26#include <winpr/path.h>
27#include <winpr/collections.h>
28#include <winpr/cmdline.h>
31#include <freerdp/server/proxy/proxy_config.h>
33#include <freerdp/server/proxy/proxy_log.h>
35#include <freerdp/crypto/crypto.h>
36#include <freerdp/channels/cliprdr.h>
37#include <freerdp/channels/rdpsnd.h>
38#include <freerdp/channels/audin.h>
39#include <freerdp/channels/rdpdr.h>
40#include <freerdp/channels/disp.h>
41#include <freerdp/channels/rail.h>
42#include <freerdp/channels/rdpei.h>
43#include <freerdp/channels/tsmf.h>
44#include <freerdp/channels/video.h>
45#include <freerdp/channels/rdpecam.h>
49#define TAG PROXY_TAG("config")
51#define CONFIG_PRINT_SECTION(section) WLog_INFO(TAG, "\t%s:", section)
52#define CONFIG_PRINT_SECTION_KEY(section, key) WLog_INFO(TAG, "\t%s/%s:", section, key)
53#define CONFIG_PRINT_STR(config, key) WLog_INFO(TAG, "\t\t%s: %s", #key, (config)->key)
54#define CONFIG_PRINT_SECRET_STR(config, key) \
55 WLog_INFO(TAG, "\t\t%s: %s", #key, (config)->key ? "********" : nullptr)
56#define CONFIG_PRINT_BOOL(config, key) WLog_INFO(TAG, "\t\t%s: %s", #key, boolstr((config)->key))
57#define CONFIG_PRINT_UINT16(config, key) WLog_INFO(TAG, "\t\t%s: %" PRIu16 "", #key, (config)->key)
58#define CONFIG_PRINT_UINT32(config, key) WLog_INFO(TAG, "\t\t%s: %" PRIu32 "", #key, (config)->key)
60static const char* bool_str_true =
"true";
61static const char* bool_str_false =
"false";
64static const char* boolstr(BOOL rc)
66 return rc ? bool_str_true : bool_str_false;
69static const char* section_server =
"Server";
70static const char* key_host =
"Host";
71static const char* key_port =
"Port";
72static const char* key_sam_file =
"SamFile";
74static const char* section_target =
"Target";
75static const char* key_target_fixed =
"FixedTarget";
76static const char* key_target_user =
"User";
77static const char* key_target_pwd =
"Password";
78static const char* key_target_domain =
"Domain";
79static const char* key_target_tls_seclevel =
"TlsSecLevel";
80static const char* key_target_scard_auth =
"SmartcardAuth";
81static const char* key_target_scard_cert =
"SmartcardCert";
82static const char* key_target_scard_key =
"SmartcardKey";
83static const char* key_target_scard_pem_cert =
"SmartcardCertPEMContent";
84static const char* key_target_scard_pem_key =
"SmartcardKeyPEMContent";
86static const char* section_plugins =
"Plugins";
87static const char* key_plugins_modules =
"Modules";
88static const char* key_plugins_required =
"Required";
90static const char* section_codecs =
"Codecs";
91static const char* key_codecs_rfx =
"RFX";
92static const char* key_codecs_nsc =
"NSC";
94static const char* section_channels =
"Channels";
95static const char* key_channels_gfx =
"GFX";
96static const char* key_channels_disp =
"DisplayControl";
97static const char* key_channels_clip =
"Clipboard";
98static const char* key_channels_mic =
"AudioInput";
99static const char* key_channels_sound =
"AudioOutput";
100static const char* key_channels_rdpdr =
"DeviceRedirection";
101static const char* key_channels_video =
"VideoRedirection";
102static const char* key_channels_camera =
"CameraRedirection";
103static const char* key_channels_rails =
"RemoteApp";
104static const char* key_channels_blacklist =
"PassthroughIsBlacklist";
105static const char* key_channels_pass =
"Passthrough";
106static const char* key_channels_intercept =
"Intercept";
108static const char* section_input =
"Input";
109static const char* key_input_kbd =
"Keyboard";
110static const char* key_input_mouse =
"Mouse";
111static const char* key_input_multitouch =
"Multitouch";
113static const char* section_security =
"Security";
114static const char* key_security_server_nla =
"ServerNlaSecurity";
115static const char* key_security_server_tls =
"ServerTlsSecurity";
116static const char* key_security_server_rdp =
"ServerRdpSecurity";
117static const char* key_security_client_nla =
"ClientNlaSecurity";
118static const char* key_security_client_tls =
"ClientTlsSecurity";
119static const char* key_security_client_rdp =
"ClientRdpSecurity";
120static const char* key_security_client_fallback =
"ClientAllowFallbackToTls";
122static const char* section_certificates =
"Certificates";
123static const char* key_private_key_file =
"PrivateKeyFile";
124static const char* key_private_key_content =
"PrivateKeyContent";
125static const char* key_cert_file =
"CertificateFile";
126static const char* key_cert_content =
"CertificateContent";
128WINPR_ATTR_MALLOC(free, 1)
129static
char* pf_config_decode_base64(const
char* data, const
char* name,
size_t* pLength);
131WINPR_ATTR_MALLOC(CommandLineParserFree, 1)
133static
char** pf_config_parse_comma_separated_list(const
char* list,
size_t* count)
138 if (strlen(list) == 0)
144 return CommandLineParseCommaSeparatedValues(list, count);
148static BOOL pf_config_get_uint16(wIniFile* ini,
const char* section,
const char* key,
149 UINT16* result, BOOL required)
152 const char* strval =
nullptr;
154 WINPR_ASSERT(result);
156 strval = IniFile_GetKeyValueString(ini, section, key);
157 if (!strval && required)
159 WLog_ERR(TAG,
"key '%s.%s' does not exist.", section, key);
165 val = IniFile_GetKeyValueInt(ini, section, key);
166 if ((val <= 0) || (val > UINT16_MAX))
168 WLog_ERR(TAG,
"invalid value %d for key '%s.%s'.", val, section, key);
173 *result = (UINT16)val;
178static BOOL pf_config_get_uint32(wIniFile* ini,
const char* section,
const char* key,
179 UINT32* result, BOOL required)
181 WINPR_ASSERT(result);
183 const char* strval = IniFile_GetKeyValueString(ini, section, key);
187 WLog_ERR(TAG,
"key '%s.%s' does not exist.", section, key);
191 const int val = IniFile_GetKeyValueInt(ini, section, key);
194 WLog_ERR(TAG,
"invalid value %d for key '%s.%s'.", val, section, key);
198 *result = (UINT32)val;
203static BOOL pf_config_get_bool(wIniFile* ini,
const char* section,
const char* key, BOOL fallback)
206 const char* str_value =
nullptr;
208 str_value = IniFile_GetKeyValueString(ini, section, key);
211 WLog_WARN(TAG,
"key '%s.%s' not found, value defaults to %s.", section, key,
212 fallback ? bool_str_true : bool_str_false);
216 if (_stricmp(str_value, bool_str_true) == 0)
218 if (_stricmp(str_value, bool_str_false) == 0)
221 num_value = IniFile_GetKeyValueInt(ini, section, key);
223 return (num_value != 0);
227static const char* pf_config_get_str(wIniFile* ini,
const char* section,
const char* key,
230 const char* value = IniFile_GetKeyValueString(ini, section, key);
235 WLog_ERR(TAG,
"key '%s.%s' not found.", section, key);
242static void zfree(
char* str)
246 const size_t len = strlen(str);
251static void znfree(
char* str,
size_t len)
260static BOOL pf_config_copy_string(
char** dst,
const char* src)
270static BOOL pf_config_free_and_copy_string(
char** dst,
const char* src)
274 return pf_config_copy_string(dst, src);
278static BOOL pf_config_load_server(wIniFile* ini, proxyConfig* config)
280 WINPR_ASSERT(config);
281 const char* host = pf_config_get_str(ini, section_server, key_host, FALSE);
285 if (!pf_config_free_and_copy_string(&config->Host, host))
289 if (!pf_config_get_uint16(ini, section_server, key_port, &config->Port, FALSE))
292 const char* sam = pf_config_get_str(ini, section_server, key_sam_file, FALSE);
295 if (!pf_config_free_and_copy_string(&config->SamFile, sam))
303static BOOL pf_config_load_target(wIniFile* ini, proxyConfig* config)
305 const char* target_value =
nullptr;
307 WINPR_ASSERT(config);
308 config->FixedTarget = pf_config_get_bool(ini, section_target, key_target_fixed, FALSE);
310 if (!pf_config_get_uint32(ini, section_target, key_target_tls_seclevel,
311 &config->TargetTlsSecLevel, FALSE))
314 if (config->FixedTarget)
316 if (!pf_config_get_uint16(ini, section_target, key_port, &config->TargetPort, FALSE))
319 target_value = pf_config_get_str(ini, section_target, key_host, FALSE);
322 if (!pf_config_free_and_copy_string(&config->TargetHost, target_value))
327 target_value = pf_config_get_str(ini, section_target, key_target_user, FALSE);
330 if (!pf_config_free_and_copy_string(&config->TargetUser, target_value))
334 target_value = pf_config_get_str(ini, section_target, key_target_pwd, FALSE);
337 if (!pf_config_free_and_copy_string(&config->TargetPassword, target_value))
341 target_value = pf_config_get_str(ini, section_target, key_target_domain, FALSE);
344 if (!pf_config_free_and_copy_string(&config->TargetDomain, target_value))
348 config->TargetSmartcardAuth =
349 pf_config_get_bool(ini, section_target, key_target_scard_auth, FALSE);
351 target_value = pf_config_get_str(ini, section_target, key_target_scard_cert, FALSE);
355 char* pem = crypto_read_pem(target_value, &len);
358 znfree(config->TargetSmartcardCert, config->TargetSmartcardCertLength);
359 config->TargetSmartcardCert = pem;
360 config->TargetSmartcardCertLength = len;
364 const char* pem_value =
365 pf_config_get_str(ini, section_target, key_target_scard_pem_cert, FALSE);
369 WLog_WARN(TAG,
"In section [%s] both, '%s' and '%s' are provided. Ignoring %s",
370 section_target, key_target_scard_cert, key_target_scard_pem_cert,
371 key_target_scard_cert);
372 znfree(config->TargetSmartcardCert, config->TargetSmartcardCertLength);
374 config->TargetSmartcardCert =
375 pf_config_decode_base64(pem_value, key_target_scard_pem_cert, &len);
376 if (!config->TargetSmartcardCert)
378 config->TargetSmartcardCertLength = len;
382 target_value = pf_config_get_str(ini, section_target, key_target_scard_key, FALSE);
386 char* pem = crypto_read_pem(target_value, &len);
387 znfree(config->TargetSmartcardKey, config->TargetSmartcardKeyLength);
388 config->TargetSmartcardKey = pem;
389 config->TargetSmartcardKeyLength = len;
393 const char* pem_value =
394 pf_config_get_str(ini, section_target, key_target_scard_pem_key, FALSE);
398 WLog_WARN(TAG,
"In section [%s] both, '%s' and '%s' are provided. Ignoring %s",
399 section_target, key_target_scard_key, key_target_scard_pem_key,
400 key_target_scard_key);
401 znfree(config->TargetSmartcardKey, config->TargetSmartcardKeyLength);
404 config->TargetSmartcardKey =
405 pf_config_decode_base64(pem_value, key_target_scard_pem_key, &len);
406 if (!config->TargetSmartcardKey)
408 config->TargetSmartcardKeyLength = len;
416static BOOL pf_config_load_codecs(wIniFile* ini, proxyConfig* config)
418 WINPR_ASSERT(config);
419 config->RFX = pf_config_get_bool(ini, section_codecs, key_codecs_rfx, TRUE);
420 config->NSC = pf_config_get_bool(ini, section_codecs, key_codecs_nsc, TRUE);
425static BOOL pf_config_load_channels(wIniFile* ini, proxyConfig* config)
427 WINPR_ASSERT(config);
428 config->GFX = pf_config_get_bool(ini, section_channels, key_channels_gfx, TRUE);
429 config->DisplayControl = pf_config_get_bool(ini, section_channels, key_channels_disp, TRUE);
430 config->Clipboard = pf_config_get_bool(ini, section_channels, key_channels_clip, FALSE);
431 config->AudioOutput = pf_config_get_bool(ini, section_channels, key_channels_mic, TRUE);
432 config->AudioInput = pf_config_get_bool(ini, section_channels, key_channels_sound, TRUE);
433 config->DeviceRedirection = pf_config_get_bool(ini, section_channels, key_channels_rdpdr, TRUE);
434 config->VideoRedirection = pf_config_get_bool(ini, section_channels, key_channels_video, TRUE);
435 config->CameraRedirection =
436 pf_config_get_bool(ini, section_channels, key_channels_camera, TRUE);
437 config->RemoteApp = pf_config_get_bool(ini, section_channels, key_channels_rails, FALSE);
438 config->PassthroughIsBlacklist =
439 pf_config_get_bool(ini, section_channels, key_channels_blacklist, FALSE);
440 config->Passthrough = pf_config_parse_comma_separated_list(
441 pf_config_get_str(ini, section_channels, key_channels_pass, FALSE),
442 &config->PassthroughCount);
443 config->Intercept = pf_config_parse_comma_separated_list(
444 pf_config_get_str(ini, section_channels, key_channels_intercept, FALSE),
445 &config->InterceptCount);
451static BOOL pf_config_load_input(wIniFile* ini, proxyConfig* config)
453 WINPR_ASSERT(config);
454 config->Keyboard = pf_config_get_bool(ini, section_input, key_input_kbd, TRUE);
455 config->Mouse = pf_config_get_bool(ini, section_input, key_input_mouse, TRUE);
456 config->Multitouch = pf_config_get_bool(ini, section_input, key_input_multitouch, TRUE);
461static BOOL pf_config_load_security(wIniFile* ini, proxyConfig* config)
463 WINPR_ASSERT(config);
464 config->ServerTlsSecurity =
465 pf_config_get_bool(ini, section_security, key_security_server_tls, TRUE);
466 config->ServerNlaSecurity =
467 pf_config_get_bool(ini, section_security, key_security_server_nla, FALSE);
468 config->ServerRdpSecurity =
469 pf_config_get_bool(ini, section_security, key_security_server_rdp, TRUE);
471 config->ClientTlsSecurity =
472 pf_config_get_bool(ini, section_security, key_security_client_tls, TRUE);
473 config->ClientNlaSecurity =
474 pf_config_get_bool(ini, section_security, key_security_client_nla, TRUE);
475 config->ClientRdpSecurity =
476 pf_config_get_bool(ini, section_security, key_security_client_rdp, TRUE);
477 config->ClientAllowFallbackToTls =
478 pf_config_get_bool(ini, section_security, key_security_client_fallback, TRUE);
483static BOOL pf_config_load_modules(wIniFile* ini, proxyConfig* config)
485 const char* modules_to_load =
nullptr;
486 const char* required_modules =
nullptr;
488 modules_to_load = pf_config_get_str(ini, section_plugins, key_plugins_modules, FALSE);
489 required_modules = pf_config_get_str(ini, section_plugins, key_plugins_required, FALSE);
491 WINPR_ASSERT(config);
492 config->Modules = pf_config_parse_comma_separated_list(modules_to_load, &config->ModulesCount);
494 config->RequiredPlugins =
495 pf_config_parse_comma_separated_list(required_modules, &config->RequiredPluginsCount);
499char* pf_config_decode_base64(
const char* data,
const char* name,
size_t* pLength)
501 const char* headers[] = {
"-----BEGIN PUBLIC KEY-----",
"-----BEGIN RSA PUBLIC KEY-----",
502 "-----BEGIN CERTIFICATE-----",
"-----BEGIN PRIVATE KEY-----",
503 "-----BEGIN RSA PRIVATE KEY-----" };
505 size_t decoded_length = 0;
506 char* decoded =
nullptr;
509 WLog_ERR(TAG,
"Invalid base64 data [nullptr] for %s", name);
514 WINPR_ASSERT(pLength);
516 const size_t length = strlen(data);
518 if (strncmp(data,
"-----", 5) == 0)
520 BOOL expected = FALSE;
521 for (
size_t x = 0; x < ARRAYSIZE(headers); x++)
523 const char* header = headers[x];
525 if (strncmp(data, header, strlen(header)) == 0)
534 char hdr[128] = WINPR_C_ARRAY_INIT;
535 const char* end = strchr(&data[5],
'-');
541 const size_t s = MIN(ARRAYSIZE(hdr) - 1ULL, (
size_t)(end - data));
542 memcpy(hdr, data, s);
545 WLog_WARN(TAG,
"PEM has unexpected header '%s'. Known supported headers are:", hdr);
546 for (
size_t x = 0; x < ARRAYSIZE(headers); x++)
548 const char* header = headers[x];
549 WLog_WARN(TAG,
"%s", header);
553 *pLength = length + 1;
554 return _strdup(data);
557 crypto_base64_decode(data, length, (BYTE**)&decoded, &decoded_length);
558 if (!decoded || decoded_length == 0)
560 WLog_ERR(TAG,
"Failed to decode base64 data of length %" PRIuz
" for %s", length, name);
565 *pLength = strnlen(decoded, decoded_length) + 1;
570static BOOL pf_config_load_certificates(wIniFile* ini, proxyConfig* config)
572 const char* tmp1 =
nullptr;
573 const char* tmp2 =
nullptr;
576 WINPR_ASSERT(config);
578 tmp1 = pf_config_get_str(ini, section_certificates, key_cert_file, FALSE);
581 if (!winpr_PathFileExists(tmp1))
583 WLog_ERR(TAG,
"%s/%s file %s does not exist", section_certificates, key_cert_file,
587 config->CertificateFile = _strdup(tmp1);
588 config->CertificatePEM =
589 crypto_read_pem(config->CertificateFile, &config->CertificatePEMLength);
590 if (!config->CertificatePEM)
592 config->CertificatePEMLength += 1;
594 tmp2 = pf_config_get_str(ini, section_certificates, key_cert_content, FALSE);
597 if (strlen(tmp2) < 1)
599 WLog_ERR(TAG,
"%s/%s has invalid empty value", section_certificates, key_cert_content);
602 config->CertificateContent = _strdup(tmp2);
603 config->CertificatePEM = pf_config_decode_base64(
604 config->CertificateContent,
"CertificateContent", &config->CertificatePEMLength);
605 if (!config->CertificatePEM)
611 "%s/%s and %s/%s are "
612 "mutually exclusive options",
613 section_certificates, key_cert_file, section_certificates, key_cert_content);
616 else if (!tmp1 && !tmp2)
619 "%s/%s or %s/%s are "
621 section_certificates, key_cert_file, section_certificates, key_cert_content);
625 tmp1 = pf_config_get_str(ini, section_certificates, key_private_key_file, FALSE);
628 if (!winpr_PathFileExists(tmp1))
630 WLog_ERR(TAG,
"%s/%s file %s does not exist", section_certificates,
631 key_private_key_file, tmp1);
634 config->PrivateKeyFile = _strdup(tmp1);
635 config->PrivateKeyPEM =
636 crypto_read_pem(config->PrivateKeyFile, &config->PrivateKeyPEMLength);
637 if (!config->PrivateKeyPEM)
639 config->PrivateKeyPEMLength += 1;
641 tmp2 = pf_config_get_str(ini, section_certificates, key_private_key_content, FALSE);
644 if (strlen(tmp2) < 1)
646 WLog_ERR(TAG,
"%s/%s has invalid empty value", section_certificates,
647 key_private_key_content);
650 config->PrivateKeyContent = _strdup(tmp2);
651 config->PrivateKeyPEM = pf_config_decode_base64(
652 config->PrivateKeyContent,
"PrivateKeyContent", &config->PrivateKeyPEMLength);
653 if (!config->PrivateKeyPEM)
660 "%s/%s and %s/%s are "
661 "mutually exclusive options",
662 section_certificates, key_private_key_file, section_certificates,
663 key_private_key_content);
666 else if (!tmp1 && !tmp2)
669 "%s/%s or %s/%s are "
670 "are required settings",
671 section_certificates, key_private_key_file, section_certificates,
672 key_private_key_content);
681 proxyConfig* config =
nullptr;
685 config = calloc(1,
sizeof(proxyConfig));
689 config->TargetTlsSecLevel = 1;
692 if (!pf_config_load_server(ini, config))
695 if (!pf_config_load_target(ini, config))
698 if (!pf_config_load_codecs(ini, config))
701 if (!pf_config_load_channels(ini, config))
704 if (!pf_config_load_input(ini, config))
707 if (!pf_config_load_security(ini, config))
710 if (!pf_config_load_modules(ini, config))
713 if (!pf_config_load_certificates(ini, config))
715 config->ini = IniFile_Clone(ini);
721 WINPR_PRAGMA_DIAG_PUSH
722 WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
724 WINPR_PRAGMA_DIAG_POP
732 wIniFile* ini = IniFile_New();
737 if (IniFile_SetKeyValueString(ini, section_server, key_host,
"0.0.0.0") < 0)
739 if (IniFile_SetKeyValueInt(ini, section_server, key_port, 3389) < 0)
741 if (IniFile_SetKeyValueString(ini, section_server, key_sam_file,
742 "optional/path/some/file.sam") < 0)
746 if (IniFile_SetKeyValueString(ini, section_target, key_host,
"somehost.example.com") < 0)
748 if (IniFile_SetKeyValueInt(ini, section_target, key_port, 3389) < 0)
750 if (IniFile_SetKeyValueString(ini, section_target, key_target_fixed, bool_str_true) < 0)
752 if (IniFile_SetKeyValueInt(ini, section_target, key_target_tls_seclevel, 1) < 0)
754 if (IniFile_SetKeyValueString(ini, section_target, key_target_user,
"optionaltargetuser") < 0)
756 if (IniFile_SetKeyValueString(ini, section_target, key_target_domain,
"optionaltargetdomain") <
759 if (IniFile_SetKeyValueString(ini, section_target, key_target_pwd,
"optionaltargetpassword") <
762 if (IniFile_SetKeyValueString(ini, section_target, key_target_scard_auth, bool_str_false) < 0)
764 if (IniFile_SetKeyValueString(ini, section_target, key_target_scard_cert,
765 "optional/path/some/file.pem.crt") < 0)
767 if (IniFile_SetKeyValueString(ini, section_target, key_target_scard_pem_cert,
768 "<base64 encoded PEM>") < 0)
770 if (IniFile_SetKeyValueString(ini, section_target, key_target_scard_key,
771 "optional/path/some/file.pem.key") < 0)
774 if (IniFile_SetKeyValueString(ini, section_target, key_target_scard_pem_key,
775 "<base64 encoded PEM>") < 0)
778 if (IniFile_SetKeyValueString(ini, section_codecs, key_codecs_rfx, bool_str_true) < 0)
780 if (IniFile_SetKeyValueString(ini, section_codecs, key_codecs_nsc, bool_str_true) < 0)
784 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_gfx, bool_str_true) < 0)
786 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_disp, bool_str_true) < 0)
788 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_clip, bool_str_true) < 0)
790 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_mic, bool_str_true) < 0)
792 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_sound, bool_str_true) < 0)
794 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_rdpdr, bool_str_true) < 0)
796 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_video, bool_str_true) < 0)
798 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_camera, bool_str_true) < 0)
800 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_rails, bool_str_false) < 0)
803 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_blacklist, bool_str_true) < 0)
805 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_pass,
"") < 0)
807 if (IniFile_SetKeyValueString(ini, section_channels, key_channels_intercept,
"") < 0)
811 if (IniFile_SetKeyValueString(ini, section_input, key_input_kbd, bool_str_true) < 0)
813 if (IniFile_SetKeyValueString(ini, section_input, key_input_mouse, bool_str_true) < 0)
815 if (IniFile_SetKeyValueString(ini, section_input, key_input_multitouch, bool_str_true) < 0)
819 if (IniFile_SetKeyValueString(ini, section_security, key_security_server_tls, bool_str_true) <
822 if (IniFile_SetKeyValueString(ini, section_security, key_security_server_nla, bool_str_false) <
825 if (IniFile_SetKeyValueString(ini, section_security, key_security_server_rdp, bool_str_true) <
829 if (IniFile_SetKeyValueString(ini, section_security, key_security_client_tls, bool_str_true) <
832 if (IniFile_SetKeyValueString(ini, section_security, key_security_client_nla, bool_str_true) <
835 if (IniFile_SetKeyValueString(ini, section_security, key_security_client_rdp, bool_str_true) <
838 if (IniFile_SetKeyValueString(ini, section_security, key_security_client_fallback,
843 if (IniFile_SetKeyValueString(ini, section_plugins, key_plugins_modules,
844 "module1,module2,...") < 0)
846 if (IniFile_SetKeyValueString(ini, section_plugins, key_plugins_required,
847 "module1,module2,...") < 0)
851 if (IniFile_SetKeyValueString(ini, section_certificates, key_cert_file,
852 "<absolute path to some certificate file> OR") < 0)
854 if (IniFile_SetKeyValueString(ini, section_certificates, key_cert_content,
855 "<base64 encoded PEM>") < 0)
858 if (IniFile_SetKeyValueString(ini, section_certificates, key_private_key_file,
859 "<absolute path to some private key file> OR") < 0)
861 if (IniFile_SetKeyValueString(ini, section_certificates, key_private_key_content,
862 "<base64 encoded PEM>") < 0)
865 if ((strcmp(
"stdout", file) == 0) || (strcmp(
"stderr", file) == 0))
867 char* buffer = IniFile_WriteBuffer(ini);
871 if (strcmp(
"stdout", file) == 0)
873 (void)fprintf(fp,
"%s", buffer);
879 if (IniFile_WriteFile(ini, file) < 0)
892 proxyConfig* config =
nullptr;
893 wIniFile* ini =
nullptr;
899 WLog_ERR(TAG,
"IniFile_New() failed!");
903 if (IniFile_ReadBuffer(ini, buffer) < 0)
905 WLog_ERR(TAG,
"failed to parse ini: '%s'", buffer);
917 proxyConfig* config =
nullptr;
918 wIniFile* ini = IniFile_New();
922 WLog_ERR(TAG,
"IniFile_New() failed!");
926 if (IniFile_ReadFile(ini, path) < 0)
928 WLog_ERR(TAG,
"failed to parse ini file: '%s'", path);
938static void pf_server_config_print_list(
char** list,
size_t count)
941 for (
size_t i = 0; i < count; i++)
942 WLog_INFO(TAG,
"\t\t- %s", list[i]);
947 WINPR_ASSERT(config);
948 WLog_INFO(TAG,
"Proxy configuration:");
950 CONFIG_PRINT_SECTION(section_server);
951 CONFIG_PRINT_STR(config, Host);
952 CONFIG_PRINT_STR(config, SamFile);
953 CONFIG_PRINT_UINT16(config, Port);
955 if (config->FixedTarget)
957 CONFIG_PRINT_SECTION(section_target);
958 CONFIG_PRINT_STR(config, TargetHost);
959 CONFIG_PRINT_UINT16(config, TargetPort);
960 CONFIG_PRINT_UINT32(config, TargetTlsSecLevel);
962 CONFIG_PRINT_STR(config, TargetUser);
963 CONFIG_PRINT_STR(config, TargetDomain);
964 CONFIG_PRINT_SECRET_STR(config, TargetPassword);
966 CONFIG_PRINT_BOOL(config, TargetSmartcardAuth);
967 CONFIG_PRINT_SECRET_STR(config, TargetSmartcardCert);
968 CONFIG_PRINT_SECRET_STR(config, TargetSmartcardKey);
971 CONFIG_PRINT_SECTION(section_input);
972 CONFIG_PRINT_BOOL(config, Keyboard);
973 CONFIG_PRINT_BOOL(config, Mouse);
974 CONFIG_PRINT_BOOL(config, Multitouch);
976 CONFIG_PRINT_SECTION(section_security);
977 CONFIG_PRINT_BOOL(config, ServerNlaSecurity);
978 CONFIG_PRINT_BOOL(config, ServerTlsSecurity);
979 CONFIG_PRINT_BOOL(config, ServerRdpSecurity);
980 CONFIG_PRINT_BOOL(config, ClientNlaSecurity);
981 CONFIG_PRINT_BOOL(config, ClientTlsSecurity);
982 CONFIG_PRINT_BOOL(config, ClientRdpSecurity);
983 CONFIG_PRINT_BOOL(config, ClientAllowFallbackToTls);
985 CONFIG_PRINT_SECTION(section_codecs);
986 CONFIG_PRINT_BOOL(config, RFX);
987 CONFIG_PRINT_BOOL(config, NSC);
989 CONFIG_PRINT_SECTION(section_channels);
990 CONFIG_PRINT_BOOL(config, GFX);
991 CONFIG_PRINT_BOOL(config, DisplayControl);
992 CONFIG_PRINT_BOOL(config, Clipboard);
993 CONFIG_PRINT_BOOL(config, AudioOutput);
994 CONFIG_PRINT_BOOL(config, AudioInput);
995 CONFIG_PRINT_BOOL(config, DeviceRedirection);
996 CONFIG_PRINT_BOOL(config, VideoRedirection);
997 CONFIG_PRINT_BOOL(config, CameraRedirection);
998 CONFIG_PRINT_BOOL(config, RemoteApp);
999 CONFIG_PRINT_BOOL(config, PassthroughIsBlacklist);
1001 if (config->PassthroughCount)
1003 WLog_INFO(TAG,
"\tStatic Channels Proxy:");
1004 pf_server_config_print_list(config->Passthrough, config->PassthroughCount);
1007 if (config->InterceptCount)
1009 WLog_INFO(TAG,
"\tStatic Channels Proxy-Intercept:");
1010 pf_server_config_print_list(config->Intercept, config->InterceptCount);
1014 CONFIG_PRINT_SECTION_KEY(section_plugins, key_plugins_modules);
1015 for (
size_t x = 0; x < config->ModulesCount; x++)
1016 CONFIG_PRINT_STR(config, Modules[x]);
1019 CONFIG_PRINT_SECTION_KEY(section_plugins, key_plugins_required);
1020 for (
size_t x = 0; x < config->RequiredPluginsCount; x++)
1021 CONFIG_PRINT_STR(config, RequiredPlugins[x]);
1023 CONFIG_PRINT_SECTION(section_certificates);
1024 CONFIG_PRINT_STR(config, CertificateFile);
1025 CONFIG_PRINT_SECRET_STR(config, CertificateContent);
1026 CONFIG_PRINT_STR(config, PrivateKeyFile);
1027 CONFIG_PRINT_SECRET_STR(config, PrivateKeyContent);
1032 if (config ==
nullptr)
1035 zfree(config->Host);
1036 zfree(config->SamFile);
1037 zfree(config->TargetHost);
1038 zfree(config->TargetUser);
1039 zfree(config->TargetDomain);
1040 zfree(config->TargetPassword);
1041 znfree(config->TargetSmartcardCert, config->TargetSmartcardCertLength);
1042 znfree(config->TargetSmartcardKey, config->TargetSmartcardKeyLength);
1044 CommandLineParserFree(config->Passthrough);
1045 CommandLineParserFree(config->Intercept);
1046 CommandLineParserFree(config->Modules);
1047 CommandLineParserFree(config->RequiredPlugins);
1049 zfree(config->CertificateFile);
1050 zfree(config->CertificateContent);
1051 znfree(config->CertificatePEM, config->CertificatePEMLength);
1052 zfree(config->PrivateKeyFile);
1053 zfree(config->PrivateKeyContent);
1054 znfree(config->PrivateKeyPEM, config->PrivateKeyPEMLength);
1055 IniFile_Free(config->ini);
1061 WINPR_ASSERT(config);
1062 return config->RequiredPluginsCount;
1067 WINPR_ASSERT(config);
1068 if (index >= config->RequiredPluginsCount)
1071 return config->RequiredPlugins[index];
1076 WINPR_ASSERT(config);
1077 return config->ModulesCount;
1088 WINPR_ASSERT(config);
1090 cnv.ppc = config->Modules;
1095static BOOL pf_config_copy_string_n(
char** dst,
const char* src,
size_t size)
1099 if (src && (size > 0))
1101 WINPR_ASSERT(strnlen(src, size) == size - 1);
1102 *dst = calloc(size,
sizeof(
char));
1105 memcpy(*dst, src, size);
1112static BOOL pf_config_copy_string_list(
char*** dst,
size_t* size,
char** src,
size_t srcSize)
1116 WINPR_ASSERT(src || (srcSize == 0));
1120 if (srcSize > INT32_MAX)
1125 char* csv = CommandLineToCommaSeparatedValues((INT32)srcSize, src);
1126 *dst = CommandLineParseCommaSeparatedValues(csv, size);
1135 proxyConfig* tmp = calloc(1,
sizeof(proxyConfig));
1138 WINPR_ASSERT(config);
1145 if (!pf_config_copy_string(&tmp->Host, config->Host))
1147 if (!pf_config_copy_string(&tmp->SamFile, config->SamFile))
1149 if (!pf_config_copy_string(&tmp->TargetHost, config->TargetHost))
1151 if (!pf_config_copy_string(&tmp->TargetUser, config->TargetUser))
1153 if (!pf_config_copy_string(&tmp->TargetDomain, config->TargetDomain))
1155 if (!pf_config_copy_string(&tmp->TargetPassword, config->TargetPassword))
1157 if (!pf_config_copy_string_n(&tmp->TargetSmartcardCert, config->TargetSmartcardCert,
1158 config->TargetSmartcardCertLength))
1160 if (!pf_config_copy_string_n(&tmp->TargetSmartcardKey, config->TargetSmartcardKey,
1161 config->TargetSmartcardKeyLength))
1163 if (!pf_config_copy_string_list(&tmp->Passthrough, &tmp->PassthroughCount, config->Passthrough,
1164 config->PassthroughCount))
1166 if (!pf_config_copy_string_list(&tmp->Intercept, &tmp->InterceptCount, config->Intercept,
1167 config->InterceptCount))
1169 if (!pf_config_copy_string_list(&tmp->Modules, &tmp->ModulesCount, config->Modules,
1170 config->ModulesCount))
1172 if (!pf_config_copy_string_list(&tmp->RequiredPlugins, &tmp->RequiredPluginsCount,
1173 config->RequiredPlugins, config->RequiredPluginsCount))
1175 if (!pf_config_copy_string(&tmp->CertificateFile, config->CertificateFile))
1177 if (!pf_config_copy_string(&tmp->CertificateContent, config->CertificateContent))
1179 if (!pf_config_copy_string_n(&tmp->CertificatePEM, config->CertificatePEM,
1180 config->CertificatePEMLength))
1182 if (!pf_config_copy_string(&tmp->PrivateKeyFile, config->PrivateKeyFile))
1184 if (!pf_config_copy_string(&tmp->PrivateKeyContent, config->PrivateKeyContent))
1186 if (!pf_config_copy_string_n(&tmp->PrivateKeyPEM, config->PrivateKeyPEM,
1187 config->PrivateKeyPEMLength))
1190 tmp->ini = IniFile_Clone(config->ini);
1198 WINPR_PRAGMA_DIAG_PUSH
1199 WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
1201 WINPR_PRAGMA_DIAG_POP
1205struct config_plugin_data
1207 proxyPluginsManager* mgr;
1208 const proxyConfig* config;
1211static const char config_plugin_name[] =
"config";
1212static const char config_plugin_desc[] =
1213 "A plugin filtering according to proxy configuration file rules";
1216static BOOL config_plugin_unload(proxyPlugin* plugin)
1218 WINPR_ASSERT(plugin);
1223 free(plugin->custom);
1224 plugin->custom =
nullptr;
1231static BOOL config_plugin_keyboard_event(proxyPlugin* plugin, WINPR_ATTR_UNUSED proxyData* pdata,
1235 const struct config_plugin_data* custom =
nullptr;
1236 const proxyConfig* cfg =
nullptr;
1239 WINPR_ASSERT(plugin);
1240 WINPR_ASSERT(pdata);
1241 WINPR_ASSERT(event_data);
1243 WINPR_UNUSED(event_data);
1245 custom = plugin->custom;
1246 WINPR_ASSERT(custom);
1248 cfg = custom->config;
1252 WLog_DBG(TAG,
"%s", boolstr(rc));
1257static BOOL config_plugin_unicode_event(proxyPlugin* plugin, WINPR_ATTR_UNUSED proxyData* pdata,
1261 const struct config_plugin_data* custom =
nullptr;
1262 const proxyConfig* cfg =
nullptr;
1265 WINPR_ASSERT(plugin);
1266 WINPR_ASSERT(pdata);
1267 WINPR_ASSERT(event_data);
1269 WINPR_UNUSED(event_data);
1271 custom = plugin->custom;
1272 WINPR_ASSERT(custom);
1274 cfg = custom->config;
1278 WLog_DBG(TAG,
"%s", boolstr(rc));
1283static BOOL config_plugin_mouse_event(proxyPlugin* plugin, WINPR_ATTR_UNUSED proxyData* pdata,
1287 const struct config_plugin_data* custom =
nullptr;
1288 const proxyConfig* cfg =
nullptr;
1291 WINPR_ASSERT(plugin);
1292 WINPR_ASSERT(pdata);
1293 WINPR_ASSERT(event_data);
1295 WINPR_UNUSED(event_data);
1297 custom = plugin->custom;
1298 WINPR_ASSERT(custom);
1300 cfg = custom->config;
1308static BOOL config_plugin_mouse_ex_event(proxyPlugin* plugin, WINPR_ATTR_UNUSED proxyData* pdata,
1312 const struct config_plugin_data* custom =
nullptr;
1313 const proxyConfig* cfg =
nullptr;
1316 WINPR_ASSERT(plugin);
1317 WINPR_ASSERT(pdata);
1318 WINPR_ASSERT(event_data);
1320 WINPR_UNUSED(event_data);
1322 custom = plugin->custom;
1323 WINPR_ASSERT(custom);
1325 cfg = custom->config;
1333static BOOL config_plugin_client_channel_data(WINPR_ATTR_UNUSED proxyPlugin* plugin,
1334 WINPR_ATTR_UNUSED proxyData* pdata,
void* param)
1338 WINPR_ASSERT(plugin);
1339 WINPR_ASSERT(pdata);
1340 WINPR_ASSERT(channel);
1342 WLog_DBG(TAG,
"%s [0x%04" PRIx16
"] got %" PRIuz, channel->channel_name, channel->channel_id,
1348static BOOL config_plugin_server_channel_data(WINPR_ATTR_UNUSED proxyPlugin* plugin,
1349 WINPR_ATTR_UNUSED proxyData* pdata,
void* param)
1353 WINPR_ASSERT(plugin);
1354 WINPR_ASSERT(pdata);
1355 WINPR_ASSERT(channel);
1357 WLog_DBG(TAG,
"%s [0x%04" PRIx16
"] got %" PRIuz, channel->channel_name, channel->channel_id,
1363static BOOL config_plugin_dynamic_channel_create(proxyPlugin* plugin,
1364 WINPR_ATTR_UNUSED proxyData* pdata,
void* param)
1369 WINPR_ASSERT(plugin);
1370 WINPR_ASSERT(pdata);
1371 WINPR_ASSERT(channel);
1373 const struct config_plugin_data* custom = plugin->custom;
1374 WINPR_ASSERT(custom);
1376 const proxyConfig* cfg = custom->config;
1379 pf_utils_channel_mode rc = pf_utils_get_channel_mode(cfg, channel->channel_name);
1383 case PF_UTILS_CHANNEL_INTERCEPT:
1384 case PF_UTILS_CHANNEL_PASSTHROUGH:
1387 case PF_UTILS_CHANNEL_BLOCK:
1395 if (strncmp(RDPGFX_DVC_CHANNEL_NAME, channel->channel_name,
1396 sizeof(RDPGFX_DVC_CHANNEL_NAME)) == 0)
1398 else if (strncmp(RDPSND_DVC_CHANNEL_NAME, channel->channel_name,
1399 sizeof(RDPSND_DVC_CHANNEL_NAME)) == 0)
1400 accept = cfg->AudioOutput;
1401 else if (strncmp(RDPSND_LOSSY_DVC_CHANNEL_NAME, channel->channel_name,
1402 sizeof(RDPSND_LOSSY_DVC_CHANNEL_NAME)) == 0)
1403 accept = cfg->AudioOutput;
1404 else if (strncmp(AUDIN_DVC_CHANNEL_NAME, channel->channel_name,
1405 sizeof(AUDIN_DVC_CHANNEL_NAME)) == 0)
1406 accept = cfg->AudioInput;
1407 else if (strncmp(RDPEI_DVC_CHANNEL_NAME, channel->channel_name,
1408 sizeof(RDPEI_DVC_CHANNEL_NAME)) == 0)
1409 accept = cfg->Multitouch;
1410 else if (strncmp(TSMF_DVC_CHANNEL_NAME, channel->channel_name,
1411 sizeof(TSMF_DVC_CHANNEL_NAME)) == 0)
1412 accept = cfg->VideoRedirection;
1413 else if (strncmp(VIDEO_CONTROL_DVC_CHANNEL_NAME, channel->channel_name,
1414 sizeof(VIDEO_CONTROL_DVC_CHANNEL_NAME)) == 0)
1415 accept = cfg->VideoRedirection;
1416 else if (strncmp(VIDEO_DATA_DVC_CHANNEL_NAME, channel->channel_name,
1417 sizeof(VIDEO_DATA_DVC_CHANNEL_NAME)) == 0)
1418 accept = cfg->VideoRedirection;
1419 else if (strncmp(RDPECAM_DVC_CHANNEL_NAME, channel->channel_name,
1420 sizeof(RDPECAM_DVC_CHANNEL_NAME)) == 0)
1421 accept = cfg->CameraRedirection;
1424 WLog_DBG(TAG,
"%s [0x%04" PRIx16
"]: %s", channel->channel_name, channel->channel_id,
1430static BOOL config_plugin_channel_create(proxyPlugin* plugin, WINPR_ATTR_UNUSED proxyData* pdata,
1436 WINPR_ASSERT(plugin);
1437 WINPR_ASSERT(pdata);
1438 WINPR_ASSERT(channel);
1440 const struct config_plugin_data* custom = plugin->custom;
1441 WINPR_ASSERT(custom);
1443 const proxyConfig* cfg = custom->config;
1446 pf_utils_channel_mode rc = pf_utils_get_channel_mode(cfg, channel->channel_name);
1449 case PF_UTILS_CHANNEL_INTERCEPT:
1450 case PF_UTILS_CHANNEL_PASSTHROUGH:
1453 case PF_UTILS_CHANNEL_BLOCK:
1460 if (strncmp(CLIPRDR_SVC_CHANNEL_NAME, channel->channel_name,
1461 sizeof(CLIPRDR_SVC_CHANNEL_NAME)) == 0)
1462 accept = cfg->Clipboard;
1463 else if (strncmp(RDPSND_CHANNEL_NAME, channel->channel_name,
sizeof(RDPSND_CHANNEL_NAME)) ==
1465 accept = cfg->AudioOutput;
1466 else if (strncmp(RDPDR_SVC_CHANNEL_NAME, channel->channel_name,
1467 sizeof(RDPDR_SVC_CHANNEL_NAME)) == 0)
1468 accept = cfg->DeviceRedirection;
1469 else if (strncmp(DISP_DVC_CHANNEL_NAME, channel->channel_name,
1470 sizeof(DISP_DVC_CHANNEL_NAME)) == 0)
1471 accept = cfg->DisplayControl;
1472 else if (strncmp(RAIL_SVC_CHANNEL_NAME, channel->channel_name,
1473 sizeof(RAIL_SVC_CHANNEL_NAME)) == 0)
1474 accept = cfg->RemoteApp;
1477 WLog_DBG(TAG,
"%s [static]: %s", channel->channel_name, boolstr(accept));
1483 struct config_plugin_data* custom =
nullptr;
1484 proxyPlugin plugin = WINPR_C_ARRAY_INIT;
1486 plugin.name = config_plugin_name;
1487 plugin.description = config_plugin_desc;
1488 plugin.PluginUnload = config_plugin_unload;
1490 plugin.KeyboardEvent = config_plugin_keyboard_event;
1491 plugin.UnicodeEvent = config_plugin_unicode_event;
1492 plugin.MouseEvent = config_plugin_mouse_event;
1493 plugin.MouseExEvent = config_plugin_mouse_ex_event;
1494 plugin.ClientChannelData = config_plugin_client_channel_data;
1495 plugin.ServerChannelData = config_plugin_server_channel_data;
1496 plugin.ChannelCreate = config_plugin_channel_create;
1497 plugin.DynamicChannelCreate = config_plugin_dynamic_channel_create;
1498 plugin.userdata = userdata;
1500 custom = calloc(1,
sizeof(
struct config_plugin_data));
1504 custom->mgr = plugins_manager;
1505 custom->config = userdata;
1507 plugin.custom = custom;
1508 plugin.userdata = userdata;
1510 return plugins_manager->RegisterPlugin(plugins_manager, &plugin);
1513const char*
pf_config_get(
const proxyConfig* config,
const char* section,
const char* key)
1515 WINPR_ASSERT(config);
1516 WINPR_ASSERT(config->ini);
1517 WINPR_ASSERT(section);
1520 return IniFile_GetKeyValueString(config->ini, section, key);
proxyConfig * pf_server_config_load_buffer(const char *buffer)
pf_server_config_load_buffer Create a proxyConfig from a memory string buffer in INI file format
void pf_server_config_free(proxyConfig *config)
pf_server_config_free Releases all resources associated with proxyConfig
void pf_server_config_print(const proxyConfig *config)
pf_server_config_print Print the configuration to stdout
const char ** pf_config_modules(const proxyConfig *config)
pf_config_modules
const char * pf_config_required_plugin(const proxyConfig *config, size_t index)
pf_config_required_plugin
size_t pf_config_modules_count(const proxyConfig *config)
pf_config_modules_count
BOOL pf_config_clone(proxyConfig **dst, const proxyConfig *config)
pf_config_clone Create a copy of the configuration
size_t pf_config_required_plugins_count(const proxyConfig *config)
pf_config_required_plugins_count
proxyConfig * server_config_load_ini(wIniFile *ini)
server_config_load_ini Create a proxyConfig from a already loaded INI file.
proxyConfig * pf_server_config_load_file(const char *path)
pf_server_config_load_file Create a proxyConfig from a INI file found at path.
BOOL pf_server_config_dump(const char *file)
pf_server_config_dump Dumps a default INI configuration file
BOOL pf_config_plugin(proxyPluginsManager *plugins_manager, void *userdata)
pf_config_plugin Register a proxy plugin handling event filtering defined in the configuration.
const char * pf_config_get(const proxyConfig *config, const char *section, const char *key)
pf_config_get get a value for a section/key
1.9.8