diff options
Diffstat (limited to 'libxrdp')
-rw-r--r-- | libxrdp/xrdp_iso.c | 74 | ||||
-rw-r--r-- | libxrdp/xrdp_rdp.c | 2 |
2 files changed, 48 insertions, 28 deletions
diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index 3c012b8f..1a2fb08a 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -21,6 +21,15 @@ #include "libxrdp.h" +#define LOG_LEVEL 1 +#define LLOG(_level, _args) \ + do { if (_level < LOG_LEVEL) { g_write _args ; } } while (0) +#define LLOGLN(_level, _args) \ + do { if (_level < LOG_LEVEL) { g_writeln _args ; } } while (0) +#define LHEXDUMP(_level, _args) \ + do { if (_level < LOG_LEVEL) { g_hexdump _args ; } } while (0) + + /*****************************************************************************/ struct xrdp_iso * APP_CC @@ -28,11 +37,11 @@ xrdp_iso_create(struct xrdp_mcs *owner, struct trans *trans) { struct xrdp_iso *self; - DEBUG((" in xrdp_iso_create")); + LLOGLN(10, (" in xrdp_iso_create")); self = (struct xrdp_iso *) g_malloc(sizeof(struct xrdp_iso), 1); self->mcs_layer = owner; self->trans = trans; - DEBUG((" out xrdp_iso_create")); + LLOGLN(10, (" out xrdp_iso_create")); return self; } @@ -54,19 +63,30 @@ static int APP_CC xrdp_iso_negotiate_security(struct xrdp_iso *self) { int rv = 0; - int server_security_layer = self->mcs_layer->sec_layer->rdp_layer->client_info.security_layer; + struct xrdp_client_info *client_info = &(self->mcs_layer->sec_layer->rdp_layer->client_info); - self->selectedProtocol = server_security_layer; + self->selectedProtocol = client_info->security_layer; - switch (server_security_layer) + switch (client_info->security_layer) { case PROTOCOL_RDP: - self->rdpNegData = 0; /* no need to send rdp_neg_data back to client */ break; case PROTOCOL_SSL: if (self->requestedProtocol & PROTOCOL_SSL) { - self->selectedProtocol = PROTOCOL_SSL; + + if(!g_file_exist(client_info->certificate) || + !g_file_exist(client_info->key_file)) + { + /* certificate file doesn't exist */ + LLOGLN(0, ("xrdp_iso_negotiate_security: TLS certificate not found on server")); + self->failureCode = SSL_CERT_NOT_ON_SERVER; + rv = 1; /* error */ + } + else + { + self->selectedProtocol = PROTOCOL_SSL; + } } else { @@ -89,8 +109,8 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self) break; } - DEBUG(("xrdp_iso_negotiate_security: server security layer %d , client security layer %d", - self->selectedProtocol, self->requestedProtocol)); + LLOGLN(10, ("xrdp_iso_negotiate_security: server security layer %d , client security layer %d", + self->selectedProtocol, self->requestedProtocol)); return rv; } @@ -105,22 +125,22 @@ xrdp_iso_process_rdp_neg_req(struct xrdp_iso *self, struct stream *s) in_uint8(s, flags); if (flags != 0x0 && flags != 0x8 && flags != 0x1) { - DEBUG(("xrdp_iso_process_rdpNegReq: error, flags: %x",flags)); + LLOGLN(10, ("xrdp_iso_process_rdpNegReq: error, flags: %x",flags)); return 1; } in_uint16_le(s, len); if (len != 8) { - DEBUG(("xrdp_iso_process_rdpNegReq: error, length: %x",len)); + LLOGLN(10, ("xrdp_iso_process_rdpNegReq: error, length: %x",len)); return 1; } in_uint32_le(s, self->requestedProtocol); if (self->requestedProtocol > 0xb) { - DEBUG(("xrdp_iso_process_rdpNegReq: error, requestedProtocol: %x", - self->requestedProtocol)); + LLOGLN(10, ("xrdp_iso_process_rdpNegReq: error, requestedProtocol: %x", + self->requestedProtocol)); return 1; } @@ -139,15 +159,15 @@ xrdp_iso_recv_msg(struct xrdp_iso *self, struct stream *s, int *code, int *len) if (s != self->trans->in_s) { - g_writeln("xrdp_iso_recv_msg error logic"); + LLOGLN(10, ("xrdp_iso_recv_msg error logic")); } in_uint8(s, ver); if (ver != 3) { - g_writeln("xrdp_iso_recv_msg: bad ver"); - g_hexdump(s->data, 4); + LLOGLN(10, ("xrdp_iso_recv_msg: bad ver")); + LHEXDUMP(10, (s->data, 4)); return 1; } @@ -195,21 +215,21 @@ xrdp_iso_recv(struct xrdp_iso *self, struct stream *s) int code; int len; - DEBUG((" in xrdp_iso_recv")); + LLOGLN(10, (" in xrdp_iso_recv")); if (xrdp_iso_recv_msg(self, s, &code, &len) != 0) { - DEBUG((" out xrdp_iso_recv xrdp_iso_recv_msg return non zero")); + LLOGLN(10, (" out xrdp_iso_recv xrdp_iso_recv_msg return non zero")); return 1; } if (code != ISO_PDU_DT || len != 2) { - DEBUG((" out xrdp_iso_recv code != ISO_PDU_DT or length != 2")); + LLOGLN(10, (" out xrdp_iso_recv code != ISO_PDU_DT or length != 2")); return 1; } - DEBUG((" out xrdp_iso_recv")); + LLOGLN(10, (" out xrdp_iso_recv")); return 0; } /*****************************************************************************/ @@ -289,7 +309,7 @@ xrdp_iso_incoming(struct xrdp_iso *self) char *pend; struct stream *s; - DEBUG((" in xrdp_iso_incoming")); + LLOGLN(10, (" in xrdp_iso_incoming")); s = libxrdp_force_read(self->trans); if (s == 0) @@ -299,7 +319,7 @@ xrdp_iso_incoming(struct xrdp_iso *self) if (xrdp_iso_recv_msg(self, s, &code, &len) != 0) { - g_writeln("xrdp_iso_incoming: xrdp_iso_recv_msg returned non zero"); + LLOGLN(0, ("xrdp_iso_incoming: xrdp_iso_recv_msg returned non zero")); return 1; } @@ -322,7 +342,7 @@ xrdp_iso_incoming(struct xrdp_iso *self) self->rdpNegData = 1; if (xrdp_iso_process_rdp_neg_req(self, s) != 0) { - g_writeln("xrdp_iso_incoming: xrdp_iso_process_rdpNegReq returned non zero"); + LLOGLN(0, ("xrdp_iso_incoming: xrdp_iso_process_rdpNegReq returned non zero")); return 1; } break; @@ -354,11 +374,11 @@ xrdp_iso_incoming(struct xrdp_iso *self) /* send connection confirm back to client */ if (xrdp_iso_send_cc(self) != 0) { - g_writeln("xrdp_iso_incoming: xrdp_iso_send_cc returned non zero"); + LLOGLN(0, ("xrdp_iso_incoming: xrdp_iso_send_cc returned non zero")); return 1; } - DEBUG((" out xrdp_iso_incoming")); + LLOGLN(10, (" out xrdp_iso_incoming")); return rv; } @@ -379,7 +399,7 @@ xrdp_iso_send(struct xrdp_iso *self, struct stream *s) { int len; - DEBUG((" in xrdp_iso_send")); + LLOGLN(10, (" in xrdp_iso_send")); s_pop_layer(s, iso_hdr); len = (int) (s->end - s->p); out_uint8(s, 3); @@ -394,6 +414,6 @@ xrdp_iso_send(struct xrdp_iso *self, struct stream *s) return 1; } - DEBUG((" out xrdp_iso_send")); + LLOGLN(10, (" out xrdp_iso_send")); return 0; } diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 72562022..1718afd1 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -204,7 +204,7 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) { /* default key_file path */ g_snprintf(client_info->key_file, 1023, "%s/key.pem", XRDP_CFG_PATH); - log_message(LOG_LEVEL_ALWAYS,"WARNING: Invalid x.509 certificate path defined, " + log_message(LOG_LEVEL_WARNING,"Invalid X.509 certificate path defined, " "default path will be used: %s", client_info->key_file); } else |