Switch from enable-auth to disable-auth, enabling auth by default. Use ANY security mode by default. Warn if authentication is required but credentials were not given.

This commit is contained in:
Michael Jumper 2013-08-25 11:35:31 -07:00
parent da016d5153
commit 9903d3d0d9
3 changed files with 50 additions and 16 deletions

View File

@ -111,7 +111,7 @@ const char* GUAC_CLIENT_ARGS[] = {
"server-layout", "server-layout",
"security", "security",
"ignore-cert", "ignore-cert",
"enable-auth", "disable-auth",
NULL NULL
}; };
@ -133,7 +133,7 @@ enum RDP_ARGS_IDX {
IDX_SERVER_LAYOUT, IDX_SERVER_LAYOUT,
IDX_SECURITY, IDX_SECURITY,
IDX_IGNORE_CERT, IDX_IGNORE_CERT,
IDX_ENABLE_AUTH, IDX_DISABLE_AUTH,
RDP_ARGS_COUNT RDP_ARGS_COUNT
}; };
@ -323,6 +323,38 @@ BOOL rdp_freerdp_post_connect(freerdp* instance) {
} }
BOOL rdp_freerdp_authenticate(freerdp* instance, char** username,
char** password, char** domain) {
rdpContext* context = instance->context;
guac_client* client = ((rdp_freerdp_context*) context)->client;
/* Warn if connection is likely to fail due to lack of credentials */
guac_client_log_info(client,
"Authentication requested but username or password not given");
return TRUE;
}
BOOL rdp_freerdp_verify_certificate(freerdp* instance, char* subject,
char* issuer, char* fingerprint) {
rdpContext* context = instance->context;
guac_client* client = ((rdp_freerdp_context*) context)->client;
rdp_guac_client_data* guac_client_data =
(rdp_guac_client_data*) client->data;
/* Bypass validation if ignore_certificate given */
if (guac_client_data->settings.ignore_certificate) {
guac_client_log_info(client, "Certificate validation bypassed");
return TRUE;
}
guac_client_log_info(client, "Certificate validation failed");
return FALSE;
}
void rdp_freerdp_context_new(freerdp* instance, rdpContext* context) { void rdp_freerdp_context_new(freerdp* instance, rdpContext* context) {
context->channels = freerdp_channels_new(); context->channels = freerdp_channels_new();
} }
@ -392,6 +424,8 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
rdp_inst = freerdp_new(); rdp_inst = freerdp_new();
rdp_inst->PreConnect = rdp_freerdp_pre_connect; rdp_inst->PreConnect = rdp_freerdp_pre_connect;
rdp_inst->PostConnect = rdp_freerdp_post_connect; rdp_inst->PostConnect = rdp_freerdp_post_connect;
rdp_inst->Authenticate = rdp_freerdp_authenticate;
rdp_inst->VerifyCertificate = rdp_freerdp_verify_certificate;
rdp_inst->ReceiveChannelData = __guac_receive_channel_data; rdp_inst->ReceiveChannelData = __guac_receive_channel_data;
/* Allocate FreeRDP context */ /* Allocate FreeRDP context */
@ -413,7 +447,7 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
/* Certificate and auth */ /* Certificate and auth */
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0); settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0); settings->disable_authentication = (strcmp(argv[IDX_DISABLE_AUTH], "true") == 0);
/* NLA security */ /* NLA security */
if (strcmp(argv[IDX_SECURITY], "nla") == 0) { if (strcmp(argv[IDX_SECURITY], "nla") == 0) {
@ -427,18 +461,18 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
settings->security_mode = GUAC_SECURITY_TLS; settings->security_mode = GUAC_SECURITY_TLS;
} }
/* ANY security (do not choose) */ /* RDP security */
else if (strcmp(argv[IDX_SECURITY], "any") == 0) { else if (strcmp(argv[IDX_SECURITY], "rdp") == 0) {
guac_client_log_info(client, "Security mode: ANY");
settings->security_mode = GUAC_SECURITY_ANY;
}
/* RDP security (default) */
else {
guac_client_log_info(client, "Security mode: RDP"); guac_client_log_info(client, "Security mode: RDP");
settings->security_mode = GUAC_SECURITY_RDP; settings->security_mode = GUAC_SECURITY_RDP;
} }
/* ANY security (allow server to choose) */
else {
guac_client_log_info(client, "Security mode: ANY");
settings->security_mode = GUAC_SECURITY_ANY;
}
/* Set hostname */ /* Set hostname */
settings->hostname = strdup(argv[IDX_HOSTNAME]); settings->hostname = strdup(argv[IDX_HOSTNAME]);

View File

@ -172,11 +172,11 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
/* Authentication */ /* Authentication */
#ifdef LEGACY_RDPSETTINGS #ifdef LEGACY_RDPSETTINGS
rdp_settings->authentication = guac_settings->enable_authentication; rdp_settings->authentication = !guac_settings->disable_authentication;
rdp_settings->ignore_certificate = guac_settings->ignore_certificate; rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
rdp_settings->encryption = TRUE; rdp_settings->encryption = TRUE;
#else #else
rdp_settings->Authentication = guac_settings->enable_authentication; rdp_settings->Authentication = !guac_settings->disable_authentication;
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate; rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
rdp_settings->DisableEncryption = FALSE; rdp_settings->DisableEncryption = FALSE;
#endif #endif

View File

@ -176,11 +176,11 @@ typedef struct guac_rdp_settings {
int ignore_certificate; int ignore_certificate;
/** /**
* Whether authentication should be enabled. This is different from the * Whether authentication should be disabled. This is different from the
* authentication that takes place when a user provides their username * authentication that takes place when a user provides their username
* and password. * and password. Authentication is required by definition for NLA.
*/ */
int enable_authentication; int disable_authentication;
} guac_rdp_settings; } guac_rdp_settings;