command: new service

Author: af-airbus

README.md

@@ -11,6 +11,8 @@ Citrix (work in progress) and native Windows RDP. It supports useful debug servi
 soxy has a frontend and a backend component, the latter executes inside a Windows instance managed by one of the supported VDIs, the frontend bridges access to backend functions by exposing VDI-side resources locally using a common protocol. At the time of writing, soxy provides:
 
 - a (basic) FTP server to access the virtual machine's filesystem;
+- a telnet-like interface to spawn and interact console/shell executed on the
+  virtual machine;
 - a telnet-like interface to read/write the Windows clipboard of the
   virtual machine;
 - a SOCKS5 proxy which permits to open connections on client's side as
@@ -258,6 +260,11 @@ command such as nc, and use the available commands:
 - `read` or `get`: retrieves the content of the remote clipboard;
 - `exit` or `quit`: closes the connection.
 
+#### Remote Console/Shell
+
+Connect to `localhost:3031` on your client machine with a telnet-like
+command such as nc, and use the available commands.
+
 #### Remote Filesystem
 
 Connect to `localhost:2021` on your client machine with your favorite

common/src/api.rs

@@ -3,12 +3,14 @@ use std::{borrow, fmt, io, sync};
 const CHUNK_LENGTH: usize = 1600; // this is the max value
 
 const SERVICE_CLIPBOARD: &str = "clipboard";
+const SERVICE_COMMAND: &str = "command";
 const SERVICE_FTP: &str = "ftp";
 const SERVICE_SOCKS5: &str = "socks5";
 
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub enum Service {
     Clipboard,
+    Command,
     Ftp,
     Socks5,
 }
@@ -17,6 +19,7 @@ impl Service {
     const fn value(self) -> &'static str {
         match self {
             Self::Clipboard => SERVICE_CLIPBOARD,
+            Self::Command => SERVICE_COMMAND,
             Self::Ftp => SERVICE_FTP,
             Self::Socks5 => SERVICE_SOCKS5,
         }
@@ -34,6 +37,7 @@ impl<'a> TryFrom<&'a [u8]> for Service {
         let s = String::from_utf8_lossy(value);
         match s.as_ref() {
             SERVICE_CLIPBOARD => Ok(Self::Clipboard),
+            SERVICE_COMMAND => Ok(Self::Command),
             SERVICE_FTP => Ok(Self::Ftp),
             SERVICE_SOCKS5 => Ok(Self::Socks5),
             _ => Err(s),

common/src/command/backend.rs

@@ -0,0 +1,72 @@
+use crate::{api, service};
+use std::{io, process, thread};
+
+const SERVICE: api::Service = api::Service::Command;
+const SERVICE_KIND: api::ServiceKind = api::ServiceKind::Backend;
+
+pub struct Server {}
+
+impl service::Backend for Server {
+    fn accept(rdp_stream: service::RdpStream<'_>) -> Result<(), io::Error> {
+        let client_id = rdp_stream.client_id();
+
+        #[cfg(target_os = "windows")]
+        let cmd = "cmd.exe";
+        #[cfg(not(target_os = "windows"))]
+        let cmd = "sh";
+
+        crate::debug!("starting {cmd:?}");
+
+        thread::scope(|scope| {
+            let child = process::Command::new(cmd)
+                .stdin(process::Stdio::piped())
+                .stdout(process::Stdio::piped())
+                .stderr(process::Stdio::piped())
+                .spawn()?;
+
+            let mut stdin = child
+                .stdin
+                .ok_or(io::Error::new(io::ErrorKind::InvalidInput, "no stdin"))?;
+            let mut stdout = child
+                .stdout
+                .ok_or(io::Error::new(io::ErrorKind::InvalidInput, "no stdout"))?;
+            let mut stderr = child
+                .stderr
+                .ok_or(io::Error::new(io::ErrorKind::InvalidInput, "no stderr"))?;
+
+            let (mut rdp_stream_read, mut rdp_stream_write_out) = rdp_stream.split();
+            let mut rdp_stream_write_err = rdp_stream_write_out.clone();
+
+            thread::Builder::new()
+                .name(format!("{SERVICE_KIND} {SERVICE} {client_id:x} stdout"))
+                .spawn_scoped(scope, move || {
+                    if let Err(e) = service::stream_copy(&mut stdout, &mut rdp_stream_write_out) {
+                        crate::debug!("error: {e}");
+                    } else {
+                        crate::debug!("stopped");
+                    }
+                })
+                .unwrap();
+
+            thread::Builder::new()
+                .name(format!("{SERVICE_KIND} {SERVICE} {client_id:x} stderr"))
+                .spawn_scoped(scope, move || {
+                    if let Err(e) = service::stream_copy(&mut stderr, &mut rdp_stream_write_err) {
+                        crate::debug!("error: {e}");
+                    } else {
+                        crate::debug!("stopped");
+                    }
+                })
+                .unwrap();
+
+            if let Err(e) = service::stream_copy(&mut rdp_stream_read, &mut stdin) {
+                crate::debug!("error: {e}");
+            } else {
+                crate::debug!("stopped");
+            }
+            rdp_stream_read.disconnect();
+
+            Ok(())
+        })
+    }
+}

common/src/command/frontend.rs

@@ -0,0 +1,52 @@
+use crate::{api, service};
+use std::{io, net, thread};
+
+const SERVICE: api::Service = api::Service::Command;
+const SERVICE_KIND: api::ServiceKind = api::ServiceKind::Frontend;
+
+pub struct Server {
+    server: net::TcpListener,
+}
+
+impl Server {
+    fn accept(stream: net::TcpStream) -> Client {
+        Client { stream }
+    }
+}
+
+impl service::Frontend for Server {
+    fn bind(tcp: net::SocketAddr) -> Result<Self, io::Error> {
+        let server = net::TcpListener::bind(tcp)?;
+        crate::info!("accepting {SERVICE} clients on {}", server.local_addr()?);
+        Ok(Self { server })
+    }
+
+    fn start(&mut self, channel: &service::Channel) -> Result<(), io::Error> {
+        thread::scope(|scope| loop {
+            let (client, client_addr) = self.server.accept()?;
+
+            crate::debug!("new client {client_addr}");
+
+            let client = Self::accept(client);
+
+            thread::Builder::new()
+                .name(format!("{SERVICE_KIND} {SERVICE} {client_addr}"))
+                .spawn_scoped(scope, move || {
+                    if let Err(e) = client.start(channel) {
+                        crate::debug!("error: {e}");
+                    }
+                })?;
+        })
+    }
+}
+
+struct Client {
+    stream: net::TcpStream,
+}
+
+impl Client {
+    fn start(self, channel: &service::Channel) -> Result<(), io::Error> {
+        let client_rdp = channel.connect(SERVICE)?;
+        service::double_stream_copy(SERVICE_KIND, SERVICE, client_rdp, self.stream)
+    }
+}

common/src/command/mod.rs

@@ -0,0 +1,2 @@
+pub mod backend;
+pub mod frontend;

common/src/lib.rs

@@ -3,6 +3,7 @@ pub mod log;
 pub mod service;
 
 pub mod clipboard;
+pub mod command;
 pub mod ftp;
 pub mod socks5;
 

common/src/service.rs

@@ -1,4 +1,4 @@
-use crate::{api, clipboard, ftp, socks5};
+use crate::{api, clipboard, command, ftp, socks5};
 use std::{
     collections::{self, hash_map},
     io::{self, Write},
@@ -104,6 +104,11 @@ impl Channel {
                                     crate::debug!("error: {e}");
                                 }
                             }
+                            api::Service::Command => {
+                                if let Err(e) = command::backend::Server::accept(stream) {
+                                    crate::debug!("error: {e}");
+                                }
+                            }
                             api::Service::Ftp => {
                                 if let Err(e) = ftp::backend::Server::accept(stream) {
                                     crate::error!("error: {e}");
@@ -479,6 +484,7 @@ impl io::Read for RdpReader<'_> {
     }
 }
 
+#[derive(Clone)]
 pub struct RdpWriter<'a> {
     control: RdpStreamControl<'a>,
     buffer: [u8; api::Chunk::max_payload_length()],
@@ -575,7 +581,7 @@ where
     }
 }
 
-pub(crate) fn dual_stream_copy(
+pub(crate) fn double_stream_copy(
     service_kind: api::ServiceKind,
     service: api::Service,
     rdp_stream: RdpStream<'_>,

common/src/socks5/backend.rs

@@ -35,7 +35,7 @@ impl Server {
 
                 crate::debug!("starting stream copy");
 
-                service::dual_stream_copy(SERVICE_KIND, SERVICE, stream, server)
+                service::double_stream_copy(SERVICE_KIND, SERVICE, stream, server)
             }
         }
     }
@@ -66,7 +66,7 @@ impl Server {
 
                         crate::debug!("starting stream copy");
 
-                        service::dual_stream_copy(SERVICE_KIND, SERVICE, stream, client)
+                        service::double_stream_copy(SERVICE_KIND, SERVICE, stream, client)
                     }
                 }
             }

common/src/socks5/frontend.rs

@@ -137,7 +137,7 @@ impl Client {
             return Ok(());
         }
 
-        service::dual_stream_copy(SERVICE_KIND, SERVICE, client_rdp, self.stream)
+        service::double_stream_copy(SERVICE_KIND, SERVICE, client_rdp, self.stream)
     }
 
     fn command_bind(mut self, mut client_rdp: service::RdpStream<'_>) -> Result<(), io::Error> {
@@ -159,7 +159,7 @@ impl Client {
             return Ok(());
         }
 
-        service::dual_stream_copy(SERVICE_KIND, SERVICE, client_rdp, self.stream)
+        service::double_stream_copy(SERVICE_KIND, SERVICE, client_rdp, self.stream)
     }
 
     fn start(mut self, channel: &service::Channel) -> Result<(), io::Error> {

frontend/src/lib.rs

@@ -1,5 +1,5 @@
 use common::{
-    api, clipboard, ftp,
+    api, clipboard, command, ftp,
     service::{self, Frontend},
     socks5,
 };
@@ -69,6 +69,11 @@ pub(crate) fn init() -> Result<(), Error> {
     //let timeout_clipboard = None;
     let mut server_clipboard = clipboard::frontend::Server::bind(from_tcp_clipboard)?;
 
+    let from_tcp_command =
+        net::SocketAddr::new(net::IpAddr::V4(net::Ipv4Addr::new(127, 0, 0, 1)), 3031);
+    //let timeout_command = None;
+    let mut server_command = command::frontend::Server::bind(from_tcp_command)?;
+
     let from_tcp_ftp =
         net::SocketAddr::new(net::IpAddr::V4(net::Ipv4Addr::new(127, 0, 0, 1)), 2021);
     //let timeout_ftp = None;
@@ -116,6 +121,17 @@ pub(crate) fn init() -> Result<(), Error> {
                     })
                     .unwrap();
 
+                thread::Builder::new()
+                    .name(format!("{}", api::Service::Command))
+                    .spawn_scoped(scope, || {
+                        if let Err(e) = server_command.start(&services) {
+                            common::error!("{} error: {e}", api::Service::Command);
+                        } else {
+                            common::debug!("{} terminated", api::Service::Command);
+                        }
+                    })
+                    .unwrap();
+
                 thread::Builder::new()
                     .name(format!("{}", api::Service::Ftp))
                     .spawn_scoped(scope, || {

standalone/src/bin/standalone.rs

@@ -1,17 +1,20 @@
 use common::{
-    api, clipboard, ftp,
+    api, clipboard, command, ftp,
     service::{self, Frontend},
     socks5,
 };
 use std::{net, thread};
 
 const CHANNEL_SIZE: usize = 256;
 
+#[allow(clippy::too_many_lines)]
 fn main() {
     common::init_logs().expect("failed to initialize log");
 
     let from_tcp_clipboard =
         net::SocketAddr::new(net::IpAddr::V4(net::Ipv4Addr::new(127, 0, 0, 1)), 3032);
+    let from_tcp_command =
+        net::SocketAddr::new(net::IpAddr::V4(net::Ipv4Addr::new(127, 0, 0, 1)), 3031);
     let from_tcp_ftp =
         net::SocketAddr::new(net::IpAddr::V4(net::Ipv4Addr::new(127, 0, 0, 1)), 2021);
     let from_tcp_socks5 =
@@ -26,6 +29,14 @@ fn main() {
         Ok(frontend_server) => frontend_server,
     };
 
+    let mut frontend_server_command = match command::frontend::Server::bind(from_tcp_command) {
+        Err(e) => {
+            common::error!("failed to bind to {from_tcp_command}: {e}");
+            return;
+        }
+        Ok(frontend_server) => frontend_server,
+    };
+
     let mut frontend_server_ftp = match ftp::frontend::Server::bind(from_tcp_ftp) {
         Err(e) => {
             common::error!("failed to bind to {from_tcp_ftp}: {e}");
@@ -88,6 +99,17 @@ fn main() {
             })
             .unwrap();
 
+        thread::Builder::new()
+            .name(format!("frontend {}", api::Service::Command))
+            .spawn_scoped(scope, || {
+                if let Err(e) = frontend_server_command.start(&frontend_channel) {
+                    common::error!("error: {e}");
+                } else {
+                    common::debug!("stopped");
+                }
+            })
+            .unwrap();
+
         thread::Builder::new()
             .name(format!("frontend {}", api::Service::Ftp))
             .spawn_scoped(scope, || {