BOOL rdp_freerdp_post_connect(freerdp* instance) {
rdpContext* context = instance->context;
guac_client* client = ((rdp_freerdp_context*) context)->client;
rdpChannels* channels = instance->context->channels;
/* Init channels (post-connect) */
if (freerdp_channels_post_connect(channels, instance)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error initializing RDP client channel manager");
return FALSE;
}
/* Client handlers */
client->free_handler = rdp_guac_client_free_handler;
client->handle_messages = rdp_guac_client_handle_messages;
client->mouse_handler = rdp_guac_client_mouse_handler;
client->key_handler = rdp_guac_client_key_handler;
client->size_handler = rdp_guac_client_size_handler;
/* Stream handlers */
client->clipboard_handler = guac_rdp_clipboard_handler;
client->pipe_handler = guac_rdp_svc_pipe_handler;
return TRUE;
}
void* __guacd_client_input_thread(void* data) {
guac_client* client = (guac_client*) data;
guac_socket* socket = client->socket;
/* Guacamole client input loop */
while (client->state == GUAC_CLIENT_RUNNING) {
/* Read instruction */
guac_instruction* instruction =
guac_instruction_read(socket, GUACD_USEC_TIMEOUT);
/* Stop on error */
if (instruction == NULL) {
if (guac_error == GUAC_STATUS_INPUT_TIMEOUT)
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_TIMEOUT, "Client is not responding.");
else {
guacd_client_log_guac_error(client, "Error reading instruction");
guac_client_stop(client);
}
return NULL;
}
/* Reset guac_error and guac_error_message (client handlers are not
* guaranteed to set these) */
guac_error = GUAC_STATUS_SUCCESS;
guac_error_message = NULL;
/* Call handler, stop on error */
if (guac_client_handle_instruction(client, instruction) < 0) {
/* Log error */
guacd_client_log_guac_error(client,
"Client instruction handler error");
/* Log handler details */
guac_client_log(client, GUAC_LOG_INFO,
"Failing instruction handler in client was \"%s\"",
instruction->opcode);
guac_instruction_free(instruction);
guac_client_stop(client);
return NULL;
}
/* Free allocated instruction */
guac_instruction_free(instruction);
}
return NULL;
}
/**
* Callback invoked by FreeRDP just after the connection is established with
* the RDP server. Implementations are required to manually invoke
* freerdp_channels_post_connect().
*
* @param instance
* The FreeRDP instance that has just connected.
*
* @return
* TRUE if successful, FALSE if an error occurs.
*/
static BOOL rdp_freerdp_post_connect(freerdp* instance) {
rdpContext* context = instance->context;
guac_client* client = ((rdp_freerdp_context*) context)->client;
rdpChannels* channels = instance->context->channels;
/* Init channels (post-connect) */
if (freerdp_channels_post_connect(channels, instance)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error initializing RDP client channel manager");
return FALSE;
}
return TRUE;
}
int guac_ssh_user_join_handler(guac_user* user, int argc, char** argv) {
guac_client* client = user->client;
guac_ssh_client* ssh_client = (guac_ssh_client*) client->data;
/* Connect via SSH if owner */
if (user->owner) {
/* Parse arguments into client */
guac_ssh_settings* settings = ssh_client->settings =
guac_ssh_parse_args(user, argc, (const char**) argv);
/* Fail if settings cannot be parsed */
if (settings == NULL) {
guac_user_log(user, GUAC_LOG_INFO,
"Badly formatted client arguments.");
return 1;
}
/* Start client thread */
if (pthread_create(&(ssh_client->client_thread), NULL,
ssh_client_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Unable to start SSH client thread");
return 1;
}
}
/* If not owner, synchronize with current display */
else {
guac_terminal_dup(ssh_client->term, user, user->socket);
guac_socket_flush(user->socket);
}
/* Set per-user event handlers */
user->key_handler = guac_ssh_user_key_handler;
user->mouse_handler = guac_ssh_user_mouse_handler;
user->size_handler = guac_ssh_user_size_handler;
user->clipboard_handler = guac_ssh_clipboard_handler;
/* Set generic (non-filesystem) file upload handler */
user->file_handler = guac_sftp_file_handler;
return 0;
}
static int rdp_guac_client_wait_for_messages(guac_client* client, int timeout_usecs) {
rdp_guac_client_data* guac_client_data = (rdp_guac_client_data*) client->data;
freerdp* rdp_inst = guac_client_data->rdp_inst;
rdpChannels* channels = rdp_inst->context->channels;
int result;
int index;
int max_fd, fd;
void* read_fds[32];
void* write_fds[32];
int read_count = 0;
int write_count = 0;
fd_set rfds, wfds;
struct timeval timeout = {
.tv_sec = 0,
.tv_usec = timeout_usecs
};
/* Get RDP fds */
if (!freerdp_get_fds(rdp_inst, read_fds, &read_count, write_fds, &write_count)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to read RDP file descriptors.");
return -1;
}
/* Get channel fds */
if (!freerdp_channels_get_fds(channels, rdp_inst, read_fds, &read_count, write_fds,
&write_count)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to read RDP channel file descriptors.");
return -1;
}
/* Construct read fd_set */
max_fd = 0;
FD_ZERO(&rfds);
for (index = 0; index < read_count; index++) {
fd = (int)(long) (read_fds[index]);
if (fd > max_fd)
max_fd = fd;
FD_SET(fd, &rfds);
}
/* Construct write fd_set */
FD_ZERO(&wfds);
for (index = 0; index < write_count; index++) {
fd = (int)(long) (write_fds[index]);
if (fd > max_fd)
max_fd = fd;
FD_SET(fd, &wfds);
}
/* If no file descriptors, error */
if (max_fd == 0) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "No file descriptors associated with RDP connection.");
return -1;
}
/* Wait for all RDP file descriptors */
result = select(max_fd + 1, &rfds, &wfds, NULL, &timeout);
if (result < 0) {
/* If error ignorable, pretend timout occurred */
if (errno == EAGAIN
|| errno == EWOULDBLOCK
|| errno == EINPROGRESS
|| errno == EINTR)
return 0;
/* Otherwise, return as error */
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error waiting for file descriptor.");
return -1;
}
/* Return wait result */
return result;
}
int rdp_guac_client_handle_messages(guac_client* client) {
rdp_guac_client_data* guac_client_data = (rdp_guac_client_data*) client->data;
freerdp* rdp_inst = guac_client_data->rdp_inst;
rdpChannels* channels = rdp_inst->context->channels;
wMessage* event;
/* Wait for messages */
int wait_result = rdp_guac_client_wait_for_messages(client, 250000);
guac_timestamp frame_start = guac_timestamp_current();
while (wait_result > 0) {
guac_timestamp frame_end;
int frame_remaining;
pthread_mutex_lock(&(guac_client_data->rdp_lock));
/* Check the libfreerdp fds */
if (!freerdp_check_fds(rdp_inst)) {
guac_error = GUAC_STATUS_BAD_STATE;
guac_error_message = "Error handling RDP file descriptors";
pthread_mutex_unlock(&(guac_client_data->rdp_lock));
return 1;
}
/* Check channel fds */
if (!freerdp_channels_check_fds(channels, rdp_inst)) {
guac_error = GUAC_STATUS_BAD_STATE;
guac_error_message = "Error handling RDP channel file descriptors";
pthread_mutex_unlock(&(guac_client_data->rdp_lock));
return 1;
}
/* Check for channel events */
event = freerdp_channels_pop_event(channels);
if (event) {
/* Handle channel events (clipboard and RAIL) */
#ifdef LEGACY_EVENT
if (event->event_class == CliprdrChannel_Class)
guac_rdp_process_cliprdr_event(client, event);
else if (event->event_class == RailChannel_Class)
guac_rdp_process_rail_event(client, event);
#else
if (GetMessageClass(event->id) == CliprdrChannel_Class)
guac_rdp_process_cliprdr_event(client, event);
else if (GetMessageClass(event->id) == RailChannel_Class)
guac_rdp_process_rail_event(client, event);
#endif
freerdp_event_free(event);
}
/* Handle RDP disconnect */
if (freerdp_shall_disconnect(rdp_inst)) {
guac_error = GUAC_STATUS_NO_INPUT;
guac_error_message = "RDP server closed connection";
pthread_mutex_unlock(&(guac_client_data->rdp_lock));
return 1;
}
pthread_mutex_unlock(&(guac_client_data->rdp_lock));
/* Calculate time remaining in frame */
frame_end = guac_timestamp_current();
frame_remaining = frame_start + GUAC_RDP_FRAME_DURATION - frame_end;
/* Wait again if frame remaining */
if (frame_remaining > 0)
wait_result = rdp_guac_client_wait_for_messages(client,
GUAC_RDP_FRAME_TIMEOUT*1000);
else
break;
}
/* If an error occurred, fail */
if (wait_result < 0)
return 1;
/* Success */
guac_common_surface_flush(guac_client_data->default_surface);
return 0;
}
guac_common_ssh_session* guac_common_ssh_create_session(guac_client* client,
const char* hostname, const char* port, guac_common_ssh_user* user) {
int retval;
int fd;
struct addrinfo* addresses;
struct addrinfo* current_address;
char connected_address[1024];
char connected_port[64];
struct addrinfo hints = {
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = IPPROTO_TCP
};
/* Get socket */
fd = socket(AF_INET, SOCK_STREAM, 0);
if (fd < 0) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Unable to create socket: %s", strerror(errno));
return NULL;
}
/* Get addresses connection */
if ((retval = getaddrinfo(hostname, port, &hints, &addresses))) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Error parsing given address or port: %s",
gai_strerror(retval));
close(fd);
return NULL;
}
/* Attempt connection to each address until success */
current_address = addresses;
while (current_address != NULL) {
/* Resolve hostname */
if ((retval = getnameinfo(current_address->ai_addr,
current_address->ai_addrlen,
connected_address, sizeof(connected_address),
connected_port, sizeof(connected_port),
NI_NUMERICHOST | NI_NUMERICSERV)))
guac_client_log(client, GUAC_LOG_DEBUG,
"Unable to resolve host: %s", gai_strerror(retval));
/* Connect */
if (connect(fd, current_address->ai_addr,
current_address->ai_addrlen) == 0) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Successfully connected to host %s, port %s",
connected_address, connected_port);
/* Done if successful connect */
break;
}
/* Otherwise log information regarding bind failure */
else
guac_client_log(client, GUAC_LOG_DEBUG, "Unable to connect to "
"host %s, port %s: %s",
connected_address, connected_port, strerror(errno));
current_address = current_address->ai_next;
}
/* If unable to connect to anything, fail */
if (current_address == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to connect to any addresses.");
close(fd);
return NULL;
}
/* Free addrinfo */
freeaddrinfo(addresses);
/* Allocate new session */
guac_common_ssh_session* common_session =
malloc(sizeof(guac_common_ssh_session));
/* Open SSH session */
LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL,
NULL, common_session);
if (session == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Session allocation failed.");
free(common_session);
close(fd);
return NULL;
}
/* Perform handshake */
if (libssh2_session_handshake(session, fd)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"SSH handshake failed.");
free(common_session);
close(fd);
return NULL;
}
/* Store basic session data */
common_session->client = client;
common_session->user = user;
common_session->session = session;
common_session->fd = fd;
/* Attempt authentication */
if (guac_common_ssh_authenticate(common_session)) {
free(common_session);
close(fd);
return NULL;
}
/* Return created session */
return common_session;
}
BOOL rdp_freerdp_pre_connect(freerdp* instance) {
rdpContext* context = instance->context;
rdpChannels* channels = context->channels;
guac_client* client = ((rdp_freerdp_context*) context)->client;
guac_rdp_client* rdp_client = (guac_rdp_client*) client->data;
guac_rdp_settings* settings = rdp_client->settings;
rdpBitmap* bitmap;
rdpGlyph* glyph;
rdpPointer* pointer;
rdpPrimaryUpdate* primary;
CLRCONV* clrconv;
guac_rdp_dvc_list* dvc_list = guac_rdp_dvc_list_alloc();
#ifdef HAVE_FREERDP_REGISTER_ADDIN_PROVIDER
/* Init FreeRDP add-in provider */
freerdp_register_addin_provider(freerdp_channels_load_static_addin_entry, 0);
#endif
#ifdef HAVE_FREERDP_EVENT_PUBSUB
/* Subscribe to and handle channel connected events */
PubSub_SubscribeChannelConnected(context->pubSub,
(pChannelConnectedEventHandler) guac_rdp_channel_connected);
#endif
#ifdef HAVE_FREERDP_DISPLAY_UPDATE_SUPPORT
/* Load "disp" plugin for display update */
if (settings->resize_method == GUAC_RESIZE_DISPLAY_UPDATE)
guac_rdp_disp_load_plugin(instance->context, dvc_list);
#endif
/* Load "AUDIO_INPUT" plugin for audio input*/
if (settings->enable_audio_input) {
rdp_client->audio_input = guac_rdp_audio_buffer_alloc();
guac_rdp_audio_load_plugin(instance->context, dvc_list);
}
/* Load clipboard plugin */
if (freerdp_channels_load_plugin(channels, instance->settings,
"cliprdr", NULL))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load cliprdr plugin. Clipboard will not work.");
/* If RDPSND/RDPDR required, load them */
if (settings->printing_enabled
|| settings->drive_enabled
|| settings->audio_enabled) {
/* Load RDPDR plugin */
if (freerdp_channels_load_plugin(channels, instance->settings,
"guacdr", client))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load guacdr plugin. Drive redirection and "
"printing will not work. Sound MAY not work.");
/* Load RDPSND plugin */
if (freerdp_channels_load_plugin(channels, instance->settings,
"guacsnd", client))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load guacsnd alongside guacdr plugin. Sound "
"will not work. Drive redirection and printing MAY not "
"work.");
}
/* Load RAIL plugin if RemoteApp in use */
if (settings->remote_app != NULL) {
#ifdef LEGACY_FREERDP
RDP_PLUGIN_DATA* plugin_data = malloc(sizeof(RDP_PLUGIN_DATA) * 2);
plugin_data[0].size = sizeof(RDP_PLUGIN_DATA);
plugin_data[0].data[0] = settings->remote_app;
plugin_data[0].data[1] = settings->remote_app_dir;
plugin_data[0].data[2] = settings->remote_app_args;
plugin_data[0].data[3] = NULL;
plugin_data[1].size = 0;
/* Attempt to load rail */
if (freerdp_channels_load_plugin(channels, instance->settings,
"rail", plugin_data))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load rail plugin. RemoteApp will not work.");
#else
/* Attempt to load rail */
if (freerdp_channels_load_plugin(channels, instance->settings,
"rail", instance->settings))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load rail plugin. RemoteApp will not work.");
#endif
}
/* Load SVC plugin instances for all static channels */
if (settings->svc_names != NULL) {
char** current = settings->svc_names;
do {
guac_rdp_svc* svc = guac_rdp_alloc_svc(client, *current);
/* Attempt to load guacsvc plugin for new static channel */
if (freerdp_channels_load_plugin(channels, instance->settings,
"guacsvc", svc)) {
guac_client_log(client, GUAC_LOG_WARNING,
"Cannot create static channel \"%s\": failed to load guacsvc plugin.",
svc->name);
guac_rdp_free_svc(svc);
}
/* Store and log on success */
else {
guac_rdp_add_svc(client, svc);
guac_client_log(client, GUAC_LOG_INFO, "Created static channel \"%s\"...",
svc->name);
}
} while (*(++current) != NULL);
}
/* Load DRDYNVC plugin if required */
if (guac_rdp_load_drdynvc(instance->context, dvc_list))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load drdynvc plugin. Display update and audio "
"input support will be disabled.");
/* Dynamic virtual channel list is no longer needed */
guac_rdp_dvc_list_free(dvc_list);
/* Init color conversion structure */
clrconv = calloc(1, sizeof(CLRCONV));
clrconv->alpha = 1;
clrconv->invert = 0;
clrconv->rgb555 = 0;
clrconv->palette = calloc(1, sizeof(rdpPalette));
((rdp_freerdp_context*) context)->clrconv = clrconv;
/* Init FreeRDP cache */
instance->context->cache = cache_new(instance->settings);
/* Set up bitmap handling */
bitmap = calloc(1, sizeof(rdpBitmap));
bitmap->size = sizeof(guac_rdp_bitmap);
bitmap->New = guac_rdp_bitmap_new;
bitmap->Free = guac_rdp_bitmap_free;
bitmap->Paint = guac_rdp_bitmap_paint;
bitmap->Decompress = guac_rdp_bitmap_decompress;
bitmap->SetSurface = guac_rdp_bitmap_setsurface;
graphics_register_bitmap(context->graphics, bitmap);
free(bitmap);
/* Set up glyph handling */
glyph = calloc(1, sizeof(rdpGlyph));
glyph->size = sizeof(guac_rdp_glyph);
glyph->New = guac_rdp_glyph_new;
glyph->Free = guac_rdp_glyph_free;
glyph->Draw = guac_rdp_glyph_draw;
glyph->BeginDraw = guac_rdp_glyph_begindraw;
glyph->EndDraw = guac_rdp_glyph_enddraw;
graphics_register_glyph(context->graphics, glyph);
free(glyph);
/* Set up pointer handling */
pointer = calloc(1, sizeof(rdpPointer));
pointer->size = sizeof(guac_rdp_pointer);
pointer->New = guac_rdp_pointer_new;
pointer->Free = guac_rdp_pointer_free;
pointer->Set = guac_rdp_pointer_set;
#ifdef HAVE_RDPPOINTER_SETNULL
pointer->SetNull = guac_rdp_pointer_set_null;
#endif
#ifdef HAVE_RDPPOINTER_SETDEFAULT
pointer->SetDefault = guac_rdp_pointer_set_default;
#endif
graphics_register_pointer(context->graphics, pointer);
free(pointer);
/* Set up GDI */
instance->update->DesktopResize = guac_rdp_gdi_desktop_resize;
instance->update->EndPaint = guac_rdp_gdi_end_paint;
instance->update->Palette = guac_rdp_gdi_palette_update;
instance->update->SetBounds = guac_rdp_gdi_set_bounds;
primary = instance->update->primary;
primary->DstBlt = guac_rdp_gdi_dstblt;
primary->PatBlt = guac_rdp_gdi_patblt;
primary->ScrBlt = guac_rdp_gdi_scrblt;
primary->MemBlt = guac_rdp_gdi_memblt;
primary->OpaqueRect = guac_rdp_gdi_opaquerect;
pointer_cache_register_callbacks(instance->update);
glyph_cache_register_callbacks(instance->update);
brush_cache_register_callbacks(instance->update);
bitmap_cache_register_callbacks(instance->update);
offscreen_cache_register_callbacks(instance->update);
palette_cache_register_callbacks(instance->update);
/* Init channels (pre-connect) */
if (freerdp_channels_pre_connect(channels, instance)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error initializing RDP client channel manager");
return FALSE;
}
return TRUE;
}
void* ssh_client_thread(void* data) {
guac_client* client = (guac_client*) data;
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
char name[1024];
guac_socket* socket = client->socket;
char buffer[8192];
int bytes_read = -1234;
int socket_fd;
int stdout_fd = client_data->term->stdout_pipe_fd[1];
pthread_t input_thread;
libssh2_init(0);
/* Get username */
if (client_data->username[0] == 0)
prompt(client, "Login as: ", client_data->username, sizeof(client_data->username), true);
/* Send new name */
snprintf(name, sizeof(name)-1, "%s@%s", client_data->username, client_data->hostname);
guac_protocol_send_name(socket, name);
/* If key specified, import */
if (client_data->key_base64[0] != 0) {
/* Attempt to read key without passphrase */
client_data->key = ssh_key_alloc(client_data->key_base64,
strlen(client_data->key_base64), "");
/* On failure, attempt with passphrase */
if (client_data->key == NULL) {
/* Prompt for passphrase if missing */
if (client_data->key_passphrase[0] == 0)
prompt(client, "Key passphrase: ", client_data->key_passphrase,
sizeof(client_data->key_passphrase), false);
/* Import key with passphrase */
client_data->key = ssh_key_alloc(client_data->key_base64,
strlen(client_data->key_base64),
client_data->key_passphrase);
/* If still failing, give up */
if (client_data->key == NULL) {
guac_client_log_error(client, "Auth key import failed.");
return NULL;
}
} /* end decrypt key with passphrase */
/* Success */
guac_client_log_info(client, "Auth key successfully imported.");
} /* end if key given */
/* Otherwise, get password if not provided */
else if (client_data->password[0] == 0)
prompt(client, "Password: "******"\x1B[H\x1B[J", 6);
/* Open SSH session */
client_data->session = __guac_ssh_create_session(client, &socket_fd);
if (client_data->session == NULL) {
/* Already aborted within __guac_ssh_create_session() */
return NULL;
}
/* Open channel for terminal */
client_data->term_channel = libssh2_channel_open_session(client_data->session);
if (client_data->term_channel == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to open terminal channel.");
return NULL;
}
#ifdef ENABLE_SSH_AGENT
/* Start SSH agent forwarding, if enabled */
if (client_data->enable_agent) {
libssh2_session_callback_set(client_data->session,
LIBSSH2_CALLBACK_AUTH_AGENT, (void*) ssh_auth_agent_callback);
/* Request agent forwarding */
if (libssh2_channel_request_auth_agent(client_data->term_channel))
guac_client_log_error(client, "Agent forwarding request failed");
else
guac_client_log_info(client, "Agent forwarding enabled.");
}
client_data->auth_agent = NULL;
#endif
/* Start SFTP session as well, if enabled */
if (client_data->enable_sftp) {
/* Create SSH session specific for SFTP */
guac_client_log_info(client, "Reconnecting for SFTP...");
client_data->sftp_ssh_session = __guac_ssh_create_session(client, NULL);
if (client_data->sftp_ssh_session == NULL) {
/* Already aborted within __guac_ssh_create_session() */
return NULL;
}
/* Request SFTP */
client_data->sftp_session = libssh2_sftp_init(client_data->sftp_ssh_session);
if (client_data->sftp_session == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to start SFTP session.");
return NULL;
}
/* Set file handler */
client->file_handler = guac_sftp_file_handler;
guac_client_log_info(client, "SFTP session initialized");
}
/* Request PTY */
if (libssh2_channel_request_pty_ex(client_data->term_channel, "linux", sizeof("linux")-1, NULL, 0,
client_data->term->term_width, client_data->term->term_height, 0, 0)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to allocate PTY.");
return NULL;
}
/* Request shell */
if (libssh2_channel_shell(client_data->term_channel)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to associate shell with PTY.");
return NULL;
}
/* Logged in */
guac_client_log_info(client, "SSH connection successful.");
/* Start input thread */
if (pthread_create(&(input_thread), NULL, ssh_input_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start input thread");
return NULL;
}
/* Set non-blocking */
libssh2_session_set_blocking(client_data->session, 0);
/* While data available, write to terminal */
bytes_read = 0;
while (!libssh2_channel_eof(client_data->term_channel)) {
/* Track total amount of data read */
int total_read = 0;
/* Read terminal data */
bytes_read = libssh2_channel_read(client_data->term_channel,
buffer, sizeof(buffer));
/* Attempt to write data received. Exit on failure. */
if (bytes_read > 0) {
int written = guac_terminal_write_all(stdout_fd, buffer, bytes_read);
if (written < 0)
break;
total_read += bytes_read;
}
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
break;
#ifdef ENABLE_SSH_AGENT
/* If agent open, handle any agent packets */
if (client_data->auth_agent != NULL) {
bytes_read = ssh_auth_agent_read(client_data->auth_agent);
if (bytes_read > 0)
total_read += bytes_read;
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
client_data->auth_agent = NULL;
}
#endif
/* Wait for more data if reads turn up empty */
if (total_read == 0) {
fd_set fds;
struct timeval timeout;
FD_ZERO(&fds);
FD_SET(socket_fd, &fds);
/* Wait for one second */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
if (select(socket_fd+1, &fds, NULL, NULL, &timeout) < 0)
break;
}
}
/* Kill client and Wait for input thread to die */
guac_client_stop(client);
pthread_join(input_thread, NULL);
guac_client_log_info(client, "SSH connection ended.");
return NULL;
}
int guac_client_init(guac_client* client, int argc, char** argv) {
guac_socket* socket = client->socket;
ssh_guac_client_data* client_data = calloc(1, sizeof(ssh_guac_client_data));
/* Init client data */
client->data = client_data;
if (argc != SSH_ARGS_COUNT) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Wrong number of arguments");
return -1;
}
/* Set locale and warn if not UTF-8 */
setlocale(LC_CTYPE, "");
if (strcmp(nl_langinfo(CODESET), "UTF-8") != 0)
guac_client_log(client, GUAC_LOG_INFO, "Current locale does not use UTF-8. Some characters may not render correctly.");
/* Read parameters */
strcpy(client_data->hostname, argv[IDX_HOSTNAME]);
strcpy(client_data->username, argv[IDX_USERNAME]);
strcpy(client_data->password, argv[IDX_PASSWORD]);
/* Init public key auth information */
strcpy(client_data->key_base64, argv[IDX_PRIVATE_KEY]);
strcpy(client_data->key_passphrase, argv[IDX_PASSPHRASE]);
/* Read font name */
if (argv[IDX_FONT_NAME][0] != 0)
strcpy(client_data->font_name, argv[IDX_FONT_NAME]);
else
strcpy(client_data->font_name, GUAC_SSH_DEFAULT_FONT_NAME );
/* Read font size */
if (argv[IDX_FONT_SIZE][0] != 0)
client_data->font_size = atoi(argv[IDX_FONT_SIZE]);
else
client_data->font_size = GUAC_SSH_DEFAULT_FONT_SIZE;
/* Parse SFTP enable */
client_data->enable_sftp = strcmp(argv[IDX_ENABLE_SFTP], "true") == 0;
#ifdef ENABLE_SSH_AGENT
client_data->enable_agent = strcmp(argv[IDX_ENABLE_AGENT], "true") == 0;
#endif
/* Read port */
if (argv[IDX_PORT][0] != 0)
strcpy(client_data->port, argv[IDX_PORT]);
else
strcpy(client_data->port, GUAC_SSH_DEFAULT_PORT);
/* Read command, if any */
if (argv[IDX_COMMAND][0] != 0)
client_data->command = strdup(argv[IDX_COMMAND]);
/* Create terminal */
client_data->term = guac_terminal_create(client,
client_data->font_name, client_data->font_size,
client->info.optimal_resolution,
client->info.optimal_width, client->info.optimal_height,
argv[IDX_COLOR_SCHEME]);
/* Fail if terminal init failed */
if (client_data->term == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Terminal initialization failed");
return -1;
}
/* Set up typescript, if requested */
const char* typescript_path = argv[IDX_TYPESCRIPT_PATH];
if (typescript_path[0] != 0) {
/* Default to "typescript" if no name provided */
const char* typescript_name = argv[IDX_TYPESCRIPT_NAME];
if (typescript_name[0] == 0)
typescript_name = "typescript";
/* Parse path creation flag */
int create_path =
strcmp(argv[IDX_CREATE_TYPESCRIPT_PATH], "true") == 0;
/* Create typescript */
guac_terminal_create_typescript(client_data->term, typescript_path,
typescript_name, create_path);
}
/* Ensure main socket is threadsafe */
guac_socket_require_threadsafe(socket);
/* Send initial name */
guac_protocol_send_name(socket, client_data->hostname);
guac_socket_flush(socket);
/* Set basic handlers */
client->handle_messages = ssh_guac_client_handle_messages;
client->key_handler = ssh_guac_client_key_handler;
client->mouse_handler = ssh_guac_client_mouse_handler;
client->size_handler = ssh_guac_client_size_handler;
client->free_handler = ssh_guac_client_free_handler;
client->clipboard_handler = guac_ssh_clipboard_handler;
/* Start client thread */
if (pthread_create(&(client_data->client_thread), NULL, ssh_client_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start SSH client thread");
return -1;
}
/* Success */
return 0;
}
void* guac_rdp_client_thread(void* data) {
guac_client* client = (guac_client*) data;
guac_rdp_client* rdp_client = (guac_rdp_client*) client->data;
guac_rdp_settings* settings = rdp_client->settings;
/* If audio enabled, choose an encoder */
if (settings->audio_enabled) {
rdp_client->audio = guac_audio_stream_alloc(client, NULL,
GUAC_RDP_AUDIO_RATE,
GUAC_RDP_AUDIO_CHANNELS,
GUAC_RDP_AUDIO_BPS);
/* Warn if no audio encoding is available */
if (rdp_client->audio == NULL)
guac_client_log(client, GUAC_LOG_INFO,
"No available audio encoding. Sound disabled.");
} /* end if audio enabled */
/* Load filesystem if drive enabled */
if (settings->drive_enabled) {
/* Allocate actual emulated filesystem */
rdp_client->filesystem =
guac_rdp_fs_alloc(client, settings->drive_path,
settings->create_drive_path);
/* Expose filesystem to owner */
guac_client_for_owner(client, guac_rdp_fs_expose,
rdp_client->filesystem);
}
#ifdef ENABLE_COMMON_SSH
/* Connect via SSH if SFTP is enabled */
if (settings->enable_sftp) {
/* Abort if username is missing */
if (settings->sftp_username == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"A username or SFTP-specific username is required if "
"SFTP is enabled.");
return NULL;
}
guac_client_log(client, GUAC_LOG_DEBUG,
"Connecting via SSH for SFTP filesystem access.");
rdp_client->sftp_user =
guac_common_ssh_create_user(settings->sftp_username);
/* Import private key, if given */
if (settings->sftp_private_key != NULL) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with private key.");
/* Abort if private key cannot be read */
if (guac_common_ssh_user_import_key(rdp_client->sftp_user,
settings->sftp_private_key,
settings->sftp_passphrase)) {
guac_common_ssh_destroy_user(rdp_client->sftp_user);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Private key unreadable.");
return NULL;
}
}
/* Otherwise, use specified password */
else {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with password.");
guac_common_ssh_user_set_password(rdp_client->sftp_user,
settings->sftp_password);
}
/* Attempt SSH connection */
rdp_client->sftp_session =
guac_common_ssh_create_session(client, settings->sftp_hostname,
settings->sftp_port, rdp_client->sftp_user);
/* Fail if SSH connection does not succeed */
if (rdp_client->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
guac_common_ssh_destroy_user(rdp_client->sftp_user);
return NULL;
}
/* Load and expose filesystem */
rdp_client->sftp_filesystem =
guac_common_ssh_create_sftp_filesystem(
rdp_client->sftp_session, "/");
/* Expose filesystem to connection owner */
guac_client_for_owner(client,
guac_common_ssh_expose_sftp_filesystem,
rdp_client->sftp_filesystem);
/* Abort if SFTP connection fails */
if (rdp_client->sftp_filesystem == NULL) {
guac_common_ssh_destroy_session(rdp_client->sftp_session);
guac_common_ssh_destroy_user(rdp_client->sftp_user);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"SFTP connection failed.");
return NULL;
}
guac_client_log(client, GUAC_LOG_DEBUG,
"SFTP connection succeeded.");
}
#endif
/* Continue handling connections until error or client disconnect */
while (client->state == GUAC_CLIENT_RUNNING) {
if (guac_rdp_handle_connection(client))
break;
}
return NULL;
}
int guac_client_init(guac_client* client, int argc, char** argv) {
guac_socket* socket = client->socket;
guac_telnet_client_data* client_data = malloc(sizeof(guac_telnet_client_data));
/* Init client data */
client->data = client_data;
client_data->telnet = NULL;
client_data->socket_fd = -1;
client_data->naws_enabled = 0;
client_data->echo_enabled = 1;
if (argc != TELNET_ARGS_COUNT) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Wrong number of arguments");
return -1;
}
/* Read parameters */
strcpy(client_data->hostname, argv[IDX_HOSTNAME]);
/* Read port */
if (argv[IDX_PORT][0] != 0)
strcpy(client_data->port, argv[IDX_PORT]);
else
strcpy(client_data->port, GUAC_TELNET_DEFAULT_PORT);
/* Read font name */
if (argv[IDX_FONT_NAME][0] != 0)
strcpy(client_data->font_name, argv[IDX_FONT_NAME]);
else
strcpy(client_data->font_name, GUAC_TELNET_DEFAULT_FONT_NAME );
/* Read font size */
if (argv[IDX_FONT_SIZE][0] != 0)
client_data->font_size = atoi(argv[IDX_FONT_SIZE]);
else
client_data->font_size = GUAC_TELNET_DEFAULT_FONT_SIZE;
/* Create terminal */
client_data->term = guac_terminal_create(client,
client_data->font_name, client_data->font_size,
client->info.optimal_resolution,
client->info.optimal_width, client->info.optimal_height);
/* Fail if terminal init failed */
if (client_data->term == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Terminal initialization failed");
return -1;
}
/* Send initial name */
guac_protocol_send_name(socket, client_data->hostname);
guac_socket_flush(socket);
/* Set basic handlers */
client->handle_messages = guac_telnet_client_handle_messages;
client->key_handler = guac_telnet_client_key_handler;
client->mouse_handler = guac_telnet_client_mouse_handler;
client->size_handler = guac_telnet_client_size_handler;
client->free_handler = guac_telnet_client_free_handler;
client->clipboard_handler = guac_telnet_clipboard_handler;
/* Start client thread */
if (pthread_create(&(client_data->client_thread), NULL, guac_telnet_client_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start telnet client thread");
return -1;
}
/* Success */
return 0;
}
int __guac_receive_channel_data(freerdp* rdp_inst, UINT16 channelId, BYTE* data, int size, int flags, int total_size) {
#else
int __guac_receive_channel_data(freerdp* rdp_inst, int channelId, UINT8* data, int size, int flags, int total_size) {
#endif
return freerdp_channels_data(rdp_inst, channelId, data, size, flags, total_size);
}
#ifdef HAVE_FREERDP_EVENT_PUBSUB
/**
* Called whenever a channel connects via the PubSub event system within
* FreeRDP.
*
* @param context The rdpContext associated with the active RDP session.
* @param e Event-specific arguments, mainly the name of the channel, and a
* reference to the associated plugin loaded for that channel by
* FreeRDP.
*/
static void guac_rdp_channel_connected(rdpContext* context,
ChannelConnectedEventArgs* e) {
#ifdef HAVE_RDPSETTINGS_SUPPORTDISPLAYCONTROL
/* Store reference to the display update plugin once it's connected */
if (strcmp(e->name, DISP_DVC_CHANNEL_NAME) == 0) {
DispClientContext* disp = (DispClientContext*) e->pInterface;
guac_client* client = ((rdp_freerdp_context*) context)->client;
rdp_guac_client_data* guac_client_data =
(rdp_guac_client_data*) client->data;
/* Init module with current display size */
guac_rdp_disp_set_size(guac_client_data->disp, context,
guac_rdp_get_width(context->instance),
guac_rdp_get_height(context->instance));
/* Store connected channel */
guac_rdp_disp_connect(guac_client_data->disp, disp);
guac_client_log(client, GUAC_LOG_DEBUG,
"Display update channel connected.");
}
#endif
}
#endif
BOOL rdp_freerdp_pre_connect(freerdp* instance) {
rdpContext* context = instance->context;
guac_client* client = ((rdp_freerdp_context*) context)->client;
rdpChannels* channels = context->channels;
rdpBitmap* bitmap;
rdpGlyph* glyph;
rdpPointer* pointer;
rdpPrimaryUpdate* primary;
CLRCONV* clrconv;
rdp_guac_client_data* guac_client_data =
(rdp_guac_client_data*) client->data;
#ifdef HAVE_FREERDP_REGISTER_ADDIN_PROVIDER
/* Init FreeRDP add-in provider */
freerdp_register_addin_provider(freerdp_channels_load_static_addin_entry, 0);
#endif
#ifdef HAVE_FREERDP_EVENT_PUBSUB
/* Subscribe to and handle channel connected events */
PubSub_SubscribeChannelConnected(context->pubSub,
(pChannelConnectedEventHandler) guac_rdp_channel_connected);
#endif
#ifdef HAVE_FREERDP_DISPLAY_UPDATE_SUPPORT
/* Load virtual channel management plugin */
if (freerdp_channels_load_plugin(channels, instance->settings,
"drdynvc", instance->settings))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load drdynvc plugin.");
/* Init display update plugin */
guac_client_data->disp = guac_rdp_disp_alloc();
guac_rdp_disp_load_plugin(instance->context);
#endif
/* Load clipboard plugin */
if (freerdp_channels_load_plugin(channels, instance->settings,
"cliprdr", NULL))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load cliprdr plugin. Clipboard will not work.");
/* If audio enabled, choose an encoder */
if (guac_client_data->settings.audio_enabled) {
guac_client_data->audio = guac_audio_stream_alloc(client, NULL);
/* If an encoding is available, load the sound plugin */
if (guac_client_data->audio != NULL) {
/* Load sound plugin */
if (freerdp_channels_load_plugin(channels, instance->settings,
"guacsnd", guac_client_data->audio))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load guacsnd plugin. Audio will not work.");
}
else
guac_client_log(client, GUAC_LOG_INFO,
"No available audio encoding. Sound disabled.");
} /* end if audio enabled */
/* Load filesystem if drive enabled */
if (guac_client_data->settings.drive_enabled) {
/* Allocate filesystem */
guac_client_data->filesystem =
guac_rdp_fs_alloc(client, guac_client_data->settings.drive_path,
guac_client_data->settings.create_drive_path);
/* Use for basic uploads if no other handler set */
if (client->file_handler == NULL)
client->file_handler = guac_rdp_upload_file_handler;
}
/* If RDPDR required, load it */
if (guac_client_data->settings.printing_enabled
|| guac_client_data->settings.drive_enabled
|| guac_client_data->settings.audio_enabled) {
/* Load RDPDR plugin */
if (freerdp_channels_load_plugin(channels, instance->settings,
"guacdr", client))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load guacdr plugin. Drive redirection and printing will not work.");
}
/* Load RAIL plugin if RemoteApp in use */
if (guac_client_data->settings.remote_app != NULL) {
#ifdef LEGACY_FREERDP
RDP_PLUGIN_DATA* plugin_data = malloc(sizeof(RDP_PLUGIN_DATA) * 2);
plugin_data[0].size = sizeof(RDP_PLUGIN_DATA);
plugin_data[0].data[0] = guac_client_data->settings.remote_app;
plugin_data[0].data[1] = guac_client_data->settings.remote_app_dir;
plugin_data[0].data[2] = guac_client_data->settings.remote_app_args;
plugin_data[0].data[3] = NULL;
plugin_data[1].size = 0;
/* Attempt to load rail */
if (freerdp_channels_load_plugin(channels, instance->settings,
"rail", plugin_data))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load rail plugin. RemoteApp will not work.");
#else
/* Attempt to load rail */
if (freerdp_channels_load_plugin(channels, instance->settings,
"rail", instance->settings))
guac_client_log(client, GUAC_LOG_WARNING,
"Failed to load rail plugin. RemoteApp will not work.");
#endif
}
/* Load SVC plugin instances for all static channels */
if (guac_client_data->settings.svc_names != NULL) {
char** current = guac_client_data->settings.svc_names;
do {
guac_rdp_svc* svc = guac_rdp_alloc_svc(client, *current);
/* Attempt to load guacsvc plugin for new static channel */
if (freerdp_channels_load_plugin(channels, instance->settings,
"guacsvc", svc)) {
guac_client_log(client, GUAC_LOG_WARNING,
"Cannot create static channel \"%s\": failed to load guacsvc plugin.",
svc->name);
guac_rdp_free_svc(svc);
}
/* Store and log on success */
else {
guac_rdp_add_svc(client, svc);
guac_client_log(client, GUAC_LOG_INFO, "Created static channel \"%s\"...",
svc->name);
}
} while (*(++current) != NULL);
}
/* Init color conversion structure */
clrconv = calloc(1, sizeof(CLRCONV));
clrconv->alpha = 1;
clrconv->invert = 0;
clrconv->rgb555 = 0;
clrconv->palette = calloc(1, sizeof(rdpPalette));
((rdp_freerdp_context*) context)->clrconv = clrconv;
/* Init FreeRDP cache */
instance->context->cache = cache_new(instance->settings);
/* Set up bitmap handling */
bitmap = calloc(1, sizeof(rdpBitmap));
bitmap->size = sizeof(guac_rdp_bitmap);
bitmap->New = guac_rdp_bitmap_new;
bitmap->Free = guac_rdp_bitmap_free;
bitmap->Paint = guac_rdp_bitmap_paint;
bitmap->Decompress = guac_rdp_bitmap_decompress;
bitmap->SetSurface = guac_rdp_bitmap_setsurface;
graphics_register_bitmap(context->graphics, bitmap);
free(bitmap);
/* Set up glyph handling */
glyph = calloc(1, sizeof(rdpGlyph));
glyph->size = sizeof(guac_rdp_glyph);
glyph->New = guac_rdp_glyph_new;
glyph->Free = guac_rdp_glyph_free;
glyph->Draw = guac_rdp_glyph_draw;
glyph->BeginDraw = guac_rdp_glyph_begindraw;
glyph->EndDraw = guac_rdp_glyph_enddraw;
graphics_register_glyph(context->graphics, glyph);
free(glyph);
/* Set up pointer handling */
pointer = calloc(1, sizeof(rdpPointer));
pointer->size = sizeof(guac_rdp_pointer);
pointer->New = guac_rdp_pointer_new;
pointer->Free = guac_rdp_pointer_free;
pointer->Set = guac_rdp_pointer_set;
#ifdef HAVE_RDPPOINTER_SETNULL
pointer->SetNull = guac_rdp_pointer_set_null;
#endif
#ifdef HAVE_RDPPOINTER_SETDEFAULT
pointer->SetDefault = guac_rdp_pointer_set_default;
#endif
graphics_register_pointer(context->graphics, pointer);
free(pointer);
/* Set up GDI */
instance->update->DesktopResize = guac_rdp_gdi_desktop_resize;
instance->update->EndPaint = guac_rdp_gdi_end_paint;
instance->update->Palette = guac_rdp_gdi_palette_update;
instance->update->SetBounds = guac_rdp_gdi_set_bounds;
primary = instance->update->primary;
primary->DstBlt = guac_rdp_gdi_dstblt;
primary->PatBlt = guac_rdp_gdi_patblt;
primary->ScrBlt = guac_rdp_gdi_scrblt;
primary->MemBlt = guac_rdp_gdi_memblt;
primary->OpaqueRect = guac_rdp_gdi_opaquerect;
pointer_cache_register_callbacks(instance->update);
glyph_cache_register_callbacks(instance->update);
brush_cache_register_callbacks(instance->update);
bitmap_cache_register_callbacks(instance->update);
offscreen_cache_register_callbacks(instance->update);
palette_cache_register_callbacks(instance->update);
/* Init channels (pre-connect) */
if (freerdp_channels_pre_connect(channels, instance)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error initializing RDP client channel manager");
return FALSE;
}
return TRUE;
}
int ssh_guac_client_handle_messages(guac_client* client) {
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
char buffer[8192];
int ret_val;
int fd = client_data->term->stdout_pipe_fd[0];
struct timeval timeout;
fd_set fds;
/* Build fd_set */
FD_ZERO(&fds);
FD_SET(fd, &fds);
/* Time to wait */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
/* Wait for data to be available */
ret_val = select(fd+1, &fds, NULL, NULL, &timeout);
if (ret_val > 0) {
int bytes_read = 0;
/* Lock terminal access */
pthread_mutex_lock(&(client_data->term->lock));
/* Read data, write to terminal */
if ((bytes_read = read(fd, buffer, sizeof(buffer))) > 0) {
if (guac_terminal_write(client_data->term, buffer, bytes_read)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error writing data");
return 1;
}
}
/* Notify on error */
if (bytes_read < 0) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error reading data");
return 1;
}
/* Update cursor */
guac_terminal_commit_cursor(client_data->term);
/* Flush terminal display */
guac_terminal_display_flush(client_data->term->display);
/* Unlock terminal access */
pthread_mutex_unlock(&(client_data->term->lock));
}
else if (ret_val < 0) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error waiting for data");
return 1;
}
return 0;
}
void* guac_vnc_client_thread(void* data) {
guac_client* client = (guac_client*) data;
guac_vnc_client* vnc_client = (guac_vnc_client*) client->data;
guac_vnc_settings* settings = vnc_client->settings;
/* Configure clipboard encoding */
if (guac_vnc_set_clipboard_encoding(client, settings->clipboard_encoding)) {
guac_client_log(client, GUAC_LOG_INFO, "Using non-standard VNC "
"clipboard encoding: '%s'.", settings->clipboard_encoding);
}
/* Ensure connection is kept alive during lengthy connects */
guac_socket_require_keep_alive(client->socket);
/* Set up libvncclient logging */
rfbClientLog = guac_vnc_client_log_info;
rfbClientErr = guac_vnc_client_log_error;
/* Attempt connection */
rfbClient* rfb_client = guac_vnc_get_client(client);
int retries_remaining = settings->retries;
/* If unsuccessful, retry as many times as specified */
while (!rfb_client && retries_remaining > 0) {
guac_client_log(client, GUAC_LOG_INFO,
"Connect failed. Waiting %ims before retrying...",
GUAC_VNC_CONNECT_INTERVAL);
/* Wait for given interval then retry */
guac_timestamp_msleep(GUAC_VNC_CONNECT_INTERVAL);
rfb_client = guac_vnc_get_client(client);
retries_remaining--;
}
/* If the final connect attempt fails, return error */
if (!rfb_client) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_NOT_FOUND,
"Unable to connect to VNC server.");
return NULL;
}
#ifdef ENABLE_PULSE
/* If audio is enabled, start streaming via PulseAudio */
if (settings->audio_enabled)
vnc_client->audio = guac_pa_stream_alloc(client,
settings->pa_servername);
#endif
#ifdef ENABLE_COMMON_SSH
guac_common_ssh_init(client);
/* Connect via SSH if SFTP is enabled */
if (settings->enable_sftp) {
/* Abort if username is missing */
if (settings->sftp_username == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"SFTP username is required if SFTP is enabled.");
return NULL;
}
guac_client_log(client, GUAC_LOG_DEBUG,
"Connecting via SSH for SFTP filesystem access.");
vnc_client->sftp_user =
guac_common_ssh_create_user(settings->sftp_username);
/* Import private key, if given */
if (settings->sftp_private_key != NULL) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with private key.");
/* Abort if private key cannot be read */
if (guac_common_ssh_user_import_key(vnc_client->sftp_user,
settings->sftp_private_key,
settings->sftp_passphrase)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Private key unreadable.");
return NULL;
}
}
/* Otherwise, use specified password */
else {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with password.");
guac_common_ssh_user_set_password(vnc_client->sftp_user,
settings->sftp_password);
}
/* Attempt SSH connection */
vnc_client->sftp_session =
guac_common_ssh_create_session(client, settings->sftp_hostname,
settings->sftp_port, vnc_client->sftp_user, settings->sftp_server_alive_interval);
/* Fail if SSH connection does not succeed */
if (vnc_client->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
/* Load filesystem */
vnc_client->sftp_filesystem =
guac_common_ssh_create_sftp_filesystem(vnc_client->sftp_session,
settings->sftp_root_directory, NULL);
/* Expose filesystem to connection owner */
guac_client_for_owner(client,
guac_common_ssh_expose_sftp_filesystem,
vnc_client->sftp_filesystem);
/* Abort if SFTP connection fails */
if (vnc_client->sftp_filesystem == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"SFTP connection failed.");
return NULL;
}
/* Configure destination for basic uploads, if specified */
if (settings->sftp_directory != NULL)
guac_common_ssh_sftp_set_upload_path(
vnc_client->sftp_filesystem,
settings->sftp_directory);
guac_client_log(client, GUAC_LOG_DEBUG,
"SFTP connection succeeded.");
}
#endif
/* Set remaining client data */
vnc_client->rfb_client = rfb_client;
/* Set up screen recording, if requested */
if (settings->recording_path != NULL) {
guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
settings->create_recording_path);
}
/* Send name */
guac_protocol_send_name(client->socket, rfb_client->desktopName);
/* Create display */
vnc_client->display = guac_common_display_alloc(client,
rfb_client->width, rfb_client->height);
/* If not read-only, set an appropriate cursor */
if (settings->read_only == 0) {
if (settings->remote_cursor)
guac_common_cursor_set_dot(vnc_client->display->cursor);
else
guac_common_cursor_set_pointer(vnc_client->display->cursor);
}
guac_socket_flush(client->socket);
guac_timestamp last_frame_end = guac_timestamp_current();
/* Handle messages from VNC server while client is running */
while (client->state == GUAC_CLIENT_RUNNING) {
/* Wait for start of frame */
int wait_result = guac_vnc_wait_for_messages(rfb_client,
GUAC_VNC_FRAME_START_TIMEOUT);
if (wait_result > 0) {
int processing_lag = guac_client_get_processing_lag(client);
guac_timestamp frame_start = guac_timestamp_current();
/* Read server messages until frame is built */
do {
guac_timestamp frame_end;
int frame_remaining;
/* Handle any message received */
if (!HandleRFBServerMessage(rfb_client)) {
guac_client_abort(client,
GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Error handling message from VNC server.");
break;
}
/* Calculate time remaining in frame */
frame_end = guac_timestamp_current();
frame_remaining = frame_start + GUAC_VNC_FRAME_DURATION
- frame_end;
/* Calculate time that client needs to catch up */
int time_elapsed = frame_end - last_frame_end;
int required_wait = processing_lag - time_elapsed;
/* Increase the duration of this frame if client is lagging */
if (required_wait > GUAC_VNC_FRAME_TIMEOUT)
wait_result = guac_vnc_wait_for_messages(rfb_client,
required_wait*1000);
/* Wait again if frame remaining */
else if (frame_remaining > 0)
wait_result = guac_vnc_wait_for_messages(rfb_client,
GUAC_VNC_FRAME_TIMEOUT*1000);
else
break;
} while (wait_result > 0);
/* Record end of frame, excluding server-side rendering time (we
* assume server-side rendering time will be consistent between any
* two subsequent frames, and that this time should thus be
* excluded from the required wait period of the next frame). */
last_frame_end = frame_start;
}
/* If an error occurs, log it and fail */
if (wait_result < 0)
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Connection closed.");
/* Flush frame */
guac_common_surface_flush(vnc_client->display->default_surface);
guac_client_end_frame(client);
guac_socket_flush(client->socket);
}
/* Kill client and finish connection */
guac_client_stop(client);
guac_client_log(client, GUAC_LOG_INFO, "Internal VNC client disconnected");
return NULL;
}
guac_terminal_display* guac_terminal_display_alloc(guac_client* client,
const char* font_name, int font_size, int dpi,
int foreground, int background) {
PangoFontMap* font_map;
PangoFont* font;
PangoFontMetrics* metrics;
PangoContext* context;
/* Allocate display */
guac_terminal_display* display = malloc(sizeof(guac_terminal_display));
display->client = client;
/* Create default surface */
display->display_layer = guac_client_alloc_layer(client);
display->select_layer = guac_client_alloc_layer(client);
display->display_surface = guac_common_surface_alloc(client,
client->socket, display->display_layer, 0, 0);
/* Select layer is a child of the display layer */
guac_protocol_send_move(client->socket, display->select_layer,
display->display_layer, 0, 0, 0);
/* Get font */
display->font_desc = pango_font_description_new();
pango_font_description_set_family(display->font_desc, font_name);
pango_font_description_set_weight(display->font_desc, PANGO_WEIGHT_NORMAL);
pango_font_description_set_size(display->font_desc,
font_size * PANGO_SCALE * dpi / 96);
font_map = pango_cairo_font_map_get_default();
context = pango_font_map_create_context(font_map);
font = pango_font_map_load_font(font_map, context, display->font_desc);
if (font == NULL) {
guac_client_abort(display->client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to get font \"%s\"", font_name);
return NULL;
}
metrics = pango_font_get_metrics(font, NULL);
if (metrics == NULL) {
guac_client_abort(display->client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Unable to get font metrics for font \"%s\"", font_name);
return NULL;
}
display->default_foreground = display->glyph_foreground = foreground;
display->default_background = display->glyph_background = background;
/* Calculate character dimensions */
display->char_width =
pango_font_metrics_get_approximate_digit_width(metrics) / PANGO_SCALE;
display->char_height =
(pango_font_metrics_get_descent(metrics)
+ pango_font_metrics_get_ascent(metrics)) / PANGO_SCALE;
/* Initially empty */
display->width = 0;
display->height = 0;
display->operations = NULL;
/* Initially nothing selected */
display->text_selected =
display->selection_committed = false;
return display;
}
int guac_client_init(guac_client* client, int argc, char** argv) {
guac_socket* socket = client->socket;
guac_telnet_client_data* client_data = malloc(sizeof(guac_telnet_client_data));
/* Init client data */
client->data = client_data;
client_data->telnet = NULL;
client_data->socket_fd = -1;
client_data->naws_enabled = 0;
client_data->echo_enabled = 1;
if (argc != TELNET_ARGS_COUNT) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Wrong number of arguments");
return -1;
}
/* Set locale and warn if not UTF-8 */
setlocale(LC_CTYPE, "");
if (strcmp(nl_langinfo(CODESET), "UTF-8") != 0)
guac_client_log(client, GUAC_LOG_INFO, "Current locale does not use UTF-8. Some characters may not render correctly.");
/* Read parameters */
strcpy(client_data->hostname, argv[IDX_HOSTNAME]);
strcpy(client_data->username, argv[IDX_USERNAME]);
strcpy(client_data->password, argv[IDX_PASSWORD]);
/* Set username regex, if needed */
if (client_data->username[0] != 0) {
/* Compile regular expression */
if (argv[IDX_USERNAME_REGEX][0] != 0)
client_data->username_regex = __guac_telnet_compile_regex(client, argv[IDX_USERNAME_REGEX]);
else
client_data->username_regex = __guac_telnet_compile_regex(client, GUAC_TELNET_DEFAULT_USERNAME_REGEX);
}
else
client_data->username_regex = NULL;
/* Set password regex, if needed */
if (client_data->password[0] != 0) {
/* Compile regular expression */
if (argv[IDX_PASSWORD_REGEX][0] != 0)
client_data->password_regex = __guac_telnet_compile_regex(client, argv[IDX_PASSWORD_REGEX]);
else
client_data->password_regex = __guac_telnet_compile_regex(client, GUAC_TELNET_DEFAULT_PASSWORD_REGEX);
}
else
client_data->password_regex = NULL;
/* Read port */
if (argv[IDX_PORT][0] != 0)
strcpy(client_data->port, argv[IDX_PORT]);
else
strcpy(client_data->port, GUAC_TELNET_DEFAULT_PORT);
/* Read font name */
if (argv[IDX_FONT_NAME][0] != 0)
strcpy(client_data->font_name, argv[IDX_FONT_NAME]);
else
strcpy(client_data->font_name, GUAC_TELNET_DEFAULT_FONT_NAME );
/* Read font size */
if (argv[IDX_FONT_SIZE][0] != 0)
client_data->font_size = atoi(argv[IDX_FONT_SIZE]);
else
client_data->font_size = GUAC_TELNET_DEFAULT_FONT_SIZE;
/* Create terminal */
client_data->term = guac_terminal_create(client,
client_data->font_name, client_data->font_size,
client->info.optimal_resolution,
client->info.optimal_width, client->info.optimal_height);
/* Fail if terminal init failed */
if (client_data->term == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Terminal initialization failed");
return -1;
}
/* Send initial name */
guac_protocol_send_name(socket, client_data->hostname);
guac_socket_flush(socket);
/* Set basic handlers */
client->handle_messages = guac_telnet_client_handle_messages;
client->key_handler = guac_telnet_client_key_handler;
client->mouse_handler = guac_telnet_client_mouse_handler;
client->size_handler = guac_telnet_client_size_handler;
client->free_handler = guac_telnet_client_free_handler;
client->clipboard_handler = guac_telnet_clipboard_handler;
/* Start client thread */
if (pthread_create(&(client_data->client_thread), NULL, guac_telnet_client_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start telnet client thread");
return -1;
}
/* Success */
return 0;
}
int guac_client_init(guac_client* client, int argc, char** argv) {
rfbClient* rfb_client;
vnc_guac_client_data* guac_client_data;
int retries_remaining;
/* Set up libvncclient logging */
rfbClientLog = guac_vnc_client_log_info;
rfbClientErr = guac_vnc_client_log_error;
/*** PARSE ARGUMENTS ***/
if (argc != VNC_ARGS_COUNT) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Wrong argument count received.");
return 1;
}
/* Alloc client data */
guac_client_data = malloc(sizeof(vnc_guac_client_data));
client->data = guac_client_data;
guac_client_data->hostname = strdup(argv[IDX_HOSTNAME]);
guac_client_data->port = atoi(argv[IDX_PORT]);
guac_client_data->password = strdup(argv[IDX_PASSWORD]); /* NOTE: freed by libvncclient */
guac_client_data->default_surface = NULL;
/* Set flags */
guac_client_data->remote_cursor = (strcmp(argv[IDX_CURSOR], "remote") == 0);
guac_client_data->swap_red_blue = (strcmp(argv[IDX_SWAP_RED_BLUE], "true") == 0);
guac_client_data->read_only = (strcmp(argv[IDX_READ_ONLY], "true") == 0);
/* Parse color depth */
guac_client_data->color_depth = atoi(argv[IDX_COLOR_DEPTH]);
#ifdef ENABLE_VNC_REPEATER
/* Set repeater parameters if specified */
if (argv[IDX_DEST_HOST][0] != '\0')
guac_client_data->dest_host = strdup(argv[IDX_DEST_HOST]);
else
guac_client_data->dest_host = NULL;
if (argv[IDX_DEST_PORT][0] != '\0')
guac_client_data->dest_port = atoi(argv[IDX_DEST_PORT]);
#endif
/* Set encodings if specified */
if (argv[IDX_ENCODINGS][0] != '\0')
guac_client_data->encodings = strdup(argv[IDX_ENCODINGS]);
else
guac_client_data->encodings = NULL;
/* Parse autoretry */
if (argv[IDX_AUTORETRY][0] != '\0')
retries_remaining = atoi(argv[IDX_AUTORETRY]);
else
retries_remaining = 0;
#ifdef ENABLE_VNC_LISTEN
/* Set reverse-connection flag */
guac_client_data->reverse_connect =
(strcmp(argv[IDX_REVERSE_CONNECT], "true") == 0);
/* Parse listen timeout */
if (argv[IDX_LISTEN_TIMEOUT][0] != '\0')
guac_client_data->listen_timeout = atoi(argv[IDX_LISTEN_TIMEOUT]);
else
guac_client_data->listen_timeout = 5000;
#endif
/* Init clipboard */
guac_client_data->clipboard = guac_common_clipboard_alloc(GUAC_VNC_CLIPBOARD_MAX_LENGTH);
/* Configure clipboard encoding */
if (guac_vnc_set_clipboard_encoding(client, argv[IDX_CLIPBOARD_ENCODING]))
guac_client_log(client, GUAC_LOG_INFO,
"Using non-standard VNC clipboard encoding: '%s'.",
argv[IDX_CLIPBOARD_ENCODING]);
/* Ensure connection is kept alive during lengthy connects */
guac_socket_require_keep_alive(client->socket);
/* Attempt connection */
rfb_client = __guac_vnc_get_client(client);
/* If unsuccessful, retry as many times as specified */
while (!rfb_client && retries_remaining > 0) {
struct timespec guac_vnc_connect_interval = {
.tv_sec = GUAC_VNC_CONNECT_INTERVAL/1000,
.tv_nsec = (GUAC_VNC_CONNECT_INTERVAL%1000)*1000000
};
guac_client_log(client, GUAC_LOG_INFO,
"Connect failed. Waiting %ims before retrying...",
GUAC_VNC_CONNECT_INTERVAL);
/* Wait for given interval then retry */
nanosleep(&guac_vnc_connect_interval, NULL);
rfb_client = __guac_vnc_get_client(client);
retries_remaining--;
}
/* If the final connect attempt fails, return error */
if (!rfb_client) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to connect to VNC server.");
return 1;
}
#ifdef ENABLE_PULSE
guac_client_data->audio_enabled =
(strcmp(argv[IDX_ENABLE_AUDIO], "true") == 0);
/* If an encoding is available, load an audio stream */
if (guac_client_data->audio_enabled) {
guac_client_data->audio = guac_audio_stream_alloc(client, NULL);
/* Load servername if specified */
if (argv[IDX_AUDIO_SERVERNAME][0] != '\0')
guac_client_data->pa_servername =
strdup(argv[IDX_AUDIO_SERVERNAME]);
else
guac_client_data->pa_servername = NULL;
/* If successful, init audio system */
if (guac_client_data->audio != NULL) {
guac_client_log(client, GUAC_LOG_INFO,
"Audio will be encoded as %s",
guac_client_data->audio->encoder->mimetype);
/* Require threadsafe sockets if audio enabled */
guac_socket_require_threadsafe(client->socket);
/* Start audio stream */
guac_pa_start_stream(client);
}
/* Otherwise, audio loading failed */
else
guac_client_log(client, GUAC_LOG_INFO,
"No available audio encoding. Sound disabled.");
} /* end if audio enabled */
#endif
#ifdef ENABLE_COMMON_SSH
guac_common_ssh_init(client);
/* Connect via SSH if SFTP is enabled */
if (strcmp(argv[IDX_ENABLE_SFTP], "true") == 0) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Connecting via SSH for SFTP filesystem access.");
guac_client_data->sftp_user =
guac_common_ssh_create_user(argv[IDX_SFTP_USERNAME]);
/* Import private key, if given */
if (argv[IDX_SFTP_PRIVATE_KEY][0] != '\0') {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with private key.");
/* Abort if private key cannot be read */
if (guac_common_ssh_user_import_key(guac_client_data->sftp_user,
argv[IDX_SFTP_PRIVATE_KEY],
argv[IDX_SFTP_PASSPHRASE])) {
guac_common_ssh_destroy_user(guac_client_data->sftp_user);
return 1;
}
}
/* Otherwise, use specified password */
else {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with password.");
guac_common_ssh_user_set_password(guac_client_data->sftp_user,
argv[IDX_SFTP_PASSWORD]);
}
/* Parse hostname - use VNC hostname by default */
const char* sftp_hostname = argv[IDX_SFTP_HOSTNAME];
if (sftp_hostname[0] == '\0')
sftp_hostname = guac_client_data->hostname;
/* Parse port, defaulting to standard SSH port */
const char* sftp_port = argv[IDX_SFTP_PORT];
if (sftp_port[0] == '\0')
sftp_port = "22";
/* Attempt SSH connection */
guac_client_data->sftp_session =
guac_common_ssh_create_session(client, sftp_hostname, sftp_port,
guac_client_data->sftp_user);
/* Fail if SSH connection does not succeed */
if (guac_client_data->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
guac_common_ssh_destroy_user(guac_client_data->sftp_user);
return 1;
}
/* Load and expose filesystem */
guac_client_data->sftp_filesystem =
guac_common_ssh_create_sftp_filesystem(
guac_client_data->sftp_session, "/");
/* Abort if SFTP connection fails */
if (guac_client_data->sftp_filesystem == NULL) {
guac_common_ssh_destroy_session(guac_client_data->sftp_session);
guac_common_ssh_destroy_user(guac_client_data->sftp_user);
return 1;
}
/* Configure destination for basic uploads, if specified */
if (argv[IDX_SFTP_DIRECTORY][0] != '\0')
guac_common_ssh_sftp_set_upload_path(
guac_client_data->sftp_filesystem,
argv[IDX_SFTP_DIRECTORY]);
/* Set file handler for basic uploads */
client->file_handler = guac_vnc_sftp_file_handler;
guac_client_log(client, GUAC_LOG_DEBUG,
"SFTP connection succeeded.");
}
#endif
/* Set remaining client data */
guac_client_data->rfb_client = rfb_client;
guac_client_data->copy_rect_used = 0;
guac_client_data->cursor = guac_client_alloc_buffer(client);
/* Set handlers */
client->handle_messages = vnc_guac_client_handle_messages;
client->free_handler = vnc_guac_client_free_handler;
/* If not read-only, set input handlers and pointer */
if (guac_client_data->read_only == 0) {
/* Only handle mouse/keyboard/clipboard if not read-only */
client->mouse_handler = vnc_guac_client_mouse_handler;
client->key_handler = vnc_guac_client_key_handler;
client->clipboard_handler = guac_vnc_clipboard_handler;
/* If not read-only but cursor is remote, set a dot cursor */
if (guac_client_data->remote_cursor)
guac_common_set_dot_cursor(client);
/* Otherwise, set pointer until explicitly requested otherwise */
else
guac_common_set_pointer_cursor(client);
}
/* Send name */
guac_protocol_send_name(client->socket, rfb_client->desktopName);
/* Create default surface */
guac_client_data->default_surface = guac_common_surface_alloc(client->socket, GUAC_DEFAULT_LAYER,
rfb_client->width, rfb_client->height);
return 0;
}
int guac_client_init(guac_client* client, int argc, char** argv) {
guac_socket* socket = client->socket;
ssh_guac_client_data* client_data = malloc(sizeof(ssh_guac_client_data));
/* Init client data */
client->data = client_data;
client_data->mod_alt =
client_data->mod_ctrl =
client_data->mod_shift = 0;
client_data->clipboard = guac_common_clipboard_alloc(GUAC_SSH_CLIPBOARD_MAX_LENGTH);
client_data->term_channel = NULL;
if (argc != SSH_ARGS_COUNT) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Wrong number of arguments");
return -1;
}
/* Read parameters */
strcpy(client_data->hostname, argv[IDX_HOSTNAME]);
strcpy(client_data->username, argv[IDX_USERNAME]);
strcpy(client_data->password, argv[IDX_PASSWORD]);
/* Init public key auth information */
client_data->key = NULL;
strcpy(client_data->key_base64, argv[IDX_PRIVATE_KEY]);
strcpy(client_data->key_passphrase, argv[IDX_PASSPHRASE]);
/* Read font name */
if (argv[IDX_FONT_NAME][0] != 0)
strcpy(client_data->font_name, argv[IDX_FONT_NAME]);
else
strcpy(client_data->font_name, GUAC_SSH_DEFAULT_FONT_NAME );
/* Read font size */
if (argv[IDX_FONT_SIZE][0] != 0)
client_data->font_size = atoi(argv[IDX_FONT_SIZE]);
else
client_data->font_size = GUAC_SSH_DEFAULT_FONT_SIZE;
/* Parse SFTP enable */
client_data->enable_sftp = strcmp(argv[IDX_ENABLE_SFTP], "true") == 0;
client_data->sftp_session = NULL;
client_data->sftp_ssh_session = NULL;
strcpy(client_data->sftp_upload_path, ".");
#ifdef ENABLE_SSH_AGENT
client_data->enable_agent = strcmp(argv[IDX_ENABLE_AGENT], "true") == 0;
#endif
/* Read port */
if (argv[IDX_PORT][0] != 0)
strcpy(client_data->port, argv[IDX_PORT]);
else
strcpy(client_data->port, GUAC_SSH_DEFAULT_PORT);
/* Create terminal */
client_data->term = guac_terminal_create(client,
client_data->font_name, client_data->font_size,
client->info.optimal_resolution,
client->info.optimal_width, client->info.optimal_height);
/* Fail if terminal init failed */
if (client_data->term == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Terminal initialization failed");
return -1;
}
/* Set up I-bar pointer */
client_data->ibar_cursor = guac_ssh_create_ibar(client);
/* Set up blank pointer */
client_data->blank_cursor = guac_ssh_create_blank(client);
/* Send initial name */
guac_protocol_send_name(socket, client_data->hostname);
/* Initialize pointer */
client_data->current_cursor = client_data->blank_cursor;
guac_ssh_set_cursor(client, client_data->current_cursor);
guac_socket_flush(socket);
/* Set basic handlers */
client->handle_messages = ssh_guac_client_handle_messages;
client->clipboard_handler = ssh_guac_client_clipboard_handler;
client->key_handler = ssh_guac_client_key_handler;
client->mouse_handler = ssh_guac_client_mouse_handler;
client->size_handler = ssh_guac_client_size_handler;
client->free_handler = ssh_guac_client_free_handler;
/* Start client thread */
if (pthread_create(&(client_data->client_thread), NULL, ssh_client_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start SSH client thread");
return -1;
}
/* Success */
return 0;
}
/**
* Waits for messages from the RDP server for the given number of milliseconds.
*
* @param client
* The client associated with the current RDP session.
*
* @param timeout_msecs
* The maximum amount of time to wait, in milliseconds.
*
* @return
* A positive value if messages are ready, zero if the specified timeout
* period elapsed, or a negative value if an error occurs.
*/
static int rdp_guac_client_wait_for_messages(guac_client* client,
int timeout_msecs) {
guac_rdp_client* rdp_client = (guac_rdp_client*) client->data;
freerdp* rdp_inst = rdp_client->rdp_inst;
rdpChannels* channels = rdp_inst->context->channels;
int result;
int index;
/* List of all file descriptors which we may read data from */
void* read_fds[GUAC_RDP_MAX_FILE_DESCRIPTORS];
int read_count = 0;
/* List of all file descriptors which data may be written to. These will
* ultimately be ignored, but FreeRDP requires that both read and write
* file descriptors be retrieved simultaneously. */
void* write_fds[GUAC_RDP_MAX_FILE_DESCRIPTORS];
int write_count = 0;
struct pollfd fds[GUAC_RDP_MAX_FILE_DESCRIPTORS];
/* Get RDP file descriptors */
if (!freerdp_get_fds(rdp_inst, read_fds, &read_count,
write_fds, &write_count)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Unable to read RDP file descriptors.");
return -1;
}
/* Get RDP channel file descriptors */
if (!freerdp_channels_get_fds(channels, rdp_inst, read_fds, &read_count,
write_fds, &write_count)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Unable to read RDP channel file descriptors.");
return -1;
}
/* If no file descriptors, error */
if (read_count == 0) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"No file descriptors associated with RDP connection.");
return -1;
}
/* Populate poll() array of read file descriptors */
for (index = 0; index < read_count; index++) {
struct pollfd* current = &fds[index];
/* Init poll() array element with RDP file descriptor */
current->fd = (int)(long) (read_fds[index]);
current->events = POLLIN;
current->revents = 0;
}
/* Wait until data can be read from RDP file descriptors */
result = poll(fds, read_count, timeout_msecs);
if (result < 0) {
/* If error ignorable, pretend timout occurred */
if (errno == EAGAIN
|| errno == EWOULDBLOCK
|| errno == EINPROGRESS
|| errno == EINTR)
return 0;
/* Otherwise, return as error */
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Error waiting for file descriptor.");
return -1;
}
/* Return wait result */
return result;
}
int guac_client_init(guac_client* client, int argc, char** argv) {
rdp_guac_client_data* guac_client_data;
guac_rdp_settings* settings;
freerdp* rdp_inst;
/* Validate number of arguments received */
if (argc != RDP_ARGS_COUNT) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Wrong argument count received.");
return 1;
}
/* Allocate client data */
guac_client_data = malloc(sizeof(rdp_guac_client_data));
/* Init random number generator */
srandom(time(NULL));
/* Init client */
#ifdef HAVE_FREERDP_CHANNELS_GLOBAL_INIT
freerdp_channels_global_init();
#endif
rdp_inst = freerdp_new();
rdp_inst->PreConnect = rdp_freerdp_pre_connect;
rdp_inst->PostConnect = rdp_freerdp_post_connect;
rdp_inst->Authenticate = rdp_freerdp_authenticate;
rdp_inst->VerifyCertificate = rdp_freerdp_verify_certificate;
rdp_inst->ReceiveChannelData = __guac_receive_channel_data;
/* Allocate FreeRDP context */
#ifdef LEGACY_FREERDP
rdp_inst->context_size = sizeof(rdp_freerdp_context);
#else
rdp_inst->ContextSize = sizeof(rdp_freerdp_context);
#endif
rdp_inst->ContextNew = (pContextNew) rdp_freerdp_context_new;
rdp_inst->ContextFree = (pContextFree) rdp_freerdp_context_free;
freerdp_context_new(rdp_inst);
/* Set settings */
settings = &(guac_client_data->settings);
/* Console */
settings->console = (strcmp(argv[IDX_CONSOLE], "true") == 0);
settings->console_audio = (strcmp(argv[IDX_CONSOLE_AUDIO], "true") == 0);
/* Certificate and auth */
settings->ignore_certificate = (strcmp(argv[IDX_IGNORE_CERT], "true") == 0);
settings->disable_authentication = (strcmp(argv[IDX_DISABLE_AUTH], "true") == 0);
/* NLA security */
if (strcmp(argv[IDX_SECURITY], "nla") == 0) {
guac_client_log(client, GUAC_LOG_INFO, "Security mode: NLA");
settings->security_mode = GUAC_SECURITY_NLA;
}
/* TLS security */
else if (strcmp(argv[IDX_SECURITY], "tls") == 0) {
guac_client_log(client, GUAC_LOG_INFO, "Security mode: TLS");
settings->security_mode = GUAC_SECURITY_TLS;
}
/* RDP security */
else if (strcmp(argv[IDX_SECURITY], "rdp") == 0) {
guac_client_log(client, GUAC_LOG_INFO, "Security mode: RDP");
settings->security_mode = GUAC_SECURITY_RDP;
}
/* ANY security (allow server to choose) */
else if (strcmp(argv[IDX_SECURITY], "any") == 0) {
guac_client_log(client, GUAC_LOG_INFO, "Security mode: ANY");
settings->security_mode = GUAC_SECURITY_ANY;
}
/* If nothing given, default to RDP */
else {
guac_client_log(client, GUAC_LOG_INFO, "No security mode specified. Defaulting to RDP.");
settings->security_mode = GUAC_SECURITY_RDP;
}
/* Set hostname */
settings->hostname = strdup(argv[IDX_HOSTNAME]);
/* If port specified, use it */
settings->port = RDP_DEFAULT_PORT;
if (argv[IDX_PORT][0] != '\0')
settings->port = atoi(argv[IDX_PORT]);
guac_client_log(client, GUAC_LOG_DEBUG,
"Client resolution is %ix%i at %i DPI",
client->info.optimal_width,
client->info.optimal_height,
client->info.optimal_resolution);
/* Use suggested resolution unless overridden */
settings->resolution = guac_rdp_suggest_resolution(client);
if (argv[IDX_DPI][0] != '\0')
settings->resolution = atoi(argv[IDX_DPI]);
/* Use optimal width unless overridden */
settings->width = client->info.optimal_width
* settings->resolution
/ client->info.optimal_resolution;
if (argv[IDX_WIDTH][0] != '\0')
settings->width = atoi(argv[IDX_WIDTH]);
/* Use default width if given width is invalid. */
if (settings->width <= 0) {
settings->width = RDP_DEFAULT_WIDTH;
guac_client_log(client, GUAC_LOG_ERROR,
"Invalid width: \"%s\". Using default of %i.",
argv[IDX_WIDTH], settings->width);
}
/* Round width down to nearest multiple of 4 */
settings->width = settings->width & ~0x3;
/* Use optimal height unless overridden */
settings->height = client->info.optimal_height
* settings->resolution
/ client->info.optimal_resolution;
if (argv[IDX_HEIGHT][0] != '\0')
settings->height = atoi(argv[IDX_HEIGHT]);
/* Use default height if given height is invalid. */
if (settings->height <= 0) {
settings->height = RDP_DEFAULT_HEIGHT;
guac_client_log(client, GUAC_LOG_ERROR,
"Invalid height: \"%s\". Using default of %i.",
argv[IDX_WIDTH], settings->height);
}
guac_client_log(client, GUAC_LOG_DEBUG,
"Using resolution of %ix%i at %i DPI",
settings->width,
settings->height,
settings->resolution);
/* Domain */
settings->domain = NULL;
if (argv[IDX_DOMAIN][0] != '\0')
settings->domain = strdup(argv[IDX_DOMAIN]);
/* Username */
settings->username = NULL;
if (argv[IDX_USERNAME][0] != '\0')
settings->username = strdup(argv[IDX_USERNAME]);
/* Password */
settings->password = NULL;
if (argv[IDX_PASSWORD][0] != '\0')
settings->password = strdup(argv[IDX_PASSWORD]);
/* Client name */
settings->client_name = NULL;
if (argv[IDX_CLIENT_NAME][0] != '\0')
settings->client_name = strdup(argv[IDX_CLIENT_NAME]);
/* Initial program */
settings->initial_program = NULL;
if (argv[IDX_INITIAL_PROGRAM][0] != '\0')
settings->initial_program = strdup(argv[IDX_INITIAL_PROGRAM]);
/* RemoteApp program */
settings->remote_app = NULL;
if (argv[IDX_REMOTE_APP][0] != '\0')
settings->remote_app = strdup(argv[IDX_REMOTE_APP]);
/* RemoteApp working directory */
settings->remote_app_dir = NULL;
if (argv[IDX_REMOTE_APP_DIR][0] != '\0')
settings->remote_app_dir = strdup(argv[IDX_REMOTE_APP_DIR]);
/* RemoteApp arguments */
settings->remote_app_args = NULL;
if (argv[IDX_REMOTE_APP_ARGS][0] != '\0')
settings->remote_app_args = strdup(argv[IDX_REMOTE_APP_ARGS]);
/* Static virtual channels */
settings->svc_names = NULL;
if (argv[IDX_STATIC_CHANNELS][0] != '\0')
settings->svc_names = guac_split(argv[IDX_STATIC_CHANNELS], ',');
/* Performance flags */
settings->wallpaper_enabled = (strcmp(argv[IDX_ENABLE_WALLPAPER], "true") == 0);
settings->theming_enabled = (strcmp(argv[IDX_ENABLE_THEMING], "true") == 0);
settings->font_smoothing_enabled = (strcmp(argv[IDX_ENABLE_FONT_SMOOTHING], "true") == 0);
settings->full_window_drag_enabled = (strcmp(argv[IDX_ENABLE_FULL_WINDOW_DRAG], "true") == 0);
settings->desktop_composition_enabled = (strcmp(argv[IDX_ENABLE_DESKTOP_COMPOSITION], "true") == 0);
settings->menu_animations_enabled = (strcmp(argv[IDX_ENABLE_MENU_ANIMATIONS], "true") == 0);
/* Session color depth */
settings->color_depth = RDP_DEFAULT_DEPTH;
if (argv[IDX_COLOR_DEPTH][0] != '\0')
settings->color_depth = atoi(argv[IDX_COLOR_DEPTH]);
/* Use default depth if given depth is invalid. */
if (settings->color_depth == 0) {
settings->color_depth = RDP_DEFAULT_DEPTH;
guac_client_log(client, GUAC_LOG_ERROR,
"Invalid color-depth: \"%s\". Using default of %i.",
argv[IDX_WIDTH], settings->color_depth);
}
/* Audio enable/disable */
guac_client_data->settings.audio_enabled =
(strcmp(argv[IDX_DISABLE_AUDIO], "true") != 0);
/* Printing enable/disable */
guac_client_data->settings.printing_enabled =
(strcmp(argv[IDX_ENABLE_PRINTING], "true") == 0);
/* Drive enable/disable */
guac_client_data->settings.drive_enabled =
(strcmp(argv[IDX_ENABLE_DRIVE], "true") == 0);
guac_client_data->settings.drive_path = strdup(argv[IDX_DRIVE_PATH]);
guac_client_data->settings.create_drive_path =
(strcmp(argv[IDX_CREATE_DRIVE_PATH], "true") == 0);
/* Store client data */
guac_client_data->rdp_inst = rdp_inst;
guac_client_data->mouse_button_mask = 0;
guac_client_data->clipboard = guac_common_clipboard_alloc(GUAC_RDP_CLIPBOARD_MAX_LENGTH);
guac_client_data->requested_clipboard_format = CB_FORMAT_TEXT;
guac_client_data->audio = NULL;
guac_client_data->filesystem = NULL;
guac_client_data->available_svc = guac_common_list_alloc();
/* Main socket needs to be threadsafe */
guac_socket_require_threadsafe(client->socket);
/* Recursive attribute for locks */
pthread_mutexattr_init(&(guac_client_data->attributes));
pthread_mutexattr_settype(&(guac_client_data->attributes),
PTHREAD_MUTEX_RECURSIVE);
/* Init RDP lock */
pthread_mutex_init(&(guac_client_data->rdp_lock),
&(guac_client_data->attributes));
/* Clear keysym state mapping and keymap */
memset(guac_client_data->keysym_state, 0,
sizeof(guac_rdp_keysym_state_map));
memset(guac_client_data->keymap, 0,
sizeof(guac_rdp_static_keymap));
client->data = guac_client_data;
((rdp_freerdp_context*) rdp_inst->context)->client = client;
/* Pick keymap based on argument */
settings->server_layout = NULL;
if (argv[IDX_SERVER_LAYOUT][0] != '\0')
settings->server_layout =
guac_rdp_keymap_find(argv[IDX_SERVER_LAYOUT]);
/* If no keymap requested, use default */
if (settings->server_layout == NULL)
settings->server_layout = guac_rdp_keymap_find(GUAC_DEFAULT_KEYMAP);
/* Load keymap into client */
__guac_rdp_client_load_keymap(client, settings->server_layout);
#ifdef ENABLE_COMMON_SSH
guac_common_ssh_init(client);
/* Connect via SSH if SFTP is enabled */
if (strcmp(argv[IDX_ENABLE_SFTP], "true") == 0) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Connecting via SSH for SFTP filesystem access.");
/* Parse username - use RDP username by default */
const char* sftp_username = argv[IDX_SFTP_USERNAME];
if (sftp_username[0] == '\0' && settings->username != NULL)
sftp_username = settings->username;
guac_client_data->sftp_user =
guac_common_ssh_create_user(sftp_username);
/* Import private key, if given */
if (argv[IDX_SFTP_PRIVATE_KEY][0] != '\0') {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with private key.");
/* Abort if private key cannot be read */
if (guac_common_ssh_user_import_key(guac_client_data->sftp_user,
argv[IDX_SFTP_PRIVATE_KEY],
argv[IDX_SFTP_PASSPHRASE])) {
guac_common_ssh_destroy_user(guac_client_data->sftp_user);
return 1;
}
}
/* Otherwise, use specified password */
else {
guac_client_log(client, GUAC_LOG_DEBUG,
"Authenticating with password.");
/* Parse password - use RDP password by default */
const char* sftp_password = argv[IDX_SFTP_PASSWORD];
if (sftp_password[0] == '\0' && settings->password != NULL)
sftp_password = settings->password;
guac_common_ssh_user_set_password(guac_client_data->sftp_user,
sftp_password);
}
/* Parse hostname - use RDP hostname by default */
const char* sftp_hostname = argv[IDX_SFTP_HOSTNAME];
if (sftp_hostname[0] == '\0')
sftp_hostname = settings->hostname;
/* Parse port, defaulting to standard SSH port */
const char* sftp_port = argv[IDX_SFTP_PORT];
if (sftp_port[0] == '\0')
sftp_port = "22";
/* Attempt SSH connection */
guac_client_data->sftp_session =
guac_common_ssh_create_session(client, sftp_hostname, sftp_port,
guac_client_data->sftp_user);
/* Fail if SSH connection does not succeed */
if (guac_client_data->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
guac_common_ssh_destroy_user(guac_client_data->sftp_user);
return 1;
}
/* Load and expose filesystem */
guac_client_data->sftp_filesystem =
guac_common_ssh_create_sftp_filesystem(
guac_client_data->sftp_session, "/");
/* Abort if SFTP connection fails */
if (guac_client_data->sftp_filesystem == NULL) {
guac_common_ssh_destroy_session(guac_client_data->sftp_session);
guac_common_ssh_destroy_user(guac_client_data->sftp_user);
return 1;
}
/* Configure destination for basic uploads, if specified */
if (argv[IDX_SFTP_DIRECTORY][0] != '\0') {
client->file_handler = guac_rdp_sftp_file_handler;
guac_common_ssh_sftp_set_upload_path(
guac_client_data->sftp_filesystem,
argv[IDX_SFTP_DIRECTORY]);
}
/* Otherwise, use SFTP for basic uploads only if drive not enabled */
else if (!settings->drive_enabled)
client->file_handler = guac_rdp_sftp_file_handler;
guac_client_log(client, GUAC_LOG_DEBUG,
"SFTP connection succeeded.");
}
#endif
/* Create default surface */
guac_client_data->default_surface = guac_common_surface_alloc(client->socket, GUAC_DEFAULT_LAYER,
settings->width, settings->height);
guac_client_data->current_surface = guac_client_data->default_surface;
/* Send connection name */
guac_protocol_send_name(client->socket, settings->hostname);
/* Set default pointer */
guac_common_set_pointer_cursor(client);
/* Push desired settings to FreeRDP */
guac_rdp_push_settings(settings, rdp_inst);
/* Connect to RDP server */
if (!freerdp_connect(rdp_inst)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Error connecting to RDP server");
return 1;
}
/* Success */
return 0;
}
/**
* Connects to an RDP server as described by the guac_rdp_settings structure
* associated with the given client, allocating and freeing all objects
* directly related to the RDP connection. It is expected that all objects
* which are independent of FreeRDP's state (the clipboard, display update
* management, etc.) will already be allocated and associated with the
* guac_rdp_client associated with the given guac_client. This function blocks
* for the duration of the RDP session, returning only after the session has
* completely disconnected.
*
* @param client
* The guac_client associated with the RDP settings describing the
* connection that should be established.
*
* @return
* Zero if the connection successfully terminated and a reconnect is
* desired, non-zero if an error occurs or the connection was disconnected
* and a reconnect is NOT desired.
*/
static int guac_rdp_handle_connection(guac_client* client) {
guac_rdp_client* rdp_client = (guac_rdp_client*) client->data;
guac_rdp_settings* settings = rdp_client->settings;
/* Init random number generator */
srandom(time(NULL));
/* Set up screen recording, if requested */
if (settings->recording_path != NULL) {
guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
settings->create_recording_path);
}
/* Create display */
rdp_client->display = guac_common_display_alloc(client,
rdp_client->settings->width,
rdp_client->settings->height);
rdp_client->current_surface = rdp_client->display->default_surface;
rdp_client->requested_clipboard_format = CB_FORMAT_TEXT;
rdp_client->available_svc = guac_common_list_alloc();
#ifdef HAVE_FREERDP_CHANNELS_GLOBAL_INIT
freerdp_channels_global_init();
#endif
/* Init client */
freerdp* rdp_inst = freerdp_new();
rdp_inst->PreConnect = rdp_freerdp_pre_connect;
rdp_inst->PostConnect = rdp_freerdp_post_connect;
rdp_inst->Authenticate = rdp_freerdp_authenticate;
rdp_inst->VerifyCertificate = rdp_freerdp_verify_certificate;
rdp_inst->ReceiveChannelData = __guac_receive_channel_data;
/* Allocate FreeRDP context */
#ifdef LEGACY_FREERDP
rdp_inst->context_size = sizeof(rdp_freerdp_context);
#else
rdp_inst->ContextSize = sizeof(rdp_freerdp_context);
#endif
rdp_inst->ContextNew = (pContextNew) rdp_freerdp_context_new;
rdp_inst->ContextFree = (pContextFree) rdp_freerdp_context_free;
freerdp_context_new(rdp_inst);
((rdp_freerdp_context*) rdp_inst->context)->client = client;
/* Load keymap into client */
rdp_client->keyboard = guac_rdp_keyboard_alloc(client,
settings->server_layout);
/* Send connection name */
guac_protocol_send_name(client->socket, settings->hostname);
/* Set default pointer */
guac_common_cursor_set_pointer(rdp_client->display->cursor);
/* Push desired settings to FreeRDP */
guac_rdp_push_settings(settings, rdp_inst);
/* Connect to RDP server */
if (!freerdp_connect(rdp_inst)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Error connecting to RDP server");
return 1;
}
/* Connection complete */
rdp_client->rdp_inst = rdp_inst;
rdpChannels* channels = rdp_inst->context->channels;
guac_timestamp last_frame_end = guac_timestamp_current();
/* Signal that reconnect has been completed */
guac_rdp_disp_reconnect_complete(rdp_client->disp);
/* Handle messages from RDP server while client is running */
while (client->state == GUAC_CLIENT_RUNNING
&& !guac_rdp_disp_reconnect_needed(rdp_client->disp)) {
/* Update remote display size */
pthread_mutex_lock(&(rdp_client->rdp_lock));
guac_rdp_disp_update_size(rdp_client->disp, settings, rdp_inst);
pthread_mutex_unlock(&(rdp_client->rdp_lock));
/* Wait for data and construct a reasonable frame */
int wait_result = rdp_guac_client_wait_for_messages(client,
GUAC_RDP_FRAME_START_TIMEOUT);
if (wait_result > 0) {
int processing_lag = guac_client_get_processing_lag(client);
guac_timestamp frame_start = guac_timestamp_current();
/* Read server messages until frame is built */
do {
guac_timestamp frame_end;
int frame_remaining;
pthread_mutex_lock(&(rdp_client->rdp_lock));
/* Check the libfreerdp fds */
if (!freerdp_check_fds(rdp_inst)) {
guac_client_abort(client,
GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Error handling RDP file descriptors");
pthread_mutex_unlock(&(rdp_client->rdp_lock));
return 1;
}
/* Check channel fds */
if (!freerdp_channels_check_fds(channels, rdp_inst)) {
guac_client_abort(client,
GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Error handling RDP channel file descriptors");
pthread_mutex_unlock(&(rdp_client->rdp_lock));
return 1;
}
/* Check for channel events */
wMessage* event = freerdp_channels_pop_event(channels);
if (event) {
/* Handle channel events (clipboard and RAIL) */
#ifdef LEGACY_EVENT
if (event->event_class == CliprdrChannel_Class)
guac_rdp_process_cliprdr_event(client, event);
else if (event->event_class == RailChannel_Class)
guac_rdp_process_rail_event(client, event);
#else
if (GetMessageClass(event->id) == CliprdrChannel_Class)
guac_rdp_process_cliprdr_event(client, event);
else if (GetMessageClass(event->id) == RailChannel_Class)
guac_rdp_process_rail_event(client, event);
#endif
freerdp_event_free(event);
}
/* Handle RDP disconnect */
if (freerdp_shall_disconnect(rdp_inst)) {
guac_client_stop(client);
guac_client_log(client, GUAC_LOG_INFO,
"RDP server closed connection");
pthread_mutex_unlock(&(rdp_client->rdp_lock));
return 1;
}
pthread_mutex_unlock(&(rdp_client->rdp_lock));
/* Calculate time remaining in frame */
frame_end = guac_timestamp_current();
frame_remaining = frame_start + GUAC_RDP_FRAME_DURATION
- frame_end;
/* Calculate time that client needs to catch up */
int time_elapsed = frame_end - last_frame_end;
int required_wait = processing_lag - time_elapsed;
/* Increase the duration of this frame if client is lagging */
if (required_wait > GUAC_RDP_FRAME_TIMEOUT)
wait_result = rdp_guac_client_wait_for_messages(client,
required_wait);
/* Wait again if frame remaining */
else if (frame_remaining > 0)
wait_result = rdp_guac_client_wait_for_messages(client,
GUAC_RDP_FRAME_TIMEOUT);
else
break;
} while (wait_result > 0);
/* Record end of frame, excluding server-side rendering time (we
* assume server-side rendering time will be consistent between any
* two subsequent frames, and that this time should thus be
* excluded from the required wait period of the next frame). */
last_frame_end = frame_start;
}
/* If an error occurred, fail */
if (wait_result < 0)
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Connection closed.");
/* Flush frame */
guac_common_display_flush(rdp_client->display);
guac_client_end_frame(client);
guac_socket_flush(client->socket);
}
pthread_mutex_lock(&(rdp_client->rdp_lock));
/* Disconnect client and channels */
freerdp_channels_close(channels, rdp_inst);
freerdp_channels_free(channels);
freerdp_disconnect(rdp_inst);
/* Clean up RDP client context */
freerdp_clrconv_free(((rdp_freerdp_context*) rdp_inst->context)->clrconv);
cache_free(rdp_inst->context->cache);
freerdp_context_free(rdp_inst);
/* Clean up RDP client */
freerdp_free(rdp_inst);
rdp_client->rdp_inst = NULL;
/* Free SVC list */
guac_common_list_free(rdp_client->available_svc);
/* Free RDP keyboard state */
guac_rdp_keyboard_free(rdp_client->keyboard);
/* Free display */
guac_common_display_free(rdp_client->display);
pthread_mutex_unlock(&(rdp_client->rdp_lock));
/* Client is now disconnected */
guac_client_log(client, GUAC_LOG_INFO, "Internal RDP client disconnected");
return 0;
}
/**
* Waits for messages from the RDP server for the given number of microseconds.
*
* @param client
* The client associated with the current RDP session.
*
* @param timeout_usecs
* The maximum amount of time to wait, in microseconds.
*
* @return
* A positive value if messages are ready, zero if the specified timeout
* period elapsed, or a negative value if an error occurs.
*/
static int rdp_guac_client_wait_for_messages(guac_client* client,
int timeout_usecs) {
guac_rdp_client* rdp_client = (guac_rdp_client*) client->data;
freerdp* rdp_inst = rdp_client->rdp_inst;
rdpChannels* channels = rdp_inst->context->channels;
int result;
int index;
int max_fd, fd;
void* read_fds[32];
void* write_fds[32];
int read_count = 0;
int write_count = 0;
fd_set rfds, wfds;
struct timeval timeout = {
.tv_sec = 0,
.tv_usec = timeout_usecs
};
/* Get RDP fds */
if (!freerdp_get_fds(rdp_inst, read_fds, &read_count, write_fds, &write_count)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to read RDP file descriptors.");
return -1;
}
/* Get channel fds */
if (!freerdp_channels_get_fds(channels, rdp_inst, read_fds, &read_count, write_fds,
&write_count)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to read RDP channel file descriptors.");
return -1;
}
/* Construct read fd_set */
max_fd = 0;
FD_ZERO(&rfds);
for (index = 0; index < read_count; index++) {
fd = (int)(long) (read_fds[index]);
if (fd > max_fd)
max_fd = fd;
FD_SET(fd, &rfds);
}
/* Construct write fd_set */
FD_ZERO(&wfds);
for (index = 0; index < write_count; index++) {
fd = (int)(long) (write_fds[index]);
if (fd > max_fd)
max_fd = fd;
FD_SET(fd, &wfds);
}
/* If no file descriptors, error */
if (max_fd == 0) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "No file descriptors associated with RDP connection.");
return -1;
}
/* Wait for all RDP file descriptors */
result = select(max_fd + 1, &rfds, &wfds, NULL, &timeout);
if (result < 0) {
/* If error ignorable, pretend timout occurred */
if (errno == EAGAIN
|| errno == EWOULDBLOCK
|| errno == EINPROGRESS
|| errno == EINTR)
return 0;
/* Otherwise, return as error */
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error waiting for file descriptor.");
return -1;
}
/* Return wait result */
return result;
}
/**
* Connects to an RDP server as described by the guac_rdp_settings structure
* associated with the given client, allocating and freeing all objects
* directly related to the RDP connection. It is expected that all objects
* which are independent of FreeRDP's state (the clipboard, display update
* management, etc.) will already be allocated and associated with the
* guac_rdp_client associated with the given guac_client. This function blocks
* for the duration of the RDP session, returning only after the session has
* completely disconnected.
*
* @param client
* The guac_client associated with the RDP settings describing the
* connection that should be established.
*
* @return
* Zero if the connection successfully terminated and a reconnect is
* desired, non-zero if an error occurs or the connection was disconnected
* and a reconnect is NOT desired.
*/
static int guac_rdp_handle_connection(guac_client* client) {
guac_rdp_client* rdp_client = (guac_rdp_client*) client->data;
guac_rdp_settings* settings = rdp_client->settings;
/* Init random number generator */
srandom(time(NULL));
/* Set up screen recording, if requested */
if (settings->recording_path != NULL) {
guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
settings->create_recording_path);
}
/* Create display */
rdp_client->display = guac_common_display_alloc(client,
rdp_client->settings->width,
rdp_client->settings->height);
rdp_client->current_surface = rdp_client->display->default_surface;
rdp_client->requested_clipboard_format = CB_FORMAT_TEXT;
rdp_client->available_svc = guac_common_list_alloc();
#ifdef HAVE_FREERDP_CHANNELS_GLOBAL_INIT
freerdp_channels_global_init();
#endif
/* Init client */
freerdp* rdp_inst = freerdp_new();
rdp_inst->PreConnect = rdp_freerdp_pre_connect;
rdp_inst->PostConnect = rdp_freerdp_post_connect;
rdp_inst->Authenticate = rdp_freerdp_authenticate;
rdp_inst->VerifyCertificate = rdp_freerdp_verify_certificate;
rdp_inst->ReceiveChannelData = __guac_receive_channel_data;
/* Allocate FreeRDP context */
#ifdef LEGACY_FREERDP
rdp_inst->context_size = sizeof(rdp_freerdp_context);
#else
rdp_inst->ContextSize = sizeof(rdp_freerdp_context);
#endif
rdp_inst->ContextNew = (pContextNew) rdp_freerdp_context_new;
rdp_inst->ContextFree = (pContextFree) rdp_freerdp_context_free;
freerdp_context_new(rdp_inst);
((rdp_freerdp_context*) rdp_inst->context)->client = client;
/* Load keymap into client */
__guac_rdp_client_load_keymap(client, settings->server_layout);
/* Send connection name */
guac_protocol_send_name(client->socket, settings->hostname);
/* Set default pointer */
guac_common_cursor_set_pointer(rdp_client->display->cursor);
/* Push desired settings to FreeRDP */
guac_rdp_push_settings(settings, rdp_inst);
/* Connect to RDP server */
if (!freerdp_connect(rdp_inst)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Error connecting to RDP server");
return 1;
}
/* Connection complete */
rdp_client->rdp_inst = rdp_inst;
rdpChannels* channels = rdp_inst->context->channels;
guac_timestamp last_frame_end = guac_timestamp_current();
/* Signal that reconnect has been completed */
guac_rdp_disp_reconnect_complete(rdp_client->disp);
/* Handle messages from RDP server while client is running */
while (client->state == GUAC_CLIENT_RUNNING
&& !guac_rdp_disp_reconnect_needed(rdp_client->disp)) {
/* Update remote display size */
pthread_mutex_lock(&(rdp_client->rdp_lock));
guac_rdp_disp_update_size(rdp_client->disp, settings, rdp_inst);
pthread_mutex_unlock(&(rdp_client->rdp_lock));
/* Wait for data and construct a reasonable frame */
int wait_result = rdp_guac_client_wait_for_messages(client,
GUAC_RDP_FRAME_START_TIMEOUT);
if (wait_result > 0) {
int processing_lag = guac_client_get_processing_lag(client);
guac_timestamp frame_start = guac_timestamp_current();
/* Read server messages until frame is built */
do {
guac_timestamp frame_end;
int frame_remaining;
pthread_mutex_lock(&(rdp_client->rdp_lock));
/* Check the libfreerdp fds */
if (!freerdp_check_fds(rdp_inst)) {
guac_client_abort(client,
GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Error handling RDP file descriptors");
pthread_mutex_unlock(&(rdp_client->rdp_lock));
return 1;
}
/* Check channel fds */
if (!freerdp_channels_check_fds(channels, rdp_inst)) {
guac_client_abort(client,
GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Error handling RDP channel file descriptors");
pthread_mutex_unlock(&(rdp_client->rdp_lock));
return 1;
}
/* Check for channel events */
wMessage* event = freerdp_channels_pop_event(channels);
if (event) {
/* Handle channel events (clipboard and RAIL) */
#ifdef LEGACY_EVENT
if (event->event_class == CliprdrChannel_Class)
guac_rdp_process_cliprdr_event(client, event);
else if (event->event_class == RailChannel_Class)
guac_rdp_process_rail_event(client, event);
#else
if (GetMessageClass(event->id) == CliprdrChannel_Class)
guac_rdp_process_cliprdr_event(client, event);
else if (GetMessageClass(event->id) == RailChannel_Class)
guac_rdp_process_rail_event(client, event);
#endif
freerdp_event_free(event);
}
/* Handle RDP disconnect */
if (freerdp_shall_disconnect(rdp_inst)) {
guac_client_stop(client);
guac_client_log(client, GUAC_LOG_INFO,
"RDP server closed connection");
pthread_mutex_unlock(&(rdp_client->rdp_lock));
return 1;
}
pthread_mutex_unlock(&(rdp_client->rdp_lock));
/* Calculate time remaining in frame */
frame_end = guac_timestamp_current();
frame_remaining = frame_start + GUAC_RDP_FRAME_DURATION
- frame_end;
/* Calculate time that client needs to catch up */
int time_elapsed = frame_end - last_frame_end;
int required_wait = processing_lag - time_elapsed;
/* Increase the duration of this frame if client is lagging */
if (required_wait > GUAC_RDP_FRAME_TIMEOUT)
wait_result = rdp_guac_client_wait_for_messages(client,
required_wait*1000);
/* Wait again if frame remaining */
else if (frame_remaining > 0)
wait_result = rdp_guac_client_wait_for_messages(client,
GUAC_RDP_FRAME_TIMEOUT*1000);
else
break;
} while (wait_result > 0);
}
/* If an error occurred, fail */
if (wait_result < 0)
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Connection closed.");
/* End of frame */
guac_common_display_flush(rdp_client->display);
guac_client_end_frame(client);
guac_socket_flush(client->socket);
/* Record end of frame */
last_frame_end = guac_timestamp_current();
}
/* Kill client and finish connection */
guac_client_stop(client);
guac_client_log(client, GUAC_LOG_INFO, "Internal RDP client disconnected");
pthread_mutex_lock(&(rdp_client->rdp_lock));
/* Disconnect client and channels */
freerdp_channels_close(channels, rdp_inst);
freerdp_channels_free(channels);
freerdp_disconnect(rdp_inst);
/* Clean up RDP client context */
freerdp_clrconv_free(((rdp_freerdp_context*) rdp_inst->context)->clrconv);
cache_free(rdp_inst->context->cache);
freerdp_context_free(rdp_inst);
/* Clean up RDP client */
freerdp_free(rdp_inst);
rdp_client->rdp_inst = NULL;
/* Free SVC list */
guac_common_list_free(rdp_client->available_svc);
/* Free display */
guac_common_display_free(rdp_client->display);
pthread_mutex_unlock(&(rdp_client->rdp_lock));
return 0;
}
int guac_client_init(guac_client* client, int argc, char** argv) {
rfbClient* rfb_client;
vnc_guac_client_data* guac_client_data;
int retries_remaining;
/* Set up libvncclient logging */
rfbClientLog = guac_vnc_client_log_info;
rfbClientErr = guac_vnc_client_log_error;
/*** PARSE ARGUMENTS ***/
if (argc != VNC_ARGS_COUNT) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Wrong argument count received.");
return 1;
}
/* Alloc client data */
guac_client_data = malloc(sizeof(vnc_guac_client_data));
client->data = guac_client_data;
guac_client_data->hostname = strdup(argv[IDX_HOSTNAME]);
guac_client_data->port = atoi(argv[IDX_PORT]);
/* Set remote cursor flag */
guac_client_data->remote_cursor = (strcmp(argv[IDX_CURSOR], "remote") == 0);
/* Set red/blue swap flag */
guac_client_data->swap_red_blue = (strcmp(argv[IDX_SWAP_RED_BLUE], "true") == 0);
/* Set read-only flag */
guac_client_data->read_only = (strcmp(argv[IDX_READ_ONLY], "true") == 0);
/* Freed after use by libvncclient */
guac_client_data->password = strdup(argv[IDX_PASSWORD]);
/* Parse color depth */
guac_client_data->color_depth = atoi(argv[IDX_COLOR_DEPTH]);
#ifdef ENABLE_VNC_REPEATER
/* Set repeater parameters if specified */
if (argv[IDX_DEST_HOST][0] != '\0')
guac_client_data->dest_host = strdup(argv[IDX_DEST_HOST]);
else
guac_client_data->dest_host = NULL;
if (argv[IDX_DEST_PORT][0] != '\0')
guac_client_data->dest_port = atoi(argv[IDX_DEST_PORT]);
#endif
/* Set encodings if specified */
if (argv[IDX_ENCODINGS][0] != '\0')
guac_client_data->encodings = strdup(argv[IDX_ENCODINGS]);
else
guac_client_data->encodings = NULL;
/* Parse autoretry */
if (argv[IDX_AUTORETRY][0] != '\0')
retries_remaining = atoi(argv[IDX_AUTORETRY]);
else
retries_remaining = 0;
#ifdef ENABLE_VNC_LISTEN
/* Set reverse-connection flag */
guac_client_data->reverse_connect =
(strcmp(argv[IDX_REVERSE_CONNECT], "true") == 0);
/* Parse listen timeout */
if (argv[IDX_LISTEN_TIMEOUT][0] != '\0')
guac_client_data->listen_timeout = atoi(argv[IDX_LISTEN_TIMEOUT]);
else
guac_client_data->listen_timeout = 5000;
#endif
/* Init clipboard */
guac_client_data->clipboard = guac_common_clipboard_alloc(GUAC_VNC_CLIPBOARD_MAX_LENGTH);
/* Ensure connection is kept alive during lengthy connects */
guac_socket_require_keep_alive(client->socket);
/* Attempt connection */
rfb_client = __guac_vnc_get_client(client);
/* If unsuccessful, retry as many times as specified */
while (!rfb_client && retries_remaining > 0) {
guac_client_log_info(client,
"Connect failed. Waiting %ims before retrying...",
GUAC_VNC_CONNECT_INTERVAL);
/* Wait for given interval then retry */
usleep(GUAC_VNC_CONNECT_INTERVAL*1000);
rfb_client = __guac_vnc_get_client(client);
retries_remaining--;
}
/* If the final connect attempt fails, return error */
if (!rfb_client) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to connect to VNC server.");
return 1;
}
#ifdef ENABLE_PULSE
guac_client_data->audio_enabled =
(strcmp(argv[IDX_ENABLE_AUDIO], "true") == 0);
/* If an encoding is available, load an audio stream */
if (guac_client_data->audio_enabled) {
guac_client_data->audio = guac_audio_stream_alloc(client, NULL);
/* Load servername if specified */
if (argv[IDX_AUDIO_SERVERNAME][0] != '\0')
guac_client_data->pa_servername =
strdup(argv[IDX_AUDIO_SERVERNAME]);
else
guac_client_data->pa_servername = NULL;
/* If successful, init audio system */
if (guac_client_data->audio != NULL) {
guac_client_log_info(client,
"Audio will be encoded as %s",
guac_client_data->audio->encoder->mimetype);
/* Require threadsafe sockets if audio enabled */
guac_socket_require_threadsafe(client->socket);
/* Start audio stream */
guac_pa_start_stream(client);
}
/* Otherwise, audio loading failed */
else
guac_client_log_info(client,
"No available audio encoding. Sound disabled.");
} /* end if audio enabled */
#endif
/* Set remaining client data */
guac_client_data->rfb_client = rfb_client;
guac_client_data->copy_rect_used = 0;
guac_client_data->cursor = guac_client_alloc_buffer(client);
/* Set handlers */
client->handle_messages = vnc_guac_client_handle_messages;
client->free_handler = vnc_guac_client_free_handler;
/* If not read-only, set input handlers and pointer */
if (guac_client_data->read_only == 0) {
/* Only handle mouse/keyboard/clipboard if not read-only */
client->mouse_handler = vnc_guac_client_mouse_handler;
client->key_handler = vnc_guac_client_key_handler;
client->clipboard_handler = vnc_guac_client_clipboard_handler;
client->blob_handler = vnc_guac_client_blob_handler;
client->end_handler = vnc_guac_client_end_handler;
/* If not read-only but cursor is remote, set a dot cursor */
if (guac_client_data->remote_cursor)
guac_common_set_dot_cursor(client);
/* Otherwise, set pointer until explicitly requested otherwise */
else
guac_common_set_pointer_cursor(client);
}
/* Send name */
guac_protocol_send_name(client->socket, rfb_client->desktopName);
/* Send size */
guac_protocol_send_size(client->socket,
GUAC_DEFAULT_LAYER, rfb_client->width, rfb_client->height);
return 0;
}
/**
* Produces a new user object containing a username and password or private
* key, prompting the user as necessary to obtain that information.
*
* @param client
* The Guacamole client containing any existing user data, as well as the
* terminal to use when prompting the user.
*
* @return
* A new user object containing the user's username and other credentials.
*/
static guac_common_ssh_user* guac_ssh_get_user(guac_client* client) {
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
guac_common_ssh_user* user;
/* Get username */
if (client_data->username[0] == 0)
guac_terminal_prompt(client_data->term, "Login as: ",
client_data->username, sizeof(client_data->username), true);
/* Create user object from username */
user = guac_common_ssh_create_user(client_data->username);
/* If key specified, import */
if (client_data->key_base64[0] != 0) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Attempting private key import (WITHOUT passphrase)");
/* Attempt to read key without passphrase */
if (guac_common_ssh_user_import_key(user,
client_data->key_base64, NULL)) {
/* Log failure of initial attempt */
guac_client_log(client, GUAC_LOG_DEBUG,
"Initial import failed: %s",
guac_common_ssh_key_error());
guac_client_log(client, GUAC_LOG_DEBUG,
"Re-attempting private key import (WITH passphrase)");
/* Prompt for passphrase if missing */
if (client_data->key_passphrase[0] == 0)
guac_terminal_prompt(client_data->term, "Key passphrase: ",
client_data->key_passphrase,
sizeof(client_data->key_passphrase), false);
/* Reattempt import with passphrase */
if (guac_common_ssh_user_import_key(user,
client_data->key_base64,
client_data->key_passphrase)) {
/* If still failing, give up */
guac_client_abort(client,
GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"Auth key import failed: %s",
guac_common_ssh_key_error());
guac_common_ssh_destroy_user(user);
return NULL;
}
} /* end decrypt key with passphrase */
/* Success */
guac_client_log(client, GUAC_LOG_INFO,
"Auth key successfully imported.");
} /* end if key given */
/* Otherwise, use password */
else {
/* Get password if not provided */
if (client_data->password[0] == 0)
guac_terminal_prompt(client_data->term, "Password: "******"\x1B[H\x1B[J");
return user;
}
static LIBSSH2_SESSION* __guac_ssh_create_session(guac_client* client,
int* socket_fd) {
int retval;
int fd;
struct addrinfo* addresses;
struct addrinfo* current_address;
char connected_address[1024];
char connected_port[64];
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
struct addrinfo hints = {
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = IPPROTO_TCP
};
/* Get socket */
fd = socket(AF_INET, SOCK_STREAM, 0);
/* Get addresses connection */
if ((retval = getaddrinfo(client_data->hostname, client_data->port,
&hints, &addresses))) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Error parsing given address or port: %s",
gai_strerror(retval));
return NULL;
}
/* Attempt connection to each address until success */
current_address = addresses;
while (current_address != NULL) {
int retval;
/* Resolve hostname */
if ((retval = getnameinfo(current_address->ai_addr,
current_address->ai_addrlen,
connected_address, sizeof(connected_address),
connected_port, sizeof(connected_port),
NI_NUMERICHOST | NI_NUMERICSERV)))
guac_client_log_info(client, "Unable to resolve host: %s", gai_strerror(retval));
/* Connect */
if (connect(fd, current_address->ai_addr,
current_address->ai_addrlen) == 0) {
guac_client_log_info(client, "Successfully connected to "
"host %s, port %s", connected_address, connected_port);
/* Done if successful connect */
break;
}
/* Otherwise log information regarding bind failure */
else
guac_client_log_info(client, "Unable to connect to "
"host %s, port %s: %s",
connected_address, connected_port, strerror(errno));
current_address = current_address->ai_next;
}
/* If unable to connect to anything, fail */
if (current_address == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to connect to any addresses.");
return NULL;
}
/* Free addrinfo */
freeaddrinfo(addresses);
/* Open SSH session */
LIBSSH2_SESSION* session = libssh2_session_init_ex(NULL, NULL,
NULL, client);
if (session == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Session allocation failed.");
return NULL;
}
/* Perform handshake */
if (libssh2_session_handshake(session, fd)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "SSH handshake failed.");
return NULL;
}
/* Save file descriptor */
if (socket_fd != NULL)
*socket_fd = fd;
/* Authenticate with key if available */
if (client_data->key != NULL) {
if (!libssh2_userauth_publickey(session, client_data->username,
(unsigned char*) client_data->key->public_key,
client_data->key->public_key_length,
__sign_callback, (void**) client_data->key))
return session;
else {
char* error_message;
libssh2_session_last_error(session, &error_message, NULL, 0);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"Public key authentication failed: %s", error_message);
return NULL;
}
}
/* Authenticate with password */
if (!libssh2_userauth_password(session, client_data->username,
client_data->password))
return session;
else {
char* error_message;
libssh2_session_last_error(session, &error_message, NULL, 0);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"Password authentication failed: %s", error_message);
return NULL;
}
}
/**
* Authenticates the user associated with the given session over SSH. All
* required credentials must already be present within the user object
* associated with the given session.
*
* @param session
* The session associated with the user to be authenticated.
*
* @return
* Zero if authentication succeeds, or non-zero if authentication has
* failed.
*/
static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session) {
guac_client* client = common_session->client;
guac_common_ssh_user* user = common_session->user;
LIBSSH2_SESSION* session = common_session->session;
/* Get user credentials */
char* username = user->username;
char* password = user->password;
guac_common_ssh_key* key = user->private_key;
/* Get list of supported authentication methods */
char* user_authlist = libssh2_userauth_list(session, username,
strlen(username));
guac_client_log(client, GUAC_LOG_DEBUG,
"Supported authentication methods: %s", user_authlist);
/* Authenticate with private key, if provided */
if (key != NULL) {
/* Check if public key auth is supported on the server */
if (strstr(user_authlist, "publickey") == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"Public key authentication not supported");
return 1;
}
/* Attempt public key auth */
if (libssh2_userauth_publickey(session, username,
(unsigned char*) key->public_key, key->public_key_length,
guac_common_ssh_sign_callback, (void**) key)) {
/* Abort on failure */
char* error_message;
libssh2_session_last_error(session, &error_message, NULL, 0);
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
"Public key authentication failed: %s", error_message);
return 1;
}
/* Private key authentication succeeded */
return 0;
}
/* Authenticate with password */
if (strstr(user_authlist, "password") != NULL) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Using password authentication method");
return libssh2_userauth_password(session, username, password);
}
/* Authenticate with password via keyboard-interactive auth */
if (strstr(user_authlist, "keyboard-interactive") != NULL) {
guac_client_log(client, GUAC_LOG_DEBUG,
"Using keyboard-interactive authentication method");
return libssh2_userauth_keyboard_interactive(session, username,
&guac_common_ssh_kbd_callback);
}
/* No known authentication types available */
guac_client_abort(client, GUAC_PROTOCOL_STATUS_CLIENT_BAD_TYPE,
"No known authentication methods");
return 1;
}
void* ssh_client_thread(void* data) {
guac_client* client = (guac_client*) data;
ssh_guac_client_data* client_data = (ssh_guac_client_data*) client->data;
guac_socket* socket = client->socket;
char buffer[8192];
pthread_t input_thread;
/* Init SSH base libraries */
if (guac_common_ssh_init(client))
return NULL;
/* Get user and credentials */
client_data->user = guac_ssh_get_user(client);
/* Send new name */
char name[1024];
snprintf(name, sizeof(name)-1, "%s@%s",
client_data->username, client_data->hostname);
guac_protocol_send_name(socket, name);
/* Open SSH session */
client_data->session = guac_common_ssh_create_session(client,
client_data->hostname, client_data->port, client_data->user);
if (client_data->session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
pthread_mutex_init(&client_data->term_channel_lock, NULL);
/* Open channel for terminal */
client_data->term_channel =
libssh2_channel_open_session(client_data->session->session);
if (client_data->term_channel == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to open terminal channel.");
return NULL;
}
#ifdef ENABLE_SSH_AGENT
/* Start SSH agent forwarding, if enabled */
if (client_data->enable_agent) {
libssh2_session_callback_set(client_data->session,
LIBSSH2_CALLBACK_AUTH_AGENT, (void*) ssh_auth_agent_callback);
/* Request agent forwarding */
if (libssh2_channel_request_auth_agent(client_data->term_channel))
guac_client_log(client, GUAC_LOG_ERROR, "Agent forwarding request failed");
else
guac_client_log(client, GUAC_LOG_INFO, "Agent forwarding enabled.");
}
client_data->auth_agent = NULL;
#endif
/* Start SFTP session as well, if enabled */
if (client_data->enable_sftp) {
/* Create SSH session specific for SFTP */
guac_client_log(client, GUAC_LOG_DEBUG, "Reconnecting for SFTP...");
client_data->sftp_session =
guac_common_ssh_create_session(client, client_data->hostname,
client_data->port, client_data->user);
if (client_data->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
/* Request SFTP */
client_data->sftp_filesystem =
guac_common_ssh_create_sftp_filesystem(
client_data->sftp_session, "/");
/* Set generic (non-filesystem) file upload handler */
client->file_handler = guac_sftp_file_handler;
/* Init handlers for Guacamole-specific console codes */
client_data->term->upload_path_handler = guac_sftp_set_upload_path;
client_data->term->file_download_handler = guac_sftp_download_file;
guac_client_log(client, GUAC_LOG_DEBUG, "SFTP session initialized");
}
/* Request PTY */
if (libssh2_channel_request_pty_ex(client_data->term_channel, "linux", sizeof("linux")-1, NULL, 0,
client_data->term->term_width, client_data->term->term_height, 0, 0)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to allocate PTY.");
return NULL;
}
/* Request shell */
if (libssh2_channel_shell(client_data->term_channel)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to associate shell with PTY.");
return NULL;
}
/* Logged in */
guac_client_log(client, GUAC_LOG_INFO, "SSH connection successful.");
/* Start input thread */
if (pthread_create(&(input_thread), NULL, ssh_input_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start input thread");
return NULL;
}
/* Set non-blocking */
libssh2_session_set_blocking(client_data->session->session, 0);
/* While data available, write to terminal */
int bytes_read = 0;
for (;;) {
/* Track total amount of data read */
int total_read = 0;
pthread_mutex_lock(&(client_data->term_channel_lock));
/* Stop reading at EOF */
if (libssh2_channel_eof(client_data->term_channel)) {
pthread_mutex_unlock(&(client_data->term_channel_lock));
break;
}
/* Read terminal data */
bytes_read = libssh2_channel_read(client_data->term_channel,
buffer, sizeof(buffer));
pthread_mutex_unlock(&(client_data->term_channel_lock));
/* Attempt to write data received. Exit on failure. */
if (bytes_read > 0) {
int written = guac_terminal_write_stdout(client_data->term, buffer, bytes_read);
if (written < 0)
break;
total_read += bytes_read;
}
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
break;
#ifdef ENABLE_SSH_AGENT
/* If agent open, handle any agent packets */
if (client_data->auth_agent != NULL) {
bytes_read = ssh_auth_agent_read(client_data->auth_agent);
if (bytes_read > 0)
total_read += bytes_read;
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
client_data->auth_agent = NULL;
}
#endif
/* Wait for more data if reads turn up empty */
if (total_read == 0) {
fd_set fds;
struct timeval timeout;
FD_ZERO(&fds);
FD_SET(client_data->session->fd, &fds);
/* Wait for one second */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
if (select(client_data->session->fd + 1, &fds,
NULL, NULL, &timeout) < 0)
break;
}
}
/* Kill client and Wait for input thread to die */
guac_client_stop(client);
pthread_join(input_thread, NULL);
pthread_mutex_destroy(&client_data->term_channel_lock);
guac_client_log(client, GUAC_LOG_INFO, "SSH connection ended.");
return NULL;
}
void* ssh_client_thread(void* data) {
guac_client* client = (guac_client*) data;
guac_ssh_client* ssh_client = (guac_ssh_client*) client->data;
guac_ssh_settings* settings = ssh_client->settings;
char buffer[8192];
pthread_t input_thread;
/* Init SSH base libraries */
if (guac_common_ssh_init(client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"SSH library initialization failed");
return NULL;
}
/* Set up screen recording, if requested */
if (settings->recording_path != NULL) {
guac_common_recording_create(client,
settings->recording_path,
settings->recording_name,
settings->create_recording_path);
}
/* Create terminal */
ssh_client->term = guac_terminal_create(client,
settings->font_name, settings->font_size,
settings->resolution, settings->width, settings->height,
settings->color_scheme);
/* Fail if terminal init failed */
if (ssh_client->term == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR,
"Terminal initialization failed");
return NULL;
}
/* Set up typescript, if requested */
if (settings->typescript_path != NULL) {
guac_terminal_create_typescript(ssh_client->term,
settings->typescript_path,
settings->typescript_name,
settings->create_typescript_path);
}
/* Get user and credentials */
ssh_client->user = guac_ssh_get_user(client);
/* Open SSH session */
ssh_client->session = guac_common_ssh_create_session(client,
settings->hostname, settings->port, ssh_client->user);
if (ssh_client->session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
pthread_mutex_init(&ssh_client->term_channel_lock, NULL);
/* Open channel for terminal */
ssh_client->term_channel =
libssh2_channel_open_session(ssh_client->session->session);
if (ssh_client->term_channel == NULL) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to open terminal channel.");
return NULL;
}
#ifdef ENABLE_SSH_AGENT
/* Start SSH agent forwarding, if enabled */
if (ssh_client->enable_agent) {
libssh2_session_callback_set(ssh_client->session,
LIBSSH2_CALLBACK_AUTH_AGENT, (void*) ssh_auth_agent_callback);
/* Request agent forwarding */
if (libssh2_channel_request_auth_agent(ssh_client->term_channel))
guac_client_log(client, GUAC_LOG_ERROR, "Agent forwarding request failed");
else
guac_client_log(client, GUAC_LOG_INFO, "Agent forwarding enabled.");
}
ssh_client->auth_agent = NULL;
#endif
/* Start SFTP session as well, if enabled */
if (settings->enable_sftp) {
/* Create SSH session specific for SFTP */
guac_client_log(client, GUAC_LOG_DEBUG, "Reconnecting for SFTP...");
ssh_client->sftp_session =
guac_common_ssh_create_session(client, settings->hostname,
settings->port, ssh_client->user);
if (ssh_client->sftp_session == NULL) {
/* Already aborted within guac_common_ssh_create_session() */
return NULL;
}
/* Request SFTP */
ssh_client->sftp_filesystem = guac_common_ssh_create_sftp_filesystem(
ssh_client->sftp_session, "/");
/* Expose filesystem to connection owner */
guac_client_for_owner(client,
guac_common_ssh_expose_sftp_filesystem,
ssh_client->sftp_filesystem);
/* Init handlers for Guacamole-specific console codes */
ssh_client->term->upload_path_handler = guac_sftp_set_upload_path;
ssh_client->term->file_download_handler = guac_sftp_download_file;
guac_client_log(client, GUAC_LOG_DEBUG, "SFTP session initialized");
}
/* Request PTY */
if (libssh2_channel_request_pty_ex(ssh_client->term_channel, "linux", sizeof("linux")-1, NULL, 0,
ssh_client->term->term_width, ssh_client->term->term_height, 0, 0)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR, "Unable to allocate PTY.");
return NULL;
}
/* If a command is specified, run that instead of a shell */
if (settings->command != NULL) {
if (libssh2_channel_exec(ssh_client->term_channel, settings->command)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to execute command.");
return NULL;
}
}
/* Otherwise, request a shell */
else if (libssh2_channel_shell(ssh_client->term_channel)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_UPSTREAM_ERROR,
"Unable to associate shell with PTY.");
return NULL;
}
/* Logged in */
guac_client_log(client, GUAC_LOG_INFO, "SSH connection successful.");
/* Start input thread */
if (pthread_create(&(input_thread), NULL, ssh_input_thread, (void*) client)) {
guac_client_abort(client, GUAC_PROTOCOL_STATUS_SERVER_ERROR, "Unable to start input thread");
return NULL;
}
/* Set non-blocking */
libssh2_session_set_blocking(ssh_client->session->session, 0);
/* While data available, write to terminal */
int bytes_read = 0;
for (;;) {
/* Track total amount of data read */
int total_read = 0;
pthread_mutex_lock(&(ssh_client->term_channel_lock));
/* Stop reading at EOF */
if (libssh2_channel_eof(ssh_client->term_channel)) {
pthread_mutex_unlock(&(ssh_client->term_channel_lock));
break;
}
/* Read terminal data */
bytes_read = libssh2_channel_read(ssh_client->term_channel,
buffer, sizeof(buffer));
pthread_mutex_unlock(&(ssh_client->term_channel_lock));
/* Attempt to write data received. Exit on failure. */
if (bytes_read > 0) {
int written = guac_terminal_write_stdout(ssh_client->term, buffer, bytes_read);
if (written < 0)
break;
total_read += bytes_read;
}
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
break;
#ifdef ENABLE_SSH_AGENT
/* If agent open, handle any agent packets */
if (ssh_client->auth_agent != NULL) {
bytes_read = ssh_auth_agent_read(ssh_client->auth_agent);
if (bytes_read > 0)
total_read += bytes_read;
else if (bytes_read < 0 && bytes_read != LIBSSH2_ERROR_EAGAIN)
ssh_client->auth_agent = NULL;
}
#endif
/* Wait for more data if reads turn up empty */
if (total_read == 0) {
fd_set fds;
struct timeval timeout;
FD_ZERO(&fds);
FD_SET(ssh_client->session->fd, &fds);
/* Wait for one second */
timeout.tv_sec = 1;
timeout.tv_usec = 0;
if (select(ssh_client->session->fd + 1, &fds,
NULL, NULL, &timeout) < 0)
break;
}
}
/* Kill client and Wait for input thread to die */
guac_client_stop(client);
pthread_join(input_thread, NULL);
pthread_mutex_destroy(&ssh_client->term_channel_lock);
guac_client_log(client, GUAC_LOG_INFO, "SSH connection ended.");
return NULL;
}