Merge pull request #61 from ArvidNorr/channelblock

Comments,debug added. Fix for potential vulnerability in log.c
ulab-next
ArvidNorr 12 years ago
commit 4006260317

@ -617,7 +617,7 @@ log_message(const enum logLevels lvl, const char *msg, ...)
if (lvl <= staticLogConfig->log_level) if (lvl <= staticLogConfig->log_level)
{ {
/* log to console */ /* log to console */
g_printf(buff); g_printf("%s", buff);
/* log to application logfile */ /* log to application logfile */
#ifdef LOG_ENABLE_THREAD #ifdef LOG_ENABLE_THREAD

@ -114,17 +114,17 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
} }
else else
{ {
g_writeln("Warning: Your configured crypt level is" log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured crypt level is"
"undefined 'high' will be used"); "undefined 'high' will be used");
client_info->crypt_level = 3; client_info->crypt_level = 3;
} }
} }
else if (g_strcasecmp(item, "channel_code") == 0) else if (g_strcasecmp(item, "allow_channels") == 0)
{ {
client_info->channel_code = text2bool(value); client_info->channel_code = text2bool(value);
if (client_info->channel_code == 0) if (client_info->channel_code == 0)
{ {
g_writeln("Info: All channels are disabled"); log_message(LOG_LEVEL_DEBUG,"Info - All channels are disabled");
} }
} }
else if (g_strcasecmp(item, "max_bpp") == 0) else if (g_strcasecmp(item, "max_bpp") == 0)

@ -19,6 +19,7 @@
*/ */
#include "libxrdp.h" #include "libxrdp.h"
#include "log.h"
/* some compilers need unsigned char to avoid warnings */ /* some compilers need unsigned char to avoid warnings */
static tui8 g_pad_54[40] = static tui8 g_pad_54[40] =
@ -1056,7 +1057,7 @@ xrdp_sec_incoming(struct xrdp_sec *self)
if (file_by_name_read_section(key_file, "keys", items, values) != 0) if (file_by_name_read_section(key_file, "keys", items, values) != 0)
{ {
/* this is a show stopper */ /* this is a show stopper */
g_writeln("xrdp_sec_incoming: error reading %s file", key_file); log_message(LOG_LEVEL_ALWAYS,"XRDP cannot read file: %s (check permissions)", key_file);
list_delete(items); list_delete(items);
list_delete(values); list_delete(values);
return 1; return 1;

@ -4,7 +4,7 @@ bitmap_cache=yes
bitmap_compression=yes bitmap_compression=yes
port=3389 port=3389
crypt_level=low crypt_level=low
channel_code=1 allow_channels=true
max_bpp=24 max_bpp=24
fork=yes fork=yes
# regulate if the listening socket use socket option tcp_nodelay # regulate if the listening socket use socket option tcp_nodelay
@ -40,6 +40,8 @@ SyslogLevel=DEBUG
# You can block any channel by setting its value to false. # You can block any channel by setting its value to false.
# IMPORTANT! All channels are not supported in all use # IMPORTANT! All channels are not supported in all use
# cases even if you set all values to true. # cases even if you set all values to true.
# You can override these settings on each session type
# These settings are only used if allow_channels=true
rdpdr=true rdpdr=true
rdpsnd=true rdpsnd=true
drdynvc=true drdynvc=true
@ -104,10 +106,10 @@ ip=ask
port=ask3389 port=ask3389
username=ask username=ask
password=ask password=ask
# You can override the common channel settings for each session type
channel.rdpdr=true #channel.rdpdr=true
channel.rdpsnd=true #channel.rdpsnd=true
channel.drdynvc=true #channel.drdynvc=true
channel.cliprdr=true #channel.cliprdr=true
channel.rail=true #channel.rail=true
channel.xrdpvr=true #channel.xrdpvr=true

@ -2174,8 +2174,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
{ {
int reply = 0; /*means not in the list*/ int reply = 0; /*means not in the list*/
int index; int index;
char *val; char *val;
char *name;
index = find_name_in_lists(inName, names); index = find_name_in_lists(inName, names);
if ( index >= 0 ) if ( index >= 0 )
@ -2184,9 +2183,13 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
reply = text2bool(val); reply = text2bool(val);
if (reply == 0) if (reply == 0)
{ {
log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", name); log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", inName);
} }
} }
else
{
log_message(LOG_LEVEL_INFO,"This channel is disabled (not in List): %s", inName);
}
return reply; return reply;
} }
@ -2212,7 +2215,8 @@ void init_channel_allowed(struct xrdp_wm *wm)
names = list_create(); names = list_create();
values = list_create(); values = list_create();
/* You can override the list of allowed channels individually for each
* session type. */
if ( read_allowed_channel_names(names, values) if ( read_allowed_channel_names(names, values)
&& update_allowed_channel_names(wm, names, values) ) && update_allowed_channel_names(wm, names, values) )
{ {
@ -2226,13 +2230,13 @@ void init_channel_allowed(struct xrdp_wm *wm)
/* examples of channel names: rdpdr ; rdpsnd ; drdynvc ; cliprdr */ /* examples of channel names: rdpdr ; rdpsnd ; drdynvc ; cliprdr */
if (is_channel_enabled(channelname, names, values)) if (is_channel_enabled(channelname, names, values))
{ {
g_writeln("The following channel is allowed: %s (%d)", channelname, index); log_message(LOG_LEVEL_INFO,"The following channel is allowed: %s (%d)", channelname, index);
wm->allowedchannels[allowindex] = index; wm->allowedchannels[allowindex] = index;
allowindex++; allowindex++;
if (allowindex >= MAX_NR_CHANNELS) if (allowindex >= MAX_NR_CHANNELS)
{ {
g_writeln("Programming error in is_channel_allowed"); log_message(LOG_LEVEL_ALWAYS,"Programming error in is_channel_allowed");
error = 1; /* end loop */ error = 1; /* end loop */
} }
} }
@ -2268,7 +2272,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
if (wm->allowedinitialized == 0) if (wm->allowedinitialized == 0)
{ {
init_channel_allowed(wm); init_channel_allowed(wm);
g_writeln("allow channel list initialized"); log_message(LOG_LEVEL_DEBUG,"The allow channel list now initialized for this session");
wm->allowedinitialized = 1; wm->allowedinitialized = 1;
} }
@ -2287,11 +2291,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
break; break;
} }
} }
/*if (reply == 0)
{
g_writeln("This channel is NOT allowed: %d",channel_id) ;
}*/
return reply; return reply;
} }

Loading…
Cancel
Save