summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--common/ssl_calls.c14
-rw-r--r--common/ssl_calls.h3
-rw-r--r--common/trans.c3
-rw-r--r--common/trans.h2
-rw-r--r--libxrdp/xrdp_rdp.c31
5 files changed, 49 insertions, 4 deletions
diff --git a/common/ssl_calls.c b/common/ssl_calls.c
index 102c6e39..16fc55ed 100644
--- a/common/ssl_calls.c
+++ b/common/ssl_calls.c
@@ -891,3 +891,17 @@ ssl_tls_can_recv(struct ssl_tls *tls, int sck, int millis)
return g_sck_can_recv(sck, millis);
}
+
+/*****************************************************************************/
+const char *
+ssl_get_version(const struct ssl_st *ssl)
+{
+ return SSL_get_version(ssl);
+}
+
+/*****************************************************************************/
+const char *
+ssl_get_cipher_name(const struct ssl_st *ssl)
+{
+ return SSL_get_cipher_name(ssl);
+}
diff --git a/common/ssl_calls.h b/common/ssl_calls.h
index 1277505c..38eaeec2 100644
--- a/common/ssl_calls.h
+++ b/common/ssl_calls.h
@@ -109,4 +109,7 @@ ssl_tls_write(struct ssl_tls *tls, const char *data, int length);
int APP_CC
ssl_tls_can_recv(struct ssl_tls *tls, int sck, int millis);
+const char *ssl_get_version(const struct ssl_st *ssl);
+const char *ssl_get_cipher_name(const struct ssl_st *ssl);
+
#endif
diff --git a/common/trans.c b/common/trans.c
index 432b6334..4beaa56e 100644
--- a/common/trans.c
+++ b/common/trans.c
@@ -902,6 +902,9 @@ trans_set_tls_mode(struct trans *self, const char *key, const char *cert,
self->trans_send = trans_tls_send;
self->trans_can_recv = trans_tls_can_recv;
+ self->ssl_protocol = ssl_get_version(self->tls->ssl);
+ self->cipher_name = ssl_get_cipher_name(self->tls->ssl);
+
return 0;
}
diff --git a/common/trans.h b/common/trans.h
index 53f3203a..26d93dc2 100644
--- a/common/trans.h
+++ b/common/trans.h
@@ -79,6 +79,8 @@ struct trans
int no_stream_init_on_data_in;
int extra_flags; /* user defined */
struct ssl_tls *tls;
+ const char *ssl_protocol; /* e.g. TLSv1, TLSv1.1, TLSv1.2, unknown */
+ const char *cipher_name; /* e.g. AES256-GCM-SHA384 */
trans_recv_proc trans_recv;
trans_send_proc trans_send;
trans_can_recv_proc trans_can_recv;
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index 914b6277..ca82df70 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -816,6 +816,9 @@ xrdp_rdp_send_data_update_sync(struct xrdp_rdp *self)
int APP_CC
xrdp_rdp_incoming(struct xrdp_rdp *self)
{
+ struct xrdp_iso *iso;
+ iso = self->sec_layer->mcs_layer->iso_layer;
+
DEBUG(("in xrdp_rdp_incoming"));
if (xrdp_sec_incoming(self->sec_layer) != 0)
@@ -825,12 +828,32 @@ xrdp_rdp_incoming(struct xrdp_rdp *self)
self->mcs_channel = self->sec_layer->mcs_layer->userid +
MCS_USERCHANNEL_BASE;
DEBUG(("out xrdp_rdp_incoming mcs channel %d", self->mcs_channel));
- g_strncpy(self->client_info.client_addr,
- self->sec_layer->mcs_layer->iso_layer->trans->addr,
+ g_strncpy(self->client_info.client_addr, iso->trans->addr,
sizeof(self->client_info.client_addr) - 1);
- g_strncpy(self->client_info.client_port,
- self->sec_layer->mcs_layer->iso_layer->trans->port,
+ g_strncpy(self->client_info.client_port, iso->trans->port,
sizeof(self->client_info.client_port) - 1);
+
+ /* log TLS version and cipher when TLS is used */
+ /* TODO: client_addr, client_port is empty when IPv6 enabled */
+
+ if (iso->selectedProtocol > PROTOCOL_RDP)
+ {
+ log_message(LOG_LEVEL_INFO,
+ "TLS connection established from %s port %s: %s with cipher %s",
+ self->client_info.client_addr,
+ self->client_info.client_port,
+ iso->trans->ssl_protocol,
+ iso->trans->cipher_name);
+ }
+ else
+ {
+ log_message(LOG_LEVEL_INFO,
+ "Non-TLS connection established from %s port %s: "
+ "encrypted with standard RDP security",
+ self->client_info.client_addr,
+ self->client_info.client_port);
+ }
+
return 0;
}