2 * FreeRDP: A Remote Desktop Protocol Implementation
3 * RDP Protocol Security Negotiation
5 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
27 #include <winpr/crt.h>
33 #include "transport.h"
35 static const char* const NEGO_STATE_STRINGS[] =
46 static const char PROTOCOL_SECURITY_STRINGS[4][4] =
54 BOOL nego_security_connect(rdpNego* nego);
57 * Negotiate protocol security and connect.
62 BOOL nego_connect(rdpNego* nego)
64 if (nego->state == NEGO_STATE_INITIAL)
66 if (nego->enabled_protocols[PROTOCOL_EXT])
68 nego->state = NEGO_STATE_EXT;
70 else if (nego->enabled_protocols[PROTOCOL_NLA])
72 nego->state = NEGO_STATE_NLA;
74 else if (nego->enabled_protocols[PROTOCOL_TLS])
76 nego->state = NEGO_STATE_TLS;
78 else if (nego->enabled_protocols[PROTOCOL_RDP])
80 nego->state = NEGO_STATE_RDP;
84 DEBUG_NEGO("No security protocol is enabled");
85 nego->state = NEGO_STATE_FAIL;
88 if (!nego->NegotiateSecurityLayer)
90 DEBUG_NEGO("Security Layer Negotiation is disabled");
91 /* attempt only the highest enabled protocol (see nego_attempt_*) */
93 nego->enabled_protocols[PROTOCOL_NLA] = FALSE;
94 nego->enabled_protocols[PROTOCOL_TLS] = FALSE;
95 nego->enabled_protocols[PROTOCOL_RDP] = FALSE;
96 nego->enabled_protocols[PROTOCOL_EXT] = FALSE;
98 if (nego->state == NEGO_STATE_EXT)
100 nego->enabled_protocols[PROTOCOL_EXT] = TRUE;
101 nego->enabled_protocols[PROTOCOL_NLA] = TRUE;
102 nego->selected_protocol = PROTOCOL_EXT;
104 else if (nego->state == NEGO_STATE_NLA)
106 nego->enabled_protocols[PROTOCOL_NLA] = TRUE;
107 nego->selected_protocol = PROTOCOL_NLA;
109 else if (nego->state == NEGO_STATE_TLS)
111 nego->enabled_protocols[PROTOCOL_TLS] = TRUE;
112 nego->selected_protocol = PROTOCOL_TLS;
114 else if (nego->state == NEGO_STATE_RDP)
116 nego->enabled_protocols[PROTOCOL_RDP] = TRUE;
117 nego->selected_protocol = PROTOCOL_RDP;
121 if (!nego_send_preconnection_pdu(nego))
123 DEBUG_NEGO("Failed to send preconnection pdu");
124 nego->state = NEGO_STATE_FINAL;
131 DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]);
135 if (nego->state == NEGO_STATE_FAIL)
137 DEBUG_NEGO("Protocol Security Negotiation Failure");
138 nego->state = NEGO_STATE_FINAL;
142 while (nego->state != NEGO_STATE_FINAL);
144 DEBUG_NEGO("Negotiated %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]);
146 /* update settings with negotiated protocol security */
147 nego->transport->settings->RequestedProtocols = nego->requested_protocols;
148 nego->transport->settings->SelectedProtocol = nego->selected_protocol;
149 nego->transport->settings->NegotiationFlags = nego->flags;
151 if (nego->selected_protocol == PROTOCOL_RDP)
153 nego->transport->settings->DisableEncryption = TRUE;
154 nego->transport->settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
155 nego->transport->settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
158 /* finally connect security layer (if not already done) */
159 if (!nego_security_connect(nego))
161 DEBUG_NEGO("Failed to connect with %s security", PROTOCOL_SECURITY_STRINGS[nego->selected_protocol]);
168 /* connect to selected security layer */
169 BOOL nego_security_connect(rdpNego* nego)
171 if (!nego->tcp_connected)
173 nego->security_connected = FALSE;
175 else if (!nego->security_connected)
177 if (nego->selected_protocol == PROTOCOL_NLA)
179 DEBUG_NEGO("nego_security_connect with PROTOCOL_NLA");
180 nego->security_connected = transport_connect_nla(nego->transport);
182 else if (nego->selected_protocol == PROTOCOL_TLS)
184 DEBUG_NEGO("nego_security_connect with PROTOCOL_TLS");
185 nego->security_connected = transport_connect_tls(nego->transport);
187 else if (nego->selected_protocol == PROTOCOL_RDP)
189 DEBUG_NEGO("nego_security_connect with PROTOCOL_RDP");
190 nego->security_connected = transport_connect_rdp(nego->transport);
194 DEBUG_NEGO("cannot connect security layer because no protocol has been selected yet.");
198 return nego->security_connected;
207 BOOL nego_tcp_connect(rdpNego* nego)
209 if (!nego->tcp_connected)
210 nego->tcp_connected = transport_connect(nego->transport, nego->hostname, nego->port);
212 return nego->tcp_connected;
216 * Connect TCP layer. For direct approach, connect security layer as well.
221 BOOL nego_transport_connect(rdpNego* nego)
223 nego_tcp_connect(nego);
225 if (nego->tcp_connected && !nego->NegotiateSecurityLayer)
226 return nego_security_connect(nego);
228 return nego->tcp_connected;
232 * Disconnect TCP layer.
237 int nego_transport_disconnect(rdpNego* nego)
239 if (nego->tcp_connected)
240 transport_disconnect(nego->transport);
242 nego->tcp_connected = FALSE;
243 nego->security_connected = FALSE;
249 * Send preconnection information if enabled.
254 BOOL nego_send_preconnection_pdu(rdpNego* nego)
259 WCHAR* wszPCB = NULL;
261 if (!nego->send_preconnection_pdu)
264 DEBUG_NEGO("Sending preconnection PDU");
266 if (!nego_tcp_connect(nego))
269 /* it's easier to always send the version 2 PDU, and it's just 2 bytes overhead */
270 cbSize = PRECONNECTION_PDU_V2_MIN_SIZE;
272 if (nego->preconnection_blob)
274 cchPCB = (UINT16) ConvertToUnicode(CP_UTF8, 0, nego->preconnection_blob, -1, &wszPCB, 0);
275 cchPCB += 1; /* zero-termination */
276 cbSize += cchPCB * 2;
279 s = Stream_New(NULL, cbSize);
281 Stream_Write_UINT32(s, cbSize); /* cbSize */
282 Stream_Write_UINT32(s, 0); /* Flags */
283 Stream_Write_UINT32(s, PRECONNECTION_PDU_V2); /* Version */
284 Stream_Write_UINT32(s, nego->preconnection_id); /* Id */
285 Stream_Write_UINT16(s, cchPCB); /* cchPCB */
289 Stream_Write(s, wszPCB, cchPCB * 2); /* wszPCB */
293 Stream_SealLength(s);
295 if (transport_write(nego->transport, s) < 0)
297 Stream_Free(s, TRUE);
301 Stream_Free(s, TRUE);
307 * Attempt negotiating NLA + TLS extended security.
311 void nego_attempt_ext(rdpNego* nego)
313 nego->requested_protocols = PROTOCOL_NLA | PROTOCOL_TLS | PROTOCOL_EXT;
315 DEBUG_NEGO("Attempting NLA extended security");
317 if (!nego_transport_connect(nego))
319 nego->state = NEGO_STATE_FAIL;
323 if (!nego_send_negotiation_request(nego))
325 nego->state = NEGO_STATE_FAIL;
329 if (!nego_recv_response(nego))
331 nego->state = NEGO_STATE_FAIL;
335 DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]);
337 if (nego->state != NEGO_STATE_FINAL)
339 nego_transport_disconnect(nego);
341 if (nego->enabled_protocols[PROTOCOL_NLA])
342 nego->state = NEGO_STATE_NLA;
343 else if (nego->enabled_protocols[PROTOCOL_TLS])
344 nego->state = NEGO_STATE_TLS;
345 else if (nego->enabled_protocols[PROTOCOL_RDP])
346 nego->state = NEGO_STATE_RDP;
348 nego->state = NEGO_STATE_FAIL;
353 * Attempt negotiating NLA + TLS security.
357 void nego_attempt_nla(rdpNego* nego)
359 nego->requested_protocols = PROTOCOL_NLA | PROTOCOL_TLS;
361 DEBUG_NEGO("Attempting NLA security");
363 if (!nego_transport_connect(nego))
365 nego->state = NEGO_STATE_FAIL;
369 if (!nego_send_negotiation_request(nego))
371 nego->state = NEGO_STATE_FAIL;
375 if (!nego_recv_response(nego))
377 nego->state = NEGO_STATE_FAIL;
381 DEBUG_NEGO("state: %s", NEGO_STATE_STRINGS[nego->state]);
383 if (nego->state != NEGO_STATE_FINAL)
385 nego_transport_disconnect(nego);
387 if (nego->enabled_protocols[PROTOCOL_TLS])
388 nego->state = NEGO_STATE_TLS;
389 else if (nego->enabled_protocols[PROTOCOL_RDP])
390 nego->state = NEGO_STATE_RDP;
392 nego->state = NEGO_STATE_FAIL;
397 * Attempt negotiating TLS security.
401 void nego_attempt_tls(rdpNego* nego)
403 nego->requested_protocols = PROTOCOL_TLS;
405 DEBUG_NEGO("Attempting TLS security");
407 if (!nego_transport_connect(nego))
409 nego->state = NEGO_STATE_FAIL;
413 if (!nego_send_negotiation_request(nego))
415 nego->state = NEGO_STATE_FAIL;
419 if (!nego_recv_response(nego))
421 nego->state = NEGO_STATE_FAIL;
425 if (nego->state != NEGO_STATE_FINAL)
427 nego_transport_disconnect(nego);
429 if (nego->enabled_protocols[PROTOCOL_RDP])
430 nego->state = NEGO_STATE_RDP;
432 nego->state = NEGO_STATE_FAIL;
437 * Attempt negotiating standard RDP security.
441 void nego_attempt_rdp(rdpNego* nego)
443 nego->requested_protocols = PROTOCOL_RDP;
445 DEBUG_NEGO("Attempting RDP security");
447 if (!nego_transport_connect(nego))
449 nego->state = NEGO_STATE_FAIL;
453 if (!nego_send_negotiation_request(nego))
455 nego->state = NEGO_STATE_FAIL;
459 if (!nego_recv_response(nego))
461 nego->state = NEGO_STATE_FAIL;
467 * Wait to receive a negotiation response
471 BOOL nego_recv_response(rdpNego* nego)
476 s = Stream_New(NULL, 1024);
478 status = transport_read(nego->transport, s);
482 Stream_Free(s, TRUE);
486 status = nego_recv(nego->transport, s, nego);
488 Stream_Free(s, TRUE);
496 * Receive protocol security negotiation message.\n
498 * @param transport transport
500 * @param extra nego pointer
503 int nego_recv(rdpTransport* transport, wStream* s, void* extra)
508 rdpNego* nego = (rdpNego*) extra;
510 length = tpkt_read_header(s);
515 if (!tpdu_read_connection_confirm(s, &li))
520 /* rdpNegData (optional) */
522 Stream_Read_UINT8(s, type); /* Type */
526 case TYPE_RDP_NEG_RSP:
527 nego_process_negotiation_response(nego, s);
529 DEBUG_NEGO("selected_protocol: %d", nego->selected_protocol);
531 /* enhanced security selected ? */
533 if (nego->selected_protocol)
535 if ((nego->selected_protocol == PROTOCOL_NLA) &&
536 (!nego->enabled_protocols[PROTOCOL_NLA]))
538 nego->state = NEGO_STATE_FAIL;
540 if ((nego->selected_protocol == PROTOCOL_TLS) &&
541 (!nego->enabled_protocols[PROTOCOL_TLS]))
543 nego->state = NEGO_STATE_FAIL;
546 else if (!nego->enabled_protocols[PROTOCOL_RDP])
548 nego->state = NEGO_STATE_FAIL;
552 case TYPE_RDP_NEG_FAILURE:
553 nego_process_negotiation_failure(nego, s);
559 DEBUG_NEGO("no rdpNegData");
561 if (!nego->enabled_protocols[PROTOCOL_RDP])
562 nego->state = NEGO_STATE_FAIL;
564 nego->state = NEGO_STATE_FINAL;
568 fprintf(stderr, "invalid negotiation response\n");
569 nego->state = NEGO_STATE_FAIL;
576 * Read protocol security negotiation request message.\n
581 BOOL nego_read_request(rdpNego* nego, wStream* s)
589 if (!tpdu_read_connection_request(s, &li))
592 if (li != Stream_GetRemainingLength(s) + 6)
594 fprintf(stderr, "Incorrect TPDU length indicator.\n");
598 if (Stream_GetRemainingLength(s) > 8)
600 /* Optional routingToken or cookie, ending with CR+LF */
601 while (Stream_GetRemainingLength(s) > 0)
603 Stream_Read_UINT8(s, c);
608 Stream_Peek_UINT8(s, c);
613 Stream_Seek_UINT8(s);
618 if (Stream_GetRemainingLength(s) >= 8)
620 /* rdpNegData (optional) */
622 Stream_Read_UINT8(s, type); /* Type */
624 if (type != TYPE_RDP_NEG_REQ)
626 fprintf(stderr, "Incorrect negotiation request type %d\n", type);
630 nego_process_negotiation_request(nego, s);
637 * Send protocol security negotiation message.
641 void nego_send(rdpNego* nego)
643 if (nego->state == NEGO_STATE_EXT)
644 nego_attempt_ext(nego);
645 else if (nego->state == NEGO_STATE_NLA)
646 nego_attempt_nla(nego);
647 else if (nego->state == NEGO_STATE_TLS)
648 nego_attempt_tls(nego);
649 else if (nego->state == NEGO_STATE_RDP)
650 nego_attempt_rdp(nego);
652 DEBUG_NEGO("invalid negotiation state for sending");
656 * Send RDP Negotiation Request (RDP_NEG_REQ).\n
662 BOOL nego_send_negotiation_request(rdpNego* nego)
669 s = Stream_New(NULL, 512);
671 length = TPDU_CONNECTION_REQUEST_LENGTH;
672 bm = Stream_GetPosition(s);
673 Stream_Seek(s, length);
675 if (nego->RoutingToken)
677 Stream_Write(s, nego->RoutingToken, nego->RoutingTokenLength);
678 Stream_Write_UINT8(s, 0x0D); /* CR */
679 Stream_Write_UINT8(s, 0x0A); /* LF */
680 length += nego->RoutingTokenLength + 2;
682 else if (nego->cookie)
684 cookie_length = strlen(nego->cookie);
686 if (cookie_length > (int) nego->cookie_max_length)
687 cookie_length = nego->cookie_max_length;
689 Stream_Write(s, "Cookie: mstshash=", 17);
690 Stream_Write(s, (BYTE*) nego->cookie, cookie_length);
691 Stream_Write_UINT8(s, 0x0D); /* CR */
692 Stream_Write_UINT8(s, 0x0A); /* LF */
693 length += cookie_length + 19;
696 DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols);
698 if ((nego->requested_protocols > PROTOCOL_RDP) || (nego->sendNegoData))
700 /* RDP_NEG_DATA must be present for TLS and NLA */
701 Stream_Write_UINT8(s, TYPE_RDP_NEG_REQ);
702 Stream_Write_UINT8(s, 0); /* flags, must be set to zero */
703 Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
704 Stream_Write_UINT32(s, nego->requested_protocols); /* requestedProtocols */
708 em = Stream_GetPosition(s);
709 Stream_SetPosition(s, bm);
710 tpkt_write_header(s, length);
711 tpdu_write_connection_request(s, length - 5);
712 Stream_SetPosition(s, em);
714 Stream_SealLength(s);
716 if (transport_write(nego->transport, s) < 0)
718 Stream_Free(s, TRUE);
722 Stream_Free(s, TRUE);
728 * Process Negotiation Request from Connection Request message.
733 void nego_process_negotiation_request(rdpNego* nego, wStream* s)
738 DEBUG_NEGO("RDP_NEG_REQ");
740 Stream_Read_UINT8(s, flags);
741 Stream_Read_UINT16(s, length);
742 Stream_Read_UINT32(s, nego->requested_protocols);
744 DEBUG_NEGO("requested_protocols: %d", nego->requested_protocols);
746 nego->state = NEGO_STATE_FINAL;
750 * Process Negotiation Response from Connection Confirm message.
755 void nego_process_negotiation_response(rdpNego* nego, wStream* s)
759 DEBUG_NEGO("RDP_NEG_RSP");
761 if (Stream_GetRemainingLength(s) < 7)
763 DEBUG_NEGO("RDP_INVALID_NEG_RSP");
764 nego->state = NEGO_STATE_FAIL;
768 Stream_Read_UINT8(s, nego->flags);
769 Stream_Read_UINT16(s, length);
770 Stream_Read_UINT32(s, nego->selected_protocol);
772 nego->state = NEGO_STATE_FINAL;
776 * Process Negotiation Failure from Connection Confirm message.
781 void nego_process_negotiation_failure(rdpNego* nego, wStream* s)
787 DEBUG_NEGO("RDP_NEG_FAILURE");
789 Stream_Read_UINT8(s, flags);
790 Stream_Read_UINT16(s, length);
791 Stream_Read_UINT32(s, failureCode);
795 case SSL_REQUIRED_BY_SERVER:
796 DEBUG_NEGO("Error: SSL_REQUIRED_BY_SERVER");
799 case SSL_NOT_ALLOWED_BY_SERVER:
800 DEBUG_NEGO("Error: SSL_NOT_ALLOWED_BY_SERVER");
801 nego->sendNegoData = TRUE;
804 case SSL_CERT_NOT_ON_SERVER:
805 DEBUG_NEGO("Error: SSL_CERT_NOT_ON_SERVER");
806 nego->sendNegoData = TRUE;
809 case INCONSISTENT_FLAGS:
810 DEBUG_NEGO("Error: INCONSISTENT_FLAGS");
813 case HYBRID_REQUIRED_BY_SERVER:
814 DEBUG_NEGO("Error: HYBRID_REQUIRED_BY_SERVER");
818 DEBUG_NEGO("Error: Unknown protocol security error %d", failureCode);
822 nego->state = NEGO_STATE_FAIL;
826 * Send RDP Negotiation Response (RDP_NEG_RSP).\n
830 BOOL nego_send_negotiation_response(rdpNego* nego)
836 rdpSettings* settings;
839 settings = nego->transport->settings;
841 s = Stream_New(NULL, 512);
843 length = TPDU_CONNECTION_CONFIRM_LENGTH;
844 bm = Stream_GetPosition(s);
845 Stream_Seek(s, length);
847 if (nego->selected_protocol > PROTOCOL_RDP)
849 /* RDP_NEG_DATA must be present for TLS and NLA */
850 Stream_Write_UINT8(s, TYPE_RDP_NEG_RSP);
851 Stream_Write_UINT8(s, EXTENDED_CLIENT_DATA_SUPPORTED); /* flags */
852 Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
853 Stream_Write_UINT32(s, nego->selected_protocol); /* selectedProtocol */
856 else if (!settings->RdpSecurity)
858 Stream_Write_UINT8(s, TYPE_RDP_NEG_FAILURE);
859 Stream_Write_UINT8(s, 0); /* flags */
860 Stream_Write_UINT16(s, 8); /* RDP_NEG_DATA length (8) */
862 * TODO: Check for other possibilities,
863 * like SSL_NOT_ALLOWED_BY_SERVER.
865 fprintf(stderr, "nego_send_negotiation_response: client supports only Standard RDP Security\n");
866 Stream_Write_UINT32(s, SSL_REQUIRED_BY_SERVER);
871 em = Stream_GetPosition(s);
872 Stream_SetPosition(s, bm);
873 tpkt_write_header(s, length);
874 tpdu_write_connection_confirm(s, length - 5);
875 Stream_SetPosition(s, em);
877 Stream_SealLength(s);
879 if (transport_write(nego->transport, s) < 0)
881 Stream_Free(s, TRUE);
885 Stream_Free(s, TRUE);
889 /* update settings with negotiated protocol security */
890 settings->RequestedProtocols = nego->requested_protocols;
891 settings->SelectedProtocol = nego->selected_protocol;
893 if (settings->SelectedProtocol == PROTOCOL_RDP)
895 settings->TlsSecurity = FALSE;
896 settings->NlaSecurity = FALSE;
897 settings->RdpSecurity = TRUE;
899 if (!settings->LocalConnection)
901 settings->DisableEncryption = TRUE;
902 settings->EncryptionMethods = ENCRYPTION_METHOD_40BIT | ENCRYPTION_METHOD_128BIT | ENCRYPTION_METHOD_FIPS;
903 settings->EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
906 if (settings->DisableEncryption && settings->RdpServerRsaKey == NULL && settings->RdpKeyFile == NULL)
909 else if (settings->SelectedProtocol == PROTOCOL_TLS)
911 settings->TlsSecurity = TRUE;
912 settings->NlaSecurity = FALSE;
913 settings->RdpSecurity = FALSE;
914 settings->DisableEncryption = FALSE;
915 settings->EncryptionMethods = ENCRYPTION_METHOD_NONE;
916 settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
918 else if (settings->SelectedProtocol == PROTOCOL_NLA)
920 settings->TlsSecurity = TRUE;
921 settings->NlaSecurity = TRUE;
922 settings->RdpSecurity = FALSE;
923 settings->DisableEncryption = FALSE;
924 settings->EncryptionMethods = ENCRYPTION_METHOD_NONE;
925 settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
933 * Initialize NEGO state machine.
937 void nego_init(rdpNego* nego)
939 nego->state = NEGO_STATE_INITIAL;
940 nego->requested_protocols = PROTOCOL_RDP;
941 nego->transport->ReceiveCallback = nego_recv;
942 nego->transport->ReceiveExtra = (void*) nego;
943 nego->cookie_max_length = DEFAULT_COOKIE_MAX_LENGTH;
944 nego->sendNegoData = FALSE;
949 * Create a new NEGO state machine instance.
954 rdpNego* nego_new(struct rdp_transport * transport)
956 rdpNego* nego = (rdpNego*) malloc(sizeof(rdpNego));
960 ZeroMemory(nego, sizeof(rdpNego));
961 nego->transport = transport;
969 * Free NEGO state machine.
973 void nego_free(rdpNego* nego)
980 * Set target hostname and port.
986 void nego_set_target(rdpNego* nego, char* hostname, int port)
988 nego->hostname = hostname;
993 * Enable security layer negotiation.
994 * @param nego pointer to the negotiation structure
995 * @param enable_rdp whether to enable security layer negotiation (TRUE for enabled, FALSE for disabled)
998 void nego_set_negotiation_enabled(rdpNego* nego, BOOL NegotiateSecurityLayer)
1000 DEBUG_NEGO("Enabling security layer negotiation: %s", NegotiateSecurityLayer ? "TRUE" : "FALSE");
1001 nego->NegotiateSecurityLayer = NegotiateSecurityLayer;
1005 * Enable RDP security protocol.
1006 * @param nego pointer to the negotiation structure
1007 * @param enable_rdp whether to enable normal RDP protocol (TRUE for enabled, FALSE for disabled)
1010 void nego_enable_rdp(rdpNego* nego, BOOL enable_rdp)
1012 DEBUG_NEGO("Enabling RDP security: %s", enable_rdp ? "TRUE" : "FALSE");
1013 nego->enabled_protocols[PROTOCOL_RDP] = enable_rdp;
1017 * Enable TLS security protocol.
1018 * @param nego pointer to the negotiation structure
1019 * @param enable_tls whether to enable TLS + RDP protocol (TRUE for enabled, FALSE for disabled)
1021 void nego_enable_tls(rdpNego* nego, BOOL enable_tls)
1023 DEBUG_NEGO("Enabling TLS security: %s", enable_tls ? "TRUE" : "FALSE");
1024 nego->enabled_protocols[PROTOCOL_TLS] = enable_tls;
1029 * Enable NLA security protocol.
1030 * @param nego pointer to the negotiation structure
1031 * @param enable_nla whether to enable network level authentication protocol (TRUE for enabled, FALSE for disabled)
1034 void nego_enable_nla(rdpNego* nego, BOOL enable_nla)
1036 DEBUG_NEGO("Enabling NLA security: %s", enable_nla ? "TRUE" : "FALSE");
1037 nego->enabled_protocols[PROTOCOL_NLA] = enable_nla;
1041 * Enable NLA extended security protocol.
1042 * @param nego pointer to the negotiation structure
1043 * @param enable_ext whether to enable network level authentication extended protocol (TRUE for enabled, FALSE for disabled)
1046 void nego_enable_ext(rdpNego* nego, BOOL enable_ext)
1048 DEBUG_NEGO("Enabling NLA extended security: %s", enable_ext ? "TRUE" : "FALSE");
1049 nego->enabled_protocols[PROTOCOL_EXT] = enable_ext;
1053 * Set routing token.
1055 * @param RoutingToken
1056 * @param RoutingTokenLength
1059 void nego_set_routing_token(rdpNego* nego, BYTE* RoutingToken, DWORD RoutingTokenLength)
1061 nego->RoutingToken = RoutingToken;
1062 nego->RoutingTokenLength = RoutingTokenLength;
1071 void nego_set_cookie(rdpNego* nego, char* cookie)
1076 nego->cookie = _strdup(cookie);
1080 * Set cookie maximum length
1082 * @param cookie_max_length
1085 void nego_set_cookie_max_length(rdpNego* nego, UINT32 cookie_max_length)
1087 nego->cookie_max_length = cookie_max_length;
1091 * Enable / disable preconnection PDU.
1096 void nego_set_send_preconnection_pdu(rdpNego* nego, BOOL send_pcpdu)
1098 nego->send_preconnection_pdu = send_pcpdu;
1102 * Set preconnection id.
1107 void nego_set_preconnection_id(rdpNego* nego, UINT32 id)
1109 nego->preconnection_id = id;
1113 * Set preconnection blob.
1118 void nego_set_preconnection_blob(rdpNego* nego, char* blob)
1120 nego->preconnection_blob = blob;