/**
* Handles a user's entire connection and socket lifecycle.
*
* @param data
* A pointer to a guacd_user_thread_params structure describing the user's
* associated file descriptor, whether that user is the connection owner
* (the first person to join), as well as the process associated with the
* connection being joined.
*
* @return
* Always NULL.
*/
static void* guacd_user_thread(void* data) {
guacd_user_thread_params* params = (guacd_user_thread_params*) data;
guacd_proc* proc = params->proc;
guac_client* client = proc->client;
/* Get guac_socket for user's file descriptor */
guac_socket* socket = guac_socket_open(params->fd);
if (socket == NULL)
return NULL;
/* Create skeleton user */
guac_user* user = guac_user_alloc();
user->socket = socket;
user->client = client;
user->owner = params->owner;
/* Handle user connection from handshake until disconnect/completion */
guac_user_handle_connection(user, GUACD_USEC_TIMEOUT);
/* Stop client and prevent future users if all users are disconnected */
if (client->connected_users == 0) {
guacd_log(GUAC_LOG_INFO, "Last user of connection \"%s\" disconnected", client->connection_id);
guacd_proc_stop(proc);
}
/* Clean up */
guac_socket_free(socket);
guac_user_free(user);
free(params);
return NULL;
}
void guacd_log_handshake_failure() {
if (guac_error == GUAC_STATUS_CLOSED)
guacd_log(GUAC_LOG_INFO,
"Guacamole connection closed during handshake");
else if (guac_error == GUAC_STATUS_PROTOCOL_ERROR)
guacd_log(GUAC_LOG_ERROR,
"Guacamole protocol violation. Perhaps the version of "
"guacamole-client is incompatible with this version of "
"guacd?");
else
guacd_log(GUAC_LOG_WARNING,
"Guacamole handshake failed: %s",
guac_status_string(guac_error));
}
void guacd_log_guac_error(guac_client_log_level level, const char* message) {
if (guac_error != GUAC_STATUS_SUCCESS) {
/* If error message provided, include in log */
if (guac_error_message != NULL)
guacd_log(level, "%s: %s",
message,
guac_error_message);
/* Otherwise just log with standard status string */
else
guacd_log(level, "%s: %s",
message,
guac_status_string(guac_error));
}
/* Just log message if no status code */
else
guacd_log(level, "%s", message);
}
/**
* Turns the current process into a daemon through a series of fork() calls.
* The standard I/O file desriptors for STDIN, STDOUT, and STDERR will be
* redirected to /dev/null, and the working directory is changed to root.
* Execution within the caller of this function will terminate before this
* function returns, while execution within the daemonized child process will
* continue.
*
* @return
* Zero if the daemonization process succeeded and we are now in the
* daemonized child process, or non-zero if daemonization failed and we are
* still the original caller. This function does not return for the original
* caller if daemonization succeeds.
*/
static int daemonize() {
pid_t pid;
/* Fork once to ensure we aren't the process group leader */
pid = fork();
if (pid < 0) {
guacd_log(GUAC_LOG_ERROR, "Could not fork() parent: %s", strerror(errno));
return 1;
}
/* Exit if we are the parent */
if (pid > 0) {
guacd_log(GUAC_LOG_DEBUG, "Exiting and passing control to PID %i", pid);
_exit(0);
}
/* Start a new session (if not already group leader) */
setsid();
/* Fork again so the session group leader exits */
pid = fork();
if (pid < 0) {
guacd_log(GUAC_LOG_ERROR, "Could not fork() group leader: %s", strerror(errno));
return 1;
}
/* Exit if we are the parent */
if (pid > 0) {
guacd_log(GUAC_LOG_DEBUG, "Exiting and passing control to PID %i", pid);
_exit(0);
}
/* Change to root directory */
if (chdir(GUACD_ROOT) < 0) {
guacd_log(GUAC_LOG_ERROR,
"Unable to change working directory to "
GUACD_ROOT);
return 1;
}
/* Reopen the 3 stdxxx to /dev/null */
if (redirect_fd(STDIN_FILENO, O_RDONLY)
|| redirect_fd(STDOUT_FILENO, O_WRONLY)
|| redirect_fd(STDERR_FILENO, O_WRONLY)) {
guacd_log(GUAC_LOG_ERROR,
"Unable to redirect standard file descriptors to "
GUACD_DEV_NULL);
return 1;
}
/* Success */
return 0;
}
void guacd_proc_stop(guacd_proc* proc) {
/* Signal client to stop */
guac_client_stop(proc->client);
/* Shutdown socket - in-progress recvmsg() will not fail otherwise */
if (shutdown(proc->fd_socket, SHUT_RDWR) == -1)
guacd_log(GUAC_LOG_ERROR, "Unable to shutdown internal socket for "
"connection %s. Corresponding process may remain running but "
"inactive.", proc->client->connection_id);
/* Clean up our end of the socket */
close(proc->fd_socket);
}
/**
* Starts protocol-specific handling on the given process by loading the client
* plugin for that protocol. This function does NOT return. It initializes the
* process with protocol-specific handlers and then runs until the guacd_proc's
* fd_socket is closed, adding any file descriptors received along fd_socket as
* new users.
*
* @param proc
* The process that any new users received along fd_socket should be added
* to (after the process has been initialized for the given protocol).
*
* @param protocol
* The protocol to initialize the given process for.
*/
static void guacd_exec_proc(guacd_proc* proc, const char* protocol) {
/* Init client for selected protocol */
if (guac_client_load_plugin(proc->client, protocol)) {
/* Log error */
if (guac_error == GUAC_STATUS_NOT_FOUND)
guacd_log(GUAC_LOG_WARNING,
"Support for protocol \"%s\" is not installed", protocol);
else
guacd_log_guac_error(GUAC_LOG_ERROR,
"Unable to load client plugin");
guac_client_free(proc->client);
close(proc->fd_socket);
free(proc);
exit(1);
}
/* The first file descriptor is the owner */
int owner = 1;
/* Add each received file descriptor as a new user */
int received_fd;
while ((received_fd = guacd_recv_fd(proc->fd_socket)) != -1) {
guacd_proc_add_user(proc, received_fd, owner);
/* Future file descriptors are not owners */
owner = 0;
}
/* Stop and free client */
guac_client_stop(proc->client);
guac_client_free(proc->client);
/* Child is finished */
close(proc->fd_socket);
free(proc);
exit(0);
}
int main(int argc, char* argv[]) {
/* Server */
int socket_fd;
struct addrinfo* addresses;
struct addrinfo* current_address;
char bound_address[1024];
char bound_port[64];
int opt_on = 1;
struct addrinfo hints = {
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = IPPROTO_TCP
};
/* Client */
struct sockaddr_in client_addr;
socklen_t client_addr_len;
int connected_socket_fd;
#ifdef ENABLE_SSL
SSL_CTX* ssl_context = NULL;
#endif
guacd_proc_map* map = guacd_proc_map_alloc();
/* General */
int retval;
/* Load configuration */
guacd_config* config = guacd_conf_load();
if (config == NULL || guacd_conf_parse_args(config, argc, argv))
exit(EXIT_FAILURE);
/* Init logging as early as possible */
guacd_log_level = config->max_log_level;
openlog(GUACD_LOG_NAME, LOG_PID, LOG_DAEMON);
/* Log start */
guacd_log(GUAC_LOG_INFO, "Guacamole proxy daemon (guacd) version " VERSION " started");
/* Get addresses for binding */
if ((retval = getaddrinfo(config->bind_host, config->bind_port,
&hints, &addresses))) {
guacd_log(GUAC_LOG_ERROR, "Error parsing given address or port: %s",
gai_strerror(retval));
exit(EXIT_FAILURE);
}
/* Get socket */
socket_fd = socket(AF_INET, SOCK_STREAM, 0);
if (socket_fd < 0) {
guacd_log(GUAC_LOG_ERROR, "Error opening socket: %s", strerror(errno));
exit(EXIT_FAILURE);
}
/* Allow socket reuse */
if (setsockopt(socket_fd, SOL_SOCKET, SO_REUSEADDR,
(void*) &opt_on, sizeof(opt_on))) {
guacd_log(GUAC_LOG_WARNING, "Unable to set socket options for reuse: %s",
strerror(errno));
}
/* Attempt binding of each address until success */
current_address = addresses;
while (current_address != NULL) {
int retval;
/* Resolve hostname */
if ((retval = getnameinfo(current_address->ai_addr,
current_address->ai_addrlen,
bound_address, sizeof(bound_address),
bound_port, sizeof(bound_port),
NI_NUMERICHOST | NI_NUMERICSERV)))
guacd_log(GUAC_LOG_ERROR, "Unable to resolve host: %s",
gai_strerror(retval));
/* Attempt to bind socket to address */
if (bind(socket_fd,
current_address->ai_addr,
current_address->ai_addrlen) == 0) {
guacd_log(GUAC_LOG_DEBUG, "Successfully bound socket to "
"host %s, port %s", bound_address, bound_port);
/* Done if successful bind */
break;
}
/* Otherwise log information regarding bind failure */
else
guacd_log(GUAC_LOG_DEBUG, "Unable to bind socket to "
"host %s, port %s: %s",
bound_address, bound_port, strerror(errno));
current_address = current_address->ai_next;
}
/* If unable to bind to anything, fail */
if (current_address == NULL) {
guacd_log(GUAC_LOG_ERROR, "Unable to bind socket to any addresses.");
exit(EXIT_FAILURE);
}
#ifdef ENABLE_SSL
/* Init SSL if enabled */
if (config->key_file != NULL || config->cert_file != NULL) {
guacd_log(GUAC_LOG_INFO, "Communication will require SSL/TLS.");
#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
/* Init threadsafety in OpenSSL */
guacd_openssl_init_locks(CRYPTO_num_locks());
CRYPTO_set_id_callback(guacd_openssl_id_callback);
CRYPTO_set_locking_callback(guacd_openssl_locking_callback);
#endif
/* Init SSL */
SSL_library_init();
SSL_load_error_strings();
ssl_context = SSL_CTX_new(SSLv23_server_method());
/* Load key */
if (config->key_file != NULL) {
guacd_log(GUAC_LOG_INFO, "Using PEM keyfile %s", config->key_file);
if (!SSL_CTX_use_PrivateKey_file(ssl_context, config->key_file, SSL_FILETYPE_PEM)) {
guacd_log(GUAC_LOG_ERROR, "Unable to load keyfile.");
exit(EXIT_FAILURE);
}
}
else
guacd_log(GUAC_LOG_WARNING, "No PEM keyfile given - SSL/TLS may not work.");
/* Load cert file if specified */
if (config->cert_file != NULL) {
guacd_log(GUAC_LOG_INFO, "Using certificate file %s", config->cert_file);
if (!SSL_CTX_use_certificate_chain_file(ssl_context, config->cert_file)) {
guacd_log(GUAC_LOG_ERROR, "Unable to load certificate.");
exit(EXIT_FAILURE);
}
}
else
guacd_log(GUAC_LOG_WARNING, "No certificate file given - SSL/TLS may not work.");
}
#endif
/* Daemonize if requested */
if (!config->foreground) {
/* Attempt to daemonize process */
if (daemonize()) {
guacd_log(GUAC_LOG_ERROR, "Could not become a daemon.");
exit(EXIT_FAILURE);
}
}
/* Write PID file if requested */
if (config->pidfile != NULL) {
/* Attempt to open pidfile and write PID */
FILE* pidf = fopen(config->pidfile, "w");
if (pidf) {
fprintf(pidf, "%d\n", getpid());
fclose(pidf);
}
/* Fail if could not write PID file*/
else {
guacd_log(GUAC_LOG_ERROR, "Could not write PID file: %s", strerror(errno));
exit(EXIT_FAILURE);
}
}
/* Ignore SIGPIPE */
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGPIPE to ignore. "
"SIGPIPE may cause termination of the daemon.");
}
/* Ignore SIGCHLD (force automatic removal of children) */
if (signal(SIGCHLD, SIG_IGN) == SIG_ERR) {
guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGCHLD to ignore. "
"Child processes may pile up in the process table.");
}
/* Log listening status */
guacd_log(GUAC_LOG_INFO, "Listening on host %s, port %s", bound_address, bound_port);
/* Free addresses */
freeaddrinfo(addresses);
/* Listen for connections */
if (listen(socket_fd, 5) < 0) {
guacd_log(GUAC_LOG_ERROR, "Could not listen on socket: %s", strerror(errno));
return 3;
}
/* Daemon loop */
for (;;) {
pthread_t child_thread;
/* Accept connection */
client_addr_len = sizeof(client_addr);
connected_socket_fd = accept(socket_fd,
(struct sockaddr*) &client_addr, &client_addr_len);
if (connected_socket_fd < 0) {
guacd_log(GUAC_LOG_ERROR, "Could not accept client connection: %s", strerror(errno));
continue;
}
/* Create parameters for connection thread */
guacd_connection_thread_params* params = malloc(sizeof(guacd_connection_thread_params));
if (params == NULL) {
guacd_log(GUAC_LOG_ERROR, "Could not create connection thread: %s", strerror(errno));
continue;
}
params->map = map;
params->connected_socket_fd = connected_socket_fd;
#ifdef ENABLE_SSL
params->ssl_context = ssl_context;
#endif
/* Spawn thread to handle connection */
pthread_create(&child_thread, NULL, guacd_connection_thread, params);
pthread_detach(child_thread);
}
/* Close socket */
if (close(socket_fd) < 0) {
guacd_log(GUAC_LOG_ERROR, "Could not close socket: %s", strerror(errno));
return 3;
}
#ifdef ENABLE_SSL
if (ssl_context != NULL) {
#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
guacd_openssl_free_locks(CRYPTO_num_locks());
#endif
SSL_CTX_free(ssl_context);
}
#endif
return 0;
}
guacd_proc* guacd_create_proc(const char* protocol) {
int sockets[2];
/* Open UNIX socket pair */
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sockets) < 0) {
guacd_log(GUAC_LOG_ERROR, "Error opening socket pair: %s", strerror(errno));
return NULL;
}
int parent_socket = sockets[0];
int child_socket = sockets[1];
/* Allocate process */
guacd_proc* proc = calloc(1, sizeof(guacd_proc));
if (proc == NULL) {
close(parent_socket);
close(child_socket);
return NULL;
}
/* Associate new client */
proc->client = guac_client_alloc();
if (proc->client == NULL) {
guacd_log_guac_error(GUAC_LOG_ERROR, "Unable to create client");
close(parent_socket);
close(child_socket);
free(proc);
return NULL;
}
/* Init logging */
proc->client->log_handler = guacd_client_log;
/* Fork */
proc->pid = fork();
if (proc->pid < 0) {
guacd_log(GUAC_LOG_ERROR, "Cannot fork child process: %s", strerror(errno));
close(parent_socket);
close(child_socket);
guac_client_free(proc->client);
free(proc);
return NULL;
}
/* Child */
else if (proc->pid == 0) {
/* Communicate with parent */
proc->fd_socket = parent_socket;
close(child_socket);
/* Start protocol-specific handling */
guacd_exec_proc(proc, protocol);
}
/* Parent */
else {
/* Communicate with child */
proc->fd_socket = child_socket;
close(parent_socket);
}
return proc;
}
