apache · pv2b · Mar 27, 2025
diff --git a/src/protocols/rdp/rdp.c b/src/protocols/rdp/rdp.c
@@ -311,15 +311,24 @@ static BOOL rdp_freerdp_authenticate(freerdp* instance, char** username,
         guac_argv_await((const char**) params);
 
         /* Free old values and get new values from settings. */
-        guac_mem_free(*username);
-        guac_mem_free(*password);
-        guac_mem_free(*domain);
-        *username = guac_strdup(settings->username);
-        *password = guac_strdup(settings->password);
-        *domain = guac_strdup(settings->domain);
+        if (username != NULL) {
+            guac_mem_free(*username);
+            *username = guac_strdup(settings->username);
+        }
+
+        if (password != NULL) {
+            guac_mem_free(*password);
+            *password = guac_strdup(settings->password);
+        }
+
+        if (domain != NULL) {
+            guac_mem_free(*domain);
+            *domain = guac_strdup(settings->domain);
+        }
 
     }
 
+    guac_client_log(client, GUAC_LOG_INFO, "aaa10");
     /* Always return TRUE allowing connection to retry. */
     return TRUE;
 
@@ -579,6 +588,18 @@ static int guac_rdp_handle_connection(guac_client* client) {
     guac_rwlock_release_lock(&(rdp_client->lock));
     guac_rwlock_acquire_read_lock(&(rdp_client->lock));
 
+    /*
+     * Prompt for credentials if guacamole if always_prompt_for_credentials is
+     * set on a connection. The purpose of this is to allow the administrator
+     * to force the use of the Guacamole web form to prompt for credentials,
+     * instead of relying on it being done inside the desktop session itself.
+     * (GUACAMOLE-2045)
+     */
+    if (rdp_client->settings->always_prompt_for_credentials) {
+        guac_client_log(client, GUAC_LOG_INFO, "Forcing credential prompt");
+        rdp_freerdp_authenticate(rdp_inst, NULL, NULL, NULL);
+    }
+
     /* Connect to RDP server */
     if (!freerdp_connect(rdp_inst)) {
         guac_rdp_client_abort(client, rdp_inst);

diff --git a/src/protocols/rdp/settings.c b/src/protocols/rdp/settings.c
@@ -151,6 +151,8 @@ const char* GUAC_RDP_CLIENT_ARGS[] = {
 
     "force-lossless",
     "normalize-clipboard",
+
+    "always-prompt-for-credentials",
     NULL
 };
 
@@ -723,6 +725,12 @@ enum RDP_ARGS_IDX {
      */
     IDX_NORMALIZE_CLIPBOARD,
 
+    /*
+     * Whether guacd should always request that guacamole-client provides
+     * the username and password if missing. (GUACAMOLE-2045)
+     */
+    IDX_ALWAYS_PROMPT_FOR_CREDENTIALS,
+
     RDP_ARGS_COUNT
 };
 
@@ -1358,6 +1366,11 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
 
     }
 
+    /* Always prompt for credentials (GUACAMOLE-2045) */
+    settings->always_prompt_for_credentials =
+        guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv,
+                IDX_ALWAYS_PROMPT_FOR_CREDENTIALS, 0);
+
     /* Success */
     return settings;
 

diff --git a/src/protocols/rdp/settings.h b/src/protocols/rdp/settings.h
@@ -680,6 +680,12 @@ typedef struct guac_rdp_settings {
      */
     int wol_wait_time;
 
+    /*
+     * Whether guacd should always request that guacamole-client provides
+     * the username and password if missing. (GUACAMOLE-2045)
+     */
+    int always_prompt_for_credentials;
+
 } guac_rdp_settings;
 
 /**