GUACAMOLE-952: Merge correct security negotiation behavior for Hyper-V / VMConnect.

This commit is contained in:
Virtually Nick 2020-03-22 20:29:33 -04:00 committed by GitHub
commit e78eb589d9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 14 deletions

View File

@ -235,8 +235,8 @@ enum RDP_ARGS_IDX {
/** /**
* The type of security to use for the connection. Valid values are "rdp", * The type of security to use for the connection. Valid values are "rdp",
* "tls", "nla", "nla-ext", or "any". By default, the security mode is * "tls", "nla", "nla-ext", "vmconnect", or "any". By default, the security
* negotiated ("any"). * mode is negotiated ("any").
*/ */
IDX_SECURITY, IDX_SECURITY,
@ -611,6 +611,12 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
settings->security_mode = GUAC_SECURITY_RDP; settings->security_mode = GUAC_SECURITY_RDP;
} }
/* Negotiate security supported by VMConnect */
else if (strcmp(argv[IDX_SECURITY], "vmconnect") == 0) {
guac_user_log(user, GUAC_LOG_INFO, "Security mode: Hyper-V / VMConnect");
settings->security_mode = GUAC_SECURITY_VMCONNECT;
}
/* Negotiate security (allow server to choose) */ /* Negotiate security (allow server to choose) */
else if (strcmp(argv[IDX_SECURITY], "any") == 0) { else if (strcmp(argv[IDX_SECURITY], "any") == 0) {
guac_user_log(user, GUAC_LOG_INFO, "Security mode: Negotiate (ANY)"); guac_user_log(user, GUAC_LOG_INFO, "Security mode: Negotiate (ANY)");
@ -628,10 +634,10 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
IDX_HOSTNAME, ""); IDX_HOSTNAME, "");
/* If port specified, use it */ /* If port specified, use it, otherwise use an appropriate default */
settings->port = settings->port =
guac_user_parse_args_int(user, GUAC_RDP_CLIENT_ARGS, argv, guac_user_parse_args_int(user, GUAC_RDP_CLIENT_ARGS, argv, IDX_PORT,
IDX_PORT, RDP_DEFAULT_PORT); settings->security_mode == GUAC_SECURITY_VMCONNECT ? RDP_DEFAULT_VMCONNECT_PORT : RDP_DEFAULT_PORT);
guac_user_log(user, GUAC_LOG_DEBUG, guac_user_log(user, GUAC_LOG_DEBUG,
"User resolution is %ix%i at %i DPI", "User resolution is %ix%i at %i DPI",
@ -808,15 +814,6 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
"Preconnection BLOB: \"%s\"", settings->preconnection_blob); "Preconnection BLOB: \"%s\"", settings->preconnection_blob);
} }
/* Warn if support for the preconnection BLOB / ID is absent */
if (settings->preconnection_blob != NULL
|| settings->preconnection_id != -1) {
guac_user_log(user, GUAC_LOG_WARNING,
"Installed version of FreeRDP lacks support for the "
"preconnection PDU. The specified preconnection BLOB and/or "
"ID will be ignored.");
}
/* Audio enable/disable */ /* Audio enable/disable */
settings->audio_enabled = settings->audio_enabled =
!guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv, !guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv,
@ -1277,6 +1274,15 @@ void guac_rdp_push_settings(guac_client* client,
rdp_settings->ExtSecurity = TRUE; rdp_settings->ExtSecurity = TRUE;
break; break;
/* Hyper-V "VMConnect" negotiation mode */
case GUAC_SECURITY_VMCONNECT:
rdp_settings->RdpSecurity = FALSE;
rdp_settings->TlsSecurity = TRUE;
rdp_settings->NlaSecurity = TRUE;
rdp_settings->ExtSecurity = FALSE;
rdp_settings->VmConnectMode = TRUE;
break;
/* All security types */ /* All security types */
case GUAC_SECURITY_ANY: case GUAC_SECURITY_ANY:
rdp_settings->RdpSecurity = TRUE; rdp_settings->RdpSecurity = TRUE;

View File

@ -38,6 +38,11 @@
*/ */
#define RDP_DEFAULT_PORT 3389 #define RDP_DEFAULT_PORT 3389
/**
* The default RDP port used by Hyper-V "VMConnect".
*/
#define RDP_DEFAULT_VMCONNECT_PORT 2179
/** /**
* Default screen width, in pixels. * Default screen width, in pixels.
*/ */
@ -93,6 +98,11 @@ typedef enum guac_rdp_security {
*/ */
GUAC_SECURITY_EXTENDED_NLA, GUAC_SECURITY_EXTENDED_NLA,
/**
* Negotiate security methods supported by Hyper-V's "VMConnect" feature.
*/
GUAC_SECURITY_VMCONNECT,
/** /**
* Negotiate a security method supported by both server and client. * Negotiate a security method supported by both server and client.
*/ */