From 8041585379641d2c31f22235a4bc4180907db9cc Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 2 Nov 2020 15:40:29 -0800 Subject: [PATCH] GUACAMOLE-221: Increase verbosity of logged FreeRDP-related errors. --- src/protocols/rdp/error.c | 67 ++++++++++++++++++++++++++++----------- 1 file changed, 48 insertions(+), 19 deletions(-) diff --git a/src/protocols/rdp/error.c b/src/protocols/rdp/error.c index 22099fbc..144007a0 100644 --- a/src/protocols/rdp/error.c +++ b/src/protocols/rdp/error.c @@ -55,41 +55,70 @@ static void guac_rdp_translate_last_error(freerdp* rdp_inst, *message = "Disconnected."; break; - /* Authentication failure */ - case FREERDP_ERROR_AUTHENTICATION_FAILED: - case FREERDP_ERROR_CONNECT_ACCESS_DENIED: - case FREERDP_ERROR_CONNECT_ACCOUNT_DISABLED: + /* Account expired */ case FREERDP_ERROR_CONNECT_ACCOUNT_EXPIRED: - case FREERDP_ERROR_CONNECT_ACCOUNT_LOCKED_OUT: - case FREERDP_ERROR_CONNECT_ACCOUNT_RESTRICTION: - case FREERDP_ERROR_CONNECT_CLIENT_REVOKED: - case FREERDP_ERROR_CONNECT_LOGON_FAILURE: - case FREERDP_ERROR_CONNECT_LOGON_TYPE_NOT_GRANTED: - case FREERDP_ERROR_CONNECT_NO_OR_MISSING_CREDENTIALS: case FREERDP_ERROR_CONNECT_PASSWORD_CERTAINLY_EXPIRED: case FREERDP_ERROR_CONNECT_PASSWORD_EXPIRED: case FREERDP_ERROR_CONNECT_PASSWORD_MUST_CHANGE: - case FREERDP_ERROR_CONNECT_WRONG_PASSWORD: - case FREERDP_ERROR_INSUFFICIENT_PRIVILEGES: + case FREERDP_ERROR_SERVER_FRESH_CREDENTIALS_REQUIRED: + *status = GUAC_PROTOCOL_STATUS_CLIENT_FORBIDDEN; + *message = "Credentials expired."; + break; + + /* Security negotiation failed */ case FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED: + *status = GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED; + *message = "Security negotiation failed (wrong security type?)"; + break; + + /* Access denied */ + case FREERDP_ERROR_CONNECT_ACCESS_DENIED: + case FREERDP_ERROR_CONNECT_ACCOUNT_DISABLED: + case FREERDP_ERROR_CONNECT_ACCOUNT_LOCKED_OUT: + case FREERDP_ERROR_CONNECT_ACCOUNT_RESTRICTION: + case FREERDP_ERROR_CONNECT_CLIENT_REVOKED: + case FREERDP_ERROR_CONNECT_LOGON_TYPE_NOT_GRANTED: + case FREERDP_ERROR_INSUFFICIENT_PRIVILEGES: case FREERDP_ERROR_SERVER_DENIED_CONNECTION: case FREERDP_ERROR_SERVER_INSUFFICIENT_PRIVILEGES: - case FREERDP_ERROR_SERVER_FRESH_CREDENTIALS_REQUIRED: *status = GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED; - *message = "Authentication failure."; + *message = "Access denied by server (account locked/disabled?)"; + break; + + /* General, unspecified authentication failure */ + case FREERDP_ERROR_AUTHENTICATION_FAILED: + case FREERDP_ERROR_CONNECT_LOGON_FAILURE: + case FREERDP_ERROR_CONNECT_NO_OR_MISSING_CREDENTIALS: + case FREERDP_ERROR_CONNECT_WRONG_PASSWORD: + *status = GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED; + *message = "Authentication failure (invalid credentials?)"; + break; + + /* SSL/TLS connection failed */ + case FREERDP_ERROR_TLS_CONNECT_FAILED: + *status = GUAC_PROTOCOL_STATUS_UPSTREAM_NOT_FOUND; + *message = "SSL/TLS connection failed (untrusted/self-signed certificate?)"; + break; + + /* DNS lookup failed */ + case FREERDP_ERROR_DNS_ERROR: + case FREERDP_ERROR_DNS_NAME_NOT_FOUND: + *status = GUAC_PROTOCOL_STATUS_UPSTREAM_NOT_FOUND; + *message = "DNS lookup failed (incorrect hostname?)"; + break; + + case FREERDP_ERROR_CONNECT_TRANSPORT_FAILED: + *status = GUAC_PROTOCOL_STATUS_UPSTREAM_NOT_FOUND; + *message = "Server refused connection (wrong security type?)"; break; /* Connection failed */ case FREERDP_ERROR_CONNECT_CANCELLED: case FREERDP_ERROR_CONNECT_FAILED: case FREERDP_ERROR_CONNECT_KDC_UNREACHABLE: - case FREERDP_ERROR_CONNECT_TRANSPORT_FAILED: - case FREERDP_ERROR_DNS_ERROR: - case FREERDP_ERROR_DNS_NAME_NOT_FOUND: case FREERDP_ERROR_MCS_CONNECT_INITIAL_ERROR: - case FREERDP_ERROR_TLS_CONNECT_FAILED: *status = GUAC_PROTOCOL_STATUS_UPSTREAM_NOT_FOUND; - *message = "Connection failed."; + *message = "Connection failed (server unreachable?)"; break; /* All other errors */