Add options for controlling TLS and NLA security, as well as authentication and bad certs.

This commit is contained in:
Michael Jumper 2013-08-24 01:17:27 -07:00
parent 21b704690b
commit d2cdb055f8
3 changed files with 53 additions and 16 deletions

View File

@ -109,6 +109,10 @@ const char* GUAC_CLIENT_ARGS[] = {
"console", "console",
"console-audio", "console-audio",
"server-layout", "server-layout",
"enable-nla",
"enable-tls",
"ignore-certificate",
"enable-authentication",
NULL NULL
}; };
@ -128,6 +132,10 @@ enum RDP_ARGS_IDX {
IDX_CONSOLE, IDX_CONSOLE,
IDX_CONSOLE_AUDIO, IDX_CONSOLE_AUDIO,
IDX_SERVER_LAYOUT, IDX_SERVER_LAYOUT,
IDX_ENABLE_NLA,
IDX_ENABLE_TLS,
IDX_IGNORE_CERT,
IDX_ENABLE_AUTH,
RDP_ARGS_COUNT RDP_ARGS_COUNT
}; };
@ -405,6 +413,12 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
settings->console = (strcmp(argv[IDX_CONSOLE], "true") == 0); settings->console = (strcmp(argv[IDX_CONSOLE], "true") == 0);
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0); settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
/* Security */
settings->enable_nla_security = (strcmp(argv[IDX_ENABLE_NLA], "true") == 0);
settings->enable_tls_security = (strcmp(argv[IDX_ENABLE_TLS], "true") == 0);
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
/* Set hostname */ /* Set hostname */
settings->hostname = strdup(argv[IDX_HOSTNAME]); settings->hostname = strdup(argv[IDX_HOSTNAME]);

View File

@ -103,30 +103,31 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
rdp_settings->RemoteConsoleAudio = guac_settings->console_audio; rdp_settings->RemoteConsoleAudio = guac_settings->console_audio;
#endif #endif
/* --no-auth */ /* Security */
#ifdef LEGACY_RDPSETTINGS
rdp_settings->authentication = FALSE;
#else
rdp_settings->Authentication = FALSE;
#endif
/* --sec rdp */
#ifdef LEGACY_RDPSETTINGS #ifdef LEGACY_RDPSETTINGS
rdp_settings->authentication = guac_settings->enable_authentication;
rdp_settings->rdp_security = TRUE; rdp_settings->rdp_security = TRUE;
rdp_settings->tls_security = FALSE; rdp_settings->tls_security = guac_settings->enable_tls_security;
rdp_settings->nla_security = FALSE; rdp_settings->nla_security = guac_settings->enable_nla_security;
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
rdp_settings->encryption = TRUE; rdp_settings->encryption = TRUE;
rdp_settings->encryption_method =
ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
rdp_settings->encryption_method =
ENCRYPTION_METHOD_40BIT
| ENCRYPTION_METHOD_128BIT
| ENCRYPTION_METHOD_FIPS;
#else #else
rdp_settings->Authentication = guac_settings->enable_authentication;
rdp_settings->RdpSecurity = TRUE; rdp_settings->RdpSecurity = TRUE;
rdp_settings->TlsSecurity = FALSE; rdp_settings->TlsSecurity = guac_settings->enable_tls_security;
rdp_settings->NlaSecurity = FALSE; rdp_settings->NlaSecurity = guac_settings->enable_nla_security;
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
rdp_settings->DisableEncryption = FALSE; rdp_settings->DisableEncryption = FALSE;
rdp_settings->EncryptionMethods =
ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
rdp_settings->EncryptionMethods =
ENCRYPTION_METHOD_40BIT
| ENCRYPTION_METHOD_128BIT
| ENCRYPTION_METHOD_FIPS;
#endif #endif
/* Order support */ /* Order support */

View File

@ -138,6 +138,28 @@ typedef struct guac_rdp_settings {
*/ */
char* initial_program; char* initial_program;
/**
* Whether NLA security is enabled.
*/
int enable_nla_security;
/**
* Whether TLS security is enabled.
*/
int enable_tls_security;
/**
* Whether bad server certificates should be ignored.
*/
int ignore_certificate;
/**
* Whether authentication should be enabled. This is different from the
* authentication that takes place when a user provides their username
* and password.
*/
int enable_authentication;
} guac_rdp_settings; } guac_rdp_settings;