GUACAMOLE-249: Default to negotiated security mode, not old "RDP" encryption.

2019-09-29 14:34:05 -07:00 · 2019-09-29 14:34:05 -07:00 · 2ed0d042a3
commit 2ed0d042a3
parent a76e307176
2 changed files with 9 additions and 8 deletions
--- a/src/protocols/rdp/rdp_settings.c
+++ b/src/protocols/rdp/rdp_settings.c
@ -232,7 +232,8 @@ enum RDP_ARGS_IDX {

    /**
     * The type of security to use for the connection. Valid values are "rdp",
-     * "tls", "nla", or "any". By default, "rdp" security is used.
+     * "tls", "nla", "nla-ext", or "any". By default, the security mode is
+     * negotiated ("any").
     */
    IDX_SECURITY,

@ -587,16 +588,16 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
        settings->security_mode = GUAC_SECURITY_RDP;
    }

-    /* ANY security (allow server to choose) */
+    /* Negotiate security (allow server to choose) */
    else if (strcmp(argv[IDX_SECURITY], "any") == 0) {
-        guac_user_log(user, GUAC_LOG_INFO, "Security mode: ANY");
+        guac_user_log(user, GUAC_LOG_INFO, "Security mode: Negotiate (ANY)");
        settings->security_mode = GUAC_SECURITY_ANY;
    }

    /* If nothing given, default to RDP */
    else {
-        guac_user_log(user, GUAC_LOG_INFO, "No security mode specified. Defaulting to RDP.");
-        settings->security_mode = GUAC_SECURITY_RDP;
+        guac_user_log(user, GUAC_LOG_INFO, "No security mode specified. Defaulting to security mode negotiation with server.");
+        settings->security_mode = GUAC_SECURITY_ANY;
    }

    /* Set hostname */
@ -1202,7 +1203,7 @@ void guac_rdp_push_settings(guac_client* client,
    /* Security */
    switch (guac_settings->security_mode) {

-        /* Standard RDP encryption */
+        /* Legacy RDP encryption */
        case GUAC_SECURITY_RDP:
            rdp_settings->RdpSecurity = TRUE;
            rdp_settings->TlsSecurity = FALSE;
--- a/src/protocols/rdp/rdp_settings.h
+++ b/src/protocols/rdp/rdp_settings.h
@ -64,7 +64,7 @@
 typedef enum guac_rdp_security {

    /**
-     * Standard RDP encryption.
+     * Legacy RDP encryption.
     */
    GUAC_SECURITY_RDP,

@ -79,7 +79,7 @@ typedef enum guac_rdp_security {
    GUAC_SECURITY_NLA,

    /**
-     * Any method supported by the server.
+     * Negotiate a security method supported by both server and client.
     */
    GUAC_SECURITY_ANY