From ac2bf524d926d9454d8173142dd8d02ca0de1363 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sat, 24 Aug 2013 12:30:38 -0700 Subject: [PATCH] Shorten parameter names, combine enable-tls and enable-nla into a single security parameter. --- src/protocols/rdp/client.c | 22 ++++++--- src/protocols/rdp/rdp_settings.c | 83 ++++++++++++++++++++++++++------ src/protocols/rdp/rdp_settings.h | 36 +++++++++++--- 3 files changed, 110 insertions(+), 31 deletions(-) diff --git a/src/protocols/rdp/client.c b/src/protocols/rdp/client.c index b07d434a..bf57f169 100644 --- a/src/protocols/rdp/client.c +++ b/src/protocols/rdp/client.c @@ -109,10 +109,9 @@ const char* GUAC_CLIENT_ARGS[] = { "console", "console-audio", "server-layout", - "enable-nla", - "enable-tls", - "ignore-certificate", - "enable-authentication", + "security", + "ignore-cert", + "enable-auth", NULL }; @@ -132,8 +131,7 @@ enum RDP_ARGS_IDX { IDX_CONSOLE, IDX_CONSOLE_AUDIO, IDX_SERVER_LAYOUT, - IDX_ENABLE_NLA, - IDX_ENABLE_TLS, + IDX_SECURITY, IDX_IGNORE_CERT, IDX_ENABLE_AUTH, RDP_ARGS_COUNT @@ -414,11 +412,19 @@ int guac_client_init(guac_client* client, int argc, char** argv) { settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0); /* Security */ - settings->enable_nla_security = (strcmp(argv[IDX_ENABLE_NLA], "true") == 0); - settings->enable_tls_security = (strcmp(argv[IDX_ENABLE_TLS], "true") == 0); settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0); settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0); + /* Parse security mode */ + if (strcmp(argv[IDX_SECURITY], "nla") == 0) + settings->security_mode = GUAC_SECURITY_NLA; + else if (strcmp(argv[IDX_SECURITY], "tls") == 0) + settings->security_mode = GUAC_SECURITY_TLS; + else if (strcmp(argv[IDX_SECURITY], "any") == 0) + settings->security_mode = GUAC_SECURITY_ANY; + else + settings->security_mode = GUAC_SECURITY_RDP; + /* Set hostname */ settings->hostname = strdup(argv[IDX_HOSTNAME]); diff --git a/src/protocols/rdp/rdp_settings.c b/src/protocols/rdp/rdp_settings.c index e8de9330..5be772d3 100644 --- a/src/protocols/rdp/rdp_settings.c +++ b/src/protocols/rdp/rdp_settings.c @@ -104,30 +104,81 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) { #endif /* Security */ + switch (guac_settings->security_mode) { + + /* Standard RDP encryption */ + case GUAC_SECURITY_RDP: +#ifdef LEGACY_RDPSETTINGS + rdp_settings->rdp_security = TRUE; + rdp_settings->tls_security = FALSE; + rdp_settings->nla_security = FALSE; + rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; + rdp_settings->encryption_method = + ENCRYPTION_METHOD_40BIT + | ENCRYPTION_METHOD_128BIT + | ENCRYPTION_METHOD_FIPS; +#else + rdp_settings->RdpSecurity = TRUE; + rdp_settings->TlsSecurity = FALSE; + rdp_settings->NlaSecurity = FALSE; + rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; + rdp_settings->EncryptionMethods = + ENCRYPTION_METHOD_40BIT + | ENCRYPTION_METHOD_128BIT + | ENCRYPTION_METHOD_FIPS; +#endif + break; + + /* TLS encryption */ + case GUAC_SECURITY_TLS: +#ifdef LEGACY_RDPSETTINGS + rdp_settings->rdp_security = FALSE; + rdp_settings->tls_security = TRUE; + rdp_settings->nla_security = FALSE; +#else + rdp_settings->RdpSecurity = FALSE; + rdp_settings->TlsSecurity = TRUE; + rdp_settings->NlaSecurity = FALSE; +#endif + break; + + /* Network level authentication */ + case GUAC_SECURITY_NLA: +#ifdef LEGACY_RDPSETTINGS + rdp_settings->rdp_security = FALSE; + rdp_settings->tls_security = FALSE; + rdp_settings->nla_security = TRUE; +#else + rdp_settings->RdpSecurity = FALSE; + rdp_settings->TlsSecurity = FALSE; + rdp_settings->NlaSecurity = TRUE; +#endif + break; + + /* All security types */ + case GUAC_SECURITY_ANY: +#ifdef LEGACY_RDPSETTINGS + rdp_settings->rdp_security = TRUE; + rdp_settings->tls_security = TRUE; + rdp_settings->nla_security = TRUE; +#else + rdp_settings->RdpSecurity = TRUE; + rdp_settings->TlsSecurity = TRUE; + rdp_settings->NlaSecurity = TRUE; +#endif + break; + + } + + /* Authentication */ #ifdef LEGACY_RDPSETTINGS rdp_settings->authentication = guac_settings->enable_authentication; - rdp_settings->rdp_security = TRUE; - rdp_settings->tls_security = guac_settings->enable_tls_security; - rdp_settings->nla_security = guac_settings->enable_nla_security; rdp_settings->ignore_certificate = guac_settings->ignore_certificate; rdp_settings->encryption = TRUE; - rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; - rdp_settings->encryption_method = - ENCRYPTION_METHOD_40BIT - | ENCRYPTION_METHOD_128BIT - | ENCRYPTION_METHOD_FIPS; #else rdp_settings->Authentication = guac_settings->enable_authentication; - rdp_settings->RdpSecurity = TRUE; - rdp_settings->TlsSecurity = guac_settings->enable_tls_security; - rdp_settings->NlaSecurity = guac_settings->enable_nla_security; rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate; rdp_settings->DisableEncryption = FALSE; - rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; - rdp_settings->EncryptionMethods = - ENCRYPTION_METHOD_40BIT - | ENCRYPTION_METHOD_128BIT - | ENCRYPTION_METHOD_FIPS; #endif /* Order support */ diff --git a/src/protocols/rdp/rdp_settings.h b/src/protocols/rdp/rdp_settings.h index bc63753d..71089992 100644 --- a/src/protocols/rdp/rdp_settings.h +++ b/src/protocols/rdp/rdp_settings.h @@ -63,6 +63,33 @@ */ #define RDP_DEFAULT_DEPTH 16 +/** + * All supported combinations of security types. + */ +typedef enum guac_rdp_security { + + /** + * Standard RDP encryption. + */ + GUAC_SECURITY_RDP, + + /** + * TLS encryption. + */ + GUAC_SECURITY_TLS, + + /** + * Network level authentication. + */ + GUAC_SECURITY_NLA, + + /** + * Any method supported by the server. + */ + GUAC_SECURITY_ANY + +} guac_rdp_security; + /** * All settings supported by the Guacamole RDP client. */ @@ -139,14 +166,9 @@ typedef struct guac_rdp_settings { char* initial_program; /** - * Whether NLA security is enabled. + * The type of security to use for the connection. */ - int enable_nla_security; - - /** - * Whether TLS security is enabled. - */ - int enable_tls_security; + guac_rdp_security security_mode; /** * Whether bad server certificates should be ignored.