BOOL nego_transport_connect(rdpNego* nego) { nego_tcp_connect(nego); if (nego->TcpConnected && !nego->NegotiateSecurityLayer) return nego_security_connect(nego); return nego->TcpConnected; }
boolean nego_transport_connect(rdpNego* nego) { nego_tcp_connect(nego); if (nego->tcp_connected && !nego->security_layer_negotiation_enabled) return nego_security_connect(nego); return nego->tcp_connected; }
BOOL nego_connect(rdpNego* nego) { rdpSettings* settings = nego->transport->settings; if (nego->state == NEGO_STATE_INITIAL) { if (nego->EnabledProtocols[PROTOCOL_EXT]) { nego->state = NEGO_STATE_EXT; } else if (nego->EnabledProtocols[PROTOCOL_NLA]) { nego->state = NEGO_STATE_NLA; } else if (nego->EnabledProtocols[PROTOCOL_TLS]) { nego->state = NEGO_STATE_TLS; } else if (nego->EnabledProtocols[PROTOCOL_RDP]) { nego->state = NEGO_STATE_RDP; } else { WLog_ERR(TAG, "No security protocol is enabled"); nego->state = NEGO_STATE_FAIL; return FALSE; } if (!nego->NegotiateSecurityLayer) { WLog_DBG(TAG, "Security Layer Negotiation is disabled"); /* attempt only the highest enabled protocol (see nego_attempt_*) */ nego->EnabledProtocols[PROTOCOL_NLA] = FALSE; nego->EnabledProtocols[PROTOCOL_TLS] = FALSE; nego->EnabledProtocols[PROTOCOL_RDP] = FALSE; nego->EnabledProtocols[PROTOCOL_EXT] = FALSE; if (nego->state == NEGO_STATE_EXT) { nego->EnabledProtocols[PROTOCOL_EXT] = TRUE; nego->EnabledProtocols[PROTOCOL_NLA] = TRUE; nego->SelectedProtocol = PROTOCOL_EXT; } else if (nego->state == NEGO_STATE_NLA) { nego->EnabledProtocols[PROTOCOL_NLA] = TRUE; nego->SelectedProtocol = PROTOCOL_NLA; } else if (nego->state == NEGO_STATE_TLS) { nego->EnabledProtocols[PROTOCOL_TLS] = TRUE; nego->SelectedProtocol = PROTOCOL_TLS; } else if (nego->state == NEGO_STATE_RDP) { nego->EnabledProtocols[PROTOCOL_RDP] = TRUE; nego->SelectedProtocol = PROTOCOL_RDP; } } if (nego->SendPreconnectionPdu) { if (!nego_send_preconnection_pdu(nego)) { WLog_ERR(TAG, "Failed to send preconnection pdu"); nego->state = NEGO_STATE_FINAL; return FALSE; } } } do { WLog_DBG(TAG, "state: %s", NEGO_STATE_STRINGS[nego->state]); nego_send(nego); if (nego->state == NEGO_STATE_FAIL) { WLog_ERR(TAG, "Protocol Security Negotiation Failure"); nego->state = NEGO_STATE_FINAL; return FALSE; } } while (nego->state != NEGO_STATE_FINAL); WLog_DBG(TAG, "Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->SelectedProtocol]); /* update settings with negotiated protocol security */ settings->RequestedProtocols = nego->RequestedProtocols; settings->SelectedProtocol = nego->SelectedProtocol; settings->NegotiationFlags = nego->flags; if (nego->SelectedProtocol == PROTOCOL_RDP) { settings->UseRdpSecurityLayer = TRUE; if (!settings->EncryptionMethods) { /** * Advertise all supported encryption methods if the client * implementation did not set any security methods */ settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_56BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; } } /* finally connect security layer (if not already done) */ if (!nego_security_connect(nego)) { WLog_DBG(TAG, "Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->SelectedProtocol]); return FALSE; } if (!(nego->flags & DYNVC_GFX_PROTOCOL_SUPPORTED)) settings->NetworkAutoDetect = FALSE; return TRUE; }
BOOL nego_connect(rdpNego* nego) { if (nego->state == NEGO_STATE_INITIAL) { if (nego->enabled_protocols[PROTOCOL_EXT]) { nego->state = NEGO_STATE_EXT; } else if (nego->enabled_protocols[PROTOCOL_NLA]) { nego->state = NEGO_STATE_NLA; } else if (nego->enabled_protocols[PROTOCOL_TLS]) { nego->state = NEGO_STATE_TLS; } else if (nego->enabled_protocols[PROTOCOL_RDP]) { nego->state = NEGO_STATE_RDP; } else { DEBUG_NEGO("No security protocol is enabled"); nego->state = NEGO_STATE_FAIL; } if (!nego->NegotiateSecurityLayer_enabled) { DEBUG_NEGO("Security Layer Negotiation is disabled"); /* attempt only the highest enabled protocol (see nego_attempt_*) */ nego->enabled_protocols[PROTOCOL_NLA] = FALSE; nego->enabled_protocols[PROTOCOL_TLS] = FALSE; nego->enabled_protocols[PROTOCOL_RDP] = FALSE; nego->enabled_protocols[PROTOCOL_EXT] = FALSE; if (nego->state == NEGO_STATE_EXT) { nego->enabled_protocols[PROTOCOL_EXT] = TRUE; nego->enabled_protocols[PROTOCOL_NLA] = TRUE; nego->selected_protocol = PROTOCOL_EXT; } else if (nego->state == NEGO_STATE_NLA) { nego->enabled_protocols[PROTOCOL_NLA] = TRUE; nego->selected_protocol = PROTOCOL_NLA; } else if (nego->state == NEGO_STATE_TLS) { nego->enabled_protocols[PROTOCOL_TLS] = TRUE; nego->selected_protocol = PROTOCOL_TLS; } else if (nego->state == NEGO_STATE_RDP) { nego->enabled_protocols[PROTOCOL_RDP] = TRUE; nego->selected_protocol = PROTOCOL_RDP; } } if (!nego_send_preconnection_pdu(nego)) { DEBUG_NEGO("Failed to send preconnection pdu"); nego->state = NEGO_STATE_FINAL; return FALSE; } } do { DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]); nego_send(nego); if (nego->state == NEGO_STATE_FAIL) { DEBUG_NEGO("Protocol Security Negotiation Failure"); nego->state = NEGO_STATE_FINAL; return FALSE; } } while (nego->state != NEGO_STATE_FINAL); DEBUG_NEGO("Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]); /* update settings with negotiated protocol security */ nego->transport->settings->RequestedProtocols = nego->requested_protocols; nego->transport->settings->SelectedProtocol = nego->selected_protocol; nego->transport->settings->NegotiationFlags = nego->flags; if (nego->selected_protocol == PROTOCOL_RDP) { nego->transport->settings->DisableEncryption = TRUE; nego->transport->settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; nego->transport->settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; } /* finally connect security layer (if not already done) */ if (!nego_security_connect(nego)) { DEBUG_NEGO("Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]); return FALSE; } return TRUE; }
boolean nego_connect(rdpNego* nego) { if (nego->state == NEGO_STATE_INITIAL) { if (nego->enabled_protocols[PROTOCOL_NLA] > 0) nego->state = NEGO_STATE_NLA; else if (nego->enabled_protocols[PROTOCOL_TLS] > 0) nego->state = NEGO_STATE_TLS; else if (nego->enabled_protocols[PROTOCOL_RDP] > 0) nego->state = NEGO_STATE_RDP; else { DEBUG_NEGO("No security protocol is enabled"); nego->state = NEGO_STATE_FAIL; } if (!nego->security_layer_negotiation_enabled) { DEBUG_NEGO("Security Layer Negotiation is disabled"); nego->enabled_protocols[PROTOCOL_NLA] = 0; nego->enabled_protocols[PROTOCOL_TLS] = 0; nego->enabled_protocols[PROTOCOL_RDP] = 0; if(nego->state == NEGO_STATE_NLA) nego->enabled_protocols[PROTOCOL_NLA] = 1; else if (nego->state == NEGO_STATE_TLS) nego->enabled_protocols[PROTOCOL_TLS] = 1; else if (nego->state == NEGO_STATE_RDP) nego->enabled_protocols[PROTOCOL_RDP] = 1; } if(!nego_send_preconnection_pdu(nego)) { DEBUG_NEGO("Failed to send preconnection information"); nego->state = NEGO_STATE_FINAL; return false; } } do { DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]); nego_send(nego); if (nego->state == NEGO_STATE_FAIL) { DEBUG_NEGO("Protocol Security Negotiation Failure"); nego->state = NEGO_STATE_FINAL; return false; } } while (nego->state != NEGO_STATE_FINAL); DEBUG_NEGO("Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]); /* update settings with negotiated protocol security */ nego->transport->settings->requested_protocols = nego->requested_protocols; nego->transport->settings->selected_protocol = nego->selected_protocol; nego->transport->settings->negotiationFlags = nego->flags; if(nego->selected_protocol == PROTOCOL_RDP) { nego->transport->settings->encryption = true; nego->transport->settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS; nego->transport->settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE; } /* finally connect security layer (if not already done) */ if(!nego_security_connect(nego)) { DEBUG_NEGO("Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]); return false; } return true; }