FreeRDP
Loading...
Searching...
No Matches
transport.c
1
20#include <freerdp/config.h>
21
22#include "settings.h"
23
24#include <winpr/assert.h>
25
26#include <winpr/crt.h>
27#include <winpr/synch.h>
28#include <winpr/print.h>
29#include <winpr/stream.h>
30#include <winpr/winsock.h>
31#include <winpr/crypto.h>
32
33#include <freerdp/log.h>
34#include <freerdp/error.h>
35#include <freerdp/utils/ringbuffer.h>
36
37#include <openssl/bio.h>
38#include <time.h>
39#include <errno.h>
40#include <fcntl.h>
41
42#ifndef _WIN32
43#include <netdb.h>
44#include <sys/socket.h>
45#endif /* _WIN32 */
46
47#ifdef FREERDP_HAVE_VALGRIND_MEMCHECK_H
48#include <valgrind/memcheck.h>
49#endif
50
51#include "tpkt.h"
52#include "fastpath.h"
53#include "transport.h"
54#include "rdp.h"
55#include "proxy.h"
56#include "utils.h"
57#include "state.h"
58#include "childsession.h"
59
60#include "gateway/rdg.h"
61#include "gateway/wst.h"
62#include "gateway/arm.h"
63
64#define TAG FREERDP_TAG("core.transport")
65
66#define BUFFER_SIZE 16384
67
68struct rdp_transport
69{
70 TRANSPORT_LAYER layer;
71 BIO* frontBio;
72 rdpRdg* rdg;
73 rdpTsg* tsg;
74 rdpWst* wst;
75 rdpTls* tls;
76 rdpContext* context;
77 rdpNla* nla;
78 void* ReceiveExtra;
79 wStream* ReceiveBuffer;
80 TransportRecv ReceiveCallback;
81 wStreamPool* ReceivePool;
82 HANDLE connectedEvent;
83 BOOL NlaMode;
84 BOOL RdstlsMode;
85 BOOL AadMode;
86 BOOL blocking;
87 BOOL GatewayEnabled;
88 BOOL haveReadLock;
89 CRITICAL_SECTION ReadLock;
90 BOOL haveWriteLock;
91 CRITICAL_SECTION WriteLock;
92 UINT64 written;
93 HANDLE rereadEvent;
94 BOOL haveMoreBytesToRead;
95 wLog* log;
96 rdpTransportIo io;
97 HANDLE ioEvent;
98 BOOL useIoEvent;
99 BOOL earlyUserAuth;
100};
101
102typedef struct
103{
104 rdpTransportLayer pub;
105 void* userContextShadowPtr;
106} rdpTransportLayerInt;
107
108static const char* where2str(int where, char* ibuffer, size_t ilen)
109{
110 if (!ibuffer || (ilen < 2))
111 return nullptr;
112
113 ibuffer[0] = '[';
114 size_t len = ilen - 1;
115 char* buffer = &ibuffer[1];
116 if (where & SSL_CB_ALERT)
117 winpr_str_append("SSL_CB_ALERT", buffer, len, "|");
118 if (where & SSL_ST_ACCEPT)
119 winpr_str_append("SSL_ST_ACCEPT", buffer, len, "|");
120 if (where & SSL_ST_CONNECT)
121 winpr_str_append("SSL_ST_CONNECT", buffer, len, "|");
122 if (where & SSL_CB_HANDSHAKE_DONE)
123 winpr_str_append("SSL_CB_HANDSHAKE_DONE", buffer, len, "|");
124 if (where & SSL_CB_HANDSHAKE_START)
125 winpr_str_append("SSL_CB_HANDSHAKE_START", buffer, len, "|");
126 if (where & SSL_CB_WRITE)
127 winpr_str_append("SSL_CB_WRITE", buffer, len, "|");
128 if (where & SSL_CB_READ)
129 winpr_str_append("SSL_CB_READ", buffer, len, "|");
130 if (where & SSL_CB_EXIT)
131 winpr_str_append("SSL_CB_EXIT", buffer, len, "|");
132 if (where & SSL_CB_LOOP)
133 winpr_str_append("SSL_CB_LOOP", buffer, len, "|");
134
135 char nr[32] = WINPR_C_ARRAY_INIT;
136 (void)_snprintf(nr, sizeof(nr), "]{0x%08" PRIx32 "}", (unsigned)where);
137 winpr_str_append(nr, buffer, len, "");
138 return buffer;
139}
140
141static void transport_ssl_cb(const SSL* ssl, int where, int ret)
142{
143 if (where & SSL_CB_ALERT)
144 {
145 char buffer[128] = WINPR_C_ARRAY_INIT;
146 rdpTransport* transport = (rdpTransport*)SSL_get_app_data(ssl);
147 WINPR_ASSERT(transport);
148
149 switch (ret)
150 {
151 case (SSL3_AL_FATAL << 8) | SSL_AD_ACCESS_DENIED:
152 {
153 if (!freerdp_get_last_error(transport_get_context(transport)))
154 {
155 WLog_Print(transport->log, WLOG_ERROR, "where=%s ACCESS DENIED",
156 where2str(where, buffer, sizeof(buffer)));
157 freerdp_set_last_error_log(transport_get_context(transport),
158 FREERDP_ERROR_AUTHENTICATION_FAILED);
159 }
160 }
161 break;
162
163 case (SSL3_AL_FATAL << 8) | SSL_AD_INTERNAL_ERROR:
164 {
165 WLog_Print(transport->log, WLOG_WARN, "SSL error (where=%s, ret=%d [%s, %s])",
166 where2str(where, buffer, sizeof(buffer)), ret,
167 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
168
169 if (transport->NlaMode)
170 {
171 if (!freerdp_get_last_error(transport_get_context(transport)))
172 {
173 UINT32 kret = 0;
174 if (transport->nla)
175 kret = nla_get_error(transport->nla);
176 if (kret == 0)
177 kret = FREERDP_ERROR_CONNECT_PASSWORD_CERTAINLY_EXPIRED;
178 freerdp_set_last_error_log(transport_get_context(transport), kret);
179 }
180 }
181 }
182 break;
183
184 case (SSL3_AL_WARNING << 8) | SSL3_AD_CLOSE_NOTIFY:
185 WLog_Print(transport->log, WLOG_DEBUG, "SSL warning (where=%s, ret=%d [%s, %s])",
186 where2str(where, buffer, sizeof(buffer)), ret,
187 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
188 break;
189
190 default:
191 WLog_Print(transport->log, WLOG_WARN,
192 "Unhandled SSL error (where=%s, ret=%d [%s, %s])",
193 where2str(where, buffer, sizeof(buffer)), ret,
194 SSL_alert_type_string_long(ret), SSL_alert_desc_string_long(ret));
195 break;
196 }
197 }
198}
199
200wStream* transport_send_stream_init(WINPR_ATTR_UNUSED rdpTransport* transport, size_t size)
201{
202 WINPR_ASSERT(transport);
203
204 return Stream_New(nullptr, size);
205}
206
207BOOL transport_attach(rdpTransport* transport, int sockfd)
208{
209 if (!transport)
210 return FALSE;
211 return IFCALLRESULT(FALSE, transport->io.TransportAttach, transport, sockfd);
212}
213
214static BOOL transport_default_attach(rdpTransport* transport, int sockfd)
215{
216 BIO* socketBio = nullptr;
217 BIO* bufferedBio = nullptr;
218 const rdpSettings* settings = nullptr;
219 rdpContext* context = transport_get_context(transport);
220
221 if (sockfd < 0)
222 {
223 WLog_WARN(TAG, "Running peer without socket (sockfd=%d)", sockfd);
224 return TRUE;
225 }
226
227 settings = context->settings;
228 WINPR_ASSERT(settings);
229
230 if (sockfd >= 0)
231 {
232 if (!freerdp_tcp_set_keep_alive_mode(settings, sockfd))
233 goto fail;
234
235 socketBio = BIO_new(BIO_s_simple_socket());
236
237 if (!socketBio)
238 goto fail;
239 }
240
241 bufferedBio = BIO_new(BIO_s_buffered_socket());
242 if (!bufferedBio)
243 goto fail;
244
245 if (socketBio)
246 {
247 bufferedBio = BIO_push(bufferedBio, socketBio);
248 if (!bufferedBio)
249 goto fail;
250
251 /* Attach the socket only when this function can no longer fail.
252 * This ensures solid ownership:
253 * - if this function fails, the caller is responsible to clean up
254 * - if this function is successful, the caller MUST NOT close the socket any more.
255 */
256 BIO_set_fd(socketBio, sockfd, BIO_CLOSE);
257 }
258 EnterCriticalSection(&(transport->ReadLock));
259 EnterCriticalSection(&(transport->WriteLock));
260 transport->frontBio = bufferedBio;
261 LeaveCriticalSection(&(transport->WriteLock));
262 LeaveCriticalSection(&(transport->ReadLock));
263
264 return TRUE;
265fail:
266
267 if (socketBio)
268 BIO_free_all(socketBio);
269 else
270 closesocket((SOCKET)sockfd);
271
272 return FALSE;
273}
274
275BOOL transport_connect_rdp(rdpTransport* transport)
276{
277 if (!transport)
278 return FALSE;
279
280 switch (utils_authenticate(transport_get_context(transport)->instance, AUTH_RDP, FALSE))
281 {
282 case AUTH_SKIP:
283 case AUTH_SUCCESS:
284 case AUTH_NO_CREDENTIALS:
285 return TRUE;
286 case AUTH_CANCELLED:
287 freerdp_set_last_error_if_not(transport_get_context(transport),
288 FREERDP_ERROR_CONNECT_CANCELLED);
289 return FALSE;
290 default:
291 return FALSE;
292 }
293}
294
295BOOL transport_connect_tls(rdpTransport* transport)
296{
297 const rdpSettings* settings = nullptr;
298 rdpContext* context = transport_get_context(transport);
299
300 settings = context->settings;
301 WINPR_ASSERT(settings);
302
303 /* Only prompt for password if we use TLS (NLA also calls this function) */
304 if (settings->SelectedProtocol == PROTOCOL_SSL)
305 {
306 switch (utils_authenticate(context->instance, AUTH_TLS, FALSE))
307 {
308 case AUTH_SKIP:
309 case AUTH_SUCCESS:
310 case AUTH_NO_CREDENTIALS:
311 break;
312 case AUTH_CANCELLED:
313 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
314 return FALSE;
315 default:
316 return FALSE;
317 }
318 }
319
320 return IFCALLRESULT(FALSE, transport->io.TLSConnect, transport);
321}
322
323static BOOL transport_default_connect_tls(rdpTransport* transport)
324{
325 int tlsStatus = 0;
326 rdpTls* tls = nullptr;
327 rdpContext* context = nullptr;
328 rdpSettings* settings = nullptr;
329
330 WINPR_ASSERT(transport);
331
332 context = transport_get_context(transport);
333 WINPR_ASSERT(context);
334
335 settings = context->settings;
336 WINPR_ASSERT(settings);
337
338 if (!(tls = freerdp_tls_new(context)))
339 return FALSE;
340
341 transport->tls = tls;
342
343 if (transport->GatewayEnabled)
344 transport->layer = TRANSPORT_LAYER_TSG_TLS;
345 else
346 transport->layer = TRANSPORT_LAYER_TLS;
347
348 tls->hostname = settings->ServerHostname;
349 tls->serverName = settings->UserSpecifiedServerName;
350 tls->port = WINPR_ASSERTING_INT_CAST(int32_t, MIN(UINT16_MAX, settings->ServerPort));
351
352 if (tls->port == 0)
353 tls->port = 3389;
354
355 tls->isGatewayTransport = FALSE;
356 tlsStatus = freerdp_tls_connect(tls, transport->frontBio);
357
358 if (tlsStatus < 1)
359 {
360 if (tlsStatus < 0)
361 {
362 freerdp_set_last_error_if_not(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
363 }
364 else
365 {
366 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
367 }
368
369 return FALSE;
370 }
371
372 transport->frontBio = tls->bio;
373
374 /* See libfreerdp/crypto/tls.c transport_default_connect_tls
375 *
376 * we are wrapping a SSL object in the BIO and actually want to set
377 *
378 * SSL_set_info_callback there. So ensure our callback is of appropriate
379 * type for that instead of what the function prototype suggests.
380 */
381 typedef void (*ssl_cb_t)(const SSL* ssl, int type, int val);
382 ssl_cb_t fkt = transport_ssl_cb;
383
384 BIO_info_cb* bfkt = WINPR_FUNC_PTR_CAST(fkt, BIO_info_cb*);
385 BIO_callback_ctrl(tls->bio, BIO_CTRL_SET_CALLBACK, bfkt);
386 SSL_set_app_data(tls->ssl, transport);
387
388 if (!transport->frontBio)
389 {
390 WLog_Print(transport->log, WLOG_ERROR, "unable to prepend a filtering TLS bio");
391 return FALSE;
392 }
393
394 return TRUE;
395}
396
397BOOL transport_connect_nla(rdpTransport* transport, BOOL earlyUserAuth)
398{
399 rdpContext* context = nullptr;
400 rdpSettings* settings = nullptr;
401 rdpRdp* rdp = nullptr;
402 if (!transport)
403 return FALSE;
404
405 context = transport_get_context(transport);
406 WINPR_ASSERT(context);
407
408 settings = context->settings;
409 WINPR_ASSERT(settings);
410
411 rdp = context->rdp;
412 WINPR_ASSERT(rdp);
413
414 if (!transport_connect_tls(transport))
415 return FALSE;
416
417 if (!settings->Authentication)
418 return TRUE;
419
420 nla_free(rdp->nla);
421 rdp->nla = nla_new(context, transport);
422
423 if (!rdp->nla)
424 return FALSE;
425
426 nla_set_early_user_auth(rdp->nla, earlyUserAuth);
427
428 transport_set_nla_mode(transport, TRUE);
429
430 if (settings->AuthenticationServiceClass)
431 {
432 if (!nla_set_service_principal(rdp->nla, settings->AuthenticationServiceClass,
433 freerdp_settings_get_server_name(settings)))
434 return FALSE;
435 }
436
437 if (nla_client_begin(rdp->nla) < 0)
438 {
439 WLog_Print(transport->log, WLOG_ERROR, "NLA begin failed");
440
441 freerdp_set_last_error_if_not(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
442
443 transport_set_nla_mode(transport, FALSE);
444 return FALSE;
445 }
446
447 return rdp_client_transition_to_state(rdp, CONNECTION_STATE_NLA);
448}
449
450BOOL transport_connect_rdstls(rdpTransport* transport)
451{
452 BOOL rc = FALSE;
453 rdpRdstls* rdstls = nullptr;
454 rdpContext* context = nullptr;
455
456 WINPR_ASSERT(transport);
457
458 context = transport_get_context(transport);
459 WINPR_ASSERT(context);
460
461 if (!transport_connect_tls(transport))
462 goto fail;
463
464 rdstls = rdstls_new(context, transport);
465 if (!rdstls)
466 goto fail;
467
468 transport_set_rdstls_mode(transport, TRUE);
469
470 if (rdstls_authenticate(rdstls) < 0)
471 {
472 WLog_Print(transport->log, WLOG_ERROR, "RDSTLS authentication failed");
473 freerdp_set_last_error_if_not(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
474 goto fail;
475 }
476
477 transport_set_rdstls_mode(transport, FALSE);
478 rc = TRUE;
479fail:
480 rdstls_free(rdstls);
481 return rc;
482}
483
484BOOL transport_connect_aad(rdpTransport* transport)
485{
486 rdpContext* context = nullptr;
487 rdpSettings* settings = nullptr;
488 rdpRdp* rdp = nullptr;
489 if (!transport)
490 return FALSE;
491
492 context = transport_get_context(transport);
493 WINPR_ASSERT(context);
494
495 settings = context->settings;
496 WINPR_ASSERT(settings);
497
498 rdp = context->rdp;
499 WINPR_ASSERT(rdp);
500
501 if (!transport_connect_tls(transport))
502 return FALSE;
503
504 if (!settings->Authentication)
505 return TRUE;
506
507 if (!rdp->aad)
508 return FALSE;
509
510 transport_set_aad_mode(transport, TRUE);
511
512 if (aad_client_begin(rdp->aad) < 0)
513 {
514 WLog_Print(transport->log, WLOG_ERROR, "AAD begin failed");
515
516 freerdp_set_last_error_if_not(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
517
518 transport_set_aad_mode(transport, FALSE);
519 return FALSE;
520 }
521
522 return rdp_client_transition_to_state(rdp, CONNECTION_STATE_AAD);
523}
524
525static BOOL transport_can_retry(const rdpContext* context, BOOL status)
526{
527 switch (freerdp_get_last_error(context))
528 {
529 case FREERDP_ERROR_CONNECT_TARGET_BOOTING:
530 return FALSE;
531 default:
532 return !status;
533 }
534}
535
536BOOL transport_connect(rdpTransport* transport, const char* hostname, UINT16 port, DWORD timeout)
537{
538 BOOL status = FALSE;
539 rdpSettings* settings = nullptr;
540 rdpContext* context = transport_get_context(transport);
541 BOOL rpcFallback = 0;
542
543 WINPR_ASSERT(context);
544 WINPR_ASSERT(hostname);
545
546 settings = context->settings;
547 WINPR_ASSERT(settings);
548
549 rpcFallback = !settings->GatewayHttpTransport;
550
551 if (transport->GatewayEnabled)
552 {
553 if (settings->GatewayUrl)
554 {
555 WINPR_ASSERT(!transport->wst);
556 transport->wst = wst_new(context);
557
558 if (!transport->wst)
559 return FALSE;
560
561 status = wst_connect(transport->wst, timeout);
562
563 if (status)
564 {
565 transport->frontBio = wst_get_front_bio_and_take_ownership(transport->wst);
566 WINPR_ASSERT(transport->frontBio);
567 BIO_set_nonblock(transport->frontBio, 0);
568 transport->layer = TRANSPORT_LAYER_TSG;
569 status = TRUE;
570 }
571 else
572 {
573 wst_free(transport->wst);
574 transport->wst = nullptr;
575 }
576 }
577 if (transport_can_retry(transport->context, status) && settings->GatewayHttpTransport)
578 {
579 WINPR_ASSERT(!transport->rdg);
580 transport->rdg = rdg_new(context);
581
582 if (!transport->rdg)
583 return FALSE;
584
585 status = rdg_connect(transport->rdg, timeout, &rpcFallback);
586
587 if (status)
588 {
589 transport->frontBio = rdg_get_front_bio_and_take_ownership(transport->rdg);
590 WINPR_ASSERT(transport->frontBio);
591 BIO_set_nonblock(transport->frontBio, 0);
592 transport->layer = TRANSPORT_LAYER_TSG;
593 status = TRUE;
594 }
595 else
596 {
597 rdg_free(transport->rdg);
598 transport->rdg = nullptr;
599 }
600 }
601
602 if (transport_can_retry(transport->context, status) && settings->GatewayRpcTransport &&
603 rpcFallback)
604 {
605 WINPR_ASSERT(!transport->tsg);
606 transport->tsg = tsg_new(transport);
607
608 if (!transport->tsg)
609 return FALSE;
610
611 /* Reset error condition from RDG */
612 freerdp_set_last_error_log(context, FREERDP_ERROR_SUCCESS);
613 status = tsg_connect(transport->tsg, hostname, port, timeout);
614
615 if (status)
616 {
617 transport->frontBio = tsg_get_bio(transport->tsg);
618 transport->layer = TRANSPORT_LAYER_TSG;
619 status = TRUE;
620 }
621 else
622 {
623 tsg_free(transport->tsg);
624 transport->tsg = nullptr;
625 }
626 }
627 }
628 else
629 {
630 UINT16 peerPort = 0;
631 const char* proxyHostname = nullptr;
632 const char* proxyUsername = nullptr;
633 const char* proxyPassword = nullptr;
634 BOOL isProxyConnection =
635 proxy_prepare(settings, &proxyHostname, &peerPort, &proxyUsername, &proxyPassword);
636
637 rdpTransportLayer* layer = nullptr;
638 if (isProxyConnection)
639 layer = transport_connect_layer(transport, proxyHostname, peerPort, timeout);
640 else
641 layer = transport_connect_layer(transport, hostname, port, timeout);
642
643 if (!layer)
644 return FALSE;
645
646 if (!transport_attach_layer(transport, layer))
647 {
648 transport_layer_free(layer);
649 return FALSE;
650 }
651
652 if (isProxyConnection)
653 {
654 if (!proxy_connect(context, transport->frontBio, proxyUsername, proxyPassword, hostname,
655 port))
656 return FALSE;
657 }
658
659 status = TRUE;
660 }
661
662 return status;
663}
664
665BOOL transport_connect_childsession(rdpTransport* transport)
666{
667 WINPR_ASSERT(transport);
668
669 transport->frontBio = createChildSessionBio();
670 if (!transport->frontBio)
671 return FALSE;
672
673 transport->layer = TRANSPORT_LAYER_TSG;
674 return TRUE;
675}
676
677BOOL transport_accept_rdp(rdpTransport* transport)
678{
679 return transport != nullptr;
680 /* RDP encryption */
681}
682
683BOOL transport_accept_tls(rdpTransport* transport)
684{
685 if (!transport)
686 return FALSE;
687 return IFCALLRESULT(FALSE, transport->io.TLSAccept, transport);
688}
689
690static BOOL transport_default_accept_tls(rdpTransport* transport)
691{
692 rdpContext* context = transport_get_context(transport);
693 rdpSettings* settings = nullptr;
694
695 WINPR_ASSERT(context);
696
697 settings = context->settings;
698 WINPR_ASSERT(settings);
699
700 if (!transport->tls)
701 transport->tls = freerdp_tls_new(context);
702
703 transport->layer = TRANSPORT_LAYER_TLS;
704
705 if (!freerdp_tls_accept(transport->tls, transport->frontBio, settings))
706 return FALSE;
707
708 transport->frontBio = transport->tls->bio;
709 return TRUE;
710}
711
712BOOL transport_accept_nla(rdpTransport* transport)
713{
714 rdpContext* context = transport_get_context(transport);
715 rdpSettings* settings = nullptr;
716
717 WINPR_ASSERT(context);
718
719 settings = context->settings;
720 WINPR_ASSERT(settings);
721
722 if (!IFCALLRESULT(FALSE, transport->io.TLSAccept, transport))
723 return FALSE;
724
725 /* Network Level Authentication */
726
727 if (!settings->Authentication)
728 return TRUE;
729
730 if (!transport->nla)
731 {
732 transport->nla = nla_new(context, transport);
733 transport_set_nla_mode(transport, TRUE);
734 }
735
736 if (nla_authenticate(transport->nla) < 0)
737 {
738 WLog_Print(transport->log, WLOG_ERROR, "client authentication failure");
739 transport_set_nla_mode(transport, FALSE);
740 nla_free(transport->nla);
741 transport->nla = nullptr;
742 freerdp_tls_set_alert_code(transport->tls, TLS_ALERT_LEVEL_FATAL,
743 TLS_ALERT_DESCRIPTION_ACCESS_DENIED);
744 freerdp_tls_send_alert(transport->tls);
745 return FALSE;
746 }
747
748 /* don't free nla module yet, we need to copy the credentials from it first */
749 transport_set_nla_mode(transport, FALSE);
750 return TRUE;
751}
752
753BOOL transport_accept_rdstls(rdpTransport* transport)
754{
755 BOOL rc = FALSE;
756 rdpRdstls* rdstls = nullptr;
757 rdpContext* context = nullptr;
758
759 WINPR_ASSERT(transport);
760
761 context = transport_get_context(transport);
762 WINPR_ASSERT(context);
763
764 if (!IFCALLRESULT(FALSE, transport->io.TLSAccept, transport))
765 goto fail;
766
767 rdstls = rdstls_new(context, transport);
768 if (!rdstls)
769 goto fail;
770
771 transport_set_rdstls_mode(transport, TRUE);
772
773 if (rdstls_authenticate(rdstls) < 0)
774 {
775 WLog_Print(transport->log, WLOG_ERROR, "client authentication failure");
776 freerdp_tls_set_alert_code(transport->tls, TLS_ALERT_LEVEL_FATAL,
777 TLS_ALERT_DESCRIPTION_ACCESS_DENIED);
778 freerdp_tls_send_alert(transport->tls);
779 goto fail;
780 }
781
782 transport_set_rdstls_mode(transport, FALSE);
783 rc = TRUE;
784fail:
785 rdstls_free(rdstls);
786 return rc;
787}
788
789#define WLog_ERR_BIO(transport, biofunc, bio) \
790 transport_bio_error_log(transport, biofunc, bio, __FILE__, __func__, __LINE__)
791
792static void transport_bio_error_log(rdpTransport* transport, LPCSTR biofunc,
793 WINPR_ATTR_UNUSED BIO* bio, LPCSTR file, LPCSTR func,
794 DWORD line)
795{
796 unsigned long sslerr = 0;
797 int saveerrno = 0;
798 DWORD level = 0;
799
800 WINPR_ASSERT(transport);
801
802 saveerrno = errno;
803 level = WLOG_ERROR;
804
805 if (level < WLog_GetLogLevel(transport->log))
806 return;
807
808 if (ERR_peek_error() == 0)
809 {
810 char ebuffer[256] = WINPR_C_ARRAY_INIT;
811
812 if (saveerrno == 0)
813 WLog_PrintTextMessage(transport->log, level, line, file, func, "%s retries exceeded",
814 biofunc);
815 else
816 WLog_PrintTextMessage(transport->log, level, line, file, func,
817 "%s returned a system error %d: %s", biofunc, saveerrno,
818 winpr_strerror(saveerrno, ebuffer, sizeof(ebuffer)));
819 return;
820 }
821
822 while ((sslerr = ERR_get_error()))
823 {
824 char buf[120] = WINPR_C_ARRAY_INIT;
825
826 ERR_error_string_n(sslerr, buf, 120);
827 WLog_PrintTextMessage(transport->log, level, line, file, func, "%s returned an error: %s",
828 biofunc, buf);
829 }
830}
831
832static SSIZE_T transport_read_layer(rdpTransport* transport, BYTE* data, size_t bytes)
833{
834 SSIZE_T read = 0;
835 rdpRdp* rdp = nullptr;
836 rdpContext* context = nullptr;
837
838 WINPR_ASSERT(transport);
839
840 context = transport_get_context(transport);
841 WINPR_ASSERT(context);
842
843 rdp = context->rdp;
844 WINPR_ASSERT(rdp);
845
846 if (!transport->frontBio || (bytes > SSIZE_MAX))
847 {
848 transport->layer = TRANSPORT_LAYER_CLOSED;
849 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
850 return -1;
851 }
852
853 while (read < (SSIZE_T)bytes)
854 {
855 const SSIZE_T tr = (SSIZE_T)bytes - read;
856 int r = (int)((tr > INT_MAX) ? INT_MAX : tr);
857 ERR_clear_error();
858 int status = BIO_read(transport->frontBio, data + read, r);
859
860 if (freerdp_shall_disconnect_context(context))
861 return -1;
862
863 if (status <= 0)
864 {
865 if (!transport->frontBio || !BIO_should_retry(transport->frontBio))
866 {
867 /* something unexpected happened, let's close */
868 if (!transport->frontBio)
869 {
870 WLog_Print(transport->log, WLOG_ERROR, "BIO_read: transport->frontBio null");
871 return -1;
872 }
873
874 WLog_ERR_BIO(transport, "BIO_read", transport->frontBio);
875 transport->layer = TRANSPORT_LAYER_CLOSED;
876 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
877 return -1;
878 }
879
880 /* non blocking will survive a partial read */
881 if (!transport->blocking)
882 return read;
883
884 /* blocking means that we can't continue until we have read the number of requested
885 * bytes */
886 if (BIO_wait_read(transport->frontBio, 100) < 0)
887 {
888 WLog_ERR_BIO(transport, "BIO_wait_read", transport->frontBio);
889 return -1;
890 }
891
892 continue;
893 }
894
895#ifdef FREERDP_HAVE_VALGRIND_MEMCHECK_H
896 VALGRIND_MAKE_MEM_DEFINED(data + read, bytes - read);
897#endif
898 read += status;
899 rdp->inBytes += WINPR_ASSERTING_INT_CAST(uint64_t, status);
900 }
901
902 return read;
903}
904
919static SSIZE_T transport_read_layer_bytes(rdpTransport* transport, wStream* s, size_t toRead)
920{
921 SSIZE_T status = 0;
922 if (!transport)
923 return -1;
924
925 if (toRead > SSIZE_MAX)
926 return 0;
927
928 status = IFCALLRESULT(-1, transport->io.ReadBytes, transport, Stream_Pointer(s), toRead);
929
930 if (status <= 0)
931 return status;
932
933 Stream_Seek(s, (size_t)status);
934 return status == (SSIZE_T)toRead ? 1 : 0;
935}
936
949int transport_read_pdu(rdpTransport* transport, wStream* s)
950{
951 if (!transport)
952 return -1;
953 return IFCALLRESULT(-1, transport->io.ReadPdu, transport, s);
954}
955
956static SSIZE_T parse_nla_mode_pdu(rdpTransport* transport, wStream* stream)
957{
958 SSIZE_T pduLength = 0;
959 wStream sbuffer = WINPR_C_ARRAY_INIT;
960 wStream* s = Stream_StaticConstInit(&sbuffer, Stream_Buffer(stream), Stream_Length(stream));
961 /*
962 * In case NlaMode is set TSRequest package(s) are expected
963 * 0x30 = DER encoded data with these bits set:
964 * bit 6 P/C constructed
965 * bit 5 tag number - sequence
966 */
967 UINT8 typeEncoding = 0;
968 if (Stream_GetRemainingLength(s) < 1)
969 return 0;
970 Stream_Read_UINT8(s, typeEncoding);
971 if (typeEncoding == 0x30)
972 {
973 /* TSRequest (NLA) */
974 UINT8 lengthEncoding = 0;
975 if (Stream_GetRemainingLength(s) < 1)
976 return 0;
977 Stream_Read_UINT8(s, lengthEncoding);
978 if (lengthEncoding & 0x80)
979 {
980 if ((lengthEncoding & ~(0x80)) == 1)
981 {
982 UINT8 length = 0;
983 if (Stream_GetRemainingLength(s) < 1)
984 return 0;
985 Stream_Read_UINT8(s, length);
986 pduLength = length;
987 pduLength += 3;
988 }
989 else if ((lengthEncoding & ~(0x80)) == 2)
990 {
991 /* check for header bytes already read in previous calls */
992 UINT16 length = 0;
993 if (Stream_GetRemainingLength(s) < 2)
994 return 0;
995 Stream_Read_UINT16_BE(s, length);
996 pduLength = length;
997 pduLength += 4;
998 }
999 else
1000 {
1001 WLog_Print(transport->log, WLOG_ERROR, "Error reading TSRequest!");
1002 return -1;
1003 }
1004 }
1005 else
1006 {
1007 pduLength = lengthEncoding;
1008 pduLength += 2;
1009 }
1010 }
1011
1012 return pduLength;
1013}
1014
1015static SSIZE_T parse_default_mode_pdu(rdpTransport* transport, wStream* stream)
1016{
1017 SSIZE_T pduLength = 0;
1018 wStream sbuffer = WINPR_C_ARRAY_INIT;
1019 wStream* s = Stream_StaticConstInit(&sbuffer, Stream_Buffer(stream), Stream_Length(stream));
1020
1021 UINT8 version = 0;
1022 if (Stream_GetRemainingLength(s) < 1)
1023 return 0;
1024 Stream_Read_UINT8(s, version);
1025 if (version == 0x03)
1026 {
1027 /* TPKT header */
1028 UINT16 length = 0;
1029 if (Stream_GetRemainingLength(s) < 3)
1030 return 0;
1031 Stream_Seek(s, 1);
1032 Stream_Read_UINT16_BE(s, length);
1033 pduLength = length;
1034
1035 /* min and max values according to ITU-T Rec. T.123 (01/2007) section 8 */
1036 if ((pduLength < 7) || (pduLength > 0xFFFF))
1037 {
1038 WLog_Print(transport->log, WLOG_ERROR, "tpkt - invalid pduLength: %" PRIdz, pduLength);
1039 return -1;
1040 }
1041 }
1042 else
1043 {
1044 /* Fast-Path Header */
1045 UINT8 length1 = 0;
1046 if (Stream_GetRemainingLength(s) < 1)
1047 return 0;
1048 Stream_Read_UINT8(s, length1);
1049 if (length1 & 0x80)
1050 {
1051 UINT8 length2 = 0;
1052 if (Stream_GetRemainingLength(s) < 1)
1053 return 0;
1054 Stream_Read_UINT8(s, length2);
1055 pduLength = ((length1 & 0x7F) << 8) | length2;
1056 }
1057 else
1058 pduLength = length1;
1059
1060 /*
1061 * fast-path has 7 bits for length so the maximum size, including headers is 0x8000
1062 * The theoretical minimum fast-path PDU consists only of two header bytes plus one
1063 * byte for data (e.g. fast-path input synchronize pdu)
1064 */
1065 if (pduLength < 3 || pduLength > 0x8000)
1066 {
1067 WLog_Print(transport->log, WLOG_ERROR, "fast path - invalid pduLength: %" PRIdz,
1068 pduLength);
1069 return -1;
1070 }
1071 }
1072
1073 return pduLength;
1074}
1075
1076SSIZE_T transport_parse_pdu(rdpTransport* transport, wStream* s, BOOL* incomplete)
1077{
1078 SSIZE_T pduLength = 0;
1079
1080 if (!transport)
1081 return -1;
1082
1083 if (!s)
1084 return -1;
1085
1086 if (incomplete)
1087 *incomplete = TRUE;
1088
1089 Stream_SealLength(s);
1090 if (transport->NlaMode)
1091 pduLength = parse_nla_mode_pdu(transport, s);
1092 else if (transport->RdstlsMode)
1093 pduLength = rdstls_parse_pdu(transport->log, s);
1094 else
1095 pduLength = parse_default_mode_pdu(transport, s);
1096
1097 if (pduLength <= 0)
1098 return pduLength;
1099
1100 const size_t len = Stream_Length(s);
1101 if (len > WINPR_ASSERTING_INT_CAST(size_t, pduLength))
1102 return -1;
1103
1104 if (incomplete)
1105 *incomplete = len < WINPR_ASSERTING_INT_CAST(size_t, pduLength);
1106
1107 return pduLength;
1108}
1109
1110static int transport_default_read_pdu(rdpTransport* transport, wStream* s)
1111{
1112 BOOL incomplete = 0;
1113 SSIZE_T status = 0;
1114 size_t pduLength = 0;
1115 size_t position = 0;
1116
1117 WINPR_ASSERT(transport);
1118 WINPR_ASSERT(s);
1119
1120 /* RDS AAD Auth PDUs have no length indicator. We need to determine the end of the PDU by
1121 * reading in one byte at a time until we encounter the terminating null byte */
1122 if (transport->AadMode)
1123 {
1124 BYTE c = '\0';
1125 do
1126 {
1127 const SSIZE_T rc = transport_read_layer(transport, &c, 1);
1128 if (rc != 1)
1129 return (rc == 0) ? 0 : -1;
1130 if (!Stream_EnsureRemainingCapacity(s, 1))
1131 return -1;
1132 Stream_Write_UINT8(s, c);
1133 } while (c != '\0');
1134 }
1135 else if (transport->earlyUserAuth)
1136 {
1137 if (!Stream_EnsureCapacity(s, 4))
1138 return -1;
1139 const SSIZE_T rc = transport_read_layer_bytes(transport, s, 4);
1140 if (rc != 1)
1141 return (rc == 0) ? 0 : -1;
1142 }
1143 else
1144 {
1145 /* Read in pdu length */
1146 status = transport_parse_pdu(transport, s, &incomplete);
1147 while ((status == 0) && incomplete)
1148 {
1149 if (!Stream_EnsureRemainingCapacity(s, 1))
1150 return -1;
1151 SSIZE_T rc = transport_read_layer_bytes(transport, s, 1);
1152 if (rc > INT32_MAX)
1153 return INT32_MAX;
1154 if (rc != 1)
1155 return (int)rc;
1156 status = transport_parse_pdu(transport, s, &incomplete);
1157 }
1158
1159 if (status < 0)
1160 return -1;
1161
1162 pduLength = (size_t)status;
1163
1164 /* Read in rest of the PDU */
1165 if (!Stream_EnsureCapacity(s, pduLength))
1166 return -1;
1167
1168 position = Stream_GetPosition(s);
1169 if (position > pduLength)
1170 return -1;
1171 else if (position < pduLength)
1172 {
1173 status = transport_read_layer_bytes(transport, s, pduLength - position);
1174 if (status != 1)
1175 {
1176 if ((status < INT32_MIN) || (status > INT32_MAX))
1177 return -1;
1178 return (int)status;
1179 }
1180 }
1181
1182 if (Stream_GetPosition(s) >= pduLength)
1183 WLog_Packet(transport->log, WLOG_TRACE, Stream_Buffer(s), pduLength,
1184 WLOG_PACKET_INBOUND);
1185 }
1186
1187 Stream_SealLength(s);
1188 Stream_SetPosition(s, 0);
1189 const size_t len = Stream_Length(s);
1190 if (len > INT32_MAX)
1191 return -1;
1192 return (int)len;
1193}
1194
1195int transport_write(rdpTransport* transport, wStream* s)
1196{
1197 if (!transport)
1198 return -1;
1199
1200 return IFCALLRESULT(-1, transport->io.WritePdu, transport, s);
1201}
1202
1203static int transport_default_write(rdpTransport* transport, wStream* s)
1204{
1205 int status = -1;
1206 rdpContext* context = transport_get_context(transport);
1207
1208 WINPR_ASSERT(transport);
1209 WINPR_ASSERT(context);
1210
1211 if (!s)
1212 return -1;
1213
1214 Stream_AddRef(s);
1215
1216 rdpRdp* rdp = context->rdp;
1217 if (!rdp)
1218 goto fail;
1219
1220 EnterCriticalSection(&(transport->WriteLock));
1221 if (!transport->frontBio)
1222 goto out_cleanup;
1223
1224 {
1225 size_t length = Stream_GetPosition(s);
1226 size_t writtenlength = length;
1227 Stream_SetPosition(s, 0);
1228
1229 if (length > 0)
1230 {
1231 rdp->outBytes += length;
1232 WLog_Packet(transport->log, WLOG_TRACE, Stream_Buffer(s), length, WLOG_PACKET_OUTBOUND);
1233 }
1234
1235 while (length > 0)
1236 {
1237 ERR_clear_error();
1238 const int towrite = (length > INT32_MAX) ? INT32_MAX : (int)length;
1239 status = BIO_write(transport->frontBio, Stream_ConstPointer(s), towrite);
1240
1241 if (status <= 0)
1242 {
1243 /* the buffered BIO that is at the end of the chain always says OK for writing,
1244 * so a retry means that for any reason we need to read. The most probable
1245 * is a SSL or TSG BIO in the chain.
1246 */
1247 if (!BIO_should_retry(transport->frontBio))
1248 {
1249 WLog_ERR_BIO(transport, "BIO_should_retry", transport->frontBio);
1250 goto out_cleanup;
1251 }
1252
1253 /* non-blocking can live with blocked IOs */
1254 if (!transport->blocking)
1255 {
1256 WLog_ERR_BIO(transport, "BIO_write", transport->frontBio);
1257 goto out_cleanup;
1258 }
1259
1260 if (BIO_wait_write(transport->frontBio, 100) < 0)
1261 {
1262 WLog_ERR_BIO(transport, "BIO_wait_write", transport->frontBio);
1263 status = -1;
1264 goto out_cleanup;
1265 }
1266
1267 continue;
1268 }
1269
1270 WINPR_ASSERT(context->settings);
1271 if (transport->blocking || context->settings->WaitForOutputBufferFlush)
1272 {
1273 while (BIO_write_blocked(transport->frontBio))
1274 {
1275 if (BIO_wait_write(transport->frontBio, 100) < 0)
1276 {
1277 WLog_Print(transport->log, WLOG_ERROR, "error when selecting for write");
1278 status = -1;
1279 goto out_cleanup;
1280 }
1281
1282 if (BIO_flush(transport->frontBio) < 1)
1283 {
1284 WLog_Print(transport->log, WLOG_ERROR, "error when flushing outputBuffer");
1285 status = -1;
1286 goto out_cleanup;
1287 }
1288 }
1289 }
1290
1291 const size_t ustatus = (size_t)status;
1292 if (ustatus > length)
1293 {
1294 status = -1;
1295 goto out_cleanup;
1296 }
1297
1298 length -= ustatus;
1299 Stream_Seek(s, ustatus);
1300 }
1301
1302 transport->written += writtenlength;
1303 }
1304out_cleanup:
1305
1306 if (status < 0)
1307 {
1308 /* A write error indicates that the peer has dropped the connection */
1309 transport->layer = TRANSPORT_LAYER_CLOSED;
1310 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
1311 }
1312
1313 LeaveCriticalSection(&(transport->WriteLock));
1314fail:
1315 Stream_Release(s);
1316 return status;
1317}
1318
1319BOOL transport_get_public_key(rdpTransport* transport, const BYTE** data, DWORD* length)
1320{
1321 return IFCALLRESULT(FALSE, transport->io.GetPublicKey, transport, data, length);
1322}
1323
1324static BOOL transport_default_get_public_key(rdpTransport* transport, const BYTE** data,
1325 DWORD* length)
1326{
1327 rdpTls* tls = transport_get_tls(transport);
1328 if (!tls)
1329 return FALSE;
1330
1331 *data = tls->PublicKey;
1332 *length = tls->PublicKeyLength;
1333
1334 return TRUE;
1335}
1336
1337DWORD transport_get_event_handles(rdpTransport* transport, HANDLE* events, DWORD count)
1338{
1339 DWORD nCount = 0; /* always the reread Event */
1340
1341 WINPR_ASSERT(transport);
1342 WINPR_ASSERT(events);
1343 WINPR_ASSERT(count > 0);
1344
1345 if (events)
1346 {
1347 if (count < 1)
1348 {
1349 WLog_Print(transport->log, WLOG_ERROR, "provided handles array is too small");
1350 return 0;
1351 }
1352
1353 events[nCount++] = transport->rereadEvent;
1354
1355 if (transport->useIoEvent)
1356 {
1357 if (count < 2)
1358 return 0;
1359 events[nCount++] = transport->ioEvent;
1360 }
1361 }
1362
1363 if (!transport->GatewayEnabled)
1364 {
1365 if (events)
1366 {
1367 if (nCount >= count)
1368 {
1369 WLog_Print(transport->log, WLOG_ERROR,
1370 "provided handles array is too small (count=%" PRIu32 " nCount=%" PRIu32
1371 ")",
1372 count, nCount);
1373 return 0;
1374 }
1375
1376 if (transport->frontBio)
1377 {
1378 if (BIO_get_event(transport->frontBio, &events[nCount]) != 1)
1379 {
1380 WLog_Print(transport->log, WLOG_ERROR, "error getting the frontBio handle");
1381 return 0;
1382 }
1383 nCount++;
1384 }
1385 }
1386 }
1387 else
1388 {
1389 if (transport->rdg)
1390 {
1391 const DWORD tmp =
1392 rdg_get_event_handles(transport->rdg, &events[nCount], count - nCount);
1393
1394 if (tmp == 0)
1395 return 0;
1396
1397 nCount += tmp;
1398 }
1399 else if (transport->tsg)
1400 {
1401 const DWORD tmp =
1402 tsg_get_event_handles(transport->tsg, &events[nCount], count - nCount);
1403
1404 if (tmp == 0)
1405 return 0;
1406
1407 nCount += tmp;
1408 }
1409 else if (transport->wst)
1410 {
1411 const DWORD tmp =
1412 wst_get_event_handles(transport->wst, &events[nCount], count - nCount);
1413
1414 if (tmp == 0)
1415 return 0;
1416
1417 nCount += tmp;
1418 }
1419 }
1420
1421 return nCount;
1422}
1423
1424#if defined(WITH_FREERDP_DEPRECATED)
1425void transport_get_fds(rdpTransport* transport, void** rfds, int* rcount)
1426{
1427 DWORD nCount = 0;
1428 HANDLE events[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
1429
1430 WINPR_ASSERT(transport);
1431 WINPR_ASSERT(rfds);
1432 WINPR_ASSERT(rcount);
1433
1434 nCount = transport_get_event_handles(transport, events, ARRAYSIZE(events));
1435 *rcount = nCount + 1;
1436
1437 for (DWORD index = 0; index < nCount; index++)
1438 {
1439 rfds[index] = GetEventWaitObject(events[index]);
1440 }
1441
1442 rfds[nCount] = GetEventWaitObject(transport->rereadEvent);
1443}
1444#endif
1445
1446BOOL transport_is_write_blocked(rdpTransport* transport)
1447{
1448 WINPR_ASSERT(transport);
1449 WINPR_ASSERT(transport->frontBio);
1450 return BIO_write_blocked(transport->frontBio) != 0;
1451}
1452
1453int transport_drain_output_buffer(rdpTransport* transport)
1454{
1455 BOOL status = FALSE;
1456
1457 WINPR_ASSERT(transport);
1458 WINPR_ASSERT(transport->frontBio);
1459 if (BIO_write_blocked(transport->frontBio))
1460 {
1461 if (BIO_flush(transport->frontBio) < 1)
1462 return -1;
1463
1464 const long rc = BIO_write_blocked(transport->frontBio);
1465 status = (rc != 0);
1466 }
1467
1468 return status;
1469}
1470
1471int transport_check_fds(rdpTransport* transport)
1472{
1473 int status = 0;
1474 state_run_t recv_status = STATE_RUN_FAILED;
1475 wStream* received = nullptr;
1476 rdpContext* context = transport_get_context(transport);
1477
1478 WINPR_ASSERT(context);
1479
1480 if (transport->layer == TRANSPORT_LAYER_CLOSED)
1481 {
1482 WLog_Print(transport->log, WLOG_DEBUG, "transport_check_fds: transport layer closed");
1483 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
1484 return -1;
1485 }
1486
1496 if ((status = transport_read_pdu(transport, transport->ReceiveBuffer)) <= 0)
1497 {
1498 if (status < 0)
1499 WLog_Print(transport->log, WLOG_DEBUG, "transport_check_fds: transport_read_pdu() - %i",
1500 status);
1501 if (transport->haveMoreBytesToRead)
1502 {
1503 transport->haveMoreBytesToRead = FALSE;
1504 (void)ResetEvent(transport->rereadEvent);
1505 }
1506 return status;
1507 }
1508
1509 received = transport->ReceiveBuffer;
1510 transport->ReceiveBuffer = StreamPool_Take(transport->ReceivePool, 0);
1511 if (!transport->ReceiveBuffer)
1512 {
1513 Stream_Release(received);
1514 return -1;
1515 }
1516
1523 WINPR_ASSERT(transport->ReceiveCallback);
1524 recv_status = transport->ReceiveCallback(transport, received, transport->ReceiveExtra);
1525 Stream_Release(received);
1526
1527 if (state_run_failed(recv_status))
1528 {
1529 char buffer[64] = WINPR_C_ARRAY_INIT;
1530 WLog_Print(transport->log, WLOG_ERROR,
1531 "transport_check_fds: transport->ReceiveCallback() - %s",
1532 state_run_result_string(recv_status, buffer, ARRAYSIZE(buffer)));
1533 return -1;
1534 }
1535
1536 /* Run this again to be sure we consumed all input data.
1537 * This will be repeated until a (not fully) received packet is in buffer
1538 */
1539 if (!transport->haveMoreBytesToRead)
1540 {
1541 transport->haveMoreBytesToRead = TRUE;
1542 (void)SetEvent(transport->rereadEvent);
1543 }
1544 return recv_status;
1545}
1546
1547BOOL transport_set_blocking_mode(rdpTransport* transport, BOOL blocking)
1548{
1549 WINPR_ASSERT(transport);
1550
1551 return IFCALLRESULT(FALSE, transport->io.SetBlockingMode, transport, blocking);
1552}
1553
1554static BOOL transport_default_set_blocking_mode(rdpTransport* transport, BOOL blocking)
1555{
1556 WINPR_ASSERT(transport);
1557
1558 transport->blocking = blocking;
1559
1560 if (transport->frontBio)
1561 {
1562 if (!BIO_set_nonblock(transport->frontBio, !(blocking)))
1563 return FALSE;
1564 }
1565
1566 return TRUE;
1567}
1568
1569rdpTransportLayer* transport_connect_layer(rdpTransport* transport, const char* hostname, int port,
1570 DWORD timeout)
1571{
1572 WINPR_ASSERT(transport);
1573
1574 return IFCALLRESULT(nullptr, transport->io.ConnectLayer, transport, hostname, port, timeout);
1575}
1576
1577static rdpTransportLayer* transport_default_connect_layer(rdpTransport* transport,
1578 const char* hostname, int port,
1579 DWORD timeout)
1580{
1581 rdpContext* context = transport_get_context(transport);
1582 WINPR_ASSERT(context);
1583
1584 return freerdp_tcp_connect_layer(context, hostname, port, timeout);
1585}
1586
1587BOOL transport_attach_layer(rdpTransport* transport, rdpTransportLayer* layer)
1588{
1589 WINPR_ASSERT(transport);
1590 WINPR_ASSERT(layer);
1591
1592 return IFCALLRESULT(FALSE, transport->io.AttachLayer, transport, layer);
1593}
1594
1595static BOOL transport_default_attach_layer(rdpTransport* transport, rdpTransportLayer* layer)
1596{
1597 BIO* layerBio = BIO_new(BIO_s_transport_layer());
1598 if (!layerBio)
1599 goto fail;
1600
1601 {
1602 BIO* bufferedBio = BIO_new(BIO_s_buffered_socket());
1603 if (!bufferedBio)
1604 goto fail;
1605
1606 bufferedBio = BIO_push(bufferedBio, layerBio);
1607 if (!bufferedBio)
1608 goto fail;
1609
1610 /* BIO takes over the layer reference at this point. */
1611 BIO_set_data(layerBio, layer);
1612
1613 transport->frontBio = bufferedBio;
1614 }
1615 return TRUE;
1616
1617fail:
1618 if (layerBio)
1619 BIO_free_all(layerBio);
1620
1621 return FALSE;
1622}
1623
1624void transport_set_gateway_enabled(rdpTransport* transport, BOOL GatewayEnabled)
1625{
1626 WINPR_ASSERT(transport);
1627 transport->GatewayEnabled = GatewayEnabled;
1628}
1629
1630void transport_set_nla_mode(rdpTransport* transport, BOOL NlaMode)
1631{
1632 WINPR_ASSERT(transport);
1633 transport->NlaMode = NlaMode;
1634}
1635
1636void transport_set_rdstls_mode(rdpTransport* transport, BOOL RdstlsMode)
1637{
1638 WINPR_ASSERT(transport);
1639 transport->RdstlsMode = RdstlsMode;
1640}
1641
1642void transport_set_aad_mode(rdpTransport* transport, BOOL AadMode)
1643{
1644 WINPR_ASSERT(transport);
1645 transport->AadMode = AadMode;
1646}
1647
1648BOOL transport_disconnect(rdpTransport* transport)
1649{
1650 if (!transport)
1651 return FALSE;
1652 return IFCALLRESULT(FALSE, transport->io.TransportDisconnect, transport);
1653}
1654
1655static BOOL transport_default_disconnect(rdpTransport* transport)
1656{
1657 BOOL status = TRUE;
1658
1659 if (!transport)
1660 return FALSE;
1661
1662 EnterCriticalSection(&(transport->ReadLock));
1663 EnterCriticalSection(&(transport->WriteLock));
1664 if (transport->tls)
1665 {
1666 freerdp_tls_free(transport->tls);
1667 transport->tls = nullptr;
1668 }
1669 else
1670 {
1671 if (transport->frontBio)
1672 BIO_free_all(transport->frontBio);
1673 }
1674
1675 if (transport->tsg)
1676 {
1677 tsg_free(transport->tsg);
1678 transport->tsg = nullptr;
1679 }
1680
1681 if (transport->rdg)
1682 {
1683 rdg_free(transport->rdg);
1684 transport->rdg = nullptr;
1685 }
1686
1687 if (transport->wst)
1688 {
1689 wst_free(transport->wst);
1690 transport->wst = nullptr;
1691 }
1692
1693 transport->frontBio = nullptr;
1694 transport->layer = TRANSPORT_LAYER_TCP;
1695 transport->earlyUserAuth = FALSE;
1696 LeaveCriticalSection(&(transport->WriteLock));
1697 LeaveCriticalSection(&(transport->ReadLock));
1698 return status;
1699}
1700
1701rdpTransport* transport_new(rdpContext* context)
1702{
1703 rdpTransport* transport = (rdpTransport*)calloc(1, sizeof(rdpTransport));
1704
1705 WINPR_ASSERT(context);
1706 if (!transport)
1707 return nullptr;
1708
1709 transport->log = WLog_Get(TAG);
1710
1711 if (!transport->log)
1712 goto fail;
1713
1714 transport->context = context;
1715 transport->haveReadLock = InitializeCriticalSectionAndSpinCount(&(transport->ReadLock), 4000);
1716 transport->haveWriteLock = InitializeCriticalSectionAndSpinCount(&(transport->WriteLock), 4000);
1717 if (!transport->haveReadLock || !transport->haveWriteLock)
1718 goto fail;
1719
1720 transport->ReceivePool = StreamPool_New(TRUE, BUFFER_SIZE);
1721
1722 if (!transport->ReceivePool)
1723 goto fail;
1724
1725 /* receive buffer for non-blocking read. */
1726 transport->ReceiveBuffer = StreamPool_Take(transport->ReceivePool, 0);
1727
1728 if (!transport->ReceiveBuffer)
1729 goto fail;
1730
1731 transport->connectedEvent = CreateEvent(nullptr, TRUE, FALSE, nullptr);
1732
1733 if (!transport->connectedEvent || transport->connectedEvent == INVALID_HANDLE_VALUE)
1734 goto fail;
1735
1736 transport->rereadEvent = CreateEvent(nullptr, TRUE, FALSE, nullptr);
1737
1738 if (!transport->rereadEvent || transport->rereadEvent == INVALID_HANDLE_VALUE)
1739 goto fail;
1740
1741 transport->ioEvent = CreateEvent(nullptr, TRUE, FALSE, nullptr);
1742
1743 if (!transport->ioEvent || transport->ioEvent == INVALID_HANDLE_VALUE)
1744 goto fail;
1745
1746 transport->haveMoreBytesToRead = FALSE;
1747 transport->blocking = TRUE;
1748 transport->GatewayEnabled = FALSE;
1749 transport->layer = TRANSPORT_LAYER_TCP;
1750
1751 // transport->io.DataHandler = transport_data_handler;
1752 transport->io.TCPConnect = freerdp_tcp_default_connect;
1753 transport->io.TLSConnect = transport_default_connect_tls;
1754 transport->io.TLSAccept = transport_default_accept_tls;
1755 transport->io.TransportAttach = transport_default_attach;
1756 transport->io.TransportDisconnect = transport_default_disconnect;
1757 transport->io.ReadPdu = transport_default_read_pdu;
1758 transport->io.WritePdu = transport_default_write;
1759 transport->io.ReadBytes = transport_read_layer;
1760 transport->io.GetPublicKey = transport_default_get_public_key;
1761 transport->io.SetBlockingMode = transport_default_set_blocking_mode;
1762 transport->io.ConnectLayer = transport_default_connect_layer;
1763 transport->io.AttachLayer = transport_default_attach_layer;
1764
1765 return transport;
1766fail:
1767 WINPR_PRAGMA_DIAG_PUSH
1768 WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
1769 transport_free(transport);
1770 WINPR_PRAGMA_DIAG_POP
1771 return nullptr;
1772}
1773
1774void transport_free(rdpTransport* transport)
1775{
1776 if (!transport)
1777 return;
1778
1779 transport_disconnect(transport);
1780
1781 if (transport->haveReadLock)
1782 EnterCriticalSection(&(transport->ReadLock));
1783
1784 if (transport->ReceiveBuffer)
1785 Stream_Release(transport->ReceiveBuffer);
1786
1787 if (transport->haveReadLock)
1788 LeaveCriticalSection(&(transport->ReadLock));
1789
1790 if (transport->ReceivePool)
1791 (void)StreamPool_WaitForReturn(transport->ReceivePool, INFINITE);
1792
1793 if (transport->haveReadLock)
1794 EnterCriticalSection(&(transport->ReadLock));
1795
1796 if (transport->haveWriteLock)
1797 EnterCriticalSection(&(transport->WriteLock));
1798
1799 nla_free(transport->nla);
1800 StreamPool_Free(transport->ReceivePool);
1801 (void)CloseHandle(transport->connectedEvent);
1802 (void)CloseHandle(transport->rereadEvent);
1803 (void)CloseHandle(transport->ioEvent);
1804
1805 if (transport->haveReadLock)
1806 LeaveCriticalSection(&(transport->ReadLock));
1807 DeleteCriticalSection(&(transport->ReadLock));
1808
1809 if (transport->haveWriteLock)
1810 LeaveCriticalSection(&(transport->WriteLock));
1811 DeleteCriticalSection(&(transport->WriteLock));
1812 free(transport);
1813}
1814
1815BOOL transport_set_io_callbacks(rdpTransport* transport, const rdpTransportIo* io_callbacks)
1816{
1817 if (!transport || !io_callbacks)
1818 return FALSE;
1819
1820 transport->io = *io_callbacks;
1821 return TRUE;
1822}
1823
1824const rdpTransportIo* transport_get_io_callbacks(const rdpTransport* transport)
1825{
1826 if (!transport)
1827 return nullptr;
1828 return &transport->io;
1829}
1830
1831rdpContext* transport_get_context(rdpTransport* transport)
1832{
1833 WINPR_ASSERT(transport);
1834 return transport->context;
1835}
1836
1837rdpTransport* freerdp_get_transport(rdpContext* context)
1838{
1839 WINPR_ASSERT(context);
1840 WINPR_ASSERT(context->rdp);
1841 return context->rdp->transport;
1842}
1843
1844BOOL transport_set_nla(rdpTransport* transport, rdpNla* nla)
1845{
1846 WINPR_ASSERT(transport);
1847 nla_free(transport->nla);
1848 transport->nla = nla;
1849 return TRUE;
1850}
1851
1852rdpNla* transport_get_nla(rdpTransport* transport)
1853{
1854 WINPR_ASSERT(transport);
1855 return transport->nla;
1856}
1857
1858BOOL transport_set_tls(rdpTransport* transport, rdpTls* tls)
1859{
1860 WINPR_ASSERT(transport);
1861 freerdp_tls_free(transport->tls);
1862 transport->tls = tls;
1863 return TRUE;
1864}
1865
1866rdpTls* transport_get_tls(rdpTransport* transport)
1867{
1868 WINPR_ASSERT(transport);
1869 return transport->tls;
1870}
1871
1872BOOL transport_set_tsg(rdpTransport* transport, rdpTsg* tsg)
1873{
1874 WINPR_ASSERT(transport);
1875 tsg_free(transport->tsg);
1876 transport->tsg = tsg;
1877 return TRUE;
1878}
1879
1880rdpTsg* transport_get_tsg(rdpTransport* transport)
1881{
1882 WINPR_ASSERT(transport);
1883 return transport->tsg;
1884}
1885
1886wStream* transport_take_from_pool(rdpTransport* transport, size_t size)
1887{
1888 WINPR_ASSERT(transport);
1889 if (!transport->frontBio)
1890 return nullptr;
1891 return StreamPool_Take(transport->ReceivePool, size);
1892}
1893
1894UINT64 transport_get_bytes_sent(rdpTransport* transport, BOOL resetCount)
1895{
1896 UINT64 rc = 0;
1897 WINPR_ASSERT(transport);
1898 rc = transport->written;
1899 if (resetCount)
1900 transport->written = 0;
1901 return rc;
1902}
1903
1904TRANSPORT_LAYER transport_get_layer(rdpTransport* transport)
1905{
1906 WINPR_ASSERT(transport);
1907 return transport->layer;
1908}
1909
1910BOOL transport_set_layer(rdpTransport* transport, TRANSPORT_LAYER layer)
1911{
1912 WINPR_ASSERT(transport);
1913 transport->layer = layer;
1914 return TRUE;
1915}
1916
1917BOOL transport_set_connected_event(rdpTransport* transport)
1918{
1919 WINPR_ASSERT(transport);
1920 return SetEvent(transport->connectedEvent);
1921}
1922
1923BOOL transport_set_recv_callbacks(rdpTransport* transport, TransportRecv recv, void* extra)
1924{
1925 WINPR_ASSERT(transport);
1926 transport->ReceiveCallback = recv;
1927 transport->ReceiveExtra = extra;
1928 return TRUE;
1929}
1930
1931BOOL transport_get_blocking(const rdpTransport* transport)
1932{
1933 WINPR_ASSERT(transport);
1934 return transport->blocking;
1935}
1936
1937BOOL transport_set_blocking(rdpTransport* transport, BOOL blocking)
1938{
1939 WINPR_ASSERT(transport);
1940 transport->blocking = blocking;
1941 return TRUE;
1942}
1943
1944BOOL transport_have_more_bytes_to_read(rdpTransport* transport)
1945{
1946 WINPR_ASSERT(transport);
1947 return transport->haveMoreBytesToRead;
1948}
1949
1950int transport_tcp_connect(rdpTransport* transport, const char* hostname, int port, DWORD timeout)
1951{
1952 rdpContext* context = transport_get_context(transport);
1953 WINPR_ASSERT(context);
1954 WINPR_ASSERT(context->settings);
1955 return IFCALLRESULT(-1, transport->io.TCPConnect, context, context->settings, hostname, port,
1956 timeout);
1957}
1958
1959HANDLE transport_get_front_bio(rdpTransport* transport)
1960{
1961 HANDLE hEvent = nullptr;
1962 WINPR_ASSERT(transport);
1963 WINPR_ASSERT(transport->frontBio);
1964
1965 BIO_get_event(transport->frontBio, &hEvent);
1966 return hEvent;
1967}
1968
1969BOOL transport_io_callback_set_event(rdpTransport* transport, BOOL set)
1970{
1971 WINPR_ASSERT(transport);
1972 transport->useIoEvent = TRUE;
1973 if (!set)
1974 return ResetEvent(transport->ioEvent);
1975 return SetEvent(transport->ioEvent);
1976}
1977
1978void transport_set_early_user_auth_mode(rdpTransport* transport, BOOL EUAMode)
1979{
1980 WINPR_ASSERT(transport);
1981 transport->earlyUserAuth = EUAMode;
1982 WLog_Print(transport->log, WLOG_DEBUG, "Early User Auth Mode: %s", EUAMode ? "on" : "off");
1983}
1984
1985rdpTransportLayer* transport_layer_new(WINPR_ATTR_UNUSED rdpTransport* transport,
1986 size_t contextSize)
1987{
1988 rdpTransportLayerInt* layer = (rdpTransportLayerInt*)calloc(1, sizeof(rdpTransportLayerInt));
1989 if (!layer)
1990 return nullptr;
1991
1992 if (contextSize)
1993 {
1994 layer->userContextShadowPtr = calloc(1, contextSize);
1995 if (!layer->userContextShadowPtr)
1996 {
1997 free(layer);
1998 return nullptr;
1999 }
2000 }
2001 layer->pub.userContext = layer->userContextShadowPtr;
2002
2003 return &layer->pub;
2004}
2005
2006void transport_layer_free(rdpTransportLayer* layer)
2007{
2008 rdpTransportLayerInt* intern = (rdpTransportLayerInt*)layer;
2009 if (!layer)
2010 return;
2011
2012 if (intern->pub.Close)
2013 intern->pub.Close(intern->pub.userContext);
2014 free(intern->userContextShadowPtr);
2015 free(intern);
2016}
2017
2018static int transport_layer_bio_write(BIO* bio, const char* buf, int size)
2019{
2020 if (!buf || !size)
2021 return 0;
2022 if (size < 0)
2023 return -1;
2024
2025 WINPR_ASSERT(bio);
2026
2027 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2028 if (!layer)
2029 return -1;
2030
2031 BIO_clear_flags(bio, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
2032
2033 errno = 0;
2034 const int status = IFCALLRESULT(-1, layer->Write, layer->userContext, buf, size);
2035
2036 if (status >= 0 && status < size)
2037 BIO_set_flags(bio, (BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY));
2038
2039 switch (errno)
2040 {
2041 case EAGAIN:
2042 BIO_set_flags(bio, (BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY));
2043 break;
2044 default:
2045 break;
2046 }
2047
2048 return status;
2049}
2050
2051static int transport_layer_bio_read(BIO* bio, char* buf, int size)
2052{
2053 if (!buf || !size)
2054 return 0;
2055 if (size < 0)
2056 return -1;
2057
2058 WINPR_ASSERT(bio);
2059
2060 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2061 if (!layer)
2062 return -1;
2063
2064 BIO_clear_flags(bio, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
2065 errno = 0;
2066 const int status = IFCALLRESULT(-1, layer->Read, layer->userContext, buf, size);
2067
2068 switch (errno)
2069 {
2070 case EAGAIN:
2071 BIO_set_flags(bio, (BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY));
2072 break;
2073 default:
2074 break;
2075 }
2076
2077 return status;
2078}
2079
2080static int transport_layer_bio_puts(WINPR_ATTR_UNUSED BIO* bio, WINPR_ATTR_UNUSED const char* str)
2081{
2082 return -2;
2083}
2084
2085static int transport_layer_bio_gets(WINPR_ATTR_UNUSED BIO* bio, WINPR_ATTR_UNUSED char* str,
2086 WINPR_ATTR_UNUSED int size)
2087{
2088 return 1;
2089}
2090
2091static long transport_layer_bio_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
2092{
2093 WINPR_ASSERT(bio);
2094
2095 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2096 if (!layer)
2097 return -1;
2098
2099 int status = -1;
2100 switch (cmd)
2101 {
2102 case BIO_C_GET_EVENT:
2103 *((HANDLE*)arg2) = IFCALLRESULT(nullptr, layer->GetEvent, layer->userContext);
2104 status = 1;
2105 break;
2106
2107 case BIO_C_SET_NONBLOCK:
2108 status = 1;
2109 break;
2110
2111 case BIO_C_WAIT_READ:
2112 {
2113 int timeout = (int)arg1;
2114 BOOL r = IFCALLRESULT(FALSE, layer->Wait, layer->userContext, FALSE,
2115 WINPR_ASSERTING_INT_CAST(uint32_t, timeout));
2116 /* Convert timeout to error return */
2117 if (!r)
2118 {
2119 errno = ETIMEDOUT;
2120 status = 0;
2121 }
2122 else
2123 status = 1;
2124 break;
2125 }
2126
2127 case BIO_C_WAIT_WRITE:
2128 {
2129 int timeout = (int)arg1;
2130 BOOL r = IFCALLRESULT(FALSE, layer->Wait, layer->userContext, TRUE,
2131 WINPR_ASSERTING_INT_CAST(uint32_t, timeout));
2132 /* Convert timeout to error return */
2133 if (!r)
2134 {
2135 errno = ETIMEDOUT;
2136 status = 0;
2137 }
2138 else
2139 status = 1;
2140 break;
2141 }
2142
2143 case BIO_CTRL_GET_CLOSE:
2144 status = BIO_get_shutdown(bio);
2145 break;
2146
2147 case BIO_CTRL_SET_CLOSE:
2148 BIO_set_shutdown(bio, (int)arg1);
2149 status = 1;
2150 break;
2151
2152 case BIO_CTRL_FLUSH:
2153 case BIO_CTRL_DUP:
2154 status = 1;
2155 break;
2156
2157 default:
2158 status = 0;
2159 break;
2160 }
2161
2162 return status;
2163}
2164
2165static int transport_layer_bio_new(BIO* bio)
2166{
2167 WINPR_ASSERT(bio);
2168
2169 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2170 BIO_set_init(bio, 1);
2171 return 1;
2172}
2173
2174static int transport_layer_bio_free(BIO* bio)
2175{
2176 if (!bio)
2177 return 0;
2178
2179 rdpTransportLayer* layer = (rdpTransportLayer*)BIO_get_data(bio);
2180 if (layer)
2181 transport_layer_free(layer);
2182
2183 BIO_set_data(bio, nullptr);
2184 BIO_set_init(bio, 0);
2185 BIO_set_flags(bio, 0);
2186
2187 return 1;
2188}
2189
2190BIO_METHOD* BIO_s_transport_layer(void)
2191{
2192 static BIO_METHOD* bio_methods = nullptr;
2193
2194 if (bio_methods == nullptr)
2195 {
2196 if (!(bio_methods = BIO_meth_new(BIO_TYPE_SIMPLE, "TransportLayer")))
2197 return nullptr;
2198
2199 BIO_meth_set_write(bio_methods, transport_layer_bio_write);
2200 BIO_meth_set_read(bio_methods, transport_layer_bio_read);
2201 BIO_meth_set_puts(bio_methods, transport_layer_bio_puts);
2202 BIO_meth_set_gets(bio_methods, transport_layer_bio_gets);
2203 BIO_meth_set_ctrl(bio_methods, transport_layer_bio_ctrl);
2204 BIO_meth_set_create(bio_methods, transport_layer_bio_new);
2205 BIO_meth_set_destroy(bio_methods, transport_layer_bio_free);
2206 }
2207
2208 return bio_methods;
2209}
freerdp_settings_get_server_name
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_server_name(const rdpSettings *settings)
A helper function to return the correct server name.
Definition common/settings.c:2009
RTL_CRITICAL_SECTION
Definition include/winpr/synch.h:174