kekePower/rdesktop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modified the protocol negotiation chain to retry with following

Browse Source 
fallback order CredSSP -> TLS -> Plain RDP.

This should fix the bug 3589086.

git-svn-id: svn://svn.code.sf.net/p/rdesktop/code/rdesktop/trunk@1683 423420c4-83ab-492f-b58f-81f9feb106b5
This commit is contained in:
Henrik Andersson 2012-11-29 07:43:05 +00:00
parent 49d4996cd7
commit 9c7aacbd6e
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
iso.c
View File

@ -49,7 +49,7 @@ iso_send_msg(uint8 code)
}
static void
iso_send_connection_request(char *username)
iso_send_connection_request(char *username, uint32 neg_proto)
{
STREAM s;
int length = 30 + strlen(username);
@ -81,11 +81,7 @@ iso_send_connection_request(char *username)
out_uint8(s, RDP_NEG_REQ);
out_uint8(s, 0);
out_uint16(s, 8);
#ifdef WITH_CREDSSP
out_uint32(s, PROTOCOL_SSL | PROTOCOL_HYBRID);
#else
out_uint32(s, PROTOCOL_SSL);
#endif
out_uint32(s, neg_proto);
}
s_mark_end(s);
@ -201,9 +197,16 @@ iso_connect(char *server, char *username, char *domain, char *password,
{
STREAM s;
uint8 code;
uint32 neg_proto;
g_negotiate_rdp_protocol = True;
#ifdef WITH_CREDSSP
neg_proto = PROTOCOL_SSL | PROTOCOL_HYBRID;
#else
neg_proto = PROTOCOL_SSL;
#endif
retry:
*selected_protocol = PROTOCOL_RDP;
code = 0;
@ -217,7 +220,7 @@ iso_connect(char *server, char *username, char *domain, char *password,
}
else
{
iso_send_connection_request(username);
iso_send_connection_request(username, neg_proto);
}
s = iso_recv_msg(&code, NULL);
@ -300,8 +303,10 @@ iso_connect(char *server, char *username, char *domain, char *password,
{
if (!tcp_tls_connect())
{
/* failed to connect using cssp, let retry with plain TLS */
tcp_disconnect();
return False;
neg_proto = PROTOCOL_RDP;
goto retry;
}
/* do not use encryption when using TLS */
g_encryption = False;
@ -312,8 +317,10 @@ iso_connect(char *server, char *username, char *domain, char *password,
{
if (!cssp_connect(server, username, domain, password, s))
{
/* failed to connect using cssp, let retry with plain TLS */
tcp_disconnect();
return False;
neg_proto = PROTOCOL_SSL;
goto retry;
}
/* do not use encryption when using TLS */