/* connect to selected security layer */
BOOL nego_security_connect(rdpNego* nego)
{
if (!nego->tcp_connected)
{
nego->security_connected = FALSE;
}
else if (!nego->security_connected)
{
if (nego->selected_protocol == PROTOCOL_NLA)
{
DEBUG_NEGO("nego_security_connect with PROTOCOL_NLA");
nego->security_connected = transport_connect_nla(nego->transport);
}
else if (nego->selected_protocol == PROTOCOL_TLS)
{
DEBUG_NEGO("nego_security_connect with PROTOCOL_TLS");
nego->security_connected = transport_connect_tls(nego->transport);
}
else if (nego->selected_protocol == PROTOCOL_RDP)
{
DEBUG_NEGO("nego_security_connect with PROTOCOL_RDP");
nego->security_connected = transport_connect_rdp(nego->transport);
}
else
{
DEBUG_NEGO("cannot connect security layer because no protocol has been selected yet.");
}
}
return nego->security_connected;
}
/* connect to selected security layer */
BOOL nego_security_connect(rdpNego* nego)
{
if (!nego->TcpConnected)
{
nego->SecurityConnected = FALSE;
}
else if (!nego->SecurityConnected)
{
if (nego->SelectedProtocol == PROTOCOL_NLA)
{
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_NLA");
nego->SecurityConnected = transport_connect_nla(nego->transport);
}
else if (nego->SelectedProtocol == PROTOCOL_TLS)
{
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_TLS");
nego->SecurityConnected = transport_connect_tls(nego->transport);
}
else if (nego->SelectedProtocol == PROTOCOL_RDP)
{
WLog_DBG(TAG, "nego_security_connect with PROTOCOL_RDP");
nego->SecurityConnected = transport_connect_rdp(nego->transport);
}
else
{
WLog_ERR(TAG, "cannot connect security layer because no protocol has been selected yet.");
}
}
return nego->SecurityConnected;
}
BOOL transport_connect_nla(rdpTransport* transport)
{
freerdp* instance;
rdpSettings* settings;
rdpCredssp* credSsp;
settings = transport->settings;
instance = (freerdp*) settings->instance;
if (!transport_connect_tls(transport))
return FALSE;
/* Network Level Authentication */
if (!settings->Authentication)
return TRUE;
if (!transport->credssp)
{
transport->credssp = credssp_new(instance, transport, settings);
if (!transport->credssp)
return FALSE;
transport_set_nla_mode(transport, TRUE);
if (settings->AuthenticationServiceClass)
{
transport->credssp->ServicePrincipalName =
credssp_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname);
if (!transport->credssp->ServicePrincipalName)
return FALSE;
}
}
credSsp = transport->credssp;
if (credssp_authenticate(credSsp) < 0)
{
if (!connectErrorCode)
connectErrorCode = AUTHENTICATIONERROR;
if (!freerdp_get_last_error(instance->context))
{
freerdp_set_last_error(instance->context, FREERDP_ERROR_AUTHENTICATION_FAILED);
}
WLog_ERR(TAG, "Authentication failure, check credentials."
"If credentials are valid, the NTLMSSP implementation may be to blame.");
transport_set_nla_mode(transport, FALSE);
credssp_free(credSsp);
transport->credssp = NULL;
return FALSE;
}
transport_set_nla_mode(transport, FALSE);
credssp_free(credSsp);
transport->credssp = NULL;
return TRUE;
}
boolean rdp_client_connect(rdpRdp* rdp)
{
boolean status;
uint32 selectedProtocol;
rdpSettings* settings = rdp->settings;
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->hostname, settings->port);
nego_set_cookie(rdp->nego, settings->username);
nego_enable_rdp(rdp->nego, settings->rdp_security);
if(!rdp->settings->tsg)
{
nego_enable_nla(rdp->nego, settings->nla_security);
nego_enable_tls(rdp->nego, settings->tls_security);
}
if (nego_connect(rdp->nego) != true)
{
printf("Error: protocol security negotiation failure\n");
return false;
}
selectedProtocol = rdp->nego->selected_protocol;
if ((selectedProtocol & PROTOCOL_TLS) || (selectedProtocol == PROTOCOL_RDP))
{
if ((settings->username != NULL) && ((settings->password != NULL) || (settings->password_cookie != NULL && settings->password_cookie->length > 0)))
settings->autologon = true;
}
status = false;
if (selectedProtocol & PROTOCOL_NLA)
status = transport_connect_nla(rdp->transport);
else if (selectedProtocol & PROTOCOL_TLS)
status = transport_connect_tls(rdp->transport);
else if (selectedProtocol == PROTOCOL_RDP) /* 0 */
status = transport_connect_rdp(rdp->transport);
if (status != true)
return false;
rdp_set_blocking_mode(rdp, false);
rdp->state = CONNECTION_STATE_NEGO;
rdp->finalize_sc_pdus = 0;
if (mcs_send_connect_initial(rdp->mcs) != true)
{
printf("Error: unable to send MCS Connect Initial\n");
return false;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
return false;
}
return true;
}
boolean rdp_client_connect(rdpRdp* rdp)
{
boolean status;
rdp->settings->autologon = 1;
nego_init(rdp->nego);
nego_set_target(rdp->nego, rdp->settings->hostname, rdp->settings->port);
nego_set_cookie(rdp->nego, rdp->settings->username);
nego_enable_rdp(rdp->nego, rdp->settings->rdp_security);
nego_enable_nla(rdp->nego, rdp->settings->nla_security);
nego_enable_tls(rdp->nego, rdp->settings->tls_security);
if (nego_connect(rdp->nego) != True)
{
printf("Error: protocol security negotiation failure\n");
return False;
}
status = False;
if (rdp->nego->selected_protocol & PROTOCOL_NLA)
status = transport_connect_nla(rdp->transport);
else if (rdp->nego->selected_protocol & PROTOCOL_TLS)
status = transport_connect_tls(rdp->transport);
else if (rdp->nego->selected_protocol == PROTOCOL_RDP) /* 0 */
status = transport_connect_rdp(rdp->transport);
if (status != True)
return False;
rdp_set_blocking_mode(rdp, False);
rdp->state = CONNECTION_STATE_NEGO;
if (mcs_send_connect_initial(rdp->mcs) != True)
{
printf("Error: unable to send MCS Connect Initial\n");
return False;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
return False;
}
return True;
}
/* connect to selected security layer */
boolean nego_security_connect(rdpNego* nego)
{
if(!nego->tcp_connected)
{
nego->security_connected = false;
}
else if (!nego->security_connected)
{
if (nego->enabled_protocols[PROTOCOL_NLA] > 0)
nego->security_connected = transport_connect_nla(nego->transport);
else if (nego->enabled_protocols[PROTOCOL_TLS] > 0)
nego->security_connected = transport_connect_tls(nego->transport);
else if (nego->enabled_protocols[PROTOCOL_RDP] > 0)
nego->security_connected = transport_connect_rdp(nego->transport);
}
return nego->security_connected;
}
BOOL transport_connect_nla(rdpTransport* transport)
{
freerdp* instance;
rdpSettings* settings;
settings = transport->settings;
instance = (freerdp*) settings->instance;
if (!transport_connect_tls(transport))
return FALSE;
/* Network Level Authentication */
if (!settings->Authentication)
return TRUE;
if (!transport->credssp)
{
transport->credssp = credssp_new(instance, transport, settings);
if (settings->AuthenticationServiceClass)
{
transport->credssp->ServicePrincipalName =
credssp_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname);
}
}
if (credssp_authenticate(transport->credssp) < 0)
{
if (!connectErrorCode)
connectErrorCode = AUTHENTICATIONERROR;
fprintf(stderr, "Authentication failure, check credentials.\n"
"If credentials are valid, the NTLMSSP implementation may be to blame.\n");
credssp_free(transport->credssp);
transport->credssp = NULL;
return FALSE;
}
credssp_free(transport->credssp);
transport->credssp = NULL;
return TRUE;
}
boolean rdp_client_connect(rdpRdp* rdp)
{
rdp->settings->autologon = 1;
nego_init(rdp->nego);
nego_set_target(rdp->nego, rdp->settings->hostname, 3389);
nego_set_cookie(rdp->nego, rdp->settings->username);
nego_enable_rdp(rdp->nego, rdp->settings->rdp_security);
nego_enable_nla(rdp->nego, rdp->settings->nla_security);
nego_enable_tls(rdp->nego, rdp->settings->tls_security);
if (nego_connect(rdp->nego) != True)
{
printf("Error: protocol security negotiation failure\n");
return False;
}
if (rdp->nego->selected_protocol & PROTOCOL_NLA)
transport_connect_nla(rdp->transport);
else if (rdp->nego->selected_protocol & PROTOCOL_TLS)
transport_connect_tls(rdp->transport);
else if (rdp->nego->selected_protocol & PROTOCOL_RDP)
transport_connect_rdp(rdp->transport);
if (mcs_connect(rdp->mcs) != True)
{
printf("Error: Multipoint Connection Service (MCS) connection failure\n");
return False;
}
rdp_send_client_info(rdp);
if (license_connect(rdp->license) != True)
{
printf("Error: license connection sequence failure\n");
return False;
}
rdp->licensed = True;
rdp_client_activate(rdp);
rdp_set_blocking_mode(rdp, False);
return True;
}
BOOL transport_connect_nla(rdpTransport* transport)
{
rdpContext* context = transport->context;
rdpSettings* settings = context->settings;
freerdp* instance = context->instance;
rdpRdp* rdp = context->rdp;
if (!transport_connect_tls(transport))
return FALSE;
if (!settings->Authentication)
return TRUE;
rdp->nla = nla_new(instance, transport, settings);
if (!rdp->nla)
return FALSE;
transport_set_nla_mode(transport, TRUE);
if (settings->AuthenticationServiceClass)
{
rdp->nla->ServicePrincipalName =
nla_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname);
if (!rdp->nla->ServicePrincipalName)
return FALSE;
}
if (nla_client_begin(rdp->nla) < 0)
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
transport_set_nla_mode(transport, FALSE);
return FALSE;
}
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NLA);
return TRUE;
}
BOOL transport_connect_nla(rdpTransport* transport)
{
freerdp* instance;
rdpSettings* settings;
if (transport->layer == TRANSPORT_LAYER_TSG)
return TRUE;
if (!transport_connect_tls(transport))
return FALSE;
/* Network Level Authentication */
if (transport->settings->Authentication != TRUE)
return TRUE;
settings = transport->settings;
instance = (freerdp*) settings->instance;
if (transport->credssp == NULL)
transport->credssp = credssp_new(instance, transport, settings);
if (credssp_authenticate(transport->credssp) < 0)
{
if (!connectErrorCode)
connectErrorCode = AUTHENTICATIONERROR;
fprintf(stderr, "Authentication failure, check credentials.\n"
"If credentials are valid, the NTLMSSP implementation may be to blame.\n");
credssp_free(transport->credssp);
transport->credssp = NULL;
return FALSE;
}
credssp_free(transport->credssp);
return TRUE;
}
tbool rdp_client_connect(rdpRdp* rdp)
{
tbool status;
uint32 selectedProtocol;
rdpSettings* settings = rdp->settings;
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->hostname, settings->port);
nego_set_cookie(rdp->nego, settings->username);
nego_enable_rdp(rdp->nego, settings->rdp_security);
nego_enable_nla(rdp->nego, settings->nla_security);
nego_enable_tls(rdp->nego, settings->tls_security);
if (nego_connect(rdp->nego) == false)
{
printf("Error: protocol security negotiation failure\n");
return false;
}
selectedProtocol = rdp->nego->selected_protocol;
if ((selectedProtocol & PROTOCOL_TLS) || (selectedProtocol == PROTOCOL_RDP))
{
if ((settings->username != NULL) && ((settings->password != NULL) || (settings->password_cookie != NULL && settings->password_cookie->length > 0)))
settings->autologon = true;
}
status = false;
if (selectedProtocol & PROTOCOL_NLA)
{
status = transport_connect_nla(rdp->transport);
}
else if (selectedProtocol & PROTOCOL_TLS)
{
status = transport_connect_tls(rdp->transport);
}
else if (selectedProtocol == PROTOCOL_RDP) /* 0 */
{
status = transport_connect_rdp(rdp->transport);
}
if (status == false)
{
return false;
}
rdp_set_blocking_mode(rdp, false);
rdp->state = CONNECTION_STATE_NEGO;
rdp->finalize_sc_pdus = 0;
LLOGLN(10, ("rdp_client_connect: calling mcs_send_connect_initial"));
//freerdp_usleep(1000 * 1000 * 10);
if (mcs_send_connect_initial(rdp->mcs) == false)
{
printf("Error: unable to send MCS Connect Initial\n");
return false;
}
//freerdp_usleep(1000 * 1000 * 10);
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
/* TODO: don't use sleep here */
freerdp_usleep(1000 * 100);
if (rdp_check_fds(rdp) < 0)
{
LLOGLN(0, ("rdp_client_connect: error rdp_check_fds failed"));
return false;
}
}
return true;
}
