GUACAMOLE-249: Default to negotiated security mode, not old "RDP" encryption.

This commit is contained in:
Michael Jumper 2019-09-29 14:34:05 -07:00
parent a76e307176
commit 2ed0d042a3
2 changed files with 9 additions and 8 deletions

View File

@ -232,7 +232,8 @@ enum RDP_ARGS_IDX {
/** /**
* The type of security to use for the connection. Valid values are "rdp", * The type of security to use for the connection. Valid values are "rdp",
* "tls", "nla", or "any". By default, "rdp" security is used. * "tls", "nla", "nla-ext", or "any". By default, the security mode is
* negotiated ("any").
*/ */
IDX_SECURITY, IDX_SECURITY,
@ -587,16 +588,16 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
settings->security_mode = GUAC_SECURITY_RDP; settings->security_mode = GUAC_SECURITY_RDP;
} }
/* ANY security (allow server to choose) */ /* Negotiate security (allow server to choose) */
else if (strcmp(argv[IDX_SECURITY], "any") == 0) { else if (strcmp(argv[IDX_SECURITY], "any") == 0) {
guac_user_log(user, GUAC_LOG_INFO, "Security mode: ANY"); guac_user_log(user, GUAC_LOG_INFO, "Security mode: Negotiate (ANY)");
settings->security_mode = GUAC_SECURITY_ANY; settings->security_mode = GUAC_SECURITY_ANY;
} }
/* If nothing given, default to RDP */ /* If nothing given, default to RDP */
else { else {
guac_user_log(user, GUAC_LOG_INFO, "No security mode specified. Defaulting to RDP."); guac_user_log(user, GUAC_LOG_INFO, "No security mode specified. Defaulting to security mode negotiation with server.");
settings->security_mode = GUAC_SECURITY_RDP; settings->security_mode = GUAC_SECURITY_ANY;
} }
/* Set hostname */ /* Set hostname */
@ -1202,7 +1203,7 @@ void guac_rdp_push_settings(guac_client* client,
/* Security */ /* Security */
switch (guac_settings->security_mode) { switch (guac_settings->security_mode) {
/* Standard RDP encryption */ /* Legacy RDP encryption */
case GUAC_SECURITY_RDP: case GUAC_SECURITY_RDP:
rdp_settings->RdpSecurity = TRUE; rdp_settings->RdpSecurity = TRUE;
rdp_settings->TlsSecurity = FALSE; rdp_settings->TlsSecurity = FALSE;

View File

@ -64,7 +64,7 @@
typedef enum guac_rdp_security { typedef enum guac_rdp_security {
/** /**
* Standard RDP encryption. * Legacy RDP encryption.
*/ */
GUAC_SECURITY_RDP, GUAC_SECURITY_RDP,
@ -79,7 +79,7 @@ typedef enum guac_rdp_security {
GUAC_SECURITY_NLA, GUAC_SECURITY_NLA,
/** /**
* Any method supported by the server. * Negotiate a security method supported by both server and client.
*/ */
GUAC_SECURITY_ANY GUAC_SECURITY_ANY