From fef87a0bd5f26d88c22e716a4e7c47a19ffdd4b8 Mon Sep 17 00:00:00 2001
From: Trou <devel@syscall.eu>
Date: Sat, 31 Mar 2012 02:55:13 +0200
Subject: [PATCH 1/2] fix negotiation with NLA

---
 libfreerdp-core/nego.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libfreerdp-core/nego.c b/libfreerdp-core/nego.c
index 9c4c5d101..b2bb96a8f 100644
--- a/libfreerdp-core/nego.c
+++ b/libfreerdp-core/nego.c
@@ -295,7 +295,7 @@ boolean nego_recv(rdpTransport* transport, STREAM* s, void* extra)
 				nego_process_negotiation_response(nego, s);
 
 				DEBUG_NEGO("selected_protocol: %d", nego->selected_protocol);
-				if (nego->selected_protocol != nego->requested_protocols)
+				if ((nego->selected_protocol & nego->requested_protocols) == 0)
 					nego->state = NEGO_STATE_FAIL;
 				break;
 

From 79e191f78b1775f598c362f7167ac88178ee522a Mon Sep 17 00:00:00 2001
From: Trou <devel@syscall.eu>
Date: Sat, 31 Mar 2012 16:09:19 +0200
Subject: [PATCH 2/2] REALLY fix negociation this time

---
 libfreerdp-core/nego.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/libfreerdp-core/nego.c b/libfreerdp-core/nego.c
index b2bb96a8f..7a88ca36d 100644
--- a/libfreerdp-core/nego.c
+++ b/libfreerdp-core/nego.c
@@ -295,7 +295,16 @@ boolean nego_recv(rdpTransport* transport, STREAM* s, void* extra)
 				nego_process_negotiation_response(nego, s);
 
 				DEBUG_NEGO("selected_protocol: %d", nego->selected_protocol);
-				if ((nego->selected_protocol & nego->requested_protocols) == 0)
+
+				/* enhanced security selected ? */
+				if (nego->selected_protocol) {
+					if (nego->selected_protocol == PROTOCOL_NLA &&
+						!nego->enabled_protocols[PROTOCOL_NLA]) 
+						nego->state = NEGO_STATE_FAIL;
+					if (nego->selected_protocol == PROTOCOL_TLS &&
+						!nego->enabled_protocols[PROTOCOL_TLS]) 
+						nego->state = NEGO_STATE_FAIL;
+				} else if (!nego->enabled_protocols[PROTOCOL_RDP])
 					nego->state = NEGO_STATE_FAIL;
 				break;
 
@@ -306,7 +315,8 @@ boolean nego_recv(rdpTransport* transport, STREAM* s, void* extra)
 	}
 	else
 	{
-		if (nego->requested_protocols > PROTOCOL_RDP)
+		DEBUG_NEGO("no rdpNegData");
+		if (!nego->enabled_protocols[PROTOCOL_RDP])
 			nego->state = NEGO_STATE_FAIL;
 		else
 			nego->state = NEGO_STATE_FINAL;