added medium and high rdp encryption via xrdp.ini
This commit is contained in:
jsorg71
parent
ab61191620
commit
8fd2618101
@ -75,8 +75,9 @@ struct xrdp_sec
|
||||
char encrypt_key[16];
|
||||
char decrypt_update_key[16];
|
||||
char encrypt_update_key[16];
|
||||
int rc4_key_size;
|
||||
int rc4_key_len;
|
||||
int rc4_key_size; /* 1 = 40 bit, 2 = 128 bit */
|
||||
int rc4_key_len; /* 8 = 40 bit, 16 = 128 bit */
|
||||
int crypt_level; /* 1, 2, 3 = low, meduim, high */
|
||||
char sign_key[16];
|
||||
void* decrypt_rc4_info;
|
||||
void* encrypt_rc4_info;
|
||||
@ -230,7 +231,7 @@ xrdp_mcs_disconnect(struct xrdp_mcs* self);
|
||||
|
||||
/* xrdp_sec.c */
|
||||
struct xrdp_sec* APP_CC
|
||||
xrdp_sec_create(struct xrdp_rdp* owner, int sck);
|
||||
xrdp_sec_create(struct xrdp_rdp* owner, int sck, int crypt_level);
|
||||
void APP_CC
|
||||
xrdp_sec_delete(struct xrdp_sec* self);
|
||||
int APP_CC
|
||||
@ -238,7 +239,7 @@ xrdp_sec_init(struct xrdp_sec* self, struct stream* s);
|
||||
int APP_CC
|
||||
xrdp_sec_recv(struct xrdp_sec* self, struct stream* s, int* chan);
|
||||
int APP_CC
|
||||
xrdp_sec_send(struct xrdp_sec* self, struct stream* s, int flags);
|
||||
xrdp_sec_send(struct xrdp_sec* self, struct stream* s);
|
||||
int APP_CC
|
||||
xrdp_sec_incoming(struct xrdp_sec* self);
|
||||
int APP_CC
|
||||
|
||||
@ -56,6 +56,7 @@ struct xrdp_client_info
|
||||
char directory[256];
|
||||
int rdp_compression;
|
||||
int rdp_autologin;
|
||||
int crypt_level; /* 1, 2, 3 = low, medium, high */
|
||||
};
|
||||
|
||||
struct xrdp_brush
|
||||
|
||||
@ -87,6 +87,21 @@ xrdp_rdp_read_config(struct xrdp_client_info* client_info)
|
||||
client_info->use_bitmap_comp = 1;
|
||||
}
|
||||
}
|
||||
else if (g_strncasecmp(item, "crypt_level", 255) == 0)
|
||||
{
|
||||
if (g_strncasecmp(value, "low", 255) == 0)
|
||||
{
|
||||
client_info->crypt_level = 1;
|
||||
}
|
||||
else if (g_strncasecmp(value, "medium", 255) == 0)
|
||||
{
|
||||
client_info->crypt_level = 2;
|
||||
}
|
||||
else if (g_strncasecmp(value, "high", 255) == 0)
|
||||
{
|
||||
client_info->crypt_level = 3;
|
||||
}
|
||||
}
|
||||
}
|
||||
list_delete(items);
|
||||
list_delete(values);
|
||||
@ -104,9 +119,10 @@ xrdp_rdp_create(struct xrdp_session* session, int sck)
|
||||
self = (struct xrdp_rdp*)g_malloc(sizeof(struct xrdp_rdp), 1);
|
||||
self->session = session;
|
||||
self->share_id = 66538;
|
||||
self->sec_layer = xrdp_sec_create(self, sck);
|
||||
/* read ini settings */
|
||||
xrdp_rdp_read_config(&self->client_info);
|
||||
/* create sec layer */
|
||||
self->sec_layer = xrdp_sec_create(self, sck, self->client_info.crypt_level);
|
||||
/* default 8 bit v1 color bitmap cache entries and size */
|
||||
self->client_info.cache1_entries = 600;
|
||||
self->client_info.cache1_size = 256;
|
||||
@ -221,7 +237,7 @@ xrdp_rdp_send(struct xrdp_rdp* self, struct stream* s, int pdu_type)
|
||||
out_uint16_le(s, len);
|
||||
out_uint16_le(s, 0x10 | pdu_type);
|
||||
out_uint16_le(s, self->mcs_channel);
|
||||
if (xrdp_sec_send(self->sec_layer, s, 0) != 0)
|
||||
if (xrdp_sec_send(self->sec_layer, s) != 0)
|
||||
{
|
||||
DEBUG(("out xrdp_rdp_send error\r\n"));
|
||||
return 1;
|
||||
@ -250,7 +266,7 @@ xrdp_rdp_send_data(struct xrdp_rdp* self, struct stream* s,
|
||||
out_uint8(s, data_pdu_type);
|
||||
out_uint8(s, 0);
|
||||
out_uint16_le(s, 0);
|
||||
if (xrdp_sec_send(self->sec_layer, s, 0) != 0)
|
||||
if (xrdp_sec_send(self->sec_layer, s) != 0)
|
||||
{
|
||||
DEBUG(("out xrdp_rdp_send_data error\r\n"));
|
||||
return 1;
|
||||
|
||||
@ -169,7 +169,7 @@ hex_str_to_bin(char* in, char* out, int out_len)
|
||||
|
||||
/*****************************************************************************/
|
||||
struct xrdp_sec* APP_CC
|
||||
xrdp_sec_create(struct xrdp_rdp* owner, int sck)
|
||||
xrdp_sec_create(struct xrdp_rdp* owner, int sck, int crypt_level)
|
||||
{
|
||||
struct xrdp_sec* self;
|
||||
struct list* items;
|
||||
@ -181,7 +181,23 @@ xrdp_sec_create(struct xrdp_rdp* owner, int sck)
|
||||
|
||||
self = (struct xrdp_sec*)g_malloc(sizeof(struct xrdp_sec), 1);
|
||||
self->rdp_layer = owner;
|
||||
self->rc4_key_size = 1;
|
||||
self->rc4_key_size = 1; /* 1 = 40 bit, 2 = 128 bit */
|
||||
self->crypt_level = 1; /* 1, 2, 3 = low, medium, high */
|
||||
switch (crypt_level)
|
||||
{
|
||||
case 1:
|
||||
self->rc4_key_size = 1;
|
||||
self->crypt_level = 1;
|
||||
break;
|
||||
case 2:
|
||||
self->rc4_key_size = 1;
|
||||
self->crypt_level = 2;
|
||||
break;
|
||||
case 3:
|
||||
self->rc4_key_size = 2;
|
||||
self->crypt_level = 3;
|
||||
break;
|
||||
}
|
||||
self->decrypt_rc4_info = ssl_rc4_info_create();
|
||||
self->encrypt_rc4_info = ssl_rc4_info_create();
|
||||
g_random(self->server_random, 32);
|
||||
@ -248,7 +264,14 @@ xrdp_sec_init(struct xrdp_sec* self, struct stream* s)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
s_push_layer(s, sec_hdr, 4);
|
||||
if (self->crypt_level > 1)
|
||||
{
|
||||
s_push_layer(s, sec_hdr, 4 + 8);
|
||||
}
|
||||
else
|
||||
{
|
||||
s_push_layer(s, sec_hdr, 4);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -314,6 +337,22 @@ xrdp_sec_decrypt(struct xrdp_sec* self, char* data, int len)
|
||||
self->decrypt_use_count++;
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
static void APP_CC
|
||||
xrdp_sec_encrypt(struct xrdp_sec* self, char* data, int len)
|
||||
{
|
||||
if (self->encrypt_use_count == 4096)
|
||||
{
|
||||
xrdp_sec_update(self->encrypt_key, self->encrypt_update_key,
|
||||
self->rc4_key_len);
|
||||
ssl_rc4_set_key(self->encrypt_rc4_info, self->encrypt_key,
|
||||
self->rc4_key_len);
|
||||
self->encrypt_use_count = 0;
|
||||
}
|
||||
ssl_rc4_crypt(self->encrypt_rc4_info, data, len);
|
||||
self->encrypt_use_count++;
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
static int APP_CC
|
||||
unicode_in(struct stream* s, int uni_len, char* dst, int dst_len)
|
||||
@ -642,13 +681,24 @@ xrdp_sec_sign(struct xrdp_sec* self, char* out, int out_len,
|
||||
|
||||
/*****************************************************************************/
|
||||
/* returns error */
|
||||
/* TODO needs outgoing encryption */
|
||||
int APP_CC
|
||||
xrdp_sec_send(struct xrdp_sec* self, struct stream* s, int flags)
|
||||
xrdp_sec_send(struct xrdp_sec* self, struct stream* s)
|
||||
{
|
||||
int datalen;
|
||||
|
||||
DEBUG((" in xrdp_sec_send\r\n"));
|
||||
s_pop_layer(s, sec_hdr);
|
||||
out_uint32_le(s, flags);
|
||||
if (self->crypt_level > 1)
|
||||
{
|
||||
out_uint32_le(s, SEC_ENCRYPT);
|
||||
datalen = (s->end - s->p) - 8;
|
||||
xrdp_sec_sign(self, s->p, 8, s->p + 8, datalen);
|
||||
xrdp_sec_encrypt(self, s->p + 8, datalen);
|
||||
}
|
||||
else
|
||||
{
|
||||
out_uint32_le(s, 0);
|
||||
}
|
||||
if (xrdp_mcs_send(self->mcs_layer, s) != 0)
|
||||
{
|
||||
return 1;
|
||||
@ -698,8 +748,9 @@ xrdp_sec_out_mcs_data(struct xrdp_sec* self)
|
||||
out_uint8(p, 0);
|
||||
out_uint16_le(p, SEC_TAG_SRV_CRYPT);
|
||||
out_uint16_le(p, 0x00ec); /* len is 236 */
|
||||
out_uint32_le(p, 1); /* key len 1 = 40 bit 2 = 128 bit */
|
||||
out_uint32_le(p, 1); /* crypt level 1 = low 2 = medium 3 = high */
|
||||
out_uint32_le(p, self->rc4_key_size); /* key len 1 = 40 bit 2 = 128 bit */
|
||||
out_uint32_le(p, self->crypt_level); /* crypt level 1 = low 2 = medium */
|
||||
/* 3 = high */
|
||||
out_uint32_le(p, 32); /* 32 bytes random len */
|
||||
out_uint32_le(p, 0xb8); /* 184 bytes rsa info(certificate) len */
|
||||
out_uint8a(p, self->server_random, 32);
|
||||
|
||||
@ -3,6 +3,7 @@
|
||||
bitmap_cache=yes
|
||||
bitmap_compression=yes
|
||||
port=3389
|
||||
crypt_level=low
|
||||
|
||||
[xrdp1]
|
||||
name=sesman
|
||||
|
||||
Loading…
Reference in New Issue
Block a user