Add options for controlling TLS and NLA security, as well as authentication and bad certs.
This commit is contained in:
parent
21b704690b
commit
d2cdb055f8
@ -109,6 +109,10 @@ const char* GUAC_CLIENT_ARGS[] = {
|
||||
"console",
|
||||
"console-audio",
|
||||
"server-layout",
|
||||
"enable-nla",
|
||||
"enable-tls",
|
||||
"ignore-certificate",
|
||||
"enable-authentication",
|
||||
NULL
|
||||
};
|
||||
|
||||
@ -128,6 +132,10 @@ enum RDP_ARGS_IDX {
|
||||
IDX_CONSOLE,
|
||||
IDX_CONSOLE_AUDIO,
|
||||
IDX_SERVER_LAYOUT,
|
||||
IDX_ENABLE_NLA,
|
||||
IDX_ENABLE_TLS,
|
||||
IDX_IGNORE_CERT,
|
||||
IDX_ENABLE_AUTH,
|
||||
RDP_ARGS_COUNT
|
||||
};
|
||||
|
||||
@ -405,6 +413,12 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
|
||||
settings->console = (strcmp(argv[IDX_CONSOLE], "true") == 0);
|
||||
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
|
||||
|
||||
/* Security */
|
||||
settings->enable_nla_security = (strcmp(argv[IDX_ENABLE_NLA], "true") == 0);
|
||||
settings->enable_tls_security = (strcmp(argv[IDX_ENABLE_TLS], "true") == 0);
|
||||
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
|
||||
settings->enable_authentication = (strcmp(argv[IDX_ENABLE_AUTH], "true") == 0);
|
||||
|
||||
/* Set hostname */
|
||||
settings->hostname = strdup(argv[IDX_HOSTNAME]);
|
||||
|
||||
|
@ -103,30 +103,31 @@ void guac_rdp_push_settings(guac_rdp_settings* guac_settings, freerdp* rdp) {
|
||||
rdp_settings->RemoteConsoleAudio = guac_settings->console_audio;
|
||||
#endif
|
||||
|
||||
/* --no-auth */
|
||||
#ifdef LEGACY_RDPSETTINGS
|
||||
rdp_settings->authentication = FALSE;
|
||||
#else
|
||||
rdp_settings->Authentication = FALSE;
|
||||
#endif
|
||||
|
||||
/* --sec rdp */
|
||||
/* Security */
|
||||
#ifdef LEGACY_RDPSETTINGS
|
||||
rdp_settings->authentication = guac_settings->enable_authentication;
|
||||
rdp_settings->rdp_security = TRUE;
|
||||
rdp_settings->tls_security = FALSE;
|
||||
rdp_settings->nla_security = FALSE;
|
||||
rdp_settings->tls_security = guac_settings->enable_tls_security;
|
||||
rdp_settings->nla_security = guac_settings->enable_nla_security;
|
||||
rdp_settings->ignore_certificate = guac_settings->ignore_certificate;
|
||||
rdp_settings->encryption = TRUE;
|
||||
rdp_settings->encryption_method =
|
||||
ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
|
||||
rdp_settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
||||
rdp_settings->encryption_method =
|
||||
ENCRYPTION_METHOD_40BIT
|
||||
| ENCRYPTION_METHOD_128BIT
|
||||
| ENCRYPTION_METHOD_FIPS;
|
||||
#else
|
||||
rdp_settings->Authentication = guac_settings->enable_authentication;
|
||||
rdp_settings->RdpSecurity = TRUE;
|
||||
rdp_settings->TlsSecurity = FALSE;
|
||||
rdp_settings->NlaSecurity = FALSE;
|
||||
rdp_settings->TlsSecurity = guac_settings->enable_tls_security;
|
||||
rdp_settings->NlaSecurity = guac_settings->enable_nla_security;
|
||||
rdp_settings->IgnoreCertificate = guac_settings->ignore_certificate;
|
||||
rdp_settings->DisableEncryption = FALSE;
|
||||
rdp_settings->EncryptionMethods =
|
||||
ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
|
||||
rdp_settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
|
||||
rdp_settings->EncryptionMethods =
|
||||
ENCRYPTION_METHOD_40BIT
|
||||
| ENCRYPTION_METHOD_128BIT
|
||||
| ENCRYPTION_METHOD_FIPS;
|
||||
#endif
|
||||
|
||||
/* Order support */
|
||||
|
@ -138,6 +138,28 @@ typedef struct guac_rdp_settings {
|
||||
*/
|
||||
char* initial_program;
|
||||
|
||||
/**
|
||||
* Whether NLA security is enabled.
|
||||
*/
|
||||
int enable_nla_security;
|
||||
|
||||
/**
|
||||
* Whether TLS security is enabled.
|
||||
*/
|
||||
int enable_tls_security;
|
||||
|
||||
/**
|
||||
* Whether bad server certificates should be ignored.
|
||||
*/
|
||||
int ignore_certificate;
|
||||
|
||||
/**
|
||||
* Whether authentication should be enabled. This is different from the
|
||||
* authentication that takes place when a user provides their username
|
||||
* and password.
|
||||
*/
|
||||
int enable_authentication;
|
||||
|
||||
} guac_rdp_settings;
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user