From cd8d2e98b10a0f77956941928eb7729b968f3522 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Wed, 3 Dec 2025 10:13:25 +0100 Subject: [PATCH] [core,nego] disable all enabled modes except the one requested If a TYPE_RDP_NEG_FAILURE message is received, evaluate the failure code and disable all modes except the one requested. This eliminates unnecessary connection attempts with security modes not enabled. --- libfreerdp/core/nego.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index 81888c53d..c8451073c 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -1400,6 +1400,22 @@ static const char* nego_rdp_neg_fail_str(uint32_t what) } } +static void nego_disable_all_except(rdpNego* nego, uint32_t what) +{ + WINPR_ASSERT(nego); + + char buffer[32] = { 0 }; + WLog_Print(nego->log, WLOG_DEBUG, "Disabling all modes except %s", + nego_protocol_to_str(what, buffer, sizeof(buffer))); + + for (size_t x = 0; x < ARRAYSIZE(nego->EnabledProtocols); x++) + { + if (x == what) + continue; + nego->EnabledProtocols[x] = FALSE; + } +} + /** * Process Negotiation Failure from Connection Confirm message. * @param nego A pointer to the NEGO struct @@ -1438,9 +1454,11 @@ BOOL nego_process_negotiation_failure(rdpNego* nego, wStream* s) switch (failureCode) { case SSL_REQUIRED_BY_SERVER: + nego_disable_all_except(nego, PROTOCOL_SSL); break; case SSL_NOT_ALLOWED_BY_SERVER: + nego_disable_all_except(nego, PROTOCOL_RDP); nego->sendNegoData = TRUE; break; @@ -1454,6 +1472,7 @@ BOOL nego_process_negotiation_failure(rdpNego* nego, wStream* s) break; case HYBRID_REQUIRED_BY_SERVER: + nego_disable_all_except(nego, PROTOCOL_HYBRID); break; default: