From a71da162aee2d8ba94041282584363923944fa2b Mon Sep 17 00:00:00 2001 From: akallabeth Date: Mon, 12 Jun 2023 08:02:12 +0200 Subject: [PATCH] [server,shadow] require NLA off if -auth is requested. * Default to authentication required for shadow server (invert previous default) * force NLA off if authentication is disabled --- server/shadow/shadow.c | 2 -- server/shadow/shadow_server.c | 10 +++++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/server/shadow/shadow.c b/server/shadow/shadow.c index 0d9743731..2575bc30f 100644 --- a/server/shadow/shadow.c +++ b/server/shadow/shadow.c @@ -127,8 +127,6 @@ int main(int argc, char** argv) !freerdp_settings_set_bool(settings, FreeRDP_GfxProgressiveV2, TRUE)) goto fail; - server->authentication = TRUE; - if ((status = shadow_server_parse_command_line(server, argc, argv, shadow_args)) < 0) { shadow_server_command_line_status_print(server, argc, argv, status, shadow_args); diff --git a/server/shadow/shadow_server.c b/server/shadow/shadow_server.c index 77dff9523..59533c181 100644 --- a/server/shadow/shadow_server.c +++ b/server/shadow/shadow_server.c @@ -450,6 +450,14 @@ int shadow_server_parse_command_line(rdpShadowServer* server, int argc, char** a } } + /* If we want to disable authentication we need to ensure that NLA security + * is not activated. Only TLS and RDP security allow anonymous login. + */ + if (!server->authentication) + { + if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE)) + return COMMAND_LINE_ERROR; + } return status; } @@ -938,7 +946,7 @@ rdpShadowServer* shadow_server_new(void) server->h264BitRate = 10000000; server->h264FrameRate = 30; server->h264QP = 0; - server->authentication = FALSE; + server->authentication = TRUE; server->settings = freerdp_settings_new(FREERDP_SETTINGS_SERVER_MODE); return server; }