FreeRDP
nego.c File Reference
#include <freerdp/config.h>
#include <winpr/crt.h>
#include <winpr/assert.h>
#include <winpr/stream.h>
#include <freerdp/log.h>
#include "tpkt.h"
#include "nego.h"
#include "aad.h"
#include "transport.h"

Macros

#define TAG   FREERDP_TAG("core.nego")
 

Functions

static const char * nego_state_string (NEGO_STATE state)
 
static const char * protocol_security_string (UINT32 security)
 
static BOOL nego_tcp_connect (rdpNego *nego)
 
static BOOL nego_transport_connect (rdpNego *nego)
 
static BOOL nego_transport_disconnect (rdpNego *nego)
 
static BOOL nego_security_connect (rdpNego *nego)
 
static BOOL nego_send_preconnection_pdu (rdpNego *nego)
 
static BOOL nego_recv_response (rdpNego *nego)
 
static void nego_send (rdpNego *nego)
 
static BOOL nego_process_negotiation_request (rdpNego *nego, wStream *s)
 
static BOOL nego_process_negotiation_response (rdpNego *nego, wStream *s)
 
static BOOL nego_process_negotiation_failure (rdpNego *nego, wStream *s)
 
BOOL nego_update_settings_from_state (rdpNego *nego, rdpSettings *settings)
 
BOOL nego_connect (rdpNego *nego)
 
BOOL nego_disconnect (rdpNego *nego)
 
static BOOL nego_try_connect (rdpNego *nego)
 
static void nego_attempt_rdstls (rdpNego *nego)
 
static void nego_attempt_rdsaad (rdpNego *nego)
 
static void nego_attempt_ext (rdpNego *nego)
 
static void nego_attempt_nla (rdpNego *nego)
 
static void nego_attempt_tls (rdpNego *nego)
 
static void nego_attempt_rdp (rdpNego *nego)
 
int nego_recv (rdpTransport *transport, wStream *s, void *extra)
 
static BOOL nego_read_request_token_or_cookie (rdpNego *nego, wStream *s)
 
BOOL nego_read_request (rdpNego *nego, wStream *s)
 
BOOL nego_send_negotiation_request (rdpNego *nego)
 
static BOOL nego_process_correlation_info (rdpNego *nego, wStream *s)
 
static const char * nego_rdp_neg_rsp_flags_str (UINT32 flags)
 
BOOL nego_send_negotiation_response (rdpNego *nego)
 
void nego_init (rdpNego *nego)
 
rdpNego * nego_new (rdpTransport *transport)
 
void nego_free (rdpNego *nego)
 
BOOL nego_set_target (rdpNego *nego, const char *hostname, UINT16 port)
 
void nego_set_negotiation_enabled (rdpNego *nego, BOOL NegotiateSecurityLayer)
 
void nego_set_restricted_admin_mode_required (rdpNego *nego, BOOL RestrictedAdminModeRequired)
 
void nego_set_RCG_required (rdpNego *nego, BOOL enabled)
 
void nego_set_RCG_supported (rdpNego *nego, BOOL enabled)
 
BOOL nego_get_remoteCredentialGuard (rdpNego *nego)
 
void nego_set_childsession_enabled (rdpNego *nego, BOOL ChildSessionEnabled)
 
void nego_set_gateway_enabled (rdpNego *nego, BOOL GatewayEnabled)
 
void nego_set_gateway_bypass_local (rdpNego *nego, BOOL GatewayBypassLocal)
 
void nego_enable_rdp (rdpNego *nego, BOOL enable_rdp)
 
void nego_enable_tls (rdpNego *nego, BOOL enable_tls)
 
void nego_enable_nla (rdpNego *nego, BOOL enable_nla)
 
void nego_enable_rdstls (rdpNego *nego, BOOL enable_rdstls)
 
void nego_enable_ext (rdpNego *nego, BOOL enable_ext)
 
void nego_enable_aad (rdpNego *nego, BOOL enable_aad)
 
BOOL nego_set_routing_token (rdpNego *nego, const void *RoutingToken, DWORD RoutingTokenLength)
 
BOOL nego_set_cookie (rdpNego *nego, const char *cookie)
 
void nego_set_cookie_max_length (rdpNego *nego, UINT32 CookieMaxLength)
 
void nego_set_send_preconnection_pdu (rdpNego *nego, BOOL SendPreconnectionPdu)
 
void nego_set_preconnection_id (rdpNego *nego, UINT32 PreconnectionId)
 
void nego_set_preconnection_blob (rdpNego *nego, const char *PreconnectionBlob)
 
UINT32 nego_get_selected_protocol (rdpNego *nego)
 
BOOL nego_set_selected_protocol (rdpNego *nego, UINT32 SelectedProtocol)
 
UINT32 nego_get_requested_protocols (rdpNego *nego)
 
BOOL nego_set_requested_protocols (rdpNego *nego, UINT32 RequestedProtocols)
 
NEGO_STATE nego_get_state (rdpNego *nego)
 
BOOL nego_set_state (rdpNego *nego, NEGO_STATE state)
 
SEC_WINNT_AUTH_IDENTITYnego_get_identity (rdpNego *nego)
 
void nego_free_nla (rdpNego *nego)
 
const BYTEnego_get_routing_token (rdpNego *nego, DWORD *RoutingTokenLength)
 

Macro Definition Documentation

◆ TAG

#define TAG   FREERDP_TAG("core.nego")

FreeRDP: A Remote Desktop Protocol Implementation RDP Protocol Security Negotiation

Copyright 2011 Marc-Andre Moreau marca.nosp@m.ndre.nosp@m..more.nosp@m.au@g.nosp@m.mail..nosp@m.com Copyright 2014 Norbert Federa norbe.nosp@m.rt.f.nosp@m.edera.nosp@m.@thi.nosp@m.ncast.nosp@m..com Copyright 2015 Thincast Technologies GmbH Copyright 2015 DI (FH) Martin Haimberger marti.nosp@m.n.ha.nosp@m.imber.nosp@m.ger@.nosp@m.thinc.nosp@m.ast..nosp@m.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Function Documentation

◆ nego_attempt_ext()

static void nego_attempt_ext ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_attempt_nla()

static void nego_attempt_nla ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_attempt_rdp()

static void nego_attempt_rdp ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_attempt_rdsaad()

static void nego_attempt_rdsaad ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_attempt_rdstls()

static void nego_attempt_rdstls ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_attempt_tls()

static void nego_attempt_tls ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_connect()

BOOL nego_connect ( rdpNego *  nego)

Negotiate protocol security and connect.

Parameters
negoA pointer to the NEGO struct
Returns
TRUE for success, FALSE otherwise

Advertise all supported encryption methods if the client implementation did not set any security methods

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_disconnect()

BOOL nego_disconnect ( rdpNego *  nego)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_enable_aad()

void nego_enable_aad ( rdpNego *  nego,
BOOL  enable_aad 
)

Enable RDS AAD security protocol.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
enable_aadwhether to enable RDS AAD Auth protocol (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_enable_ext()

void nego_enable_ext ( rdpNego *  nego,
BOOL  enable_ext 
)

Enable NLA extended security protocol.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
enable_extwhether to enable network level authentication extended protocol (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_enable_nla()

void nego_enable_nla ( rdpNego *  nego,
BOOL  enable_nla 
)

Enable NLA security protocol.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
enable_nlawhether to enable network level authentication protocol (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_enable_rdp()

void nego_enable_rdp ( rdpNego *  nego,
BOOL  enable_rdp 
)

Enable RDP security protocol.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
enable_rdpwhether to enable normal RDP protocol (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_enable_rdstls()

void nego_enable_rdstls ( rdpNego *  nego,
BOOL  enable_rdstls 
)

Enable RDSTLS security protocol.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
enable_rdstlswhether to enable RDSTLS protocol (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_enable_tls()

void nego_enable_tls ( rdpNego *  nego,
BOOL  enable_tls 
)

Enable TLS security protocol.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
enable_tlswhether to enable TLS + RDP protocol (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_free()

void nego_free ( rdpNego *  nego)

Free NEGO state machine.

Parameters
negoA pointer to the NEGO struct
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_free_nla()

void nego_free_nla ( rdpNego *  nego)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_get_identity()

SEC_WINNT_AUTH_IDENTITY* nego_get_identity ( rdpNego *  nego)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_get_remoteCredentialGuard()

BOOL nego_get_remoteCredentialGuard ( rdpNego *  nego)
Here is the caller graph for this function:

◆ nego_get_requested_protocols()

UINT32 nego_get_requested_protocols ( rdpNego *  nego)
Here is the caller graph for this function:

◆ nego_get_routing_token()

const BYTE* nego_get_routing_token ( rdpNego *  nego,
DWORD *  RoutingTokenLength 
)
Here is the caller graph for this function:

◆ nego_get_selected_protocol()

UINT32 nego_get_selected_protocol ( rdpNego *  nego)
Here is the caller graph for this function:

◆ nego_get_state()

NEGO_STATE nego_get_state ( rdpNego *  nego)
Here is the caller graph for this function:

◆ nego_init()

void nego_init ( rdpNego *  nego)

Initialize NEGO state machine.

Parameters
negoA pointer to the NEGO struct
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_new()

rdpNego* nego_new ( rdpTransport *  transport)

Create a new NEGO state machine instance.

Parameters
transportThe transport to use
Returns
A pointer to the allocated NEGO instance or NULL
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_process_correlation_info()

static BOOL nego_process_correlation_info ( rdpNego *  nego,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_process_negotiation_failure()

BOOL nego_process_negotiation_failure ( rdpNego *  nego,
wStream s 
)
static

Process Negotiation Failure from Connection Confirm message.

Parameters
negoA pointer to the NEGO struct
sThe stream to read from
Returns
TRUE for success, FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_process_negotiation_request()

BOOL nego_process_negotiation_request ( rdpNego *  nego,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_process_negotiation_response()

BOOL nego_process_negotiation_response ( rdpNego *  nego,
wStream s 
)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_rdp_neg_rsp_flags_str()

static const char* nego_rdp_neg_rsp_flags_str ( UINT32  flags)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_read_request()

BOOL nego_read_request ( rdpNego *  nego,
wStream s 
)

Read protocol security negotiation request message.

Parameters
negoA pointer to the NEGO struct
sA stream to read from
Returns
TRUE for success, FALSE for failure
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_read_request_token_or_cookie()

static BOOL nego_read_request_token_or_cookie ( rdpNego *  nego,
wStream s 
)
static

Read optional routing token or cookie of X.224 Connection Request PDU. msdn{cc240470}

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_recv()

int nego_recv ( rdpTransport *  transport,
wStream s,
void *  extra 
)

Receive protocol security negotiation message. msdn{cc240501}

Parameters
transportThe transport to read from
sA stream to read the received data from
extranego pointer
Returns
0 for success, -1 for failure
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_recv_response()

BOOL nego_recv_response ( rdpNego *  nego)
static

Wait to receive a negotiation response

Parameters
negoA pointer to the NEGO struct
Returns
TRUE for success, FALSE for failure
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_security_connect()

BOOL nego_security_connect ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_send()

void nego_send ( rdpNego *  nego)
static

Send protocol security negotiation message.

Parameters
negoA pointer to the NEGO struct
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_send_negotiation_request()

BOOL nego_send_negotiation_request ( rdpNego *  nego)

Send RDP Negotiation Request (RDP_NEG_REQ). msdn{cc240500} msdn{cc240470}

Parameters
negoA pointer to the NEGO struct
Returns
TRUE for success, FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_send_negotiation_response()

BOOL nego_send_negotiation_response ( rdpNego *  nego)

Send RDP Negotiation Response (RDP_NEG_RSP).

Parameters
negoA pointer to the NEGO struct

If the server implementation did not explicitely set a encryption level we default to client compatible

Note: This hack was firstly introduced in commit 95f5e115 to disable the unnecessary encryption with peers connecting to 127.0.0.1 or local unix sockets. This also affects connections via port tunnels! (e.g. ssh -L)

Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_send_preconnection_pdu()

BOOL nego_send_preconnection_pdu ( rdpNego *  nego)
static

Send preconnection information if enabled.

Parameters
negoA pointer to the NEGO struct
Returns
TRUE for success, FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_set_childsession_enabled()

void nego_set_childsession_enabled ( rdpNego *  nego,
BOOL  ChildSessionEnabled 
)
Here is the caller graph for this function:

◆ nego_set_cookie()

BOOL nego_set_cookie ( rdpNego *  nego,
const char *  cookie 
)

Set cookie.

Parameters
negoA pointer to the NEGO struct
cookieA pointer to the cookie string
Returns
TRUE for success, FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_set_cookie_max_length()

void nego_set_cookie_max_length ( rdpNego *  nego,
UINT32  CookieMaxLength 
)

Set cookie maximum length

Parameters
negoA pointer to the NEGO struct
CookieMaxLengththe length to set
Here is the caller graph for this function:

◆ nego_set_gateway_bypass_local()

void nego_set_gateway_bypass_local ( rdpNego *  nego,
BOOL  GatewayBypassLocal 
)
Here is the caller graph for this function:

◆ nego_set_gateway_enabled()

void nego_set_gateway_enabled ( rdpNego *  nego,
BOOL  GatewayEnabled 
)
Here is the caller graph for this function:

◆ nego_set_negotiation_enabled()

void nego_set_negotiation_enabled ( rdpNego *  nego,
BOOL  NegotiateSecurityLayer 
)

Enable security layer negotiation.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
NegotiateSecurityLayerwhether to enable security layer negotiation (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_set_preconnection_blob()

void nego_set_preconnection_blob ( rdpNego *  nego,
const char *  PreconnectionBlob 
)

Set preconnection blob.

Parameters
negoA pointer to the NEGO struct
PreconnectionBlobA pointer to the blob to use
Here is the caller graph for this function:

◆ nego_set_preconnection_id()

void nego_set_preconnection_id ( rdpNego *  nego,
UINT32  PreconnectionId 
)

Set preconnection id.

Parameters
negoA pointer to the NEGO struct
PreconnectionIdthe ID to set
Here is the caller graph for this function:

◆ nego_set_RCG_required()

void nego_set_RCG_required ( rdpNego *  nego,
BOOL  enabled 
)
Here is the call graph for this function:

◆ nego_set_RCG_supported()

void nego_set_RCG_supported ( rdpNego *  nego,
BOOL  enabled 
)
Here is the caller graph for this function:

◆ nego_set_requested_protocols()

BOOL nego_set_requested_protocols ( rdpNego *  nego,
UINT32  RequestedProtocols 
)
Here is the caller graph for this function:

◆ nego_set_restricted_admin_mode_required()

void nego_set_restricted_admin_mode_required ( rdpNego *  nego,
BOOL  RestrictedAdminModeRequired 
)

Enable restricted admin mode.

Parameters
negoA pointer to the NEGO struct pointer to the negotiation structure
RestrictedAdminModeRequiredwhether to enable security layer negotiation (TRUE for enabled, FALSE for disabled)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_set_routing_token()

BOOL nego_set_routing_token ( rdpNego *  nego,
const void *  RoutingToken,
DWORD  RoutingTokenLength 
)

Set routing token.

Parameters
negoA pointer to the NEGO struct
RoutingTokenA pointer to the routing token
RoutingTokenLengthThe lenght of the routing token
Returns
TRUE for success, FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_set_selected_protocol()

BOOL nego_set_selected_protocol ( rdpNego *  nego,
UINT32  SelectedProtocol 
)
Here is the caller graph for this function:

◆ nego_set_send_preconnection_pdu()

void nego_set_send_preconnection_pdu ( rdpNego *  nego,
BOOL  SendPreconnectionPdu 
)

Enable / disable preconnection PDU.

Parameters
negoA pointer to the NEGO struct
SendPreconnectionPduThe value to set
Here is the caller graph for this function:

◆ nego_set_state()

BOOL nego_set_state ( rdpNego *  nego,
NEGO_STATE  state 
)
Here is the caller graph for this function:

◆ nego_set_target()

BOOL nego_set_target ( rdpNego *  nego,
const char *  hostname,
UINT16  port 
)

Set target hostname and port.

Parameters
negoA pointer to the NEGO struct
hostnameThe hostname to set
portThe port to set
Returns
TRUE for success, FALSE otherwise
Here is the caller graph for this function:

◆ nego_state_string()

static const char* nego_state_string ( NEGO_STATE  state)
static
Here is the caller graph for this function:

◆ nego_tcp_connect()

static BOOL nego_tcp_connect ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_transport_connect()

BOOL nego_transport_connect ( rdpNego *  nego)
static

Connect TCP layer. For direct approach, connect security layer as well.

Parameters
negoA pointer to the NEGO struct
Returns
TRUE for success, FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_transport_disconnect()

BOOL nego_transport_disconnect ( rdpNego *  nego)
static

Disconnect TCP layer.

Parameters
negoA pointer to the NEGO struct
Returns
TRUE for success, FALSE otherwise
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_try_connect()

static BOOL nego_try_connect ( rdpNego *  nego)
static
Here is the call graph for this function:
Here is the caller graph for this function:

◆ nego_update_settings_from_state()

BOOL nego_update_settings_from_state ( rdpNego *  nego,
rdpSettings *  settings 
)
Here is the call graph for this function:
Here is the caller graph for this function:

◆ protocol_security_string()

static const char* protocol_security_string ( UINT32  security)
static
Here is the caller graph for this function: