/* connect to selected security layer */ BOOL nego_security_connect(rdpNego* nego) { if (!nego->tcp_connected) { nego->security_connected = FALSE; } else if (!nego->security_connected) { if (nego->selected_protocol == PROTOCOL_NLA) { DEBUG_NEGO("nego_security_connect with PROTOCOL_NLA"); nego->security_connected = transport_connect_nla(nego->transport); } else if (nego->selected_protocol == PROTOCOL_TLS) { DEBUG_NEGO("nego_security_connect with PROTOCOL_TLS"); nego->security_connected = transport_connect_tls(nego->transport); } else if (nego->selected_protocol == PROTOCOL_RDP) { DEBUG_NEGO("nego_security_connect with PROTOCOL_RDP"); nego->security_connected = transport_connect_rdp(nego->transport); } else { DEBUG_NEGO("cannot connect security layer because no protocol has been selected yet."); } } return nego->security_connected; }
void nego_process_negotiation_request(rdpNego* nego, STREAM* s) { BYTE flags; UINT16 length; DEBUG_NEGO("RDP_NEG_REQ"); stream_read_BYTE(s, flags); stream_read_UINT16(s, length); stream_read_UINT32(s, nego->requested_protocols); DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols); nego->state = NEGO_STATE_FINAL; }
void nego_attempt_tls(rdpNego* nego) { nego->requested_protocols = PROTOCOL_TLS; DEBUG_NEGO("Attempting TLS security"); if (!nego_tcp_connect(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (!nego_send_negotiation_request(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (!nego_recv_response(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (nego->state != NEGO_STATE_FINAL) { nego_tcp_disconnect(nego); if (nego->enabled_protocols[PROTOCOL_RDP] > 0) nego->state = NEGO_STATE_RDP; else nego->state = NEGO_STATE_FAIL; } }
void nego_attempt_rdp(rdpNego* nego) { nego->requested_protocols = PROTOCOL_RDP; DEBUG_NEGO("Attempting RDP security"); if (!nego_transport_connect(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (!nego_send_negotiation_request(nego)) { freerdp_log(nego->transport->settings->instance, "Error: RDP Negotiation failure\n"); nego->state = NEGO_STATE_FAIL; return; } if (!nego_recv_response(nego)) { freerdp_log(nego->transport->settings->instance, "Error: RDP Negotiation failure\n"); nego->state = NEGO_STATE_FAIL; return; } }
boolean nego_connect(rdpNego* nego) { if (nego->state == NEGO_STATE_INITIAL) { if (nego->enabled_protocols[PROTOCOL_NLA] > 0) nego->state = NEGO_STATE_NLA; else if (nego->enabled_protocols[PROTOCOL_TLS] > 0) nego->state = NEGO_STATE_TLS; else if (nego->enabled_protocols[PROTOCOL_RDP] > 0) nego->state = NEGO_STATE_RDP; else nego->state = NEGO_STATE_FAIL; } do { DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]); nego_send(nego); if (nego->state == NEGO_STATE_FAIL) { DEBUG_NEGO("Protocol Security Negotiation Failure"); nego->state = NEGO_STATE_FINAL; return false; } } while (nego->state != NEGO_STATE_FINAL); DEBUG_NEGO("Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]); /* update settings with negotiated protocol security */ nego->transport->settings->requested_protocols = nego->requested_protocols; nego->transport->settings->selected_protocol = nego->selected_protocol; nego->transport->settings->negotiationFlags = nego->flags; if(nego->selected_protocol == PROTOCOL_RDP) { nego->transport->settings->encryption = true; nego->transport->settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; nego->transport->settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; } return true; }
void nego_process_negotiation_response(rdpNego* nego, wStream* s) { UINT16 length; DEBUG_NEGO("RDP_NEG_RSP"); if (Stream_GetRemainingLength(s) < 7) { DEBUG_NEGO("RDP_INVALID_NEG_RSP"); nego->state = NEGO_STATE_FAIL; return; } Stream_Read_UINT8(s, nego->flags); Stream_Read_UINT16(s, length); Stream_Read_UINT32(s, nego->selected_protocol); nego->state = NEGO_STATE_FINAL; }
void nego_attempt_nla(rdpNego* nego) { nego->requested_protocols = PROTOCOL_NLA | PROTOCOL_TLS; DEBUG_NEGO("Attempting NLA security"); if (!nego_transport_connect(nego)) { freerdp_log(nego->transport->settings->instance, "Error: connection failure\n"); nego->state = NEGO_STATE_FAIL; return; } if (!nego_send_negotiation_request(nego)) { freerdp_log(nego->transport->settings->instance, "Error: NLA Negotiation failure\n"); nego->state = NEGO_STATE_FAIL; return; } if (!nego_recv_response(nego)) { freerdp_log(nego->transport->settings->instance, "Error: NLA Negotiation failure\n"); nego->state = NEGO_STATE_FAIL; return; } DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]); if (nego->state != NEGO_STATE_FINAL) { nego_transport_disconnect(nego); if (nego->enabled_protocols[PROTOCOL_TLS] > 0) nego->state = NEGO_STATE_TLS; else if (nego->enabled_protocols[PROTOCOL_RDP] > 0) nego->state = NEGO_STATE_RDP; else { nego->state = NEGO_STATE_FAIL; freerdp_log(nego->transport->settings->instance, "Error: NLA Negotiation failure\n"); } } }
void nego_send(rdpNego* nego) { if (nego->state == NEGO_STATE_NLA) nego_attempt_nla(nego); else if (nego->state == NEGO_STATE_TLS) nego_attempt_tls(nego); else if (nego->state == NEGO_STATE_RDP) nego_attempt_rdp(nego); else DEBUG_NEGO("invalid negotiation state for sending"); }
BOOL nego_send_negotiation_request(rdpNego* nego) { STREAM* s; int length; BYTE *bm, *em; int cookie_length; s = transport_send_stream_init(nego->transport, 256); length = TPDU_CONNECTION_REQUEST_LENGTH; stream_get_mark(s, bm); stream_seek(s, length); if (nego->RoutingToken != NULL) { stream_write(s, nego->RoutingToken, nego->RoutingTokenLength); length += nego->RoutingTokenLength; } else if (nego->cookie != NULL) { cookie_length = strlen(nego->cookie); if (cookie_length > (int) nego->cookie_max_length) cookie_length = nego->cookie_max_length; stream_write(s, "Cookie: mstshash=", 17); stream_write(s, (BYTE*) nego->cookie, cookie_length); stream_write_BYTE(s, 0x0D); /* CR */ stream_write_BYTE(s, 0x0A); /* LF */ length += cookie_length + 19; } DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols); if (nego->requested_protocols > PROTOCOL_RDP) { /* RDP_NEG_DATA must be present for TLS and NLA */ stream_write_BYTE(s, TYPE_RDP_NEG_REQ); stream_write_BYTE(s, 0); /* flags, must be set to zero */ stream_write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */ stream_write_UINT32(s, nego->requested_protocols); /* requestedProtocols */ length += 8; } stream_get_mark(s, em); stream_set_mark(s, bm); tpkt_write_header(s, length); tpdu_write_connection_request(s, length - 5); stream_set_mark(s, em); if (transport_write(nego->transport, s) < 0) return FALSE; return TRUE; }
void nego_process_negotiation_response(rdpNego* nego, STREAM* s) { UINT16 length; DEBUG_NEGO("RDP_NEG_RSP"); stream_read_BYTE(s, nego->flags); stream_read_UINT16(s, length); stream_read_UINT32(s, nego->selected_protocol); nego->state = NEGO_STATE_FINAL; }
void nego_attempt_ext(rdpNego* nego) { nego->requested_protocols = PROTOCOL_NLA | PROTOCOL_TLS | PROTOCOL_EXT; DEBUG_NEGO("Attempting NLA extended security"); if (!nego_transport_connect(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (!nego_send_negotiation_request(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (!nego_recv_response(nego)) { nego->state = NEGO_STATE_FAIL; return; } DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]); if (nego->state != NEGO_STATE_FINAL) { nego_transport_disconnect(nego); if (nego->enabled_protocols[PROTOCOL_NLA]) nego->state = NEGO_STATE_NLA; else if (nego->enabled_protocols[PROTOCOL_TLS]) nego->state = NEGO_STATE_TLS; else if (nego->enabled_protocols[PROTOCOL_RDP]) nego->state = NEGO_STATE_RDP; else nego->state = NEGO_STATE_FAIL; } }
void nego_process_negotiation_request(rdpNego* nego, STREAM* s) { uint8 flags; uint16 length; DEBUG_NEGO("RDP_NEG_REQ"); stream_read_uint8(s, flags); stream_read_uint16(s, length); stream_read_uint32(s, nego->requested_protocols); nego->state = NEGO_STATE_FINAL; }
BOOL nego_send_preconnection_pdu(rdpNego* nego) { wStream* s; UINT32 cbSize; UINT16 cchPCB = 0; WCHAR* wszPCB = NULL; if (!nego->send_preconnection_pdu) return TRUE; DEBUG_NEGO("Sending preconnection PDU"); if (!nego_tcp_connect(nego)) return FALSE; /* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */ cbSize = PRECONNECTION_PDU_V2_MIN_SIZE; if (nego->preconnection_blob) { cchPCB = (UINT16) ConvertToUnicode(CP_UTF8, 0, nego->preconnection_blob, -1, &wszPCB, 0); cchPCB += 1; /* zero-termination */ cbSize += cchPCB * 2; } s = Stream_New(NULL, cbSize); Stream_Write_UINT32(s, cbSize); /* cbSize */ Stream_Write_UINT32(s, 0); /* Flags */ Stream_Write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */ Stream_Write_UINT32(s, nego->preconnection_id); /* Id */ Stream_Write_UINT16(s, cchPCB); /* cchPCB */ if (wszPCB) { Stream_Write(s, wszPCB, cchPCB * 2); /* wszPCB */ free(wszPCB); } Stream_SealLength(s); if (transport_write(nego->transport, s) < 0) { Stream_Free(s, TRUE); return FALSE; } Stream_Free(s, TRUE); return TRUE; }
boolean nego_send_negotiation_request(rdpNego* nego) { STREAM* s; int length; uint8 *bm, *em; s = transport_send_stream_init(nego->transport, 256); length = TPDU_CONNECTION_REQUEST_LENGTH; stream_get_mark(s, bm); stream_seek(s, length); if (nego->routing_token != NULL) { stream_write(s, nego->routing_token->data, nego->routing_token->length); length += nego->routing_token->length; } else if (nego->cookie != NULL) { int cookie_length = strlen(nego->cookie); stream_write(s, "Cookie: mstshash=", 17); stream_write(s, (uint8*) nego->cookie, cookie_length); stream_write_uint8(s, 0x0D); /* CR */ stream_write_uint8(s, 0x0A); /* LF */ length += cookie_length + 19; } DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols); if (nego->requested_protocols > PROTOCOL_RDP) { /* RDP_NEG_DATA must be present for TLS and NLA */ stream_write_uint8(s, TYPE_RDP_NEG_REQ); stream_write_uint8(s, 0); /* flags, must be set to zero */ stream_write_uint16(s, 8); /* RDP_NEG_DATA length (8) */ stream_write_uint32(s, nego->requested_protocols); /* requestedProtocols */ length += 8; } stream_get_mark(s, em); stream_set_mark(s, bm); tpkt_write_header(s, length); tpdu_write_connection_request(s, length - 5); stream_set_mark(s, em); if (transport_write(nego->transport, s) < 0) return false; return true; }
boolean nego_send_preconnection_pdu(rdpNego* nego) { STREAM* s; uint32 cbSize; UNICONV* uniconv; uint16 cchPCB_times2 = 0; char* wszPCB = NULL; if (!nego->send_preconnection_pdu) return true; DEBUG_NEGO("Sending preconnection PDU"); if (!nego_tcp_connect(nego)) return false; /* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */ cbSize = PRECONNECTION_PDU_V2_MIN_SIZE; if (nego->preconnection_blob) { size_t size; uniconv = freerdp_uniconv_new(); wszPCB = freerdp_uniconv_out(uniconv, nego->preconnection_blob, &size); cchPCB_times2 = (uint16) size; freerdp_uniconv_free(uniconv); cchPCB_times2 += 2; /* zero-termination */ cbSize += cchPCB_times2; } s = transport_send_stream_init(nego->transport, cbSize); stream_write_uint32(s, cbSize); /* cbSize */ stream_write_uint32(s, 0); /* Flags */ stream_write_uint32(s, PRECONNECTION_PDU_V2); /* Version */ stream_write_uint32(s, nego->preconnection_id); /* Id */ stream_write_uint16(s, cchPCB_times2 / 2); /* cchPCB */ if (wszPCB) { stream_write(s, wszPCB, cchPCB_times2); /* wszPCB */ xfree(wszPCB); } if (transport_write(nego->transport, s) < 0) return false; return true; }
BOOL nego_send_preconnection_pdu(rdpNego* nego) { STREAM* s; UINT32 cbSize; UINT16 cchPCB = 0; WCHAR* wszPCB = NULL; if (!nego->send_preconnection_pdu) return TRUE; DEBUG_NEGO("Sending preconnection PDU"); if (!nego_tcp_connect(nego)) return FALSE; /* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */ cbSize = PRECONNECTION_PDU_V2_MIN_SIZE; if (nego->preconnection_blob) { cchPCB = (UINT16) freerdp_AsciiToUnicodeAlloc(nego->preconnection_blob, &wszPCB, 0); cchPCB += 1; /* zero-termination */ cbSize += cchPCB * 2; } s = transport_send_stream_init(nego->transport, cbSize); stream_write_UINT32(s, cbSize); /* cbSize */ stream_write_UINT32(s, 0); /* Flags */ stream_write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */ stream_write_UINT32(s, nego->preconnection_id); /* Id */ stream_write_UINT16(s, cchPCB); /* cchPCB */ if (wszPCB) { stream_write(s, wszPCB, cchPCB * 2); /* wszPCB */ free(wszPCB); } if (transport_write(nego->transport, s) < 0) return FALSE; return TRUE; }
void nego_process_negotiation_failure(rdpNego* nego, wStream* s) { BYTE flags; UINT16 length; UINT32 failureCode; DEBUG_NEGO("RDP_NEG_FAILURE"); Stream_Read_UINT8(s, flags); Stream_Read_UINT16(s, length); Stream_Read_UINT32(s, failureCode); switch (failureCode) { case SSL_REQUIRED_BY_SERVER: DEBUG_NEGO("Error: SSL_REQUIRED_BY_SERVER"); break; case SSL_NOT_ALLOWED_BY_SERVER: DEBUG_NEGO("Error: SSL_NOT_ALLOWED_BY_SERVER"); nego->sendNegoData = TRUE; break; case SSL_CERT_NOT_ON_SERVER: DEBUG_NEGO("Error: SSL_CERT_NOT_ON_SERVER"); nego->sendNegoData = TRUE; break; case INCONSISTENT_FLAGS: DEBUG_NEGO("Error: INCONSISTENT_FLAGS"); break; case HYBRID_REQUIRED_BY_SERVER: DEBUG_NEGO("Error: HYBRID_REQUIRED_BY_SERVER"); break; default: DEBUG_NEGO("Error: Unknown protocol security error %d", failureCode); break; } nego->state = NEGO_STATE_FAIL; }
void nego_attempt_rdp(rdpNego* nego) { nego->requested_protocols = PROTOCOL_RDP; DEBUG_NEGO("Attempting RDP security"); if (!nego_tcp_connect(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (!nego_send_negotiation_request(nego)) { nego->state = NEGO_STATE_FAIL; return; } if (!nego_recv_response(nego)) { nego->state = NEGO_STATE_FAIL; return; } }
void nego_process_negotiation_failure(rdpNego* nego, STREAM* s) { uint8 flags; uint16 length; uint32 failureCode; DEBUG_NEGO("RDP_NEG_FAILURE"); stream_read_uint8(s, flags); stream_read_uint16(s, length); stream_read_uint32(s, failureCode); switch (failureCode) { case SSL_REQUIRED_BY_SERVER: DEBUG_NEGO("Error: SSL_REQUIRED_BY_SERVER"); break; case SSL_NOT_ALLOWED_BY_SERVER: DEBUG_NEGO("Error: SSL_NOT_ALLOWED_BY_SERVER"); break; case SSL_CERT_NOT_ON_SERVER: DEBUG_NEGO("Error: SSL_CERT_NOT_ON_SERVER"); break; case INCONSISTENT_FLAGS: DEBUG_NEGO("Error: INCONSISTENT_FLAGS"); break; case HYBRID_REQUIRED_BY_SERVER: DEBUG_NEGO("Error: HYBRID_REQUIRED_BY_SERVER"); break; default: DEBUG_NEGO("Error: Unknown protocol security error %d", failureCode); break; } nego->state = NEGO_STATE_FAIL; }
void nego_enable_rdp(rdpNego* nego, boolean enable_rdp) { DEBUG_NEGO("Enabling RDP security: %s", enable_rdp ? "true" : "false"); nego->enabled_protocols[PROTOCOL_RDP] = enable_rdp; }
void nego_set_negotiation_enabled(rdpNego* nego, boolean security_layer_negotiation_enabled) { DEBUG_NEGO("Enabling security layer negotiation: %s", security_layer_negotiation_enabled ? "true" : "false"); nego->security_layer_negotiation_enabled = security_layer_negotiation_enabled; }
void nego_enable_ext(rdpNego* nego, BOOL enable_ext) { DEBUG_NEGO("Enabling NLA extended security: %s", enable_ext ? "TRUE" : "FALSE"); nego->enabled_protocols[PROTOCOL_EXT] = enable_ext; }
void nego_enable_nla(rdpNego* nego, BOOL enable_nla) { DEBUG_NEGO("Enabling NLA security: %s", enable_nla ? "TRUE" : "FALSE"); nego->enabled_protocols[PROTOCOL_NLA] = enable_nla; }
/** * Enable TLS security protocol. * @param nego pointer to the negotiation structure * @param enable_tls whether to enable TLS + RDP protocol (TRUE for enabled, FALSE for disabled) */ void nego_enable_tls(rdpNego* nego, BOOL enable_tls) { DEBUG_NEGO("Enabling TLS security: %s", enable_tls ? "TRUE" : "FALSE"); nego->enabled_protocols[PROTOCOL_TLS] = enable_tls; }
void nego_enable_rdp(rdpNego* nego, BOOL enable_rdp) { DEBUG_NEGO("Enabling RDP security: %s", enable_rdp ? "TRUE" : "FALSE"); nego->enabled_protocols[PROTOCOL_RDP] = enable_rdp; }
/** * Enable TLS security protocol. * @param nego pointer to the negotiation structure * @param enable_tls whether to enable TLS + RDP protocol (true for enabled, false for disabled) */ void nego_enable_tls(rdpNego* nego, boolean enable_tls) { DEBUG_NEGO("Enabling TLS security: %s", enable_tls ? "true" : "false"); nego->enabled_protocols[PROTOCOL_TLS] = enable_tls; }
BOOL nego_recv(rdpTransport* transport, STREAM* s, void* extra) { BYTE li; BYTE type; UINT16 length; rdpNego* nego = (rdpNego*) extra; length = tpkt_read_header(s); if (length == 0) return FALSE; if(!tpdu_read_connection_confirm(s, &li)) return FALSE; if (li > 6) { /* rdpNegData (optional) */ stream_read_BYTE(s, type); /* Type */ switch (type) { case TYPE_RDP_NEG_RSP: nego_process_negotiation_response(nego, s); DEBUG_NEGO("selected_protocol: %d", nego->selected_protocol); /* enhanced security selected ? */ if (nego->selected_protocol) { if ((nego->selected_protocol == PROTOCOL_NLA) && (!nego->enabled_protocols[PROTOCOL_NLA])) { nego->state = NEGO_STATE_FAIL; } if ((nego->selected_protocol == PROTOCOL_TLS) && (!nego->enabled_protocols[PROTOCOL_TLS])) { nego->state = NEGO_STATE_FAIL; } } else if (!nego->enabled_protocols[PROTOCOL_RDP]) { nego->state = NEGO_STATE_FAIL; } break; case TYPE_RDP_NEG_FAILURE: nego_process_negotiation_failure(nego, s); break; } } else if (li == 6) { DEBUG_NEGO("no rdpNegData"); if (!nego->enabled_protocols[PROTOCOL_RDP]) nego->state = NEGO_STATE_FAIL; else nego->state = NEGO_STATE_FINAL; } else { printf("invalid negotiation response\n"); nego->state = NEGO_STATE_FAIL; } return TRUE; }
BOOL nego_connect(rdpNego* nego) { if (nego->state == NEGO_STATE_INITIAL) { if (nego->enabled_protocols[PROTOCOL_EXT]) { nego->state = NEGO_STATE_EXT; } else if (nego->enabled_protocols[PROTOCOL_NLA]) { nego->state = NEGO_STATE_NLA; } else if (nego->enabled_protocols[PROTOCOL_TLS]) { nego->state = NEGO_STATE_TLS; } else if (nego->enabled_protocols[PROTOCOL_RDP]) { nego->state = NEGO_STATE_RDP; } else { DEBUG_NEGO("No security protocol is enabled"); nego->state = NEGO_STATE_FAIL; } if (!nego->NegotiateSecurityLayer_enabled) { DEBUG_NEGO("Security Layer Negotiation is disabled"); /* attempt only the highest enabled protocol (see nego_attempt_*) */ nego->enabled_protocols[PROTOCOL_NLA] = FALSE; nego->enabled_protocols[PROTOCOL_TLS] = FALSE; nego->enabled_protocols[PROTOCOL_RDP] = FALSE; nego->enabled_protocols[PROTOCOL_EXT] = FALSE; if (nego->state == NEGO_STATE_EXT) { nego->enabled_protocols[PROTOCOL_EXT] = TRUE; nego->enabled_protocols[PROTOCOL_NLA] = TRUE; nego->selected_protocol = PROTOCOL_EXT; } else if (nego->state == NEGO_STATE_NLA) { nego->enabled_protocols[PROTOCOL_NLA] = TRUE; nego->selected_protocol = PROTOCOL_NLA; } else if (nego->state == NEGO_STATE_TLS) { nego->enabled_protocols[PROTOCOL_TLS] = TRUE; nego->selected_protocol = PROTOCOL_TLS; } else if (nego->state == NEGO_STATE_RDP) { nego->enabled_protocols[PROTOCOL_RDP] = TRUE; nego->selected_protocol = PROTOCOL_RDP; } } if (!nego_send_preconnection_pdu(nego)) { DEBUG_NEGO("Failed to send preconnection pdu"); nego->state = NEGO_STATE_FINAL; return FALSE; } } do { DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]); nego_send(nego); if (nego->state == NEGO_STATE_FAIL) { DEBUG_NEGO("Protocol Security Negotiation Failure"); nego->state = NEGO_STATE_FINAL; return FALSE; } } while (nego->state != NEGO_STATE_FINAL); DEBUG_NEGO("Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]); /* update settings with negotiated protocol security */ nego->transport->settings->RequestedProtocols = nego->requested_protocols; nego->transport->settings->SelectedProtocol = nego->selected_protocol; nego->transport->settings->NegotiationFlags = nego->flags; if (nego->selected_protocol == PROTOCOL_RDP) { nego->transport->settings->DisableEncryption = TRUE; nego->transport->settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; nego->transport->settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; } /* finally connect security layer (if not already done) */ if (!nego_security_connect(nego)) { DEBUG_NEGO("Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]); return FALSE; } return TRUE; }
void nego_enable_nla(rdpNego* nego, boolean enable_nla) { DEBUG_NEGO("Enabling NLA security: %s", enable_nla ? "true" : "false"); nego->enabled_protocols[PROTOCOL_NLA] = enable_nla; }
void nego_set_negotiation_enabled(rdpNego* nego, BOOL NegotiateSecurityLayer_enabled) { DEBUG_NEGO("Enabling security layer negotiation: %s", NegotiateSecurityLayer_enabled ? "TRUE" : "FALSE"); nego->NegotiateSecurityLayer_enabled = NegotiateSecurityLayer_enabled; }