From 4b9fb8fff9854a567b30d7712f83dd0f44f19a5e Mon Sep 17 00:00:00 2001 From: Martin Fleisz Date: Thu, 9 Feb 2023 11:10:49 +0100 Subject: [PATCH] proxy: Fix NLA to TLS fallback connection Currently the proxy's TLS fallback if an NLA connection attempt failed is broken. There are two issues with the current code that this PR fixes: - freerdp_reconnect is used which requires an already established connection to work correctly. This is not the case since the NLA connectin attempt failed. This resulted in a seemingly working TLS connection but i.e. channels where missing/not working. - The fallback connection attempt just altered the NLA security setting in the instance's settings. However these settings have been already modified by the NLA connection attempt so we need to create a copy of the original connection settings before doing the first connect. The PR also introduces freerdp_reset_context which restores the initial connection settings for the given instance. --- include/freerdp/freerdp.h | 1 + libfreerdp/core/freerdp.c | 11 +++++++++++ server/proxy/pf_client.c | 6 +++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/include/freerdp/freerdp.h b/include/freerdp/freerdp.h index 8af99d324..9dbd801b5 100644 --- a/include/freerdp/freerdp.h +++ b/include/freerdp/freerdp.h @@ -542,6 +542,7 @@ owned by rdpRdp */ FREERDP_API BOOL freerdp_context_new(freerdp* instance); FREERDP_API BOOL freerdp_context_new_ex(freerdp* instance, rdpSettings* settings); + FREERDP_API BOOL freerdp_context_reset(freerdp* instance); FREERDP_API void freerdp_context_free(freerdp* instance); FREERDP_API BOOL freerdp_connect(freerdp* instance); diff --git a/libfreerdp/core/freerdp.c b/libfreerdp/core/freerdp.c index 0112ab7a8..996c20cc4 100644 --- a/libfreerdp/core/freerdp.c +++ b/libfreerdp/core/freerdp.c @@ -780,6 +780,17 @@ fail: return FALSE; } +BOOL freerdp_context_reset(freerdp* instance) +{ + if (!instance) + return FALSE; + + WINPR_ASSERT(instance->context); + rdpRdp* rdp = instance->context->rdp; + + return rdp_reset_runtime_settings(rdp); +} + /** Deallocator function for a rdp context. * The function will deallocate the resources from the 'instance' parameter that were allocated * from a call to freerdp_context_new(). If the ContextFree callback is set in the 'instance' diff --git a/server/proxy/pf_client.c b/server/proxy/pf_client.c index cfbf5e384..d8949068e 100644 --- a/server/proxy/pf_client.c +++ b/server/proxy/pf_client.c @@ -721,6 +721,10 @@ static BOOL pf_client_connect_without_nla(pClientContext* pc) WINPR_ASSERT(pc); instance = pc->context.instance; WINPR_ASSERT(instance); + + if (!freerdp_context_reset(instance)) + return FALSE; + settings = pc->context.settings; WINPR_ASSERT(settings); @@ -733,7 +737,7 @@ static BOOL pf_client_connect_without_nla(pClientContext* pc) /* do not allow next connection failure */ pc->allow_next_conn_failure = FALSE; - return freerdp_reconnect(instance); + return freerdp_connect(instance); } static BOOL pf_client_connect(freerdp* instance)