FreeRDP/server/shadow/shadow_server.c

1037 lines
25 KiB
C

/**
* FreeRDP: A Remote Desktop Protocol Implementation
*
* Copyright 2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
* Copyright 2017 Armin Novak <armin.novak@thincast.com>
* Copyright 2017 Thincast Technologies GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <freerdp/config.h>
#include <errno.h>
#include <winpr/crt.h>
#include <winpr/ssl.h>
#include <winpr/path.h>
#include <winpr/cmdline.h>
#include <winpr/winsock.h>
#include <freerdp/log.h>
#include <freerdp/version.h>
#include <winpr/tools/makecert.h>
#ifndef _WIN32
#include <sys/select.h>
#include <signal.h>
#endif
#include "shadow.h"
#define TAG SERVER_TAG("shadow")
static const char bind_address[] = "bind-address,";
static int shadow_server_print_command_line_help(int argc, char** argv,
COMMAND_LINE_ARGUMENT_A* largs)
{
char* str = NULL;
size_t length = 0;
const COMMAND_LINE_ARGUMENT_A* arg = NULL;
if ((argc < 1) || !largs || !argv)
return -1;
printf("Usage: %s [options]\n", argv[0]);
printf("\n");
printf("Notes: By default NLA security is active.\n");
printf("\tIn this mode a SAM database is required.\n");
printf("\tProvide one with /sam-file:<file with path>\n");
printf("\telse the default path /etc/winpr/SAM is used.\n");
printf("\tIf there is no existing SAM file authentication for all users will fail.\n");
printf(
"\n\tIf authentication against PAM is desired, start with -sec-nla (requires compiled in "
"support for PAM)\n\n");
printf("Syntax:\n");
printf(" /flag (enables flag)\n");
printf(" /option:<value> (specifies option with value)\n");
printf(" +toggle -toggle (enables or disables toggle, where '/' is a synonym of '+')\n");
printf("\n");
arg = largs;
do
{
if (arg->Flags & COMMAND_LINE_VALUE_FLAG)
{
printf(" %s", "/");
printf("%-20s\n", arg->Name);
printf("\t%s\n", arg->Text);
}
else if ((arg->Flags & COMMAND_LINE_VALUE_REQUIRED) ||
(arg->Flags & COMMAND_LINE_VALUE_OPTIONAL))
{
printf(" %s", "/");
if (arg->Format)
{
length = (strlen(arg->Name) + strlen(arg->Format) + 2);
str = (char*)malloc(length + 1);
if (!str)
return -1;
sprintf_s(str, length + 1, "%s:%s", arg->Name, arg->Format);
printf("%-20s\n", str);
free(str);
}
else
{
printf("%-20s\n", arg->Name);
}
printf("\t%s\n", arg->Text);
}
else if (arg->Flags & COMMAND_LINE_VALUE_BOOL)
{
length = strlen(arg->Name) + 32;
str = (char*)malloc(length + 1);
if (!str)
return -1;
sprintf_s(str, length + 1, "%s (default:%s)", arg->Name, arg->Default ? "on" : "off");
printf(" %s", arg->Default ? "-" : "+");
printf("%-20s\n", str);
free(str);
printf("\t%s\n", arg->Text);
}
} while ((arg = CommandLineFindNextArgumentA(arg)) != NULL);
return 1;
}
int shadow_server_command_line_status_print(rdpShadowServer* server, int argc, char** argv,
int status, COMMAND_LINE_ARGUMENT_A* cargs)
{
WINPR_UNUSED(server);
if (status == COMMAND_LINE_STATUS_PRINT_VERSION)
{
printf("FreeRDP version %s (git %s)\n", FREERDP_VERSION_FULL, FREERDP_GIT_REVISION);
return COMMAND_LINE_STATUS_PRINT_VERSION;
}
else if (status == COMMAND_LINE_STATUS_PRINT_BUILDCONFIG)
{
printf("%s\n", freerdp_get_build_config());
return COMMAND_LINE_STATUS_PRINT_BUILDCONFIG;
}
else if (status == COMMAND_LINE_STATUS_PRINT)
{
return COMMAND_LINE_STATUS_PRINT;
}
else if (status < 0)
{
if (shadow_server_print_command_line_help(argc, argv, cargs) < 0)
return -1;
return COMMAND_LINE_STATUS_PRINT_HELP;
}
return 1;
}
int shadow_server_parse_command_line(rdpShadowServer* server, int argc, char** argv,
COMMAND_LINE_ARGUMENT_A* cargs)
{
int status = 0;
DWORD flags = 0;
const COMMAND_LINE_ARGUMENT_A* arg = NULL;
rdpSettings* settings = server->settings;
if ((argc < 2) || !argv || !cargs)
return 1;
CommandLineClearArgumentsA(cargs);
flags = COMMAND_LINE_SEPARATOR_COLON;
flags |= COMMAND_LINE_SIGIL_SLASH | COMMAND_LINE_SIGIL_PLUS_MINUS;
status = CommandLineParseArgumentsA(argc, argv, cargs, flags, server, NULL, NULL);
if (status < 0)
return status;
arg = cargs;
errno = 0;
do
{
if (!(arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
continue;
CommandLineSwitchStart(arg) CommandLineSwitchCase(arg, "port")
{
long val = strtol(arg->Value, NULL, 0);
if ((errno != 0) || (val <= 0) || (val > UINT16_MAX))
return -1;
server->port = (DWORD)val;
}
CommandLineSwitchCase(arg, "ipc-socket")
{
/* /bind-address is incompatible */
if (server->ipcSocket)
return -1;
server->ipcSocket = _strdup(arg->Value);
if (!server->ipcSocket)
return -1;
}
CommandLineSwitchCase(arg, "bind-address")
{
int rc = 0;
size_t len = strlen(arg->Value) + sizeof(bind_address);
/* /ipc-socket is incompatible */
if (server->ipcSocket)
return -1;
server->ipcSocket = calloc(len, sizeof(CHAR));
if (!server->ipcSocket)
return -1;
rc = _snprintf(server->ipcSocket, len, "%s%s", bind_address, arg->Value);
if ((rc < 0) || ((size_t)rc != len - 1))
return -1;
}
CommandLineSwitchCase(arg, "may-view")
{
server->mayView = arg->Value ? TRUE : FALSE;
}
CommandLineSwitchCase(arg, "may-interact")
{
server->mayInteract = arg->Value ? TRUE : FALSE;
}
CommandLineSwitchCase(arg, "max-connections")
{
errno = 0;
unsigned long val = strtoul(arg->Value, NULL, 0);
if ((errno != 0) || (val > UINT32_MAX))
return -1;
server->maxClientsConnected = val;
}
CommandLineSwitchCase(arg, "rect")
{
char* p = NULL;
char* tok[4];
long x = -1;
long y = -1;
long w = -1;
long h = -1;
char* str = _strdup(arg->Value);
if (!str)
return -1;
tok[0] = p = str;
p = strchr(p + 1, ',');
if (!p)
{
free(str);
return -1;
}
*p++ = '\0';
tok[1] = p;
p = strchr(p + 1, ',');
if (!p)
{
free(str);
return -1;
}
*p++ = '\0';
tok[2] = p;
p = strchr(p + 1, ',');
if (!p)
{
free(str);
return -1;
}
*p++ = '\0';
tok[3] = p;
x = strtol(tok[0], NULL, 0);
if (errno != 0)
goto fail;
y = strtol(tok[1], NULL, 0);
if (errno != 0)
goto fail;
w = strtol(tok[2], NULL, 0);
if (errno != 0)
goto fail;
h = strtol(tok[3], NULL, 0);
if (errno != 0)
goto fail;
fail:
free(str);
if ((x < 0) || (y < 0) || (w < 1) || (h < 1) || (errno != 0))
return -1;
if ((x > UINT16_MAX) || (y > UINT16_MAX) || (x + w > UINT16_MAX) ||
(y + h > UINT16_MAX))
return -1;
server->subRect.left = (UINT16)x;
server->subRect.top = (UINT16)y;
server->subRect.right = (UINT16)(x + w);
server->subRect.bottom = (UINT16)(y + h);
server->shareSubRect = TRUE;
}
CommandLineSwitchCase(arg, "auth")
{
server->authentication = arg->Value ? TRUE : FALSE;
}
CommandLineSwitchCase(arg, "remote-guard")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_RemoteCredentialGuard,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "sec")
{
if (strcmp("rdp", arg->Value) == 0) /* Standard RDP */
{
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, TRUE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, TRUE))
return COMMAND_LINE_ERROR;
}
else if (strcmp("tls", arg->Value) == 0) /* TLS */
{
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, TRUE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, FALSE))
return COMMAND_LINE_ERROR;
}
else if (strcmp("nla", arg->Value) == 0) /* NLA */
{
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, TRUE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, FALSE))
return COMMAND_LINE_ERROR;
}
else if (strcmp("ext", arg->Value) == 0) /* NLA Extended */
{
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity, TRUE))
return COMMAND_LINE_ERROR;
}
else
{
WLog_ERR(TAG, "unknown protocol security: %s", arg->Value);
}
}
CommandLineSwitchCase(arg, "sec-rdp")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "sec-tls")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "sec-nla")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "sec-ext")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_ExtSecurity,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "sam-file")
{
freerdp_settings_set_string(settings, FreeRDP_NtlmSamFile, arg->Value);
}
CommandLineSwitchCase(arg, "log-level")
{
wLog* root = WLog_GetRoot();
if (!WLog_SetStringLogLevel(root, arg->Value))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "log-filters")
{
if (!WLog_AddStringLogFilters(arg->Value))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "gfx-progressive")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_GfxProgressive,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "gfx-rfx")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_RemoteFxCodec,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "gfx-planar")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_GfxPlanar, arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "gfx-avc420")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_GfxH264, arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "gfx-avc444")
{
if (!freerdp_settings_set_bool(settings, FreeRDP_GfxAVC444v2,
arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
if (!freerdp_settings_set_bool(settings, FreeRDP_GfxAVC444, arg->Value ? TRUE : FALSE))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "keytab")
{
if (!freerdp_settings_set_string(settings, FreeRDP_KerberosKeytab, arg->Value))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "ccache")
{
if (!freerdp_settings_set_string(settings, FreeRDP_KerberosCache, arg->Value))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "tls-secrets-file")
{
if (!freerdp_settings_set_string(settings, FreeRDP_TlsSecretsFile, arg->Value))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchDefault(arg)
{
}
CommandLineSwitchEnd(arg)
} while ((arg = CommandLineFindNextArgumentA(arg)) != NULL);
arg = CommandLineFindArgumentA(cargs, "monitors");
if (arg && (arg->Flags & COMMAND_LINE_ARGUMENT_PRESENT))
{
UINT32 numMonitors = 0;
MONITOR_DEF monitors[16] = { 0 };
numMonitors = shadow_enum_monitors(monitors, 16);
if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
{
/* Select monitors */
long val = strtol(arg->Value, NULL, 0);
if ((val < 0) || (errno != 0) || ((UINT32)val >= numMonitors))
status = COMMAND_LINE_STATUS_PRINT;
server->selectedMonitor = (UINT32)val;
}
else
{
/* List monitors */
for (UINT32 index = 0; index < numMonitors; index++)
{
const MONITOR_DEF* monitor = &monitors[index];
const INT64 width = monitor->right - monitor->left + 1;
const INT64 height = monitor->bottom - monitor->top + 1;
WLog_INFO(TAG, " %s [%d] %" PRId64 "x%" PRId64 "\t+%" PRId32 "+%" PRId32 "",
(monitor->flags == 1) ? "*" : " ", index, width, height, monitor->left,
monitor->top);
}
status = COMMAND_LINE_STATUS_PRINT;
}
}
/* If we want to disable authentication we need to ensure that NLA security
* is not activated. Only TLS and RDP security allow anonymous login.
*/
if (!server->authentication)
{
if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE))
return COMMAND_LINE_ERROR;
}
return status;
}
static DWORD WINAPI shadow_server_thread(LPVOID arg)
{
rdpShadowServer* server = (rdpShadowServer*)arg;
BOOL running = TRUE;
DWORD status = 0;
freerdp_listener* listener = server->listener;
shadow_subsystem_start(server->subsystem);
while (running)
{
HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
DWORD nCount = 0;
events[nCount++] = server->StopEvent;
nCount += listener->GetEventHandles(listener, &events[nCount], ARRAYSIZE(events) - nCount);
if (nCount <= 1)
{
WLog_ERR(TAG, "Failed to get FreeRDP file descriptor");
break;
}
status = WaitForMultipleObjects(nCount, events, FALSE, INFINITE);
switch (status)
{
case WAIT_FAILED:
case WAIT_OBJECT_0:
running = FALSE;
break;
default:
{
if (!listener->CheckFileDescriptor(listener))
{
WLog_ERR(TAG, "Failed to check FreeRDP file descriptor");
running = FALSE;
}
else
{
#ifdef _WIN32
Sleep(100); /* FIXME: listener event handles */
#endif
}
}
break;
}
}
listener->Close(listener);
shadow_subsystem_stop(server->subsystem);
/* Signal to the clients that server is being stopped and wait for them
* to disconnect. */
if (shadow_client_boardcast_quit(server, 0))
{
while (ArrayList_Count(server->clients) > 0)
{
Sleep(100);
}
}
ExitThread(0);
return 0;
}
static BOOL open_port(rdpShadowServer* server, char* address)
{
BOOL status = 0;
char* modaddr = address;
if (modaddr)
{
if (modaddr[0] == '[')
{
char* end = strchr(address, ']');
if (!end)
{
WLog_ERR(TAG, "Could not parse bind-address %s", address);
return -1;
}
*end++ = '\0';
if (strlen(end) > 0)
{
WLog_ERR(TAG, "Excess data after IPv6 address: '%s'", end);
return -1;
}
modaddr++;
}
}
status = server->listener->Open(server->listener, modaddr, (UINT16)server->port);
if (!status)
{
WLog_ERR(TAG,
"Problem creating TCP listener. (Port already used or insufficient permissions?)");
}
return status;
}
int shadow_server_start(rdpShadowServer* server)
{
BOOL ipc = 0;
BOOL status = 0;
WSADATA wsaData;
if (!server)
return -1;
if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0)
return -1;
#ifndef _WIN32
signal(SIGPIPE, SIG_IGN);
#endif
server->screen = shadow_screen_new(server);
if (!server->screen)
{
WLog_ERR(TAG, "screen_new failed");
return -1;
}
server->capture = shadow_capture_new(server);
if (!server->capture)
{
WLog_ERR(TAG, "capture_new failed");
return -1;
}
/* Bind magic:
*
* emtpy ... bind TCP all
* <local path> ... bind local (IPC)
* bind-socket,<address> ... bind TCP to specified interface
*/
ipc = server->ipcSocket && (strncmp(bind_address, server->ipcSocket,
strnlen(bind_address, sizeof(bind_address))) != 0);
if (!ipc)
{
size_t count = 0;
char** list = CommandLineParseCommaSeparatedValuesEx(NULL, server->ipcSocket, &count);
if (!list || (count <= 1))
{
if (server->ipcSocket == NULL)
{
if (!open_port(server, NULL))
{
free(list);
return -1;
}
}
else
{
free(list);
return -1;
}
}
WINPR_ASSERT(list || (count == 0));
for (size_t x = 1; x < count; x++)
{
BOOL success = open_port(server, list[x]);
if (!success)
{
free(list);
return -1;
}
}
free(list);
}
else
{
status = server->listener->OpenLocal(server->listener, server->ipcSocket);
if (!status)
{
WLog_ERR(TAG, "Problem creating local socket listener. (Port already used or "
"insufficient permissions?)");
return -1;
}
}
if (!(server->thread = CreateThread(NULL, 0, shadow_server_thread, (void*)server, 0, NULL)))
{
return -1;
}
return 0;
}
int shadow_server_stop(rdpShadowServer* server)
{
if (!server)
return -1;
if (server->thread)
{
SetEvent(server->StopEvent);
WaitForSingleObject(server->thread, INFINITE);
CloseHandle(server->thread);
server->thread = NULL;
if (server->listener && server->listener->Close)
server->listener->Close(server->listener);
}
if (server->screen)
{
shadow_screen_free(server->screen);
server->screen = NULL;
}
if (server->capture)
{
shadow_capture_free(server->capture);
server->capture = NULL;
}
return 0;
}
static int shadow_server_init_config_path(rdpShadowServer* server)
{
#ifdef _WIN32
if (!server->ConfigPath)
{
server->ConfigPath = GetEnvironmentSubPath("LOCALAPPDATA", "freerdp");
}
#endif
#ifdef __APPLE__
if (!server->ConfigPath)
{
char* userLibraryPath;
char* userApplicationSupportPath;
userLibraryPath = GetKnownSubPath(KNOWN_PATH_HOME, "Library");
if (userLibraryPath)
{
if (!winpr_PathFileExists(userLibraryPath) && !winpr_PathMakePath(userLibraryPath, 0))
{
WLog_ERR(TAG, "Failed to create directory '%s'", userLibraryPath);
free(userLibraryPath);
return -1;
}
userApplicationSupportPath = GetCombinedPath(userLibraryPath, "Application Support");
if (userApplicationSupportPath)
{
if (!winpr_PathFileExists(userApplicationSupportPath) &&
!winpr_PathMakePath(userApplicationSupportPath, 0))
{
WLog_ERR(TAG, "Failed to create directory '%s'", userApplicationSupportPath);
free(userLibraryPath);
free(userApplicationSupportPath);
return -1;
}
server->ConfigPath = GetCombinedPath(userApplicationSupportPath, "freerdp");
}
free(userLibraryPath);
free(userApplicationSupportPath);
}
}
#endif
if (!server->ConfigPath)
{
char* configHome = NULL;
configHome = GetKnownPath(KNOWN_PATH_XDG_CONFIG_HOME);
if (configHome)
{
if (!winpr_PathFileExists(configHome) && !winpr_PathMakePath(configHome, 0))
{
WLog_ERR(TAG, "Failed to create directory '%s'", configHome);
free(configHome);
return -1;
}
server->ConfigPath = GetKnownSubPath(KNOWN_PATH_XDG_CONFIG_HOME, "freerdp");
free(configHome);
}
}
if (!server->ConfigPath)
return -1; /* no usable config path */
return 1;
}
static BOOL shadow_server_create_certificate(rdpShadowServer* server, const char* filepath)
{
BOOL rc = FALSE;
char* makecert_argv[6] = { "makecert", "-rdp", "-live", "-silent", "-y", "5" };
const size_t makecert_argc = ARRAYSIZE(makecert_argv);
MAKECERT_CONTEXT* makecert = makecert_context_new();
if (!makecert)
goto out_fail;
if (makecert_context_process(makecert, makecert_argc, makecert_argv) < 0)
goto out_fail;
if (makecert_context_set_output_file_name(makecert, "shadow") != 1)
goto out_fail;
WINPR_ASSERT(server);
WINPR_ASSERT(filepath);
if (!winpr_PathFileExists(server->CertificateFile))
{
if (makecert_context_output_certificate_file(makecert, filepath) != 1)
goto out_fail;
}
if (!winpr_PathFileExists(server->PrivateKeyFile))
{
if (makecert_context_output_private_key_file(makecert, filepath) != 1)
goto out_fail;
}
rc = TRUE;
out_fail:
makecert_context_free(makecert);
return rc;
}
static BOOL shadow_server_init_certificate(rdpShadowServer* server)
{
char* filepath = NULL;
BOOL ret = FALSE;
WINPR_ASSERT(server);
if (!winpr_PathFileExists(server->ConfigPath) && !winpr_PathMakePath(server->ConfigPath, 0))
{
WLog_ERR(TAG, "Failed to create directory '%s'", server->ConfigPath);
return FALSE;
}
if (!(filepath = GetCombinedPath(server->ConfigPath, "shadow")))
return FALSE;
if (!winpr_PathFileExists(filepath) && !winpr_PathMakePath(filepath, 0))
{
if (!CreateDirectoryA(filepath, 0))
{
WLog_ERR(TAG, "Failed to create directory '%s'", filepath);
goto out_fail;
}
}
server->CertificateFile = GetCombinedPath(filepath, "shadow.crt");
server->PrivateKeyFile = GetCombinedPath(filepath, "shadow.key");
if (!server->CertificateFile || !server->PrivateKeyFile)
goto out_fail;
if ((!winpr_PathFileExists(server->CertificateFile)) ||
(!winpr_PathFileExists(server->PrivateKeyFile)))
{
if (!shadow_server_create_certificate(server, filepath))
goto out_fail;
}
rdpSettings* settings = server->settings;
WINPR_ASSERT(settings);
rdpPrivateKey* key = freerdp_key_new_from_file(server->PrivateKeyFile);
if (!key)
goto out_fail;
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RdpServerRsaKey, key, 1))
goto out_fail;
rdpCertificate* cert = freerdp_certificate_new_from_file(server->CertificateFile);
if (!cert)
goto out_fail;
if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RdpServerCertificate, cert, 1))
goto out_fail;
if (!freerdp_certificate_is_rdp_security_compatible(cert))
{
if (!freerdp_settings_set_bool(settings, FreeRDP_UseRdpSecurityLayer, FALSE))
goto out_fail;
if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, FALSE))
goto out_fail;
}
ret = TRUE;
out_fail:
free(filepath);
return ret;
}
static BOOL shadow_server_check_peer_restrictions(freerdp_listener* listener)
{
WINPR_ASSERT(listener);
rdpShadowServer* server = (rdpShadowServer*)listener->info;
WINPR_ASSERT(server);
if (server->maxClientsConnected > 0)
{
const size_t count = ArrayList_Count(server->clients);
if (count >= server->maxClientsConnected)
{
WLog_WARN(TAG, "connection limit [%" PRIuz "] reached, discarding client",
server->maxClientsConnected);
return FALSE;
}
}
return TRUE;
}
int shadow_server_init(rdpShadowServer* server)
{
int status = 0;
winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
WTSRegisterWtsApiFunctionTable(FreeRDP_InitWtsApi());
if (!(server->clients = ArrayList_New(TRUE)))
goto fail;
if (!(server->StopEvent = CreateEvent(NULL, TRUE, FALSE, NULL)))
goto fail;
if (!InitializeCriticalSectionAndSpinCount(&(server->lock), 4000))
goto fail;
status = shadow_server_init_config_path(server);
if (status < 0)
goto fail;
if (!shadow_server_init_certificate(server))
goto fail;
server->listener = freerdp_listener_new();
if (!server->listener)
goto fail;
server->listener->info = (void*)server;
server->listener->CheckPeerAcceptRestrictions = shadow_server_check_peer_restrictions;
server->listener->PeerAccepted = shadow_client_accepted;
server->subsystem = shadow_subsystem_new();
if (!server->subsystem)
goto fail;
status = shadow_subsystem_init(server->subsystem, server);
if (status < 0)
goto fail;
return status;
fail:
shadow_server_uninit(server);
WLog_ERR(TAG, "Failed to initialize shadow server");
return -1;
}
int shadow_server_uninit(rdpShadowServer* server)
{
if (!server)
return -1;
shadow_server_stop(server);
shadow_subsystem_uninit(server->subsystem);
shadow_subsystem_free(server->subsystem);
server->subsystem = NULL;
freerdp_listener_free(server->listener);
server->listener = NULL;
free(server->CertificateFile);
server->CertificateFile = NULL;
free(server->PrivateKeyFile);
server->PrivateKeyFile = NULL;
free(server->ConfigPath);
server->ConfigPath = NULL;
DeleteCriticalSection(&(server->lock));
CloseHandle(server->StopEvent);
server->StopEvent = NULL;
ArrayList_Free(server->clients);
server->clients = NULL;
return 1;
}
rdpShadowServer* shadow_server_new(void)
{
rdpShadowServer* server = NULL;
server = (rdpShadowServer*)calloc(1, sizeof(rdpShadowServer));
if (!server)
return NULL;
server->port = 3389;
server->mayView = TRUE;
server->mayInteract = TRUE;
server->rfxMode = RLGR3;
server->h264RateControlMode = H264_RATECONTROL_VBR;
server->h264BitRate = 10000000;
server->h264FrameRate = 30;
server->h264QP = 0;
server->authentication = TRUE;
server->settings = freerdp_settings_new(FREERDP_SETTINGS_SERVER_MODE);
return server;
}
void shadow_server_free(rdpShadowServer* server)
{
if (!server)
return;
free(server->ipcSocket);
server->ipcSocket = NULL;
freerdp_settings_free(server->settings);
server->settings = NULL;
free(server);
}