From cce4ffd6a102b70efa1b4044fdb38a0a3ec17100 Mon Sep 17 00:00:00 2001
From: Meng TAN <mtan@wallix.com>
Date: Thu, 30 May 2024 08:59:05 +0200
Subject: [PATCH] RDPNego: do not request Standard RDP Security when not
 allowed (WAB-10220)

Standard RDP security was always requested, with the new options it is
not required anymore to do so.
---
 src/core/RDP/nego.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/core/RDP/nego.cpp b/src/core/RDP/nego.cpp
index 0d3b456134..e438dd2e38 100644
--- a/src/core/RDP/nego.cpp
+++ b/src/core/RDP/nego.cpp
@@ -40,6 +40,7 @@
 struct RdpNegoProtocols
 {
     enum {
+        None = 0x00000000,
         Rdp = 0x00000001,
         Tls = 0x00000002,
         Nla = 0x00000004
@@ -60,8 +61,9 @@ RdpNego::RdpNego(
 , rdp_legacy_fallback(rdp_legacy)
 , krb(nla && krb)
 , restricted_admin_mode(admin_mode)
-, selected_protocol(RdpNegoProtocols::Rdp)
-, enabled_protocols(RdpNegoProtocols::Rdp
+, selected_protocol(RdpNegoProtocols::None)
+, enabled_protocols(
+      (this->rdp_legacy_fallback ? RdpNegoProtocols::Rdp : 0)
     | (this->tls ? RdpNegoProtocols::Tls : 0)
     | (this->nla ? RdpNegoProtocols::Nla : 0))
 , username(username)
@@ -76,9 +78,10 @@ RdpNego::RdpNego(
 , tls_config(tls_config)
 , verbose(verbose)
 {
-    LOG(LOG_INFO, "RdpNego: TLS=%s NLA=%s adminMode=%s",
+    LOG(LOG_INFO, "RdpNego: TLS=%s NLA=%s Legacy=%s adminMode=%s",
         ((this->enabled_protocols & RdpNegoProtocols::Tls) ? "Enabled" : "Disabled"),
         ((this->enabled_protocols & RdpNegoProtocols::Nla) ? "Enabled" : "Disabled"),
+        ((this->enabled_protocols & RdpNegoProtocols::Rdp) ? "Enabled" : "Disabled"),
         (this->restricted_admin_mode ? "Enabled" : "Disabled")
         );