From 59ed125eedcfe36914ceec1f01224d56dc7cd3ac Mon Sep 17 00:00:00 2001 From: akallabeth Date: Mon, 8 Jan 2024 11:12:48 +0100 Subject: [PATCH] [server,proxy] add TlsSecLevel option to config To support legacy targets add the TlsSecLevel configuration option that is equivalent to the /tls:seclevel option of the client implementations. This allows automatic configuration of OpenSSL legacy providers if they are available. --- include/freerdp/server/proxy/proxy_config.h | 3 +++ server/proxy/pf_config.c | 19 ++++++++++++++++--- server/proxy/pf_server.c | 4 ++++ 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/include/freerdp/server/proxy/proxy_config.h b/include/freerdp/server/proxy/proxy_config.h index dbd255067..237fdf36f 100644 --- a/include/freerdp/server/proxy/proxy_config.h +++ b/include/freerdp/server/proxy/proxy_config.h @@ -109,6 +109,9 @@ extern "C" size_t PrivateKeyPEMLength; wIniFile* ini; + + /* target continued */ + UINT32 TargetTlsSecLevel; }; /** diff --git a/server/proxy/pf_config.c b/server/proxy/pf_config.c index 4be291793..904e58568 100644 --- a/server/proxy/pf_config.c +++ b/server/proxy/pf_config.c @@ -74,6 +74,7 @@ static const char* key_target_fixed = "FixedTarget"; static const char* key_target_user = "User"; static const char* key_target_pwd = "Password"; static const char* key_target_domain = "Domain"; +static const char* key_target_tls_seclevel = "TlsSecLevel"; static const char* section_clipboard = "Clipboard"; static const char* key_clip_text_only = "TextOnly"; @@ -168,10 +169,11 @@ static BOOL pf_config_get_uint32(wIniFile* ini, const char* section, const char* WINPR_ASSERT(result); strval = IniFile_GetKeyValueString(ini, section, key); - if (!strval && required) + if (!strval) { - WLog_ERR(TAG, "key '%s.%s' does not exist.", section, key); - return FALSE; + if (required) + WLog_ERR(TAG, "key '%s.%s' does not exist.", section, key); + return !required; } val = IniFile_GetKeyValueInt(ini, section, key); @@ -260,6 +262,10 @@ static BOOL pf_config_load_target(wIniFile* ini, proxyConfig* config) config->FixedTarget)) return FALSE; + if (!pf_config_get_uint32(ini, section_target, key_target_tls_seclevel, + &config->TargetTlsSecLevel, FALSE)) + return FALSE; + if (config->FixedTarget) { target_value = pf_config_get_str(ini, section_target, key_host, TRUE); @@ -576,6 +582,10 @@ proxyConfig* server_config_load_ini(wIniFile* ini) config = calloc(1, sizeof(proxyConfig)); if (config) { + /* Set default values != 0 */ + config->TargetTlsSecLevel = 1; + + /* Load from ini */ if (!pf_config_load_server(ini, config)) goto out; @@ -632,6 +642,8 @@ BOOL pf_server_config_dump(const char* file) goto fail; if (IniFile_SetKeyValueString(ini, section_target, key_target_fixed, bool_str_true) < 0) goto fail; + if (IniFile_SetKeyValueInt(ini, section_target, key_target_tls_seclevel, 1) < 0) + goto fail; /* Channel configuration */ if (IniFile_SetKeyValueString(ini, section_channels, key_channels_gfx, bool_str_true) < 0) @@ -809,6 +821,7 @@ void pf_server_config_print(const proxyConfig* config) CONFIG_PRINT_SECTION(section_target); CONFIG_PRINT_STR(config, TargetHost); CONFIG_PRINT_UINT16(config, TargetPort); + CONFIG_PRINT_UINT32(config, TargetTlsSecLevel); if (config->TargetUser) CONFIG_PRINT_STR(config, TargetUser); diff --git a/server/proxy/pf_server.c b/server/proxy/pf_server.c index 0679f1ac0..6223f2332 100644 --- a/server/proxy/pf_server.c +++ b/server/proxy/pf_server.c @@ -141,6 +141,10 @@ static BOOL pf_server_get_target_info(rdpContext* context, rdpSettings* settings else freerdp_settings_set_uint32(settings, FreeRDP_ServerPort, 3389); + if (!freerdp_settings_set_uint32(settings, FreeRDP_TlsSecLevel, + config->TargetTlsSecLevel)) + return FALSE; + if (!freerdp_settings_set_string(settings, FreeRDP_ServerHostname, config->TargetHost)) { PROXY_LOG_ERR(TAG, ps, "strdup failed!");