/** * FreeRDP: A Remote Desktop Protocol Implementation * * Copyright 2014 Marc-Andre Moreau * Copyright 2017 Armin Novak * Copyright 2017 Thincast Technologies GmbH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include #include #include #include #include #include #include #ifndef _WIN32 #include #include #endif #include "shadow.h" #define TAG SERVER_TAG("shadow") static const char bind_address[] = "bind-address,"; #define fail_at(arg, rc) fail_at_((arg), (rc), __FILE__, __func__, __LINE__) static int fail_at_(const COMMAND_LINE_ARGUMENT_A* arg, int rc, const char* file, const char* fkt, size_t line) { const DWORD level = WLOG_ERROR; wLog* log = WLog_Get(TAG); if (WLog_IsLevelActive(log, level)) WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, level, line, file, fkt, "Command line parsing failed at '%s' value '%s' [%d]", arg->Name, arg->Value, rc); return rc; } static int shadow_server_print_command_line_help(int argc, char** argv, COMMAND_LINE_ARGUMENT_A* largs) { char* str = NULL; size_t length = 0; const COMMAND_LINE_ARGUMENT_A* arg = NULL; if ((argc < 1) || !largs || !argv) return -1; char* path = winpr_GetConfigFilePath(TRUE, "SAM"); printf("Usage: %s [options]\n", argv[0]); printf("\n"); printf("Notes: By default NLA security is active.\n"); printf("\tIn this mode a SAM database is required.\n"); printf("\tProvide one with /sam-file:\n"); printf("\telse the default path %s is used.\n", path); printf("\tIf there is no existing SAM file authentication for all users will fail.\n"); printf( "\n\tIf authentication against PAM is desired, start with -sec-nla (requires compiled in " "support for PAM)\n\n"); printf("Syntax:\n"); printf(" /flag (enables flag)\n"); printf(" /option: (specifies option with value)\n"); printf(" +toggle -toggle (enables or disables toggle, where '/' is a synonym of '+')\n"); printf("\n"); free(path); arg = largs; do { if (arg->Flags & COMMAND_LINE_VALUE_FLAG) { printf(" %s", "/"); printf("%-20s\n", arg->Name); printf("\t%s\n", arg->Text); } else if ((arg->Flags & COMMAND_LINE_VALUE_REQUIRED) || (arg->Flags & COMMAND_LINE_VALUE_OPTIONAL)) { printf(" %s", "/"); if (arg->Format) { length = (strlen(arg->Name) + strlen(arg->Format) + 2); str = (char*)malloc(length + 1); if (!str) return -1; (void)sprintf_s(str, length + 1, "%s:%s", arg->Name, arg->Format); (void)printf("%-20s\n", str); free(str); } else { printf("%-20s\n", arg->Name); } printf("\t%s\n", arg->Text); } else if (arg->Flags & COMMAND_LINE_VALUE_BOOL) { length = strlen(arg->Name) + 32; str = (char*)malloc(length + 1); if (!str) return -1; (void)sprintf_s(str, length + 1, "%s (default:%s)", arg->Name, arg->Default ? "on" : "off"); (void)printf(" %s", arg->Default ? "-" : "+"); (void)printf("%-20s\n", str); free(str); (void)printf("\t%s\n", arg->Text); } } while ((arg = CommandLineFindNextArgumentA(arg)) != NULL); return 1; } int shadow_server_command_line_status_print(rdpShadowServer* server, int argc, char** argv, int status, COMMAND_LINE_ARGUMENT_A* cargs) { WINPR_UNUSED(server); if (status == COMMAND_LINE_STATUS_PRINT_VERSION) { printf("FreeRDP version %s (git %s)\n", FREERDP_VERSION_FULL, FREERDP_GIT_REVISION); return COMMAND_LINE_STATUS_PRINT_VERSION; } else if (status == COMMAND_LINE_STATUS_PRINT_BUILDCONFIG) { printf("%s\n", freerdp_get_build_config()); return COMMAND_LINE_STATUS_PRINT_BUILDCONFIG; } else if (status == COMMAND_LINE_STATUS_PRINT) { return COMMAND_LINE_STATUS_PRINT; } else if (status < 0) { if (shadow_server_print_command_line_help(argc, argv, cargs) < 0) return -1; return COMMAND_LINE_STATUS_PRINT_HELP; } return 1; } int shadow_server_parse_command_line(rdpShadowServer* server, int argc, char** argv, COMMAND_LINE_ARGUMENT_A* cargs) { int status = 0; DWORD flags = 0; const COMMAND_LINE_ARGUMENT_A* arg = NULL; rdpSettings* settings = server->settings; if ((argc < 2) || !argv || !cargs) return 1; CommandLineClearArgumentsA(cargs); flags = COMMAND_LINE_SEPARATOR_COLON; flags |= COMMAND_LINE_SIGIL_SLASH | COMMAND_LINE_SIGIL_PLUS_MINUS; status = CommandLineParseArgumentsA(argc, argv, cargs, flags, server, NULL, NULL); if (status < 0) return status; arg = cargs; errno = 0; do { if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT)) continue; CommandLineSwitchStart(arg) CommandLineSwitchCase(arg, "port") { long val = strtol(arg->Value, NULL, 0); if ((errno != 0) || (val <= 0) || (val > UINT16_MAX)) return fail_at(arg, COMMAND_LINE_ERROR); server->port = (DWORD)val; } CommandLineSwitchCase(arg, "ipc-socket") { /* /bind-address is incompatible */ if (server->ipcSocket) return fail_at(arg, COMMAND_LINE_ERROR); server->ipcSocket = _strdup(arg->Value); if (!server->ipcSocket) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "bind-address") { int rc = 0; size_t len = strlen(arg->Value) + sizeof(bind_address); /* /ipc-socket is incompatible */ if (server->ipcSocket) return fail_at(arg, COMMAND_LINE_ERROR); server->ipcSocket = calloc(len, sizeof(CHAR)); if (!server->ipcSocket) return fail_at(arg, COMMAND_LINE_ERROR); rc = _snprintf(server->ipcSocket, len, "%s%s", bind_address, arg->Value); if ((rc < 0) || ((size_t)rc != len - 1)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "may-view") { server->mayView = arg->Value ? TRUE : FALSE; } CommandLineSwitchCase(arg, "may-interact") { server->mayInteract = arg->Value ? TRUE : FALSE; } CommandLineSwitchCase(arg, "max-connections") { errno = 0; unsigned long val = strtoul(arg->Value, NULL, 0); if ((errno != 0) || (val > UINT32_MAX)) return fail_at(arg, COMMAND_LINE_ERROR); server->maxClientsConnected = val; } CommandLineSwitchCase(arg, "rect") { char* p = NULL; char* tok[4]; long x = -1; long y = -1; long w = -1; long h = -1; char* str = _strdup(arg->Value); if (!str) return fail_at(arg, COMMAND_LINE_ERROR); tok[0] = p = str; p = strchr(p + 1, ','); if (!p) { free(str); return fail_at(arg, COMMAND_LINE_ERROR); } *p++ = '\0'; tok[1] = p; p = strchr(p + 1, ','); if (!p) { free(str); return fail_at(arg, COMMAND_LINE_ERROR); } *p++ = '\0'; tok[2] = p; p = strchr(p + 1, ','); if (!p) { free(str); return fail_at(arg, COMMAND_LINE_ERROR); } *p++ = '\0'; tok[3] = p; x = strtol(tok[0], NULL, 0); if (errno != 0) goto fail; y = strtol(tok[1], NULL, 0); if (errno != 0) goto fail; w = strtol(tok[2], NULL, 0); if (errno != 0) goto fail; h = strtol(tok[3], NULL, 0); if (errno != 0) goto fail; fail: free(str); if ((x < 0) || (y < 0) || (w < 1) || (h < 1) || (errno != 0)) return fail_at(arg, COMMAND_LINE_ERROR); if ((x > UINT16_MAX) || (y > UINT16_MAX) || (x + w > UINT16_MAX) || (y + h > UINT16_MAX)) return fail_at(arg, COMMAND_LINE_ERROR); server->subRect.left = (UINT16)x; server->subRect.top = (UINT16)y; server->subRect.right = (UINT16)(x + w); server->subRect.bottom = (UINT16)(y + h); server->shareSubRect = TRUE; } CommandLineSwitchCase(arg, "auth") { server->authentication = arg->Value ? TRUE : FALSE; } CommandLineSwitchCase(arg, "remote-guard") { if (!freerdp_settings_set_bool(settings, FreeRDP_RemoteCredentialGuard, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "sec") { if (strcmp("rdp", arg->Value) == 0) /* Standard RDP */ { if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, TRUE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, TRUE)) return fail_at(arg, COMMAND_LINE_ERROR); } else if (strcmp("tls", arg->Value) == 0) /* TLS */ { if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, TRUE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } else if (strcmp("nla", arg->Value) == 0) /* NLA */ { if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, TRUE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } else if (strcmp("ext", arg->Value) == 0) /* NLA Extended */ { if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, TRUE)) return fail_at(arg, COMMAND_LINE_ERROR); } else { WLog_ERR(TAG, "unknown protocol security: %s", arg->Value); return fail_at(arg, COMMAND_LINE_ERROR_UNEXPECTED_VALUE); } } CommandLineSwitchCase(arg, "sec-rdp") { if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "sec-tls") { if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "sec-nla") { if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "sec-ext") { if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "sam-file") { if (!freerdp_settings_set_string(settings, FreeRDP_NtlmSamFile, arg->Value)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "log-level") { wLog* root = WLog_GetRoot(); if (!WLog_SetStringLogLevel(root, arg->Value)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "log-filters") { if (!WLog_AddStringLogFilters(arg->Value)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "nsc") { if (!freerdp_settings_set_bool(settings, FreeRDP_NSCodec, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "rfx") { if (!freerdp_settings_set_bool(settings, FreeRDP_RemoteFxCodec, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "gfx") { if (!freerdp_settings_set_bool(settings, FreeRDP_SupportGraphicsPipeline, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "gfx-progressive") { if (!freerdp_settings_set_bool(settings, FreeRDP_GfxProgressive, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "gfx-rfx") { if (!freerdp_settings_set_bool(settings, FreeRDP_RemoteFxCodec, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "gfx-planar") { if (!freerdp_settings_set_bool(settings, FreeRDP_GfxPlanar, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "gfx-avc420") { if (!freerdp_settings_set_bool(settings, FreeRDP_GfxH264, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "gfx-avc444") { if (!freerdp_settings_set_bool(settings, FreeRDP_GfxAVC444v2, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); if (!freerdp_settings_set_bool(settings, FreeRDP_GfxAVC444, arg->Value ? TRUE : FALSE)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "keytab") { if (!freerdp_settings_set_string(settings, FreeRDP_KerberosKeytab, arg->Value)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "ccache") { if (!freerdp_settings_set_string(settings, FreeRDP_KerberosCache, arg->Value)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchCase(arg, "tls-secrets-file") { if (!freerdp_settings_set_string(settings, FreeRDP_TlsSecretsFile, arg->Value)) return fail_at(arg, COMMAND_LINE_ERROR); } CommandLineSwitchDefault(arg) { } CommandLineSwitchEnd(arg) } while ((arg = CommandLineFindNextArgumentA(arg)) != NULL); arg = CommandLineFindArgumentA(cargs, "monitors"); if (arg && (arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT)) { UINT32 numMonitors = 0; MONITOR_DEF monitors[16] = { 0 }; numMonitors = shadow_enum_monitors(monitors, 16); if (arg->Flags & COMMAND_LINE_VALUE_PRESENT) { /* Select monitors */ long val = strtol(arg->Value, NULL, 0); if ((val < 0) || (errno != 0) || ((UINT32)val >= numMonitors)) status = COMMAND_LINE_STATUS_PRINT; server->selectedMonitor = (UINT32)val; } else { /* List monitors */ for (UINT32 index = 0; index < numMonitors; index++) { const MONITOR_DEF* monitor = &monitors[index]; const INT64 width = monitor->right - monitor->left + 1; const INT64 height = monitor->bottom - monitor->top + 1; WLog_INFO(TAG, " %s [%d] %" PRId64 "x%" PRId64 "\t+%" PRId32 "+%" PRId32 "", (monitor->flags == 1) ? "*" : " ", index, width, height, monitor->left, monitor->top); } status = COMMAND_LINE_STATUS_PRINT; } } /* If we want to disable authentication we need to ensure that NLA security * is not activated. Only TLS and RDP security allow anonymous login. */ if (!server->authentication) { if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE)) return COMMAND_LINE_ERROR; } return status; } static DWORD WINAPI shadow_server_thread(LPVOID arg) { rdpShadowServer* server = (rdpShadowServer*)arg; BOOL running = TRUE; DWORD status = 0; freerdp_listener* listener = server->listener; shadow_subsystem_start(server->subsystem); while (running) { HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 }; DWORD nCount = 0; events[nCount++] = server->StopEvent; nCount += listener->GetEventHandles(listener, &events[nCount], ARRAYSIZE(events) - nCount); if (nCount <= 1) { WLog_ERR(TAG, "Failed to get FreeRDP file descriptor"); break; } status = WaitForMultipleObjects(nCount, events, FALSE, INFINITE); switch (status) { case WAIT_FAILED: case WAIT_OBJECT_0: running = FALSE; break; default: { if (!listener->CheckFileDescriptor(listener)) { WLog_ERR(TAG, "Failed to check FreeRDP file descriptor"); running = FALSE; } else { #ifdef _WIN32 Sleep(100); /* FIXME: listener event handles */ #endif } } break; } } listener->Close(listener); shadow_subsystem_stop(server->subsystem); /* Signal to the clients that server is being stopped and wait for them * to disconnect. */ if (shadow_client_boardcast_quit(server, 0)) { while (ArrayList_Count(server->clients) > 0) { Sleep(100); } } ExitThread(0); return 0; } static BOOL open_port(rdpShadowServer* server, char* address) { BOOL status = 0; char* modaddr = address; if (modaddr) { if (modaddr[0] == '[') { char* end = strchr(address, ']'); if (!end) { WLog_ERR(TAG, "Could not parse bind-address %s", address); return -1; } *end++ = '\0'; if (strlen(end) > 0) { WLog_ERR(TAG, "Excess data after IPv6 address: '%s'", end); return -1; } modaddr++; } } status = server->listener->Open(server->listener, modaddr, (UINT16)server->port); if (!status) { WLog_ERR(TAG, "Problem creating TCP listener. (Port already used or insufficient permissions?)"); } return status; } int shadow_server_start(rdpShadowServer* server) { BOOL ipc = 0; BOOL status = 0; WSADATA wsaData; if (!server) return -1; if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) return -1; #ifndef _WIN32 (void)signal(SIGPIPE, SIG_IGN); #endif server->screen = shadow_screen_new(server); if (!server->screen) { WLog_ERR(TAG, "screen_new failed"); return -1; } server->capture = shadow_capture_new(server); if (!server->capture) { WLog_ERR(TAG, "capture_new failed"); return -1; } /* Bind magic: * * empty ... bind TCP all * ... bind local (IPC) * bind-socket,

... bind TCP to specified interface */ ipc = server->ipcSocket && (strncmp(bind_address, server->ipcSocket, strnlen(bind_address, sizeof(bind_address))) != 0); if (!ipc) { size_t count = 0; char** ptr = CommandLineParseCommaSeparatedValuesEx(NULL, server->ipcSocket, &count); if (!ptr || (count <= 1)) { if (server->ipcSocket == NULL) { if (!open_port(server, NULL)) { CommandLineParserFree(ptr); return -1; } } else { CommandLineParserFree(ptr); return -1; } } WINPR_ASSERT(ptr || (count == 0)); for (size_t x = 1; x < count; x++) { BOOL success = open_port(server, ptr[x]); if (!success) { CommandLineParserFree(ptr); return -1; } } CommandLineParserFree(ptr); } else { status = server->listener->OpenLocal(server->listener, server->ipcSocket); if (!status) { WLog_ERR(TAG, "Problem creating local socket listener. (Port already used or " "insufficient permissions?)"); return -1; } } if (!(server->thread = CreateThread(NULL, 0, shadow_server_thread, (void*)server, 0, NULL))) { return -1; } return 0; } int shadow_server_stop(rdpShadowServer* server) { if (!server) return -1; if (server->thread) { (void)SetEvent(server->StopEvent); (void)WaitForSingleObject(server->thread, INFINITE); (void)CloseHandle(server->thread); server->thread = NULL; if (server->listener && server->listener->Close) server->listener->Close(server->listener); } if (server->screen) { shadow_screen_free(server->screen); server->screen = NULL; } if (server->capture) { shadow_capture_free(server->capture); server->capture = NULL; } return 0; } static int shadow_server_init_config_path(rdpShadowServer* server) { if (!server->ConfigPath) { char* configHome = freerdp_settings_get_config_path(); if (configHome) { if (!winpr_PathFileExists(configHome) && !winpr_PathMakePath(configHome, 0)) { WLog_ERR(TAG, "Failed to create directory '%s'", configHome); free(configHome); return -1; } server->ConfigPath = configHome; } } if (!server->ConfigPath) return -1; /* no usable config path */ return 1; } static BOOL shadow_server_create_certificate(rdpShadowServer* server, const char* filepath) { BOOL rc = FALSE; char* makecert_argv[6] = { "makecert", "-rdp", "-live", "-silent", "-y", "5" }; WINPR_STATIC_ASSERT(ARRAYSIZE(makecert_argv) <= INT_MAX); const size_t makecert_argc = ARRAYSIZE(makecert_argv); MAKECERT_CONTEXT* makecert = makecert_context_new(); if (!makecert) goto out_fail; if (makecert_context_process(makecert, (int)makecert_argc, makecert_argv) < 0) goto out_fail; if (makecert_context_set_output_file_name(makecert, "shadow") != 1) goto out_fail; WINPR_ASSERT(server); WINPR_ASSERT(filepath); if (!winpr_PathFileExists(server->CertificateFile)) { if (makecert_context_output_certificate_file(makecert, filepath) != 1) goto out_fail; } if (!winpr_PathFileExists(server->PrivateKeyFile)) { if (makecert_context_output_private_key_file(makecert, filepath) != 1) goto out_fail; } rc = TRUE; out_fail: makecert_context_free(makecert); return rc; } static BOOL shadow_server_init_certificate(rdpShadowServer* server) { char* filepath = NULL; BOOL ret = FALSE; WINPR_ASSERT(server); if (!winpr_PathFileExists(server->ConfigPath) && !winpr_PathMakePath(server->ConfigPath, 0)) { WLog_ERR(TAG, "Failed to create directory '%s'", server->ConfigPath); return FALSE; } if (!(filepath = GetCombinedPath(server->ConfigPath, "shadow"))) return FALSE; if (!winpr_PathFileExists(filepath) && !winpr_PathMakePath(filepath, 0)) { if (!CreateDirectoryA(filepath, 0)) { WLog_ERR(TAG, "Failed to create directory '%s'", filepath); goto out_fail; } } server->CertificateFile = GetCombinedPath(filepath, "shadow.crt"); server->PrivateKeyFile = GetCombinedPath(filepath, "shadow.key"); if (!server->CertificateFile || !server->PrivateKeyFile) goto out_fail; if ((!winpr_PathFileExists(server->CertificateFile)) || (!winpr_PathFileExists(server->PrivateKeyFile))) { if (!shadow_server_create_certificate(server, filepath)) goto out_fail; } rdpSettings* settings = server->settings; WINPR_ASSERT(settings); rdpPrivateKey* key = freerdp_key_new_from_file(server->PrivateKeyFile); if (!key) goto out_fail; if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RdpServerRsaKey, key, 1)) goto out_fail; rdpCertificate* cert = freerdp_certificate_new_from_file(server->CertificateFile); if (!cert) goto out_fail; if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RdpServerCertificate, cert, 1)) goto out_fail; if (!freerdp_certificate_is_rdp_security_compatible(cert)) { if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE)) goto out_fail; if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE)) goto out_fail; } ret = TRUE; out_fail: free(filepath); return ret; } static BOOL shadow_server_check_peer_restrictions(freerdp_listener* listener) { WINPR_ASSERT(listener); rdpShadowServer* server = (rdpShadowServer*)listener->info; WINPR_ASSERT(server); if (server->maxClientsConnected > 0) { const size_t count = ArrayList_Count(server->clients); if (count >= server->maxClientsConnected) { WLog_WARN(TAG, "connection limit [%" PRIuz "] reached, discarding client", server->maxClientsConnected); return FALSE; } } return TRUE; } int shadow_server_init(rdpShadowServer* server) { int status = 0; winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT); WTSRegisterWtsApiFunctionTable(FreeRDP_InitWtsApi()); if (!(server->clients = ArrayList_New(TRUE))) goto fail; if (!(server->StopEvent = CreateEvent(NULL, TRUE, FALSE, NULL))) goto fail; if (!InitializeCriticalSectionAndSpinCount(&(server->lock), 4000)) goto fail; status = shadow_server_init_config_path(server); if (status < 0) goto fail; if (!shadow_server_init_certificate(server)) goto fail; server->listener = freerdp_listener_new(); if (!server->listener) goto fail; server->listener->info = (void*)server; server->listener->CheckPeerAcceptRestrictions = shadow_server_check_peer_restrictions; server->listener->PeerAccepted = shadow_client_accepted; server->subsystem = shadow_subsystem_new(); if (!server->subsystem) goto fail; status = shadow_subsystem_init(server->subsystem, server); if (status < 0) goto fail; return status; fail: shadow_server_uninit(server); WLog_ERR(TAG, "Failed to initialize shadow server"); return -1; } int shadow_server_uninit(rdpShadowServer* server) { if (!server) return -1; shadow_server_stop(server); shadow_subsystem_uninit(server->subsystem); shadow_subsystem_free(server->subsystem); server->subsystem = NULL; freerdp_listener_free(server->listener); server->listener = NULL; free(server->CertificateFile); server->CertificateFile = NULL; free(server->PrivateKeyFile); server->PrivateKeyFile = NULL; free(server->ConfigPath); server->ConfigPath = NULL; DeleteCriticalSection(&(server->lock)); (void)CloseHandle(server->StopEvent); server->StopEvent = NULL; ArrayList_Free(server->clients); server->clients = NULL; return 1; } rdpShadowServer* shadow_server_new(void) { rdpShadowServer* server = NULL; server = (rdpShadowServer*)calloc(1, sizeof(rdpShadowServer)); if (!server) return NULL; server->port = 3389; server->mayView = TRUE; server->mayInteract = TRUE; server->h264RateControlMode = H264_RATECONTROL_VBR; server->h264BitRate = 10000000; server->h264FrameRate = 30; server->h264QP = 0; server->authentication = TRUE; server->settings = freerdp_settings_new(FREERDP_SETTINGS_SERVER_MODE); return server; } void shadow_server_free(rdpShadowServer* server) { if (!server) return; free(server->ipcSocket); server->ipcSocket = NULL; freerdp_settings_free(server->settings); server->settings = NULL; free(server); }