summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIdan Freiberg <speidy@gmail.com>2014-07-09 15:33:39 +0300
committerIdan Freiberg <speidy@gmail.com>2014-07-09 15:33:39 +0300
commit9007deae6f307fe97d02bc616ac6015db6e60db3 (patch)
tree4b9a23ed6c20ac1c97411cb9db609167244bc074
parent1330f340c6bf765e3154195dd180a4492f5cb162 (diff)
downloadxrdp-proprietary-9007deae6f307fe97d02bc616ac6015db6e60db3.tar.gz
xrdp-proprietary-9007deae6f307fe97d02bc616ac6015db6e60db3.zip
libxrdp: added an option to enforce security layer in xrdp.ini
-rw-r--r--common/xrdp_client_info.h2
-rw-r--r--libxrdp/xrdp_rdp.c22
-rw-r--r--xrdp/xrdp.ini2
3 files changed, 24 insertions, 2 deletions
diff --git a/common/xrdp_client_info.h b/common/xrdp_client_info.h
index 6536db48..7a7aed92 100644
--- a/common/xrdp_client_info.h
+++ b/common/xrdp_client_info.h
@@ -106,7 +106,7 @@ struct xrdp_client_info
char client_addr[256];
char client_port[256];
- int nego_sec_layer; /* 0, 1, 2 = RDP security layer, TLS , Negotiate */
+ int security_layer; /* 0 = rdp, 1 = tls , 2 = hybrid */
int multimon; /* 0 = deny , 1 = allow */
int monitorCount; /* number of monitors detected (max = 16) */
struct monitor_info minfo[16]; /* client monitor data */
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index e63e6f58..13c72a6d 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -156,6 +156,28 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
client_info->use_fast_path = 0;
}
}
+ else if (g_strcasecmp(item, "security_layer") == 0)
+ {
+ if (g_strcasecmp(value, "rdp") == 0)
+ {
+ client_info->security_layer = 1;
+ }
+ else if (g_strcasecmp(value, "tls") == 0)
+ {
+ client_info->security_layer = 2;
+ }
+ else if (g_strcasecmp(value, "hybrid") == 0)
+ {
+ client_info->security_layer = 3;
+ }
+ else
+ {
+ log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured security layer is"
+ "undefined, xrdp will negotiate client compatible");
+ client_info->security_layer = -1;
+ }
+ }
+
}
list_delete(items);
diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini
index c40f8165..5b86d4c2 100644
--- a/xrdp/xrdp.ini
+++ b/xrdp/xrdp.ini
@@ -6,6 +6,7 @@ bitmap_cache=yes
bitmap_compression=yes
port=3389
crypt_level=high
+security_layer=rdp
allow_channels=true
max_bpp=32
fork=yes
@@ -46,7 +47,6 @@ bulk_compression=yes
# You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url
new_cursors=yes
-#nego_sec_layer=0
allow_multimon=true
# fastpath - can be set to input / output / both / none