From 561f1ea9bfb7ca222205cea2274e89418e39c900 Mon Sep 17 00:00:00 2001
From: Alex Bligh <alex@alex.org.uk>
Date: Fri, 14 Sep 2012 18:32:27 +0100
Subject: [PATCH] Add support for ignoring certificate, security,
 authentication, and pre-connection blob

---
 configure.in |    2 +-
 src/client.c |   89 ++++++++++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 84 insertions(+), 7 deletions(-)

diff --git a/configure.in b/configure.in
index 6c76763..a2d8052 100644
--- a/configure.in
+++ b/configure.in
@@ -56,7 +56,7 @@ AC_CHECK_LIB([freerdp-codec], [freerdp_image_convert],, AC_MSG_ERROR("libfreerdp
 AC_CHECK_HEADERS([guacamole/client.h guacamole/guacio.h guacamole/protocol.h freerdp/locale/keyboard.h freerdp/kbd/layouts.h])
 
 # Check for FreeRDP version-specific features
-AC_CHECK_MEMBERS([rdpPointer.SetDefault, rdpPointer.SetNull],
+AC_CHECK_MEMBERS([rdpPointer.SetDefault, rdpPointer.SetNull, rdpSettings.preconnection_id, rdpSettings.security_layer_negotiation, rdpSettings.preconnection_blob],
                 [], [],
                 [[#include <freerdp/freerdp.h>]])
 
diff --git a/src/client.c b/src/client.c
index aa0dfe7..f76cb1e 100644
--- a/src/client.c
+++ b/src/client.c
@@ -1,4 +1,3 @@
-
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
@@ -80,6 +79,18 @@ const char* GUAC_CLIENT_ARGS[] = {
     "height",
     "initial-program",
     "color-depth",
+    "ignore-certificate",
+    "security",
+    "authentication",
+#ifdef HAVE_RDPSETTINGS_SECURITY_LAYER_NEGOTIATION
+    "security-layer-negotiation",
+#endif
+#ifdef HAVE_RDPSETTINGS_PRECONNECTION_ID
+    "preconnection-id",
+#endif
+#ifdef HAVE_RDPSETTINGS_PRECONNECTION_BLOB
+    "preconnection-blob",
+#endif
     NULL
 };
 
@@ -92,7 +103,20 @@ enum ARGS_IDX {
     IDX_WIDTH,
     IDX_HEIGHT,
     IDX_INITIAL_PROGRAM,
-    IDX_COLOR_DEPTH
+    IDX_COLOR_DEPTH,
+    IDX_IGNORE_CERTIFICATE,
+    IDX_SECURITY,
+    IDX_AUTHENTICATION,
+#ifdef HAVE_RDPSETTINGS_SECURITY_LAYER_NEGOTIATION
+    IDX_SECURITY_LAYER_NEGOTIATION,
+#endif
+#ifdef HAVE_RDPSETTINGS_PRECONNECTION_ID
+    IDX_PRECONNECTION_ID,
+#endif
+#ifdef HAVE_RDPSETTINGS_PRECONNECTION_BLOB
+    IDX_PRECONNECTION_BLOB,
+#endif
+    IDX_END_OF_LIST_DUMMY
 };
 
 int __guac_receive_channel_data(freerdp* rdp_inst, int channelId, uint8* data, int size, int flags, int total_size) {
@@ -312,14 +336,46 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
 
     /* --no-auth */
     settings->authentication = false;
+    if (argv[IDX_AUTHENTICATION][0] != '\0')
+        settings->authentication = (strcmp(argv[IDX_AUTHENTICATION], "true") == 0);
 
-    /* --sec rdp */
+    /* --sec rdp - This is a historical default, and differs from xfreerdp*/
     settings->rdp_security = true;
     settings->tls_security = false;
     settings->nla_security = false;
-    settings->encryption = true;
-    settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
-    settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
+
+    if (argv[IDX_SECURITY][0] != '\0') {
+        char * p = argv[IDX_SECURITY];
+        settings->rdp_security = false;
+        settings->tls_security = false;
+        settings->nla_security = false;
+        while (*p) {
+            /* skip blanks, and commas */
+            while (*p && (*p==' ' || *p==','))
+                p++;
+            if (!*p)
+                break;
+            if (!strncmp(p, "rdp", 3))
+                settings->rdp_security = true;
+            else if (!strncmp(p, "tls", 3))
+                settings->tls_security = true;
+            else if (!strncmp(p, "nla", 3))
+                settings->nla_security = true;
+            else if (!strncmp(p, "all", 3)) {
+                settings->rdp_security = true;
+                settings->tls_security = true;
+                settings->nla_security = true;
+	    }
+            while (*p && *p!=' ' && *p!=',')
+                p++;
+        }
+    }
+
+    if (settings->rdp_security) {
+        settings->encryption = true;
+        settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
+        settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
+    }
 
     /* session width */
     settings->width = 1024;
@@ -358,6 +414,27 @@ int guac_client_init(guac_client* client, int argc, char** argv) {
     if (argv[IDX_INITIAL_PROGRAM][0] != '\0')
         settings->shell = strdup(argv[IDX_INITIAL_PROGRAM]);
 
+    /* Ignore certificate */
+    if (argv[IDX_IGNORE_CERTIFICATE][0] != '\0')
+        settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERTIFICATE], "true") == 0);
+
+#ifdef HAVE_RDPSETTINGS_SECURITY_LAYER_NEGOTIATION
+    settings->security_layer_negotiation = true;
+    if (argv[IDX_SECURITY_LAYER_NEGOTIATION][0] != '\0')
+        settings->security_layer_negotiation = (strcmp(argv[IDX_SECURITY_LAYER_NEGOTIATION], "true") == 0);
+#endif
+#ifdef HAVE_RDPSETTINGS_PRECONNECTION_ID
+    if (argv[IDX_PRECONNECTION_ID][0] != '\0') {
+        settings->preconnection_id = atoi(argv[IDX_PRECONNECTION_ID]);
+    }
+#endif
+#ifdef HAVE_RDPSETTINGS_PRECONNECTION_BLOB
+    if (argv[IDX_PRECONNECTION_BLOB][0] != '\0') {
+        settings->send_preconnection_pdu = true;
+        settings->preconnection_blob = strdup(argv[IDX_PRECONNECTION_BLOB]);
+    }
+#endif
+
     /* Order support */
     bitmap_cache = settings->bitmap_cache;
     settings->os_major_type = OSMAJORTYPE_UNSPECIFIED;
-- 
1.7.10.4