added option to set rdp crypto level to none

ulab-next-nosound
Jay Sorg 10 years ago
parent 821bf3e2a5
commit ffed349875

@ -76,7 +76,11 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info)
} }
else if (g_strcasecmp(item, "crypt_level") == 0) else if (g_strcasecmp(item, "crypt_level") == 0)
{ {
if (g_strcasecmp(value, "low") == 0) if (g_strcasecmp(value, "none") == 0)
{
client_info->crypt_level = 0;
}
else if (g_strcasecmp(value, "low") == 0)
{ {
client_info->crypt_level = 1; client_info->crypt_level = 1;
} }

@ -1779,9 +1779,22 @@ xrdp_sec_process_mcs_data_CS_SECURITY(struct xrdp_sec *self, struct stream* s)
found = 1; found = 1;
} }
} }
if ((found == 0) &&
(self->crypt_level == CRYPT_LEVEL_NONE))
{
if (crypt_method == CRYPT_METHOD_NONE)
{
g_writeln(" client and server support none crypt, using "
"none crypt");
self->crypt_method = CRYPT_METHOD_NONE;
self->crypt_level = CRYPT_LEVEL_NONE;
found = 1;
}
}
if (found == 0) if (found == 0)
{ {
g_writeln(" no security"); g_writeln(" can not find client / server agreed encryption method");
return 1;
} }
return 0; return 0;
} }
@ -2069,6 +2082,10 @@ xrdp_sec_init_rdp_security(struct xrdp_sec *self)
{ {
switch (self->rdp_layer->client_info.crypt_level) switch (self->rdp_layer->client_info.crypt_level)
{ {
case 0: /* none */
self->crypt_method = CRYPT_METHOD_NONE;
self->crypt_level = CRYPT_LEVEL_NONE;
break;
case 1: /* low */ case 1: /* low */
self->crypt_method = CRYPT_METHOD_40BIT; self->crypt_method = CRYPT_METHOD_40BIT;
self->crypt_level = CRYPT_LEVEL_LOW; self->crypt_level = CRYPT_LEVEL_LOW;

@ -8,6 +8,8 @@ port=3389
allow_channels=true allow_channels=true
max_bpp=32 max_bpp=32
fork=yes fork=yes
# minimum security level allowed for client
# can be 'none', 'low', 'medium', 'high', 'fips'
crypt_level=high crypt_level=high
# security layer can be 'tls', 'rdp' or 'negotiate' # security layer can be 'tls', 'rdp' or 'negotiate'
# for client compatible layer # for client compatible layer

Loading…
Cancel
Save