From d73f20499e9b345b84c7ed4a088fed8d2e5facda Mon Sep 17 00:00:00 2001 From: Pavel Roskin Date: Mon, 28 Nov 2016 00:04:54 -0800 Subject: Log the result of the security level negotiation --- libxrdp/xrdp_iso.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'libxrdp/xrdp_iso.c') diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index fa7a3f1a..b903bb4d 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -20,6 +20,7 @@ */ #include "libxrdp.h" +#include "log.h" #define LOG_LEVEL 1 #define LLOG(_level, _args) \ @@ -109,8 +110,8 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self) break; } - LLOGLN(10, ("xrdp_iso_negotiate_security: server security layer %d , client security layer %d", - self->selectedProtocol, self->requestedProtocol)); + log_message(LOG_LEVEL_DEBUG, "Security layer: requested %d, selected %d", + self->requestedProtocol, self->selectedProtocol); return rv; } -- cgit v1.2.3 From d3c36b03761380f173ca691afb39e82179af11a9 Mon Sep 17 00:00:00 2001 From: Pavel Roskin Date: Mon, 28 Nov 2016 00:12:01 -0800 Subject: Don't select SSL protocol if no keys, fall back to RDP for "hybrid" If both the client and the server are configured to allow both RDP and SSL connections, the server is free to choose RDP in absense of the SSL keys. --- libxrdp/xrdp_iso.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'libxrdp/xrdp_iso.c') diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index b903bb4d..b89e1616 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -98,7 +98,9 @@ xrdp_iso_negotiate_security(struct xrdp_iso *self) case PROTOCOL_HYBRID: case PROTOCOL_HYBRID_EX: default: - if (self->requestedProtocol & PROTOCOL_SSL) + if ((self->requestedProtocol & PROTOCOL_SSL) && + g_file_exist(client_info->certificate) && + g_file_exist(client_info->key_file)) { /* that's a patch since we don't support CredSSP for now */ self->selectedProtocol = PROTOCOL_SSL; -- cgit v1.2.3