#include <freerdp/config.h>#include <winpr/crt.h>#include <winpr/assert.h>#include <winpr/stream.h>#include <freerdp/log.h>#include "tpkt.h"#include "nego.h"#include "transport.h"Macros | |
| #define | TAG FREERDP_TAG("core.nego") |
Functions | |
| static const char * | nego_state_string (NEGO_STATE state) |
| static const char * | protocol_security_string (UINT32 security) |
| static BOOL | nego_transport_connect (rdpNego *nego) |
| static BOOL | nego_transport_disconnect (rdpNego *nego) |
| static BOOL | nego_security_connect (rdpNego *nego) |
| static BOOL | nego_send_preconnection_pdu (rdpNego *nego) |
| static BOOL | nego_recv_response (rdpNego *nego) |
| static void | nego_send (rdpNego *nego) |
| static BOOL | nego_process_negotiation_request (rdpNego *nego, wStream *s) |
| static BOOL | nego_process_negotiation_response (rdpNego *nego, wStream *s) |
| static BOOL | nego_process_negotiation_failure (rdpNego *nego, wStream *s) |
| BOOL | nego_connect (rdpNego *nego) |
| BOOL | nego_disconnect (rdpNego *nego) |
| static BOOL | nego_tcp_connect (rdpNego *nego) |
| static void | nego_attempt_ext (rdpNego *nego) |
| static void | nego_attempt_nla (rdpNego *nego) |
| static void | nego_attempt_tls (rdpNego *nego) |
| static void | nego_attempt_rdp (rdpNego *nego) |
| int | nego_recv (rdpTransport *transport, wStream *s, void *extra) |
| static BOOL | nego_read_request_token_or_cookie (rdpNego *nego, wStream *s) |
| BOOL | nego_read_request (rdpNego *nego, wStream *s) |
| BOOL | nego_send_negotiation_request (rdpNego *nego) |
| static BOOL | nego_process_correlation_info (rdpNego *nego, wStream *s) |
| static const char * | nego_rdp_neg_rsp_flags_str (UINT32 flags) |
| BOOL | nego_send_negotiation_response (rdpNego *nego) |
| void | nego_init (rdpNego *nego) |
| rdpNego * | nego_new (rdpTransport *transport) |
| void | nego_free (rdpNego *nego) |
| BOOL | nego_set_target (rdpNego *nego, const char *hostname, UINT16 port) |
| void | nego_set_negotiation_enabled (rdpNego *nego, BOOL NegotiateSecurityLayer) |
| void | nego_set_restricted_admin_mode_required (rdpNego *nego, BOOL RestrictedAdminModeRequired) |
| void | nego_set_gateway_enabled (rdpNego *nego, BOOL GatewayEnabled) |
| void | nego_set_gateway_bypass_local (rdpNego *nego, BOOL GatewayBypassLocal) |
| void | nego_enable_rdp (rdpNego *nego, BOOL enable_rdp) |
| void | nego_enable_tls (rdpNego *nego, BOOL enable_tls) |
| void | nego_enable_nla (rdpNego *nego, BOOL enable_nla) |
| void | nego_enable_ext (rdpNego *nego, BOOL enable_ext) |
| BOOL | nego_set_routing_token (rdpNego *nego, const BYTE *RoutingToken, DWORD RoutingTokenLength) |
| BOOL | nego_set_cookie (rdpNego *nego, const char *cookie) |
| void | nego_set_cookie_max_length (rdpNego *nego, UINT32 CookieMaxLength) |
| void | nego_set_send_preconnection_pdu (rdpNego *nego, BOOL SendPreconnectionPdu) |
| void | nego_set_preconnection_id (rdpNego *nego, UINT32 PreconnectionId) |
| void | nego_set_preconnection_blob (rdpNego *nego, const char *PreconnectionBlob) |
| UINT32 | nego_get_selected_protocol (rdpNego *nego) |
| BOOL | nego_set_selected_protocol (rdpNego *nego, UINT32 SelectedProtocol) |
| UINT32 | nego_get_requested_protocols (rdpNego *nego) |
| BOOL | nego_set_requested_protocols (rdpNego *nego, UINT32 RequestedProtocols) |
| NEGO_STATE | nego_get_state (rdpNego *nego) |
| BOOL | nego_set_state (rdpNego *nego, NEGO_STATE state) |
| SEC_WINNT_AUTH_IDENTITY * | nego_get_identity (rdpNego *nego) |
| void | nego_free_nla (rdpNego *nego) |
| const BYTE * | nego_get_routing_token (rdpNego *nego, DWORD *RoutingTokenLength) |
Macro Definition Documentation
◆ TAG
| #define TAG FREERDP_TAG("core.nego") |
FreeRDP: A Remote Desktop Protocol Implementation RDP Protocol Security Negotiation
Copyright 2011 Marc-Andre Moreau marcandre.moreau@gmail.com Copyright 2014 Norbert Federa norbert.federa@thincast.com Copyright 2015 Thincast Technologies GmbH Copyright 2015 DI (FH) Martin Haimberger martin.haimberger@thincast.com
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Function Documentation
◆ nego_attempt_ext()
|
static |
Attempt negotiating NLA + TLS extended security.
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_attempt_nla()
|
static |
Attempt negotiating NLA + TLS security.
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_attempt_rdp()
|
static |
Attempt negotiating standard RDP security.
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_attempt_tls()
|
static |
Attempt negotiating TLS security.
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_connect()
| BOOL nego_connect | ( | rdpNego * | nego | ) |
Negotiate protocol security and connect.
- Parameters
-
nego
- Returns
Advertise all supported encryption methods if the client implementation did not set any security methods
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_disconnect()
| BOOL nego_disconnect | ( | rdpNego * | nego | ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_enable_ext()
| void nego_enable_ext | ( | rdpNego * | nego, |
| BOOL | enable_ext | ||
| ) |
Enable NLA extended security protocol.
- Parameters
-
nego pointer to the negotiation structure enable_ext whether to enable network level authentication extended protocol (TRUE for enabled, FALSE for disabled)
Here is the caller graph for this function:
◆ nego_enable_nla()
| void nego_enable_nla | ( | rdpNego * | nego, |
| BOOL | enable_nla | ||
| ) |
Enable NLA security protocol.
- Parameters
-
nego pointer to the negotiation structure enable_nla whether to enable network level authentication protocol (TRUE for enabled, FALSE for disabled)
Here is the caller graph for this function:
◆ nego_enable_rdp()
| void nego_enable_rdp | ( | rdpNego * | nego, |
| BOOL | enable_rdp | ||
| ) |
Enable RDP security protocol.
- Parameters
-
nego pointer to the negotiation structure enable_rdp whether to enable normal RDP protocol (TRUE for enabled, FALSE for disabled)
Here is the caller graph for this function:
◆ nego_enable_tls()
| void nego_enable_tls | ( | rdpNego * | nego, |
| BOOL | enable_tls | ||
| ) |
Enable TLS security protocol.
- Parameters
-
nego pointer to the negotiation structure enable_tls whether to enable TLS + RDP protocol (TRUE for enabled, FALSE for disabled)
Here is the caller graph for this function:
◆ nego_free()
| void nego_free | ( | rdpNego * | nego | ) |
Free NEGO state machine.
- Parameters
-
nego
Here is the caller graph for this function:
◆ nego_free_nla()
| void nego_free_nla | ( | rdpNego * | nego | ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_get_identity()
| SEC_WINNT_AUTH_IDENTITY* nego_get_identity | ( | rdpNego * | nego | ) |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_get_requested_protocols()
| UINT32 nego_get_requested_protocols | ( | rdpNego * | nego | ) |
Here is the caller graph for this function:
◆ nego_get_routing_token()
| const BYTE* nego_get_routing_token | ( | rdpNego * | nego, |
| DWORD * | RoutingTokenLength | ||
| ) |
Here is the caller graph for this function:
◆ nego_get_selected_protocol()
| UINT32 nego_get_selected_protocol | ( | rdpNego * | nego | ) |
Here is the caller graph for this function:
◆ nego_get_state()
| NEGO_STATE nego_get_state | ( | rdpNego * | nego | ) |
Here is the caller graph for this function:
◆ nego_init()
| void nego_init | ( | rdpNego * | nego | ) |
Initialize NEGO state machine.
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_new()
| rdpNego* nego_new | ( | rdpTransport * | transport | ) |
Create a new NEGO state machine instance.
- Parameters
-
transport
- Returns
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_process_correlation_info()
|
static |
Process Negotiation Request from Connection Request message.
- Parameters
-
nego s
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_process_negotiation_failure()
|
static |
Process Negotiation Failure from Connection Confirm message.
- Parameters
-
nego s
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_process_negotiation_request()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_process_negotiation_response()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_rdp_neg_rsp_flags_str()
|
static |
Process Negotiation Response from Connection Confirm message.
- Parameters
-
nego s
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_read_request()
| BOOL nego_read_request | ( | rdpNego * | nego, |
| wStream * | s | ||
| ) |
Read protocol security negotiation request message.
- Parameters
-
nego s stream
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_read_request_token_or_cookie()
|
static |
Read optional routing token or cookie of X.224 Connection Request PDU. http://msdn.microsoft.com/en-us/library/cc240470/
- Parameters
-
nego s stream
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_recv()
| int nego_recv | ( | rdpTransport * | transport, |
| wStream * | s, | ||
| void * | extra | ||
| ) |
Receive protocol security negotiation message.
http://msdn.microsoft.com/en-us/library/cc240501/
- Parameters
-
transport transport s stream extra nego pointer
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_recv_response()
|
static |
Wait to receive a negotiation response
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_security_connect()
|
static |
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_send()
|
static |
Send protocol security negotiation message.
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_send_negotiation_request()
| BOOL nego_send_negotiation_request | ( | rdpNego * | nego | ) |
Send RDP Negotiation Request (RDP_NEG_REQ).
http://msdn.microsoft.com/en-us/library/cc240500/
http://msdn.microsoft.com/en-us/library/cc240470/
- Parameters
-
nego
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_send_negotiation_response()
| BOOL nego_send_negotiation_response | ( | rdpNego * | nego | ) |
Send RDP Negotiation Response (RDP_NEG_RSP).
- Parameters
-
nego
If the server implementation did not explicitely set a encryption level we default to client compatible
Note: This hack was firstly introduced in commit 95f5e115 to disable the unnecessary encryption with peers connecting to 127.0.0.1 or local unix sockets. This also affects connections via port tunnels! (e.g. ssh -L)
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_send_preconnection_pdu()
|
static |
Send preconnection information if enabled.
- Parameters
-
nego
- Returns
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_set_cookie()
| BOOL nego_set_cookie | ( | rdpNego * | nego, |
| const char * | cookie | ||
| ) |
Set cookie.
- Parameters
-
nego cookie
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_set_cookie_max_length()
| void nego_set_cookie_max_length | ( | rdpNego * | nego, |
| UINT32 | CookieMaxLength | ||
| ) |
Set cookie maximum length
- Parameters
-
nego CookieMaxLength
Here is the caller graph for this function:
◆ nego_set_gateway_bypass_local()
| void nego_set_gateway_bypass_local | ( | rdpNego * | nego, |
| BOOL | GatewayBypassLocal | ||
| ) |
Here is the caller graph for this function:
◆ nego_set_gateway_enabled()
| void nego_set_gateway_enabled | ( | rdpNego * | nego, |
| BOOL | GatewayEnabled | ||
| ) |
Here is the caller graph for this function:
◆ nego_set_negotiation_enabled()
| void nego_set_negotiation_enabled | ( | rdpNego * | nego, |
| BOOL | NegotiateSecurityLayer | ||
| ) |
Enable security layer negotiation.
- Parameters
-
nego pointer to the negotiation structure enable_rdp whether to enable security layer negotiation (TRUE for enabled, FALSE for disabled)
Here is the caller graph for this function:
◆ nego_set_preconnection_blob()
| void nego_set_preconnection_blob | ( | rdpNego * | nego, |
| const char * | PreconnectionBlob | ||
| ) |
Set preconnection blob.
- Parameters
-
nego blob
Here is the caller graph for this function:
◆ nego_set_preconnection_id()
| void nego_set_preconnection_id | ( | rdpNego * | nego, |
| UINT32 | PreconnectionId | ||
| ) |
Set preconnection id.
- Parameters
-
nego id
Here is the caller graph for this function:
◆ nego_set_requested_protocols()
| BOOL nego_set_requested_protocols | ( | rdpNego * | nego, |
| UINT32 | RequestedProtocols | ||
| ) |
Here is the caller graph for this function:
◆ nego_set_restricted_admin_mode_required()
| void nego_set_restricted_admin_mode_required | ( | rdpNego * | nego, |
| BOOL | RestrictedAdminModeRequired | ||
| ) |
Enable restricted admin mode.
- Parameters
-
nego pointer to the negotiation structure enable_restricted whether to enable security layer negotiation (TRUE for enabled, FALSE for disabled)
Here is the caller graph for this function:
◆ nego_set_routing_token()
| BOOL nego_set_routing_token | ( | rdpNego * | nego, |
| const BYTE * | RoutingToken, | ||
| DWORD | RoutingTokenLength | ||
| ) |
Set routing token.
- Parameters
-
nego RoutingToken RoutingTokenLength
Here is the caller graph for this function:
◆ nego_set_selected_protocol()
| BOOL nego_set_selected_protocol | ( | rdpNego * | nego, |
| UINT32 | SelectedProtocol | ||
| ) |
Here is the caller graph for this function:
◆ nego_set_send_preconnection_pdu()
| void nego_set_send_preconnection_pdu | ( | rdpNego * | nego, |
| BOOL | SendPreconnectionPdu | ||
| ) |
Enable / disable preconnection PDU.
- Parameters
-
nego send_pcpdu
Here is the caller graph for this function:
◆ nego_set_state()
| BOOL nego_set_state | ( | rdpNego * | nego, |
| NEGO_STATE | state | ||
| ) |
Here is the caller graph for this function:
◆ nego_set_target()
| BOOL nego_set_target | ( | rdpNego * | nego, |
| const char * | hostname, | ||
| UINT16 | port | ||
| ) |
Set target hostname and port.
- Parameters
-
nego hostname port
Here is the caller graph for this function:
◆ nego_state_string()
|
static |
Here is the caller graph for this function:
◆ nego_tcp_connect()
|
static |
Connect TCP layer.
- Parameters
-
nego
- Returns
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_transport_connect()
|
static |
Connect TCP layer. For direct approach, connect security layer as well.
- Parameters
-
nego
- Returns
Here is the call graph for this function:
Here is the caller graph for this function:
◆ nego_transport_disconnect()
|
static |
Disconnect TCP layer.
- Parameters
-
nego
- Returns
Here is the call graph for this function:
Here is the caller graph for this function:
◆ protocol_security_string()
|
static |
Here is the caller graph for this function:
