From 867843eef717e7faa580a8304ad9cc673531a691 Mon Sep 17 00:00:00 2001
From: kubistika <kmizrachi18@gmail.com>
Date: Tue, 10 Sep 2019 10:11:00 +0300
Subject: [PATCH] server: proxy: client: only try NLA if credentials available

---
 server/proxy/pf_client.c  | 17 +++++++++++------
 server/proxy/pf_context.h |  2 +-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/server/proxy/pf_client.c b/server/proxy/pf_client.c
index c82da67..91dc274 100644
--- a/server/proxy/pf_client.c
+++ b/server/proxy/pf_client.c
@@ -262,7 +262,7 @@ static void pf_client_post_disconnect(freerdp* instance)
 	gdi_free(instance);
 
 	/* Only close the connection if NLA fallback process is done */
-	if (!context->during_connect_process)
+	if (!context->allow_next_conn_failure)
 		proxy_data_abort_connect(pdata);
 }
 
@@ -271,9 +271,14 @@ static BOOL pf_client_connect(freerdp* instance)
 	pClientContext* pc = (pClientContext*) instance->context;
 	rdpSettings* settings = pc->context.settings;
 
-	/* on first try, proxy client should always try to connect with NLA */
-	settings->NlaSecurity = TRUE;
-	pc->during_connect_process = TRUE;
+	/* if credentials are available, always try to connect with NLA on first try */
+	if (settings->Username && settings->Password)
+	{
+		settings->NlaSecurity = TRUE;
+		pc->allow_next_conn_failure = TRUE;
+	}
+	else
+		settings->NlaSecurity = FALSE;
 
 	if (!freerdp_connect(instance))
 	{
@@ -286,7 +291,7 @@ static BOOL pf_client_connect(freerdp* instance)
 			settings->RdpSecurity = TRUE;
 			settings->TlsSecurity = TRUE;
 
-			pc->during_connect_process = FALSE;
+			pc->allow_next_conn_failure = FALSE;
 			if (!freerdp_connect(instance))
 			{
 				WLog_ERR(TAG, "connection failure");
@@ -300,7 +305,7 @@ static BOOL pf_client_connect(freerdp* instance)
 		}
 	}
 
-	pc->during_connect_process = FALSE;
+	pc->allow_next_conn_failure = FALSE;
 	return TRUE;
 }
 
diff --git a/server/proxy/pf_context.h b/server/proxy/pf_context.h
index defe1d5..6460f89 100644
--- a/server/proxy/pf_context.h
+++ b/server/proxy/pf_context.h
@@ -81,7 +81,7 @@ struct p_client_context
 	 * It must be set to TRUE before the first try, and to FALSE after the connection fully established,
 	 * to ensure graceful shutdown of the connection when it will be closed.
 	 */
-	BOOL during_connect_process;
+	BOOL allow_next_conn_failure;
 };
 typedef struct p_client_context pClientContext;
 
-- 
2.7.4