FreeRDP
Loading...
Searching...
No Matches
transport.c
1
20#include <freerdp/config.h>
21
22#include "settings.h"
23
24#include <winpr/assert.h>
25
26#include <winpr/crt.h>
27#include <winpr/synch.h>
28#include <winpr/print.h>
29#include <winpr/stream.h>
30#include <winpr/winsock.h>
31#include <winpr/crypto.h>
32
33#include <freerdp/log.h>
34#include <freerdp/error.h>
35#include <freerdp/utils/ringbuffer.h>
36
37#include <openssl/bio.h>
38#include <time.h>
39#include <errno.h>
40#include <fcntl.h>
41
42#ifndef _WIN32
43#include <netdb.h>
44#include <sys/socket.h>
45#endif /* _WIN32 */
46
47#ifdef FREERDP_HAVE_VALGRIND_MEMCHECK_H
48#include <valgrind/memcheck.h>
49#endif
50
51#include "tpkt.h"
52#include "fastpath.h"
53#include "transport.h"
54#include "rdp.h"
55#include "proxy.h"
56#include "utils.h"
57#include "state.h"
58#include "childsession.h"
59
60#include "gateway/rdg.h"
61#include "gateway/wst.h"
62#include "gateway/arm.h"
63
64#define TAG FREERDP_TAG("core.transport")
65
66#define BUFFER_SIZE 16384
67
68struct rdp_transport
69{
70 TRANSPORT_LAYER layer;
71 BIO* frontBio;
72 rdpRdg* rdg;
73 rdpTsg* tsg;
74 rdpWst* wst;
75 rdpTls* tls;
76 rdpContext* context;
77 rdpNla* nla;
78 void* ReceiveExtra;
79 wStream* ReceiveBuffer;
80 TransportRecv ReceiveCallback;
81 wStreamPool* ReceivePool;
82 HANDLE connectedEvent;
83 BOOL NlaMode;
84 BOOL RdstlsMode;
85 BOOL AadMode;
86 BOOL blocking;
87 BOOL GatewayEnabled;
88 BOOL haveReadLock;
89 CRITICAL_SECTION ReadLock;
90 BOOL haveWriteLock;
91 CRITICAL_SECTION WriteLock;
92 UINT64 written;
93 HANDLE rereadEvent;
94 BOOL haveMoreBytesToRead;
95 wLog* log;
96 rdpTransportIo io;
97 HANDLE ioEvent;
98 BOOL useIoEvent;
99 BOOL earlyUserAuth;
100};
101
102typedef struct
103{
105 void* userContextShadowPtr;
106} rdpTransportLayerInt;
107
108static const char* where2str(int where, char* ibuffer, size_t ilen)
109{
110 if (!ibuffer || (ilen < 2))
111 return nullptr;
112
113 ibuffer[0] = '[';
114 size_t len = ilen - 1;
115 char* buffer = &ibuffer[1];
116 if (where & SSL_CB_ALERT)
117 winpr_str_append("SSL_CB_ALERT", buffer, len, "|");
118 if (where & SSL_ST_ACCEPT)
119 winpr_str_append("SSL_ST_ACCEPT", buffer, len, "|");
120 if (where & SSL_ST_CONNECT)
121 winpr_str_append("SSL_ST_CONNECT", buffer, len, "|");
122 if (where & SSL_CB_HANDSHAKE_DONE)
123 winpr_str_append("SSL_CB_HANDSHAKE_DONE", buffer, len, "|");
124 if (where & SSL_CB_HANDSHAKE_START)
125 winpr_str_append("SSL_CB_HANDSHAKE_START", buffer, len, "|");
126 if (where & SSL_CB_WRITE)
127 winpr_str_append("SSL_CB_WRITE", buffer, len, "|");
128 if (where & SSL_CB_READ)
129 winpr_str_append("SSL_CB_READ", buffer, len, "|");
130 if (where & SSL_CB_EXIT)
131 winpr_str_append("SSL_CB_EXIT", buffer, len, "|");
132 if (where & SSL_CB_LOOP)
133 winpr_str_append("SSL_CB_LOOP", buffer, len, "|");
134
135 char nr[32] = WINPR_C_ARRAY_INIT;
136 (void)_snprintf(nr, sizeof(nr), "]{0x%08" PRIx32 "}", (unsigned)where);
137 winpr_str_append(nr, buffer, len, "");
138 return buffer;
139}
140
141static void transport_ssl_cb(const SSL* ssl, int where, int ret)
142{
143 if (where & SSL_CB_ALERT)
144 {
145 char buffer[128] = WINPR_C_ARRAY_INIT;
146 rdpTransport* transport = (rdpTransport*)SSL_get_app_data(ssl);
147 WINPR_ASSERT(transport);
148
149 switch (ret)
150 {
151 case (SSL3_AL_FATAL << 8) | SSL_AD_ACCESS_DENIED:
152 {
153 if (!freerdp_get_last_error(transport_get_context(transport)))
154 {
155 WLog_Print(transport->log, WLOG_ERROR, "where=%s ACCESS DENIED",
156 where2str(where, buffer, sizeof(buffer)));
157 freerdp_set_last_error_log(transport_get_context(transport),
158 FREERDP_ERROR_AUTHENTICATION_FAILED);
159 }
160 }
161 break;
162
163 case (SSL3_AL_FATAL << 8) | SSL_AD_INTERNAL_ERROR:
164 {
165 WLog_Print(transport->log, WLOG_WARN, "SSL error (where=%s, ret=%d [%s, %s])",
166 where2str(where, buffer, sizeof(buffer)), ret,
167 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
168
169 if (transport->NlaMode)
170 {
171 if (!freerdp_get_last_error(transport_get_context(transport)))
172 {
173 UINT32 kret = 0;
174 if (transport->nla)
175 kret = nla_get_error(transport->nla);
176 if (kret == 0)
177 kret = FREERDP_ERROR_CONNECT_PASSWORD_CERTAINLY_EXPIRED;
178 freerdp_set_last_error_log(transport_get_context(transport), kret);
179 }
180 }
181 }
182 break;
183
184 case (SSL3_AL_WARNING << 8) | SSL3_AD_CLOSE_NOTIFY:
185 WLog_Print(transport->log, WLOG_DEBUG, "SSL warning (where=%s, ret=%d [%s, %s])",
186 where2str(where, buffer, sizeof(buffer)), ret,
187 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
188 break;
189
190 default:
191 WLog_Print(transport->log, WLOG_WARN,
192 "Unhandled SSL error (where=%s, ret=%d [%s, %s])",
193 where2str(where, buffer, sizeof(buffer)), ret,
194 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
195 break;
196 }
197 }
198}
199
200wStream* transport_send_stream_init(WINPR_ATTR_UNUSED rdpTransport* transport, size_t size)
201{
202 WINPR_ASSERT(transport);
203
204 return Stream_New(nullptr, size);
205}
206
207BOOL transport_attach(rdpTransport* transport, int sockfd)
208{
209 if (!transport)
210 return FALSE;
211 return IFCALLRESULT(FALSE, transport->io.TransportAttach, transport, sockfd);
212}
213
214static BOOL transport_default_attach(rdpTransport* transport, int sockfd)
215{
216 BIO* socketBio = nullptr;
217 BIO* bufferedBio = nullptr;
218 const rdpSettings* settings = nullptr;
219 rdpContext* context = transport_get_context(transport);
220
221 if (sockfd < 0)
222 {
223 WLog_WARN(TAG, "Running peer without socket (sockfd=%d)", sockfd);
224 return TRUE;
225 }
226
227 settings = context->settings;
228 WINPR_ASSERT(settings);
229
230 if (sockfd >= 0)
231 {
232 if (!freerdp_tcp_set_keep_alive_mode(settings, sockfd))
233 goto fail;
234
235 socketBio = BIO_new(BIO_s_simple_socket());
236
237 if (!socketBio)
238 goto fail;
239 }
240
241 bufferedBio = BIO_new(BIO_s_buffered_socket());
242 if (!bufferedBio)
243 goto fail;
244
245 if (socketBio)
246 {
247 /* Attach the socket only when this function can no longer fail.
248 * This ensures solid ownership:
249 * - if this function fails, the caller is responsible to clean up
250 * - if this function is successful, the caller MUST NOT close the socket any more.
251 */
252 BIO_set_fd(socketBio, sockfd, BIO_CLOSE);
253 bufferedBio = BIO_push(bufferedBio, socketBio);
254 if (!bufferedBio)
255 goto fail;
256 }
257 EnterCriticalSection(&(transport->ReadLock));
258 EnterCriticalSection(&(transport->WriteLock));
259 transport->frontBio = bufferedBio;
260 LeaveCriticalSection(&(transport->WriteLock));
261 LeaveCriticalSection(&(transport->ReadLock));
262
263 return TRUE;
264fail:
265
266 if (socketBio)
267 BIO_free_all(socketBio);
268 else
269 closesocket((SOCKET)sockfd);
270
271 return FALSE;
272}
273
274BOOL transport_connect_rdp(rdpTransport* transport)
275{
276 if (!transport)
277 return FALSE;
278
279 switch (utils_authenticate(transport_get_context(transport)->instance, AUTH_RDP, FALSE))
280 {
281 case AUTH_SKIP:
282 case AUTH_SUCCESS:
283 case AUTH_NO_CREDENTIALS:
284 return TRUE;
285 case AUTH_CANCELLED:
286 freerdp_set_last_error_if_not(transport_get_context(transport),
287 FREERDP_ERROR_CONNECT_CANCELLED);
288 return FALSE;
289 default:
290 return FALSE;
291 }
292}
293
294BOOL transport_connect_tls(rdpTransport* transport)
295{
296 const rdpSettings* settings = nullptr;
297 rdpContext* context = transport_get_context(transport);
298
299 settings = context->settings;
300 WINPR_ASSERT(settings);
301
302 /* Only prompt for password if we use TLS (NLA also calls this function) */
303 if (settings->SelectedProtocol == PROTOCOL_SSL)
304 {
305 switch (utils_authenticate(context->instance, AUTH_TLS, FALSE))
306 {
307 case AUTH_SKIP:
308 case AUTH_SUCCESS:
309 case AUTH_NO_CREDENTIALS:
310 break;
311 case AUTH_CANCELLED:
312 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
313 return FALSE;
314 default:
315 return FALSE;
316 }
317 }
318
319 return IFCALLRESULT(FALSE, transport->io.TLSConnect, transport);
320}
321
322static BOOL transport_default_connect_tls(rdpTransport* transport)
323{
324 int tlsStatus = 0;
325 rdpTls* tls = nullptr;
326 rdpContext* context = nullptr;
327 rdpSettings* settings = nullptr;
328
329 WINPR_ASSERT(transport);
330
331 context = transport_get_context(transport);
332 WINPR_ASSERT(context);
333
334 settings = context->settings;
335 WINPR_ASSERT(settings);
336
337 if (!(tls = freerdp_tls_new(context)))
338 return FALSE;
339
340 transport->tls = tls;
341
342 if (transport->GatewayEnabled)
343 transport->layer = TRANSPORT_LAYER_TSG_TLS;
344 else
345 transport->layer = TRANSPORT_LAYER_TLS;
346
347 tls->hostname = settings->ServerHostname;
348 tls->serverName = settings->UserSpecifiedServerName;
349 tls->port = WINPR_ASSERTING_INT_CAST(int32_t, MIN(UINT16_MAX, settings->ServerPort));
350
351 if (tls->port == 0)
352 tls->port = 3389;
353
354 tls->isGatewayTransport = FALSE;
355 tlsStatus = freerdp_tls_connect(tls, transport->frontBio);
356
357 if (tlsStatus < 1)
358 {
359 if (tlsStatus < 0)
360 {
361 freerdp_set_last_error_if_not(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
362 }
363 else
364 {
365 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
366 }
367
368 return FALSE;
369 }
370
371 transport->frontBio = tls->bio;
372
373 /* See libfreerdp/crypto/tls.c transport_default_connect_tls
374 *
375 * we are wrapping a SSL object in the BIO and actually want to set
376 *
377 * SSL_set_info_callback there. So ensure our callback is of appropriate
378 * type for that instead of what the function prototype suggests.
379 */
380 typedef void (*ssl_cb_t)(const SSL* ssl, int type, int val);
381 ssl_cb_t fkt = transport_ssl_cb;
382
383 BIO_info_cb* bfkt = WINPR_FUNC_PTR_CAST(fkt, BIO_info_cb*);
384 BIO_callback_ctrl(tls->bio, BIO_CTRL_SET_CALLBACK, bfkt);
385 SSL_set_app_data(tls->ssl, transport);
386
387 if (!transport->frontBio)
388 {
389 WLog_Print(transport->log, WLOG_ERROR, "unable to prepend a filtering TLS bio");
390 return FALSE;
391 }
392
393 return TRUE;
394}
395
396BOOL transport_connect_nla(rdpTransport* transport, BOOL earlyUserAuth)
397{
398 rdpContext* context = nullptr;
399 rdpSettings* settings = nullptr;
400 rdpRdp* rdp = nullptr;
401 if (!transport)
402 return FALSE;
403
404 context = transport_get_context(transport);
405 WINPR_ASSERT(context);
406
407 settings = context->settings;
408 WINPR_ASSERT(settings);
409
410 rdp = context->rdp;
411 WINPR_ASSERT(rdp);
412
413 if (!transport_connect_tls(transport))
414 return FALSE;
415
416 if (!settings->Authentication)
417 return TRUE;
418
419 nla_free(rdp->nla);
420 rdp->nla = nla_new(context, transport);
421
422 if (!rdp->nla)
423 return FALSE;
424
425 nla_set_early_user_auth(rdp->nla, earlyUserAuth);
426
427 transport_set_nla_mode(transport, TRUE);
428
429 if (settings->AuthenticationServiceClass)
430 {
431 if (!nla_set_service_principal(rdp->nla, settings->AuthenticationServiceClass,
433 return FALSE;
434 }
435
436 if (nla_client_begin(rdp->nla) < 0)
437 {
438 WLog_Print(transport->log, WLOG_ERROR, "NLA begin failed");
439
440 freerdp_set_last_error_if_not(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
441
442 transport_set_nla_mode(transport, FALSE);
443 return FALSE;
444 }
445
446 return rdp_client_transition_to_state(rdp, CONNECTION_STATE_NLA);
447}
448
449BOOL transport_connect_rdstls(rdpTransport* transport)
450{
451 BOOL rc = FALSE;
452 rdpRdstls* rdstls = nullptr;
453 rdpContext* context = nullptr;
454
455 WINPR_ASSERT(transport);
456
457 context = transport_get_context(transport);
458 WINPR_ASSERT(context);
459
460 if (!transport_connect_tls(transport))
461 goto fail;
462
463 rdstls = rdstls_new(context, transport);
464 if (!rdstls)
465 goto fail;
466
467 transport_set_rdstls_mode(transport, TRUE);
468
469 if (rdstls_authenticate(rdstls) < 0)
470 {
471 WLog_Print(transport->log, WLOG_ERROR, "RDSTLS authentication failed");
472 freerdp_set_last_error_if_not(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
473 goto fail;
474 }
475
476 transport_set_rdstls_mode(transport, FALSE);
477 rc = TRUE;
478fail:
479 rdstls_free(rdstls);
480 return rc;
481}
482
483BOOL transport_connect_aad(rdpTransport* transport)
484{
485 rdpContext* context = nullptr;
486 rdpSettings* settings = nullptr;
487 rdpRdp* rdp = nullptr;
488 if (!transport)
489 return FALSE;
490
491 context = transport_get_context(transport);
492 WINPR_ASSERT(context);
493
494 settings = context->settings;
495 WINPR_ASSERT(settings);
496
497 rdp = context->rdp;
498 WINPR_ASSERT(rdp);
499
500 if (!transport_connect_tls(transport))
501 return FALSE;
502
503 if (!settings->Authentication)
504 return TRUE;
505
506 if (!rdp->aad)
507 return FALSE;
508
509 transport_set_aad_mode(transport, TRUE);
510
511 if (aad_client_begin(rdp->aad) < 0)
512 {
513 WLog_Print(transport->log, WLOG_ERROR, "AAD begin failed");
514
515 freerdp_set_last_error_if_not(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
516
517 transport_set_aad_mode(transport, FALSE);
518 return FALSE;
519 }
520
521 return rdp_client_transition_to_state(rdp, CONNECTION_STATE_AAD);
522}
523
524static BOOL transport_can_retry(const rdpContext* context, BOOL status)
525{
526 switch (freerdp_get_last_error(context))
527 {
528 case FREERDP_ERROR_CONNECT_TARGET_BOOTING:
529 return FALSE;
530 default:
531 return !status;
532 }
533}
534
535BOOL transport_connect(rdpTransport* transport, const char* hostname, UINT16 port, DWORD timeout)
536{
537 BOOL status = FALSE;
538 rdpContext* context = transport_get_context(transport);
539
540 WINPR_ASSERT(context);
541 WINPR_ASSERT(hostname);
542
543 rdpSettings* settings = context->settings;
544 WINPR_ASSERT(settings);
545
546 BOOL rpcFallback = !settings->GatewayHttpTransport;
547
548 if (transport->GatewayEnabled)
549 {
550 if (settings->GatewayUrl)
551 {
552 WINPR_ASSERT(!transport->wst);
553 transport->wst = wst_new(context);
554
555 if (!transport->wst)
556 {
557 WLog_Print(transport->log, WLOG_ERROR, "wst_new failed");
558 return FALSE;
559 }
560
561 status = wst_connect(transport->wst, timeout);
562
563 if (status)
564 {
565 transport->frontBio = wst_get_front_bio_and_take_ownership(transport->wst);
566 WINPR_ASSERT(transport->frontBio);
567 BIO_set_nonblock(transport->frontBio, 0);
568 transport->layer = TRANSPORT_LAYER_TSG;
569 status = TRUE;
570 }
571 else
572 {
573 wst_free(transport->wst);
574 transport->wst = nullptr;
575 }
576 }
577 if (transport_can_retry(transport->context, status) && settings->GatewayHttpTransport)
578 {
579 WINPR_ASSERT(!transport->rdg);
580 transport->rdg = rdg_new(context);
581
582 if (!transport->rdg)
583 {
584 WLog_Print(transport->log, WLOG_ERROR, "rdg_new failed");
585 return FALSE;
586 }
587
588 status = rdg_connect(transport->rdg, timeout, &rpcFallback);
589
590 if (status)
591 {
592 transport->frontBio = rdg_get_front_bio_and_take_ownership(transport->rdg);
593 WINPR_ASSERT(transport->frontBio);
594 BIO_set_nonblock(transport->frontBio, 0);
595 transport->layer = TRANSPORT_LAYER_TSG;
596 status = TRUE;
597 }
598 else
599 {
600 rdg_free(transport->rdg);
601 transport->rdg = nullptr;
602 }
603 }
604
605 if (transport_can_retry(transport->context, status) && settings->GatewayRpcTransport &&
606 rpcFallback)
607 {
608 WINPR_ASSERT(!transport->tsg);
609 transport->tsg = tsg_new(transport);
610
611 if (!transport->tsg)
612 return FALSE;
613
614 /* Reset error condition from RDG */
615 freerdp_set_last_error_log(context, FREERDP_ERROR_SUCCESS);
616 status = tsg_connect(transport->tsg, hostname, port, timeout);
617
618 if (status)
619 {
620 transport->frontBio = tsg_get_bio(transport->tsg);
621 transport->layer = TRANSPORT_LAYER_TSG;
622 status = TRUE;
623 }
624 else
625 {
626 tsg_free(transport->tsg);
627 transport->tsg = nullptr;
628 }
629 }
630 }
631 else
632 {
633 UINT16 peerPort = 0;
634 const char* proxyHostname = nullptr;
635 const char* proxyUsername = nullptr;
636 const char* proxyPassword = nullptr;
637 BOOL isProxyConnection =
638 proxy_prepare(settings, &proxyHostname, &peerPort, &proxyUsername, &proxyPassword);
639
640 rdpTransportLayer* layer = nullptr;
641 if (isProxyConnection)
642 layer = transport_connect_layer(transport, proxyHostname, peerPort, timeout);
643 else
644 layer = transport_connect_layer(transport, hostname, port, timeout);
645
646 if (!layer)
647 return FALSE;
648
649 if (!transport_attach_layer(transport, layer))
650 {
651 transport_layer_free(layer);
652 return FALSE;
653 }
654
655 if (isProxyConnection)
656 {
657 if (!proxy_connect(context, transport->frontBio, proxyUsername, proxyPassword, hostname,
658 port))
659 return FALSE;
660 }
661
662 status = TRUE;
663 }
664
665 return status;
666}
667
668BOOL transport_connect_childsession(rdpTransport* transport)
669{
670 WINPR_ASSERT(transport);
671
672 transport->frontBio = createChildSessionBio();
673 if (!transport->frontBio)
674 return FALSE;
675
676 transport->layer = TRANSPORT_LAYER_TSG;
677 return TRUE;
678}
679
680BOOL transport_accept_rdp(rdpTransport* transport)
681{
682 return transport != nullptr;
683 /* RDP encryption */
684}
685
686BOOL transport_accept_tls(rdpTransport* transport)
687{
688 if (!transport)
689 return FALSE;
690 return IFCALLRESULT(FALSE, transport->io.TLSAccept, transport);
691}
692
693static BOOL transport_default_accept_tls(rdpTransport* transport)
694{
695 rdpContext* context = transport_get_context(transport);
696 rdpSettings* settings = nullptr;
697
698 WINPR_ASSERT(context);
699
700 settings = context->settings;
701 WINPR_ASSERT(settings);
702
703 if (!transport->tls)
704 transport->tls = freerdp_tls_new(context);
705
706 transport->layer = TRANSPORT_LAYER_TLS;
707
708 if (!freerdp_tls_accept(transport->tls, transport->frontBio, settings))
709 return FALSE;
710
711 transport->frontBio = transport->tls->bio;
712 return TRUE;
713}
714
715BOOL transport_accept_nla(rdpTransport* transport)
716{
717 rdpContext* context = transport_get_context(transport);
718 rdpSettings* settings = nullptr;
719
720 WINPR_ASSERT(context);
721
722 settings = context->settings;
723 WINPR_ASSERT(settings);
724
725 if (!IFCALLRESULT(FALSE, transport->io.TLSAccept, transport))
726 return FALSE;
727
728 /* Network Level Authentication */
729
730 if (!settings->Authentication)
731 return TRUE;
732
733 if (!transport->nla)
734 {
735 transport->nla = nla_new(context, transport);
736 transport_set_nla_mode(transport, TRUE);
737 }
738
739 if (nla_authenticate(transport->nla) < 0)
740 {
741 WLog_Print(transport->log, WLOG_ERROR, "client authentication failure");
742 transport_set_nla_mode(transport, FALSE);
743 nla_free(transport->nla);
744 transport->nla = nullptr;
745 freerdp_tls_set_alert_code(transport->tls, TLS_ALERT_LEVEL_FATAL,
746 TLS_ALERT_DESCRIPTION_ACCESS_DENIED);
747 freerdp_tls_send_alert(transport->tls);
748 return FALSE;
749 }
750
751 /* don't free nla module yet, we need to copy the credentials from it first */
752 transport_set_nla_mode(transport, FALSE);
753 return TRUE;
754}
755
756BOOL transport_accept_rdstls(rdpTransport* transport)
757{
758 BOOL rc = FALSE;
759 rdpRdstls* rdstls = nullptr;
760 rdpContext* context = nullptr;
761
762 WINPR_ASSERT(transport);
763
764 context = transport_get_context(transport);
765 WINPR_ASSERT(context);
766
767 if (!IFCALLRESULT(FALSE, transport->io.TLSAccept, transport))
768 goto fail;
769
770 rdstls = rdstls_new(context, transport);
771 if (!rdstls)
772 goto fail;
773
774 transport_set_rdstls_mode(transport, TRUE);
775
776 if (rdstls_authenticate(rdstls) < 0)
777 {
778 WLog_Print(transport->log, WLOG_ERROR, "client authentication failure");
779 freerdp_tls_set_alert_code(transport->tls, TLS_ALERT_LEVEL_FATAL,
780 TLS_ALERT_DESCRIPTION_ACCESS_DENIED);
781 freerdp_tls_send_alert(transport->tls);
782 goto fail;
783 }
784
785 transport_set_rdstls_mode(transport, FALSE);
786 rc = TRUE;
787fail:
788 rdstls_free(rdstls);
789 return rc;
790}
791
792#define WLog_ERR_BIO(transport, biofunc, bio) \
793 transport_bio_error_log(transport, biofunc, bio, __FILE__, __func__, __LINE__)
794
795static void transport_bio_error_log(rdpTransport* transport, LPCSTR biofunc,
796 WINPR_ATTR_UNUSED BIO* bio, LPCSTR file, LPCSTR func,
797 DWORD line)
798{
799 unsigned long sslerr = 0;
800 int saveerrno = 0;
801 DWORD level = 0;
802
803 WINPR_ASSERT(transport);
804
805 saveerrno = errno;
806 level = WLOG_ERROR;
807
808 if (!WLog_IsLevelActive(transport->log, level))
809 return;
810
811 if (ERR_peek_error() == 0)
812 {
813 char ebuffer[256] = WINPR_C_ARRAY_INIT;
814
815 if (saveerrno == 0)
816 WLog_PrintTextMessage(transport->log, level, line, file, func, "%s retries exceeded",
817 biofunc);
818 else
819 WLog_PrintTextMessage(transport->log, level, line, file, func,
820 "%s returned a system error %d: %s", biofunc, saveerrno,
821 winpr_strerror(saveerrno, ebuffer, sizeof(ebuffer)));
822 return;
823 }
824
825 while ((sslerr = ERR_get_error()))
826 {
827 char buf[120] = WINPR_C_ARRAY_INIT;
828
829 ERR_error_string_n(sslerr, buf, 120);
830 WLog_PrintTextMessage(transport->log, level, line, file, func, "%s returned an error: %s",
831 biofunc, buf);
832 }
833}
834
835static SSIZE_T transport_read_layer(rdpTransport* transport, BYTE* data, size_t bytes)
836{
837 SSIZE_T read = 0;
838 rdpRdp* rdp = nullptr;
839 rdpContext* context = nullptr;
840
841 WINPR_ASSERT(transport);
842
843 context = transport_get_context(transport);
844 WINPR_ASSERT(context);
845
846 rdp = context->rdp;
847 WINPR_ASSERT(rdp);
848
849 if (!transport->frontBio || (bytes > SSIZE_MAX))
850 {
851 transport->layer = TRANSPORT_LAYER_CLOSED;
852 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
853 return -1;
854 }
855
856 while (read < (SSIZE_T)bytes)
857 {
858 const SSIZE_T tr = (SSIZE_T)bytes - read;
859 int r = (int)((tr > INT_MAX) ? INT_MAX : tr);
860 ERR_clear_error();
861 int status = BIO_read(transport->frontBio, data + read, r);
862
863 if (freerdp_shall_disconnect_context(context))
864 return -1;
865
866 if (status <= 0)
867 {
868 if (!transport->frontBio || !BIO_should_retry(transport->frontBio))
869 {
870 /* something unexpected happened, let's close */
871 if (!transport->frontBio)
872 {
873 WLog_Print(transport->log, WLOG_ERROR, "BIO_read: transport->frontBio null");
874 return -1;
875 }
876
877 WLog_ERR_BIO(transport, "BIO_read", transport->frontBio);
878 transport->layer = TRANSPORT_LAYER_CLOSED;
879 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
880 return -1;
881 }
882
883 /* non blocking will survive a partial read */
884 if (!transport->blocking)
885 return read;
886
887 /* blocking means that we can't continue until we have read the number of requested
888 * bytes */
889 if (BIO_wait_read(transport->frontBio, 100) < 0)
890 {
891 WLog_ERR_BIO(transport, "BIO_wait_read", transport->frontBio);
892 return -1;
893 }
894
895 continue;
896 }
897
898#ifdef FREERDP_HAVE_VALGRIND_MEMCHECK_H
899 VALGRIND_MAKE_MEM_DEFINED(data + read, bytes - read);
900#endif
901 read += status;
902 rdp->inBytes += WINPR_ASSERTING_INT_CAST(uint64_t, status);
903 }
904
905 return read;
906}
907
922static SSIZE_T transport_read_layer_bytes(rdpTransport* transport, wStream* s, size_t toRead)
923{
924 SSIZE_T status = 0;
925 if (!transport)
926 return -1;
927
928 if (toRead > SSIZE_MAX)
929 return 0;
930
931 status = IFCALLRESULT(-1, transport->io.ReadBytes, transport, Stream_Pointer(s), toRead);
932
933 if (status <= 0)
934 return status;
935
936 Stream_Seek(s, (size_t)status);
937 return status == (SSIZE_T)toRead ? 1 : 0;
938}
939
952int transport_read_pdu(rdpTransport* transport, wStream* s)
953{
954 if (!transport)
955 return -1;
956 return IFCALLRESULT(-1, transport->io.ReadPdu, transport, s);
957}
958
959static SSIZE_T parse_nla_mode_pdu(rdpTransport* transport, wStream* stream)
960{
961 SSIZE_T pduLength = 0;
962 wStream sbuffer = WINPR_C_ARRAY_INIT;
963 wStream* s = Stream_StaticConstInit(&sbuffer, Stream_Buffer(stream), Stream_Length(stream));
964 /*
965 * In case NlaMode is set TSRequest package(s) are expected
966 * 0x30 = DER encoded data with these bits set:
967 * bit 6 P/C constructed
968 * bit 5 tag number - sequence
969 */
970 UINT8 typeEncoding = 0;
971 if (Stream_GetRemainingLength(s) < 1)
972 return 0;
973 Stream_Read_UINT8(s, typeEncoding);
974 if (typeEncoding == 0x30)
975 {
976 /* TSRequest (NLA) */
977 UINT8 lengthEncoding = 0;
978 if (Stream_GetRemainingLength(s) < 1)
979 return 0;
980 Stream_Read_UINT8(s, lengthEncoding);
981 if (lengthEncoding & 0x80)
982 {
983 if ((lengthEncoding & ~(0x80)) == 1)
984 {
985 UINT8 length = 0;
986 if (Stream_GetRemainingLength(s) < 1)
987 return 0;
988 Stream_Read_UINT8(s, length);
989 pduLength = length;
990 pduLength += 3;
991 }
992 else if ((lengthEncoding & ~(0x80)) == 2)
993 {
994 /* check for header bytes already read in previous calls */
995 UINT16 length = 0;
996 if (Stream_GetRemainingLength(s) < 2)
997 return 0;
998 Stream_Read_UINT16_BE(s, length);
999 pduLength = length;
1000 pduLength += 4;
1001 }
1002 else
1003 {
1004 WLog_Print(transport->log, WLOG_ERROR, "Error reading TSRequest!");
1005 return -1;
1006 }
1007 }
1008 else
1009 {
1010 pduLength = lengthEncoding;
1011 pduLength += 2;
1012 }
1013 }
1014
1015 return pduLength;
1016}
1017
1018static SSIZE_T parse_default_mode_pdu(rdpTransport* transport, wStream* stream)
1019{
1020 SSIZE_T pduLength = 0;
1021 wStream sbuffer = WINPR_C_ARRAY_INIT;
1022 wStream* s = Stream_StaticConstInit(&sbuffer, Stream_Buffer(stream), Stream_Length(stream));
1023
1024 UINT8 version = 0;
1025 if (Stream_GetRemainingLength(s) < 1)
1026 return 0;
1027 Stream_Read_UINT8(s, version);
1028 if (version == 0x03)
1029 {
1030 /* TPKT header */
1031 UINT16 length = 0;
1032 if (Stream_GetRemainingLength(s) < 3)
1033 return 0;
1034 Stream_Seek(s, 1);
1035 Stream_Read_UINT16_BE(s, length);
1036 pduLength = length;
1037
1038 /* min and max values according to ITU-T Rec. T.123 (01/2007) section 8 */
1039 if ((pduLength < 7) || (pduLength > 0xFFFF))
1040 {
1041 WLog_Print(transport->log, WLOG_ERROR, "tpkt - invalid pduLength: %" PRIdz, pduLength);
1042 return -1;
1043 }
1044 }
1045 else
1046 {
1047 /* Fast-Path Header */
1048 UINT8 length1 = 0;
1049 if (Stream_GetRemainingLength(s) < 1)
1050 return 0;
1051 Stream_Read_UINT8(s, length1);
1052 if (length1 & 0x80)
1053 {
1054 UINT8 length2 = 0;
1055 if (Stream_GetRemainingLength(s) < 1)
1056 return 0;
1057 Stream_Read_UINT8(s, length2);
1058 pduLength = ((length1 & 0x7F) << 8) | length2;
1059 }
1060 else
1061 pduLength = length1;
1062
1063 /*
1064 * fast-path has 7 bits for length so the maximum size, including headers is 0x8000
1065 * The theoretical minimum fast-path PDU consists only of two header bytes plus one
1066 * byte for data (e.g. fast-path input synchronize pdu)
1067 */
1068 if (pduLength < 3 || pduLength > 0x8000)
1069 {
1070 WLog_Print(transport->log, WLOG_ERROR, "fast path - invalid pduLength: %" PRIdz,
1071 pduLength);
1072 return -1;
1073 }
1074 }
1075
1076 return pduLength;
1077}
1078
1079SSIZE_T transport_parse_pdu(rdpTransport* transport, wStream* s, BOOL* incomplete)
1080{
1081 SSIZE_T pduLength = 0;
1082
1083 if (!transport)
1084 return -1;
1085
1086 if (!s)
1087 return -1;
1088
1089 if (incomplete)
1090 *incomplete = TRUE;
1091
1092 Stream_SealLength(s);
1093 if (transport->NlaMode)
1094 pduLength = parse_nla_mode_pdu(transport, s);
1095 else if (transport->RdstlsMode)
1096 pduLength = rdstls_parse_pdu(transport->log, s);
1097 else
1098 pduLength = parse_default_mode_pdu(transport, s);
1099
1100 if (pduLength <= 0)
1101 return pduLength;
1102
1103 const size_t len = Stream_Length(s);
1104 if (len > WINPR_ASSERTING_INT_CAST(size_t, pduLength))
1105 return -1;
1106
1107 if (incomplete)
1108 *incomplete = len < WINPR_ASSERTING_INT_CAST(size_t, pduLength);
1109
1110 return pduLength;
1111}
1112
1113static int transport_default_read_pdu(rdpTransport* transport, wStream* s)
1114{
1115 BOOL incomplete = 0;
1116 SSIZE_T status = 0;
1117 size_t pduLength = 0;
1118 size_t position = 0;
1119
1120 WINPR_ASSERT(transport);
1121 WINPR_ASSERT(s);
1122
1123 /* RDS AAD Auth PDUs have no length indicator. We need to determine the end of the PDU by
1124 * reading in one byte at a time until we encounter the terminating null byte */
1125 if (transport->AadMode)
1126 {
1127 BYTE c = '\0';
1128 do
1129 {
1130 const SSIZE_T rc = transport_read_layer(transport, &c, 1);
1131 if (rc != 1)
1132 return (rc == 0) ? 0 : -1;
1133 if (!Stream_EnsureRemainingCapacity(s, 1))
1134 return -1;
1135 Stream_Write_UINT8(s, c);
1136 } while (c != '\0');
1137 }
1138 else if (transport->earlyUserAuth)
1139 {
1140 if (!Stream_EnsureCapacity(s, 4))
1141 return -1;
1142 const SSIZE_T rc = transport_read_layer_bytes(transport, s, 4);
1143 if (rc != 1)
1144 return (rc == 0) ? 0 : -1;
1145 }
1146 else
1147 {
1148 /* Read in pdu length */
1149 status = transport_parse_pdu(transport, s, &incomplete);
1150 while ((status == 0) && incomplete)
1151 {
1152 if (!Stream_EnsureRemainingCapacity(s, 1))
1153 return -1;
1154 SSIZE_T rc = transport_read_layer_bytes(transport, s, 1);
1155 if (rc > INT32_MAX)
1156 return INT32_MAX;
1157 if (rc != 1)
1158 return (int)rc;
1159 status = transport_parse_pdu(transport, s, &incomplete);
1160 }
1161
1162 if (status < 0)
1163 return -1;
1164
1165 pduLength = (size_t)status;
1166
1167 /* Read in rest of the PDU */
1168 if (!Stream_EnsureCapacity(s, pduLength))
1169 return -1;
1170
1171 position = Stream_GetPosition(s);
1172 if (position > pduLength)
1173 return -1;
1174 else if (position < pduLength)
1175 {
1176 status = transport_read_layer_bytes(transport, s, pduLength - position);
1177 if (status != 1)
1178 {
1179 if ((status < INT32_MIN) || (status > INT32_MAX))
1180 return -1;
1181 return (int)status;
1182 }
1183 }
1184
1185 if (Stream_GetPosition(s) >= pduLength)
1186 WLog_Packet(transport->log, WLOG_TRACE, Stream_Buffer(s), pduLength,
1187 WLOG_PACKET_INBOUND);
1188 }
1189
1190 Stream_SealLength(s);
1191 Stream_ResetPosition(s);
1192 const size_t len = Stream_Length(s);
1193 if (len > INT32_MAX)
1194 return -1;
1195 return (int)len;
1196}
1197
1198int transport_write(rdpTransport* transport, wStream* s)
1199{
1200 if (!transport)
1201 return -1;
1202
1203 return IFCALLRESULT(-1, transport->io.WritePdu, transport, s);
1204}
1205
1206static int transport_default_write(rdpTransport* transport, wStream* s)
1207{
1208 int status = -1;
1209 rdpContext* context = transport_get_context(transport);
1210
1211 WINPR_ASSERT(transport);
1212 WINPR_ASSERT(context);
1213
1214 if (!s)
1215 return -1;
1216
1217 Stream_AddRef(s);
1218
1219 rdpRdp* rdp = context->rdp;
1220 if (!rdp)
1221 goto fail;
1222
1223 EnterCriticalSection(&(transport->WriteLock));
1224 if (!transport->frontBio)
1225 goto out_cleanup;
1226
1227 {
1228 size_t length = Stream_GetPosition(s);
1229 size_t writtenlength = length;
1230 Stream_ResetPosition(s);
1231
1232 if (length > 0)
1233 {
1234 rdp->outBytes += length;
1235 WLog_Packet(transport->log, WLOG_TRACE, Stream_Buffer(s), length, WLOG_PACKET_OUTBOUND);
1236 }
1237
1238 while (length > 0)
1239 {
1240 ERR_clear_error();
1241 const int towrite = (length > INT32_MAX) ? INT32_MAX : (int)length;
1242 status = BIO_write(transport->frontBio, Stream_ConstPointer(s), towrite);
1243
1244 if (status <= 0)
1245 {
1246 /* the buffered BIO that is at the end of the chain always says OK for writing,
1247 * so a retry means that for any reason we need to read. The most probable
1248 * is a SSL or TSG BIO in the chain.
1249 */
1250 if (!BIO_should_retry(transport->frontBio))
1251 {
1252 WLog_ERR_BIO(transport, "BIO_should_retry", transport->frontBio);
1253 goto out_cleanup;
1254 }
1255
1256 /* non-blocking can live with blocked IOs */
1257 if (!transport->blocking)
1258 {
1259 WLog_ERR_BIO(transport, "BIO_write", transport->frontBio);
1260 goto out_cleanup;
1261 }
1262
1263 if (BIO_wait_write(transport->frontBio, 100) < 0)
1264 {
1265 WLog_ERR_BIO(transport, "BIO_wait_write", transport->frontBio);
1266 status = -1;
1267 goto out_cleanup;
1268 }
1269
1270 continue;
1271 }
1272
1273 WINPR_ASSERT(context->settings);
1274 if (transport->blocking || context->settings->WaitForOutputBufferFlush)
1275 {
1276 while (BIO_write_blocked(transport->frontBio))
1277 {
1278 if (BIO_wait_write(transport->frontBio, 100) < 0)
1279 {
1280 WLog_Print(transport->log, WLOG_ERROR, "error when selecting for write");
1281 status = -1;
1282 goto out_cleanup;
1283 }
1284
1285 if (BIO_flush(transport->frontBio) < 1)
1286 {
1287 WLog_Print(transport->log, WLOG_ERROR, "error when flushing outputBuffer");
1288 status = -1;
1289 goto out_cleanup;
1290 }
1291 }
1292 }
1293
1294 const size_t ustatus = (size_t)status;
1295 if (ustatus > length)
1296 {
1297 status = -1;
1298 goto out_cleanup;
1299 }
1300
1301 length -= ustatus;
1302 Stream_Seek(s, ustatus);
1303 }
1304
1305 transport->written += writtenlength;
1306 }
1307out_cleanup:
1308
1309 if (status < 0)
1310 {
1311 /* A write error indicates that the peer has dropped the connection */
1312 transport->layer = TRANSPORT_LAYER_CLOSED;
1313 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
1314 }
1315
1316 LeaveCriticalSection(&(transport->WriteLock));
1317fail:
1318 Stream_Release(s);
1319 return status;
1320}
1321
1322BOOL transport_get_public_key(rdpTransport* transport, const BYTE** data, DWORD* length)
1323{
1324 return IFCALLRESULT(FALSE, transport->io.GetPublicKey, transport, data, length);
1325}
1326
1327static BOOL transport_default_get_public_key(rdpTransport* transport, const BYTE** data,
1328 DWORD* length)
1329{
1330 rdpTls* tls = transport_get_tls(transport);
1331 if (!tls)
1332 return FALSE;
1333
1334 *data = tls->PublicKey;
1335 *length = tls->PublicKeyLength;
1336
1337 return TRUE;
1338}
1339
1340DWORD transport_get_event_handles(rdpTransport* transport, HANDLE* events, DWORD count)
1341{
1342 DWORD nCount = 0; /* always the reread Event */
1343
1344 WINPR_ASSERT(transport);
1345 WINPR_ASSERT(events);
1346 WINPR_ASSERT(count > 0);
1347
1348 if (events)
1349 {
1350 if (count < 1)
1351 {
1352 WLog_Print(transport->log, WLOG_ERROR, "provided handles array is too small");
1353 return 0;
1354 }
1355
1356 events[nCount++] = transport->rereadEvent;
1357
1358 if (transport->useIoEvent)
1359 {
1360 if (count < 2)
1361 return 0;
1362 events[nCount++] = transport->ioEvent;
1363 }
1364 }
1365
1366 if (!transport->GatewayEnabled)
1367 {
1368 if (events)
1369 {
1370 if (nCount >= count)
1371 {
1372 WLog_Print(transport->log, WLOG_ERROR,
1373 "provided handles array is too small (count=%" PRIu32 " nCount=%" PRIu32
1374 ")",
1375 count, nCount);
1376 return 0;
1377 }
1378
1379 if (transport->frontBio)
1380 {
1381 if (BIO_get_event(transport->frontBio, &events[nCount]) != 1)
1382 {
1383 WLog_Print(transport->log, WLOG_ERROR, "error getting the frontBio handle");
1384 return 0;
1385 }
1386 nCount++;
1387 }
1388 }
1389 }
1390 else
1391 {
1392 if (transport->rdg)
1393 {
1394 const DWORD tmp =
1395 rdg_get_event_handles(transport->rdg, &events[nCount], count - nCount);
1396
1397 if (tmp == 0)
1398 return 0;
1399
1400 nCount += tmp;
1401 }
1402 else if (transport->tsg)
1403 {
1404 const DWORD tmp =
1405 tsg_get_event_handles(transport->tsg, &events[nCount], count - nCount);
1406
1407 if (tmp == 0)
1408 return 0;
1409
1410 nCount += tmp;
1411 }
1412 else if (transport->wst)
1413 {
1414 const DWORD tmp =
1415 wst_get_event_handles(transport->wst, &events[nCount], count - nCount);
1416
1417 if (tmp == 0)
1418 return 0;
1419
1420 nCount += tmp;
1421 }
1422 }
1423
1424 return nCount;
1425}
1426
1427#if defined(WITH_FREERDP_DEPRECATED)
1428void transport_get_fds(rdpTransport* transport, void** rfds, int* rcount)
1429{
1430 DWORD nCount = 0;
1431 HANDLE events[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
1432
1433 WINPR_ASSERT(transport);
1434 WINPR_ASSERT(rfds);
1435 WINPR_ASSERT(rcount);
1436
1437 nCount = transport_get_event_handles(transport, events, ARRAYSIZE(events));
1438 *rcount = nCount + 1;
1439
1440 for (DWORD index = 0; index < nCount; index++)
1441 {
1442 rfds[index] = GetEventWaitObject(events[index]);
1443 }
1444
1445 rfds[nCount] = GetEventWaitObject(transport->rereadEvent);
1446}
1447#endif
1448
1449BOOL transport_is_write_blocked(rdpTransport* transport)
1450{
1451 WINPR_ASSERT(transport);
1452 WINPR_ASSERT(transport->frontBio);
1453 return BIO_write_blocked(transport->frontBio) != 0;
1454}
1455
1456int transport_drain_output_buffer(rdpTransport* transport)
1457{
1458 BOOL status = FALSE;
1459
1460 WINPR_ASSERT(transport);
1461 WINPR_ASSERT(transport->frontBio);
1462 if (BIO_write_blocked(transport->frontBio))
1463 {
1464 if (BIO_flush(transport->frontBio) < 1)
1465 return -1;
1466
1467 const long rc = BIO_write_blocked(transport->frontBio);
1468 status = (rc != 0);
1469 }
1470
1471 return status;
1472}
1473
1474int transport_check_fds(rdpTransport* transport)
1475{
1476 int status = 0;
1477 state_run_t recv_status = STATE_RUN_FAILED;
1478 wStream* received = nullptr;
1479 rdpContext* context = transport_get_context(transport);
1480
1481 WINPR_ASSERT(context);
1482
1483 if (transport->layer == TRANSPORT_LAYER_CLOSED)
1484 {
1485 WLog_Print(transport->log, WLOG_DEBUG, "transport_check_fds: transport layer closed");
1486 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
1487 return -1;
1488 }
1489
1499 if ((status = transport_read_pdu(transport, transport->ReceiveBuffer)) <= 0)
1500 {
1501 if (status < 0)
1502 WLog_Print(transport->log, WLOG_DEBUG, "transport_check_fds: transport_read_pdu() - %i",
1503 status);
1504 if (transport->haveMoreBytesToRead)
1505 {
1506 transport->haveMoreBytesToRead = FALSE;
1507 (void)ResetEvent(transport->rereadEvent);
1508 }
1509 return status;
1510 }
1511
1512 received = transport->ReceiveBuffer;
1513 transport->ReceiveBuffer = StreamPool_Take(transport->ReceivePool, 0);
1514 if (!transport->ReceiveBuffer)
1515 {
1516 Stream_Release(received);
1517 return -1;
1518 }
1519
1526 WINPR_ASSERT(transport->ReceiveCallback);
1527 recv_status = transport->ReceiveCallback(transport, received, transport->ReceiveExtra);
1528 Stream_Release(received);
1529
1530 if (state_run_failed(recv_status))
1531 {
1532 char buffer[64] = WINPR_C_ARRAY_INIT;
1533 WLog_Print(transport->log, WLOG_ERROR,
1534 "transport_check_fds: transport->ReceiveCallback() - %s",
1535 state_run_result_string(recv_status, buffer, ARRAYSIZE(buffer)));
1536 return -1;
1537 }
1538
1539 /* Run this again to be sure we consumed all input data.
1540 * This will be repeated until a (not fully) received packet is in buffer
1541 */
1542 if (!transport->haveMoreBytesToRead)
1543 {
1544 transport->haveMoreBytesToRead = TRUE;
1545 (void)SetEvent(transport->rereadEvent);
1546 }
1547 return recv_status;
1548}
1549
1550BOOL transport_set_blocking_mode(rdpTransport* transport, BOOL blocking)
1551{
1552 WINPR_ASSERT(transport);
1553
1554 return IFCALLRESULT(FALSE, transport->io.SetBlockingMode, transport, blocking);
1555}
1556
1557static BOOL transport_default_set_blocking_mode(rdpTransport* transport, BOOL blocking)
1558{
1559 WINPR_ASSERT(transport);
1560
1561 transport->blocking = blocking;
1562
1563 if (transport->frontBio)
1564 {
1565 if (!BIO_set_nonblock(transport->frontBio, !(blocking)))
1566 return FALSE;
1567 }
1568
1569 return TRUE;
1570}
1571
1572rdpTransportLayer* transport_connect_layer(rdpTransport* transport, const char* hostname, int port,
1573 DWORD timeout)
1574{
1575 WINPR_ASSERT(transport);
1576
1577 rdpTransportLayer* rc =
1578 IFCALLRESULT(nullptr, transport->io.ConnectLayer, transport, hostname, port, timeout);
1579 if (!rc)
1580 WLog_Print(transport->log, WLOG_ERROR, "ConnectLayer %s:%d [%" PRIu32 "ms] failed",
1581 hostname, port, timeout);
1582 return rc;
1583}
1584
1585static rdpTransportLayer* transport_default_connect_layer(rdpTransport* transport,
1586 const char* hostname, int port,
1587 DWORD timeout)
1588{
1589 rdpContext* context = transport_get_context(transport);
1590 WINPR_ASSERT(context);
1591
1592 return freerdp_tcp_connect_layer(context, hostname, port, timeout);
1593}
1594
1595BOOL transport_attach_layer(rdpTransport* transport, rdpTransportLayer* layer)
1596{
1597 WINPR_ASSERT(transport);
1598 WINPR_ASSERT(layer);
1599
1600 const BOOL rc = IFCALLRESULT(FALSE, transport->io.AttachLayer, transport, layer);
1601 if (!rc)
1602 WLog_Print(transport->log, WLOG_ERROR, "AttachLayer failed");
1603 return rc;
1604}
1605
1606static BOOL transport_default_attach_layer(rdpTransport* transport, rdpTransportLayer* layer)
1607{
1608 BIO* layerBio = BIO_new(BIO_s_transport_layer());
1609 if (!layerBio)
1610 goto fail;
1611
1612 {
1613 BIO* bufferedBio = BIO_new(BIO_s_buffered_socket());
1614 if (!bufferedBio)
1615 goto fail;
1616
1617 bufferedBio = BIO_push(bufferedBio, layerBio);
1618 if (!bufferedBio)
1619 goto fail;
1620
1621 /* BIO takes over the layer reference at this point. */
1622 BIO_set_data(layerBio, layer);
1623
1624 transport->frontBio = bufferedBio;
1625 }
1626 return TRUE;
1627
1628fail:
1629 if (layerBio)
1630 BIO_free_all(layerBio);
1631
1632 return FALSE;
1633}
1634
1635void transport_set_gateway_enabled(rdpTransport* transport, BOOL GatewayEnabled)
1636{
1637 WINPR_ASSERT(transport);
1638 transport->GatewayEnabled = GatewayEnabled;
1639}
1640
1641void transport_set_nla_mode(rdpTransport* transport, BOOL NlaMode)
1642{
1643 WINPR_ASSERT(transport);
1644 transport->NlaMode = NlaMode;
1645}
1646
1647void transport_set_rdstls_mode(rdpTransport* transport, BOOL RdstlsMode)
1648{
1649 WINPR_ASSERT(transport);
1650 transport->RdstlsMode = RdstlsMode;
1651}
1652
1653void transport_set_aad_mode(rdpTransport* transport, BOOL AadMode)
1654{
1655 WINPR_ASSERT(transport);
1656 transport->AadMode = AadMode;
1657}
1658
1659BOOL transport_disconnect(rdpTransport* transport)
1660{
1661 if (!transport)
1662 return FALSE;
1663 return IFCALLRESULT(FALSE, transport->io.TransportDisconnect, transport);
1664}
1665
1666static BOOL transport_default_disconnect(rdpTransport* transport)
1667{
1668 BOOL status = TRUE;
1669
1670 if (!transport)
1671 return FALSE;
1672
1673 EnterCriticalSection(&(transport->ReadLock));
1674 EnterCriticalSection(&(transport->WriteLock));
1675 if (transport->tls)
1676 {
1677 freerdp_tls_free(transport->tls);
1678 transport->tls = nullptr;
1679 }
1680 else
1681 {
1682 if (transport->frontBio)
1683 BIO_free_all(transport->frontBio);
1684 }
1685
1686 if (transport->tsg)
1687 {
1688 tsg_free(transport->tsg);
1689 transport->tsg = nullptr;
1690 }
1691
1692 if (transport->rdg)
1693 {
1694 rdg_free(transport->rdg);
1695 transport->rdg = nullptr;
1696 }
1697
1698 if (transport->wst)
1699 {
1700 wst_free(transport->wst);
1701 transport->wst = nullptr;
1702 }
1703
1704 transport->frontBio = nullptr;
1705 transport->layer = TRANSPORT_LAYER_TCP;
1706 transport->earlyUserAuth = FALSE;
1707 LeaveCriticalSection(&(transport->WriteLock));
1708 LeaveCriticalSection(&(transport->ReadLock));
1709 return status;
1710}
1711
1712rdpTransport* transport_new(rdpContext* context)
1713{
1714 rdpTransport* transport = (rdpTransport*)calloc(1, sizeof(rdpTransport));
1715
1716 WINPR_ASSERT(context);
1717 if (!transport)
1718 return nullptr;
1719
1720 transport->log = WLog_Create(TAG, WLog_GetRoot());
1721
1722 if (!transport->log)
1723 goto fail;
1724
1725 transport->context = context;
1726 transport->haveReadLock = InitializeCriticalSectionAndSpinCount(&(transport->ReadLock), 4000);
1727 transport->haveWriteLock = InitializeCriticalSectionAndSpinCount(&(transport->WriteLock), 4000);
1728 if (!transport->haveReadLock || !transport->haveWriteLock)
1729 goto fail;
1730
1731 transport->ReceivePool = StreamPool_New(TRUE, BUFFER_SIZE);
1732
1733 if (!transport->ReceivePool)
1734 goto fail;
1735
1736 /* receive buffer for non-blocking read. */
1737 transport->ReceiveBuffer = StreamPool_Take(transport->ReceivePool, 0);
1738
1739 if (!transport->ReceiveBuffer)
1740 goto fail;
1741
1742 transport->connectedEvent = CreateEvent(nullptr, TRUE, FALSE, nullptr);
1743
1744 if (!transport->connectedEvent || transport->connectedEvent == INVALID_HANDLE_VALUE)
1745 goto fail;
1746
1747 transport->rereadEvent = CreateEvent(nullptr, TRUE, FALSE, nullptr);
1748
1749 if (!transport->rereadEvent || transport->rereadEvent == INVALID_HANDLE_VALUE)
1750 goto fail;
1751
1752 transport->ioEvent = CreateEvent(nullptr, TRUE, FALSE, nullptr);
1753
1754 if (!transport->ioEvent || transport->ioEvent == INVALID_HANDLE_VALUE)
1755 goto fail;
1756
1757 transport->haveMoreBytesToRead = FALSE;
1758 transport->blocking = TRUE;
1759 transport->GatewayEnabled = FALSE;
1760 transport->layer = TRANSPORT_LAYER_TCP;
1761
1762 // transport->io.DataHandler = transport_data_handler;
1763 transport->io.TCPConnect = freerdp_tcp_default_connect;
1764 transport->io.TLSConnect = transport_default_connect_tls;
1765 transport->io.TLSAccept = transport_default_accept_tls;
1766 transport->io.TransportAttach = transport_default_attach;
1767 transport->io.TransportDisconnect = transport_default_disconnect;
1768 transport->io.ReadPdu = transport_default_read_pdu;
1769 transport->io.WritePdu = transport_default_write;
1770 transport->io.ReadBytes = transport_read_layer;
1771 transport->io.GetPublicKey = transport_default_get_public_key;
1772 transport->io.SetBlockingMode = transport_default_set_blocking_mode;
1773 transport->io.ConnectLayer = transport_default_connect_layer;
1774 transport->io.AttachLayer = transport_default_attach_layer;
1775
1776 return transport;
1777fail:
1778 WINPR_PRAGMA_DIAG_PUSH
1779 WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
1780 transport_free(transport);
1781 WINPR_PRAGMA_DIAG_POP
1782 return nullptr;
1783}
1784
1785void transport_free(rdpTransport* transport)
1786{
1787 if (!transport)
1788 return;
1789
1790 transport_disconnect(transport);
1791
1792 if (transport->haveReadLock)
1793 EnterCriticalSection(&(transport->ReadLock));
1794
1795 if (transport->ReceiveBuffer)
1796 Stream_Release(transport->ReceiveBuffer);
1797
1798 if (transport->haveReadLock)
1799 LeaveCriticalSection(&(transport->ReadLock));
1800
1801 if (transport->ReceivePool)
1802 (void)StreamPool_WaitForReturn(transport->ReceivePool, INFINITE);
1803
1804 if (transport->haveReadLock)
1805 EnterCriticalSection(&(transport->ReadLock));
1806
1807 if (transport->haveWriteLock)
1808 EnterCriticalSection(&(transport->WriteLock));
1809
1810 nla_free(transport->nla);
1811 StreamPool_Free(transport->ReceivePool);
1812 (void)CloseHandle(transport->connectedEvent);
1813 (void)CloseHandle(transport->rereadEvent);
1814 (void)CloseHandle(transport->ioEvent);
1815
1816 if (transport->haveReadLock)
1817 LeaveCriticalSection(&(transport->ReadLock));
1818 DeleteCriticalSection(&(transport->ReadLock));
1819
1820 if (transport->haveWriteLock)
1821 LeaveCriticalSection(&(transport->WriteLock));
1822 DeleteCriticalSection(&(transport->WriteLock));
1823 WLog_Discard(transport->log);
1824 free(transport);
1825}
1826
1827BOOL transport_set_io_callbacks(rdpTransport* transport, const rdpTransportIo* io_callbacks)
1828{
1829 if (!transport || !io_callbacks)
1830 return FALSE;
1831
1832 transport->io = *io_callbacks;
1833 return TRUE;
1834}
1835
1836const rdpTransportIo* transport_get_io_callbacks(const rdpTransport* transport)
1837{
1838 if (!transport)
1839 return nullptr;
1840 return &transport->io;
1841}
1842
1843rdpContext* transport_get_context(rdpTransport* transport)
1844{
1845 WINPR_ASSERT(transport);
1846 return transport->context;
1847}
1848
1849rdpTransport* freerdp_get_transport(rdpContext* context)
1850{
1851 WINPR_ASSERT(context);
1852 WINPR_ASSERT(context->rdp);
1853 return context->rdp->transport;
1854}
1855
1856BOOL transport_set_nla(rdpTransport* transport, rdpNla* nla)
1857{
1858 WINPR_ASSERT(transport);
1859 nla_free(transport->nla);
1860 transport->nla = nla;
1861 return TRUE;
1862}
1863
1864rdpNla* transport_get_nla(rdpTransport* transport)
1865{
1866 WINPR_ASSERT(transport);
1867 return transport->nla;
1868}
1869
1870BOOL transport_set_tls(rdpTransport* transport, rdpTls* tls)
1871{
1872 WINPR_ASSERT(transport);
1873 freerdp_tls_free(transport->tls);
1874 transport->tls = tls;
1875 return TRUE;
1876}
1877
1878rdpTls* transport_get_tls(rdpTransport* transport)
1879{
1880 WINPR_ASSERT(transport);
1881 return transport->tls;
1882}
1883
1884BOOL transport_set_tsg(rdpTransport* transport, rdpTsg* tsg)
1885{
1886 WINPR_ASSERT(transport);
1887 tsg_free(transport->tsg);
1888 transport->tsg = tsg;
1889 return TRUE;
1890}
1891
1892rdpTsg* transport_get_tsg(rdpTransport* transport)
1893{
1894 WINPR_ASSERT(transport);
1895 return transport->tsg;
1896}
1897
1898wStream* transport_take_from_pool(rdpTransport* transport, size_t size)
1899{
1900 WINPR_ASSERT(transport);
1901 if (!transport->frontBio)
1902 return nullptr;
1903 return StreamPool_Take(transport->ReceivePool, size);
1904}
1905
1906UINT64 transport_get_bytes_sent(rdpTransport* transport, BOOL resetCount)
1907{
1908 UINT64 rc = 0;
1909 WINPR_ASSERT(transport);
1910 rc = transport->written;
1911 if (resetCount)
1912 transport->written = 0;
1913 return rc;
1914}
1915
1916TRANSPORT_LAYER transport_get_layer(rdpTransport* transport)
1917{
1918 WINPR_ASSERT(transport);
1919 return transport->layer;
1920}
1921
1922BOOL transport_set_layer(rdpTransport* transport, TRANSPORT_LAYER layer)
1923{
1924 WINPR_ASSERT(transport);
1925 transport->layer = layer;
1926 return TRUE;
1927}
1928
1929BOOL transport_set_connected_event(rdpTransport* transport)
1930{
1931 WINPR_ASSERT(transport);
1932 return SetEvent(transport->connectedEvent);
1933}
1934
1935BOOL transport_set_recv_callbacks(rdpTransport* transport, TransportRecv recv, void* extra)
1936{
1937 WINPR_ASSERT(transport);
1938 transport->ReceiveCallback = recv;
1939 transport->ReceiveExtra = extra;
1940 return TRUE;
1941}
1942
1943BOOL transport_get_blocking(const rdpTransport* transport)
1944{
1945 WINPR_ASSERT(transport);
1946 return transport->blocking;
1947}
1948
1949BOOL transport_set_blocking(rdpTransport* transport, BOOL blocking)
1950{
1951 WINPR_ASSERT(transport);
1952 transport->blocking = blocking;
1953 return TRUE;
1954}
1955
1956BOOL transport_have_more_bytes_to_read(rdpTransport* transport)
1957{
1958 WINPR_ASSERT(transport);
1959 return transport->haveMoreBytesToRead;
1960}
1961
1962int transport_tcp_connect(rdpTransport* transport, const char* hostname, int port, DWORD timeout)
1963{
1964 rdpContext* context = transport_get_context(transport);
1965 WINPR_ASSERT(context);
1966 WINPR_ASSERT(context->settings);
1967 return IFCALLRESULT(-1, transport->io.TCPConnect, context, context->settings, hostname, port,
1968 timeout);
1969}
1970
1971HANDLE transport_get_front_bio(rdpTransport* transport)
1972{
1973 HANDLE hEvent = nullptr;
1974 WINPR_ASSERT(transport);
1975 WINPR_ASSERT(transport->frontBio);
1976
1977 BIO_get_event(transport->frontBio, &hEvent);
1978 return hEvent;
1979}
1980
1981BOOL transport_io_callback_set_event(rdpTransport* transport, BOOL set)
1982{
1983 WINPR_ASSERT(transport);
1984 transport->useIoEvent = TRUE;
1985 if (!set)
1986 return ResetEvent(transport->ioEvent);
1987 return SetEvent(transport->ioEvent);
1988}
1989
1990void transport_set_early_user_auth_mode(rdpTransport* transport, BOOL EUAMode)
1991{
1992 WINPR_ASSERT(transport);
1993 transport->earlyUserAuth = EUAMode;
1994 WLog_Print(transport->log, WLOG_DEBUG, "Early User Auth Mode: %s", EUAMode ? "on" : "off");
1995}
1996
1997rdpTransportLayer* transport_layer_new(WINPR_ATTR_UNUSED rdpTransport* transport,
1998 size_t contextSize)
1999{
2000 rdpTransportLayerInt* layer = (rdpTransportLayerInt*)calloc(1, sizeof(rdpTransportLayerInt));
2001 if (!layer)
2002 return nullptr;
2003
2004 if (contextSize)
2005 {
2006 layer->userContextShadowPtr = calloc(1, contextSize);
2007 if (!layer->userContextShadowPtr)
2008 {
2009 free(layer);
2010 return nullptr;
2011 }
2012 }
2013 layer->pub.userContext = layer->userContextShadowPtr;
2014
2015 return &layer->pub;
2016}
2017
2018void transport_layer_free(rdpTransportLayer* layer)
2019{
2020 rdpTransportLayerInt* intern = (rdpTransportLayerInt*)layer;
2021 if (!layer)
2022 return;
2023
2024 if (intern->pub.Close)
2025 intern->pub.Close(intern->pub.userContext);
2026 free(intern->userContextShadowPtr);
2027 free(intern);
2028}
2029
2030static int transport_layer_bio_write(BIO* bio, const char* buf, int size)
2031{
2032 if (!buf || !size)
2033 return 0;
2034 if (size < 0)
2035 return -1;
2036
2037 WINPR_ASSERT(bio);
2038
2039 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2040 if (!layer)
2041 return -1;
2042
2043 BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
2044
2045 errno = 0;
2046 const int status = IFCALLRESULT(-1, layer->Write, layer->userContext, buf, size);
2047
2048 if (status >= 0 && status < size)
2049 BIO_set_flags(bio, (BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY));
2050
2051 switch (errno)
2052 {
2053 case EAGAIN:
2054 BIO_set_flags(bio, (BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY));
2055 break;
2056 default:
2057 break;
2058 }
2059
2060 return status;
2061}
2062
2063static int transport_layer_bio_read(BIO* bio, char* buf, int size)
2064{
2065 if (!buf || !size)
2066 return 0;
2067 if (size < 0)
2068 return -1;
2069
2070 WINPR_ASSERT(bio);
2071
2072 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2073 if (!layer)
2074 return -1;
2075
2076 BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
2077 errno = 0;
2078 const int status = IFCALLRESULT(-1, layer->Read, layer->userContext, buf, size);
2079
2080 switch (errno)
2081 {
2082 case EAGAIN:
2083 BIO_set_flags(bio, (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY));
2084 break;
2085 default:
2086 break;
2087 }
2088
2089 return status;
2090}
2091
2092static int transport_layer_bio_puts(WINPR_ATTR_UNUSED BIO* bio, WINPR_ATTR_UNUSED const char* str)
2093{
2094 return -2;
2095}
2096
2097static int transport_layer_bio_gets(WINPR_ATTR_UNUSED BIO* bio, WINPR_ATTR_UNUSED char* str,
2098 WINPR_ATTR_UNUSED int size)
2099{
2100 return 1;
2101}
2102
2103static long transport_layer_bio_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
2104{
2105 WINPR_ASSERT(bio);
2106
2107 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2108 if (!layer)
2109 return -1;
2110
2111 int status = -1;
2112 switch (cmd)
2113 {
2114 case BIO_C_GET_EVENT:
2115 *((HANDLE*)arg2) = IFCALLRESULT(nullptr, layer->GetEvent, layer->userContext);
2116 status = 1;
2117 break;
2118
2119 case BIO_C_SET_NONBLOCK:
2120 status = 1;
2121 break;
2122
2123 case BIO_C_WAIT_READ:
2124 {
2125 int timeout = (int)arg1;
2126 BOOL r = IFCALLRESULT(FALSE, layer->Wait, layer->userContext, FALSE,
2127 WINPR_ASSERTING_INT_CAST(uint32_t, timeout));
2128 /* Convert timeout to error return */
2129 if (!r)
2130 {
2131 errno = ETIMEDOUT;
2132 status = 0;
2133 }
2134 else
2135 status = 1;
2136 break;
2137 }
2138
2139 case BIO_C_WAIT_WRITE:
2140 {
2141 int timeout = (int)arg1;
2142 BOOL r = IFCALLRESULT(FALSE, layer->Wait, layer->userContext, TRUE,
2143 WINPR_ASSERTING_INT_CAST(uint32_t, timeout));
2144 /* Convert timeout to error return */
2145 if (!r)
2146 {
2147 errno = ETIMEDOUT;
2148 status = 0;
2149 }
2150 else
2151 status = 1;
2152 break;
2153 }
2154
2155 case BIO_CTRL_GET_CLOSE:
2156 status = BIO_get_shutdown(bio);
2157 break;
2158
2159 case BIO_CTRL_SET_CLOSE:
2160 BIO_set_shutdown(bio, (int)arg1);
2161 status = 1;
2162 break;
2163
2164 case BIO_CTRL_FLUSH:
2165 case BIO_CTRL_DUP:
2166 status = 1;
2167 break;
2168
2169 default:
2170 status = 0;
2171 break;
2172 }
2173
2174 return status;
2175}
2176
2177static int transport_layer_bio_new(BIO* bio)
2178{
2179 WINPR_ASSERT(bio);
2180
2181 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2182 BIO_set_init(bio, 1);
2183 return 1;
2184}
2185
2186static int transport_layer_bio_free(BIO* bio)
2187{
2188 if (!bio)
2189 return 0;
2190
2191 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2192 if (layer)
2193 transport_layer_free(layer);
2194
2195 BIO_set_data(bio, nullptr);
2196 BIO_set_init(bio, 0);
2197 BIO_set_flags(bio, 0);
2198
2199 return 1;
2200}
2201
2202BIO_METHOD* BIO_s_transport_layer(void)
2203{
2204 static BIO_METHOD* bio_methods = nullptr;
2205
2206 if (bio_methods == nullptr)
2207 {
2208 if (!(bio_methods = BIO_meth_new(BIO_TYPE_SIMPLE, "TransportLayer")))
2209 return nullptr;
2210
2211 BIO_meth_set_write(bio_methods, transport_layer_bio_write);
2212 BIO_meth_set_read(bio_methods, transport_layer_bio_read);
2213 BIO_meth_set_puts(bio_methods, transport_layer_bio_puts);
2214 BIO_meth_set_gets(bio_methods, transport_layer_bio_gets);
2215 BIO_meth_set_ctrl(bio_methods, transport_layer_bio_ctrl);
2216 BIO_meth_set_create(bio_methods, transport_layer_bio_new);
2217 BIO_meth_set_destroy(bio_methods, transport_layer_bio_free);
2218 }
2219
2220 return bio_methods;
2221}
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_server_name(const rdpSettings *settings)
A helper function to return the correct server name.