[feat] add Windows secure desktop remote unlock support for locked sessions, refs #77

This commit is contained in:
dijunkun
2026-04-21 04:10:08 +08:00
parent e4dfb61509
commit ffa94986d5
17 changed files with 4712 additions and 40 deletions
@@ -51,6 +51,22 @@ struct TranslationRow {
X(release_mouse, u8"释放", "Release", u8"Освободить") \
X(audio_capture, u8"声音", "Audio", u8"Звук") \
X(mute, u8" 静音", " Mute", u8"Без звука") \
X(send_sas, u8"发送SAS", "Send SAS", u8"Отправить SAS") \
X(remote_password_box_visible, u8"远端密码框已出现", \
"Remote password box visible", u8"Окно ввода пароля видно") \
X(remote_lock_screen_hint, u8"远端处于锁屏封面,可发送SAS", \
"Remote lock screen visible, send SAS", \
u8"Видна блокировка, отправьте SAS") \
X(remote_secure_desktop_active, u8"远端已进入安全桌面", \
"Remote secure desktop active", \
u8"Активен защищенный рабочий стол") \
X(remote_service_unavailable, u8"远端Windows服务不可用", \
"Remote Windows service unavailable", \
u8"Служба Windows на удаленной стороне недоступна") \
X(remote_unlock_requires_secure_desktop, \
u8"当前仍需要安全桌面专用采集/输入", \
"Secure desktop capture/input is still required", \
u8"По-прежнему нужен отдельный захват/ввод для защищенного рабочего стола") \
X(settings, u8"设置", "Settings", u8"Настройки") \
X(language, u8"语言:", "Language:", u8"Язык:") \
X(video_quality, u8"视频质量:", "Video Quality:", u8"Качество видео:") \
+200
View File
@@ -28,6 +28,10 @@
#include "screen_capturer_factory.h"
#include "version_checker.h"
#if _WIN32
#include "interactive_state.h"
#include "service_host.h"
#endif
#if defined(__APPLE__)
#include "window_util_mac.h"
@@ -75,6 +79,68 @@ HICON LoadTrayIcon() {
return LoadIconW(nullptr, IDI_APPLICATION);
}
struct WindowsServiceInteractiveStatus {
bool available = false;
unsigned int error_code = 0;
std::string interactive_stage;
std::string error;
};
constexpr uint32_t kWindowsServiceStatusIntervalMs = 1000;
constexpr DWORD kWindowsServiceQueryTimeoutMs = 100;
constexpr DWORD kWindowsServiceSasTimeoutMs = 500;
RemoteAction BuildWindowsServiceStatusAction(
const WindowsServiceInteractiveStatus& status) {
RemoteAction action{};
action.type = ControlType::service_status;
action.ss.available = status.available;
std::strncpy(action.ss.interactive_stage, status.interactive_stage.c_str(),
sizeof(action.ss.interactive_stage) - 1);
action.ss.interactive_stage[sizeof(action.ss.interactive_stage) - 1] =
'\0';
return action;
}
bool QueryWindowsServiceInteractiveStatus(
WindowsServiceInteractiveStatus* status) {
if (status == nullptr) {
return false;
}
*status = WindowsServiceInteractiveStatus{};
const std::string response =
QueryCrossDeskService("status", kWindowsServiceQueryTimeoutMs);
auto json = nlohmann::json::parse(response, nullptr, false);
if (json.is_discarded() || !json.is_object()) {
status->error = "invalid_service_status_json";
return false;
}
status->available = json.value("ok", false);
if (!status->available) {
status->error = json.value("error", std::string("service_unavailable"));
status->error_code = json.value("code", 0u);
return true;
}
status->interactive_stage = json.value("interactive_stage", std::string());
if (ShouldNormalizeUnlockToUserDesktop(
json.value("interactive_lock_screen_visible", false),
status->interactive_stage, json.value("session_locked", false),
json.value("interactive_logon_ui_visible", false),
json.value("interactive_secure_desktop_active",
json.value("secure_desktop_active", false)),
json.value("credential_ui_visible", false),
json.value("password_box_visible", false),
json.value("unlock_ui_visible", false),
json.value("last_session_event", std::string()))) {
status->interactive_stage = "user-desktop";
}
return true;
}
#endif
#if defined(__linux__) && !defined(__APPLE__)
@@ -1746,6 +1812,7 @@ void Render::MainLoop() {
HandlePendingPresenceProbe();
HandleStreamWindow();
HandleServerWindow();
HandleWindowsServiceIntegration();
DrawMainWindow();
if (stream_window_inited_) {
@@ -1772,6 +1839,139 @@ void Render::UpdateLabels() {
}
}
void Render::ResetRemoteServiceStatus(SubStreamWindowProperties& props) {
props.remote_service_status_received_ = false;
props.remote_service_available_ = false;
props.remote_interactive_stage_.clear();
}
void Render::ApplyRemoteServiceStatus(SubStreamWindowProperties& props,
const ServiceStatus& status) {
props.remote_service_status_received_ = true;
props.remote_service_available_ = status.available;
props.remote_interactive_stage_ = status.interactive_stage;
}
Render::RemoteUnlockState Render::GetRemoteUnlockState(
const SubStreamWindowProperties& props) const {
if (!props.remote_service_status_received_) {
return RemoteUnlockState::none;
}
if (!props.remote_service_available_) {
return RemoteUnlockState::service_unavailable;
}
if (props.remote_interactive_stage_ == "credential-ui") {
return RemoteUnlockState::credential_ui;
}
if (props.remote_interactive_stage_ == "lock-screen") {
return RemoteUnlockState::lock_screen;
}
if (props.remote_interactive_stage_ == "secure-desktop") {
return RemoteUnlockState::secure_desktop;
}
return RemoteUnlockState::none;
}
void Render::HandleWindowsServiceIntegration() {
#if _WIN32
static bool last_logged_service_available = true;
static unsigned int last_logged_service_error_code = 0;
static std::string last_logged_service_error;
if (!is_server_mode_ || peer_ == nullptr) {
ResetLocalWindowsServiceState(true);
return;
}
const bool has_connected_remote = std::any_of(
connection_status_.begin(), connection_status_.end(),
[](const auto& entry) {
return entry.second == ConnectionStatus::Connected;
});
if (!has_connected_remote) {
ResetLocalWindowsServiceState(false);
return;
}
bool force_broadcast = false;
if (pending_windows_service_sas_.exchange(false,
std::memory_order_relaxed)) {
const std::string response =
QueryCrossDeskService("sas", kWindowsServiceSasTimeoutMs);
auto json = nlohmann::json::parse(response, nullptr, false);
if (json.is_discarded() || !json.value("ok", false)) {
LOG_WARN("Remote SAS request failed: {}", response);
} else {
LOG_INFO("Remote SAS request forwarded to local Windows service");
}
last_windows_service_status_tick_ = 0;
force_broadcast = true;
}
const uint32_t now = static_cast<uint32_t>(SDL_GetTicks());
if (!force_broadcast && last_windows_service_status_tick_ != 0 &&
now - last_windows_service_status_tick_ <
kWindowsServiceStatusIntervalMs) {
return;
}
last_windows_service_status_tick_ = now;
WindowsServiceInteractiveStatus status;
const bool status_ok = QueryWindowsServiceInteractiveStatus(&status);
local_service_status_received_ = status_ok;
local_service_available_ = status.available;
local_interactive_stage_ = status.available ? status.interactive_stage : "";
if (status_ok) {
const bool availability_changed =
status.available != last_logged_service_available;
const bool error_changed =
!status.available &&
(status.error != last_logged_service_error ||
status.error_code != last_logged_service_error_code);
if (availability_changed || error_changed) {
if (status.available) {
LOG_INFO("Local Windows service available for secure desktop integration");
} else {
LOG_WARN(
"Local Windows service unavailable, secure desktop integration disabled: error={}, code={}",
status.error, status.error_code);
}
last_logged_service_available = status.available;
last_logged_service_error = status.error;
last_logged_service_error_code = status.error_code;
}
} else if (last_logged_service_available ||
last_logged_service_error != "invalid_service_status_json") {
LOG_WARN(
"Local Windows service status query failed, secure desktop integration disabled");
last_logged_service_available = false;
last_logged_service_error = "invalid_service_status_json";
last_logged_service_error_code = 0;
}
RemoteAction remote_action = BuildWindowsServiceStatusAction(status);
std::string msg = remote_action.to_json();
int ret = SendReliableDataFrame(peer_, msg.data(), msg.size(),
control_data_label_.c_str());
if (ret != 0) {
LOG_WARN("Broadcast Windows service status failed, ret={}", ret);
}
#endif
}
#if _WIN32
void Render::ResetLocalWindowsServiceState(bool clear_pending_sas) {
last_windows_service_status_tick_ = 0;
if (clear_pending_sas) {
pending_windows_service_sas_.store(false, std::memory_order_relaxed);
}
local_service_status_received_ = false;
local_service_available_ = false;
local_interactive_stage_.clear();
}
#endif
void Render::HandleRecentConnections() {
if (reload_recent_connections_ && main_renderer_) {
uint32_t now_time = SDL_GetTicks();
+30
View File
@@ -44,6 +44,14 @@
namespace crossdesk {
class Render {
public:
enum class RemoteUnlockState {
none,
service_unavailable,
lock_screen,
credential_ui,
secure_desktop,
};
struct FileTransferState {
std::atomic<bool> file_sending_ = false;
std::atomic<uint64_t> file_sent_bytes_ = 0;
@@ -159,6 +167,9 @@ class Render {
std::string mouse_control_button_label_ = "Mouse Control";
std::string audio_capture_button_label_ = "Audio Capture";
std::string remote_host_name_ = "";
bool remote_service_status_received_ = false;
bool remote_service_available_ = false;
std::string remote_interactive_stage_ = "";
std::vector<DisplayInfo> display_info_list_;
SDL_Texture* stream_texture_ = nullptr;
uint8_t* argb_buffer_ = nullptr;
@@ -271,6 +282,13 @@ class Render {
std::shared_ptr<SubStreamWindowProperties>& props);
void DrawReceivingScreenText(
std::shared_ptr<SubStreamWindowProperties>& props);
void DrawRemoteUnlockStateText(
std::shared_ptr<SubStreamWindowProperties>& props);
void ResetRemoteServiceStatus(SubStreamWindowProperties& props);
void ApplyRemoteServiceStatus(SubStreamWindowProperties& props,
const ServiceStatus& status);
RemoteUnlockState GetRemoteUnlockState(
const SubStreamWindowProperties& props) const;
#ifdef __APPLE__
int RequestPermissionWindow();
bool CheckScreenRecordingPermission();
@@ -359,6 +377,10 @@ class Render {
int AudioDeviceInit();
int AudioDeviceDestroy();
void HandleWindowsServiceIntegration();
#if _WIN32
void ResetLocalWindowsServiceState(bool clear_pending_sas);
#endif
private:
struct CDCache {
@@ -515,6 +537,14 @@ class Render {
SDL_Event last_mouse_event;
SDL_AudioStream* output_stream_;
uint32_t STREAM_REFRESH_EVENT = 0;
#if _WIN32
std::atomic<bool> pending_windows_service_sas_{false};
bool local_service_status_received_ = false;
bool local_service_available_ = false;
std::string local_interactive_stage_;
uint32_t last_local_secure_input_block_log_tick_ = 0;
uint32_t last_windows_service_status_tick_ = 0;
#endif
// stream window render
SDL_Window* stream_window_ = nullptr;
+131 -6
View File
@@ -17,11 +17,63 @@
#include "platform.h"
#include "rd_log.h"
#include "render.h"
#if _WIN32
#include "interactive_state.h"
#include "service_host.h"
#endif
#define NV12_BUFFER_SIZE 1280 * 720 * 3 / 2
namespace crossdesk {
namespace {
#if _WIN32
constexpr uint32_t kSecureDesktopInputLogIntervalMs = 2000;
bool BuildAbsoluteMousePosition(const std::vector<DisplayInfo>& displays,
int display_index, float normalized_x,
float normalized_y, int* absolute_x_out,
int* absolute_y_out) {
if (absolute_x_out == nullptr || absolute_y_out == nullptr ||
display_index < 0 ||
display_index >= static_cast<int>(displays.size())) {
return false;
}
const DisplayInfo& display = displays[display_index];
if (display.width <= 0 || display.height <= 0) {
return false;
}
const float clamped_x = std::clamp(normalized_x, 0.0f, 1.0f);
const float clamped_y = std::clamp(normalized_y, 0.0f, 1.0f);
*absolute_x_out = static_cast<int>(clamped_x * display.width) + display.left;
*absolute_y_out = static_cast<int>(clamped_y * display.height) + display.top;
return true;
}
void LogSecureDesktopInputBlocked(uint32_t* last_tick, const char* side,
const char* stage) {
if (last_tick == nullptr) {
return;
}
const uint32_t now = static_cast<uint32_t>(SDL_GetTicks());
if (*last_tick != 0 && now - *last_tick < kSecureDesktopInputLogIntervalMs) {
return;
}
*last_tick = now;
LOG_WARN(
"{} secure-desktop input blocked, stage={}, normal SendInput path "
"cannot drive the Windows password UI",
side != nullptr ? side : "unknown", stage != nullptr ? stage : "");
}
#endif
} // namespace
void Render::OnSignalMessageCb(const char* message, size_t size,
void* user_data) {
Render* render = (Render*)user_data;
@@ -709,16 +761,31 @@ void Render::OnReceiveDataBufferCb(const char* data, size_t size,
}
std::string json_str(data, size);
RemoteAction remote_action;
try {
remote_action.from_json(json_str);
} catch (const std::exception& e) {
LOG_ERROR("Failed to parse RemoteAction JSON: {}", e.what());
RemoteAction remote_action{};
if (!remote_action.from_json(json_str)) {
LOG_ERROR("Failed to parse RemoteAction JSON payload");
return;
}
std::string remote_id(user_id, user_id_size);
if (remote_action.type == ControlType::service_status) {
auto props_it = render->client_properties_.find(remote_id);
if (props_it != render->client_properties_.end()) {
render->ApplyRemoteServiceStatus(*props_it->second, remote_action.ss);
}
return;
}
if (remote_action.type == ControlType::service_command) {
#if _WIN32
if (remote_action.c.flag == ServiceCommandFlag::send_sas) {
render->pending_windows_service_sas_.store(true,
std::memory_order_relaxed);
}
#endif
return;
}
// std::shared_lock lock(render->client_properties_mutex_);
if (remote_action.type == ControlType::host_infomation) {
if (render->client_properties_.find(remote_id) !=
@@ -748,6 +815,59 @@ void Render::OnReceiveDataBufferCb(const char* data, size_t size,
}
} else {
// remote
#if _WIN32
if (render->local_service_status_received_ &&
render->local_service_available_ &&
IsSecureDesktopInteractionRequired(render->local_interactive_stage_)) {
if (remote_action.type == ControlType::mouse) {
int absolute_x = 0;
int absolute_y = 0;
if (!BuildAbsoluteMousePosition(render->display_info_list_,
render->selected_display_,
remote_action.m.x, remote_action.m.y,
&absolute_x, &absolute_y)) {
LOG_WARN(
"Secure desktop mouse injection skipped, invalid display mapping: display_index={}, x={}, y={}",
render->selected_display_, remote_action.m.x,
remote_action.m.y);
return;
}
const std::string response = SendCrossDeskSecureDesktopMouseInput(
absolute_x, absolute_y, remote_action.m.s,
static_cast<int>(remote_action.m.flag), 1000);
auto json = nlohmann::json::parse(response, nullptr, false);
if (json.is_discarded() || !json.value("ok", false)) {
LogSecureDesktopInputBlocked(
&render->last_local_secure_input_block_log_tick_, "local",
render->local_interactive_stage_.c_str());
LOG_WARN(
"Secure desktop mouse injection failed, x={}, y={}, wheel={}, flag={}, response={}",
absolute_x, absolute_y, remote_action.m.s,
static_cast<int>(remote_action.m.flag), response);
}
return;
}
if (remote_action.type == ControlType::keyboard) {
const int key_code = static_cast<int>(remote_action.k.key_value);
const bool is_down = remote_action.k.flag == KeyFlag::key_down;
const std::string response =
SendCrossDeskSecureDesktopKeyInput(key_code, is_down, 1000);
auto json = nlohmann::json::parse(response, nullptr, false);
if (json.is_discarded() || !json.value("ok", false)) {
LogSecureDesktopInputBlocked(
&render->last_local_secure_input_block_log_tick_, "local",
render->local_interactive_stage_.c_str());
LOG_WARN(
"Secure desktop keyboard injection failed, key_code={}, "
"is_down={}, response={}",
key_code, is_down, response);
}
return;
}
}
#endif
if (remote_action.type == ControlType::mouse && render->mouse_controller_) {
render->mouse_controller_->SendMouseCommand(remote_action,
render->selected_display_);
@@ -841,6 +961,7 @@ void Render::OnConnectionStatusCb(ConnectionStatus status, const char* user_id,
switch (status) {
case ConnectionStatus::Connected: {
render->ResetRemoteServiceStatus(*props);
{
RemoteAction remote_action;
remote_action.i.display_num = render->display_info_list_.size();
@@ -904,6 +1025,7 @@ void Render::OnConnectionStatusCb(ConnectionStatus status, const char* user_id,
case ConnectionStatus::Closed: {
props->connection_established_ = false;
props->enable_mouse_control_ = false;
render->ResetRemoteServiceStatus(*props);
{
std::lock_guard<std::mutex> lock(props->video_frame_mutex_);
@@ -954,6 +1076,9 @@ void Render::OnConnectionStatusCb(ConnectionStatus status, const char* user_id,
switch (status) {
case ConnectionStatus::Connected: {
#if _WIN32
render->last_windows_service_status_tick_ = 0;
#endif
{
RemoteAction remote_action;
remote_action.i.display_num = render->display_info_list_.size();
+88
View File
@@ -193,6 +193,94 @@ int Render::ControlBar(std::shared_ptr<SubStreamWindowProperties>& props) {
text_pos, IM_COL32(0, 0, 0, 255),
std::to_string(props->selected_display_ + 1).c_str());
if (props->remote_service_status_received_) {
ImGui::SameLine();
const RemoteUnlockState unlock_state = GetRemoteUnlockState(*props);
bool sas_button_style_pushed = false;
switch (unlock_state) {
case RemoteUnlockState::service_unavailable:
ImGui::PushStyleColor(ImGuiCol_Button,
ImVec4(185 / 255.0f, 28 / 255.0f,
28 / 255.0f, 1.0f));
sas_button_style_pushed = true;
break;
case RemoteUnlockState::credential_ui:
ImGui::PushStyleColor(ImGuiCol_Button,
ImVec4(22 / 255.0f, 163 / 255.0f,
74 / 255.0f, 1.0f));
sas_button_style_pushed = true;
break;
case RemoteUnlockState::lock_screen:
ImGui::PushStyleColor(ImGuiCol_Button,
ImVec4(202 / 255.0f, 138 / 255.0f,
4 / 255.0f, 1.0f));
sas_button_style_pushed = true;
break;
default:
break;
}
const bool can_send_sas =
props->connection_status_ == ConnectionStatus::Connected &&
props->peer_ != nullptr && props->remote_service_available_;
if (!can_send_sas) {
ImGui::BeginDisabled();
}
std::string sas_button = ICON_FA_UNLOCK_KEYHOLE;
ImGui::SetWindowFontScale(0.5f);
if (ImGui::Button(sas_button.c_str(),
ImVec2(button_width, button_height))) {
RemoteAction remote_action{};
remote_action.type = ControlType::service_command;
remote_action.c.flag = ServiceCommandFlag::send_sas;
std::string msg = remote_action.to_json();
SendReliableDataFrame(props->peer_, msg.c_str(), msg.size(),
props->control_data_label_.c_str());
}
if (!can_send_sas) {
ImGui::EndDisabled();
}
if (ImGui::IsItemHovered()) {
std::string tooltip = localization::send_sas[localization_language_index_];
switch (unlock_state) {
case RemoteUnlockState::service_unavailable:
tooltip = localization::remote_service_unavailable
[localization_language_index_];
break;
case RemoteUnlockState::credential_ui:
tooltip = localization::remote_password_box_visible
[localization_language_index_] +
"\n" +
localization::remote_unlock_requires_secure_desktop
[localization_language_index_];
break;
case RemoteUnlockState::lock_screen:
tooltip = localization::remote_lock_screen_hint
[localization_language_index_];
break;
case RemoteUnlockState::secure_desktop:
tooltip = localization::remote_secure_desktop_active
[localization_language_index_];
break;
default:
break;
}
ImGui::BeginTooltip();
ImGui::PushTextWrapPos(button_width * 8.0f);
ImGui::TextWrapped("%s", tooltip.c_str());
ImGui::PopTextWrapPos();
ImGui::EndTooltip();
}
if (sas_button_style_pushed) {
ImGui::PopStyleColor();
}
}
ImGui::SameLine();
float mouse_x = ImGui::GetCursorScreenPos().x;
float mouse_y = ImGui::GetCursorScreenPos().y;
+58
View File
@@ -59,6 +59,62 @@ void Render::DrawReceivingScreenText(
ImGui::TextColored(ImVec4(1.0f, 1.0f, 1.0f, 0.92f), "%s", text.c_str());
}
void Render::DrawRemoteUnlockStateText(
std::shared_ptr<SubStreamWindowProperties>& props) {
if (!props->remote_service_status_received_ ||
!props->connection_established_ ||
props->connection_status_ != ConnectionStatus::Connected) {
return;
}
const RemoteUnlockState unlock_state = GetRemoteUnlockState(*props);
std::string text;
ImU32 background_color = IM_COL32(37, 99, 235, 220);
switch (unlock_state) {
case RemoteUnlockState::service_unavailable:
text = localization::remote_service_unavailable
[localization_language_index_];
background_color = IM_COL32(185, 28, 28, 220);
break;
case RemoteUnlockState::credential_ui:
text = localization::remote_password_box_visible
[localization_language_index_];
background_color = IM_COL32(22, 163, 74, 220);
break;
case RemoteUnlockState::lock_screen:
text = localization::remote_lock_screen_hint
[localization_language_index_];
background_color = IM_COL32(202, 138, 4, 220);
break;
case RemoteUnlockState::secure_desktop:
text = localization::remote_secure_desktop_active
[localization_language_index_];
background_color = IM_COL32(147, 51, 234, 220);
break;
default:
return;
}
ImDrawList* draw_list = ImGui::GetWindowDrawList();
ImVec2 window_pos = ImGui::GetWindowPos();
ImVec2 window_size = ImGui::GetWindowSize();
ImVec2 text_size = ImGui::CalcTextSize(text.c_str());
float padding_x = title_bar_height_ * 0.45f;
float padding_y = title_bar_height_ * 0.18f;
float top_margin = fullscreen_button_pressed_ ? title_bar_height_ * 0.35f
: title_bar_height_ * 0.18f;
ImVec2 text_pos(window_pos.x + (window_size.x - text_size.x) * 0.5f,
window_pos.y + top_margin + padding_y);
ImVec2 rect_min(text_pos.x - padding_x, text_pos.y - padding_y);
ImVec2 rect_max(text_pos.x + text_size.x + padding_x,
text_pos.y + text_size.y + padding_y);
draw_list->AddRectFilled(rect_min, rect_max, background_color,
window_rounding_ * 0.9f);
draw_list->AddText(text_pos, IM_COL32(255, 255, 255, 255), text.c_str());
}
void Render::CloseTab(decltype(client_properties_)::iterator& it) {
// std::unique_lock lock(client_properties_mutex_);
if (it != client_properties_.end()) {
@@ -173,6 +229,7 @@ int Render::StreamWindow() {
FileTransferWindow(props);
DrawReceivingScreenText(props);
DrawRemoteUnlockStateText(props);
focused_remote_id_ = props->remote_id_;
@@ -275,6 +332,7 @@ int Render::StreamWindow() {
FileTransferWindow(props);
DrawReceivingScreenText(props);
DrawRemoteUnlockStateText(props);
ImGui::End();