From 7d2b7126dbc3aabbc8f6454d509c5de4efe960cf Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 19 Feb 2019 11:34:18 -0800 Subject: [PATCH] GUACAMOLE-381: Add copy/paste disable flags for all supported protocols. --- src/protocols/kubernetes/settings.c | 26 ++++++++++++++++++++++++++ src/protocols/kubernetes/settings.h | 14 ++++++++++++++ src/protocols/rdp/rdp_settings.c | 26 ++++++++++++++++++++++++++ src/protocols/rdp/rdp_settings.h | 14 ++++++++++++++ src/protocols/ssh/settings.c | 26 ++++++++++++++++++++++++++ src/protocols/ssh/settings.h | 14 ++++++++++++++ src/protocols/telnet/settings.c | 26 ++++++++++++++++++++++++++ src/protocols/telnet/settings.h | 14 ++++++++++++++ src/protocols/vnc/settings.c | 27 ++++++++++++++++++++++++++- src/protocols/vnc/settings.h | 14 ++++++++++++++ 10 files changed, 200 insertions(+), 1 deletion(-) diff --git a/src/protocols/kubernetes/settings.c b/src/protocols/kubernetes/settings.c index 4f00a445..ec23880b 100644 --- a/src/protocols/kubernetes/settings.c +++ b/src/protocols/kubernetes/settings.c @@ -50,6 +50,8 @@ const char* GUAC_KUBERNETES_CLIENT_ARGS[] = { "read-only", "backspace", "scrollback", + "disable-copy", + "disable-paste", NULL }; @@ -216,6 +218,20 @@ enum KUBERNETES_ARGS_IDX { */ IDX_SCROLLBACK, + /** + * Whether outbound clipboard access should be blocked. If set to "true", + * it will not be possible to copy data from the terminal to the client + * using the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_COPY, + + /** + * Whether inbound clipboard access should be blocked. If set to "true", it + * will not be possible to paste data from the client to the terminal using + * the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_PASTE, + KUBERNETES_ARGS_COUNT }; @@ -364,6 +380,16 @@ guac_kubernetes_settings* guac_kubernetes_parse_args(guac_user* user, guac_user_parse_args_int(user, GUAC_KUBERNETES_CLIENT_ARGS, argv, IDX_BACKSPACE, 127); + /* Parse clipboard copy disable flag */ + settings->disable_copy = + guac_user_parse_args_boolean(user, GUAC_KUBERNETES_CLIENT_ARGS, argv, + IDX_DISABLE_COPY, false); + + /* Parse clipboard paste disable flag */ + settings->disable_paste = + guac_user_parse_args_boolean(user, GUAC_KUBERNETES_CLIENT_ARGS, argv, + IDX_DISABLE_PASTE, false); + /* Parsing was successful */ return settings; diff --git a/src/protocols/kubernetes/settings.h b/src/protocols/kubernetes/settings.h index 6267a18b..eef4973e 100644 --- a/src/protocols/kubernetes/settings.h +++ b/src/protocols/kubernetes/settings.h @@ -170,6 +170,20 @@ typedef struct guac_kubernetes_settings { */ int resolution; + /** + * Whether outbound clipboard access should be blocked. If set, it will not + * be possible to copy data from the terminal to the client using the + * clipboard. + */ + bool disable_copy; + + /** + * Whether inbound clipboard access should be blocked. If set, it will not + * be possible to paste data from the client to the terminal using the + * clipboard. + */ + bool disable_paste; + /** * The path in which the typescript should be saved, if enabled. If no * typescript should be saved, this will be NULL. diff --git a/src/protocols/rdp/rdp_settings.c b/src/protocols/rdp/rdp_settings.c index 88d9bc7f..d46cd27c 100644 --- a/src/protocols/rdp/rdp_settings.c +++ b/src/protocols/rdp/rdp_settings.c @@ -118,6 +118,8 @@ const char* GUAC_RDP_CLIENT_ARGS[] = { "load-balance-info", #endif + "disable-copy", + "disable-paste", NULL }; @@ -545,6 +547,20 @@ enum RDP_ARGS_IDX { IDX_LOAD_BALANCE_INFO, #endif + /** + * Whether outbound clipboard access should be blocked. If set to "true", + * it will not be possible to copy data from the remote desktop to the + * client using the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_COPY, + + /** + * Whether inbound clipboard access should be blocked. If set to "true", it + * will not be possible to paste data from the client to the remote desktop + * using the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_PASTE, + RDP_ARGS_COUNT }; @@ -1007,6 +1023,16 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user, IDX_LOAD_BALANCE_INFO, NULL); #endif + /* Parse clipboard copy disable flag */ + settings->disable_copy = + guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv, + IDX_DISABLE_COPY, 0); + + /* Parse clipboard paste disable flag */ + settings->disable_paste = + guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv, + IDX_DISABLE_PASTE, 0); + /* Success */ return settings; diff --git a/src/protocols/rdp/rdp_settings.h b/src/protocols/rdp/rdp_settings.h index 6955ed58..9edbedeb 100644 --- a/src/protocols/rdp/rdp_settings.h +++ b/src/protocols/rdp/rdp_settings.h @@ -268,6 +268,20 @@ typedef struct guac_rdp_settings { */ char** svc_names; + /** + * Whether outbound clipboard access should be blocked. If set, it will not + * be possible to copy data from the remote desktop to the client using the + * clipboard. + */ + int disable_copy; + + /** + * Whether inbound clipboard access should be blocked. If set, it will not + * be possible to paste data from the client to the remote desktop using + * the clipboard. + */ + int disable_paste; + /** * Whether the desktop wallpaper should be visible. If unset, the desktop * wallpaper will be hidden, reducing the amount of bandwidth required. diff --git a/src/protocols/ssh/settings.c b/src/protocols/ssh/settings.c index 962524ce..84364193 100644 --- a/src/protocols/ssh/settings.c +++ b/src/protocols/ssh/settings.c @@ -62,6 +62,8 @@ const char* GUAC_SSH_CLIENT_ARGS[] = { "scrollback", "locale", "timezone", + "disable-copy", + "disable-paste", NULL }; @@ -258,6 +260,20 @@ enum SSH_ARGS_IDX { */ IDX_TIMEZONE, + /** + * Whether outbound clipboard access should be blocked. If set to "true", + * it will not be possible to copy data from the terminal to the client + * using the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_COPY, + + /** + * Whether inbound clipboard access should be blocked. If set to "true", it + * will not be possible to paste data from the client to the terminal using + * the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_PASTE, + SSH_ARGS_COUNT }; @@ -426,6 +442,16 @@ guac_ssh_settings* guac_ssh_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv, IDX_TIMEZONE, NULL); + /* Parse clipboard copy disable flag */ + settings->disable_copy = + guac_user_parse_args_boolean(user, GUAC_SSH_CLIENT_ARGS, argv, + IDX_DISABLE_COPY, false); + + /* Parse clipboard paste disable flag */ + settings->disable_paste = + guac_user_parse_args_boolean(user, GUAC_SSH_CLIENT_ARGS, argv, + IDX_DISABLE_PASTE, false); + /* Parsing was successful */ return settings; diff --git a/src/protocols/ssh/settings.h b/src/protocols/ssh/settings.h index baa634ad..bab21bdf 100644 --- a/src/protocols/ssh/settings.h +++ b/src/protocols/ssh/settings.h @@ -155,6 +155,20 @@ typedef struct guac_ssh_settings { */ int resolution; + /** + * Whether outbound clipboard access should be blocked. If set, it will not + * be possible to copy data from the terminal to the client using the + * clipboard. + */ + bool disable_copy; + + /** + * Whether inbound clipboard access should be blocked. If set, it will not + * be possible to paste data from the client to the terminal using the + * clipboard. + */ + bool disable_paste; + /** * Whether SFTP is enabled. */ diff --git a/src/protocols/telnet/settings.c b/src/protocols/telnet/settings.c index 890d5fec..ded5c4f3 100644 --- a/src/protocols/telnet/settings.c +++ b/src/protocols/telnet/settings.c @@ -55,6 +55,8 @@ const char* GUAC_TELNET_CLIENT_ARGS[] = { "scrollback", "login-success-regex", "login-failure-regex", + "disable-copy", + "disable-paste", NULL }; @@ -216,6 +218,20 @@ enum TELNET_ARGS_IDX { */ IDX_LOGIN_FAILURE_REGEX, + /** + * Whether outbound clipboard access should be blocked. If set to "true", + * it will not be possible to copy data from the terminal to the client + * using the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_COPY, + + /** + * Whether inbound clipboard access should be blocked. If set to "true", it + * will not be possible to paste data from the client to the terminal using + * the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_PASTE, + TELNET_ARGS_COUNT }; @@ -428,6 +444,16 @@ guac_telnet_settings* guac_telnet_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_TELNET_CLIENT_ARGS, argv, IDX_TERMINAL_TYPE, "linux"); + /* Parse clipboard copy disable flag */ + settings->disable_copy = + guac_user_parse_args_boolean(user, GUAC_TELNET_CLIENT_ARGS, argv, + IDX_DISABLE_COPY, false); + + /* Parse clipboard paste disable flag */ + settings->disable_paste = + guac_user_parse_args_boolean(user, GUAC_TELNET_CLIENT_ARGS, argv, + IDX_DISABLE_PASTE, false); + /* Parsing was successful */ return settings; diff --git a/src/protocols/telnet/settings.h b/src/protocols/telnet/settings.h index 86302b77..691669cb 100644 --- a/src/protocols/telnet/settings.h +++ b/src/protocols/telnet/settings.h @@ -171,6 +171,20 @@ typedef struct guac_telnet_settings { */ int resolution; + /** + * Whether outbound clipboard access should be blocked. If set, it will not + * be possible to copy data from the terminal to the client using the + * clipboard. + */ + bool disable_copy; + + /** + * Whether inbound clipboard access should be blocked. If set, it will not + * be possible to paste data from the client to the terminal using the + * clipboard. + */ + bool disable_paste; + /** * The path in which the typescript should be saved, if enabled. If no * typescript should be saved, this will be NULL. diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c index 8f65cfb2..3e0ebc6b 100644 --- a/src/protocols/vnc/settings.c +++ b/src/protocols/vnc/settings.c @@ -77,7 +77,8 @@ const char* GUAC_VNC_CLIENT_ARGS[] = { "recording-exclude-mouse", "recording-include-keys", "create-recording-path", - + "disable-copy", + "disable-paste", NULL }; @@ -298,6 +299,20 @@ enum VNC_ARGS_IDX { */ IDX_CREATE_RECORDING_PATH, + /** + * Whether outbound clipboard access should be blocked. If set to "true", + * it will not be possible to copy data from the remote desktop to the + * client using the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_COPY, + + /** + * Whether inbound clipboard access should be blocked. If set to "true", it + * will not be possible to paste data from the client to the remote desktop + * using the clipboard. By default, clipboard access is not blocked. + */ + IDX_DISABLE_PASTE, + VNC_ARGS_COUNT }; @@ -493,6 +508,16 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user, guac_user_parse_args_boolean(user, GUAC_VNC_CLIENT_ARGS, argv, IDX_CREATE_RECORDING_PATH, false); + /* Parse clipboard copy disable flag */ + settings->disable_copy = + guac_user_parse_args_boolean(user, GUAC_VNC_CLIENT_ARGS, argv, + IDX_DISABLE_COPY, false); + + /* Parse clipboard paste disable flag */ + settings->disable_paste = + guac_user_parse_args_boolean(user, GUAC_VNC_CLIENT_ARGS, argv, + IDX_DISABLE_PASTE, false); + return settings; } diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h index 3e2ebd5e..13a3d87b 100644 --- a/src/protocols/vnc/settings.h +++ b/src/protocols/vnc/settings.h @@ -127,6 +127,20 @@ typedef struct guac_vnc_settings { */ char* clipboard_encoding; + /** + * Whether outbound clipboard access should be blocked. If set, it will not + * be possible to copy data from the remote desktop to the client using the + * clipboard. + */ + bool disable_copy; + + /** + * Whether inbound clipboard access should be blocked. If set, it will not + * be possible to paste data from the client to the remote desktop using + * the clipboard. + */ + bool disable_paste; + #ifdef ENABLE_COMMON_SSH /** * Whether SFTP should be enabled for the VNC connection.