Switch from enable-auth to disable-auth, enabling auth by default. Use ANY security mode by default. Warn if authentication is required but credentials were not given.
This commit is contained in:
parent
da016d5153
commit
9903d3d0d9
@ -111,7 +111,7 @@ const char* GUAC_CLIENT_ARGS[] = {
|
|||||||
"server-layout",
|
"server-layout",
|
||||||
"security",
|
"security",
|
||||||
"ignore-cert",
|
"ignore-cert",
|
||||||
"enable-auth",
|
"disable-auth",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -133,7 +133,7 @@ enum RDP_ARGS_IDX {
|
|||||||
IDX_SERVER_LAYOUT,
|
IDX_SERVER_LAYOUT,
|
||||||
IDX_SECURITY,
|
IDX_SECURITY,
|
||||||
IDX_IGNORE_CERT,
|
IDX_IGNORE_CERT,
|
||||||
IDX_ENABLE_AUTH,
|
IDX_DISABLE_AUTH,
|
||||||
RDP_ARGS_COUNT
|
RDP_ARGS_COUNT
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -323,6 +323,38 @@ BOOL rdp_freerdp_post_connect(freerdp* instance) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
BOOL rdp_freerdp_authenticate(freerdp* instance, char** username,
|
||||||
|
char** password, char** domain) {
|
||||||
|
|
||||||
|
rdpContext* context = instance->context;
|
||||||
|
guac_client* client = ((rdp_freerdp_context*) context)->client;
|
||||||
|
|
||||||
|
/* Warn if connection is likely to fail due to lack of credentials */
|
||||||
|
guac_client_log_info(client,
|
||||||
|
"Authentication requested but username or password not given");
|
||||||
|
return TRUE;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
BOOL rdp_freerdp_verify_certificate(freerdp* instance, char* subject,
|
||||||
|
char* issuer, char* fingerprint) {
|
||||||
|
|
||||||
|
rdpContext* context = instance->context;
|
||||||
|
guac_client* client = ((rdp_freerdp_context*) context)->client;
|
||||||
|
rdp_guac_client_data* guac_client_data =
|
||||||
|
(rdp_guac_client_data*) client->data;
|
||||||
|
|
||||||
|
/* Bypass validation if ignore_certificate given */
|
||||||
|
if (guac_client_data->settings.ignore_certificate) {
|
||||||
|
guac_client_log_info(client, "Certificate validation bypassed");
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
guac_client_log_info(client, "Certificate validation failed");
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
void rdp_freerdp_context_new(freerdp* instance, rdpContext* context) {
|
void rdp_freerdp_context_new(freerdp* instance, rdpContext* context) {
|
||||||
context->channels = freerdp_channels_new();
|
context->channels = freerdp_channels_new();
|
||||||
}
|
}
|
||||||
@ -392,6 +424,8 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
|||||||
rdp_inst = freerdp_new();
|
rdp_inst = freerdp_new();
|
||||||
rdp_inst->PreConnect = rdp_freerdp_pre_connect;
|
rdp_inst->PreConnect = rdp_freerdp_pre_connect;
|
||||||
rdp_inst->PostConnect = rdp_freerdp_post_connect;
|
rdp_inst->PostConnect = rdp_freerdp_post_connect;
|
||||||
|
rdp_inst->Authenticate = rdp_freerdp_authenticate;
|
||||||
|
rdp_inst->VerifyCertificate = rdp_freerdp_verify_certificate;
|
||||||
rdp_inst->ReceiveChannelData = __guac_receive_channel_data;
|
rdp_inst->ReceiveChannelData = __guac_receive_channel_data;
|
||||||
|
|
||||||
/* Allocate FreeRDP context */
|
/* Allocate FreeRDP context */
|
||||||
@ -413,7 +447,7 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
|||||||
|
|
||||||
/* Certificate and auth */
|
/* Certificate and auth */
|
||||||
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
|
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
|
||||||
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
|
settings->disable_authentication = (strcmp(argv[IDX_DISABLE_AUTH], "true") == 0);
|
||||||
|
|
||||||
/* NLA security */
|
/* NLA security */
|
||||||
if (strcmp(argv[IDX_SECURITY], "nla") == 0) {
|
if (strcmp(argv[IDX_SECURITY], "nla") == 0) {
|
||||||
@ -427,18 +461,18 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
|||||||
settings->security_mode = GUAC_SECURITY_TLS;
|
settings->security_mode = GUAC_SECURITY_TLS;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ANY security (do not choose) */
|
/* RDP security */
|
||||||
else if (strcmp(argv[IDX_SECURITY], "any") == 0) {
|
else if (strcmp(argv[IDX_SECURITY], "rdp") == 0) {
|
||||||
guac_client_log_info(client, "Security mode: ANY");
|
|
||||||
settings->security_mode = GUAC_SECURITY_ANY;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* RDP security (default) */
|
|
||||||
else {
|
|
||||||
guac_client_log_info(client, "Security mode: RDP");
|
guac_client_log_info(client, "Security mode: RDP");
|
||||||
settings->security_mode = GUAC_SECURITY_RDP;
|
settings->security_mode = GUAC_SECURITY_RDP;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* ANY security (allow server to choose) */
|
||||||
|
else {
|
||||||
|
guac_client_log_info(client, "Security mode: ANY");
|
||||||
|
settings->security_mode = GUAC_SECURITY_ANY;
|
||||||
|
}
|
||||||
|
|
||||||
/* Set hostname */
|
/* Set hostname */
|
||||||
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
||||||
|
|
||||||
|
@ -172,11 +172,11 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
|
|||||||
|
|
||||||
/* Authentication */
|
/* Authentication */
|
||||||
#ifdef LEGACY_RDPSETTINGS
|
#ifdef LEGACY_RDPSETTINGS
|
||||||
rdp_settings->authentication = guac_settings->enable_authentication;
|
rdp_settings->authentication = !guac_settings->disable_authentication;
|
||||||
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
|
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
|
||||||
rdp_settings->encryption = TRUE;
|
rdp_settings->encryption = TRUE;
|
||||||
#else
|
#else
|
||||||
rdp_settings->Authentication = guac_settings->enable_authentication;
|
rdp_settings->Authentication = !guac_settings->disable_authentication;
|
||||||
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
|
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
|
||||||
rdp_settings->DisableEncryption = FALSE;
|
rdp_settings->DisableEncryption = FALSE;
|
||||||
#endif
|
#endif
|
||||||
|
@ -176,11 +176,11 @@ typedef struct guac_rdp_settings {
|
|||||||
int ignore_certificate;
|
int ignore_certificate;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whether authentication should be enabled. This is different from the
|
* Whether authentication should be disabled. This is different from the
|
||||||
* authentication that takes place when a user provides their username
|
* authentication that takes place when a user provides their username
|
||||||
* and password.
|
* and password. Authentication is required by definition for NLA.
|
||||||
*/
|
*/
|
||||||
int enable_authentication;
|
int disable_authentication;
|
||||||
|
|
||||||
} guac_rdp_settings;
|
} guac_rdp_settings;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user