BOOL transport_accept_nla(rdpTransport* transport) { freerdp* instance; rdpSettings* settings; settings = transport->settings; instance = (freerdp*) settings->instance; if (!transport->TlsIn) transport->TlsIn = tls_new(transport->settings); if (!transport->TlsOut) transport->TlsOut = transport->TlsIn; transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->TlsIn, transport->TcpIn->bufferedBio, settings->CertificateFile, settings->PrivateKeyFile)) return FALSE; transport->frontBio = transport->TlsIn->bio; /* Network Level Authentication */ if (!settings->Authentication) return TRUE; if (!transport->credssp) { transport->credssp = credssp_new(instance, transport, settings); transport_set_nla_mode(transport, TRUE); } if (credssp_authenticate(transport->credssp) < 0) { fprintf(stderr, "client authentication failure\n"); transport_set_nla_mode(transport, FALSE); credssp_free(transport->credssp); transport->credssp = NULL; tls_set_alert_code(transport->TlsIn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DESCRIPTION_ACCESS_DENIED); return FALSE; } /* don't free credssp module yet, we need to copy the credentials from it first */ transport_set_nla_mode(transport, FALSE); return TRUE; }
BOOL transport_accept_nla(rdpTransport* transport) { rdpSettings* settings = transport->settings; freerdp* instance = (freerdp*) settings->instance; if (!transport->tls) transport->tls = tls_new(transport->settings); transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->tls, transport->frontBio, settings)) return FALSE; transport->frontBio = transport->tls->bio; /* Network Level Authentication */ if (!settings->Authentication) return TRUE; if (!transport->nla) { transport->nla = nla_new(instance, transport, settings); transport_set_nla_mode(transport, TRUE); } if (nla_authenticate(transport->nla) < 0) { WLog_Print(transport->log, WLOG_ERROR, "client authentication failure"); transport_set_nla_mode(transport, FALSE); nla_free(transport->nla); transport->nla = NULL; tls_set_alert_code(transport->tls, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DESCRIPTION_ACCESS_DENIED); tls_send_alert(transport->tls); return FALSE; } /* don't free nla module yet, we need to copy the credentials from it first */ transport_set_nla_mode(transport, FALSE); return TRUE; }