BOOL transport_connect_nla(rdpTransport* transport) { freerdp* instance; rdpSettings* settings; rdpCredssp* credSsp; settings = transport->settings; instance = (freerdp*) settings->instance; if (!transport_connect_tls(transport)) return FALSE; /* Network Level Authentication */ if (!settings->Authentication) return TRUE; if (!transport->credssp) { transport->credssp = credssp_new(instance, transport, settings); if (!transport->credssp) return FALSE; transport_set_nla_mode(transport, TRUE); if (settings->AuthenticationServiceClass) { transport->credssp->ServicePrincipalName = credssp_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname); if (!transport->credssp->ServicePrincipalName) return FALSE; } } credSsp = transport->credssp; if (credssp_authenticate(credSsp) < 0) { if (!connectErrorCode) connectErrorCode = AUTHENTICATIONERROR; if (!freerdp_get_last_error(instance->context)) { freerdp_set_last_error(instance->context, FREERDP_ERROR_AUTHENTICATION_FAILED); } WLog_ERR(TAG, "Authentication failure, check credentials." "If credentials are valid, the NTLMSSP implementation may be to blame."); transport_set_nla_mode(transport, FALSE); credssp_free(credSsp); transport->credssp = NULL; return FALSE; } transport_set_nla_mode(transport, FALSE); credssp_free(credSsp); transport->credssp = NULL; return TRUE; }
BOOL transport_accept_nla(rdpTransport* transport) { freerdp* instance; rdpSettings* settings; settings = transport->settings; instance = (freerdp*) settings->instance; if (!transport->TlsIn) transport->TlsIn = tls_new(transport->settings); if (!transport->TlsOut) transport->TlsOut = transport->TlsIn; transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->TlsIn, transport->TcpIn->bufferedBio, settings->CertificateFile, settings->PrivateKeyFile)) return FALSE; transport->frontBio = transport->TlsIn->bio; /* Network Level Authentication */ if (!settings->Authentication) return TRUE; if (!transport->credssp) { transport->credssp = credssp_new(instance, transport, settings); transport_set_nla_mode(transport, TRUE); } if (credssp_authenticate(transport->credssp) < 0) { fprintf(stderr, "client authentication failure\n"); transport_set_nla_mode(transport, FALSE); credssp_free(transport->credssp); transport->credssp = NULL; tls_set_alert_code(transport->TlsIn, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DESCRIPTION_ACCESS_DENIED); return FALSE; } /* don't free credssp module yet, we need to copy the credentials from it first */ transport_set_nla_mode(transport, FALSE); return TRUE; }
BOOL transport_connect_nla(rdpTransport* transport) { rdpContext* context = transport->context; rdpSettings* settings = context->settings; freerdp* instance = context->instance; rdpRdp* rdp = context->rdp; if (!transport_connect_tls(transport)) return FALSE; if (!settings->Authentication) return TRUE; rdp->nla = nla_new(instance, transport, settings); if (!rdp->nla) return FALSE; transport_set_nla_mode(transport, TRUE); if (settings->AuthenticationServiceClass) { rdp->nla->ServicePrincipalName = nla_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname); if (!rdp->nla->ServicePrincipalName) return FALSE; } if (nla_client_begin(rdp->nla) < 0) { if (!freerdp_get_last_error(context)) freerdp_set_last_error(context, FREERDP_ERROR_AUTHENTICATION_FAILED); transport_set_nla_mode(transport, FALSE); return FALSE; } rdp_client_transition_to_state(rdp, CONNECTION_STATE_NLA); return TRUE; }
BOOL transport_accept_nla(rdpTransport* transport) { rdpSettings* settings = transport->settings; freerdp* instance = (freerdp*) settings->instance; if (!transport->tls) transport->tls = tls_new(transport->settings); transport->layer = TRANSPORT_LAYER_TLS; if (!tls_accept(transport->tls, transport->frontBio, settings)) return FALSE; transport->frontBio = transport->tls->bio; /* Network Level Authentication */ if (!settings->Authentication) return TRUE; if (!transport->nla) { transport->nla = nla_new(instance, transport, settings); transport_set_nla_mode(transport, TRUE); } if (nla_authenticate(transport->nla) < 0) { WLog_Print(transport->log, WLOG_ERROR, "client authentication failure"); transport_set_nla_mode(transport, FALSE); nla_free(transport->nla); transport->nla = NULL; tls_set_alert_code(transport->tls, TLS_ALERT_LEVEL_FATAL, TLS_ALERT_DESCRIPTION_ACCESS_DENIED); tls_send_alert(transport->tls); return FALSE; } /* don't free nla module yet, we need to copy the credentials from it first */ transport_set_nla_mode(transport, FALSE); return TRUE; }