xfreerdp-server: auto-generate self-signed certificate

davidleake · Apr 23, 2013 · fae24b1 · fae24b1
1 parent a644658
commit fae24b1
Show file tree

Hide file tree

Showing 8 changed files with 73 additions and 18 deletions.
diff --git a/client/X11/xf_interface.c b/client/X11/xf_interface.c
@@ -642,7 +642,7 @@ BOOL xf_pre_connect(freerdp* instance)
 
 	xfi->display = XOpenDisplay(NULL);
 
-	if (xfi->display == NULL)
+	if (!xfi->display)
 	{
 		fprintf(stderr, "xf_pre_connect: failed to open display: %s\n", XDisplayName(NULL));
 		fprintf(stderr, "Please check that the $DISPLAY environment variable is properly set.\n");

diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
@@ -249,17 +249,16 @@ BOOL tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_file)
 
 	SSL_CTX_set_options(tls->ctx, options);
 
-	fprintf(stderr, "private key file: %s\n", privatekey_file);
-
 	if (SSL_CTX_use_RSAPrivateKey_file(tls->ctx, privatekey_file, SSL_FILETYPE_PEM) <= 0)
 	{
 		fprintf(stderr, "SSL_CTX_use_RSAPrivateKey_file failed\n");
+		fprintf(stderr, "PrivateKeyFile: %s\n", privatekey_file);
 		return FALSE;
 	}
 
 	tls->ssl = SSL_new(tls->ctx);
 
-	if (tls->ssl == NULL)
+	if (!tls->ssl)
 	{
 		fprintf(stderr, "SSL_new failed\n");
 		return FALSE;
@@ -273,7 +272,7 @@ BOOL tls_accept(rdpTls* tls, const char* cert_file, const char* privatekey_file)
 
 	cert = tls_get_certificate(tls, FALSE);
 
-	if (cert == NULL)
+	if (!cert)
 	{
 		fprintf(stderr, "tls_connect: tls_get_certificate failed to return the server certificate.\n");
 		return FALSE;

diff --git a/server/X11/CMakeLists.txt b/server/X11/CMakeLists.txt
@@ -19,6 +19,7 @@ set(MODULE_NAME "xfreerdp-server")
 set(MODULE_PREFIX "FREERDP_SERVER_X11")
 
 include_directories(${X11_INCLUDE_DIRS})
+include_directories("../../winpr/tools/makecert")
 
 set(${MODULE_PREFIX}_SRCS
 	xf_peer.c
@@ -96,6 +97,8 @@ set_complex_link_libraries(VARIABLE ${MODULE_PREFIX}_LIBS
 	MODULE winpr
 	MODULES winpr-sspi)
 
+set(${MODULE_PREFIX}_LIBS ${${MODULE_PREFIX}_LIBS} winpr-makecert-tool)
+
 target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS})
 install(TARGETS ${MODULE_NAME} DESTINATION ${CMAKE_INSTALL_BINDIR})
 

diff --git a/server/X11/xf_peer.c b/server/X11/xf_peer.c
@@ -36,6 +36,7 @@
 #include <winpr/file.h>
 #include <winpr/path.h>
 #include <winpr/synch.h>
+#include <winpr/thread.h>
 
 #include <freerdp/freerdp.h>
 #include <freerdp/codec/color.h>
@@ -44,6 +45,8 @@
 #include "xf_input.h"
 #include "xf_encode.h"
 
+#include "makecert.h"
+
 #include "xf_peer.h"
 
 #ifdef WITH_XDAMAGE
@@ -190,6 +193,8 @@ xfInfo* xf_info_init()
 	 */
 	xfi->use_xshm = FALSE;
 
+	setenv("DISPLAY", ":0", 1); /* Set DISPLAY variable if not already set */
+
 	if (!XInitThreads())
 		fprintf(stderr, "warning: XInitThreads() failure\n");
 
@@ -521,7 +526,53 @@ BOOL xf_peer_activate(freerdp_peer* client)
 	return TRUE;
 }
 
-void* xf_peer_main_loop(void* arg)
+const char* makecert_argv[4] =
+{
+	"makecert",
+	"-rdp",
+	"-live",
+	"-silent"
+};
+
+int makecert_argc = (sizeof(makecert_argv) / sizeof(char*));
+
+int xf_generate_certificate(rdpSettings* settings)
+{
+	char* server_file_path;
+	MAKECERT_CONTEXT* context;
+
+	server_file_path = GetCombinedPath(settings->ConfigPath, "server");
+
+	if (!PathFileExistsA(server_file_path))
+		CreateDirectoryA(server_file_path, 0);
+
+	settings->CertificateFile = GetCombinedPath(server_file_path, "server.crt");
+	settings->PrivateKeyFile = GetCombinedPath(server_file_path, "server.key");
+
+	if ((!PathFileExistsA(settings->CertificateFile)) ||
+			(!PathFileExistsA(settings->PrivateKeyFile)))
+	{
+		context = makecert_context_new();
+
+		makecert_context_process(context, makecert_argc, (char**) makecert_argv);
+
+		makecert_context_set_output_file_name(context, "server");
+
+		if (!PathFileExistsA(settings->CertificateFile))
+			makecert_context_output_certificate_file(context, server_file_path);
+
+		if (!PathFileExistsA(settings->PrivateKeyFile))
+			makecert_context_output_private_key_file(context, server_file_path);
+
+		makecert_context_free(context);
+	}
+
+	free(server_file_path);
+
+	return 0;
+}
+
+static void* xf_peer_main_loop(void* arg)
 {
 	int i;
 	int fds;
@@ -530,7 +581,6 @@ void* xf_peer_main_loop(void* arg)
 	void* rfds[32];
 	fd_set rfds_set;
 	rdpSettings* settings;
-	char* server_file_path;
 	freerdp_peer* client = (freerdp_peer*) arg;
 	xfPeerContext* xfp;
 
@@ -545,13 +595,7 @@ void* xf_peer_main_loop(void* arg)
 
 	/* Initialize the real server settings here */
 
-	server_file_path = GetCombinedPath(settings->ConfigPath, "server");
-
-	if (!PathFileExistsA(server_file_path))
-		CreateDirectoryA(server_file_path, 0);
-
-	settings->CertificateFile = GetCombinedPath(server_file_path, "server.crt");
-	settings->PrivateKeyFile = GetCombinedPath(server_file_path, "server.key");
+	xf_generate_certificate(settings);
 
 	settings->RemoteFxCodec = TRUE;
 	settings->ColorDepth = 32;
@@ -638,8 +682,7 @@ void* xf_peer_main_loop(void* arg)
 
 void xf_peer_accepted(freerdp_listener* instance, freerdp_peer* client)
 {
-	pthread_t th;
+	HANDLE thread;
 
-	pthread_create(&th, 0, xf_peer_main_loop, client);
-	pthread_detach(th);
+	thread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE) xf_peer_main_loop, client, 0, NULL);
 }
diff --git a/winpr/libwinpr/path/shell.c b/winpr/libwinpr/path/shell.c
@@ -140,6 +140,9 @@ char* GetPath_XDG_CONFIG_HOME()
 
 	home = GetPath_HOME();
 
+	if (!home)
+		home = GetPath_TEMP();
+
 	path = (char*) malloc(strlen(home) + strlen("/.config") + 1);
 	sprintf(path, "%s%s", home, "/.config");
 

diff --git a/winpr/tools/makecert/CMakeLists.txt b/winpr/tools/makecert/CMakeLists.txt
@@ -25,7 +25,7 @@ set(${MODULE_PREFIX}_SRCS
 include_directories(${ZLIB_INCLUDE_DIRS})
 include_directories(${OPENSSL_INCLUDE_DIR})
 
-add_library(${MODULE_NAME} ${${MODULE_PREFIX}_SRCS})
+add_library(${MODULE_NAME} STATIC ${${MODULE_PREFIX}_SRCS})
 
 set(${MODULE_PREFIX}_LIBS
 	${ZLIB_LIBRARIES}

diff --git a/winpr/tools/makecert/makecert.c b/winpr/tools/makecert/makecert.c
@@ -362,6 +362,12 @@ int makecert_context_parse_arguments(MAKECERT_CONTEXT* context, int argc, char**
 	return 1;
 }
 
+int makecert_context_set_output_file_name(MAKECERT_CONTEXT* context, char* name)
+{
+	context->output_file = _strdup(name);
+	return 1;
+}
+
 int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* path)
 {
 	FILE* fp;

diff --git a/winpr/tools/makecert/makecert.h b/winpr/tools/makecert/makecert.h
@@ -27,6 +27,7 @@ typedef struct _MAKECERT_CONTEXT MAKECERT_CONTEXT;
 
 WINPR_API int makecert_context_process(MAKECERT_CONTEXT* context, int argc, char** argv);
 
+WINPR_API int makecert_context_set_output_file_name(MAKECERT_CONTEXT* context, char* name);
 WINPR_API int makecert_context_output_certificate_file(MAKECERT_CONTEXT* context, char* path);
 WINPR_API int makecert_context_output_private_key_file(MAKECERT_CONTEXT* context, char* path);