void* ssh_client_thread(void* data) {
guac_client* client = (guac_client*) data;
guac_ssh_client* ssh_client = (guac_ssh_client*) client->data;
guac_ssh_settings* settings = ssh_client->settings;
char buffer[8192];
pthread_t input_thread;
/* Init SSH base libraries */
if (guac_common_ssh_init(client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"SSH library initialization failed");
return NULL;
}
/* Set up screen recording, if requested */
if (settings->recording_path != NULL) {
guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
settings->create_recording_path);
}
/* Create terminal */
ssh_client->term = guac_terminal_create(client,
settings->font_name, settings->font_size,
settings->resolution, settings->width, settings->height,
settings->color_scheme);
/* Fail if terminal init failed */
if (ssh_client->term == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Terminal initialization failed");
return NULL;
}
/* Set up typescript, if requested */
if (settings->typescript_path != NULL) {
guac_terminal_create_typescript(ssh_client->term,
settings->typescript_path,
settings->typescript_name,
settings->create_typescript_path);
}
/* Get user and credentials */
ssh_client->user = guac_ssh_get_user(client);
/* Open SSH session */
ssh_client->session = guac_common_ssh_create_session(client,
settings->hostname, settings->port, ssh_client->user);
if (ssh_client->session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
pthread_mutex_init(&ssh_client->term_channel_lock, NULL);
/* Open channel for terminal */
ssh_client->term_channel =
libssh2_channel_open_session(ssh_client->session->session);
if (ssh_client->term_channel == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to open terminal channel.");
return NULL;
}
#ifdef ENABLE_SSH_AGENT
/* Start SSH agent forwarding, if enabled */
if (ssh_client->enable_agent) {
libssh2_session_callback_set(ssh_client->session,
LIBSSH2_CALLBACK_AUTH_AGENT, (void*) ssh_auth_agent_callback);
/* Request agent forwarding */
if (libssh2_channel_request_auth_agent(ssh_client->term_channel))
guac_client_log(client, GUAC_LOG_ERROR, "Agent forwarding request failed");
else
guac_client_log(client, GUAC_LOG_INFO, "Agent forwarding enabled.");
}
ssh_client->auth_agent = NULL;
#endif
/* Start SFTP session as well, if enabled */
if (settings->enable_sftp) {
/* Create SSH session specific for SFTP */
guac_client_log(client, GUAC_LOG_DEBUG, "Reconnecting for SFTP...");
ssh_client->sftp_session =
guac_common_ssh_create_session(client, settings->hostname,
settings->port, ssh_client->user);
if (ssh_client->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
/* Request SFTP */
ssh_client->sftp_filesystem = guac_common_ssh_create_sftp_filesystem(
ssh_client->sftp_session, "/");
/* Expose filesystem to connection owner */
guac_client_for_owner(client,
guac_common_ssh_expose_sftp_filesystem,
ssh_client->sftp_filesystem);
/* Init handlers for Guacamole-specific console codes */
ssh_client->term->upload_path_handler = guac_sftp_set_upload_path;
ssh_client->term->file_download_handler = guac_sftp_download_file;
guac_client_log(client, GUAC_LOG_DEBUG, "SFTP session initialized");
}
/* Request PTY */
if (libssh2_channel_request_pty_ex(ssh_client->term_channel, "linux", sizeof("linux")-1, NULL, 0,
ssh_client->term->term_width, ssh_client->term->term_height, 0, 0)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to allocate PTY.");
return NULL;
}
/* If a command is specified, run that instead of a shell */
if (settings->command != NULL) {
if (libssh2_channel_exec(ssh_client->term_channel, settings->command)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to execute command.");
return NULL;
}
}
/* Otherwise, request a shell */
else if (libssh2_channel_shell(ssh_client->term_channel)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to associate shell with PTY.");
return NULL;
}
/* Logged in */
guac_client_log(client, GUAC_LOG_INFO, "SSH connection successful.");
/* Start input thread */
if (pthread_create(&(input_thread), NULL, ssh_input_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start input thread");
return NULL;
}
/* Set non-blocking */
libssh2_session_set_blocking(ssh_client->session->session, 0);
/* While data available, write to terminal */
int bytes_read = 0;
for (;;) {
/* Track total amount of data read */
int total_read = 0;
pthread_mutex_lock(&(ssh_client->term_channel_lock));
/* Stop reading at EOF */
if (libssh2_channel_eof(ssh_client->term_channel)) {
pthread_mutex_unlock(&(ssh_client->term_channel_lock));
break;
}
/* Read terminal data */
bytes_read = libssh2_channel_read(ssh_client->term_channel,
buffer, sizeof(buffer));
pthread_mutex_unlock(&(ssh_client->term_channel_lock));
/* Attempt to write data received. Exit on failure. */
if (bytes_read > 0) {
int written = guac_terminal_write_stdout(ssh_client->term, buffer, bytes_read);
if (written < 0)
break;
total_read += bytes_read;
}
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
break;
#ifdef ENABLE_SSH_AGENT
/* If agent open, handle any agent packets */
if (ssh_client->auth_agent != NULL) {
bytes_read = ssh_auth_agent_read(ssh_client->auth_agent);
if (bytes_read > 0)
total_read += bytes_read;
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
ssh_client->auth_agent = NULL;
}
#endif
/* Wait for more data if reads turn up empty */
if (total_read == 0) {
fd_set fds;
struct timeval timeout;
FD_ZERO(&fds);
FD_SET(ssh_client->session->fd, &fds);
/* Wait for one second */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
if (select(ssh_client->session->fd + 1, &fds,
NULL, NULL, &timeout) < 0)
break;
}
}
/* Kill client and Wait for input thread to die */
guac_client_stop(client);
pthread_join(input_thread, NULL);
pthread_mutex_destroy(&ssh_client->term_channel_lock);
guac_client_log(client, GUAC_LOG_INFO, "SSH connection ended.");
return NULL;
}
void* guac_vnc_client_thread(void* data) {
guac_client* client = (guac_client*) data;
guac_vnc_client* vnc_client = (guac_vnc_client*) client->data;
guac_vnc_settings* settings = vnc_client->settings;
/* Configure clipboard encoding */
if (guac_vnc_set_clipboard_encoding(client, settings->clipboard_encoding)) {
guac_client_log(client, GUAC_LOG_INFO, "Using non-standard VNC "
"clipboard encoding: '%s'.", settings->clipboard_encoding);
}
/* Ensure connection is kept alive during lengthy connects */
guac_socket_require_keep_alive(client->socket);
/* Set up libvncclient logging */
rfbClientLog = guac_vnc_client_log_info;
rfbClientErr = guac_vnc_client_log_error;
/* Attempt connection */
rfbClient* rfb_client = guac_vnc_get_client(client);
int retries_remaining = settings->retries;
/* If unsuccessful, retry as many times as specified */
while (!rfb_client && retries_remaining > 0) {
guac_client_log(client, GUAC_LOG_INFO,
"Connect failed. Waiting %ims before retrying...",
GUAC_VNC_CONNECT_INTERVAL);
/* Wait for given interval then retry */
guac_timestamp_msleep(GUAC_VNC_CONNECT_INTERVAL);
rfb_client = guac_vnc_get_client(client);
retries_remaining--;
}
/* If the final connect attempt fails, return error */
if (!rfb_client) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_NOT_FOUND,
"Unable to connect to VNC server.");
return NULL;
}
#ifdef ENABLE_PULSE
/* If audio is enabled, start streaming via PulseAudio */
if (settings->audio_enabled)
vnc_client->audio = guac_pa_stream_alloc(client,
settings->pa_servername);
#endif
#ifdef ENABLE_COMMON_SSH
guac_common_ssh_init(client);
/* Connect via SSH if SFTP is enabled */
if (settings->enable_sftp) {
/* Abort if username is missing */
if (settings->sftp_username == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"SFTP username is required if SFTP is enabled.");
return NULL;
}
guac_client_log(client, GUAC_LOG_DEBUG,
"Connecting via SSH for SFTP filesystem access.");
vnc_client->sftp_user =
guac_common_ssh_create_user(settings->sftp_username);
/* Import private key, if given */
if (settings->sftp_private_key != NULL) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with private key.");
/* Abort if private key cannot be read */
if (guac_common_ssh_user_import_key(vnc_client->sftp_user,
settings->sftp_private_key,
settings->sftp_passphrase)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Private key unreadable.");
return NULL;
}
}
/* Otherwise, use specified password */
else {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with password.");
guac_common_ssh_user_set_password(vnc_client->sftp_user,
settings->sftp_password);
}
/* Attempt SSH connection */
vnc_client->sftp_session =
guac_common_ssh_create_session(client, settings->sftp_hostname,
settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval);
/* Fail if SSH connection does not succeed */
if (vnc_client->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
/* Load filesystem */
vnc_client->sftp_filesystem =
guac_common_ssh_create_sftp_filesystem(vnc_client->sftp_session,
settings->sftp_root_directory, NULL);
/* Expose filesystem to connection owner */
guac_client_for_owner(client,
guac_common_ssh_expose_sftp_filesystem,
vnc_client->sftp_filesystem);
/* Abort if SFTP connection fails */
if (vnc_client->sftp_filesystem == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"SFTP connection failed.");
return NULL;
}
/* Configure destination for basic uploads, if specified */
if (settings->sftp_directory != NULL)
guac_common_ssh_sftp_set_upload_path(
vnc_client->sftp_filesystem,
settings->sftp_directory);
guac_client_log(client, GUAC_LOG_DEBUG,
"SFTP connection succeeded.");
}
#endif
/* Set remaining client data */
vnc_client->rfb_client = rfb_client;
/* Set up screen recording, if requested */
if (settings->recording_path != NULL) {
guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
settings->create_recording_path);
}
/* Send name */
guac_protocol_send_name(client->socket, rfb_client->desktopName);
/* Create display */
vnc_client->display = guac_common_display_alloc(client,
rfb_client->width, rfb_client->height);
/* If not read-only, set an appropriate cursor */
if (settings->read_only == 0) {
if (settings->remote_cursor)
guac_common_cursor_set_dot(vnc_client->display->cursor);
else
guac_common_cursor_set_pointer(vnc_client->display->cursor);
}
guac_socket_flush(client->socket);
guac_timestamp last_frame_end = guac_timestamp_current();
/* Handle messages from VNC server while client is running */
while (client->state == GUAC_CLIENT_RUNNING) {
/* Wait for start of frame */
int wait_result = guac_vnc_wait_for_messages(rfb_client,
GUAC_VNC_FRAME_START_TIMEOUT);
if (wait_result > 0) {
int processing_lag = guac_client_get_processing_lag(client);
guac_timestamp frame_start = guac_timestamp_current();
/* Read server messages until frame is built */
do {
guac_timestamp frame_end;
int frame_remaining;
/* Handle any message received */
if (!HandleRFBServerMessage(rfb_client)) {
guac_client_abort(client,
GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Error handling message from VNC server.");
break;
}
/* Calculate time remaining in frame */
frame_end = guac_timestamp_current();
frame_remaining = frame_start + GUAC_VNC_FRAME_DURATION
- frame_end;
/* Calculate time that client needs to catch up */
int time_elapsed = frame_end - last_frame_end;
int required_wait = processing_lag - time_elapsed;
/* Increase the duration of this frame if client is lagging */
if (required_wait > GUAC_VNC_FRAME_TIMEOUT)
wait_result = guac_vnc_wait_for_messages(rfb_client,
required_wait*1000);
/* Wait again if frame remaining */
else if (frame_remaining > 0)
wait_result = guac_vnc_wait_for_messages(rfb_client,
GUAC_VNC_FRAME_TIMEOUT*1000);
else
break;
} while (wait_result > 0);
/* Record end of frame, excluding server-side rendering time (we
* assume server-side rendering time will be consistent between any
* two subsequent frames, and that this time should thus be
* excluded from the required wait period of the next frame). */
last_frame_end = frame_start;
}
/* If an error occurs, log it and fail */
if (wait_result < 0)
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Connection closed.");
/* Flush frame */
guac_common_surface_flush(vnc_client->display->default_surface);
guac_client_end_frame(client);
guac_socket_flush(client->socket);
}
/* Kill client and finish connection */
guac_client_stop(client);
guac_client_log(client, GUAC_LOG_INFO, "Internal VNC client disconnected");
return NULL;
}
void* guac_rdp_client_thread(void* data) {
guac_client* client = (guac_client*) data;
guac_rdp_client* rdp_client = (guac_rdp_client*) client->data;
guac_rdp_settings* settings = rdp_client->settings;
/* If audio enabled, choose an encoder */
if (settings->audio_enabled) {
rdp_client->audio = guac_audio_stream_alloc(client, NULL,
GUAC_RDP_AUDIO_RATE,
GUAC_RDP_AUDIO_CHANNELS,
GUAC_RDP_AUDIO_BPS);
/* Warn if no audio encoding is available */
if (rdp_client->audio == NULL)
guac_client_log(client, GUAC_LOG_INFO,
"No available audio encoding. Sound disabled.");
} /* end if audio enabled */
/* Load filesystem if drive enabled */
if (settings->drive_enabled) {
/* Allocate actual emulated filesystem */
rdp_client->filesystem =
guac_rdp_fs_alloc(client, settings->drive_path,
settings->create_drive_path);
/* Expose filesystem to owner */
guac_client_for_owner(client, guac_rdp_fs_expose,
rdp_client->filesystem);
}
#ifdef ENABLE_COMMON_SSH
/* Connect via SSH if SFTP is enabled */
if (settings->enable_sftp) {
/* Abort if username is missing */
if (settings->sftp_username == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"A username or SFTP-specific username is required if "
"SFTP is enabled.");
return NULL;
}
guac_client_log(client, GUAC_LOG_DEBUG,
"Connecting via SSH for SFTP filesystem access.");
rdp_client->sftp_user =
guac_common_ssh_create_user(settings->sftp_username);
/* Import private key, if given */
if (settings->sftp_private_key != NULL) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with private key.");
/* Abort if private key cannot be read */
if (guac_common_ssh_user_import_key(rdp_client->sftp_user,
settings->sftp_private_key,
settings->sftp_passphrase)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Private key unreadable.");
return NULL;
}
}
/* Otherwise, use specified password */
else {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with password.");
guac_common_ssh_user_set_password(rdp_client->sftp_user,
settings->sftp_password);
}
/* Attempt SSH connection */
rdp_client->sftp_session =
guac_common_ssh_create_session(client, settings->sftp_hostname,
settings->sftp_port, rdp_client->sftp_user, settings->sftp_server_alive_interval,
settings->sftp_host_key);
/* Fail if SSH connection does not succeed */
if (rdp_client->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
/* Load and expose filesystem */
rdp_client->sftp_filesystem =
guac_common_ssh_create_sftp_filesystem(rdp_client->sftp_session,
settings->sftp_root_directory, NULL);
/* Expose filesystem to connection owner */
guac_client_for_owner(client,
guac_common_ssh_expose_sftp_filesystem,
rdp_client->sftp_filesystem);
/* Abort if SFTP connection fails */
if (rdp_client->sftp_filesystem == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_UNAVAILABLE,
"SFTP connection failed.");
return NULL;
}
guac_client_log(client, GUAC_LOG_DEBUG,
"SFTP connection succeeded.");
}
#endif
/* Continue handling connections until error or client disconnect */
while (client->state == GUAC_CLIENT_RUNNING) {
if (guac_rdp_handle_connection(client))
break;
}
return NULL;
}
