diff --git a/common/xrdp_client_info.h b/common/xrdp_client_info.h index aefc7119..43ff3f82 100644 --- a/common/xrdp_client_info.h +++ b/common/xrdp_client_info.h @@ -92,6 +92,7 @@ struct xrdp_client_info int use_bulk_comp; int pointer_flags; /* 0 color, 1 new, 2 no new */ int use_fast_path; + int require_credentials; /* when true, credentials *must* be passed on cmd line */ }; #endif diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 82ccdea0..93219968 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -135,6 +135,10 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) { client_info->pointer_flags = text2bool(value) == 0 ? 2 : 0; } + else if (g_strcasecmp(item, "require_credentials") == 0) + { + client_info->require_credentials = text2bool(value); + } } list_delete(items); diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index 54d5d0de..726fcde4 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -451,6 +451,8 @@ xrdp_sec_process_logon_info(struct xrdp_sec *self, struct stream *s) else { in_uint8s(s, len_password + 2); + if (self->rdp_layer->client_info.require_credentials) + return 1; /* credentials on cmd line is mandatory */ } unicode_in(s, len_program, self->rdp_layer->client_info.program, 255); diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index ea6576cb..8d97c0d3 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -24,6 +24,10 @@ tcp_keepalive=yes #background=626c72 #autorun=xrdp1 #hidelogwindow=yes + +# when true, userid/password *must* be passed on cmd line +# require_credentials=yes + #bulk_compression=yes # You can set the PAM error text in a gateway setup (MAX 256 chars) #pamerrortxt=change your password according to policy at http://url