diff options
author | Idan Freiberg <speidy@gmail.com> | 2014-07-09 15:33:39 +0300 |
---|---|---|
committer | Idan Freiberg <speidy@gmail.com> | 2014-07-09 15:33:39 +0300 |
commit | 9007deae6f307fe97d02bc616ac6015db6e60db3 (patch) | |
tree | 4b9a23ed6c20ac1c97411cb9db609167244bc074 | |
parent | 1330f340c6bf765e3154195dd180a4492f5cb162 (diff) | |
download | xrdp-proprietary-9007deae6f307fe97d02bc616ac6015db6e60db3.tar.gz xrdp-proprietary-9007deae6f307fe97d02bc616ac6015db6e60db3.zip |
libxrdp: added an option to enforce security layer in xrdp.ini
-rw-r--r-- | common/xrdp_client_info.h | 2 | ||||
-rw-r--r-- | libxrdp/xrdp_rdp.c | 22 | ||||
-rw-r--r-- | xrdp/xrdp.ini | 2 |
3 files changed, 24 insertions, 2 deletions
diff --git a/common/xrdp_client_info.h b/common/xrdp_client_info.h index 6536db48..7a7aed92 100644 --- a/common/xrdp_client_info.h +++ b/common/xrdp_client_info.h @@ -106,7 +106,7 @@ struct xrdp_client_info char client_addr[256]; char client_port[256]; - int nego_sec_layer; /* 0, 1, 2 = RDP security layer, TLS , Negotiate */ + int security_layer; /* 0 = rdp, 1 = tls , 2 = hybrid */ int multimon; /* 0 = deny , 1 = allow */ int monitorCount; /* number of monitors detected (max = 16) */ struct monitor_info minfo[16]; /* client monitor data */ diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index e63e6f58..13c72a6d 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -156,6 +156,28 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) client_info->use_fast_path = 0; } } + else if (g_strcasecmp(item, "security_layer") == 0) + { + if (g_strcasecmp(value, "rdp") == 0) + { + client_info->security_layer = 1; + } + else if (g_strcasecmp(value, "tls") == 0) + { + client_info->security_layer = 2; + } + else if (g_strcasecmp(value, "hybrid") == 0) + { + client_info->security_layer = 3; + } + else + { + log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured security layer is" + "undefined, xrdp will negotiate client compatible"); + client_info->security_layer = -1; + } + } + } list_delete(items); diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index c40f8165..5b86d4c2 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -6,6 +6,7 @@ bitmap_cache=yes bitmap_compression=yes port=3389 crypt_level=high +security_layer=rdp allow_channels=true max_bpp=32 fork=yes @@ -46,7 +47,6 @@ bulk_compression=yes # You can set the PAM error text in a gateway setup (MAX 256 chars) #pamerrortxt=change your password according to policy at http://url new_cursors=yes -#nego_sec_layer=0 allow_multimon=true # fastpath - can be set to input / output / both / none |