Shorten parameter names, combine enable-tls and enable-nla into a single security parameter.
This commit is contained in:
parent
d2cdb055f8
commit
ac2bf524d9
@ -109,10 +109,9 @@ const char* GUAC_CLIENT_ARGS[] = {
|
|||||||
"console",
|
"console",
|
||||||
"console-audio",
|
"console-audio",
|
||||||
"server-layout",
|
"server-layout",
|
||||||
"enable-nla",
|
"security",
|
||||||
"enable-tls",
|
"ignore-cert",
|
||||||
"ignore-certificate",
|
"enable-auth",
|
||||||
"enable-authentication",
|
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -132,8 +131,7 @@ enum RDP_ARGS_IDX {
|
|||||||
IDX_CONSOLE,
|
IDX_CONSOLE,
|
||||||
IDX_CONSOLE_AUDIO,
|
IDX_CONSOLE_AUDIO,
|
||||||
IDX_SERVER_LAYOUT,
|
IDX_SERVER_LAYOUT,
|
||||||
IDX_ENABLE_NLA,
|
IDX_SECURITY,
|
||||||
IDX_ENABLE_TLS,
|
|
||||||
IDX_IGNORE_CERT,
|
IDX_IGNORE_CERT,
|
||||||
IDX_ENABLE_AUTH,
|
IDX_ENABLE_AUTH,
|
||||||
RDP_ARGS_COUNT
|
RDP_ARGS_COUNT
|
||||||
@ -414,11 +412,19 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
|||||||
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
|
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
|
||||||
|
|
||||||
/* Security */
|
/* Security */
|
||||||
settings->enable_nla_security = (strcmp(argv[IDX_ENABLE_NLA], "true") == 0);
|
|
||||||
settings->enable_tls_security = (strcmp(argv[IDX_ENABLE_TLS], "true") == 0);
|
|
||||||
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
|
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
|
||||||
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
|
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
|
||||||
|
|
||||||
|
/* Parse security mode */
|
||||||
|
if (strcmp(argv[IDX_SECURITY], "nla") == 0)
|
||||||
|
settings->security_mode = GUAC_SECURITY_NLA;
|
||||||
|
else if (strcmp(argv[IDX_SECURITY], "tls") == 0)
|
||||||
|
settings->security_mode = GUAC_SECURITY_TLS;
|
||||||
|
else if (strcmp(argv[IDX_SECURITY], "any") == 0)
|
||||||
|
settings->security_mode = GUAC_SECURITY_ANY;
|
||||||
|
else
|
||||||
|
settings->security_mode = GUAC_SECURITY_RDP;
|
||||||
|
|
||||||
/* Set hostname */
|
/* Set hostname */
|
||||||
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
||||||
|
|
||||||
|
@ -104,30 +104,81 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Security */
|
/* Security */
|
||||||
|
switch (guac_settings->security_mode) {
|
||||||
|
|
||||||
|
/* Standard RDP encryption */
|
||||||
|
case GUAC_SECURITY_RDP:
|
||||||
|
#ifdef LEGACY_RDPSETTINGS
|
||||||
|
rdp_settings->rdp_security = TRUE;
|
||||||
|
rdp_settings->tls_security = FALSE;
|
||||||
|
rdp_settings->nla_security = FALSE;
|
||||||
|
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
||||||
|
rdp_settings->encryption_method =
|
||||||
|
ENCRYPTION_METHOD_40BIT
|
||||||
|
| ENCRYPTION_METHOD_128BIT
|
||||||
|
| ENCRYPTION_METHOD_FIPS;
|
||||||
|
#else
|
||||||
|
rdp_settings->RdpSecurity = TRUE;
|
||||||
|
rdp_settings->TlsSecurity = FALSE;
|
||||||
|
rdp_settings->NlaSecurity = FALSE;
|
||||||
|
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
||||||
|
rdp_settings->EncryptionMethods =
|
||||||
|
ENCRYPTION_METHOD_40BIT
|
||||||
|
| ENCRYPTION_METHOD_128BIT
|
||||||
|
| ENCRYPTION_METHOD_FIPS;
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
|
||||||
|
/* TLS encryption */
|
||||||
|
case GUAC_SECURITY_TLS:
|
||||||
|
#ifdef LEGACY_RDPSETTINGS
|
||||||
|
rdp_settings->rdp_security = FALSE;
|
||||||
|
rdp_settings->tls_security = TRUE;
|
||||||
|
rdp_settings->nla_security = FALSE;
|
||||||
|
#else
|
||||||
|
rdp_settings->RdpSecurity = FALSE;
|
||||||
|
rdp_settings->TlsSecurity = TRUE;
|
||||||
|
rdp_settings->NlaSecurity = FALSE;
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
|
||||||
|
/* Network level authentication */
|
||||||
|
case GUAC_SECURITY_NLA:
|
||||||
|
#ifdef LEGACY_RDPSETTINGS
|
||||||
|
rdp_settings->rdp_security = FALSE;
|
||||||
|
rdp_settings->tls_security = FALSE;
|
||||||
|
rdp_settings->nla_security = TRUE;
|
||||||
|
#else
|
||||||
|
rdp_settings->RdpSecurity = FALSE;
|
||||||
|
rdp_settings->TlsSecurity = FALSE;
|
||||||
|
rdp_settings->NlaSecurity = TRUE;
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
|
||||||
|
/* All security types */
|
||||||
|
case GUAC_SECURITY_ANY:
|
||||||
|
#ifdef LEGACY_RDPSETTINGS
|
||||||
|
rdp_settings->rdp_security = TRUE;
|
||||||
|
rdp_settings->tls_security = TRUE;
|
||||||
|
rdp_settings->nla_security = TRUE;
|
||||||
|
#else
|
||||||
|
rdp_settings->RdpSecurity = TRUE;
|
||||||
|
rdp_settings->TlsSecurity = TRUE;
|
||||||
|
rdp_settings->NlaSecurity = TRUE;
|
||||||
|
#endif
|
||||||
|
break;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Authentication */
|
||||||
#ifdef LEGACY_RDPSETTINGS
|
#ifdef LEGACY_RDPSETTINGS
|
||||||
rdp_settings->authentication = guac_settings->enable_authentication;
|
rdp_settings->authentication = guac_settings->enable_authentication;
|
||||||
rdp_settings->rdp_security = TRUE;
|
|
||||||
rdp_settings->tls_security = guac_settings->enable_tls_security;
|
|
||||||
rdp_settings->nla_security = guac_settings->enable_nla_security;
|
|
||||||
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
|
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
|
||||||
rdp_settings->encryption = TRUE;
|
rdp_settings->encryption = TRUE;
|
||||||
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
|
||||||
rdp_settings->encryption_method =
|
|
||||||
ENCRYPTION_METHOD_40BIT
|
|
||||||
| ENCRYPTION_METHOD_128BIT
|
|
||||||
| ENCRYPTION_METHOD_FIPS;
|
|
||||||
#else
|
#else
|
||||||
rdp_settings->Authentication = guac_settings->enable_authentication;
|
rdp_settings->Authentication = guac_settings->enable_authentication;
|
||||||
rdp_settings->RdpSecurity = TRUE;
|
|
||||||
rdp_settings->TlsSecurity = guac_settings->enable_tls_security;
|
|
||||||
rdp_settings->NlaSecurity = guac_settings->enable_nla_security;
|
|
||||||
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
|
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
|
||||||
rdp_settings->DisableEncryption = FALSE;
|
rdp_settings->DisableEncryption = FALSE;
|
||||||
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
|
||||||
rdp_settings->EncryptionMethods =
|
|
||||||
ENCRYPTION_METHOD_40BIT
|
|
||||||
| ENCRYPTION_METHOD_128BIT
|
|
||||||
| ENCRYPTION_METHOD_FIPS;
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Order support */
|
/* Order support */
|
||||||
|
@ -63,6 +63,33 @@
|
|||||||
*/
|
*/
|
||||||
#define RDP_DEFAULT_DEPTH 16
|
#define RDP_DEFAULT_DEPTH 16
|
||||||
|
|
||||||
|
/**
|
||||||
|
* All supported combinations of security types.
|
||||||
|
*/
|
||||||
|
typedef enum guac_rdp_security {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Standard RDP encryption.
|
||||||
|
*/
|
||||||
|
GUAC_SECURITY_RDP,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* TLS encryption.
|
||||||
|
*/
|
||||||
|
GUAC_SECURITY_TLS,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Network level authentication.
|
||||||
|
*/
|
||||||
|
GUAC_SECURITY_NLA,
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Any method supported by the server.
|
||||||
|
*/
|
||||||
|
GUAC_SECURITY_ANY
|
||||||
|
|
||||||
|
} guac_rdp_security;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* All settings supported by the Guacamole RDP client.
|
* All settings supported by the Guacamole RDP client.
|
||||||
*/
|
*/
|
||||||
@ -139,14 +166,9 @@ typedef struct guac_rdp_settings {
|
|||||||
char* initial_program;
|
char* initial_program;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whether NLA security is enabled.
|
* The type of security to use for the connection.
|
||||||
*/
|
*/
|
||||||
int enable_nla_security;
|
guac_rdp_security security_mode;
|
||||||
|
|
||||||
/**
|
|
||||||
* Whether TLS security is enabled.
|
|
||||||
*/
|
|
||||||
int enable_tls_security;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Whether bad server certificates should be ignored.
|
* Whether bad server certificates should be ignored.
|
||||||
|
Loading…
Reference in New Issue
Block a user