From aa8c8cac840673a172e43d83b7e8d035a5d440bf Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sun, 22 Mar 2020 16:12:51 -0700 Subject: [PATCH 1/2] GUACAMOLE-952: Remove incorrect Preconnection PDU warning left over from old FreeRDP support. --- src/protocols/rdp/settings.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/protocols/rdp/settings.c b/src/protocols/rdp/settings.c index 117b50bf..21a32b72 100644 --- a/src/protocols/rdp/settings.c +++ b/src/protocols/rdp/settings.c @@ -808,15 +808,6 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user, "Preconnection BLOB: \"%s\"", settings->preconnection_blob); } - /* Warn if support for the preconnection BLOB / ID is absent */ - if (settings->preconnection_blob != NULL - || settings->preconnection_id != -1) { - guac_user_log(user, GUAC_LOG_WARNING, - "Installed version of FreeRDP lacks support for the " - "preconnection PDU. The specified preconnection BLOB and/or " - "ID will be ignored."); - } - /* Audio enable/disable */ settings->audio_enabled = !guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv, From 04b86334106b42608171c8c2a8a924362b3c26f7 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sun, 22 Mar 2020 16:22:55 -0700 Subject: [PATCH 2/2] GUACAMOLE-952: Add security negotiation mode specific to Hyper-V / VMConnect. --- src/protocols/rdp/settings.c | 25 ++++++++++++++++++++----- src/protocols/rdp/settings.h | 10 ++++++++++ 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/src/protocols/rdp/settings.c b/src/protocols/rdp/settings.c index 21a32b72..c6db3c8f 100644 --- a/src/protocols/rdp/settings.c +++ b/src/protocols/rdp/settings.c @@ -235,8 +235,8 @@ enum RDP_ARGS_IDX { /** * The type of security to use for the connection. Valid values are "rdp", - * "tls", "nla", "nla-ext", or "any". By default, the security mode is - * negotiated ("any"). + * "tls", "nla", "nla-ext", "vmconnect", or "any". By default, the security + * mode is negotiated ("any"). */ IDX_SECURITY, @@ -611,6 +611,12 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user, settings->security_mode = GUAC_SECURITY_RDP; } + /* Negotiate security supported by VMConnect */ + else if (strcmp(argv[IDX_SECURITY], "vmconnect") == 0) { + guac_user_log(user, GUAC_LOG_INFO, "Security mode: Hyper-V / VMConnect"); + settings->security_mode = GUAC_SECURITY_VMCONNECT; + } + /* Negotiate security (allow server to choose) */ else if (strcmp(argv[IDX_SECURITY], "any") == 0) { guac_user_log(user, GUAC_LOG_INFO, "Security mode: Negotiate (ANY)"); @@ -628,10 +634,10 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user, guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, IDX_HOSTNAME, ""); - /* If port specified, use it */ + /* If port specified, use it, otherwise use an appropriate default */ settings->port = - guac_user_parse_args_int(user, GUAC_RDP_CLIENT_ARGS, argv, - IDX_PORT, RDP_DEFAULT_PORT); + guac_user_parse_args_int(user, GUAC_RDP_CLIENT_ARGS, argv, IDX_PORT, + settings->security_mode == GUAC_SECURITY_VMCONNECT ? RDP_DEFAULT_VMCONNECT_PORT : RDP_DEFAULT_PORT); guac_user_log(user, GUAC_LOG_DEBUG, "User resolution is %ix%i at %i DPI", @@ -1268,6 +1274,15 @@ void guac_rdp_push_settings(guac_client* client, rdp_settings->ExtSecurity = TRUE; break; + /* Hyper-V "VMConnect" negotiation mode */ + case GUAC_SECURITY_VMCONNECT: + rdp_settings->RdpSecurity = FALSE; + rdp_settings->TlsSecurity = TRUE; + rdp_settings->NlaSecurity = TRUE; + rdp_settings->ExtSecurity = FALSE; + rdp_settings->VmConnectMode = TRUE; + break; + /* All security types */ case GUAC_SECURITY_ANY: rdp_settings->RdpSecurity = TRUE; diff --git a/src/protocols/rdp/settings.h b/src/protocols/rdp/settings.h index e4c579ed..70199b8f 100644 --- a/src/protocols/rdp/settings.h +++ b/src/protocols/rdp/settings.h @@ -38,6 +38,11 @@ */ #define RDP_DEFAULT_PORT 3389 +/** + * The default RDP port used by Hyper-V "VMConnect". + */ +#define RDP_DEFAULT_VMCONNECT_PORT 2179 + /** * Default screen width, in pixels. */ @@ -93,6 +98,11 @@ typedef enum guac_rdp_security { */ GUAC_SECURITY_EXTENDED_NLA, + /** + * Negotiate security methods supported by Hyper-V's "VMConnect" feature. + */ + GUAC_SECURITY_VMCONNECT, + /** * Negotiate a security method supported by both server and client. */