You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2018/02/02 21:22:58 UTC
[3/4] guacamole-server git commit: GUACAMOLE-313: Add flags for
controlling the contents of session recordings.
GUACAMOLE-313: Add flags for controlling the contents of session recordings.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-server/commit/4fb17d56
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-server/tree/4fb17d56
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-server/diff/4fb17d56
Branch: refs/heads/master
Commit: 4fb17d56108b431850aeb52b8e05e04933a2a8aa
Parents: 876516a
Author: Michael Jumper <mj...@apache.org>
Authored: Fri Dec 8 12:06:30 2017 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Fri Jan 26 16:42:24 2018 -0800
----------------------------------------------------------------------
src/common/common/recording.h | 47 ++++++++++++++++++++++++++++++++++-
src/common/recording.c | 34 ++++++++++++++++++-------
src/protocols/rdp/rdp.c | 5 +++-
src/protocols/rdp/rdp_settings.c | 44 ++++++++++++++++++++++++++++++++
src/protocols/rdp/rdp_settings.h | 26 +++++++++++++++++++
src/protocols/ssh/settings.c | 44 ++++++++++++++++++++++++++++++++
src/protocols/ssh/settings.h | 26 +++++++++++++++++++
src/protocols/ssh/ssh.c | 5 +++-
src/protocols/telnet/settings.c | 44 ++++++++++++++++++++++++++++++++
src/protocols/telnet/settings.h | 26 +++++++++++++++++++
src/protocols/telnet/telnet.c | 5 +++-
src/protocols/vnc/settings.c | 44 ++++++++++++++++++++++++++++++++
src/protocols/vnc/settings.h | 26 +++++++++++++++++++
src/protocols/vnc/vnc.c | 5 +++-
14 files changed, 367 insertions(+), 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/common/common/recording.h
----------------------------------------------------------------------
diff --git a/src/common/common/recording.h b/src/common/common/recording.h
index fb2fd87..b0278f0 100644
--- a/src/common/common/recording.h
+++ b/src/common/common/recording.h
@@ -55,6 +55,31 @@ typedef struct guac_common_recording {
*/
guac_socket* socket;
+ /**
+ * Non-zero if output which is broadcast to each connected client
+ * (graphics, streams, etc.) should be included in the session recording,
+ * zero otherwise. Including output is necessary for any recording which
+ * must later be viewable as video.
+ */
+ int include_output;
+
+ /**
+ * Non-zero if changes to mouse state, such as position and buttons pressed
+ * or released, should be included in the session recording, zero
+ * otherwise. Including mouse state is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ int include_mouse;
+
+ /**
+ * Non-zero if keys pressed and released should be included in the session
+ * recording, zero otherwise. Including key events within the recording may
+ * be necessary in certain auditing contexts, but should only be done with
+ * caution. Key events can easily contain sensitive information, such as
+ * passwords, credit card numbers, etc.
+ */
+ int include_keys;
+
} guac_common_recording;
/**
@@ -82,13 +107,33 @@ typedef struct guac_common_recording {
* written, or non-zero if the path should be created if it does not yet
* exist.
*
+ * @param include_output
+ * Non-zero if output which is broadcast to each connected client
+ * (graphics, streams, etc.) should be included in the session recording,
+ * zero otherwise. Including output is necessary for any recording which
+ * must later be viewable as video.
+ *
+ * @param include_mouse
+ * Non-zero if changes to mouse state, such as position and buttons pressed
+ * or released, should be included in the session recording, zero
+ * otherwise. Including mouse state is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ *
+ * @param include_keys
+ * Non-zero if keys pressed and released should be included in the session
+ * recording, zero otherwise. Including key events within the recording may
+ * be necessary in certain auditing contexts, but should only be done with
+ * caution. Key events can easily contain sensitive information, such as
+ * passwords, credit card numbers, etc.
+ *
* @return
* A new guac_common_recording structure representing the in-progress
* recording if the recording file has been successfully created and a
* recording will be written, NULL otherwise.
*/
guac_common_recording* guac_common_recording_create(guac_client* client,
- const char* path, const char* name, int create_path);
+ const char* path, const char* name, int create_path,
+ int include_output, int include_mouse, int include_keys);
/**
* Frees the resources associated with the given in-progress recording. Note
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/common/recording.c
----------------------------------------------------------------------
diff --git a/src/common/recording.c b/src/common/recording.c
index 14a6acd..b4ad219 100644
--- a/src/common/recording.c
+++ b/src/common/recording.c
@@ -136,7 +136,8 @@ static int guac_common_recording_open(const char* path,
}
guac_common_recording* guac_common_recording_create(guac_client* client,
- const char* path, const char* name, int create_path) {
+ const char* path, const char* name, int create_path,
+ int include_output, int include_mouse, int include_keys) {
char filename[GUAC_COMMON_RECORDING_MAX_NAME_LENGTH];
@@ -162,9 +163,14 @@ guac_common_recording* guac_common_recording_create(guac_client* client,
/* Create recording structure with reference to underlying socket */
guac_common_recording* recording = malloc(sizeof(guac_common_recording));
recording->socket = guac_socket_open(fd);
+ recording->include_output = include_output;
+ recording->include_mouse = include_mouse;
+ recording->include_keys = include_keys;
- /* Replace client socket with wrapped recording socket */
- client->socket = guac_socket_tee(client->socket, recording->socket);
+ /* Replace client socket with wrapped recording socket only if including
+ * output within the recording */
+ if (include_output)
+ client->socket = guac_socket_tee(client->socket, recording->socket);
/* Recording creation succeeded */
guac_client_log(client, GUAC_LOG_INFO,
@@ -176,24 +182,34 @@ guac_common_recording* guac_common_recording_create(guac_client* client,
}
void guac_common_recording_free(guac_common_recording* recording) {
+
+ /* If not including broadcast output, the output socket is not associated
+ * with the client, and must be freed manually */
+ if (!recording->include_output)
+ guac_socket_free(recording->socket);
+
+ /* Free recording itself */
free(recording);
+
}
void guac_common_recording_report_mouse(guac_common_recording* recording,
int x, int y, int button_mask) {
- /* Report mouse location */
- guac_protocol_send_mouse(recording->socket, x, y, button_mask,
- guac_timestamp_current());
+ /* Report mouse location only if recording should contain mouse events */
+ if (recording->include_mouse)
+ guac_protocol_send_mouse(recording->socket, x, y, button_mask,
+ guac_timestamp_current());
}
void guac_common_recording_report_key(guac_common_recording* recording,
int keysym, int pressed) {
- /* Report key state */
- guac_protocol_send_key(recording->socket, keysym, pressed,
- guac_timestamp_current());
+ /* Report key state only if recording should contain key events */
+ if (recording->include_keys)
+ guac_protocol_send_key(recording->socket, keysym, pressed,
+ guac_timestamp_current());
}
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/rdp/rdp.c
----------------------------------------------------------------------
diff --git a/src/protocols/rdp/rdp.c b/src/protocols/rdp/rdp.c
index a0de94d..6bba457 100644
--- a/src/protocols/rdp/rdp.c
+++ b/src/protocols/rdp/rdp.c
@@ -671,7 +671,10 @@ static int guac_rdp_handle_connection(guac_client* client) {
rdp_client->recording = guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
- settings->create_recording_path);
+ settings->create_recording_path,
+ !settings->recording_exclude_output,
+ !settings->recording_exclude_mouse,
+ settings->recording_include_keys);
}
/* Create display */
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/rdp/rdp_settings.c
----------------------------------------------------------------------
diff --git a/src/protocols/rdp/rdp_settings.c b/src/protocols/rdp/rdp_settings.c
index 57e6016..0077b9f 100644
--- a/src/protocols/rdp/rdp_settings.c
+++ b/src/protocols/rdp/rdp_settings.c
@@ -90,6 +90,9 @@ const char* GUAC_RDP_CLIENT_ARGS[] = {
"recording-path",
"recording-name",
+ "recording-exclude-output",
+ "recording-exclude-mouse",
+ "recording-include-keys",
"create-recording-path",
"resize-method",
"enable-audio-input",
@@ -396,6 +399,32 @@ enum RDP_ARGS_IDX {
IDX_RECORDING_NAME,
/**
+ * Whether output which is broadcast to each connected client (graphics,
+ * streams, etc.) should NOT be included in the session recording. Output
+ * is included by default, as it is necessary for any recording which must
+ * later be viewable as video.
+ */
+ IDX_RECORDING_EXCLUDE_OUTPUT,
+
+ /**
+ * Whether changes to mouse state, such as position and buttons pressed or
+ * released, should NOT be included in the session recording. Mouse state
+ * is included by default, as it is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ IDX_RECORDING_EXCLUDE_MOUSE,
+
+ /**
+ * Whether keys pressed and released should be included in the session
+ * recording. Key events are NOT included by default within the recording,
+ * as doing so has privacy and security implications. Including key events
+ * may be necessary in certain auditing contexts, but should only be done
+ * with caution. Key events can easily contain sensitive information, such
+ * as passwords, credit card numbers, etc.
+ */
+ IDX_RECORDING_INCLUDE_KEYS,
+
+ /**
* Whether the specified screen recording path should automatically be
* created if it does not yet exist.
*/
@@ -812,6 +841,21 @@ guac_rdp_settings* guac_rdp_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_RDP_CLIENT_ARGS, argv,
IDX_RECORDING_NAME, GUAC_RDP_DEFAULT_RECORDING_NAME);
+ /* Parse output exclusion flag */
+ settings->recording_exclude_output =
+ guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_OUTPUT, 0);
+
+ /* Parse mouse exclusion flag */
+ settings->recording_exclude_mouse =
+ guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_MOUSE, 0);
+
+ /* Parse key event inclusion flag */
+ settings->recording_include_keys =
+ guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv,
+ IDX_RECORDING_INCLUDE_KEYS, 0);
+
/* Parse path creation flag */
settings->create_recording_path =
guac_user_parse_args_boolean(user, GUAC_RDP_CLIENT_ARGS, argv,
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/rdp/rdp_settings.h
----------------------------------------------------------------------
diff --git a/src/protocols/rdp/rdp_settings.h b/src/protocols/rdp/rdp_settings.h
index ec540ef..4a52707 100644
--- a/src/protocols/rdp/rdp_settings.h
+++ b/src/protocols/rdp/rdp_settings.h
@@ -393,6 +393,32 @@ typedef struct guac_rdp_settings {
int create_recording_path;
/**
+ * Non-zero if output which is broadcast to each connected client
+ * (graphics, streams, etc.) should NOT be included in the session
+ * recording, zero otherwise. Output is included by default, as it is
+ * necessary for any recording which must later be viewable as video.
+ */
+ int recording_exclude_output;
+
+ /**
+ * Non-zero if changes to mouse state, such as position and buttons pressed
+ * or released, should NOT be included in the session recording, zero
+ * otherwise. Mouse state is included by default, as it is necessary for
+ * the mouse cursor to be rendered in any resulting video.
+ */
+ int recording_exclude_mouse;
+
+ /**
+ * Non-zero if keys pressed and released should be included in the session
+ * recording, zero otherwise. Key events are NOT included by default within
+ * the recording, as doing so has privacy and security implications.
+ * Including key events may be necessary in certain auditing contexts, but
+ * should only be done with caution. Key events can easily contain
+ * sensitive information, such as passwords, credit card numbers, etc.
+ */
+ int recording_include_keys;
+
+ /**
* The method to apply when the user's display changes size.
*/
guac_rdp_resize_method resize_method;
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/ssh/settings.c
----------------------------------------------------------------------
diff --git a/src/protocols/ssh/settings.c b/src/protocols/ssh/settings.c
index 832dcfa..7c803ea 100644
--- a/src/protocols/ssh/settings.c
+++ b/src/protocols/ssh/settings.c
@@ -50,6 +50,9 @@ const char* GUAC_SSH_CLIENT_ARGS[] = {
"create-typescript-path",
"recording-path",
"recording-name",
+ "recording-exclude-output",
+ "recording-exclude-mouse",
+ "recording-include-keys",
"create-recording-path",
"read-only",
"server-alive-interval",
@@ -162,6 +165,32 @@ enum SSH_ARGS_IDX {
IDX_RECORDING_NAME,
/**
+ * Whether output which is broadcast to each connected client (graphics,
+ * streams, etc.) should NOT be included in the session recording. Output
+ * is included by default, as it is necessary for any recording which must
+ * later be viewable as video.
+ */
+ IDX_RECORDING_EXCLUDE_OUTPUT,
+
+ /**
+ * Whether changes to mouse state, such as position and buttons pressed or
+ * released, should NOT be included in the session recording. Mouse state
+ * is included by default, as it is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ IDX_RECORDING_EXCLUDE_MOUSE,
+
+ /**
+ * Whether keys pressed and released should be included in the session
+ * recording. Key events are NOT included by default within the recording,
+ * as doing so has privacy and security implications. Including key events
+ * may be necessary in certain auditing contexts, but should only be done
+ * with caution. Key events can easily contain sensitive information, such
+ * as passwords, credit card numbers, etc.
+ */
+ IDX_RECORDING_INCLUDE_KEYS,
+
+ /**
* Whether the specified screen recording path should automatically be
* created if it does not yet exist.
*/
@@ -294,6 +323,21 @@ guac_ssh_settings* guac_ssh_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_SSH_CLIENT_ARGS, argv,
IDX_RECORDING_NAME, GUAC_SSH_DEFAULT_RECORDING_NAME);
+ /* Parse output exclusion flag */
+ settings->recording_exclude_output =
+ guac_user_parse_args_boolean(user, GUAC_SSH_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_OUTPUT, false);
+
+ /* Parse mouse exclusion flag */
+ settings->recording_exclude_mouse =
+ guac_user_parse_args_boolean(user, GUAC_SSH_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_MOUSE, false);
+
+ /* Parse key event inclusion flag */
+ settings->recording_include_keys =
+ guac_user_parse_args_boolean(user, GUAC_SSH_CLIENT_ARGS, argv,
+ IDX_RECORDING_INCLUDE_KEYS, false);
+
/* Parse path creation flag */
settings->create_recording_path =
guac_user_parse_args_boolean(user, GUAC_SSH_CLIENT_ARGS, argv,
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/ssh/settings.h
----------------------------------------------------------------------
diff --git a/src/protocols/ssh/settings.h b/src/protocols/ssh/settings.h
index f093023..689d425 100644
--- a/src/protocols/ssh/settings.h
+++ b/src/protocols/ssh/settings.h
@@ -193,6 +193,32 @@ typedef struct guac_ssh_settings {
bool create_recording_path;
/**
+ * Whether output which is broadcast to each connected client (graphics,
+ * streams, etc.) should NOT be included in the session recording. Output
+ * is included by default, as it is necessary for any recording which must
+ * later be viewable as video.
+ */
+ bool recording_exclude_output;
+
+ /**
+ * Whether changes to mouse state, such as position and buttons pressed or
+ * released, should NOT be included in the session recording. Mouse state
+ * is included by default, as it is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ bool recording_exclude_mouse;
+
+ /**
+ * Whether keys pressed and released should be included in the session
+ * recording. Key events are NOT included by default within the recording,
+ * as doing so has privacy and security implications. Including key events
+ * may be necessary in certain auditing contexts, but should only be done
+ * with caution. Key events can easily contain sensitive information, such
+ * as passwords, credit card numbers, etc.
+ */
+ bool recording_include_keys;
+
+ /**
* The number of seconds between sending server alive messages.
*/
int server_alive_interval;
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/ssh/ssh.c
----------------------------------------------------------------------
diff --git a/src/protocols/ssh/ssh.c b/src/protocols/ssh/ssh.c
index d1b9041..0ea60bc 100644
--- a/src/protocols/ssh/ssh.c
+++ b/src/protocols/ssh/ssh.c
@@ -196,7 +196,10 @@ void* ssh_client_thread(void* data) {
ssh_client->recording = guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
- settings->create_recording_path);
+ settings->create_recording_path,
+ !settings->recording_exclude_output,
+ !settings->recording_exclude_mouse,
+ settings->recording_include_keys);
}
/* Create terminal */
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/telnet/settings.c
----------------------------------------------------------------------
diff --git a/src/protocols/telnet/settings.c b/src/protocols/telnet/settings.c
index df7b295..082cff4 100644
--- a/src/protocols/telnet/settings.c
+++ b/src/protocols/telnet/settings.c
@@ -45,6 +45,9 @@ const char* GUAC_TELNET_CLIENT_ARGS[] = {
"create-typescript-path",
"recording-path",
"recording-name",
+ "recording-exclude-output",
+ "recording-exclude-mouse",
+ "recording-include-keys",
"create-recording-path",
"read-only",
NULL
@@ -134,6 +137,32 @@ enum TELNET_ARGS_IDX {
IDX_RECORDING_NAME,
/**
+ * Whether output which is broadcast to each connected client (graphics,
+ * streams, etc.) should NOT be included in the session recording. Output
+ * is included by default, as it is necessary for any recording which must
+ * later be viewable as video.
+ */
+ IDX_RECORDING_EXCLUDE_OUTPUT,
+
+ /**
+ * Whether changes to mouse state, such as position and buttons pressed or
+ * released, should NOT be included in the session recording. Mouse state
+ * is included by default, as it is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ IDX_RECORDING_EXCLUDE_MOUSE,
+
+ /**
+ * Whether keys pressed and released should be included in the session
+ * recording. Key events are NOT included by default within the recording,
+ * as doing so has privacy and security implications. Including key events
+ * may be necessary in certain auditing contexts, but should only be done
+ * with caution. Key events can easily contain sensitive information, such
+ * as passwords, credit card numbers, etc.
+ */
+ IDX_RECORDING_INCLUDE_KEYS,
+
+ /**
* Whether the specified screen recording path should automatically be
* created if it does not yet exist.
*/
@@ -279,6 +308,21 @@ guac_telnet_settings* guac_telnet_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_TELNET_CLIENT_ARGS, argv,
IDX_RECORDING_NAME, GUAC_TELNET_DEFAULT_RECORDING_NAME);
+ /* Parse output exclusion flag */
+ settings->recording_exclude_output =
+ guac_user_parse_args_boolean(user, GUAC_TELNET_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_OUTPUT, false);
+
+ /* Parse mouse exclusion flag */
+ settings->recording_exclude_mouse =
+ guac_user_parse_args_boolean(user, GUAC_TELNET_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_MOUSE, false);
+
+ /* Parse key event inclusion flag */
+ settings->recording_include_keys =
+ guac_user_parse_args_boolean(user, GUAC_TELNET_CLIENT_ARGS, argv,
+ IDX_RECORDING_INCLUDE_KEYS, false);
+
/* Parse path creation flag */
settings->create_recording_path =
guac_user_parse_args_boolean(user, GUAC_TELNET_CLIENT_ARGS, argv,
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/telnet/settings.h
----------------------------------------------------------------------
diff --git a/src/protocols/telnet/settings.h b/src/protocols/telnet/settings.h
index 434e593..11761c6 100644
--- a/src/protocols/telnet/settings.h
+++ b/src/protocols/telnet/settings.h
@@ -181,6 +181,32 @@ typedef struct guac_telnet_settings {
*/
bool create_recording_path;
+ /**
+ * Whether output which is broadcast to each connected client (graphics,
+ * streams, etc.) should NOT be included in the session recording. Output
+ * is included by default, as it is necessary for any recording which must
+ * later be viewable as video.
+ */
+ bool recording_exclude_output;
+
+ /**
+ * Whether changes to mouse state, such as position and buttons pressed or
+ * released, should NOT be included in the session recording. Mouse state
+ * is included by default, as it is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ bool recording_exclude_mouse;
+
+ /**
+ * Whether keys pressed and released should be included in the session
+ * recording. Key events are NOT included by default within the recording,
+ * as doing so has privacy and security implications. Including key events
+ * may be necessary in certain auditing contexts, but should only be done
+ * with caution. Key events can easily contain sensitive information, such
+ * as passwords, credit card numbers, etc.
+ */
+ bool recording_include_keys;
+
} guac_telnet_settings;
/**
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/telnet/telnet.c
----------------------------------------------------------------------
diff --git a/src/protocols/telnet/telnet.c b/src/protocols/telnet/telnet.c
index e135e3e..2a4000d 100644
--- a/src/protocols/telnet/telnet.c
+++ b/src/protocols/telnet/telnet.c
@@ -470,7 +470,10 @@ void* guac_telnet_client_thread(void* data) {
telnet_client->recording = guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
- settings->create_recording_path);
+ settings->create_recording_path,
+ !settings->recording_exclude_output,
+ !settings->recording_exclude_mouse,
+ settings->recording_include_keys);
}
/* Create terminal */
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/vnc/settings.c
----------------------------------------------------------------------
diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c
index 0bcd5ab..509921a 100644
--- a/src/protocols/vnc/settings.c
+++ b/src/protocols/vnc/settings.c
@@ -72,6 +72,9 @@ const char* GUAC_VNC_CLIENT_ARGS[] = {
"recording-path",
"recording-name",
+ "recording-exclude-output",
+ "recording-exclude-mouse",
+ "recording-include-keys",
"create-recording-path",
NULL
@@ -258,6 +261,32 @@ enum VNC_ARGS_IDX {
IDX_RECORDING_NAME,
/**
+ * Whether output which is broadcast to each connected client (graphics,
+ * streams, etc.) should NOT be included in the session recording. Output
+ * is included by default, as it is necessary for any recording which must
+ * later be viewable as video.
+ */
+ IDX_RECORDING_EXCLUDE_OUTPUT,
+
+ /**
+ * Whether changes to mouse state, such as position and buttons pressed or
+ * released, should NOT be included in the session recording. Mouse state
+ * is included by default, as it is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ IDX_RECORDING_EXCLUDE_MOUSE,
+
+ /**
+ * Whether keys pressed and released should be included in the session
+ * recording. Key events are NOT included by default within the recording,
+ * as doing so has privacy and security implications. Including key events
+ * may be necessary in certain auditing contexts, but should only be done
+ * with caution. Key events can easily contain sensitive information, such
+ * as passwords, credit card numbers, etc.
+ */
+ IDX_RECORDING_INCLUDE_KEYS,
+
+ /**
* Whether the specified screen recording path should automatically be
* created if it does not yet exist.
*/
@@ -433,6 +462,21 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user,
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_RECORDING_NAME, GUAC_VNC_DEFAULT_RECORDING_NAME);
+ /* Parse output exclusion flag */
+ settings->recording_exclude_output =
+ guac_user_parse_args_boolean(user, GUAC_VNC_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_OUTPUT, false);
+
+ /* Parse mouse exclusion flag */
+ settings->recording_exclude_mouse =
+ guac_user_parse_args_boolean(user, GUAC_VNC_CLIENT_ARGS, argv,
+ IDX_RECORDING_EXCLUDE_MOUSE, false);
+
+ /* Parse key event inclusion flag */
+ settings->recording_include_keys =
+ guac_user_parse_args_boolean(user, GUAC_VNC_CLIENT_ARGS, argv,
+ IDX_RECORDING_INCLUDE_KEYS, false);
+
/* Parse path creation flag */
settings->create_recording_path =
guac_user_parse_args_boolean(user, GUAC_VNC_CLIENT_ARGS, argv,
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/vnc/settings.h
----------------------------------------------------------------------
diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h
index 4fa8eb4..85e6478 100644
--- a/src/protocols/vnc/settings.h
+++ b/src/protocols/vnc/settings.h
@@ -206,6 +206,32 @@ typedef struct guac_vnc_settings {
*/
bool create_recording_path;
+ /**
+ * Whether output which is broadcast to each connected client (graphics,
+ * streams, etc.) should NOT be included in the session recording. Output
+ * is included by default, as it is necessary for any recording which must
+ * later be viewable as video.
+ */
+ bool recording_exclude_output;
+
+ /**
+ * Whether changes to mouse state, such as position and buttons pressed or
+ * released, should NOT be included in the session recording. Mouse state
+ * is included by default, as it is necessary for the mouse cursor to be
+ * rendered in any resulting video.
+ */
+ bool recording_exclude_mouse;
+
+ /**
+ * Whether keys pressed and released should be included in the session
+ * recording. Key events are NOT included by default within the recording,
+ * as doing so has privacy and security implications. Including key events
+ * may be necessary in certain auditing contexts, but should only be done
+ * with caution. Key events can easily contain sensitive information, such
+ * as passwords, credit card numbers, etc.
+ */
+ bool recording_include_keys;
+
} guac_vnc_settings;
/**
http://git-wip-us.apache.org/repos/asf/guacamole-server/blob/4fb17d56/src/protocols/vnc/vnc.c
----------------------------------------------------------------------
diff --git a/src/protocols/vnc/vnc.c b/src/protocols/vnc/vnc.c
index bc8b5e4..8304b09 100644
--- a/src/protocols/vnc/vnc.c
+++ b/src/protocols/vnc/vnc.c
@@ -306,7 +306,10 @@ void* guac_vnc_client_thread(void* data) {
vnc_client->recording = guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
- settings->create_recording_path);
+ settings->create_recording_path,
+ !settings->recording_exclude_output,
+ !settings->recording_exclude_mouse,
+ settings->recording_include_keys);
}
/* Send name */