[server,shadow] require NLA off if -auth is requested.

* Default to authentication required for shadow server (invert previous default) * force NLA off if authentication is disabled
2025-06-03 00:00:20 +00:00 · 2023-06-12 08:02:12 +02:00 · 2023-06-12 08:02:12 +02:00 · a71da162ae
commit a71da162ae
parent c991f73041
2 changed files with 9 additions and 3 deletions
--- a/server/shadow/shadow.c
+++ b/server/shadow/shadow.c
@ -127,8 +127,6 @@ int main(int argc, char** argv)
 	    !freerdp_settings_set_bool(settings, FreeRDP_GfxProgressiveV2, TRUE))
 		goto fail;

-	server->authentication = TRUE;
-
 	if ((status = shadow_server_parse_command_line(server, argc, argv, shadow_args)) < 0)
 	{
 		shadow_server_command_line_status_print(server, argc, argv, status, shadow_args);
--- a/server/shadow/shadow_server.c
+++ b/server/shadow/shadow_server.c
@ -450,6 +450,14 @@ int shadow_server_parse_command_line(rdpShadowServer* server, int argc, char** a
 		}
 	}

+	/* If we want to disable authentication we need to ensure that NLA security
+	 * is not activated. Only TLS and RDP security allow anonymous login.
+	 */
+	if (!server->authentication)
+	{
+		if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE))
+			return COMMAND_LINE_ERROR;
+	}
 	return status;
 }

@ -938,7 +946,7 @@ rdpShadowServer* shadow_server_new(void)
 	server->h264BitRate = 10000000;
 	server->h264FrameRate = 30;
 	server->h264QP = 0;
-	server->authentication = FALSE;
+	server->authentication = TRUE;
 	server->settings = freerdp_settings_new(FREERDP_SETTINGS_SERVER_MODE);
 	return server;
 }