Switch from enable-auth to disable-auth, enabling auth by default. Use ANY security mode by default. Warn if authentication is required but credentials were not given.
This commit is contained in:
parent
da016d5153
commit
9903d3d0d9
@ -111,7 +111,7 @@ const char* GUAC_CLIENT_ARGS[] = {
|
||||
"server-layout",
|
||||
"security",
|
||||
"ignore-cert",
|
||||
"enable-auth",
|
||||
"disable-auth",
|
||||
NULL
|
||||
};
|
||||
|
||||
@ -133,7 +133,7 @@ enum RDP_ARGS_IDX {
|
||||
IDX_SERVER_LAYOUT,
|
||||
IDX_SECURITY,
|
||||
IDX_IGNORE_CERT,
|
||||
IDX_ENABLE_AUTH,
|
||||
IDX_DISABLE_AUTH,
|
||||
RDP_ARGS_COUNT
|
||||
};
|
||||
|
||||
@ -323,6 +323,38 @@ BOOL rdp_freerdp_post_connect(freerdp* instance) {
|
||||
|
||||
}
|
||||
|
||||
BOOL rdp_freerdp_authenticate(freerdp* instance, char** username,
|
||||
char** password, char** domain) {
|
||||
|
||||
rdpContext* context = instance->context;
|
||||
guac_client* client = ((rdp_freerdp_context*) context)->client;
|
||||
|
||||
/* Warn if connection is likely to fail due to lack of credentials */
|
||||
guac_client_log_info(client,
|
||||
"Authentication requested but username or password not given");
|
||||
return TRUE;
|
||||
|
||||
}
|
||||
|
||||
BOOL rdp_freerdp_verify_certificate(freerdp* instance, char* subject,
|
||||
char* issuer, char* fingerprint) {
|
||||
|
||||
rdpContext* context = instance->context;
|
||||
guac_client* client = ((rdp_freerdp_context*) context)->client;
|
||||
rdp_guac_client_data* guac_client_data =
|
||||
(rdp_guac_client_data*) client->data;
|
||||
|
||||
/* Bypass validation if ignore_certificate given */
|
||||
if (guac_client_data->settings.ignore_certificate) {
|
||||
guac_client_log_info(client, "Certificate validation bypassed");
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
guac_client_log_info(client, "Certificate validation failed");
|
||||
return FALSE;
|
||||
|
||||
}
|
||||
|
||||
void rdp_freerdp_context_new(freerdp* instance, rdpContext* context) {
|
||||
context->channels = freerdp_channels_new();
|
||||
}
|
||||
@ -392,6 +424,8 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
||||
rdp_inst = freerdp_new();
|
||||
rdp_inst->PreConnect = rdp_freerdp_pre_connect;
|
||||
rdp_inst->PostConnect = rdp_freerdp_post_connect;
|
||||
rdp_inst->Authenticate = rdp_freerdp_authenticate;
|
||||
rdp_inst->VerifyCertificate = rdp_freerdp_verify_certificate;
|
||||
rdp_inst->ReceiveChannelData = __guac_receive_channel_data;
|
||||
|
||||
/* Allocate FreeRDP context */
|
||||
@ -413,7 +447,7 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
||||
|
||||
/* Certificate and auth */
|
||||
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
|
||||
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
|
||||
settings->disable_authentication = (strcmp(argv[IDX_DISABLE_AUTH], "true") == 0);
|
||||
|
||||
/* NLA security */
|
||||
if (strcmp(argv[IDX_SECURITY], "nla") == 0) {
|
||||
@ -427,18 +461,18 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
||||
settings->security_mode = GUAC_SECURITY_TLS;
|
||||
}
|
||||
|
||||
/* ANY security (do not choose) */
|
||||
else if (strcmp(argv[IDX_SECURITY], "any") == 0) {
|
||||
guac_client_log_info(client, "Security mode: ANY");
|
||||
settings->security_mode = GUAC_SECURITY_ANY;
|
||||
}
|
||||
|
||||
/* RDP security (default) */
|
||||
else {
|
||||
/* RDP security */
|
||||
else if (strcmp(argv[IDX_SECURITY], "rdp") == 0) {
|
||||
guac_client_log_info(client, "Security mode: RDP");
|
||||
settings->security_mode = GUAC_SECURITY_RDP;
|
||||
}
|
||||
|
||||
/* ANY security (allow server to choose) */
|
||||
else {
|
||||
guac_client_log_info(client, "Security mode: ANY");
|
||||
settings->security_mode = GUAC_SECURITY_ANY;
|
||||
}
|
||||
|
||||
/* Set hostname */
|
||||
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
||||
|
||||
|
@ -172,11 +172,11 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
|
||||
|
||||
/* Authentication */
|
||||
#ifdef LEGACY_RDPSETTINGS
|
||||
rdp_settings->authentication = guac_settings->enable_authentication;
|
||||
rdp_settings->authentication = !guac_settings->disable_authentication;
|
||||
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
|
||||
rdp_settings->encryption = TRUE;
|
||||
#else
|
||||
rdp_settings->Authentication = guac_settings->enable_authentication;
|
||||
rdp_settings->Authentication = !guac_settings->disable_authentication;
|
||||
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
|
||||
rdp_settings->DisableEncryption = FALSE;
|
||||
#endif
|
||||
|
@ -176,11 +176,11 @@ typedef struct guac_rdp_settings {
|
||||
int ignore_certificate;
|
||||
|
||||
/**
|
||||
* Whether authentication should be enabled. This is different from the
|
||||
* Whether authentication should be disabled. This is different from the
|
||||
* authentication that takes place when a user provides their username
|
||||
* and password.
|
||||
* and password. Authentication is required by definition for NLA.
|
||||
*/
|
||||
int enable_authentication;
|
||||
int disable_authentication;
|
||||
|
||||
} guac_rdp_settings;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user