Adding upstream version 3.3.0+dfsg1.upstream/3.3.0+dfsg1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

3 files changed, 306 insertions, 0 deletions

diff --git a/server/proxy/cli/CMakeLists.txt b/server/proxy/cli/CMakeLists.txt
new file mode 100644
index 0000000..1416b4a
--- /dev/null
+++ b/server/proxy/cli/CMakeLists.txt
@@ -0,0 +1,60 @@
+# FreeRDP: A Remote Desktop Protocol Implementation
+# FreeRDP Proxy Server
+#
+# Copyright 2021 Armin Novak <armin.novak@thincast.com>
+# Copyright 2021 Thincast Technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set(PROXY_APP_SRCS freerdp_proxy.c)
+
+# On windows create dll version information.
+# Vendor, product and year are already set in top level CMakeLists.txt
+if (WIN32)
+  set (RC_VERSION_MAJOR ${FREERDP_VERSION_MAJOR})
+  set (RC_VERSION_MINOR ${FREERDP_VERSION_MINOR})
+  set (RC_VERSION_BUILD ${FREERDP_VERSION_REVISION})
+  set (RC_VERSION_FILE "${MODULE_NAME}${CMAKE_EXECUTABLE_SUFFIX}" )
+
+  configure_file(
+    ${PROJECT_SOURCE_DIR}/cmake/WindowsDLLVersion.rc.in
+    ${CMAKE_CURRENT_BINARY_DIR}/version.rc
+    @ONLY)
+
+  list(APPEND PROXY_APP_SRCS ${CMAKE_CURRENT_BINARY_DIR}/version.rc)
+endif()
+
+set(APP_NAME "freerdp-proxy")
+add_executable(${APP_NAME}
+    ${PROXY_APP_SRCS}
+)
+
+set(MANPAGE_NAME ${APP_NAME}.1)
+if (WITH_BINARY_VERSIONING)
+	set_target_properties(${APP_NAME}
+	       	PROPERTIES
+	       	OUTPUT_NAME "${APP_NAME}${FREERDP_API_VERSION}"
+	)
+	set(MANPAGE_NAME ${APP_NAME}${FREERDP_API_VERSION}.1)
+endif()
+
+target_link_libraries(${APP_NAME} ${MODULE_NAME})
+install(TARGETS ${APP_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT server)
+if (WITH_DEBUG_SYMBOLS AND MSVC)
+    install(FILES ${CMAKE_PDB_BINARY_DIR}/${APP_NAME}.pdb DESTINATION ${CMAKE_INSTALL_BINDIR} COMPONENT symbols)
+endif()
+
+set_property(TARGET ${APP_NAME} PROPERTY FOLDER "Server/proxy")
+
+configure_file(${APP_NAME}.1.in ${CMAKE_CURRENT_BINARY_DIR}/${MANPAGE_NAME})
+install_freerdp_man(${CMAKE_CURRENT_BINARY_DIR}/${MANPAGE_NAME} 1)
diff --git a/server/proxy/cli/freerdp-proxy.1.in b/server/proxy/cli/freerdp-proxy.1.in
new file mode 100644
index 0000000..c41f97c
--- /dev/null
+++ b/server/proxy/cli/freerdp-proxy.1.in
@@ -0,0 +1,85 @@
+.de URL
+\\$2 \(laURL: \\$1 \(ra\\$3
+..
+.if \n[.g] .mso www.tmac
+.TH @MANPAGE_NAME@ 1 2023-12-14 "@FREERDP_VERSION_FULL@" "FreeRDP"
+.SH NAME
+@MANPAGE_NAME@ \- A server binary allowing MITM proxying of RDP connections
+.SH SYNOPSIS
+.B @MANPAGE_NAME@
+[\fB-h\fP]
+[\fB--help\fP]
+[\fB--buildconfig\fP]
+[\fB--dump-config\fP \fB<config file>\fP]
+[\fB-v\fP]
+[\fB--version\fP]
+[\fB<config file>\fP]
+.SH DESCRIPTION
+.B @MANPAGE_NAME@
+can be used to proxy a RDP connection between a target server and connecting clients.
+Possible usage scenarios are:
+.IP Proxying
+Connect outdated/insecure RDP servers from behind a (more secure) proxy
+.IP Analysis
+Allow detailed protocol analysis of (many) unknown protocol features (channels)
+.IP Inspection
+MITM proxy for session inspection and recording
+
+.SH OPTIONS
+.IP -h,--help
+Display a help text explaining usage.
+.IP --buildconfig
+Print the build configuration of the proxy and exit.
+.IP -v,--version
+Print the version of the proxy and exit.
+.IP --dump-config \fB<config-ini-file>\fP
+Dump a template configuration to \fB<config-ini-file>\fP
+.IP \fB<config-ini-file>\fP
+Start the proxy with settings read from \fB<config-ini-file>\fP
+
+.SH WARNING
+The proxy does not support authentication out of the box but acts simply as intermediary.
+Only \fBRDP\fP and \fBTLS\fP security modes are supported, \fBNLA\fP will fail for connections to the proxy.
+To implement authentication a \fBproxy-module\fP can be implemented that can authenticate against some backend
+and map connecting users and credentials to target server users and credentials.
+
+.SH EXAMPLES
+@MANPAGE_NAME@ /some/config/file
+
+@MANPAGE_NAME@ --dump-config /some/config/file
+
+.SH PREPARATIONS
+
+1. generate certificates for proxy 
+
+\fBwinpr-makecert -rdp -path . proxy\fP
+
+2. generate proxy configuration
+
+\fB@MANPAGE_NAME@ --dump-config proxy.ini\fP
+
+3. edit configurartion and:
+
+  * provide (preferrably absolute) paths for \fBCertificateFile\fP and \fBPrivateKeyFile\fP generated previously
+  * remove the \fBCertificateContents\fP and \fBPrivateKeyContents\fP
+  * Adjust the \fB[Server]\fP settings \fBHost\fP and \fBPort\fP to bind a specific port on a network interface
+  * Adjust the \fB[Target]\fP \fBHost\fP and \fBPort\fP settings to the \fBRDP\fP target server
+  * Adjust (or remove if unuse) the \fBPlugins\fP settings
+
+3. start proxy server
+
+ \fB@MANPAGE_NAME@ proxy.ini\fP
+
+.SH EXIT STATUS
+.TP
+.B 0
+Successful program execution.
+.TP
+.B 1
+Otherwise.
+
+.SH SEE ALSO
+wlog(7)
+
+.SH AUTHOR
+FreeRDP <team@freerdp.com>
diff --git a/server/proxy/cli/freerdp_proxy.c b/server/proxy/cli/freerdp_proxy.c
new file mode 100644
index 0000000..bc53ae2
--- /dev/null
+++ b/server/proxy/cli/freerdp_proxy.c
@@ -0,0 +1,161 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ * FreeRDP Proxy Server
+ *
+ * Copyright 2019 Mati Shabtay <matishabtay@gmail.com>
+ * Copyright 2019 Kobi Mizrachi <kmizrachi18@gmail.com>
+ * Copyright 2019 Idan Freiberg <speidy@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <winpr/collections.h>
+
+#include <freerdp/version.h>
+#include <freerdp/freerdp.h>
+
+#include <freerdp/server/proxy/proxy_server.h>
+#include <freerdp/server/proxy/proxy_log.h>
+
+#include <stdlib.h>
+#include <signal.h>
+
+#define TAG PROXY_TAG("server")
+
+static proxyServer* server = NULL;
+
+#if defined(_WIN32)
+static const char* strsignal(int signum)
+{
+	switch (signum)
+	{
+		case SIGINT:
+			return "SIGINT";
+		case SIGTERM:
+			return "SIGTERM";
+		default:
+			return "UNKNOWN";
+	}
+}
+#endif
+
+static void cleanup_handler(int signum)
+{
+	printf("\n");
+	WLog_INFO(TAG, "caught signal %s [%d], starting cleanup...", strsignal(signum), signum);
+
+	WLog_INFO(TAG, "stopping all connections.");
+	pf_server_stop(server);
+}
+
+static void pf_server_register_signal_handlers(void)
+{
+	signal(SIGINT, cleanup_handler);
+	signal(SIGTERM, cleanup_handler);
+#ifndef _WIN32
+	signal(SIGQUIT, cleanup_handler);
+	signal(SIGKILL, cleanup_handler);
+#endif
+}
+
+static WINPR_NORETURN(void usage(const char* app))
+{
+	printf("Usage:\n");
+	printf("%s -h                               Display this help text.\n", app);
+	printf("%s --help                           Display this help text.\n", app);
+	printf("%s --buildconfig                    Print the build configuration.\n", app);
+	printf("%s <config ini file>                Start the proxy with <config.ini>\n", app);
+	printf("%s --dump-config <config ini file>  Create a template <config.ini>\n", app);
+	printf("%s -v                               Print out binary version.\n", app);
+	printf("%s --version                        Print out binary version.\n", app);
+	exit(0);
+}
+
+static void version(const char* app)
+{
+	printf("%s version %s", app, freerdp_get_version_string());
+	exit(0);
+}
+
+static WINPR_NORETURN(void buildconfig(const char* app))
+{
+	printf("This is FreeRDP version %s (%s)\n", FREERDP_VERSION_FULL, FREERDP_GIT_REVISION);
+	printf("%s", freerdp_get_build_config());
+	exit(0);
+}
+
+int main(int argc, char* argv[])
+{
+	proxyConfig* config = NULL;
+	char* config_path = "config.ini";
+	int status = -1;
+
+	pf_server_register_signal_handlers();
+
+	WLog_INFO(TAG, "freerdp-proxy version info:");
+	WLog_INFO(TAG, "\tFreeRDP version: %s", FREERDP_VERSION_FULL);
+	WLog_INFO(TAG, "\tGit commit: %s", FREERDP_GIT_REVISION);
+	WLog_DBG(TAG, "\tBuild config: %s", freerdp_get_build_config());
+
+	if (argc < 2)
+		usage(argv[0]);
+
+	{
+		const char* arg = argv[1];
+
+		if (_stricmp(arg, "-h") == 0)
+			usage(argv[0]);
+		else if (_stricmp(arg, "--help") == 0)
+			usage(argv[0]);
+		else if (_stricmp(arg, "--buildconfig") == 0)
+			buildconfig(argv[0]);
+		else if (_stricmp(arg, "--dump-config") == 0)
+		{
+			if (argc <= 2)
+				usage(argv[0]);
+			pf_server_config_dump(argv[2]);
+			status = 0;
+			goto fail;
+		}
+		else if (_stricmp(arg, "-v") == 0)
+			version(argv[0]);
+		else if (_stricmp(arg, "--version") == 0)
+			version(argv[0]);
+		config_path = argv[1];
+	}
+
+	config = pf_server_config_load_file(config_path);
+	if (!config)
+		goto fail;
+
+	pf_server_config_print(config);
+
+	server = pf_server_new(config);
+	pf_server_config_free(config);
+
+	if (!server)
+		goto fail;
+
+	if (!pf_server_start(server))
+		goto fail;
+
+	if (!pf_server_run(server))
+		goto fail;
+
+	status = 0;
+
+fail:
+	pf_server_free(server);
+
+	return status;
+}