libfreerdp-core: fix security selection

Also cleans up some debug stuff.

cmake/ConfigOptions.cmake

@@ -1,4 +1,10 @@
-option(WITH_DEBUG_TRANSPORT "Print transport debug message." OFF)
-option(WITH_DEBUG_CHANMAN "Print channel manager debug message." OFF)
-option(WITH_DEBUG_SVC "Print static virtual channel debug message." OFF)
-option(WITH_DEBUG_DVC "Print dynamic virtual channel debug message." OFF)
+option(WITH_DEBUG_TRANSPORT "Print transport debug messages." OFF)
+option(WITH_DEBUG_CHANMAN "Print channel manager debug messages." OFF)
+option(WITH_DEBUG_SVC "Print static virtual channel debug messages." OFF)
+option(WITH_DEBUG_DVC "Print dynamic virtual channel debug messages." OFF)
+option(WITH_DEBUG_KBD "Print keyboard related debug messages." OFF)
+option(WITH_DEBUG_NLA "Print authentication related debug messages." OFF)
+option(WITH_DEBUG_NEGO "Print negotiation related debug messages." OFF)
+option(WITH_DEBUG_CERTIFICATE "Print certificate related debug messages." OFF)
+option(WITH_DEBUG_LICENSE "Print license debug messages." OFF)
+option(WITH_DEBUG_GDI "Print graphics debug messages." OFF)

config.h.in

@@ -18,5 +18,12 @@
 #cmakedefine WITH_DEBUG_CHANMAN
 #cmakedefine WITH_DEBUG_SVC
 #cmakedefine WITH_DEBUG_DVC
+#cmakedefine WITH_DEBUG_KBD
+#cmakedefine WITH_DEBUG_NLA
+#cmakedefine WITH_DEBUG_NEGO
+#cmakedefine WITH_DEBUG_CERTIFICATE
+#cmakedefine WITH_DEBUG_LICENSE
+#cmakedefine WITH_DEBUG_GDI
+#cmakedefine WITH_DEBUG_ASSERT
 
 #endif

include/freerdp/utils/debug.h

@@ -22,13 +22,6 @@
 
 #include "config.h"
 
-#ifdef WITH_DEBUG_ASSERT
-#include <assert.h>
-#define ASSERT(a)	assert(a)
-#else
-#define ASSERT(a)	do { } while (0)
-#endif
-
 #include <stdio.h>
 
 #define DEBUG_NULL(fmt, ...) do { } while (0)

libfreerdp-core/certificate.h

@@ -74,8 +74,6 @@ void certificate_read_server_certificate(rdpCertificate* certificate, uint8* ser
 rdpCertificate* certificate_new(rdpRdp* rdp);
 void certificate_free(rdpCertificate* certificate);
 
-//#define WITH_DEBUG_CERTIFICATE	1
-
 #ifdef WITH_DEBUG_CERTIFICATE
 #define DEBUG_CERTIFICATE(fmt, ...) DEBUG_CLASS(CERTIFICATE, fmt, ## __VA_ARGS__)
 #else

libfreerdp-core/connection.c

@@ -63,7 +63,9 @@ boolean rdp_client_connect(rdpRdp* rdp)
 	nego_init(rdp->nego);
 	nego_set_target(rdp->nego, rdp->settings->hostname, 3389);
 	nego_set_cookie(rdp->nego, rdp->settings->username);
-	nego_set_protocols(rdp->nego, 1, 1, 1);
+	nego_enable_rdp(rdp->nego, rdp->settings->rdp_security);
+	nego_enable_nla(rdp->nego, rdp->settings->nla_security);
+	nego_enable_tls(rdp->nego, rdp->settings->tls_security);
 
 	if (nego_connect(rdp->nego) != True)
 	{

libfreerdp-core/license.h

@@ -196,8 +196,6 @@ void license_send_platform_challenge_response_packet(rdpLicense* license);
 rdpLicense* license_new(rdpRdp* rdp);
 void license_free(rdpLicense* license);
 
-#define WITH_DEBUG_LICENSE	1
-
 #ifdef WITH_DEBUG_LICENSE
 #define DEBUG_LICENSE(fmt, ...) DEBUG_CLASS(LICENSE, fmt, ## __VA_ARGS__)
 #else

libfreerdp-core/nego.c

@@ -443,18 +443,39 @@ void nego_set_target(rdpNego* nego, char* hostname, int port)
 }
 
 /**
- * Set enabled security protocols.
- * @param nego
- * @param rdp
- * @param tls
- * @param nla
+ * Enable RDP security protocol.
+ * @param nego pointer to the negotiation structure
+ * @param enable_rdp whether to enable normal RDP protocol (True for enabled, False for disabled)
  */
 
-void nego_set_protocols(rdpNego* nego, int rdp, int tls, int nla)
+void nego_enable_rdp(rdpNego* nego, boolean enable_rdp)
 {
-	nego->enabled_protocols[PROTOCOL_RDP] = rdp;
-	nego->enabled_protocols[PROTOCOL_TLS] = tls;
-	nego->enabled_protocols[PROTOCOL_NLA] = nla;
+	DEBUG_NEGO("Enabling RDP security: %s", enable_rdp ? "True" : "False");
+	nego->enabled_protocols[PROTOCOL_RDP] = enable_rdp;
+}
+
+/**
+ * Enable TLS security protocol.
+ * @param nego pointer to the negotiation structure
+ * @param enable_tls whether to enable TLS + RDP protocol (True for enabled, False for disabled)
+ */
+void nego_enable_tls(rdpNego* nego, boolean enable_tls)
+{
+	DEBUG_NEGO("Enabling TLS security: %s", enable_tls ? "True" : "False");
+	nego->enabled_protocols[PROTOCOL_TLS] = enable_tls;
+}
+
+
+/**
+ * Enable NLA security protocol.
+ * @param nego pointer to the negotiation structure
+ * @param enable_nla whether to enable network level authentication protocol (True for enabled, False for disabled)
+ */
+
+void nego_enable_nla(rdpNego* nego, boolean enable_nla)
+{
+	DEBUG_NEGO("Enabling NLA security: %s", enable_nla ? "True" : "False");
+	nego->enabled_protocols[PROTOCOL_NLA] = enable_nla;
 }
 
 /**

libfreerdp-core/nego.h

@@ -101,7 +101,9 @@ rdpNego* nego_new(struct rdp_transport * transport);
 void nego_free(rdpNego* nego);
 void nego_init(rdpNego* nego);
 void nego_set_target(rdpNego* nego, char* hostname, int port);
-void nego_set_protocols(rdpNego* nego, int rdp, int tls, int nla);
+void nego_enable_rdp(rdpNego* nego, boolean enable_rdp);
+void nego_enable_nla(rdpNego* nego, boolean enable_nla);
+void nego_enable_tls(rdpNego* nego, boolean enable_tls);
 void nego_set_routing_token(rdpNego* nego, char* routing_token);
 void nego_set_cookie(rdpNego* nego, char* cookie);
 

libfreerdp-core/settings.c

@@ -41,9 +41,9 @@ rdpSettings* settings_new()
 		settings->height = 768;
 		settings->rdp_version = 7;
 		settings->color_depth = 16;
-		settings->nla_security = 1;
-		settings->tls_security = 1;
-		settings->rdp_security = 1;
+		settings->nla_security = True;
+		settings->tls_security = True;
+		settings->rdp_security = True;
 		settings->client_build = 2600;
 		settings->kbd_type = 0;
 		settings->kbd_subtype = 0;

libfreerdp-kbd/libkbd.c

@@ -24,13 +24,13 @@
 #include <freerdp/kbd.h>
 #include <freerdp/types.h>
 
+#include "libkbd.h"
+
 #include "locales.h"
 #include "layout_ids.h"
 #include "layouts_xkb.h"
 #include "keyboard.h"
 
-#include "libkbd.h"
-
 /*
  * The actual mapping from X keycodes to RDP keycodes, initialized from xkb keycodes or similar.
  * Used directly by freerdp_kbd_get_scancode_by_keycode. The mapping is a global variable,

libfreerdp-utils/args.c

@@ -227,15 +227,15 @@ int freerdp_parse_args(rdpSettings* settings, int argc, char** argv,
 		}
 		else if (strcmp("--no-rdp", argv[index]) == 0)
 		{
-			settings->rdp_security = 0;
+			settings->rdp_security = False;
 		}
 		else if (strcmp("--no-tls", argv[index]) == 0)
 		{
-			settings->tls_security = 0;
+			settings->tls_security = False;
 		}
 		else if (strcmp("--no-nla", argv[index]) == 0)
 		{
-			settings->nla_security = 0;
+			settings->nla_security = False;
 		}
 		else if (strcmp("--sec", argv[index]) == 0)
 		{
@@ -247,21 +247,21 @@ int freerdp_parse_args(rdpSettings* settings, int argc, char** argv,
 			}
 			if (strncmp("rdp", argv[index], 1) == 0) /* Standard RDP */
 			{
-				settings->rdp_security = 1;
-				settings->tls_security = 0;
-				settings->nla_security = 0;
+				settings->rdp_security = True;
+				settings->tls_security = False;
+				settings->nla_security = False;
 			}
 			else if (strncmp("tls", argv[index], 1) == 0) /* TLS */
 			{
-				settings->rdp_security = 0;
-				settings->tls_security = 1;
-				settings->nla_security = 0;
+				settings->rdp_security = False;
+				settings->tls_security = True;
+				settings->nla_security = False;
 			}
 			else if (strncmp("nla", argv[index], 1) == 0) /* NLA */
 			{
-				settings->rdp_security = 0;
-				settings->tls_security = 0;
-				settings->nla_security = 1;
+				settings->rdp_security = False;
+				settings->tls_security = False;
+				settings->nla_security = True;
 			}
 			else
 			{