Merge pull request #61 from ArvidNorr/channelblock
Comments,debug added. Fix for potential vulnerability in log.c
This commit is contained in:
ArvidNorr
commit
4006260317
@ -617,7 +617,7 @@ log_message(const enum logLevels lvl, const char *msg, ...)
|
|||||||
if (lvl <= staticLogConfig->log_level)
|
if (lvl <= staticLogConfig->log_level)
|
||||||
{
|
{
|
||||||
/* log to console */
|
/* log to console */
|
||||||
g_printf(buff);
|
g_printf("%s", buff);
|
||||||
|
|
||||||
/* log to application logfile */
|
/* log to application logfile */
|
||||||
#ifdef LOG_ENABLE_THREAD
|
#ifdef LOG_ENABLE_THREAD
|
||||||
|
|||||||
@ -114,17 +114,17 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
g_writeln("Warning: Your configured crypt level is"
|
log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured crypt level is"
|
||||||
"undefined 'high' will be used");
|
"undefined 'high' will be used");
|
||||||
client_info->crypt_level = 3;
|
client_info->crypt_level = 3;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (g_strcasecmp(item, "channel_code") == 0)
|
else if (g_strcasecmp(item, "allow_channels") == 0)
|
||||||
{
|
{
|
||||||
client_info->channel_code = text2bool(value);
|
client_info->channel_code = text2bool(value);
|
||||||
if (client_info->channel_code == 0)
|
if (client_info->channel_code == 0)
|
||||||
{
|
{
|
||||||
g_writeln("Info: All channels are disabled");
|
log_message(LOG_LEVEL_DEBUG,"Info - All channels are disabled");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (g_strcasecmp(item, "max_bpp") == 0)
|
else if (g_strcasecmp(item, "max_bpp") == 0)
|
||||||
|
|||||||
@ -19,6 +19,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include "libxrdp.h"
|
#include "libxrdp.h"
|
||||||
|
#include "log.h"
|
||||||
|
|
||||||
/* some compilers need unsigned char to avoid warnings */
|
/* some compilers need unsigned char to avoid warnings */
|
||||||
static tui8 g_pad_54[40] =
|
static tui8 g_pad_54[40] =
|
||||||
@ -1056,7 +1057,7 @@ xrdp_sec_incoming(struct xrdp_sec *self)
|
|||||||
if (file_by_name_read_section(key_file, "keys", items, values) != 0)
|
if (file_by_name_read_section(key_file, "keys", items, values) != 0)
|
||||||
{
|
{
|
||||||
/* this is a show stopper */
|
/* this is a show stopper */
|
||||||
g_writeln("xrdp_sec_incoming: error reading %s file", key_file);
|
log_message(LOG_LEVEL_ALWAYS,"XRDP cannot read file: %s (check permissions)", key_file);
|
||||||
list_delete(items);
|
list_delete(items);
|
||||||
list_delete(values);
|
list_delete(values);
|
||||||
return 1;
|
return 1;
|
||||||
|
|||||||
@ -4,7 +4,7 @@ bitmap_cache=yes
|
|||||||
bitmap_compression=yes
|
bitmap_compression=yes
|
||||||
port=3389
|
port=3389
|
||||||
crypt_level=low
|
crypt_level=low
|
||||||
channel_code=1
|
allow_channels=true
|
||||||
max_bpp=24
|
max_bpp=24
|
||||||
fork=yes
|
fork=yes
|
||||||
# regulate if the listening socket use socket option tcp_nodelay
|
# regulate if the listening socket use socket option tcp_nodelay
|
||||||
@ -40,6 +40,8 @@ SyslogLevel=DEBUG
|
|||||||
# You can block any channel by setting its value to false.
|
# You can block any channel by setting its value to false.
|
||||||
# IMPORTANT! All channels are not supported in all use
|
# IMPORTANT! All channels are not supported in all use
|
||||||
# cases even if you set all values to true.
|
# cases even if you set all values to true.
|
||||||
|
# You can override these settings on each session type
|
||||||
|
# These settings are only used if allow_channels=true
|
||||||
rdpdr=true
|
rdpdr=true
|
||||||
rdpsnd=true
|
rdpsnd=true
|
||||||
drdynvc=true
|
drdynvc=true
|
||||||
@ -104,10 +106,10 @@ ip=ask
|
|||||||
port=ask3389
|
port=ask3389
|
||||||
username=ask
|
username=ask
|
||||||
password=ask
|
password=ask
|
||||||
|
# You can override the common channel settings for each session type
|
||||||
channel.rdpdr=true
|
#channel.rdpdr=true
|
||||||
channel.rdpsnd=true
|
#channel.rdpsnd=true
|
||||||
channel.drdynvc=true
|
#channel.drdynvc=true
|
||||||
channel.cliprdr=true
|
#channel.cliprdr=true
|
||||||
channel.rail=true
|
#channel.rail=true
|
||||||
channel.xrdpvr=true
|
#channel.xrdpvr=true
|
||||||
|
|||||||
@ -2174,8 +2174,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
|
|||||||
{
|
{
|
||||||
int reply = 0; /*means not in the list*/
|
int reply = 0; /*means not in the list*/
|
||||||
int index;
|
int index;
|
||||||
char *val;
|
char *val;
|
||||||
char *name;
|
|
||||||
|
|
||||||
index = find_name_in_lists(inName, names);
|
index = find_name_in_lists(inName, names);
|
||||||
if ( index >= 0 )
|
if ( index >= 0 )
|
||||||
@ -2184,9 +2183,13 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
|
|||||||
reply = text2bool(val);
|
reply = text2bool(val);
|
||||||
if (reply == 0)
|
if (reply == 0)
|
||||||
{
|
{
|
||||||
log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", name);
|
log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", inName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
log_message(LOG_LEVEL_INFO,"This channel is disabled (not in List): %s", inName);
|
||||||
|
}
|
||||||
|
|
||||||
return reply;
|
return reply;
|
||||||
}
|
}
|
||||||
@ -2212,7 +2215,8 @@ void init_channel_allowed(struct xrdp_wm *wm)
|
|||||||
|
|
||||||
names = list_create();
|
names = list_create();
|
||||||
values = list_create();
|
values = list_create();
|
||||||
|
/* You can override the list of allowed channels individually for each
|
||||||
|
* session type. */
|
||||||
if ( read_allowed_channel_names(names, values)
|
if ( read_allowed_channel_names(names, values)
|
||||||
&& update_allowed_channel_names(wm, names, values) )
|
&& update_allowed_channel_names(wm, names, values) )
|
||||||
{
|
{
|
||||||
@ -2226,13 +2230,13 @@ void init_channel_allowed(struct xrdp_wm *wm)
|
|||||||
/* examples of channel names: rdpdr ; rdpsnd ; drdynvc ; cliprdr */
|
/* examples of channel names: rdpdr ; rdpsnd ; drdynvc ; cliprdr */
|
||||||
if (is_channel_enabled(channelname, names, values))
|
if (is_channel_enabled(channelname, names, values))
|
||||||
{
|
{
|
||||||
g_writeln("The following channel is allowed: %s (%d)", channelname, index);
|
log_message(LOG_LEVEL_INFO,"The following channel is allowed: %s (%d)", channelname, index);
|
||||||
wm->allowedchannels[allowindex] = index;
|
wm->allowedchannels[allowindex] = index;
|
||||||
allowindex++;
|
allowindex++;
|
||||||
|
|
||||||
if (allowindex >= MAX_NR_CHANNELS)
|
if (allowindex >= MAX_NR_CHANNELS)
|
||||||
{
|
{
|
||||||
g_writeln("Programming error in is_channel_allowed");
|
log_message(LOG_LEVEL_ALWAYS,"Programming error in is_channel_allowed");
|
||||||
error = 1; /* end loop */
|
error = 1; /* end loop */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2268,7 +2272,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
|
|||||||
if (wm->allowedinitialized == 0)
|
if (wm->allowedinitialized == 0)
|
||||||
{
|
{
|
||||||
init_channel_allowed(wm);
|
init_channel_allowed(wm);
|
||||||
g_writeln("allow channel list initialized");
|
log_message(LOG_LEVEL_DEBUG,"The allow channel list now initialized for this session");
|
||||||
wm->allowedinitialized = 1;
|
wm->allowedinitialized = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2287,11 +2291,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*if (reply == 0)
|
|
||||||
{
|
|
||||||
g_writeln("This channel is NOT allowed: %d",channel_id) ;
|
|
||||||
}*/
|
|
||||||
return reply;
|
return reply;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user