[config] add name with description for some enumeration option

wallix · Nov 15, 2023 · e515774 · e515774
1 parent 1520196
commit e515774
Show file tree

Hide file tree

Showing 15 changed files with 298 additions and 250 deletions.
diff --git a/projects/redemption_configs/autogen/doc/acl_dialog.txt b/projects/redemption_configs/autogen/doc/acl_dialog.txt
@@ -179,9 +179,9 @@ cfg::session_probe::enable_launch_mask ⇐ session_probe:enable_launch_mask   [b
     Disabling the mask makes it easier to diagnose Session Probe launch issues. It is recommended to enable the mask for normal operation.
 cfg::session_probe::on_launch_failure ⇐ session_probe:on_launch_failure   [SessionProbeOnLaunchFailure]
     It is recommended to use option 1 (disconnect user).
-      0: The metadata collected is not essential for us. Instead, we prefer to minimize the impact on the user experience. The Session Probe launch will be in best-effort mode. The prevailing duration is defined by the 'Launch fallback timeout' instead of the 'Launch timeout'.
-      1: This is the recommended setting. If the target meets all the technical prerequisites, there is no reason for the Session Probe not to launch. All that remains is to adapt the value of 'Launch timeout' to the performance of the target.
-      2: We wish to be able to recover the behavior of Bastion 5 when the Session Probe does not launch. The prevailing duration is defined by the 'Launch fallback timeout' instead of the 'Launch timeout'.
+      0: ignore and continue: The metadata collected is not essential for us. Instead, we prefer to minimize the impact on the user experience. The Session Probe launch will be in best-effort mode. The prevailing duration is defined by the 'Launch fallback timeout' instead of the 'Launch timeout'.
+      1: disconnect user: This is the recommended setting. If the target meets all the technical prerequisites, there is no reason for the Session Probe not to launch. All that remains is to adapt the value of 'Launch timeout' to the performance of the target.
+      2: retry without session probe: We wish to be able to recover the behavior of Bastion 5 when the Session Probe does not launch. The prevailing duration is defined by the 'Launch fallback timeout' instead of the 'Launch timeout'.
 cfg::session_probe::launch_timeout ⇐ session_probe:launch_timeout   [std::chrono::milliseconds]
     This parameter is used if 'On launch failure' is 1 (disconnect user).
     0 to disable timeout.
@@ -200,9 +200,9 @@ cfg::session_probe::keepalive_timeout ⇐ session_probe:keepalive_timeout   [std
     in milliseconds
 cfg::session_probe::on_keepalive_timeout ⇐ session_probe:on_keepalive_timeout   [SessionProbeOnKeepaliveTimeout]
     This parameter allows us to choose the behavior of the RDP Proxy in case of losing the connection with Session Probe.
-      0: Designed to minimize the impact on the user experience if the Session Probe is unstable. It should not be used when Session Probe is working well. An attacker can take advantage of this setting by simulating a Session Probe crash in order to bypass the surveillance.
-      1: Legacy behavior. It’s a choice that gives more security, but the impact on the user experience seems disproportionate. The RDP session can be closed (resulting in the permanent loss of all its unsaved elements) if the 'End disconnected session' parameter (or an equivalent setting at the RDS-level) is enabled.
-      2: This is the recommended setting. User actions will be blocked until contact with the Session Probe (reply to KeepAlive message or something else) is resumed.
+      0: ignore and continue: Designed to minimize the impact on the user experience if the Session Probe is unstable. It should not be used when Session Probe is working well. An attacker can take advantage of this setting by simulating a Session Probe crash in order to bypass the surveillance.
+      1: disconnect user: Legacy behavior. It’s a choice that gives more security, but the impact on the user experience seems disproportionate. The RDP session can be closed (resulting in the permanent loss of all its unsaved elements) if the 'End disconnected session' parameter (or an equivalent setting at the RDS-level) is enabled.
+      2: freeze connection and wait: This is the recommended setting. User actions will be blocked until contact with the Session Probe (reply to KeepAlive message or something else) is resumed.
 cfg::session_probe::end_disconnected_session ⇐ session_probe:end_disconnected_session   [bool]
     The behavior of this parameter is different between the Desktop session and the RemoteApp session (RDS meaning). But in each case, the purpose of enabling this parameter is to not leave disconnected sessions in a state unusable by the RDP proxy.
     If enabled, Session Probe will automatically end the disconnected Desktop session. Otherwise, the RDP session and the applications it contains will remain active after user disconnection (unless a parameter defined at the RDS-level decides otherwise).
@@ -219,12 +219,12 @@ cfg::session_probe::enable_log_rotation ⇐ session_probe:enable_log_rotation
     The Log files rotation helps reduce disk space consumption caused by logging. But the interesting information may be lost if the corresponding file is not retrieved in time.
 cfg::session_probe::log_level ⇐ session_probe:log_level   [SessionProbeLogLevel]
     Defines logging severity levels.
-      1: The Fatal level designates very severe error events that will presumably lead the application to abort.
-      2: The Error level designates error events that might still allow the application to continue running.
-      3: The Info level designates informational messages that highlight the progress of the application at coarse-grained level.
-      4: The Warning level designates potentially harmful situations.
-      5: The Debug level designates fine-grained informational events that are mostly useful to debug an application.
-      6: The Detail level designates finer-grained informational events than Debug.
+      1: Fatal: Designates very severe error events that will presumably lead the application to abort.
+      2: Error: Designates error events that might still allow the application to continue running.
+      3: Info: Designates informational messages that highlight the progress of the application at coarse-grained level.
+      4: Warning: Designates potentially harmful situations.
+      5: Debug: Designates fine-grained informational events that are mostly useful to debug an application.
+      6: Detail: Designates finer-grained informational events than Debug.
 cfg::session_probe::disconnected_application_limit ⇐ session_probe:disconnected_application_limit   [std::chrono::milliseconds]
     (Deprecated!)
     The period above which the disconnected Application session will be automatically closed by the Session Probe.
@@ -342,9 +342,9 @@ cfg::session_probe::on_account_manipulation ⇐ session_probe:on_account_manipul
     BestSafe interaction must be enabled. Please refer to 'Enable bestsafe interaction' parameter.
     This parameter allows you to choose the behavior of the RDP Proxy in case of detection of Windows account manipulation.
     Detectable account manipulations are the creation, deletion of a Windows account, and the addition and deletion of an account from a Windows user group.
-      0: User action will be accepted
-      1: (Same thing as 'allow') 
-      2: User action will be rejected
+      0: allow: User action will be accepted
+      1: notify: (Same thing as 'allow') 
+      2: deny: User action will be rejected
 cfg::session_probe::alternate_directory_environment_variable ⇐ session_probe:alternate_directory_environment_variable   [std::string(maxlen=3)]
     This parameter is used to indicate the name of an environment variable, to be set on the Windows device, and pointed to a directory (on the device) that can be used to store and start the Session Probe. The environment variable must be available in the Windows user session.
     The environment variable name is limited to 3 characters or less.
@@ -367,9 +367,9 @@ cfg::session_probe::process_monitoring_rules ⇐ session_probe:process_monitorin
     @ = All child processes of (Bastion) application (Ex.: $deny:@)
     BestSafe can be used to perform detection of process launched in the session. Please refer to 'Enable bestsafe interaction' parameter.
 cfg::session_probe::process_command_line_retrieve_method ⇐ session_probe:process_command_line_retrieve_method   [SessionProbeProcessCommandLineRetrieveMethod]
-      0: Get command-line of processes via Windows Management Instrumentation. (Legacy method)
-      1: Calling internal system APIs to get the process command line. (More efficient but less stable)
-      2: First use internal system APIs call, if that fails, use Windows Management Instrumentation method.
+      0: windows management instrumentation: Get command-line of processes via Windows Management Instrumentation. (Legacy method)
+      1: windows internals: Calling internal system APIs to get the process command line. (More efficient but less stable)
+      2: both: First use internal system APIs call, if that fails, use Windows Management Instrumentation method.
 cfg::session_probe::periodic_task_run_interval ⇐ session_probe:periodic_task_run_interval   [std::chrono::milliseconds]
     Time between two polling performed by Session Probe.
     The parameter is created to adapt the CPU consumption to the performance of the Windows device.
@@ -391,33 +391,33 @@ cfg::server_cert::server_cert_check ⇐ server_cert:server_cert_check   [ServerC
 cfg::server_cert::server_access_allowed_message ⇐ server_cert:server_access_allowed_message   [ServerNotification]
     Warn if check allow connexion to server.
       0x0: nobody
-      0x1: message sent to syslog
-      0x2: User notified (through proxy interface)
-      0x4: admin notified (Bastion notification)
+      0x1: syslog: message sent to syslog
+      0x2: user: User notified (through proxy interface)
+      0x4: admin: admin notified (Bastion notification)
 
     Note: values can be added (enable all: 0x1 + 0x2 + 0x4 = 0x7)
 cfg::server_cert::server_cert_create_message ⇐ server_cert:server_cert_create_message   [ServerNotification]
     Warn that new server certificate file was created.
       0x0: nobody
-      0x1: message sent to syslog
-      0x2: User notified (through proxy interface)
-      0x4: admin notified (Bastion notification)
+      0x1: syslog: message sent to syslog
+      0x2: user: User notified (through proxy interface)
+      0x4: admin: admin notified (Bastion notification)
 
     Note: values can be added (enable all: 0x1 + 0x2 + 0x4 = 0x7)
 cfg::server_cert::server_cert_success_message ⇐ server_cert:server_cert_success_message   [ServerNotification]
     Warn that server certificate file was successfully checked.
       0x0: nobody
-      0x1: message sent to syslog
-      0x2: User notified (through proxy interface)
-      0x4: admin notified (Bastion notification)
+      0x1: syslog: message sent to syslog
+      0x2: user: User notified (through proxy interface)
+      0x4: admin: admin notified (Bastion notification)
 
     Note: values can be added (enable all: 0x1 + 0x2 + 0x4 = 0x7)
 cfg::server_cert::server_cert_failure_message ⇐ server_cert:server_cert_failure_message   [ServerNotification]
     Warn that server certificate file checking failed.
       0x0: nobody
-      0x1: message sent to syslog
-      0x2: User notified (through proxy interface)
-      0x4: admin notified (Bastion notification)
+      0x1: syslog: message sent to syslog
+      0x2: user: User notified (through proxy interface)
+      0x4: admin: admin notified (Bastion notification)
 
     Note: values can be added (enable all: 0x1 + 0x2 + 0x4 = 0x7)
 cfg::server_cert::enable_external_validation ⇐ enable_external_validation   [bool]
@@ -436,9 +436,9 @@ cfg::mod_vnc::server_clipboard_encoding_type ⇐ vnc_server_clipboard_encoding_t
 cfg::mod_vnc::bogus_clipboard_infinite_loop ⇐ vnc_bogus_clipboard_infinite_loop   [VncBogusClipboardInfiniteLoop]
     The RDP clipboard is based on a token that indicates who owns data between server and client. However, some RDP clients, such as Freerpd, always appropriate this token. This conflicts with VNC, which also appropriates this token, causing clipboard data to be sent in loops.
     This option indicates the strategy to adopt in such situations.
-      0: Clipboard processing is deferred and, if necessary, the token is left with the client.
-      1: When 2 identical requests are received, the second is ignored. This can block clipboard data reception until a clipboard event is triggered on the server when the client clipboard is blocked, and vice versa.
-      2: No special processing is done, the proxy always responds immediately.
+      0: delayed: Clipboard processing is deferred and, if necessary, the token is left with the client.
+      1: duplicated: When 2 identical requests are received, the second is ignored. This can block clipboard data reception until a clipboard event is triggered on the server when the client clipboard is blocked, and vice versa.
+      2: continued: No special processing is done, the proxy always responds immediately.
 cfg::mod_vnc::server_is_macos ⇐ mod_vnc:server_is_macos   [bool]
 cfg::mod_vnc::server_unix_alt ⇐ mod_vnc:server_unix_alt   [bool]
     When disabled, Ctrl + Alt becomes AltGr (Windows behavior)