From 1f6476016d2799dc639ffd8dc915e31e8dfdb7e1 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Wed, 19 Oct 2022 14:09:03 +0200 Subject: [PATCH] Update command line option /sec* * Deprecate /sec-* flags * Allow multiple arguments for /sec --- client/common/cmdline.c | 69 +++++++++++++------------ client/common/cmdline.h | 10 ++-- libfreerdp/core/test/TestConnect.c | 2 +- winpr/libwinpr/utils/test/TestCmdLine.c | 2 + 4 files changed, 46 insertions(+), 37 deletions(-) diff --git a/client/common/cmdline.c b/client/common/cmdline.c index fe362fca3..d04eb05b9 100644 --- a/client/common/cmdline.c +++ b/client/common/cmdline.c @@ -2897,42 +2897,45 @@ int freerdp_client_settings_parse_command_line_arguments(rdpSettings* settings, } CommandLineSwitchCase(arg, "sec") { - if (!arg->Value) + BOOL RdpSecurity = FALSE; + BOOL TlsSecurity = FALSE; + BOOL NlaSecurity = FALSE; + BOOL ExtSecurity = FALSE; + size_t count = 0, x; + char** ptr = CommandLineParseCommaSeparatedValues(arg->Value, &count); + if (count == 0) return COMMAND_LINE_ERROR_UNEXPECTED_VALUE; - if (strcmp("rdp", arg->Value) == 0) /* Standard RDP */ + for (x = 0; x < count; x++) { - settings->RdpSecurity = TRUE; - settings->TlsSecurity = FALSE; - settings->NlaSecurity = FALSE; - settings->ExtSecurity = FALSE; - settings->UseRdpSecurityLayer = TRUE; - } - else if (strcmp("tls", arg->Value) == 0) /* TLS */ - { - settings->RdpSecurity = FALSE; - settings->TlsSecurity = TRUE; - settings->NlaSecurity = FALSE; - settings->ExtSecurity = FALSE; - } - else if (strcmp("nla", arg->Value) == 0) /* NLA */ - { - settings->RdpSecurity = FALSE; - settings->TlsSecurity = FALSE; - settings->NlaSecurity = TRUE; - settings->ExtSecurity = FALSE; - } - else if (strcmp("ext", arg->Value) == 0) /* NLA Extended */ - { - settings->RdpSecurity = FALSE; - settings->TlsSecurity = FALSE; - settings->NlaSecurity = FALSE; - settings->ExtSecurity = TRUE; - } - else - { - WLog_ERR(TAG, "unknown protocol security: %s", arg->Value); + const char* cur = ptr[x]; + if (strcmp("rdp", cur) == 0) /* Standard RDP */ + RdpSecurity = TRUE; + else if (strcmp("tls", cur) == 0) /* TLS */ + TlsSecurity = TRUE; + else if (strcmp("nla", cur) == 0) /* NLA */ + NlaSecurity = TRUE; + else if (strcmp("ext", cur) == 0) /* NLA Extended */ + ExtSecurity = TRUE; + else + { + WLog_ERR(TAG, "unknown protocol security: %s", arg->Value); + free(ptr); + return COMMAND_LINE_ERROR_UNEXPECTED_VALUE; + } } + + free(ptr); + if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, RdpSecurity)) + return COMMAND_LINE_ERROR_UNEXPECTED_VALUE; + if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, RdpSecurity)) + return COMMAND_LINE_ERROR_UNEXPECTED_VALUE; + if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, TlsSecurity)) + return COMMAND_LINE_ERROR_UNEXPECTED_VALUE; + if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, NlaSecurity)) + return COMMAND_LINE_ERROR_UNEXPECTED_VALUE; + if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, ExtSecurity)) + return COMMAND_LINE_ERROR_UNEXPECTED_VALUE; } CommandLineSwitchCase(arg, "encryption-methods") { @@ -2990,6 +2993,7 @@ int freerdp_client_settings_parse_command_line_arguments(rdpSettings* settings, if (!WLog_AddStringLogFilters(arg->Value)) return COMMAND_LINE_ERROR; } +#if defined(WITH_FREERDP_DEPRECATED) CommandLineSwitchCase(arg, "sec-rdp") { settings->RdpSecurity = enable; @@ -3006,6 +3010,7 @@ int freerdp_client_settings_parse_command_line_arguments(rdpSettings* settings, { settings->ExtSecurity = enable; } +#endif CommandLineSwitchCase(arg, "tls") { size_t count, x; diff --git a/client/common/cmdline.h b/client/common/cmdline.h index 7bf77a308..bfa0e1ea1 100644 --- a/client/common/cmdline.h +++ b/client/common/cmdline.h @@ -329,14 +329,16 @@ static const COMMAND_LINE_ARGUMENT_A global_cmd_args[] = { "Scaling factor for app store applications" }, { "sec", COMMAND_LINE_VALUE_REQUIRED, "[rdp|tls|nla|ext]", NULL, NULL, -1, NULL, "Force specific protocol security" }, +#if defined(WITH_FREERDP_DEPRECATED) { "sec-ext", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueFalse, NULL, -1, NULL, - "NLA extended protocol security" }, + "[deprecated use /sec:ext instead] NLA extended protocol security" }, { "sec-nla", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, - "NLA protocol security" }, + "[deprecated use /sec:nla instead] NLA protocol security" }, { "sec-rdp", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, - "RDP protocol security" }, + "[deprecated use /sec:rdp instead] RDP protocol security" }, { "sec-tls", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, - "TLS protocol security" }, + "[deprecated use /sec:tls instead] TLS protocol security" }, +#endif { "serial", COMMAND_LINE_VALUE_OPTIONAL, "[,[,[,permissive]]]", NULL, NULL, -1, "tty", "Redirect serial device" }, { "server-name", COMMAND_LINE_VALUE_REQUIRED, "", NULL, NULL, -1, NULL, diff --git a/libfreerdp/core/test/TestConnect.c b/libfreerdp/core/test/TestConnect.c index fa8068cbe..573bb734a 100644 --- a/libfreerdp/core/test/TestConnect.c +++ b/libfreerdp/core/test/TestConnect.c @@ -223,7 +223,7 @@ static int testSuccess(int port) STARTUPINFOA si = { 0 }; PROCESS_INFORMATION process = { 0 }; char arg1[] = "/v:127.0.0.1:XXXXX"; - char* clientArgs[] = { "test", "/v:127.0.0.1:XXXXX", "/cert-ignore", "/rfx", NULL }; + char* clientArgs[] = { "test", "/v:127.0.0.1:XXXXX", "/cert:ignore", "/rfx", NULL }; char* commandLine = NULL; size_t commandLineLen; int argc = 4; diff --git a/winpr/libwinpr/utils/test/TestCmdLine.c b/winpr/libwinpr/utils/test/TestCmdLine.c index f2d28a2f3..1ce3d49d1 100644 --- a/winpr/libwinpr/utils/test/TestCmdLine.c +++ b/winpr/libwinpr/utils/test/TestCmdLine.c @@ -158,6 +158,7 @@ int TestCmdLine(int argc, char* argv[]) "protocol security negotiation" }, { "sec", COMMAND_LINE_VALUE_REQUIRED, NULL, NULL, NULL, -1, NULL, "force specific protocol security" }, +#if defined(WITH_FREERDP_DEPRECATED) { "sec-rdp", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, "rdp protocol security" }, { "sec-tls", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL, @@ -170,6 +171,7 @@ int TestCmdLine(int argc, char* argv[]) "certificate name" }, { "cert-ignore", COMMAND_LINE_VALUE_FLAG, NULL, NULL, NULL, -1, NULL, "ignore certificate" }, +#endif { "valuelist", COMMAND_LINE_VALUE_REQUIRED, ",", NULL, NULL, -1, NULL, "List of comma separated values." }, { "valuelist-empty", COMMAND_LINE_VALUE_REQUIRED, ",", NULL, NULL, -1, NULL,