From 8110c391bf294bd3fa36b37b3f4539d55925501d Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Tue, 20 Nov 2018 17:27:47 +0100 Subject: [PATCH] Fixed requested protocol define names according to spec. --- libfreerdp/core/connection.c | 22 +++++++-------- libfreerdp/core/nego.c | 64 ++++++++++++++++++++++---------------------- libfreerdp/core/nego.h | 14 +++++----- libfreerdp/core/peer.c | 6 ++--- libfreerdp/core/rdp.c | 2 +- 5 files changed, 55 insertions(+), 53 deletions(-) diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 9cb250e..3870b5e 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -309,7 +309,7 @@ BOOL rdp_client_connect(rdpRdp* rdp) SelectedProtocol = nego_get_selected_protocol(rdp->nego); - if ((SelectedProtocol & PROTOCOL_TLS) || (SelectedProtocol == PROTOCOL_RDP)) + if ((SelectedProtocol & PROTOCOL_SSL) || (SelectedProtocol == PROTOCOL_RDP)) { if ((settings->Username != NULL) && ((settings->Password != NULL) || (settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0))) @@ -1184,20 +1184,20 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s) RequestedProtocols = nego_get_requested_protocols(nego); WLog_INFO(TAG, "Client Security: NLA:%d TLS:%d RDP:%d", - (RequestedProtocols & PROTOCOL_NLA) ? 1 : 0, - (RequestedProtocols & PROTOCOL_TLS) ? 1 : 0, + (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0, + (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0, (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0 ); WLog_INFO(TAG, "Server Security: NLA:%"PRId32" TLS:%"PRId32" RDP:%"PRId32"", settings->NlaSecurity, settings->TlsSecurity, settings->RdpSecurity); - if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_NLA)) + if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_HYBRID)) { - SelectedProtocol = PROTOCOL_NLA; + SelectedProtocol = PROTOCOL_HYBRID; } - else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_TLS)) + else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_SSL)) { - SelectedProtocol = PROTOCOL_TLS; + SelectedProtocol = PROTOCOL_SSL; } else if ((settings->RdpSecurity) && (RequestedProtocols == PROTOCOL_RDP)) { @@ -1236,8 +1236,8 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s) if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO)) { WLog_INFO(TAG, "Negotiated Security: NLA:%d TLS:%d RDP:%d", - (SelectedProtocol & PROTOCOL_NLA) ? 1 : 0, - (SelectedProtocol & PROTOCOL_TLS) ? 1 : 0, + (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0, + (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0, (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0 ); } @@ -1251,9 +1251,9 @@ BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s) SelectedProtocol = nego_get_selected_protocol(nego); status = FALSE; - if (SelectedProtocol & PROTOCOL_NLA) + if (SelectedProtocol & PROTOCOL_HYBRID) status = transport_accept_nla(rdp->transport); - else if (SelectedProtocol & PROTOCOL_TLS) + else if (SelectedProtocol & PROTOCOL_SSL) status = transport_accept_tls(rdp->transport); else if (SelectedProtocol == PROTOCOL_RDP) /* 0 */ status = transport_accept_rdp(rdp->transport); diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index ad45d6a..7238818 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -111,15 +111,15 @@ BOOL nego_connect(rdpNego* nego) if (nego->state == NEGO_STATE_INITIAL) { - if (nego->EnabledProtocols[PROTOCOL_EXT]) + if (nego->EnabledProtocols[PROTOCOL_HYBRID_EX]) { nego->state = NEGO_STATE_EXT; } - else if (nego->EnabledProtocols[PROTOCOL_NLA]) + else if (nego->EnabledProtocols[PROTOCOL_HYBRID]) { nego->state = NEGO_STATE_NLA; } - else if (nego->EnabledProtocols[PROTOCOL_TLS]) + else if (nego->EnabledProtocols[PROTOCOL_SSL]) { nego->state = NEGO_STATE_TLS; } @@ -138,26 +138,26 @@ BOOL nego_connect(rdpNego* nego) { WLog_DBG(TAG, "Security Layer Negotiation is disabled"); /* attempt only the highest enabled protocol (see nego_attempt_*) */ - nego->EnabledProtocols[PROTOCOL_NLA] = FALSE; - nego->EnabledProtocols[PROTOCOL_TLS] = FALSE; + nego->EnabledProtocols[PROTOCOL_HYBRID] = FALSE; + nego->EnabledProtocols[PROTOCOL_SSL] = FALSE; nego->EnabledProtocols[PROTOCOL_RDP] = FALSE; - nego->EnabledProtocols[PROTOCOL_EXT] = FALSE; + nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = FALSE; if (nego->state == NEGO_STATE_EXT) { - nego->EnabledProtocols[PROTOCOL_EXT] = TRUE; - nego->EnabledProtocols[PROTOCOL_NLA] = TRUE; - nego->SelectedProtocol = PROTOCOL_EXT; + nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = TRUE; + nego->EnabledProtocols[PROTOCOL_HYBRID] = TRUE; + nego->SelectedProtocol = PROTOCOL_HYBRID_EX; } else if (nego->state == NEGO_STATE_NLA) { - nego->EnabledProtocols[PROTOCOL_NLA] = TRUE; - nego->SelectedProtocol = PROTOCOL_NLA; + nego->EnabledProtocols[PROTOCOL_HYBRID] = TRUE; + nego->SelectedProtocol = PROTOCOL_HYBRID; } else if (nego->state == NEGO_STATE_TLS) { - nego->EnabledProtocols[PROTOCOL_TLS] = TRUE; - nego->SelectedProtocol = PROTOCOL_TLS; + nego->EnabledProtocols[PROTOCOL_SSL] = TRUE; + nego->SelectedProtocol = PROTOCOL_SSL; } else if (nego->state == NEGO_STATE_RDP) { @@ -247,14 +247,14 @@ BOOL nego_security_connect(rdpNego* nego) } else if (!nego->SecurityConnected) { - if (nego->SelectedProtocol == PROTOCOL_NLA) + if (nego->SelectedProtocol == PROTOCOL_HYBRID) { - WLog_DBG(TAG, "nego_security_connect with PROTOCOL_NLA"); + WLog_DBG(TAG, "nego_security_connect with PROTOCOL_HYBRID"); nego->SecurityConnected = transport_connect_nla(nego->transport); } - else if (nego->SelectedProtocol == PROTOCOL_TLS) + else if (nego->SelectedProtocol == PROTOCOL_SSL) { - WLog_DBG(TAG, "nego_security_connect with PROTOCOL_TLS"); + WLog_DBG(TAG, "nego_security_connect with PROTOCOL_SSL"); nego->SecurityConnected = transport_connect_tls(nego->transport); } else if (nego->SelectedProtocol == PROTOCOL_RDP) @@ -407,7 +407,7 @@ BOOL nego_send_preconnection_pdu(rdpNego* nego) static void nego_attempt_ext(rdpNego* nego) { - nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS | PROTOCOL_EXT; + nego->RequestedProtocols = PROTOCOL_HYBRID | PROTOCOL_SSL | PROTOCOL_HYBRID_EX; WLog_DBG(TAG, "Attempting NLA extended security"); if (!nego_transport_connect(nego)) @@ -434,9 +434,9 @@ static void nego_attempt_ext(rdpNego* nego) { nego_transport_disconnect(nego); - if (nego->EnabledProtocols[PROTOCOL_NLA]) + if (nego->EnabledProtocols[PROTOCOL_HYBRID]) nego->state = NEGO_STATE_NLA; - else if (nego->EnabledProtocols[PROTOCOL_TLS]) + else if (nego->EnabledProtocols[PROTOCOL_SSL]) nego->state = NEGO_STATE_TLS; else if (nego->EnabledProtocols[PROTOCOL_RDP]) nego->state = NEGO_STATE_RDP; @@ -452,7 +452,7 @@ static void nego_attempt_ext(rdpNego* nego) static void nego_attempt_nla(rdpNego* nego) { - nego->RequestedProtocols = PROTOCOL_NLA | PROTOCOL_TLS; + nego->RequestedProtocols = PROTOCOL_HYBRID | PROTOCOL_SSL; WLog_DBG(TAG, "Attempting NLA security"); if (!nego_transport_connect(nego)) @@ -479,7 +479,7 @@ static void nego_attempt_nla(rdpNego* nego) { nego_transport_disconnect(nego); - if (nego->EnabledProtocols[PROTOCOL_TLS]) + if (nego->EnabledProtocols[PROTOCOL_SSL]) nego->state = NEGO_STATE_TLS; else if (nego->EnabledProtocols[PROTOCOL_RDP]) nego->state = NEGO_STATE_RDP; @@ -495,7 +495,7 @@ static void nego_attempt_nla(rdpNego* nego) static void nego_attempt_tls(rdpNego* nego) { - nego->RequestedProtocols = PROTOCOL_TLS; + nego->RequestedProtocols = PROTOCOL_SSL; WLog_DBG(TAG, "Attempting TLS security"); if (!nego_transport_connect(nego)) @@ -629,14 +629,14 @@ int nego_recv(rdpTransport* transport, wStream* s, void* extra) if (nego->SelectedProtocol) { - if ((nego->SelectedProtocol == PROTOCOL_NLA) && - (!nego->EnabledProtocols[PROTOCOL_NLA])) + if ((nego->SelectedProtocol == PROTOCOL_HYBRID) && + (!nego->EnabledProtocols[PROTOCOL_HYBRID])) { nego->state = NEGO_STATE_FAIL; } - if ((nego->SelectedProtocol == PROTOCOL_TLS) && - (!nego->EnabledProtocols[PROTOCOL_TLS])) + if ((nego->SelectedProtocol == PROTOCOL_SSL) && + (!nego->EnabledProtocols[PROTOCOL_SSL])) { nego->state = NEGO_STATE_FAIL; } @@ -1113,7 +1113,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego) return FALSE; } } - else if (settings->SelectedProtocol == PROTOCOL_TLS) + else if (settings->SelectedProtocol == PROTOCOL_SSL) { settings->TlsSecurity = TRUE; settings->NlaSecurity = FALSE; @@ -1121,7 +1121,7 @@ BOOL nego_send_negotiation_response(rdpNego* nego) settings->UseRdpSecurityLayer = FALSE; settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE; } - else if (settings->SelectedProtocol == PROTOCOL_NLA) + else if (settings->SelectedProtocol == PROTOCOL_HYBRID) { settings->TlsSecurity = TRUE; settings->NlaSecurity = TRUE; @@ -1253,7 +1253,7 @@ void nego_enable_rdp(rdpNego* nego, BOOL enable_rdp) void nego_enable_tls(rdpNego* nego, BOOL enable_tls) { WLog_DBG(TAG, "Enabling TLS security: %s", enable_tls ? "TRUE" : "FALSE"); - nego->EnabledProtocols[PROTOCOL_TLS] = enable_tls; + nego->EnabledProtocols[PROTOCOL_SSL] = enable_tls; } /** @@ -1265,7 +1265,7 @@ void nego_enable_tls(rdpNego* nego, BOOL enable_tls) void nego_enable_nla(rdpNego* nego, BOOL enable_nla) { WLog_DBG(TAG, "Enabling NLA security: %s", enable_nla ? "TRUE" : "FALSE"); - nego->EnabledProtocols[PROTOCOL_NLA] = enable_nla; + nego->EnabledProtocols[PROTOCOL_HYBRID] = enable_nla; } /** @@ -1277,7 +1277,7 @@ void nego_enable_nla(rdpNego* nego, BOOL enable_nla) void nego_enable_ext(rdpNego* nego, BOOL enable_ext) { WLog_DBG(TAG, "Enabling NLA extended security: %s", enable_ext ? "TRUE" : "FALSE"); - nego->EnabledProtocols[PROTOCOL_EXT] = enable_ext; + nego->EnabledProtocols[PROTOCOL_HYBRID_EX] = enable_ext; } /** diff --git a/libfreerdp/core/nego.h b/libfreerdp/core/nego.h index dd01d03..4153098 100644 --- a/libfreerdp/core/nego.h +++ b/libfreerdp/core/nego.h @@ -29,12 +29,14 @@ #include -/* Protocol Security Negotiation Protocols */ -#define PROTOCOL_RDP 0x00000000 -#define PROTOCOL_TLS 0x00000001 -#define PROTOCOL_NLA 0x00000002 -#define PROTOCOL_RDS 0x00000004 -#define PROTOCOL_EXT 0x00000008 +/* Protocol Security Negotiation Protocols + * [MS-RDPBCGR] 2.2.1.1.1 RDP Negotiation Request (RDP_NEG_REQ) + */ +#define PROTOCOL_RDP 0x00000000 +#define PROTOCOL_SSL 0x00000001 +#define PROTOCOL_HYBRID 0x00000002 +#define PROTOCOL_RDSTLS 0x00000004 +#define PROTOCOL_HYBRID_EX 0x00000008 #define PROTOCOL_FAILED_NEGO 0x80000000 /* only used internally, not on the wire */ diff --git a/libfreerdp/core/peer.c b/libfreerdp/core/peer.c index 7bde75b..65be268 100644 --- a/libfreerdp/core/peer.c +++ b/libfreerdp/core/peer.c @@ -478,11 +478,11 @@ static int peer_recv_callback(rdpTransport* transport, wStream* s, void* extra) } SelectedProtocol = nego_get_selected_protocol(rdp->nego); - client->settings->NlaSecurity = (SelectedProtocol & PROTOCOL_NLA) ? TRUE : FALSE; - client->settings->TlsSecurity = (SelectedProtocol & PROTOCOL_TLS) ? TRUE : FALSE; + client->settings->NlaSecurity = (SelectedProtocol & PROTOCOL_HYBRID) ? TRUE : FALSE; + client->settings->TlsSecurity = (SelectedProtocol & PROTOCOL_SSL) ? TRUE : FALSE; client->settings->RdpSecurity = (SelectedProtocol == PROTOCOL_RDP) ? TRUE : FALSE; - if (SelectedProtocol & PROTOCOL_NLA) + if (SelectedProtocol & PROTOCOL_HYBRID) { SEC_WINNT_AUTH_IDENTITY* identity = nego_get_identity(rdp->nego); sspi_CopyAuthIdentity(&client->identity, identity); diff --git a/libfreerdp/core/rdp.c b/libfreerdp/core/rdp.c index f199fdf..ffb6c9b 100644 --- a/libfreerdp/core/rdp.c +++ b/libfreerdp/core/rdp.c @@ -1419,7 +1419,7 @@ int rdp_recv_callback(rdpTransport* transport, wStream* s, void* extra) if (!nego_set_state(rdp->nego, NEGO_STATE_NLA)) return -1; - if (!nego_set_requested_protocols(rdp->nego, PROTOCOL_NLA | PROTOCOL_TLS)) + if (!nego_set_requested_protocols(rdp->nego, PROTOCOL_HYBRID | PROTOCOL_SSL)) return -1; nego_send_negotiation_request(rdp->nego); -- 2.7.4