Milestone 5: deliver embedded RDP sessions and lifecycle hardening

third_party/FreeRDP/winpr/tools/CMakeLists.txt

@@ -0,0 +1,154 @@
+# WinPR: Windows Portable Runtime
+# winpr cmake build script
+#
+# Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+# Copyright 2016  Thincast Technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Soname versioning - use winpr version
+set(WINPR_TOOLS_VERSION_MAJOR "${WINPR_VERSION_MAJOR}")
+set(WINPR_TOOLS_VERSION_MINOR "${WINPR_VERSION_MINOR}")
+set(WINPR_TOOLS_VERSION_REVISION "${WINPR_VERSION_REVISION}")
+
+set(WINPR_TOOLS_API_VERSION "${WINPR_TOOLS_VERSION_MAJOR}")
+set(WINPR_TOOLS_VERSION "${WINPR_TOOLS_VERSION_MAJOR}.${WINPR_TOOLS_VERSION_MINOR}.${WINPR_TOOLS_VERSION_REVISION}")
+set(WINPR_TOOLS_VERSION_FULL "${WINPR_TOOLS_VERSION}")
+set(WINPR_TOOLS_API_VERSION "${WINPR_TOOLS_VERSION_MAJOR}")
+
+set(WINPR_TOOLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+set(WINPR_TOOLS_SRCS "")
+set(WINPR_TOOLS_LIBS "")
+set(WINPR_TOOLS_INCLUDES "")
+set(WINPR_TOOLS_DEFINITIONS "")
+
+macro(winpr_tools_module_add)
+  file(RELATIVE_PATH _relPath "${WINPR_TOOLS_DIR}" "${CMAKE_CURRENT_SOURCE_DIR}")
+  foreach(_src ${ARGN})
+    if(_relPath)
+      list(APPEND WINPR_TOOLS_SRCS "${_relPath}/${_src}")
+    else()
+      list(APPEND WINPR_TOOLS_SRCS "${_src}")
+    endif()
+  endforeach()
+  if(_relPath)
+    set(WINPR_TOOLS_SRCS ${WINPR_TOOLS_SRCS} PARENT_SCOPE)
+  endif()
+endmacro()
+
+macro(winpr_tools_include_directory_add)
+  file(RELATIVE_PATH _relPath "${WINPR_TOOLS_DIR}" "${CMAKE_CURRENT_SOURCE_DIR}")
+  foreach(_inc ${ARGN})
+    if(IS_ABSOLUTE ${_inc})
+      list(APPEND WINPR_TOOLS_INCLUDES "${_inc}")
+    else()
+      if(_relPath)
+        list(APPEND WINPR_TOOLS_INCLUDES "${_relPath}/${_inc}")
+      else()
+        list(APPEND WINPR_TOOLS_INCLUDES "${_inc}")
+      endif()
+    endif()
+  endforeach()
+  if(_relPath)
+    set(WINPR_TOOLS_INCLUDES ${WINPR_TOOLS_INCLUDES} PARENT_SCOPE)
+  endif()
+endmacro()
+
+macro(winpr_tools_library_add)
+  foreach(_lib ${ARGN})
+    list(APPEND WINPR_TOOLS_LIBS "${_lib}")
+  endforeach()
+  set(WINPR_TOOLS_LIBS ${WINPR_TOOLS_LIBS} PARENT_SCOPE)
+endmacro()
+
+macro(winpr_tools_definition_add)
+  foreach(_define ${ARGN})
+    list(APPEND WINPR_TOOLS_DEFINITONS "${_define}")
+  endforeach()
+  set(WINPR_TOOLS_DEFINITONS ${WINPR_TOOLS_DEFINITONS} PARENT_SCOPE)
+endmacro()
+
+add_subdirectory(makecert)
+
+set(MODULE_NAME winpr-tools)
+list(REMOVE_DUPLICATES WINPR_TOOLS_DEFINITIONS)
+list(REMOVE_DUPLICATES WINPR_TOOLS_INCLUDES)
+include_directories(${WINPR_TOOLS_INCLUDES})
+
+addtargetwithresourcefile(${MODULE_NAME} FALSE "${WINPR_VERSION}" WINPR_TOOLS_SRCS)
+
+add_compile_definitions(${WINPR_DEFINITIONS})
+target_include_directories(${MODULE_NAME} INTERFACE $<INSTALL_INTERFACE:include/winpr${WINPR_VERSION_MAJOR}>)
+target_link_libraries(${MODULE_NAME} PRIVATE ${WINPR_TOOLS_LIBS})
+
+installwithrpath(
+  TARGETS
+  ${MODULE_NAME}
+  COMPONENT
+  libraries
+  EXPORT
+  WinPR-toolsTargets
+  ARCHIVE
+  DESTINATION
+  ${CMAKE_INSTALL_LIBDIR}
+  LIBRARY
+  DESTINATION
+  ${CMAKE_INSTALL_LIBDIR}
+  RUNTIME
+  DESTINATION
+  ${CMAKE_INSTALL_BINDIR}
+)
+
+set_property(TARGET ${MODULE_NAME} PROPERTY FOLDER "WinPR/Tools")
+
+# Add all command line utilities
+option(WITH_WINPR_TOOLS_CLI "Build winpr-tools cli programs" ON)
+if(WITH_WINPR_TOOLS_CLI)
+  add_subdirectory(makecert-cli)
+  add_subdirectory(hash-cli)
+endif()
+
+# Do not set Requires.Private if not a static build
+if(NOT BUILD_SHARED_LIBS)
+  set(WINPR_TOOLS_PC_REQUIRES_PRIVATE "winpr${WINPR_API_VERSION} libssl")
+  set(WINPR_TOOLS_PC_LIBRARY_PRIVATE "crypto")
+endif()
+set(WINPR_TOOLS_PC_REQUIRES winpr${WINPR_API_VERSION})
+
+include(pkg-config-install-prefix)
+cleaning_configure_file(
+  ${CMAKE_CURRENT_SOURCE_DIR}/winpr-tools.pc.in ${CMAKE_CURRENT_BINARY_DIR}/winpr-tools${WINPR_TOOLS_VERSION_MAJOR}.pc
+  @ONLY
+)
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/winpr-tools${WINPR_TOOLS_VERSION_MAJOR}.pc
+        DESTINATION ${PKG_CONFIG_PC_INSTALL_DIR}
+)
+
+export(PACKAGE ${MODULE_NAME})
+
+setfreerdpcmakeinstalldir(WINPR_CMAKE_INSTALL_DIR "WinPR-tools${WINPR_VERSION_MAJOR}")
+
+configure_package_config_file(
+  WinPR-toolsConfig.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/WinPR-toolsConfig.cmake
+  INSTALL_DESTINATION ${WINPR_CMAKE_INSTALL_DIR} PATH_VARS WINPR_INCLUDE_DIR
+)
+
+write_basic_package_version_file(
+  ${CMAKE_CURRENT_BINARY_DIR}/WinPR-toolsConfigVersion.cmake VERSION ${WINPR_VERSION} COMPATIBILITY SameMajorVersion
+)
+
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/WinPR-toolsConfig.cmake
+              ${CMAKE_CURRENT_BINARY_DIR}/WinPR-toolsConfigVersion.cmake DESTINATION ${WINPR_CMAKE_INSTALL_DIR}
+)
+
+install(EXPORT WinPR-toolsTargets DESTINATION ${WINPR_CMAKE_INSTALL_DIR})

third_party/FreeRDP/winpr/tools/WinPR-toolsConfig.cmake.in

@@ -0,0 +1,12 @@
+include(CMakeFindDependencyMacro)
+find_dependency(WinPR @FREERDP_VERSION@)
+
+@PACKAGE_INIT@
+
+set(WinPR-tools_VERSION_MAJOR "@WINPR_VERSION_MAJOR@")
+set(WinPR-tools_VERSION_MINOR "@WINPR_VERSION_MINOR@")
+set(WinPR-tools_VERSION_REVISION "@WINPR_VERSION_REVISION@")
+
+set_and_check(WinPR-tools_INCLUDE_DIR "@PACKAGE_WINPR_INCLUDE_DIR@")
+
+include("${CMAKE_CURRENT_LIST_DIR}/WinPR-toolsTargets.cmake")

third_party/FreeRDP/winpr/tools/hash-cli/CMakeLists.txt

@@ -0,0 +1,41 @@
+# WinPR: Windows Portable Runtime
+# winpr-hash cmake build script
+#
+# Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set(MODULE_NAME "winpr-hash")
+set(MODULE_PREFIX "WINPR_TOOLS_HASH")
+
+set(${MODULE_PREFIX}_SRCS hash.c)
+
+addtargetwithresourcefile(${MODULE_NAME} TRUE "${WINPR_VERSION}" ${MODULE_PREFIX}_SRCS)
+
+set(${MODULE_PREFIX}_LIBS winpr)
+
+target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS})
+
+installwithrpath(
+  TARGETS
+  ${MODULE_NAME}
+  DESTINATION
+  ${CMAKE_INSTALL_BINDIR}
+  COMPONENT
+  tools
+  EXPORT
+  WinPRTargets
+)
+
+set_property(TARGET ${MODULE_NAME} PROPERTY FOLDER "WinPR/Tools")
+generate_and_install_freerdp_man_from_template(${MODULE_NAME} "1" "${WINPR_API_VERSION}")

third_party/FreeRDP/winpr/tools/hash-cli/hash.c

@@ -0,0 +1,216 @@
+/**
+ * WinPR: Windows Portable Runtime
+ * NTLM Hashing Tool
+ *
+ * Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <winpr/ntlm.h>
+#include <winpr/ssl.h>
+#include <winpr/assert.h>
+
+/**
+ * Define NTOWFv1(Password, User, Domain) as
+ * 	MD4(UNICODE(Password))
+ * EndDefine
+ *
+ * Define LMOWFv1(Password, User, Domain) as
+ * 	ConcatenationOf(DES(UpperCase(Password)[0..6], "KGS!@#$%"),
+ * 		DES(UpperCase(Password)[7..13], "KGS!@#$%"))
+ * EndDefine
+ *
+ * Define NTOWFv2(Password, User, Domain) as
+ * 	HMAC_MD5(MD4(UNICODE(Password)),
+ * 		UNICODE(ConcatenationOf(UpperCase(User), Domain)))
+ * EndDefine
+ *
+ * Define LMOWFv2(Password, User, Domain) as
+ * 	NTOWFv2(Password, User, Domain)
+ * EndDefine
+ *
+ */
+
+static int usage_and_exit(void)
+{
+	printf("winpr-hash: NTLM hashing tool\n");
+	printf("Usage: winpr-hash -u <username> -p <password> [-d <domain>] [-f <_default_,sam>] [-v "
+	       "<_1_,2>]\n");
+	return 1;
+}
+
+int main(int argc, char* argv[])
+{
+	int index = 1;
+	int format = 0;
+	unsigned long version = 1;
+	BYTE NtHash[16];
+	char* User = nullptr;
+	size_t UserLength = 0;
+	char* Domain = nullptr;
+	size_t DomainLength = 0;
+	char* Password = nullptr;
+	size_t PasswordLength = 0;
+	errno = 0;
+
+	while (index < argc)
+	{
+		if (strcmp("-d", argv[index]) == 0)
+		{
+			index++;
+
+			if (index == argc)
+			{
+				printf("missing domain\n\n");
+				return usage_and_exit();
+			}
+
+			Domain = argv[index];
+		}
+		else if (strcmp("-u", argv[index]) == 0)
+		{
+			index++;
+
+			if (index == argc)
+			{
+				printf("missing username\n\n");
+				return usage_and_exit();
+			}
+
+			User = argv[index];
+		}
+		else if (strcmp("-p", argv[index]) == 0)
+		{
+			index++;
+
+			if (index == argc)
+			{
+				printf("missing password\n\n");
+				return usage_and_exit();
+			}
+
+			Password = argv[index];
+		}
+		else if (strcmp("-v", argv[index]) == 0)
+		{
+			index++;
+
+			if (index == argc)
+			{
+				printf("missing version parameter\n\n");
+				return usage_and_exit();
+			}
+
+			version = strtoul(argv[index], nullptr, 0);
+
+			if (((version != 1) && (version != 2)) || (errno != 0))
+			{
+				printf("unknown version %lu \n\n", version);
+				return usage_and_exit();
+			}
+		}
+		else if (strcmp("-f", argv[index]) == 0)
+		{
+			index++;
+
+			if (index == argc)
+			{
+				printf("missing format\n\n");
+				return usage_and_exit();
+			}
+
+			if (strcmp("default", argv[index]) == 0)
+				format = 0;
+			else if (strcmp("sam", argv[index]) == 0)
+				format = 1;
+		}
+		else if (strcmp("-h", argv[index]) == 0)
+		{
+			return usage_and_exit();
+		}
+
+		index++;
+	}
+
+	if ((!User) || (!Password))
+	{
+		printf("missing username or password\n\n");
+		return usage_and_exit();
+	}
+	winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
+
+	UserLength = strlen(User);
+	PasswordLength = strlen(Password);
+	DomainLength = (Domain) ? strlen(Domain) : 0;
+
+	WINPR_ASSERT(UserLength <= UINT32_MAX);
+	WINPR_ASSERT(PasswordLength <= UINT32_MAX);
+	WINPR_ASSERT(DomainLength <= UINT32_MAX);
+
+	if (version == 2)
+	{
+		if (!Domain)
+		{
+			printf("missing domain (version 2 requires a domain to specified)\n\n");
+			return usage_and_exit();
+		}
+
+		if (!NTOWFv2A(Password, (UINT32)PasswordLength, User, (UINT32)UserLength, Domain,
+		              (UINT32)DomainLength, NtHash))
+		{
+			(void)fprintf(stderr, "Hash creation failed\n");
+			return 1;
+		}
+	}
+	else
+	{
+		if (!NTOWFv1A(Password, (UINT32)PasswordLength, NtHash))
+		{
+			(void)fprintf(stderr, "Hash creation failed\n");
+			return 1;
+		}
+	}
+
+	if (format == 0)
+	{
+		for (int idx = 0; idx < 16; idx++)
+			printf("%02" PRIx8 "", NtHash[idx]);
+
+		printf("\n");
+	}
+	else if (format == 1)
+	{
+		printf("%s:", User);
+
+		if (DomainLength > 0)
+			printf("%s:", Domain);
+		else
+			printf(":");
+
+		printf(":");
+
+		for (int idx = 0; idx < 16; idx++)
+			printf("%02" PRIx8 "", NtHash[idx]);
+
+		printf(":::");
+		printf("\n");
+	}
+
+	return 0;
+}

third_party/FreeRDP/winpr/tools/hash-cli/winpr-hash.1.in

@@ -0,0 +1,42 @@
+.TH @MANPAGE_NAME@ 1 2017-01-11 "@WINPR_VERSION_FULL@" "FreeRDP"
+.SH NAME
+@MANPAGE_NAME@ \- NTLM hashing tool
+.SH SYNOPSIS
+.B @MANPAGE_NAME@
+\fB-u\fP username
+\fB-p\fP password
+[\fB-d\fP domain]
+[\fB-f\fP { \fIdefault\fP | sam }]
+[\fB-v\fP { \fI1\fP | 2 }]
+.SH DESCRIPTION
+.B @MANPAGE_NAME@
+is a small utility that can be used to create a NTLM hash from a username and password pair. The created hash can be outputted as plain hash or in SAM format.
+.SH OPTIONS
+.IP "-u username"
+The username to use.
+.IP "-p password"
+Password to use.
+.IP "-d domain"
+A optional parameter to specify the domain of the user.
+.IP "-f format"
+Specify the output format. The \fIdefault\fP outputs only the plain NTLM
+hash. The second output format available is \fIsam\fP which outputs the
+created hash in a format that it can be used in SAM file:
+
+user:domain::hash:::
+.IP "-v version"
+Version allows it to specify the NTLM version to use. The default is to use version 1. In case
+version 2 is used a domain needs to be specified.
+.SH EXAMPLES
+@MANPAGE_NAME@ -u \fIuser\fP -p \fIpassword\fP -d \fIdomain\fP -f \fIsam\fP -v \fI2\fP
+
+Create a version \fI2\fP NTLM hash for \fIuser\fP with \fIdomain\fP and \fIpassword\fP and output it in \fIsam\fP format.
+.SH EXIT STATUS
+.TP
+.B 0
+Successful program execution.
+.TP
+.B 1
+Missing or invalid arguments.
+.SH AUTHOR
+FreeRDP <team@freerdp.com>

third_party/FreeRDP/winpr/tools/makecert-cli/CMakeLists.txt

@@ -0,0 +1,43 @@
+# WinPR: Windows Portable Runtime
+# winpr-makecert cmake build script
+#
+# Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+# Copyright 2016 Thincast Technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set(MODULE_NAME "winpr-makecert")
+set(MODULE_PREFIX "WINPR_MAKECERT")
+
+set(${MODULE_PREFIX}_SRCS main.c)
+
+addtargetwithresourcefile(${MODULE_NAME} TRUE "${WINPR_VERSION}" ${MODULE_PREFIX}_SRCS)
+
+set(${MODULE_PREFIX}_LIBS winpr-tools)
+
+target_link_libraries(${MODULE_NAME} ${${MODULE_PREFIX}_LIBS} winpr)
+
+set_property(TARGET ${MODULE_NAME} PROPERTY FOLDER "WinPR/Tools")
+
+installwithrpath(
+  TARGETS
+  ${MODULE_NAME}
+  DESTINATION
+  ${CMAKE_INSTALL_BINDIR}
+  COMPONENT
+  tools
+  EXPORT
+  WinPRTargets
+)
+
+generate_and_install_freerdp_man_from_template(${MODULE_NAME} "1" "${WINPR_API_VERSION}")

third_party/FreeRDP/winpr/tools/makecert-cli/main.c

@@ -0,0 +1,45 @@
+/**
+ * WinPR: Windows Portable Runtime
+ * makecert replacement
+ *
+ * Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <winpr/crt.h>
+#include <winpr/cmdline.h>
+#include <winpr/sysinfo.h>
+
+#include <winpr/tools/makecert.h>
+
+int main(int argc, char* argv[])
+{
+	MAKECERT_CONTEXT* context = nullptr;
+	int ret = 0;
+
+	context = makecert_context_new();
+	if (!context)
+		return 1;
+
+	if (makecert_context_process(context, argc, argv) < 0)
+		ret = 1;
+
+	makecert_context_free(context);
+
+	return ret;
+}

third_party/FreeRDP/winpr/tools/makecert-cli/winpr-makecert.1.in

@@ -0,0 +1,116 @@
+.de URL
+\\$2 \(laURL: \\$1 \(ra\\$3
+..
+.if \n[.g] .mso www.tmac
+.TH @MANPAGE_NAME@ 1 2017-01-11 "@WINPR_VERSION_FULL@" "FreeRDP"
+.SH NAME
+@MANPAGE_NAME@ \- A tool to create X.509 certificates.
+.SH SYNOPSIS
+.B @MANPAGE_NAME@
+[\fB-rdp\fP]
+[\fB-silent\fP]
+[\fB-live\fP]
+[\fB-format\fP { \fIcrt\fP | \fIpem\fP | \fIpfx\fP }]
+[\fB-p\fP password]
+[\fB-n\fP common_name]
+[\fB-y\fP years]
+[\fB-m\fP months]
+[\fB-len\fP length]
+[\fB-#\fP serial]
+[\fB-a\fP { \fImd5\fP | \fIsha1\fP | \fIsha256\fP | \fIs384\fP | \fIsha512\fP }]
+[\fB-path\fP outputpath] 
+[outputname]
+.SH DESCRIPTION
+.B @MANPAGE_NAME@
+is a tool for generating X.509 certificates modeled after the Windows command
+MakeCert. @MANPAGE_NAME@ aims to be command line compatible with MakeCert
+however not all options are supported or implemented yet.
+
+Unimplemented features are not described here. They are marked as "Unsupported"
+in @MANPAGE_NAME@s help.
+
+In contrast to it's Windows counterpart @MANPAGE_NAME@ does, unless the
+\fB\-live\fP option is given, always creates and save a certificate.
+If \fIoutputname\fP isn't set it is tried to determine the host name of the
+computer the command is run on.
+.br
+\fBWarning:\fP if the file already exists it will be overwritten without asking.
+
+Without further options the generated certificates have the following properties:
+
+* 2048 bit long
+.br
+* sha256 as hash algorithm
+.br
+* the detected host name is used as common name
+.br
+* a time stamp is used as serial number
+.br
+* validity period of one year
+.br
+* saved in the current working directory in crt format
+.SH OPTIONS
+.IP "-rdp"
+Dummy parameter. Can be used to quickly generate a certificate with default
+properties without specifying any further parameters.
+.IP "-silent"
+Don't print the generated certificate to stdout.
+.IP "-f format"
+Three formats are supported: crt, pem and pfx.
+.br
+\fIcrt\fP outputs the key and the certificate in a separate file each with the file
+endings .key and .crt.
+.br
+\fIpem\fP outputs the key and certificate into a single file with the file ending pem.
+.br
+And \fIpfx\fP outputs key and certificate into a  pkcs12 file with the ending .pfx.
+.IP "-p password"
+Password to use if the pfx format is used as format.
+.IP "-live"
+Don't write the key/certificate to disk. When used from the command line this
+can be thought as "dummy" mode.
+.IP "-n common_name"
+The common name to use in the certificate.
+.IP "-m months"
+Validity period in months (multiple of 31 days, not clanendar months).
+.IP "-y years"
+Validity period in years (365 days, leap years not accounted). If months and years are specified the specified
+the values are accumulated.
+.IP "-len length"
+Key length in bits to use.
+.IP "-a { \fImd5\fP | \fIsha1\fP | \fIsha256\fP | \fIs384\fP | \fIsha512\fP }"
+The hashing algorithm to use.
+.IP "-# serial"
+The serial number to use for the certificate.
+.IP "-path"
+A directory where the certificate should be created in.
+.IP "outputname"
+The base name of the created file(s). A suffix, the format specific suffix is
+appended to this name.
+.SH EXAMPLES
+@MANPAGE_NAME@ -rdp
+
+Creates a certificate with the default properties, saved to a file in the
+current working directory in crt format named like the host. If the host is
+named freerdp the created files are called freerdp.key and freerdp.crt. 
+
+
+@MANPAGE_NAME@ -len 4096 -a sha384 -path /tmp -# 22 -m 144 -y 1 -format crt mycert
+
+The command above creates the file /tmp/mycert.pem containing a key and a
+certificate with a length of 4096. It will use sha384 as hash algorithm.
+The certificate has the serial number 22 and is valid for 12 years (144 months).
+.SH EXIT STATUS
+.TP
+.B 0
+Successful program execution.
+.TP
+.B 1
+Otherwise.
+
+.SH SEE ALSO
+
+.URL  "https://msdn.microsoft.com/library/windows/desktop/aa386968.aspx" "MakeCert help page" 
+
+.SH AUTHOR
+FreeRDP <team@freerdp.com>

third_party/FreeRDP/winpr/tools/makecert/CMakeLists.txt

@@ -0,0 +1,41 @@
+# WinPR: Windows Portable Runtime
+# winpr-makecert cmake build script
+#
+# Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set(MODULE_NAME "winpr-makecert-tool")
+set(MODULE_PREFIX "WINPR_MAKECERT_TOOL")
+
+set(${MODULE_PREFIX}_SRCS makecert.c)
+
+if(OPENSSL_FOUND)
+  winpr_tools_include_directory_add(${OPENSSL_INCLUDE_DIR})
+endif()
+
+if(MBEDTLS_FOUND)
+  winpr_tools_include_directory_add(${MBEDTLS_INCLUDE_DIR})
+endif()
+
+winpr_tools_module_add(${${MODULE_PREFIX}_SRCS})
+
+if(OPENSSL_FOUND)
+  list(APPEND ${MODULE_PREFIX}_LIBS ${OPENSSL_LIBRARIES})
+endif()
+
+if(MBEDTLS_FOUND)
+  list(APPEND ${MODULE_PREFIX}_LIBS ${MBEDTLS_LIBRARIES})
+endif()
+
+winpr_tools_library_add(${${MODULE_PREFIX}_LIBS} winpr)

third_party/FreeRDP/winpr/tools/winpr-tools.pc.in

@@ -0,0 +1,15 @@
+prefix=@PKG_CONFIG_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/@CMAKE_INSTALL_LIBDIR@
+includedir=${prefix}/@WINPR_INCLUDE_DIR@
+libs=-lwinpr-tools@WINPR_TOOLS_API_VERSION@
+
+Name: WinPR
+Description: WinPR: Windows Portable Runtime
+URL: http://www.freerdp.com/
+Version: @WINPR_TOOLS_VERSION@
+Requires: @WINPR_TOOLS_PC_REQUIRES@
+Requires.private: @WINPR_TOOLS_PC_REQUIRES_PRIVATE@
+Libs: -L${libdir} ${libs}
+Libs.private: @WINPR_TOOLS_PC_LIBRARY_PRIVATE@
+Cflags: -I${includedir}