BOOL nego_connect(rdpNego* nego)
{
if (nego->state == NEGO_STATE_INITIAL)
{
if (nego->enabled_protocols[PROTOCOL_EXT])
{
nego->state = NEGO_STATE_EXT;
}
else if (nego->enabled_protocols[PROTOCOL_NLA])
{
nego->state = NEGO_STATE_NLA;
}
else if (nego->enabled_protocols[PROTOCOL_TLS])
{
nego->state = NEGO_STATE_TLS;
}
else if (nego->enabled_protocols[PROTOCOL_RDP])
{
nego->state = NEGO_STATE_RDP;
}
else
{
DEBUG_NEGO("No security protocol is enabled");
nego->state = NEGO_STATE_FAIL;
}
if (!nego->NegotiateSecurityLayer_enabled)
{
DEBUG_NEGO("Security Layer Negotiation is disabled");
/* attempt only the highest enabled protocol (see nego_attempt_*) */
nego->enabled_protocols[PROTOCOL_NLA] = FALSE;
nego->enabled_protocols[PROTOCOL_TLS] = FALSE;
nego->enabled_protocols[PROTOCOL_RDP] = FALSE;
nego->enabled_protocols[PROTOCOL_EXT] = FALSE;
if (nego->state == NEGO_STATE_EXT)
{
nego->enabled_protocols[PROTOCOL_EXT] = TRUE;
nego->enabled_protocols[PROTOCOL_NLA] = TRUE;
nego->selected_protocol = PROTOCOL_EXT;
}
else if (nego->state == NEGO_STATE_NLA)
{
nego->enabled_protocols[PROTOCOL_NLA] = TRUE;
nego->selected_protocol = PROTOCOL_NLA;
}
else if (nego->state == NEGO_STATE_TLS)
{
nego->enabled_protocols[PROTOCOL_TLS] = TRUE;
nego->selected_protocol = PROTOCOL_TLS;
}
else if (nego->state == NEGO_STATE_RDP)
{
nego->enabled_protocols[PROTOCOL_RDP] = TRUE;
nego->selected_protocol = PROTOCOL_RDP;
}
}
if (!nego_send_preconnection_pdu(nego))
{
DEBUG_NEGO("Failed to send preconnection pdu");
nego->state = NEGO_STATE_FINAL;
return FALSE;
}
}
do
{
DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]);
nego_send(nego);
if (nego->state == NEGO_STATE_FAIL)
{
DEBUG_NEGO("Protocol Security Negotiation Failure");
nego->state = NEGO_STATE_FINAL;
return FALSE;
}
}
while (nego->state != NEGO_STATE_FINAL);
DEBUG_NEGO("Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]);
/* update settings with negotiated protocol security */
nego->transport->settings->RequestedProtocols = nego->requested_protocols;
nego->transport->settings->SelectedProtocol = nego->selected_protocol;
nego->transport->settings->NegotiationFlags = nego->flags;
if (nego->selected_protocol == PROTOCOL_RDP)
{
nego->transport->settings->DisableEncryption = TRUE;
nego->transport->settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
nego->transport->settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
}
/* finally connect security layer (if not already done) */
if (!nego_security_connect(nego))
{
DEBUG_NEGO("Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]);
return FALSE;
}
return TRUE;
}
BOOL nego_connect(rdpNego* nego)
{
rdpSettings* settings = nego->transport->settings;
if (nego->state == NEGO_STATE_INITIAL)
{
if (nego->EnabledProtocols[PROTOCOL_EXT])
{
nego->state = NEGO_STATE_EXT;
}
else if (nego->EnabledProtocols[PROTOCOL_NLA])
{
nego->state = NEGO_STATE_NLA;
}
else if (nego->EnabledProtocols[PROTOCOL_TLS])
{
nego->state = NEGO_STATE_TLS;
}
else if (nego->EnabledProtocols[PROTOCOL_RDP])
{
nego->state = NEGO_STATE_RDP;
}
else
{
WLog_ERR(TAG, "No security protocol is enabled");
nego->state = NEGO_STATE_FAIL;
return FALSE;
}
if (!nego->NegotiateSecurityLayer)
{
WLog_DBG(TAG, "Security Layer Negotiation is disabled");
/* attempt only the highest enabled protocol (see nego_attempt_*) */
nego->EnabledProtocols[PROTOCOL_NLA] = FALSE;
nego->EnabledProtocols[PROTOCOL_TLS] = FALSE;
nego->EnabledProtocols[PROTOCOL_RDP] = FALSE;
nego->EnabledProtocols[PROTOCOL_EXT] = FALSE;
if (nego->state == NEGO_STATE_EXT)
{
nego->EnabledProtocols[PROTOCOL_EXT] = TRUE;
nego->EnabledProtocols[PROTOCOL_NLA] = TRUE;
nego->SelectedProtocol = PROTOCOL_EXT;
}
else if (nego->state == NEGO_STATE_NLA)
{
nego->EnabledProtocols[PROTOCOL_NLA] = TRUE;
nego->SelectedProtocol = PROTOCOL_NLA;
}
else if (nego->state == NEGO_STATE_TLS)
{
nego->EnabledProtocols[PROTOCOL_TLS] = TRUE;
nego->SelectedProtocol = PROTOCOL_TLS;
}
else if (nego->state == NEGO_STATE_RDP)
{
nego->EnabledProtocols[PROTOCOL_RDP] = TRUE;
nego->SelectedProtocol = PROTOCOL_RDP;
}
}
if (nego->SendPreconnectionPdu)
{
if (!nego_send_preconnection_pdu(nego))
{
WLog_ERR(TAG, "Failed to send preconnection pdu");
nego->state = NEGO_STATE_FINAL;
return FALSE;
}
}
}
do
{
WLog_DBG(TAG, "state: %s", NEGO_STATE_STRINGS[nego->state]);
nego_send(nego);
if (nego->state == NEGO_STATE_FAIL)
{
WLog_ERR(TAG, "Protocol Security Negotiation Failure");
nego->state = NEGO_STATE_FINAL;
return FALSE;
}
}
while (nego->state != NEGO_STATE_FINAL);
WLog_DBG(TAG, "Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->SelectedProtocol]);
/* update settings with negotiated protocol security */
settings->RequestedProtocols = nego->RequestedProtocols;
settings->SelectedProtocol = nego->SelectedProtocol;
settings->NegotiationFlags = nego->flags;
if (nego->SelectedProtocol == PROTOCOL_RDP)
{
settings->UseRdpSecurityLayer = TRUE;
if (!settings->EncryptionMethods)
{
/**
* Advertise all supported encryption methods if the client
* implementation did not set any security methods
*/
settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_56BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
}
}
/* finally connect security layer (if not already done) */
if (!nego_security_connect(nego))
{
WLog_DBG(TAG, "Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->SelectedProtocol]);
return FALSE;
}
if (!(nego->flags & DYNVC_GFX_PROTOCOL_SUPPORTED))
settings->NetworkAutoDetect = FALSE;
return TRUE;
}
boolean nego_connect(rdpNego* nego)
{
if (nego->state == NEGO_STATE_INITIAL)
{
if (nego->enabled_protocols[PROTOCOL_NLA] > 0)
nego->state = NEGO_STATE_NLA;
else if (nego->enabled_protocols[PROTOCOL_TLS] > 0)
nego->state = NEGO_STATE_TLS;
else if (nego->enabled_protocols[PROTOCOL_RDP] > 0)
nego->state = NEGO_STATE_RDP;
else
{
DEBUG_NEGO("No security protocol is enabled");
nego->state = NEGO_STATE_FAIL;
}
if (!nego->security_layer_negotiation_enabled)
{
DEBUG_NEGO("Security Layer Negotiation is disabled");
nego->enabled_protocols[PROTOCOL_NLA] = 0;
nego->enabled_protocols[PROTOCOL_TLS] = 0;
nego->enabled_protocols[PROTOCOL_RDP] = 0;
if(nego->state == NEGO_STATE_NLA)
nego->enabled_protocols[PROTOCOL_NLA] = 1;
else if (nego->state == NEGO_STATE_TLS)
nego->enabled_protocols[PROTOCOL_TLS] = 1;
else if (nego->state == NEGO_STATE_RDP)
nego->enabled_protocols[PROTOCOL_RDP] = 1;
}
if(!nego_send_preconnection_pdu(nego))
{
DEBUG_NEGO("Failed to send preconnection information");
nego->state = NEGO_STATE_FINAL;
return false;
}
}
do
{
DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]);
nego_send(nego);
if (nego->state == NEGO_STATE_FAIL)
{
DEBUG_NEGO("Protocol Security Negotiation Failure");
nego->state = NEGO_STATE_FINAL;
return false;
}
}
while (nego->state != NEGO_STATE_FINAL);
DEBUG_NEGO("Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]);
/* update settings with negotiated protocol security */
nego->transport->settings->requested_protocols = nego->requested_protocols;
nego->transport->settings->selected_protocol = nego->selected_protocol;
nego->transport->settings->negotiationFlags = nego->flags;
if(nego->selected_protocol == PROTOCOL_RDP)
{
nego->transport->settings->encryption = true;
nego->transport->settings->encryption_method = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
nego->transport->settings->encryption_level = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
}
/* finally connect security layer (if not already done) */
if(!nego_security_connect(nego))
{
DEBUG_NEGO("Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]);
return false;
}
return true;
}