Modified the protocol negotiation chain to retry with following
fallback order CredSSP -> TLS -> Plain RDP. This should fix the bug 3589086. git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1683 423420c4-83ab-492f-b58f-81f9feb106b5
This commit is contained in:
parent
49d4996cd7
commit
9c7aacbd6e
25
iso.c
25
iso.c
@ -49,7 +49,7 @@ iso_send_msg(uint8 code)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
iso_send_connection_request(char *username)
|
iso_send_connection_request(char *username, uint32 neg_proto)
|
||||||
{
|
{
|
||||||
STREAM s;
|
STREAM s;
|
||||||
int length = 30 + strlen(username);
|
int length = 30 + strlen(username);
|
||||||
@ -81,11 +81,7 @@ iso_send_connection_request(char *username)
|
|||||||
out_uint8(s, RDP_NEG_REQ);
|
out_uint8(s, RDP_NEG_REQ);
|
||||||
out_uint8(s, 0);
|
out_uint8(s, 0);
|
||||||
out_uint16(s, 8);
|
out_uint16(s, 8);
|
||||||
#ifdef WITH_CREDSSP
|
out_uint32(s, neg_proto);
|
||||||
out_uint32(s, PROTOCOL_SSL | PROTOCOL_HYBRID);
|
|
||||||
#else
|
|
||||||
out_uint32(s, PROTOCOL_SSL);
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
s_mark_end(s);
|
s_mark_end(s);
|
||||||
@ -201,9 +197,16 @@ iso_connect(char *server, char *username, char *domain, char *password,
|
|||||||
{
|
{
|
||||||
STREAM s;
|
STREAM s;
|
||||||
uint8 code;
|
uint8 code;
|
||||||
|
uint32 neg_proto;
|
||||||
|
|
||||||
g_negotiate_rdp_protocol = True;
|
g_negotiate_rdp_protocol = True;
|
||||||
|
|
||||||
|
#ifdef WITH_CREDSSP
|
||||||
|
neg_proto = PROTOCOL_SSL | PROTOCOL_HYBRID;
|
||||||
|
#else
|
||||||
|
neg_proto = PROTOCOL_SSL;
|
||||||
|
#endif
|
||||||
|
|
||||||
retry:
|
retry:
|
||||||
*selected_protocol = PROTOCOL_RDP;
|
*selected_protocol = PROTOCOL_RDP;
|
||||||
code = 0;
|
code = 0;
|
||||||
@ -217,7 +220,7 @@ iso_connect(char *server, char *username, char *domain, char *password,
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
iso_send_connection_request(username);
|
iso_send_connection_request(username, neg_proto);
|
||||||
}
|
}
|
||||||
|
|
||||||
s = iso_recv_msg(&code, NULL);
|
s = iso_recv_msg(&code, NULL);
|
||||||
@ -300,8 +303,10 @@ iso_connect(char *server, char *username, char *domain, char *password,
|
|||||||
{
|
{
|
||||||
if (!tcp_tls_connect())
|
if (!tcp_tls_connect())
|
||||||
{
|
{
|
||||||
|
/* failed to connect using cssp, let retry with plain TLS */
|
||||||
tcp_disconnect();
|
tcp_disconnect();
|
||||||
return False;
|
neg_proto = PROTOCOL_RDP;
|
||||||
|
goto retry;
|
||||||
}
|
}
|
||||||
/* do not use encryption when using TLS */
|
/* do not use encryption when using TLS */
|
||||||
g_encryption = False;
|
g_encryption = False;
|
||||||
@ -312,8 +317,10 @@ iso_connect(char *server, char *username, char *domain, char *password,
|
|||||||
{
|
{
|
||||||
if (!cssp_connect(server, username, domain, password, s))
|
if (!cssp_connect(server, username, domain, password, s))
|
||||||
{
|
{
|
||||||
|
/* failed to connect using cssp, let retry with plain TLS */
|
||||||
tcp_disconnect();
|
tcp_disconnect();
|
||||||
return False;
|
neg_proto = PROTOCOL_SSL;
|
||||||
|
goto retry;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* do not use encryption when using TLS */
|
/* do not use encryption when using TLS */
|
||||||
|
Loading…
Reference in New Issue
Block a user