/** * Handles a user's entire connection and socket lifecycle. * * @param data * A pointer to a guacd_user_thread_params structure describing the user's * associated file descriptor, whether that user is the connection owner * (the first person to join), as well as the process associated with the * connection being joined. * * @return * Always NULL. */ static void* guacd_user_thread(void* data) { guacd_user_thread_params* params = (guacd_user_thread_params*) data; guacd_proc* proc = params->proc; guac_client* client = proc->client; /* Get guac_socket for user's file descriptor */ guac_socket* socket = guac_socket_open(params->fd); if (socket == NULL) return NULL; /* Create skeleton user */ guac_user* user = guac_user_alloc(); user->socket = socket; user->client = client; user->owner = params->owner; /* Handle user connection from handshake until disconnect/completion */ guac_user_handle_connection(user, GUACD_USEC_TIMEOUT); /* Stop client and prevent future users if all users are disconnected */ if (client->connected_users == 0) { guacd_log(GUAC_LOG_INFO, "Last user of connection \"%s\" disconnected", client->connection_id); guacd_proc_stop(proc); } /* Clean up */ guac_socket_free(socket); guac_user_free(user); free(params); return NULL; }
void guacd_log_handshake_failure() { if (guac_error == GUAC_STATUS_CLOSED) guacd_log(GUAC_LOG_INFO, "Guacamole connection closed during handshake"); else if (guac_error == GUAC_STATUS_PROTOCOL_ERROR) guacd_log(GUAC_LOG_ERROR, "Guacamole protocol violation. Perhaps the version of " "guacamole-client is incompatible with this version of " "guacd?"); else guacd_log(GUAC_LOG_WARNING, "Guacamole handshake failed: %s", guac_status_string(guac_error)); }
void guacd_log_guac_error(guac_client_log_level level, const char* message) { if (guac_error != GUAC_STATUS_SUCCESS) { /* If error message provided, include in log */ if (guac_error_message != NULL) guacd_log(level, "%s: %s", message, guac_error_message); /* Otherwise just log with standard status string */ else guacd_log(level, "%s: %s", message, guac_status_string(guac_error)); } /* Just log message if no status code */ else guacd_log(level, "%s", message); }
/** * Turns the current process into a daemon through a series of fork() calls. * The standard I/O file desriptors for STDIN, STDOUT, and STDERR will be * redirected to /dev/null, and the working directory is changed to root. * Execution within the caller of this function will terminate before this * function returns, while execution within the daemonized child process will * continue. * * @return * Zero if the daemonization process succeeded and we are now in the * daemonized child process, or non-zero if daemonization failed and we are * still the original caller. This function does not return for the original * caller if daemonization succeeds. */ static int daemonize() { pid_t pid; /* Fork once to ensure we aren't the process group leader */ pid = fork(); if (pid < 0) { guacd_log(GUAC_LOG_ERROR, "Could not fork() parent: %s", strerror(errno)); return 1; } /* Exit if we are the parent */ if (pid > 0) { guacd_log(GUAC_LOG_DEBUG, "Exiting and passing control to PID %i", pid); _exit(0); } /* Start a new session (if not already group leader) */ setsid(); /* Fork again so the session group leader exits */ pid = fork(); if (pid < 0) { guacd_log(GUAC_LOG_ERROR, "Could not fork() group leader: %s", strerror(errno)); return 1; } /* Exit if we are the parent */ if (pid > 0) { guacd_log(GUAC_LOG_DEBUG, "Exiting and passing control to PID %i", pid); _exit(0); } /* Change to root directory */ if (chdir(GUACD_ROOT) < 0) { guacd_log(GUAC_LOG_ERROR, "Unable to change working directory to " GUACD_ROOT); return 1; } /* Reopen the 3 stdxxx to /dev/null */ if (redirect_fd(STDIN_FILENO, O_RDONLY) || redirect_fd(STDOUT_FILENO, O_WRONLY) || redirect_fd(STDERR_FILENO, O_WRONLY)) { guacd_log(GUAC_LOG_ERROR, "Unable to redirect standard file descriptors to " GUACD_DEV_NULL); return 1; } /* Success */ return 0; }
void guacd_proc_stop(guacd_proc* proc) { /* Signal client to stop */ guac_client_stop(proc->client); /* Shutdown socket - in-progress recvmsg() will not fail otherwise */ if (shutdown(proc->fd_socket, SHUT_RDWR) == -1) guacd_log(GUAC_LOG_ERROR, "Unable to shutdown internal socket for " "connection %s. Corresponding process may remain running but " "inactive.", proc->client->connection_id); /* Clean up our end of the socket */ close(proc->fd_socket); }
/** * Starts protocol-specific handling on the given process by loading the client * plugin for that protocol. This function does NOT return. It initializes the * process with protocol-specific handlers and then runs until the guacd_proc's * fd_socket is closed, adding any file descriptors received along fd_socket as * new users. * * @param proc * The process that any new users received along fd_socket should be added * to (after the process has been initialized for the given protocol). * * @param protocol * The protocol to initialize the given process for. */ static void guacd_exec_proc(guacd_proc* proc, const char* protocol) { /* Init client for selected protocol */ if (guac_client_load_plugin(proc->client, protocol)) { /* Log error */ if (guac_error == GUAC_STATUS_NOT_FOUND) guacd_log(GUAC_LOG_WARNING, "Support for protocol \"%s\" is not installed", protocol); else guacd_log_guac_error(GUAC_LOG_ERROR, "Unable to load client plugin"); guac_client_free(proc->client); close(proc->fd_socket); free(proc); exit(1); } /* The first file descriptor is the owner */ int owner = 1; /* Add each received file descriptor as a new user */ int received_fd; while ((received_fd = guacd_recv_fd(proc->fd_socket)) != -1) { guacd_proc_add_user(proc, received_fd, owner); /* Future file descriptors are not owners */ owner = 0; } /* Stop and free client */ guac_client_stop(proc->client); guac_client_free(proc->client); /* Child is finished */ close(proc->fd_socket); free(proc); exit(0); }
int main(int argc, char* argv[]) { /* Server */ int socket_fd; struct addrinfo* addresses; struct addrinfo* current_address; char bound_address[1024]; char bound_port[64]; int opt_on = 1; struct addrinfo hints = { .ai_family = AF_UNSPEC, .ai_socktype = SOCK_STREAM, .ai_protocol = IPPROTO_TCP }; /* Client */ struct sockaddr_in client_addr; socklen_t client_addr_len; int connected_socket_fd; #ifdef ENABLE_SSL SSL_CTX* ssl_context = NULL; #endif guacd_proc_map* map = guacd_proc_map_alloc(); /* General */ int retval; /* Load configuration */ guacd_config* config = guacd_conf_load(); if (config == NULL || guacd_conf_parse_args(config, argc, argv)) exit(EXIT_FAILURE); /* Init logging as early as possible */ guacd_log_level = config->max_log_level; openlog(GUACD_LOG_NAME, LOG_PID, LOG_DAEMON); /* Log start */ guacd_log(GUAC_LOG_INFO, "Guacamole proxy daemon (guacd) version " VERSION " started"); /* Get addresses for binding */ if ((retval = getaddrinfo(config->bind_host, config->bind_port, &hints, &addresses))) { guacd_log(GUAC_LOG_ERROR, "Error parsing given address or port: %s", gai_strerror(retval)); exit(EXIT_FAILURE); } /* Get socket */ socket_fd = socket(AF_INET, SOCK_STREAM, 0); if (socket_fd < 0) { guacd_log(GUAC_LOG_ERROR, "Error opening socket: %s", strerror(errno)); exit(EXIT_FAILURE); } /* Allow socket reuse */ if (setsockopt(socket_fd, SOL_SOCKET, SO_REUSEADDR, (void*) &opt_on, sizeof(opt_on))) { guacd_log(GUAC_LOG_WARNING, "Unable to set socket options for reuse: %s", strerror(errno)); } /* Attempt binding of each address until success */ current_address = addresses; while (current_address != NULL) { int retval; /* Resolve hostname */ if ((retval = getnameinfo(current_address->ai_addr, current_address->ai_addrlen, bound_address, sizeof(bound_address), bound_port, sizeof(bound_port), NI_NUMERICHOST | NI_NUMERICSERV))) guacd_log(GUAC_LOG_ERROR, "Unable to resolve host: %s", gai_strerror(retval)); /* Attempt to bind socket to address */ if (bind(socket_fd, current_address->ai_addr, current_address->ai_addrlen) == 0) { guacd_log(GUAC_LOG_DEBUG, "Successfully bound socket to " "host %s, port %s", bound_address, bound_port); /* Done if successful bind */ break; } /* Otherwise log information regarding bind failure */ else guacd_log(GUAC_LOG_DEBUG, "Unable to bind socket to " "host %s, port %s: %s", bound_address, bound_port, strerror(errno)); current_address = current_address->ai_next; } /* If unable to bind to anything, fail */ if (current_address == NULL) { guacd_log(GUAC_LOG_ERROR, "Unable to bind socket to any addresses."); exit(EXIT_FAILURE); } #ifdef ENABLE_SSL /* Init SSL if enabled */ if (config->key_file != NULL || config->cert_file != NULL) { guacd_log(GUAC_LOG_INFO, "Communication will require SSL/TLS."); #ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS /* Init threadsafety in OpenSSL */ guacd_openssl_init_locks(CRYPTO_num_locks()); CRYPTO_set_id_callback(guacd_openssl_id_callback); CRYPTO_set_locking_callback(guacd_openssl_locking_callback); #endif /* Init SSL */ SSL_library_init(); SSL_load_error_strings(); ssl_context = SSL_CTX_new(SSLv23_server_method()); /* Load key */ if (config->key_file != NULL) { guacd_log(GUAC_LOG_INFO, "Using PEM keyfile %s", config->key_file); if (!SSL_CTX_use_PrivateKey_file(ssl_context, config->key_file, SSL_FILETYPE_PEM)) { guacd_log(GUAC_LOG_ERROR, "Unable to load keyfile."); exit(EXIT_FAILURE); } } else guacd_log(GUAC_LOG_WARNING, "No PEM keyfile given - SSL/TLS may not work."); /* Load cert file if specified */ if (config->cert_file != NULL) { guacd_log(GUAC_LOG_INFO, "Using certificate file %s", config->cert_file); if (!SSL_CTX_use_certificate_chain_file(ssl_context, config->cert_file)) { guacd_log(GUAC_LOG_ERROR, "Unable to load certificate."); exit(EXIT_FAILURE); } } else guacd_log(GUAC_LOG_WARNING, "No certificate file given - SSL/TLS may not work."); } #endif /* Daemonize if requested */ if (!config->foreground) { /* Attempt to daemonize process */ if (daemonize()) { guacd_log(GUAC_LOG_ERROR, "Could not become a daemon."); exit(EXIT_FAILURE); } } /* Write PID file if requested */ if (config->pidfile != NULL) { /* Attempt to open pidfile and write PID */ FILE* pidf = fopen(config->pidfile, "w"); if (pidf) { fprintf(pidf, "%d\n", getpid()); fclose(pidf); } /* Fail if could not write PID file*/ else { guacd_log(GUAC_LOG_ERROR, "Could not write PID file: %s", strerror(errno)); exit(EXIT_FAILURE); } } /* Ignore SIGPIPE */ if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) { guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGPIPE to ignore. " "SIGPIPE may cause termination of the daemon."); } /* Ignore SIGCHLD (force automatic removal of children) */ if (signal(SIGCHLD, SIG_IGN) == SIG_ERR) { guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGCHLD to ignore. " "Child processes may pile up in the process table."); } /* Log listening status */ guacd_log(GUAC_LOG_INFO, "Listening on host %s, port %s", bound_address, bound_port); /* Free addresses */ freeaddrinfo(addresses); /* Listen for connections */ if (listen(socket_fd, 5) < 0) { guacd_log(GUAC_LOG_ERROR, "Could not listen on socket: %s", strerror(errno)); return 3; } /* Daemon loop */ for (;;) { pthread_t child_thread; /* Accept connection */ client_addr_len = sizeof(client_addr); connected_socket_fd = accept(socket_fd, (struct sockaddr*) &client_addr, &client_addr_len); if (connected_socket_fd < 0) { guacd_log(GUAC_LOG_ERROR, "Could not accept client connection: %s", strerror(errno)); continue; } /* Create parameters for connection thread */ guacd_connection_thread_params* params = malloc(sizeof(guacd_connection_thread_params)); if (params == NULL) { guacd_log(GUAC_LOG_ERROR, "Could not create connection thread: %s", strerror(errno)); continue; } params->map = map; params->connected_socket_fd = connected_socket_fd; #ifdef ENABLE_SSL params->ssl_context = ssl_context; #endif /* Spawn thread to handle connection */ pthread_create(&child_thread, NULL, guacd_connection_thread, params); pthread_detach(child_thread); } /* Close socket */ if (close(socket_fd) < 0) { guacd_log(GUAC_LOG_ERROR, "Could not close socket: %s", strerror(errno)); return 3; } #ifdef ENABLE_SSL if (ssl_context != NULL) { #ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS guacd_openssl_free_locks(CRYPTO_num_locks()); #endif SSL_CTX_free(ssl_context); } #endif return 0; }
guacd_proc* guacd_create_proc(const char* protocol) { int sockets[2]; /* Open UNIX socket pair */ if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sockets) < 0) { guacd_log(GUAC_LOG_ERROR, "Error opening socket pair: %s", strerror(errno)); return NULL; } int parent_socket = sockets[0]; int child_socket = sockets[1]; /* Allocate process */ guacd_proc* proc = calloc(1, sizeof(guacd_proc)); if (proc == NULL) { close(parent_socket); close(child_socket); return NULL; } /* Associate new client */ proc->client = guac_client_alloc(); if (proc->client == NULL) { guacd_log_guac_error(GUAC_LOG_ERROR, "Unable to create client"); close(parent_socket); close(child_socket); free(proc); return NULL; } /* Init logging */ proc->client->log_handler = guacd_client_log; /* Fork */ proc->pid = fork(); if (proc->pid < 0) { guacd_log(GUAC_LOG_ERROR, "Cannot fork child process: %s", strerror(errno)); close(parent_socket); close(child_socket); guac_client_free(proc->client); free(proc); return NULL; } /* Child */ else if (proc->pid == 0) { /* Communicate with parent */ proc->fd_socket = parent_socket; close(child_socket); /* Start protocol-specific handling */ guacd_exec_proc(proc, protocol); } /* Parent */ else { /* Communicate with child */ proc->fd_socket = child_socket; close(parent_socket); } return proc; }