libxrdp: fix for 'low' RDP security level (issue #202)
This commit is contained in:
speidy
parent
bf622c46a6
commit
5e89424129
@ -480,17 +480,21 @@ xrdp_sec_init(struct xrdp_sec *self, struct stream *s)
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (self->crypt_level == CRYPT_LEVEL_FIPS)
|
if (self->crypt_level > CRYPT_LEVEL_NONE) /* RDP encryption */
|
||||||
{
|
{
|
||||||
s_push_layer(s, sec_hdr, 4 + 4 + 8);
|
if (self->crypt_level == CRYPT_LEVEL_FIPS)
|
||||||
}
|
{
|
||||||
else if (self->crypt_level > CRYPT_LEVEL_LOW)
|
s_push_layer(s, sec_hdr, 4 + 4 + 8);
|
||||||
{
|
}
|
||||||
s_push_layer(s, sec_hdr, 4 + 8);
|
else if (self->crypt_level > CRYPT_LEVEL_LOW)
|
||||||
}
|
{
|
||||||
else
|
s_push_layer(s, sec_hdr, 4 + 8);
|
||||||
{
|
}
|
||||||
}
|
else if (self->crypt_level)
|
||||||
|
{
|
||||||
|
s_push_layer(s, sec_hdr, 4);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1408,30 +1412,33 @@ xrdp_sec_send(struct xrdp_sec *self, struct stream *s, int chan)
|
|||||||
DEBUG((" in xrdp_sec_send"));
|
DEBUG((" in xrdp_sec_send"));
|
||||||
s_pop_layer(s, sec_hdr);
|
s_pop_layer(s, sec_hdr);
|
||||||
|
|
||||||
if (self->crypt_level == CRYPT_LEVEL_FIPS)
|
if (self->crypt_level > CRYPT_LEVEL_NONE)
|
||||||
{
|
{
|
||||||
LLOGLN(10, ("xrdp_sec_send: fips"));
|
if (self->crypt_level == CRYPT_LEVEL_FIPS)
|
||||||
out_uint32_le(s, SEC_ENCRYPT);
|
{
|
||||||
datalen = (int)((s->end - s->p) - 12);
|
LLOGLN(10, ("xrdp_sec_send: fips"));
|
||||||
out_uint16_le(s, 16); /* crypto header size */
|
out_uint32_le(s, SEC_ENCRYPT);
|
||||||
out_uint8(s, 1); /* fips version */
|
datalen = (int)((s->end - s->p) - 12);
|
||||||
pad = (8 - (datalen % 8)) & 7;
|
out_uint16_le(s, 16); /* crypto header size */
|
||||||
g_memset(s->end, 0, pad);
|
out_uint8(s, 1); /* fips version */
|
||||||
s->end += pad;
|
pad = (8 - (datalen % 8)) & 7;
|
||||||
out_uint8(s, pad); /* fips pad */
|
g_memset(s->end, 0, pad);
|
||||||
xrdp_sec_fips_sign(self, s->p, 8, s->p + 8, datalen);
|
s->end += pad;
|
||||||
xrdp_sec_fips_encrypt(self, s->p + 8, datalen + pad);
|
out_uint8(s, pad); /* fips pad */
|
||||||
}
|
xrdp_sec_fips_sign(self, s->p, 8, s->p + 8, datalen);
|
||||||
else if (self->crypt_level > CRYPT_LEVEL_LOW)
|
xrdp_sec_fips_encrypt(self, s->p + 8, datalen + pad);
|
||||||
{
|
}
|
||||||
out_uint32_le(s, SEC_ENCRYPT);
|
else if (self->crypt_level > CRYPT_LEVEL_LOW)
|
||||||
datalen = (int)((s->end - s->p) - 8);
|
{
|
||||||
xrdp_sec_sign(self, s->p, 8, s->p + 8, datalen);
|
out_uint32_le(s, SEC_ENCRYPT);
|
||||||
xrdp_sec_encrypt(self, s->p + 8, datalen);
|
datalen = (int)((s->end - s->p) - 8);
|
||||||
}
|
xrdp_sec_sign(self, s->p, 8, s->p + 8, datalen);
|
||||||
else
|
xrdp_sec_encrypt(self, s->p + 8, datalen);
|
||||||
{
|
}
|
||||||
// out_uint32_le(s, 0);
|
else
|
||||||
|
{
|
||||||
|
out_uint32_le(s, 0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (xrdp_mcs_send(self->mcs_layer, s, chan) != 0)
|
if (xrdp_mcs_send(self->mcs_layer, s, chan) != 0)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user