName); } } + else + { + log_message(LOG_LEVEL_INFO,"This channel is disabled (not in List): %s", inName); + } return reply; } @@ -2212,7 +2215,8 @@ void init_channel_allowed(struct xrdp_wm *wm) names = list_create(); values = list_create(); - + /* You can override the list of allowed channels individually for each + * session type. */ if ( read_allowed_channel_names(names, values) && update_allowed_channel_names(wm, names, values) ) { @@ -2226,13 +2230,13 @@ void init_channel_allowed(struct xrdp_wm *wm) /* examples of channel names: rdpdr ; rdpsnd ; drdynvc ; cliprdr */ if (is_channel_enabled(channelname, names, values)) { - g_writeln("The following channel is allowed: %s (%d)", channelname, index); + log_message(LOG_LEVEL_INFO,"The following channel is allowed: %s (%d)", channelname, index); wm->allowedchannels[allowindex] = index; allowindex++; if (allowindex >= MAX_NR_CHANNELS) { - g_writeln("Programming error in is_channel_allowed"); + log_message(LOG_LEVEL_ALWAYS,"Programming error in is_channel_allowed"); error = 1; /* end loop */ } } @@ -2268,7 +2272,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id) if (wm->allowedinitialized == 0) { init_channel_allowed(wm); - g_writeln("allow channel list initialized"); + log_message(LOG_LEVEL_DEBUG,"The allow channel list now initialized for this session"); wm->allowedinitialized = 1; } @@ -2287,11 +2291,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id) break; } } - - /*if (reply == 0) - { - g_writeln("This channel is NOT allowed: %d",channel_id) ; - }*/ + return reply; } |