FreeRDP/server/shadow/shadow.c
David Fort 4fc7a9417d
Various fixes / improvements (#8146)
* xfreerdp: fix typo in logs

* winpr: file appender, small code cleanup

* shadow-server: add an option for TLS secrets

This allows to dissect connections to the shadow server.
2022-08-22 09:42:15 +02:00

178 lines
6.4 KiB
C

/**
* FreeRDP: A Remote Desktop Protocol Implementation
*
* Copyright 2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <freerdp/config.h>
#include <winpr/crt.h>
#include <winpr/ssl.h>
#include <winpr/path.h>
#include <winpr/cmdline.h>
#include <winpr/winsock.h>
#include <winpr/tools/makecert.h>
#include <freerdp/server/shadow.h>
#include <freerdp/log.h>
#define TAG SERVER_TAG("shadow")
int main(int argc, char** argv)
{
int status = 0;
DWORD dwExitCode;
rdpSettings* settings;
rdpShadowServer* server;
COMMAND_LINE_ARGUMENT_A shadow_args[] = {
{ "log-filters", COMMAND_LINE_VALUE_REQUIRED, "<tag>:<level>[,<tag>:<level>[,...]]", NULL,
NULL, -1, NULL, "Set logger filters, see wLog(7) for details" },
{ "log-level", COMMAND_LINE_VALUE_REQUIRED, "[OFF|FATAL|ERROR|WARN|INFO|DEBUG|TRACE]", NULL,
NULL, -1, NULL, "Set the default log level, see wLog(7) for details" },
{ "port", COMMAND_LINE_VALUE_REQUIRED, "<number>", NULL, NULL, -1, NULL, "Server port" },
{ "ipc-socket", COMMAND_LINE_VALUE_REQUIRED, "<ipc-socket>", NULL, NULL, -1, NULL,
"Server IPC socket" },
{ "bind-address", COMMAND_LINE_VALUE_REQUIRED, "<bind-address>[,<another address>, ...]",
NULL, NULL, -1, NULL,
"An address to bind to. Use '[<ipv6>]' for IPv6 addresses, e.g. '[::1]' for "
"localhost" },
{ "monitors", COMMAND_LINE_VALUE_OPTIONAL, "<0,1,2...>", NULL, NULL, -1, NULL,
"Select or list monitors" },
{ "rect", COMMAND_LINE_VALUE_REQUIRED, "<x,y,w,h>", NULL, NULL, -1, NULL,
"Select rectangle within monitor to share" },
{ "auth", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueFalse, NULL, -1, NULL,
"Clients must authenticate" },
{ "may-view", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Clients may view without prompt" },
{ "may-interact", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Clients may interact without prompt" },
{ "sec", COMMAND_LINE_VALUE_REQUIRED, "<rdp|tls|nla|ext>", NULL, NULL, -1, NULL,
"force specific protocol security" },
{ "sec-rdp", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"rdp protocol security" },
{ "sec-tls", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"tls protocol security" },
{ "sec-nla", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"nla protocol security" },
{ "sec-ext", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueFalse, NULL, -1, NULL,
"nla extended protocol security" },
{ "sam-file", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
"NTLM SAM file for NLA authentication" },
{ "keytab", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
"Kerberos keytab file for NLA authentication" },
{ "ccache", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
"Kerberos host ccache file for NLA authentication" },
{ "tls-secrets-file", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
"file where tls secrets shall be stored" },
{ "gfx-progressive", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Allow GFX progressive codec" },
{ "gfx-rfx", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Allow GFX RFX codec" },
{ "gfx-planar", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Allow GFX planar codec" },
{ "gfx-avc420", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Allow GFX AVC420 codec" },
{ "gfx-avc444", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Allow GFX AVC444 codec" },
{ "version", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_VERSION, NULL, NULL, NULL, -1,
NULL, "Print version" },
{ "buildconfig", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_BUILDCONFIG, NULL, NULL, NULL,
-1, NULL, "Print the build configuration" },
{ "help", COMMAND_LINE_VALUE_FLAG | COMMAND_LINE_PRINT_HELP, NULL, NULL, NULL, -1, "?",
"Print help" },
{ NULL, 0, NULL, NULL, NULL, -1, NULL, NULL }
};
shadow_subsystem_set_entry_builtin(NULL);
server = shadow_server_new();
if (!server)
{
status = -1;
WLog_ERR(TAG, "Server new failed");
goto fail_server_new;
}
settings = server->settings;
settings->NlaSecurity = TRUE;
settings->TlsSecurity = TRUE;
settings->RdpSecurity = TRUE;
/* By default allow all GFX modes.
* This can be changed with command line flags [+|-]gfx-CODEC
*/
freerdp_settings_set_uint32(settings, FreeRDP_ColorDepth, 32);
freerdp_settings_set_bool(settings, FreeRDP_NSCodec, TRUE);
freerdp_settings_set_bool(settings, FreeRDP_RemoteFxCodec, TRUE);
freerdp_settings_set_bool(settings, FreeRDP_GfxH264, TRUE);
freerdp_settings_set_bool(settings, FreeRDP_GfxAVC444, TRUE);
freerdp_settings_set_bool(settings, FreeRDP_GfxAVC444v2, TRUE);
freerdp_settings_set_bool(settings, FreeRDP_GfxProgressive, TRUE);
freerdp_settings_set_bool(settings, FreeRDP_GfxProgressiveV2, TRUE);
#ifdef WITH_SHADOW_X11
server->authentication = TRUE;
#else
server->authentication = FALSE;
#endif
if ((status = shadow_server_parse_command_line(server, argc, argv, shadow_args)) < 0)
{
shadow_server_command_line_status_print(server, argc, argv, status, shadow_args);
goto fail_parse_command_line;
}
if ((status = shadow_server_init(server)) < 0)
{
WLog_ERR(TAG, "Server initialization failed.");
goto fail_server_init;
}
if ((status = shadow_server_start(server)) < 0)
{
WLog_ERR(TAG, "Failed to start server.");
goto fail_server_start;
}
#ifdef _WIN32
{
MSG msg = { 0 };
while (GetMessage(&msg, 0, 0, 0))
{
TranslateMessage(&msg);
DispatchMessage(&msg);
}
}
#endif
WaitForSingleObject(server->thread, INFINITE);
if (!GetExitCodeThread(server->thread, &dwExitCode))
status = -1;
else
status = (int)dwExitCode;
fail_server_start:
shadow_server_uninit(server);
fail_server_init:
fail_parse_command_line:
shadow_server_free(server);
fail_server_new:
return status;
}