From e446882519b45d4b506cd469f328adbe25f4030d Mon Sep 17 00:00:00 2001 From: Esdras Renan Date: Wed, 12 Nov 2025 13:30:46 -0300 Subject: [PATCH] fix: enforce permanent RustDesk password fallback --- apps/desktop/src-tauri/src/rustdesk.rs | 56 +++++++++++++++++++++++++- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/apps/desktop/src-tauri/src/rustdesk.rs b/apps/desktop/src-tauri/src/rustdesk.rs index 584d894..a17ff8f 100644 --- a/apps/desktop/src-tauri/src/rustdesk.rs +++ b/apps/desktop/src-tauri/src/rustdesk.rs @@ -27,6 +27,8 @@ const SERVICE_NAME: &str = "RustDesk"; const CACHE_DIR_NAME: &str = "Rever\\RustDeskCache"; const LOCAL_SERVICE_CONFIG: &str = r"C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Roaming\\RustDesk\\config"; const LOCAL_SYSTEM_CONFIG: &str = r"C:\\Windows\\System32\\config\\systemprofile\\AppData\\Roaming\\RustDesk\\config"; +const SECURITY_VERIFICATION_VALUE: &str = "use-permanent-password"; +const SECURITY_APPROVE_MODE_VALUE: &str = "password"; const CREATE_NO_WINDOW: u32 = 0x08000000; static PROVISION_MUTEX: Lazy> = Lazy::new(|| Mutex::new(())); @@ -135,6 +137,10 @@ pub fn ensure_rustdesk( Ok(_) => log_event("Artefatos de senha replicados para o serviço do RustDesk"), Err(error) => log_event(&format!("Falha ao replicar artefatos de senha: {error}")), } + + if let Err(error) = enforce_security_flags() { + log_event(&format!("Falha ao reforçar configuração de senha permanente: {error}")); + } } let custom_id = if let Some(value) = machine_id.and_then(|raw| { @@ -508,14 +514,60 @@ fn ensure_password_files(secret: &str) -> Result<(), String> { } let local_path = dir.join("RustDesk_local.toml"); - if let Err(error) = write_toml_kv(&local_path, "verification-method", "use-both-passwords") { + if let Err(error) = write_toml_kv(&local_path, "verification-method", SECURITY_VERIFICATION_VALUE) { log_event(&format!( "Falha ao ajustar verification-method em {}: {error}", local_path.display() )); } else { log_event(&format!( - "verification-method atualizado para use-both-passwords em {}", + "verification-method atualizado para {} em {}", + SECURITY_VERIFICATION_VALUE, + local_path.display() + )); + } + + if let Err(error) = write_toml_kv(&local_path, "approve-mode", SECURITY_APPROVE_MODE_VALUE) { + log_event(&format!( + "Falha ao ajustar approve-mode em {}: {error}", + local_path.display() + )); + } else { + log_event(&format!( + "approve-mode atualizado para {} em {}", + SECURITY_APPROVE_MODE_VALUE, + local_path.display() + )); + } + } + + if errors.is_empty() { + Ok(()) + } else { + Err(errors.join(" | ")) + } +} + +fn enforce_security_flags() -> Result<(), String> { + let mut errors = Vec::new(); + for dir in remote_id_directories() { + let local_path = dir.join("RustDesk_local.toml"); + if let Err(error) = write_toml_kv(&local_path, "verification-method", SECURITY_VERIFICATION_VALUE) { + errors.push(format!("{} -> {}", local_path.display(), error)); + } else { + log_event(&format!( + "verification-method atualizado para {} em {}", + SECURITY_VERIFICATION_VALUE, + local_path.display() + )); + } + + if let Err(error) = write_toml_kv(&local_path, "approve-mode", SECURITY_APPROVE_MODE_VALUE) { + errors.push(format!("{} -> {}", local_path.display(), error)); + } else { + log_event(&format!( + "approve-mode atualizado para {} em {}", + SECURITY_APPROVE_MODE_VALUE, local_path.display() )); }