Google Git
Sign in
apache / guacamole-server / 04b86334106b42608171c8c2a8a924362b3c26f7^! / .
commit04b86334106b42608171c8c2a8a924362b3c26f7[log] [tgz]
authorMichael Jumper <mjumper@apache.org>Sun Mar 22 16:22:55 2020 -0700
committerMichael Jumper <mjumper@apache.org>Sun Mar 22 16:27:55 2020 -0700
treea4f4233339c874a191cb89b29616ee384c419a24
parentaa8c8cac840673a172e43d83b7e8d035a5d440bf [diff]
GUACAMOLE-952: Add security negotiation mode specific to Hyper-V / VMConnect.

diff --git a/src/protocols/rdp/settings.c b/src/protocols/rdp/settings.c
index 21a32b7..c6db3c8 100644
--- a/src/protocols/rdp/settings.c
+++ b/src/protocols/rdp/settings.c

@@ -235,8 +235,8 @@
 
     /**
      * The type of security to use for the connection. Valid values are "rdp",
-     * "tls", "nla", "nla-ext", or "any". By default, the security mode is
-     * negotiated ("any").
+     * "tls", "nla", "nla-ext", "vmconnect", or "any". By default, the security
+     * mode is negotiated ("any").
      */
     IDX_SECURITY,
 
@@ -611,6 +611,12 @@
         settings->security_mode = GUAC_SECURITY_RDP;
     }
 
+    /* Negotiate security supported by VMConnect */
+    else if (strcmp(argv[IDX_SECURITY], "vmconnect") == 0) {
+        guac_user_log(user, GUAC_LOG_INFO, "Security mode: Hyper-V / VMConnect");
+        settings->security_mode = GUAC_SECURITY_VMCONNECT;
+    }
+
     /* Negotiate security (allow server to choose) */
     else if (strcmp(argv[IDX_SECURITY], "any") == 0) {
         guac_user_log(user, GUAC_LOG_INFO, "Security mode: Negotiate (ANY)");
@@ -628,10 +634,10 @@
         guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
                 IDX_HOSTNAME, "");
 
-    /* If port specified, use it */
+    /* If port specified, use it, otherwise use an appropriate default */
     settings->port =
-        guac_user_parse_args_int(user, GUAC_RDP_CLIENT_ARGS, argv,
-                IDX_PORT, RDP_DEFAULT_PORT);
+        guac_user_parse_args_int(user, GUAC_RDP_CLIENT_ARGS, argv, IDX_PORT,
+                settings->security_mode == GUAC_SECURITY_VMCONNECT ? RDP_DEFAULT_VMCONNECT_PORT : RDP_DEFAULT_PORT);
 
     guac_user_log(user, GUAC_LOG_DEBUG,
             "User resolution is %ix%i at %i DPI",
@@ -1268,6 +1274,15 @@
             rdp_settings->ExtSecurity = TRUE;
             break;
 
+        /* Hyper-V "VMConnect" negotiation mode */
+        case GUAC_SECURITY_VMCONNECT:
+            rdp_settings->RdpSecurity = FALSE;
+            rdp_settings->TlsSecurity = TRUE;
+            rdp_settings->NlaSecurity = TRUE;
+            rdp_settings->ExtSecurity = FALSE;
+            rdp_settings->VmConnectMode = TRUE;
+            break;
+
         /* All security types */
         case GUAC_SECURITY_ANY:
             rdp_settings->RdpSecurity = TRUE;

diff --git a/src/protocols/rdp/settings.h b/src/protocols/rdp/settings.h
index e4c579e..70199b8 100644
--- a/src/protocols/rdp/settings.h
+++ b/src/protocols/rdp/settings.h

@@ -39,6 +39,11 @@
 #define RDP_DEFAULT_PORT 3389
 
 /**
+ * The default RDP port used by Hyper-V "VMConnect".
+ */
+#define RDP_DEFAULT_VMCONNECT_PORT 2179
+
+/**
  * Default screen width, in pixels.
  */
 #define RDP_DEFAULT_WIDTH  1024
@@ -94,6 +99,11 @@
     GUAC_SECURITY_EXTENDED_NLA,
 
     /**
+     * Negotiate security methods supported by Hyper-V's "VMConnect" feature.
+     */
+    GUAC_SECURITY_VMCONNECT,
+
+    /**
      * Negotiate a security method supported by both server and client.
      */
     GUAC_SECURITY_ANY