Comments and debug when blocking channels added. Fix for potential vulnerability in log.c
This commit is contained in:
parent
6c2c4a9b11
commit
fe69d2f07b
@ -617,7 +617,7 @@ log_message(const enum logLevels lvl, const char *msg, ...)
|
||||
if (lvl <= staticLogConfig->log_level)
|
||||
{
|
||||
/* log to console */
|
||||
g_printf(buff);
|
||||
g_printf("%s", buff);
|
||||
|
||||
/* log to application logfile */
|
||||
#ifdef LOG_ENABLE_THREAD
|
||||
|
@ -114,17 +114,17 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
|
||||
}
|
||||
else
|
||||
{
|
||||
g_writeln("Warning: Your configured crypt level is"
|
||||
log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured crypt level is"
|
||||
"undefined 'high' will be used");
|
||||
client_info->crypt_level = 3;
|
||||
}
|
||||
}
|
||||
else if (g_strcasecmp(item, "channel_code") == 0)
|
||||
else if (g_strcasecmp(item, "allow_channels") == 0)
|
||||
{
|
||||
client_info->channel_code = text2bool(value);
|
||||
if (client_info->channel_code == 0)
|
||||
{
|
||||
g_writeln("Info: All channels are disabled");
|
||||
log_message(LOG_LEVEL_DEBUG,"Info - All channels are disabled");
|
||||
}
|
||||
}
|
||||
else if (g_strcasecmp(item, "max_bpp") == 0)
|
||||
|
@ -19,6 +19,7 @@
|
||||
*/
|
||||
|
||||
#include "libxrdp.h"
|
||||
#include "log.h"
|
||||
|
||||
/* some compilers need unsigned char to avoid warnings */
|
||||
static tui8 g_pad_54[40] =
|
||||
@ -1056,7 +1057,7 @@ xrdp_sec_incoming(struct xrdp_sec *self)
|
||||
if (file_by_name_read_section(key_file, "keys", items, values) != 0)
|
||||
{
|
||||
/* this is a show stopper */
|
||||
g_writeln("xrdp_sec_incoming: error reading %s file", key_file);
|
||||
log_message(LOG_LEVEL_ALWAYS,"XRDP cannot read file: %s (check permissions)", key_file);
|
||||
list_delete(items);
|
||||
list_delete(values);
|
||||
return 1;
|
||||
|
@ -4,7 +4,7 @@ bitmap_cache=yes
|
||||
bitmap_compression=yes
|
||||
port=3389
|
||||
crypt_level=low
|
||||
channel_code=1
|
||||
allow_channels=true
|
||||
max_bpp=24
|
||||
fork=yes
|
||||
# regulate if the listening socket use socket option tcp_nodelay
|
||||
@ -40,6 +40,8 @@ SyslogLevel=DEBUG
|
||||
# You can block any channel by setting its value to false.
|
||||
# IMPORTANT! All channels are not supported in all use
|
||||
# cases even if you set all values to true.
|
||||
# You can override these settings on each session type
|
||||
# These settings are only used if allow_channels=true
|
||||
rdpdr=true
|
||||
rdpsnd=true
|
||||
drdynvc=true
|
||||
@ -104,10 +106,10 @@ ip=ask
|
||||
port=ask3389
|
||||
username=ask
|
||||
password=ask
|
||||
|
||||
channel.rdpdr=true
|
||||
channel.rdpsnd=true
|
||||
channel.drdynvc=true
|
||||
channel.cliprdr=true
|
||||
channel.rail=true
|
||||
channel.xrdpvr=true
|
||||
# You can override the common channel settings for each session type
|
||||
#channel.rdpdr=true
|
||||
#channel.rdpsnd=true
|
||||
#channel.drdynvc=true
|
||||
#channel.cliprdr=true
|
||||
#channel.rail=true
|
||||
#channel.xrdpvr=true
|
||||
|
@ -2175,7 +2175,6 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
|
||||
int reply = 0; /*means not in the list*/
|
||||
int index;
|
||||
char *val;
|
||||
char *name;
|
||||
|
||||
index = find_name_in_lists(inName, names);
|
||||
if ( index >= 0 )
|
||||
@ -2184,9 +2183,13 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
|
||||
reply = text2bool(val);
|
||||
if (reply == 0)
|
||||
{
|
||||
log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", name);
|
||||
log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", inName);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
log_message(LOG_LEVEL_INFO,"This channel is disabled (not in List): %s", inName);
|
||||
}
|
||||
|
||||
return reply;
|
||||
}
|
||||
@ -2212,7 +2215,8 @@ void init_channel_allowed(struct xrdp_wm *wm)
|
||||
|
||||
names = list_create();
|
||||
values = list_create();
|
||||
|
||||
/* You can override the list of allowed channels individually for each
|
||||
* session type. */
|
||||
if ( read_allowed_channel_names(names, values)
|
||||
&& update_allowed_channel_names(wm, names, values) )
|
||||
{
|
||||
@ -2226,13 +2230,13 @@ void init_channel_allowed(struct xrdp_wm *wm)
|
||||
/* examples of channel names: rdpdr ; rdpsnd ; drdynvc ; cliprdr */
|
||||
if (is_channel_enabled(channelname, names, values))
|
||||
{
|
||||
g_writeln("The following channel is allowed: %s (%d)", channelname, index);
|
||||
log_message(LOG_LEVEL_INFO,"The following channel is allowed: %s (%d)", channelname, index);
|
||||
wm->allowedchannels[allowindex] = index;
|
||||
allowindex++;
|
||||
|
||||
if (allowindex >= MAX_NR_CHANNELS)
|
||||
{
|
||||
g_writeln("Programming error in is_channel_allowed");
|
||||
log_message(LOG_LEVEL_ALWAYS,"Programming error in is_channel_allowed");
|
||||
error = 1; /* end loop */
|
||||
}
|
||||
}
|
||||
@ -2268,7 +2272,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
|
||||
if (wm->allowedinitialized == 0)
|
||||
{
|
||||
init_channel_allowed(wm);
|
||||
g_writeln("allow channel list initialized");
|
||||
log_message(LOG_LEVEL_DEBUG,"The allow channel list now initialized for this session");
|
||||
wm->allowedinitialized = 1;
|
||||
}
|
||||
|
||||
@ -2288,10 +2292,6 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
|
||||
}
|
||||
}
|
||||
|
||||
/*if (reply == 0)
|
||||
{
|
||||
g_writeln("This channel is NOT allowed: %d",channel_id) ;
|
||||
}*/
|
||||
return reply;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user