aleitner commented on code in PR #517:
URL: https://github.com/apache/guacamole-server/pull/517#discussion_r1596109138
##########
src/protocols/rdp/settings.c:
##########
@@ -1451,11 +1440,279 @@ static int
guac_rdp_get_performance_flags(guac_rdp_settings* guac_settings) {
}
+int guac_rdp_get_width(freerdp* rdp) {
+#ifdef HAVE_SETTERS_GETTERS
+ return freerdp_settings_get_uint32(rdp->context->settings,
FreeRDP_DesktopWidth);
+#else
+ return rdp->settings->DesktopWidth;
+#endif
+}
+
+int guac_rdp_get_height(freerdp* rdp) {
+#ifdef HAVE_SETTERS_GETTERS
+ return freerdp_settings_get_uint32(rdp->context->settings,
FreeRDP_DesktopHeight);
+#else
+ return rdp->settings->DesktopHeight;
+#endif
+}
+
+int guac_rdp_get_depth(freerdp* rdp) {
+#ifdef HAVE_SETTERS_GETTERS
+ return freerdp_settings_get_uint32(rdp->context->settings,
FreeRDP_ColorDepth);
+#else
+ return rdp->settings->ColorDepth;
+#endif
+}
+
void guac_rdp_push_settings(guac_client* client,
guac_rdp_settings* guac_settings, freerdp* rdp) {
- rdpSettings* rdp_settings = rdp->settings;
+ rdpSettings* rdp_settings = GUAC_RDP_CONTEXT(rdp)->settings;
+
+#ifdef HAVE_SETTERS_GETTERS
+ /* Authentication */
+ freerdp_settings_set_string(rdp_settings, FreeRDP_Domain,
guac_strdup(guac_settings->domain));
+ freerdp_settings_set_string(rdp_settings, FreeRDP_Username,
guac_strdup(guac_settings->username));
+ freerdp_settings_set_string(rdp_settings, FreeRDP_Password,
guac_strdup(guac_settings->password));
+
+ /* Connection */
+ freerdp_settings_set_string(rdp_settings, FreeRDP_ServerHostname,
guac_strdup(guac_settings->hostname));
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_ServerPort,
guac_settings->port);
+
+ /* Session */
+
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_DesktopWidth,
guac_settings->width);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_DesktopHeight,
guac_settings->height);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_ColorDepth,
guac_settings->color_depth);
+ freerdp_settings_set_string(rdp_settings, FreeRDP_AlternateShell,
guac_strdup(guac_settings->initial_program));
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_KeyboardLayout,
guac_settings->server_layout->freerdp_keyboard_layout);
+
+
+ /* Performance flags */
+ /* Explicitly set flag value */
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_PerformanceFlags,
guac_rdp_get_performance_flags(guac_settings));
+
+ /* Always request frame markers */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_FrameMarkerCommandEnabled,
TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_SurfaceFrameMarkerEnabled,
TRUE);
+
+ /* Enable RemoteFX / Graphics Pipeline */
+ if (guac_settings->enable_gfx) {
+
+ freerdp_settings_set_bool(rdp_settings,
FreeRDP_SupportGraphicsPipeline, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RemoteFxCodec, TRUE);
+
+ if (freerdp_settings_get_uint32(rdp_settings, FreeRDP_ColorDepth) !=
RDP_GFX_REQUIRED_DEPTH) {
+ guac_client_log(client, GUAC_LOG_WARNING, "Ignoring requested "
+ "color depth of %i bpp, as the RDP Graphics Pipeline "
+ "requires %i bpp.",
freerdp_settings_get_uint32(rdp_settings, FreeRDP_ColorDepth),
RDP_GFX_REQUIRED_DEPTH);
+ }
+
+ /* Required for RemoteFX / Graphics Pipeline */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_FastPathOutput, TRUE);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_ColorDepth,
RDP_GFX_REQUIRED_DEPTH);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_SoftwareGdi, TRUE);
+
+ }
+
+ /* Set individual flags - some FreeRDP versions overwrite the above */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_AllowFontSmoothing,
guac_settings->font_smoothing_enabled);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_DisableWallpaper,
guac_settings->wallpaper_enabled);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_DisableFullWindowDrag,
guac_settings->full_window_drag_enabled);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_DisableMenuAnims,
guac_settings->menu_animations_enabled);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_DisableThemes,
guac_settings->theming_enabled);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_AllowDesktopComposition,
guac_settings->desktop_composition_enabled);
+
+ /* Client name */
+ if (guac_settings->client_name != NULL) {
+ freerdp_settings_set_string(rdp_settings, FreeRDP_ClientHostname,
+ guac_strndup(guac_settings->client_name,
RDP_CLIENT_HOSTNAME_SIZE));
+ }
+
+ /* Console */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_ConsoleSession,
guac_settings->console);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RemoteConsoleAudio,
guac_settings->console_audio);
+
+ /* Audio */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_AudioPlayback,
guac_settings->audio_enabled);
+
+ /* Audio capture */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_AudioCapture,
guac_settings->enable_audio_input);
+
+ /* Display Update channel */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_SupportDisplayControl,
+ (guac_settings->resize_method == GUAC_RESIZE_DISPLAY_UPDATE));
+
+ /* Timezone redirection */
+ if (guac_settings->timezone) {
+ if (setenv("TZ", guac_settings->timezone, 1)) {
+ guac_client_log(client, GUAC_LOG_WARNING,
+ "Unable to forward timezone: TZ environment variable "
+ "could not be set: %s", strerror(errno));
+ }
+ }
+
+ /* Device redirection */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_DeviceRedirection,
+ (guac_settings->audio_enabled || guac_settings->drive_enabled ||
guac_settings->printing_enabled));
+
+ /* Security */
+ switch (guac_settings->security_mode) {
+
+ /* Legacy RDP encryption */
+ case GUAC_SECURITY_RDP:
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RdpSecurity, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_TlsSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_NlaSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_ExtSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings,
FreeRDP_UseRdpSecurityLayer, TRUE);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_EncryptionLevel,
+ ENCRYPTION_LEVEL_CLIENT_COMPATIBLE);
+ freerdp_settings_set_uint32(rdp_settings,
FreeRDP_EncryptionMethods,
+ ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT |
ENCRYPTION_METHOD_FIPS);
+ break;
+
+ /* TLS encryption */
+ case GUAC_SECURITY_TLS:
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RdpSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_TlsSecurity, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_NlaSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_ExtSecurity,
FALSE);
+ break;
+
+ /* Network level authentication */
+ case GUAC_SECURITY_NLA:
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RdpSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_TlsSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_NlaSecurity, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_ExtSecurity,
FALSE);
+ break;
+
+ /* Extended network level authentication */
+ case GUAC_SECURITY_EXTENDED_NLA:
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RdpSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_TlsSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_NlaSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_ExtSecurity, TRUE);
+ break;
+
+ /* Hyper-V "VMConnect" negotiation mode */
+ case GUAC_SECURITY_VMCONNECT:
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RdpSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_TlsSecurity, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_NlaSecurity, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_ExtSecurity,
FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_VmConnectMode,
TRUE);
+ break;
+
+ /* All security types */
+ case GUAC_SECURITY_ANY:
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RdpSecurity, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_TlsSecurity, TRUE);
+
+ /* Explicitly disable NLA if FIPS mode is enabled - it won't work
*/
+ if (guac_fips_enabled()) {
+
+ guac_client_log(client, GUAC_LOG_INFO,
+ "FIPS mode is enabled. Excluding NLA security mode
from security negotiation "
+ "(see:
https://github.com/FreeRDP/FreeRDP/issues/3412).");
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_NlaSecurity,
FALSE);
+
+ }
+
+ /* NLA mode is allowed if FIPS is not enabled */
+ else
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_NlaSecurity,
TRUE);
+
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_ExtSecurity,
FALSE);
+ break;
+
+ }
+
+ /* Security */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_Authentication,
!guac_settings->disable_authentication);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_IgnoreCertificate,
guac_settings->ignore_certificate);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_AutoAcceptCertificate,
guac_settings->certificate_tofu);
+ if (guac_settings->certificate_fingerprints != NULL)
+ freerdp_settings_set_string(rdp_settings,
FreeRDP_CertificateAcceptedFingerprints,
+ guac_strdup(guac_settings->certificate_fingerprints));
+
+
+ /* RemoteApp */
+ if (guac_settings->remote_app != NULL) {
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_Workarea, TRUE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_RemoteApplicationMode,
TRUE);
+ freerdp_settings_set_bool(rdp_settings,
FreeRDP_RemoteAppLanguageBarSupported, TRUE);
+ freerdp_settings_set_string(rdp_settings,
FreeRDP_RemoteApplicationProgram, guac_strdup(guac_settings->remote_app));
+ freerdp_settings_set_string(rdp_settings,
FreeRDP_ShellWorkingDirectory, guac_strdup(guac_settings->remote_app_dir));
+ freerdp_settings_set_string(rdp_settings,
FreeRDP_RemoteApplicationCmdLine, guac_strdup(guac_settings->remote_app_args));
+ }
+
+ /* Preconnection ID */
+ if (guac_settings->preconnection_id != -1) {
+ freerdp_settings_set_bool(rdp_settings,
FreeRDP_NegotiateSecurityLayer, FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_SendPreconnectionPdu,
TRUE);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_PreconnectionId,
guac_settings->preconnection_id);
+ }
+
+ /* Preconnection BLOB */
+ if (guac_settings->preconnection_blob != NULL) {
+ freerdp_settings_set_bool(rdp_settings,
FreeRDP_NegotiateSecurityLayer, FALSE);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_SendPreconnectionPdu,
TRUE);
+ freerdp_settings_set_string(rdp_settings, FreeRDP_PreconnectionBlob,
guac_strdup(guac_settings->preconnection_blob));
+ }
+
+ /* Enable use of RD gateway if a gateway hostname is provided */
+ if (guac_settings->gateway_hostname != NULL) {
+
+ /* Enable RD gateway */
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_GatewayEnabled, TRUE);
+ /* RD gateway connection details */
+ freerdp_settings_set_string(rdp_settings, FreeRDP_GatewayHostname,
guac_strdup(guac_settings->gateway_hostname));
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_GatewayPort,
guac_settings->gateway_port);
+
+ /* RD gateway credentials */
+ freerdp_settings_set_bool(rdp_settings,
FreeRDP_GatewayUseSameCredentials, FALSE);
+ freerdp_settings_set_string(rdp_settings, FreeRDP_GatewayDomain,
guac_strdup(guac_settings->gateway_domain));
+ freerdp_settings_set_string(rdp_settings, FreeRDP_GatewayUsername,
guac_strdup(guac_settings->gateway_username));
+ freerdp_settings_set_string(rdp_settings, FreeRDP_GatewayPassword,
guac_strdup(guac_settings->gateway_password));
+
+ }
+
+ /* Store load balance info (and calculate length) if provided */
+ if (guac_settings->load_balance_info != NULL) {
+ freerdp_settings_set_pointer(rdp_settings, FreeRDP_LoadBalanceInfo,
(BYTE*) guac_strdup(guac_settings->load_balance_info));
+ freerdp_settings_set_uint32(rdp_settings,
FreeRDP_LoadBalanceInfoLength, strlen(guac_settings->load_balance_info));
+ }
+
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_BitmapCacheEnabled,
!guac_settings->disable_bitmap_caching);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_OffscreenSupportLevel,
!guac_settings->disable_offscreen_caching);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_GlyphSupportLevel,
+ (!guac_settings->disable_glyph_caching ? GLYPH_SUPPORT_FULL :
GLYPH_SUPPORT_NONE));
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_OsMajorType,
OSMAJORTYPE_UNSPECIFIED);
+ freerdp_settings_set_uint32(rdp_settings, FreeRDP_OsMinorType,
OSMINORTYPE_UNSPECIFIED);
+ freerdp_settings_set_bool(rdp_settings, FreeRDP_DesktopResize, TRUE);
+
+ /* Claim support only for specific updates, independent of FreeRDP
defaults */
+ BYTE* order_support =
freerdp_settings_get_pointer_writable(rdp_settings, FreeRDP_OrderSupport);
+ if (order_support) {
+ ZeroMemory(order_support, GUAC_RDP_ORDER_SUPPORT_LENGTH);
+ order_support[NEG_DSTBLT_INDEX] = TRUE;
+ order_support[NEG_SCRBLT_INDEX] = TRUE;
+ order_support[NEG_MEMBLT_INDEX] =
!guac_settings->disable_bitmap_caching;
+ order_support[NEG_MEMBLT_V2_INDEX] =
!guac_settings->disable_bitmap_caching;
+ order_support[NEG_GLYPH_INDEX_INDEX] =
!guac_settings->disable_glyph_caching;
+ order_support[NEG_FAST_INDEX_INDEX] =
!guac_settings->disable_glyph_caching;
+ order_support[NEG_FAST_GLYPH_INDEX] =
!guac_settings->disable_glyph_caching;
+ }
+
+#ifdef HAVE_RDPSETTINGS_ALLOWUNANOUNCEDORDERSFROMSERVER
Review Comment:
~~Hmm looks like the check was added but a variable was never defined...
huh~~
It's defined and set automatically by `AC_CHECK_MEMBERS` (see the resulting
config.h)
Added:
https://github.com/apache/guacamole-server/commit/3b0abe376ef3477c32cf9907e68c9c4dafdaf865#diff-41751abb4e66eadfc6fdba9c3b53799a7a2ae0df8ed89c8f5e7ac7e137e22793
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@guacamole.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
