[core,server] decrease logging verbosity

2023-05-22 21:02:44 +02:00 · 2023-05-22 21:02:44 +02:00 · da38ca3254
commit da38ca3254
parent a433e1b761
3 changed files with 74 additions and 64 deletions
--- a/libfreerdp/core/connection.c
+++ b/libfreerdp/core/connection.c
@ -1384,15 +1384,15 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
 		return FALSE;

 	RequestedProtocols = nego_get_requested_protocols(nego);
-	WLog_INFO(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
-	          (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0,
-	          (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
-	          (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
-	          (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0);
-	WLog_INFO(TAG,
-	          "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "",
-	          settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity,
-	          settings->RdpSecurity);
+	WLog_DBG(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
+	         (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0,
+	         (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
+	         (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
+	         (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0);
+	WLog_DBG(TAG,
+	         "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "",
+	         settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity,
+	         settings->RdpSecurity);

 	if ((settings->RdstlsSecurity) && (RequestedProtocols & PROTOCOL_RDSTLS))
 	{
@ -1442,11 +1442,11 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)

 	if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO))
 	{
-		WLog_INFO(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
-		          (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0,
-		          (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
-		          (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
-		          (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0);
+		WLog_DBG(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
+		         (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0,
+		         (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
+		         (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
+		         (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0);
 	}

 	if (!nego_set_selected_protocol(nego, SelectedProtocol))
@ -1491,8 +1491,8 @@ BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s)
 	if (!mcs_server_apply_to_settings(mcs, rdp->settings))
 		return FALSE;

-	WLog_INFO(TAG, "Accepted client: %s", rdp->settings->ClientHostname);
-	WLog_INFO(TAG, "Accepted channels:");
+	WLog_DBG(TAG, "Accepted client: %s", rdp->settings->ClientHostname);
+	WLog_DBG(TAG, "Accepted channels:");

 	WINPR_ASSERT(mcs->channels || (mcs->channelCount == 0));
 	for (UINT32 i = 0; i < mcs->channelCount; i++)
@ -1500,7 +1500,7 @@ BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s)
 		ADDIN_ARGV* arg;
 		rdpMcsChannel* cur = &mcs->channels[i];
 		const char* params[1] = { cur->Name };
-		WLog_INFO(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
+		WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
 		arg = freerdp_addin_argv_new(ARRAYSIZE(params), params);
 		if (!arg)
 			return FALSE;
--- a/libfreerdp/core/gcc.c
+++ b/libfreerdp/core/gcc.c
@ -1737,35 +1737,37 @@ BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs)
 		/* TLS/NLA is used: disable rdp style encryption */
 		settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
 	}
-
-	/* verify server encryption level value */
-	switch (settings->EncryptionLevel)
+	else
 	{
-		case ENCRYPTION_LEVEL_NONE:
-			WLog_INFO(TAG, "Active rdp encryption level: NONE");
-			break;
+		/* verify server encryption level value */
+		switch (settings->EncryptionLevel)
+		{
+			case ENCRYPTION_LEVEL_NONE:
+				WLog_INFO(TAG, "Active rdp encryption level: NONE");
+				break;

-		case ENCRYPTION_LEVEL_FIPS:
-			WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant");
-			break;
+			case ENCRYPTION_LEVEL_FIPS:
+				WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant");
+				break;

-		case ENCRYPTION_LEVEL_HIGH:
-			WLog_INFO(TAG, "Active rdp encryption level: HIGH");
-			break;
+			case ENCRYPTION_LEVEL_HIGH:
+				WLog_INFO(TAG, "Active rdp encryption level: HIGH");
+				break;

-		case ENCRYPTION_LEVEL_LOW:
-			WLog_INFO(TAG, "Active rdp encryption level: LOW");
-			break;
+			case ENCRYPTION_LEVEL_LOW:
+				WLog_INFO(TAG, "Active rdp encryption level: LOW");
+				break;

-		case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
-			WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE");
-			break;
+			case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
+				WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE");
+				break;

-		default:
-			WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "",
-			         settings->EncryptionLevel);
-			WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE");
-			settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
+			default:
+				WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "",
+				         settings->EncryptionLevel);
+				WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE");
+				settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
+		}
 	}

 	/* choose rdp encryption method based on server level and client methods */
@ -1825,31 +1827,34 @@ BOOL gcc_write_server_security_data(wStream* s, rdpMcs* mcs)
 	}

 	/* log selected encryption method */
-	switch (settings->EncryptionMethods)
+	if (settings->UseRdpSecurityLayer)
 	{
-		case ENCRYPTION_METHOD_NONE:
-			WLog_INFO(TAG, "Selected rdp encryption method: NONE");
-			break;
+		switch (settings->EncryptionMethods)
+		{
+			case ENCRYPTION_METHOD_NONE:
+				WLog_INFO(TAG, "Selected rdp encryption method: NONE");
+				break;

-		case ENCRYPTION_METHOD_40BIT:
-			WLog_INFO(TAG, "Selected rdp encryption method: 40BIT");
-			break;
+			case ENCRYPTION_METHOD_40BIT:
+				WLog_INFO(TAG, "Selected rdp encryption method: 40BIT");
+				break;

-		case ENCRYPTION_METHOD_56BIT:
-			WLog_INFO(TAG, "Selected rdp encryption method: 56BIT");
-			break;
+			case ENCRYPTION_METHOD_56BIT:
+				WLog_INFO(TAG, "Selected rdp encryption method: 56BIT");
+				break;

-		case ENCRYPTION_METHOD_128BIT:
-			WLog_INFO(TAG, "Selected rdp encryption method: 128BIT");
-			break;
+			case ENCRYPTION_METHOD_128BIT:
+				WLog_INFO(TAG, "Selected rdp encryption method: 128BIT");
+				break;

-		case ENCRYPTION_METHOD_FIPS:
-			WLog_INFO(TAG, "Selected rdp encryption method: FIPS");
-			break;
+			case ENCRYPTION_METHOD_FIPS:
+				WLog_INFO(TAG, "Selected rdp encryption method: FIPS");
+				break;

-		default:
-			WLog_ERR(TAG, "internal error: unknown encryption method");
-			return FALSE;
+			default:
+				WLog_ERR(TAG, "internal error: unknown encryption method");
+				return FALSE;
+		}
 	}

 	const size_t posHeader = Stream_GetPosition(s);
--- a/libfreerdp/core/peer.c
+++ b/libfreerdp/core/peer.c
@ -256,13 +256,18 @@ static BOOL freerdp_peer_initialize(freerdp_peer* client)
 		return FALSE;
 	}

-	if (!freerdp_certificate_is_rdp_security_compatible(cert))
+	if (freerdp_settings_get_bool(settings, FreeRDP_RdpSecurity))
 	{
-		if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
-			return FALSE;
-		if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE))
-			return FALSE;
+
+		if (!freerdp_certificate_is_rdp_security_compatible(cert))
+		{
+			if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
+				return FALSE;
+			if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE))
+				return FALSE;
+		}
 	}
+
 	if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_INITIAL))
 		return FALSE;