Add options for controlling TLS and NLA security, as well as authentication and bad certs.
This commit is contained in:
parent
21b704690b
commit
d2cdb055f8
@ -109,6 +109,10 @@ const char* GUAC_CLIENT_ARGS[] = {
|
|||||||
"console",
|
"console",
|
||||||
"console-audio",
|
"console-audio",
|
||||||
"server-layout",
|
"server-layout",
|
||||||
|
"enable-nla",
|
||||||
|
"enable-tls",
|
||||||
|
"ignore-certificate",
|
||||||
|
"enable-authentication",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -128,6 +132,10 @@ enum RDP_ARGS_IDX {
|
|||||||
IDX_CONSOLE,
|
IDX_CONSOLE,
|
||||||
IDX_CONSOLE_AUDIO,
|
IDX_CONSOLE_AUDIO,
|
||||||
IDX_SERVER_LAYOUT,
|
IDX_SERVER_LAYOUT,
|
||||||
|
IDX_ENABLE_NLA,
|
||||||
|
IDX_ENABLE_TLS,
|
||||||
|
IDX_IGNORE_CERT,
|
||||||
|
IDX_ENABLE_AUTH,
|
||||||
RDP_ARGS_COUNT
|
RDP_ARGS_COUNT
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -405,6 +413,12 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
|||||||
settings->console = (strcmp(argv[IDX_CONSOLE], "true") == 0);
|
settings->console = (strcmp(argv[IDX_CONSOLE], "true") == 0);
|
||||||
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
|
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
|
||||||
|
|
||||||
|
/* Security */
|
||||||
|
settings->enable_nla_security = (strcmp(argv[IDX_ENABLE_NLA], "true") == 0);
|
||||||
|
settings->enable_tls_security = (strcmp(argv[IDX_ENABLE_TLS], "true") == 0);
|
||||||
|
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
|
||||||
|
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
|
||||||
|
|
||||||
/* Set hostname */
|
/* Set hostname */
|
||||||
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
||||||
|
|
||||||
|
@ -103,30 +103,31 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
|
|||||||
rdp_settings->RemoteConsoleAudio = guac_settings->console_audio;
|
rdp_settings->RemoteConsoleAudio = guac_settings->console_audio;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* --no-auth */
|
/* Security */
|
||||||
#ifdef LEGACY_RDPSETTINGS
|
|
||||||
rdp_settings->authentication = FALSE;
|
|
||||||
#else
|
|
||||||
rdp_settings->Authentication = FALSE;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* --sec rdp */
|
|
||||||
#ifdef LEGACY_RDPSETTINGS
|
#ifdef LEGACY_RDPSETTINGS
|
||||||
|
rdp_settings->authentication = guac_settings->enable_authentication;
|
||||||
rdp_settings->rdp_security = TRUE;
|
rdp_settings->rdp_security = TRUE;
|
||||||
rdp_settings->tls_security = FALSE;
|
rdp_settings->tls_security = guac_settings->enable_tls_security;
|
||||||
rdp_settings->nla_security = FALSE;
|
rdp_settings->nla_security = guac_settings->enable_nla_security;
|
||||||
|
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
|
||||||
rdp_settings->encryption = TRUE;
|
rdp_settings->encryption = TRUE;
|
||||||
rdp_settings->encryption_method =
|
|
||||||
ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
|
|
||||||
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
||||||
|
rdp_settings->encryption_method =
|
||||||
|
ENCRYPTION_METHOD_40BIT
|
||||||
|
| ENCRYPTION_METHOD_128BIT
|
||||||
|
| ENCRYPTION_METHOD_FIPS;
|
||||||
#else
|
#else
|
||||||
|
rdp_settings->Authentication = guac_settings->enable_authentication;
|
||||||
rdp_settings->RdpSecurity = TRUE;
|
rdp_settings->RdpSecurity = TRUE;
|
||||||
rdp_settings->TlsSecurity = FALSE;
|
rdp_settings->TlsSecurity = guac_settings->enable_tls_security;
|
||||||
rdp_settings->NlaSecurity = FALSE;
|
rdp_settings->NlaSecurity = guac_settings->enable_nla_security;
|
||||||
|
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
|
||||||
rdp_settings->DisableEncryption = FALSE;
|
rdp_settings->DisableEncryption = FALSE;
|
||||||
rdp_settings->EncryptionMethods =
|
|
||||||
ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
|
|
||||||
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
||||||
|
rdp_settings->EncryptionMethods =
|
||||||
|
ENCRYPTION_METHOD_40BIT
|
||||||
|
| ENCRYPTION_METHOD_128BIT
|
||||||
|
| ENCRYPTION_METHOD_FIPS;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Order support */
|
/* Order support */
|
||||||
|
@ -138,6 +138,28 @@ typedef struct guac_rdp_settings {
|
|||||||
*/
|
*/
|
||||||
char* initial_program;
|
char* initial_program;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether NLA security is enabled.
|
||||||
|
*/
|
||||||
|
int enable_nla_security;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether TLS security is enabled.
|
||||||
|
*/
|
||||||
|
int enable_tls_security;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether bad server certificates should be ignored.
|
||||||
|
*/
|
||||||
|
int ignore_certificate;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether authentication should be enabled. This is different from the
|
||||||
|
* authentication that takes place when a user provides their username
|
||||||
|
* and password.
|
||||||
|
*/
|
||||||
|
int enable_authentication;
|
||||||
|
|
||||||
} guac_rdp_settings;
|
} guac_rdp_settings;
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user