Merge pull request #61 from ArvidNorr/channelblock

Comments,debug added. Fix for potential vulnerability in log.c
12 years ago · 4006260317
parent 6c2c4a9b11 fe69d2f07b
commit 4006260317
5 changed files with 28 additions and 25 deletions
--- a/common/log.c
+++ b/common/log.c
@ -617,7 +617,7 @@ log_message(const enum logLevels lvl, const char *msg, ...)
    if (lvl <= staticLogConfig->log_level)
    {
        /* log to console */
-        g_printf(buff);
+        g_printf("%s", buff);
        /* log to application logfile */
 #ifdef LOG_ENABLE_THREAD
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@ -114,17 +114,17 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
            }
            else
            {
-                g_writeln("Warning: Your configured crypt level is"
+                log_message(LOG_LEVEL_ALWAYS,"Warning: Your configured crypt level is"
                          "undefined 'high' will be used");
                client_info->crypt_level = 3;
            }
        }
-        else if (g_strcasecmp(item, "channel_code") == 0)
+        else if (g_strcasecmp(item, "allow_channels") == 0)
        {
            client_info->channel_code = text2bool(value);
            if (client_info->channel_code == 0)
            {
-                g_writeln("Info: All channels are disabled");
+                log_message(LOG_LEVEL_DEBUG,"Info - All channels are disabled");
            }
        }
        else if (g_strcasecmp(item, "max_bpp") == 0)
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@ -19,6 +19,7 @@
 */
 #include "libxrdp.h"
 #include "log.h"
 /* some compilers need unsigned char to avoid warnings */
 static tui8 g_pad_54[40] =
@ -1056,7 +1057,7 @@ xrdp_sec_incoming(struct xrdp_sec *self)
    if (file_by_name_read_section(key_file, "keys", items, values) != 0)
    {
        /* this is a show stopper */
-        g_writeln("xrdp_sec_incoming: error reading %s file", key_file);
+        log_message(LOG_LEVEL_ALWAYS,"XRDP cannot read file: %s (check permissions)", key_file);
        list_delete(items);
        list_delete(values);
        return 1;
--- a/xrdp/xrdp.ini
+++ b/xrdp/xrdp.ini
@ -4,7 +4,7 @@ bitmap_cache=yes
 bitmap_compression=yes
 port=3389
 crypt_level=low
-channel_code=1
+allow_channels=true
 max_bpp=24
 fork=yes
 # regulate if the listening socket use socket option tcp_nodelay
@ -40,6 +40,8 @@ SyslogLevel=DEBUG
 # You can block any channel by setting its value to false.
 # IMPORTANT! All channels are not supported in all use
 # cases even if you set all values to true.
 # You can override these settings on each session type
 # These settings are only used if allow_channels=true
 rdpdr=true
 rdpsnd=true
 drdynvc=true
@ -104,10 +106,10 @@ ip=ask
 port=ask3389
 username=ask
 password=ask
-
+# You can override the common channel settings for each session type
-channel.rdpdr=true
+#channel.rdpdr=true
-channel.rdpsnd=true
+#channel.rdpsnd=true
-channel.drdynvc=true
+#channel.drdynvc=true
-channel.cliprdr=true
+#channel.cliprdr=true
-channel.rail=true
+#channel.rail=true
-channel.xrdpvr=true
+#channel.xrdpvr=true
--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@ -2174,8 +2174,7 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
 {
    int reply = 0; /*means not in the list*/
    int index;
-    char *val;
+    char *val;    
    char *name;
    index = find_name_in_lists(inName, names);
    if ( index >= 0 )
@ -2184,9 +2183,13 @@ is_channel_enabled(char *inName, struct list *names, struct list *values)
        reply = text2bool(val);
        if (reply == 0)
        {
-            log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", name);
+            log_message(LOG_LEVEL_INFO,"This channel is disabled: %s", inName);
        }
    }
    else
    {
        log_message(LOG_LEVEL_INFO,"This channel is disabled (not in List): %s", inName);
    }	
    return reply;
 }
@ -2212,7 +2215,8 @@ void init_channel_allowed(struct xrdp_wm *wm)
    names = list_create();
    values = list_create();
-
+    /* You can override the list of allowed channels individually for each 
     * session type. */
    if (   read_allowed_channel_names(names, values)
        && update_allowed_channel_names(wm, names, values) )
    {
@ -2226,13 +2230,13 @@ void init_channel_allowed(struct xrdp_wm *wm)
                /* examples of channel names: rdpdr ; rdpsnd ; drdynvc ; cliprdr */
                if (is_channel_enabled(channelname, names, values))
                {
-                    g_writeln("The following channel is allowed: %s (%d)", channelname, index);
+                    log_message(LOG_LEVEL_INFO,"The following channel is allowed: %s (%d)", channelname, index);
                    wm->allowedchannels[allowindex] = index;
                    allowindex++;
                    if (allowindex >= MAX_NR_CHANNELS)
                    {
-                        g_writeln("Programming error in is_channel_allowed");
+                        log_message(LOG_LEVEL_ALWAYS,"Programming error in is_channel_allowed");
                        error = 1; /* end loop */
                    }
                }
@ -2268,7 +2272,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
    if (wm->allowedinitialized == 0)
    {
        init_channel_allowed(wm);
-        g_writeln("allow channel list initialized");
+        log_message(LOG_LEVEL_DEBUG,"The allow channel list now initialized for this session");
        wm->allowedinitialized = 1;
    }
@ -2287,11 +2291,7 @@ int DEFAULT_CC is_channel_allowed(struct xrdp_wm *wm, int channel_id)
            break;
        }
    }
-
+    
    /*if (reply == 0)
    {
      g_writeln("This channel is NOT allowed: %d",channel_id) ;
    }*/
    return reply;
 }