mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5149 from akallabeth/cert_deny

Browse Source 
New option to disable user certificate dialog
This commit is contained in:
David Fort 2019-01-25 16:59:33 +01:00 committed by GitHub
commit 05d9d89796
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
client/common/cmdline.c
View File

@ -2606,6 +2606,10 @@ int freerdp_client_settings_parse_command_line_arguments(rdpSettings* settings,
{ {
settings->AutoAcceptCertificate = enable; settings->AutoAcceptCertificate = enable;
} }
CommandLineSwitchCase(arg, "cert-deny")
{
settings->AutoDenyCertificate = enable;
}
CommandLineSwitchCase(arg, "authentication") CommandLineSwitchCase(arg, "authentication")
{ {
settings->Authentication = enable; settings->Authentication = enable;

1
client/common/cmdline.h
View File

@ -46,6 +46,7 @@ static COMMAND_LINE_ARGUMENT_A args[] =
{ "bitmap-cache", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, "bitmap cache" }, { "bitmap-cache", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, "bitmap cache" },
{ "bpp", COMMAND_LINE_VALUE_REQUIRED, "<depth>", "16", NULL, -1, NULL, "Session bpp (color depth)" }, { "bpp", COMMAND_LINE_VALUE_REQUIRED, "<depth>", "16", NULL, -1, NULL, "Session bpp (color depth)" },
{ "buildconfig", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_BUILDCONFIG, NULL, NULL, NULL, -1, NULL, "Print the build configuration" }, { "buildconfig", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_BUILDCONFIG, NULL, NULL, NULL, -1, NULL, "Print the build configuration" },
{ "cert-deny", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "Automatically abort connection for any certificate that can not be validated." },
{ "cert-ignore", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "Ignore certificate" }, { "cert-ignore", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "Ignore certificate" },
{ "cert-name", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL, "Certificate name" }, { "cert-name", COMMAND_LINE_VALUE_REQUIRED, "<name>", NULL, NULL, -1, NULL, "Certificate name" },
{ "cert-tofu", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "Automatically accept certificate on first connect" }, { "cert-tofu", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "Automatically accept certificate on first connect" },

4
include/freerdp/settings.h
View File

@ -682,6 +682,7 @@ typedef struct _RDPDR_PARALLEL RDPDR_PARALLEL;
#define FreeRDP_PrivateKeyContent (1417) #define FreeRDP_PrivateKeyContent (1417)
#define FreeRDP_RdpKeyContent (1418) #define FreeRDP_RdpKeyContent (1418)
#define FreeRDP_AutoAcceptCertificate (1419) #define FreeRDP_AutoAcceptCertificate (1419)
#define FreeRDP_AutoDenyCertificate (1420)
#define FreeRDP_Workarea (1536) #define FreeRDP_Workarea (1536)
#define FreeRDP_Fullscreen (1537) #define FreeRDP_Fullscreen (1537)
#define FreeRDP_PercentScreen (1538) #define FreeRDP_PercentScreen (1538)
@ -1136,7 +1137,8 @@ struct rdp_settings
ALIGN64 char* PrivateKeyContent; /* 1417 */ ALIGN64 char* PrivateKeyContent; /* 1417 */
ALIGN64 char* RdpKeyContent; /* 1418 */ ALIGN64 char* RdpKeyContent; /* 1418 */
ALIGN64 BOOL AutoAcceptCertificate; /* 1419 */ ALIGN64 BOOL AutoAcceptCertificate; /* 1419 */
UINT64 padding1472[1472 - 1420]; /* 1420 */ ALIGN64 BOOL AutoDenyCertificate; /* 1420 */
UINT64 padding1472[1472 - 1421]; /* 1421 */
UINT64 padding1536[1536 - 1472]; /* 1472 */ UINT64 padding1536[1536 - 1472]; /* 1472 */
/** /**

7
libfreerdp/common/settings.c
View File

@ -919,6 +919,9 @@ BOOL freerdp_get_param_bool(rdpSettings* settings, int id)
case FreeRDP_IgnoreCertificate: case FreeRDP_IgnoreCertificate:
return settings->IgnoreCertificate; return settings->IgnoreCertificate;
case FreeRDP_AutoDenyCertificate:
return settings->AutoDenyCertificate;
case FreeRDP_AutoAcceptCertificate: case FreeRDP_AutoAcceptCertificate:
return settings->AutoAcceptCertificate; return settings->AutoAcceptCertificate;
@ -1380,6 +1383,10 @@ int freerdp_set_param_bool(rdpSettings* settings, int id, BOOL param)
settings->IgnoreCertificate = param; settings->IgnoreCertificate = param;
break; break;
case FreeRDP_AutoDenyCertificate:
settings->AutoDenyCertificate = param;
break;
case FreeRDP_AutoAcceptCertificate: case FreeRDP_AutoAcceptCertificate:
settings->AutoAcceptCertificate = param; settings->AutoAcceptCertificate = param;
break; break;

12
libfreerdp/crypto/tls.c
View File

@ -1447,6 +1447,11 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, const char* hostname,
WLog_INFO(TAG, "No certificate stored, automatically accepting."); WLog_INFO(TAG, "No certificate stored, automatically accepting.");
accept_certificate = 1; accept_certificate = 1;
} }
else if (tls->settings->AutoDenyCertificate)
{
WLog_INFO(TAG, "No certificate stored, automatically denying.");
accept_certificate = 0;
}
else if (instance->VerifyX509Certificate) else if (instance->VerifyX509Certificate)
{ {
int rc = instance->VerifyX509Certificate(instance, pemCert, length, hostname, int rc = instance->VerifyX509Certificate(instance, pemCert, length, hostname,
@ -1491,7 +1496,12 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, const char* hostname,
WLog_WARN(TAG, "Failed to get certificate entry for %s:%d", WLog_WARN(TAG, "Failed to get certificate entry for %s:%d",
hostname, port); hostname, port);
if (instance->VerifyX509Certificate) if (tls->settings->AutoDenyCertificate)
{
WLog_INFO(TAG, "No certificate stored, automatically denying.");
accept_certificate = 0;
}
else if (instance->VerifyX509Certificate)
{ {
const int rc = instance->VerifyX509Certificate(instance, pemCert, length, hostname, const int rc = instance->VerifyX509Certificate(instance, pemCert, length, hostname,
port, flags | VERIFY_CERT_FLAG_CHANGED); port, flags | VERIFY_CERT_FLAG_CHANGED);