Merge pull request #426 from metalefty/log-tls-version-and-cipher
TLS: log TLS version and cipher
This commit is contained in:
commit
19375dda7a
@ -891,3 +891,17 @@ ssl_tls_can_recv(struct ssl_tls *tls, int sck, int millis)
|
|||||||
return g_sck_can_recv(sck, millis);
|
return g_sck_can_recv(sck, millis);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
const char *
|
||||||
|
ssl_get_version(const struct ssl_st *ssl)
|
||||||
|
{
|
||||||
|
return SSL_get_version(ssl);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*****************************************************************************/
|
||||||
|
const char *
|
||||||
|
ssl_get_cipher_name(const struct ssl_st *ssl)
|
||||||
|
{
|
||||||
|
return SSL_get_cipher_name(ssl);
|
||||||
|
}
|
||||||
|
@ -109,4 +109,7 @@ ssl_tls_write(struct ssl_tls *tls, const char *data, int length);
|
|||||||
int APP_CC
|
int APP_CC
|
||||||
ssl_tls_can_recv(struct ssl_tls *tls, int sck, int millis);
|
ssl_tls_can_recv(struct ssl_tls *tls, int sck, int millis);
|
||||||
|
|
||||||
|
const char *ssl_get_version(const struct ssl_st *ssl);
|
||||||
|
const char *ssl_get_cipher_name(const struct ssl_st *ssl);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -902,6 +902,9 @@ trans_set_tls_mode(struct trans *self, const char *key, const char *cert,
|
|||||||
self->trans_send = trans_tls_send;
|
self->trans_send = trans_tls_send;
|
||||||
self->trans_can_recv = trans_tls_can_recv;
|
self->trans_can_recv = trans_tls_can_recv;
|
||||||
|
|
||||||
|
self->ssl_protocol = ssl_get_version(self->tls->ssl);
|
||||||
|
self->cipher_name = ssl_get_cipher_name(self->tls->ssl);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -79,6 +79,8 @@ struct trans
|
|||||||
int no_stream_init_on_data_in;
|
int no_stream_init_on_data_in;
|
||||||
int extra_flags; /* user defined */
|
int extra_flags; /* user defined */
|
||||||
struct ssl_tls *tls;
|
struct ssl_tls *tls;
|
||||||
|
const char *ssl_protocol; /* e.g. TLSv1, TLSv1.1, TLSv1.2, unknown */
|
||||||
|
const char *cipher_name; /* e.g. AES256-GCM-SHA384 */
|
||||||
trans_recv_proc trans_recv;
|
trans_recv_proc trans_recv;
|
||||||
trans_send_proc trans_send;
|
trans_send_proc trans_send;
|
||||||
trans_can_recv_proc trans_can_recv;
|
trans_can_recv_proc trans_can_recv;
|
||||||
|
@ -816,6 +816,9 @@ xrdp_rdp_send_data_update_sync(struct xrdp_rdp *self)
|
|||||||
int APP_CC
|
int APP_CC
|
||||||
xrdp_rdp_incoming(struct xrdp_rdp *self)
|
xrdp_rdp_incoming(struct xrdp_rdp *self)
|
||||||
{
|
{
|
||||||
|
struct xrdp_iso *iso;
|
||||||
|
iso = self->sec_layer->mcs_layer->iso_layer;
|
||||||
|
|
||||||
DEBUG(("in xrdp_rdp_incoming"));
|
DEBUG(("in xrdp_rdp_incoming"));
|
||||||
|
|
||||||
if (xrdp_sec_incoming(self->sec_layer) != 0)
|
if (xrdp_sec_incoming(self->sec_layer) != 0)
|
||||||
@ -825,12 +828,32 @@ xrdp_rdp_incoming(struct xrdp_rdp *self)
|
|||||||
self->mcs_channel = self->sec_layer->mcs_layer->userid +
|
self->mcs_channel = self->sec_layer->mcs_layer->userid +
|
||||||
MCS_USERCHANNEL_BASE;
|
MCS_USERCHANNEL_BASE;
|
||||||
DEBUG(("out xrdp_rdp_incoming mcs channel %d", self->mcs_channel));
|
DEBUG(("out xrdp_rdp_incoming mcs channel %d", self->mcs_channel));
|
||||||
g_strncpy(self->client_info.client_addr,
|
g_strncpy(self->client_info.client_addr, iso->trans->addr,
|
||||||
self->sec_layer->mcs_layer->iso_layer->trans->addr,
|
|
||||||
sizeof(self->client_info.client_addr) - 1);
|
sizeof(self->client_info.client_addr) - 1);
|
||||||
g_strncpy(self->client_info.client_port,
|
g_strncpy(self->client_info.client_port, iso->trans->port,
|
||||||
self->sec_layer->mcs_layer->iso_layer->trans->port,
|
|
||||||
sizeof(self->client_info.client_port) - 1);
|
sizeof(self->client_info.client_port) - 1);
|
||||||
|
|
||||||
|
/* log TLS version and cipher when TLS is used */
|
||||||
|
/* TODO: client_addr, client_port is empty when IPv6 enabled */
|
||||||
|
|
||||||
|
if (iso->selectedProtocol > PROTOCOL_RDP)
|
||||||
|
{
|
||||||
|
log_message(LOG_LEVEL_INFO,
|
||||||
|
"TLS connection established from %s port %s: %s with cipher %s",
|
||||||
|
self->client_info.client_addr,
|
||||||
|
self->client_info.client_port,
|
||||||
|
iso->trans->ssl_protocol,
|
||||||
|
iso->trans->cipher_name);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
log_message(LOG_LEVEL_INFO,
|
||||||
|
"Non-TLS connection established from %s port %s: "
|
||||||
|
"encrypted with standard RDP security",
|
||||||
|
self->client_info.client_addr,
|
||||||
|
self->client_info.client_port);
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user