mirrors/xrdp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3,239 Commits 9 Branches 44 Tags 20 MiB
5f4130805f
Commit Graph

547 Commits

Author SHA1 Message Date
speidy
a432969746 common: ssl_calls: add support for OpenSSL>=1.1.0 API for DH keys 
also fixes some memory leak introduced in PR#1024.
and adds a check that DH params generated successfully. write a proper log message if not.
 2018-03-22 02:20:47 +02:00
speidy
8effc09ab7 common: ssl_calls: check if SSL object created right after its creation. 2018-03-21 08:16:12 +02:00
Koichiro IWAO
e3d0fd6d46
common: temporarily disable DHE 
until make it possible to use generated DH parameters per installation.
 2018-03-18 21:14:06 +09:00
Koichiro IWAO
1690950cc8
common: regenerate dhparam 
Generated by: openssl dhparam -C 2236
 2018-03-01 13:48:22 +09:00
Koichiro IWAO
578d23477c
common: obey coding style, remove trailing space 2018-03-01 12:11:52 +09:00
Enrico Tagliavini
70b5adb396 add support for DHE ciphers via compiled in dhparam 
make it possible to use regular (non EC) EDH ciphers. To make this
possible a Diffie-Hellman parameter must be passed to the openssl
library. There are a few options possible as described in the manuals at
[1] and [2]. Simplest approach is to generate a DH parameter using
openssl dhparam -C <lenght> and include the code into the application.
The lenght used for this commit is 2236 bits long, which is the longest
possible without risking backward incompatibilities with old systems as
stated in [1]. Newer systems should use ECDH anyway, so it makes sense
to keep this method as compatible with older system as possible.
Paramters longer than 2048 should still be secure enough at the time of
writing.

[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3)
 2018-03-01 09:57:35 +09:00
Enrico Tagliavini
6cdc0f31b0 enable automatic ECDH when possible (openssl 1.0.2) 
Openssl 1.1.0 and later are enabling ECDH automatically, but for older
version it must be enabled explicitly or all Perfect Forward Secrecy
ciphers will be silently ignored. See also [1]. This commit applies the
same fix as found in CnetOS 7 httpd package to enable automatic ECDH as
found in [2].

[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://git.centos.org/blob/rpms!httpd.git/c7/SOURCES!httpd-2.4.6-ssl-ecdh-auto.patch
 2018-03-01 09:57:35 +09:00
Koichiro IWAO
793a418cfb
common: log what value is set to tls_ciphers 
Related to #1033.
 2018-02-20 13:13:37 +09:00
Koichiro IWAO
3da4d72323
common: quit using ! as comment out symbol in config files 
It is not used anywhere in default config. Some config like
`tls_ciphers` might contain `!` like this:

    tls_ciphers=FIPS:!aNULL:!eNULL

Fixes #1033.
 2018-02-20 13:13:34 +09:00
daixj
31ef2552c4 log: revert permission 2018-02-13 16:44:37 +09:00
daixj
ea6bb62410 log: fix fd checking 2018-02-13 16:44:37 +09:00
daixj
551bb185c5 log: remove unused code and fix potential memory leak 2018-02-13 16:44:37 +09:00
Koichiro IWAO
577bd8214f common: add more capset constants 
defined at MS-RDPBCGR 2.2.1.13.1.1.1 [1] and sort

[1] https://msdn.microsoft.com/en-us/library/cc240486.aspx
 2017-12-01 11:20:42 +09:00
Koichiro IWAO
77a34e0a7b common: express capability set constants in hex 
as same as done in  MS-RDPBCGR 2.2.1.13.1.1.1 [1].

[1] https://msdn.microsoft.com/en-us/library/cc240486.aspx
 2017-12-01 11:20:42 +09:00
Koichiro IWAO
788ae1467a xrdp_sec: constify color depth value 2017-12-01 11:20:42 +09:00
Koichiro IWAO
d0c27a2904 common: suppress log when closing log files 
because if xrdp is running 'fork=yes' mode, the log message
'shutting down log subsystem...' is logged everytime when the child
process is exitting. In other words, everytime when clients are
disconnecting.  This is a little bit too vebose.
 2017-11-30 15:13:18 +09:00
Koichiro IWAO
3de3a4fab5 common: add more references to constants' origin 
classify constants into these 5 types

* constants for xrdp
* constants come from ITU-T Recommendations
* constants come from Remote Desktop Protocol
* constants come from other MS products
* unclassified yet
 2017-11-24 21:45:48 +09:00
Koichiro IWAO
799c230998 common: add references to constants' origin 2017-11-24 21:45:48 +09:00
Jay Sorg
a9eb21e6d7 common: avoid 100% cpu on ssl accept, can be fake client 2017-11-22 16:17:34 -08:00
Justin Terry (VM)
d7d14d7462 Implements the accept/close logic for vsock 2017-11-17 20:23:20 -08:00
Jay Sorg
bc48578a90 remove crc16.h from common/Makefile.am 2017-11-09 21:13:53 -08:00
Jay Sorg
54285d26dd remove empty crc16.h file 2017-11-09 21:13:53 -08:00
Jay Sorg
285465a1f5 common, return -1 for bad socket 2017-11-07 18:20:45 -08:00
Jay Sorg
c6c513b23c use g_memcpy, braces 2017-11-07 18:20:45 -08:00
Jay Sorg
26507644e3 vsock, move some defines 2017-11-07 18:20:45 -08:00
Justin Terry (VM)
50bd624cc4 Implements XRDP over vsock 
1. Implements the ability to use AV_VSOCK for the transport rather than TCP.
2. Updates the ini file to be able to conditionally turn this feature on.
 2017-11-07 18:20:45 -08:00
Koichiro IWAO
a6fd518a48 fix typo s/Roration/Rotation/ 2017-11-06 16:18:42 +09:00
Koichiro IWAO
2475893402 Constify extended mouse events 2017-11-06 16:18:42 +09:00
Koichiro IWAO
27aef96e81 Constify mouse event flags, use the MS name for constants 2017-11-06 16:18:42 +09:00
Koichiro IWAO
4a2818e183 Add some more Input Capability Set constants 2017-11-06 16:18:42 +09:00
Koichiro IWAO
2411a0be14 log: add log level TRACE 
TRACE means more verbose than DEBUG. syslog doesn't have more verbose
level than DEBUG, map TRACE to DEBUG for syslog.
 2017-10-13 15:09:33 +09:00
Koichiro IWAO
00bf62bd42 common: prevent raw use of snprintf 2017-10-03 21:55:08 +09:00
Koichiro IWAO
ced3a4817f xrdp: constify input event type 2017-10-02 09:39:48 +09:00
Koichiro IWAO
f9ab4df7f2 common: fix g_write_ip_address() didn't return correct IP address 
Fixes: #878.
 2017-09-26 10:54:08 +09:00
Jay Sorg
021a78f4c6 chansrv: sound, use WAVE_FORMAT_AAC not WAVE_FORMAT_AAC_MS 2017-08-04 17:24:57 -07:00
Jay Sorg
bf0d56c314 chansrv: sound, add aac 2017-08-04 17:24:57 -07:00
Koichiro IWAO
4d14f344fd fix indent, no logic change 2017-08-01 08:40:30 +09:00
Koichiro IWAO
04187945a8 move base64 functions to base64.c 2017-08-01 08:40:30 +09:00
Koichiro IWAO
eae5cdf1fd pass through except for the first '=' 
if "foo=ba=r" is found in ini files, it should be parsed like this.
      key : foo
    value : ba=r
 2017-08-01 08:40:30 +09:00
Koichiro IWAO
d57e02626d add base64_decode function 2017-08-01 08:40:30 +09:00
Koichiro IWAO
dbaf23e93b chansrv: constify wFormatTag 2017-07-25 11:40:04 +09:00
Ian Geiser
324a334315 append a / to ensure the full path is created even when the config variable lacks a trailing / 2017-07-19 10:35:37 +09:00
Koichiro IWAO
aa0721a90e common: fix more glitches in IPv4 initialization 2017-07-14 21:21:15 +09:00
Ian Geiser
4b87548b71 Use g_create_path instead of g_create_dir 
Rename g_mk_temp_dir to g_mk_socket_path
 2017-07-14 20:52:38 +09:00
Koichiro IWAO
8d5010a202 common: use log_message 2017-07-13 13:41:26 +09:00
Koichiro IWAO
8c74fcb80c common: fix a glitch with IPv4 struct initialization 
Pointed out by: andrecbarros
Closes: #803
 2017-07-10 11:58:10 +09:00
Koichiro IWAO
aa4b90d250 Change log level DEBUG -> WARNING 
since unavailability of ssl protocols defined in config file
may weaken security and it is important for users.
 2017-07-06 13:14:27 +09:00
Koichiro IWAO
455c341efc Reword log messages in ssl_get_protocols_from_string() 2017-07-06 13:14:27 +09:00
Jay Sorg
8d63c32899 move openssl calls to common/libssl.c, check for defines 2017-06-22 11:47:48 +09:00
Koichiro IWAO
088bd2d811 common: implement g_file_readable for WIN32 2017-06-12 16:57:04 +09:00