Shorten parameter names, combine enable-tls and enable-nla into a single security parameter.

This commit is contained in:
Michael Jumper 2013-08-24 12:30:38 -07:00
parent d2cdb055f8
commit ac2bf524d9
3 changed files with 110 additions and 31 deletions

View File

@ -109,10 +109,9 @@ const char* GUAC_CLIENT_ARGS[] = {
"console", "console",
"console-audio", "console-audio",
"server-layout", "server-layout",
"enable-nla", "security",
"enable-tls", "ignore-cert",
"ignore-certificate", "enable-auth",
"enable-authentication",
NULL NULL
}; };
@ -132,8 +131,7 @@ enum RDP_ARGS_IDX {
IDX_CONSOLE, IDX_CONSOLE,
IDX_CONSOLE_AUDIO, IDX_CONSOLE_AUDIO,
IDX_SERVER_LAYOUT, IDX_SERVER_LAYOUT,
IDX_ENABLE_NLA, IDX_SECURITY,
IDX_ENABLE_TLS,
IDX_IGNORE_CERT, IDX_IGNORE_CERT,
IDX_ENABLE_AUTH, IDX_ENABLE_AUTH,
RDP_ARGS_COUNT RDP_ARGS_COUNT
@ -414,11 +412,19 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0); settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
/* Security */ /* Security */
settings->enable_nla_security = (strcmp(argv[IDX_ENABLE_NLA], "true") == 0);
settings->enable_tls_security = (strcmp(argv[IDX_ENABLE_TLS], "true") == 0);
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0); settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0); settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
/* Parse security mode */
if (strcmp(argv[IDX_SECURITY], "nla") == 0)
settings->security_mode = GUAC_SECURITY_NLA;
else if (strcmp(argv[IDX_SECURITY], "tls") == 0)
settings->security_mode = GUAC_SECURITY_TLS;
else if (strcmp(argv[IDX_SECURITY], "any") == 0)
settings->security_mode = GUAC_SECURITY_ANY;
else
settings->security_mode = GUAC_SECURITY_RDP;
/* Set hostname */ /* Set hostname */
settings->hostname = strdup(argv[IDX_HOSTNAME]); settings->hostname = strdup(argv[IDX_HOSTNAME]);

View File

@ -104,30 +104,81 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
#endif #endif
/* Security */ /* Security */
switch (guac_settings->security_mode) {
/* Standard RDP encryption */
case GUAC_SECURITY_RDP:
#ifdef LEGACY_RDPSETTINGS
rdp_settings->rdp_security = TRUE;
rdp_settings->tls_security = FALSE;
rdp_settings->nla_security = FALSE;
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
rdp_settings->encryption_method =
ENCRYPTION_METHOD_40BIT
| ENCRYPTION_METHOD_128BIT
| ENCRYPTION_METHOD_FIPS;
#else
rdp_settings->RdpSecurity = TRUE;
rdp_settings->TlsSecurity = FALSE;
rdp_settings->NlaSecurity = FALSE;
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
rdp_settings->EncryptionMethods =
ENCRYPTION_METHOD_40BIT
| ENCRYPTION_METHOD_128BIT
| ENCRYPTION_METHOD_FIPS;
#endif
break;
/* TLS encryption */
case GUAC_SECURITY_TLS:
#ifdef LEGACY_RDPSETTINGS
rdp_settings->rdp_security = FALSE;
rdp_settings->tls_security = TRUE;
rdp_settings->nla_security = FALSE;
#else
rdp_settings->RdpSecurity = FALSE;
rdp_settings->TlsSecurity = TRUE;
rdp_settings->NlaSecurity = FALSE;
#endif
break;
/* Network level authentication */
case GUAC_SECURITY_NLA:
#ifdef LEGACY_RDPSETTINGS
rdp_settings->rdp_security = FALSE;
rdp_settings->tls_security = FALSE;
rdp_settings->nla_security = TRUE;
#else
rdp_settings->RdpSecurity = FALSE;
rdp_settings->TlsSecurity = FALSE;
rdp_settings->NlaSecurity = TRUE;
#endif
break;
/* All security types */
case GUAC_SECURITY_ANY:
#ifdef LEGACY_RDPSETTINGS
rdp_settings->rdp_security = TRUE;
rdp_settings->tls_security = TRUE;
rdp_settings->nla_security = TRUE;
#else
rdp_settings->RdpSecurity = TRUE;
rdp_settings->TlsSecurity = TRUE;
rdp_settings->NlaSecurity = TRUE;
#endif
break;
}
/* Authentication */
#ifdef LEGACY_RDPSETTINGS #ifdef LEGACY_RDPSETTINGS
rdp_settings->authentication = guac_settings->enable_authentication; rdp_settings->authentication = guac_settings->enable_authentication;
rdp_settings->rdp_security = TRUE;
rdp_settings->tls_security = guac_settings->enable_tls_security;
rdp_settings->nla_security = guac_settings->enable_nla_security;
rdp_settings->ignore_certificate = guac_settings->ignore_certificate; rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
rdp_settings->encryption = TRUE; rdp_settings->encryption = TRUE;
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
rdp_settings->encryption_method =
ENCRYPTION_METHOD_40BIT
| ENCRYPTION_METHOD_128BIT
| ENCRYPTION_METHOD_FIPS;
#else #else
rdp_settings->Authentication = guac_settings->enable_authentication; rdp_settings->Authentication = guac_settings->enable_authentication;
rdp_settings->RdpSecurity = TRUE;
rdp_settings->TlsSecurity = guac_settings->enable_tls_security;
rdp_settings->NlaSecurity = guac_settings->enable_nla_security;
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate; rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
rdp_settings->DisableEncryption = FALSE; rdp_settings->DisableEncryption = FALSE;
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
rdp_settings->EncryptionMethods =
ENCRYPTION_METHOD_40BIT
| ENCRYPTION_METHOD_128BIT
| ENCRYPTION_METHOD_FIPS;
#endif #endif
/* Order support */ /* Order support */

View File

@ -63,6 +63,33 @@
*/ */
#define RDP_DEFAULT_DEPTH 16 #define RDP_DEFAULT_DEPTH 16
/**
* All supported combinations of security types.
*/
typedef enum guac_rdp_security {
/**
* Standard RDP encryption.
*/
GUAC_SECURITY_RDP,
/**
* TLS encryption.
*/
GUAC_SECURITY_TLS,
/**
* Network level authentication.
*/
GUAC_SECURITY_NLA,
/**
* Any method supported by the server.
*/
GUAC_SECURITY_ANY
} guac_rdp_security;
/** /**
* All settings supported by the Guacamole RDP client. * All settings supported by the Guacamole RDP client.
*/ */
@ -139,14 +166,9 @@ typedef struct guac_rdp_settings {
char* initial_program; char* initial_program;
/** /**
* Whether NLA security is enabled. * The type of security to use for the connection.
*/ */
int enable_nla_security; guac_rdp_security security_mode;
/**
* Whether TLS security is enabled.
*/
int enable_tls_security;
/** /**
* Whether bad server certificates should be ignored. * Whether bad server certificates should be ignored.