2013-12-29 04:53:12 +00:00
|
|
|
/*
|
2016-03-25 19:59:40 +00:00
|
|
|
* Licensed to the Apache Software Foundation (ASF) under one
|
|
|
|
* or more contributor license agreements. See the NOTICE file
|
|
|
|
* distributed with this work for additional information
|
|
|
|
* regarding copyright ownership. The ASF licenses this file
|
|
|
|
* to you under the Apache License, Version 2.0 (the
|
|
|
|
* "License"); you may not use this file except in compliance
|
|
|
|
* with the License. You may obtain a copy of the License at
|
2011-02-16 02:48:02 +00:00
|
|
|
*
|
2016-03-25 19:59:40 +00:00
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
2011-02-16 02:48:02 +00:00
|
|
|
*
|
2016-03-25 19:59:40 +00:00
|
|
|
* Unless required by applicable law or agreed to in writing,
|
|
|
|
* software distributed under the License is distributed on an
|
|
|
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
|
|
* KIND, either express or implied. See the License for the
|
|
|
|
* specific language governing permissions and limitations
|
|
|
|
* under the License.
|
2013-12-29 04:53:12 +00:00
|
|
|
*/
|
|
|
|
|
2014-01-01 22:44:28 +00:00
|
|
|
#include "config.h"
|
2010-12-08 21:14:04 +00:00
|
|
|
|
2018-02-07 21:33:52 +00:00
|
|
|
#include "conf.h"
|
2014-09-08 18:09:29 +00:00
|
|
|
#include "conf-args.h"
|
|
|
|
#include "conf-file.h"
|
2018-02-07 21:33:52 +00:00
|
|
|
#include "connection.h"
|
2014-01-01 22:44:28 +00:00
|
|
|
#include "log.h"
|
2016-03-01 05:40:39 +00:00
|
|
|
#include "proc-map.h"
|
2014-06-11 00:25:40 +00:00
|
|
|
|
|
|
|
#ifdef ENABLE_SSL
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
#endif
|
|
|
|
|
2014-01-01 22:44:28 +00:00
|
|
|
#include <errno.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <libgen.h>
|
2011-12-11 07:17:25 +00:00
|
|
|
#include <netdb.h>
|
2010-12-08 21:14:04 +00:00
|
|
|
#include <netinet/in.h>
|
2014-01-01 22:44:28 +00:00
|
|
|
#include <signal.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
2011-11-26 00:30:17 +00:00
|
|
|
#include <syslog.h>
|
2014-01-01 22:44:28 +00:00
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <unistd.h>
|
2013-07-22 20:37:30 +00:00
|
|
|
|
2012-10-03 16:21:39 +00:00
|
|
|
#define GUACD_DEV_NULL "/dev/null"
|
|
|
|
#define GUACD_ROOT "/"
|
|
|
|
|
2014-11-10 08:26:21 +00:00
|
|
|
/**
|
2016-03-01 05:40:39 +00:00
|
|
|
* Redirects the given file descriptor to /dev/null. The given flags must match
|
2016-03-02 22:44:15 +00:00
|
|
|
* the read/write flags of the file descriptor given (if the given file
|
|
|
|
* descriptor was opened write-only, flags here must be O_WRONLY, etc.).
|
|
|
|
*
|
|
|
|
* @param fd
|
|
|
|
* The file descriptor to redirect to /dev/null.
|
|
|
|
*
|
|
|
|
* @param flags
|
|
|
|
* The flags to use when opening /dev/null as the target for redirection.
|
|
|
|
* These flags must match the flags of the file descriptor given.
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* Zero on success, non-zero if redirecting the file descriptor fails.
|
2014-07-05 20:26:27 +00:00
|
|
|
*/
|
2016-03-01 05:40:39 +00:00
|
|
|
static int redirect_fd(int fd, int flags) {
|
2012-10-03 16:21:39 +00:00
|
|
|
|
|
|
|
/* Attempt to open bit bucket */
|
|
|
|
int new_fd = open(GUACD_DEV_NULL, flags);
|
|
|
|
if (new_fd < 0)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
/* If descriptor is different, redirect old to new and close new */
|
|
|
|
if (new_fd != fd) {
|
|
|
|
dup2(new_fd, fd);
|
|
|
|
close(new_fd);
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2016-03-01 05:40:39 +00:00
|
|
|
/**
|
|
|
|
* Turns the current process into a daemon through a series of fork() calls.
|
2016-03-02 22:44:15 +00:00
|
|
|
* The standard I/O file desriptors for STDIN, STDOUT, and STDERR will be
|
|
|
|
* redirected to /dev/null, and the working directory is changed to root.
|
|
|
|
* Execution within the caller of this function will terminate before this
|
|
|
|
* function returns, while execution within the daemonized child process will
|
|
|
|
* continue.
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* Zero if the daemonization process succeeded and we are now in the
|
|
|
|
* daemonized child process, or non-zero if daemonization failed and we are
|
|
|
|
* still the original caller. This function does not return for the original
|
|
|
|
* caller if daemonization succeeds.
|
2016-03-01 05:40:39 +00:00
|
|
|
*/
|
|
|
|
static int daemonize() {
|
2012-10-03 16:21:39 +00:00
|
|
|
|
|
|
|
pid_t pid;
|
|
|
|
|
|
|
|
/* Fork once to ensure we aren't the process group leader */
|
|
|
|
pid = fork();
|
|
|
|
if (pid < 0) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not fork() parent: %s", strerror(errno));
|
2012-10-03 16:21:39 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Exit if we are the parent */
|
2012-10-03 17:03:20 +00:00
|
|
|
if (pid > 0) {
|
2014-11-10 08:26:21 +00:00
|
|
|
guacd_log(GUAC_LOG_DEBUG, "Exiting and passing control to PID %i", pid);
|
2012-10-03 17:03:20 +00:00
|
|
|
_exit(0);
|
|
|
|
}
|
2012-10-03 16:21:39 +00:00
|
|
|
|
|
|
|
/* Start a new session (if not already group leader) */
|
|
|
|
setsid();
|
|
|
|
|
|
|
|
/* Fork again so the session group leader exits */
|
|
|
|
pid = fork();
|
|
|
|
if (pid < 0) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not fork() group leader: %s", strerror(errno));
|
2012-10-03 16:21:39 +00:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Exit if we are the parent */
|
2012-10-03 17:03:20 +00:00
|
|
|
if (pid > 0) {
|
2014-11-10 08:26:21 +00:00
|
|
|
guacd_log(GUAC_LOG_DEBUG, "Exiting and passing control to PID %i", pid);
|
2012-10-03 17:03:20 +00:00
|
|
|
_exit(0);
|
|
|
|
}
|
2012-10-03 16:21:39 +00:00
|
|
|
|
|
|
|
/* Change to root directory */
|
|
|
|
if (chdir(GUACD_ROOT) < 0) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR,
|
2012-10-03 16:21:39 +00:00
|
|
|
"Unable to change working directory to "
|
|
|
|
GUACD_ROOT);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Reopen the 3 stdxxx to /dev/null */
|
|
|
|
|
|
|
|
if (redirect_fd(STDIN_FILENO, O_RDONLY)
|
|
|
|
|| redirect_fd(STDOUT_FILENO, O_WRONLY)
|
|
|
|
|| redirect_fd(STDERR_FILENO, O_WRONLY)) {
|
|
|
|
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR,
|
2012-10-03 16:21:39 +00:00
|
|
|
"Unable to redirect standard file descriptors to "
|
|
|
|
GUACD_DEV_NULL);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Success */
|
|
|
|
return 0;
|
2010-12-08 21:14:04 +00:00
|
|
|
|
|
|
|
}
|
|
|
|
|
2016-11-20 07:13:08 +00:00
|
|
|
#ifdef ENABLE_SSL
|
2017-02-28 20:01:43 +00:00
|
|
|
#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
|
2016-11-20 07:13:08 +00:00
|
|
|
/**
|
|
|
|
* Array of mutexes, used by OpenSSL.
|
|
|
|
*/
|
|
|
|
static pthread_mutex_t* guacd_openssl_locks = NULL;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Called by OpenSSL when locking or unlocking the Nth mutex.
|
|
|
|
*
|
|
|
|
* @param mode
|
|
|
|
* A bitmask denoting the action to be taken on the Nth lock, such as
|
|
|
|
* CRYPTO_LOCK or CRYPTO_UNLOCK.
|
|
|
|
*
|
|
|
|
* @param n
|
|
|
|
* The index of the lock to lock or unlock.
|
|
|
|
*
|
|
|
|
* @param file
|
|
|
|
* The filename of the function setting the lock, for debugging purposes.
|
|
|
|
*
|
|
|
|
* @param line
|
|
|
|
* The line number of the function setting the lock, for debugging
|
|
|
|
* purposes.
|
|
|
|
*/
|
|
|
|
static void guacd_openssl_locking_callback(int mode, int n,
|
|
|
|
const char* file, int line){
|
|
|
|
|
|
|
|
/* Lock given mutex upon request */
|
|
|
|
if (mode & CRYPTO_LOCK)
|
|
|
|
pthread_mutex_lock(&(guacd_openssl_locks[n]));
|
|
|
|
|
|
|
|
/* Unlock given mutex upon request */
|
|
|
|
else if (mode & CRYPTO_UNLOCK)
|
|
|
|
pthread_mutex_unlock(&(guacd_openssl_locks[n]));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Called by OpenSSL when determining the current thread ID.
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
* An ID which uniquely identifies the current thread.
|
|
|
|
*/
|
|
|
|
static unsigned long guacd_openssl_id_callback() {
|
|
|
|
return (unsigned long) pthread_self();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Creates the given number of mutexes, such that OpenSSL will have at least
|
|
|
|
* this number of mutexes at its disposal.
|
|
|
|
*
|
|
|
|
* @param count
|
|
|
|
* The number of mutexes (locks) to create.
|
|
|
|
*/
|
|
|
|
static void guacd_openssl_init_locks(int count) {
|
|
|
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/* Allocate required number of locks */
|
|
|
|
guacd_openssl_locks =
|
|
|
|
malloc(sizeof(pthread_mutex_t) * count);
|
|
|
|
|
|
|
|
/* Initialize each lock */
|
|
|
|
for (i=0; i < count; i++)
|
|
|
|
pthread_mutex_init(&(guacd_openssl_locks[i]), NULL);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Frees the given number of mutexes.
|
|
|
|
*
|
|
|
|
* @param count
|
|
|
|
* The number of mutexes (locks) to free.
|
|
|
|
*/
|
|
|
|
static void guacd_openssl_free_locks(int count) {
|
|
|
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
/* SSL lock array was not initialized */
|
|
|
|
if (guacd_openssl_locks == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* Free all locks */
|
|
|
|
for (i=0; i < count; i++)
|
|
|
|
pthread_mutex_destroy(&(guacd_openssl_locks[i]));
|
|
|
|
|
|
|
|
/* Free lock array */
|
|
|
|
free(guacd_openssl_locks);
|
|
|
|
|
|
|
|
}
|
|
|
|
#endif
|
2017-02-27 18:40:18 +00:00
|
|
|
#endif
|
2016-11-20 07:13:08 +00:00
|
|
|
|
2010-12-08 21:14:04 +00:00
|
|
|
int main(int argc, char* argv[]) {
|
|
|
|
|
|
|
|
/* Server */
|
|
|
|
int socket_fd;
|
2011-12-11 07:17:25 +00:00
|
|
|
struct addrinfo* addresses;
|
|
|
|
struct addrinfo* current_address;
|
|
|
|
char bound_address[1024];
|
|
|
|
char bound_port[64];
|
2011-04-22 06:49:14 +00:00
|
|
|
int opt_on = 1;
|
2010-12-08 21:14:04 +00:00
|
|
|
|
2012-03-01 22:05:12 +00:00
|
|
|
struct addrinfo hints = {
|
|
|
|
.ai_family = AF_UNSPEC,
|
|
|
|
.ai_socktype = SOCK_STREAM,
|
|
|
|
.ai_protocol = IPPROTO_TCP
|
|
|
|
};
|
|
|
|
|
2010-12-08 21:14:04 +00:00
|
|
|
/* Client */
|
|
|
|
struct sockaddr_in client_addr;
|
2011-04-21 22:54:29 +00:00
|
|
|
socklen_t client_addr_len;
|
2010-12-08 21:14:04 +00:00
|
|
|
int connected_socket_fd;
|
|
|
|
|
2013-07-22 20:37:30 +00:00
|
|
|
#ifdef ENABLE_SSL
|
|
|
|
SSL_CTX* ssl_context = NULL;
|
|
|
|
#endif
|
|
|
|
|
2016-03-01 05:40:39 +00:00
|
|
|
guacd_proc_map* map = guacd_proc_map_alloc();
|
2014-07-05 20:26:27 +00:00
|
|
|
|
2011-12-11 07:17:25 +00:00
|
|
|
/* General */
|
|
|
|
int retval;
|
2011-02-28 04:27:12 +00:00
|
|
|
|
2014-09-08 18:09:29 +00:00
|
|
|
/* Load configuration */
|
|
|
|
guacd_config* config = guacd_conf_load();
|
|
|
|
if (config == NULL || guacd_conf_parse_args(config, argc, argv))
|
|
|
|
exit(EXIT_FAILURE);
|
2010-12-08 21:14:04 +00:00
|
|
|
|
2018-02-07 21:41:22 +00:00
|
|
|
/* If requested, simply print version and exit, without initializing the
|
|
|
|
* logging system, etc. */
|
|
|
|
if (config->print_version) {
|
|
|
|
printf("Guacamole proxy daemon (guacd) version " VERSION "\n");
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
}
|
|
|
|
|
2014-11-10 01:04:25 +00:00
|
|
|
/* Init logging as early as possible */
|
2014-11-10 01:09:35 +00:00
|
|
|
guacd_log_level = config->max_log_level;
|
|
|
|
openlog(GUACD_LOG_NAME, LOG_PID, LOG_DAEMON);
|
2012-03-16 05:23:55 +00:00
|
|
|
|
2012-10-03 17:15:20 +00:00
|
|
|
/* Log start */
|
2014-11-10 08:26:21 +00:00
|
|
|
guacd_log(GUAC_LOG_INFO, "Guacamole proxy daemon (guacd) version " VERSION " started");
|
2012-10-03 17:15:20 +00:00
|
|
|
|
2011-12-11 07:17:25 +00:00
|
|
|
/* Get addresses for binding */
|
2014-09-08 18:09:29 +00:00
|
|
|
if ((retval = getaddrinfo(config->bind_host, config->bind_port,
|
2012-10-03 16:21:39 +00:00
|
|
|
&hints, &addresses))) {
|
|
|
|
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Error parsing given address or port: %s",
|
2011-12-11 07:17:25 +00:00
|
|
|
gai_strerror(retval));
|
|
|
|
exit(EXIT_FAILURE);
|
2012-10-03 16:21:39 +00:00
|
|
|
|
2011-12-11 07:17:25 +00:00
|
|
|
}
|
2010-12-08 21:14:04 +00:00
|
|
|
|
|
|
|
/* Get socket */
|
|
|
|
socket_fd = socket(AF_INET, SOCK_STREAM, 0);
|
|
|
|
if (socket_fd < 0) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Error opening socket: %s", strerror(errno));
|
2010-12-08 21:14:04 +00:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
|
2011-12-11 07:17:25 +00:00
|
|
|
/* Allow socket reuse */
|
2012-10-03 16:21:39 +00:00
|
|
|
if (setsockopt(socket_fd, SOL_SOCKET, SO_REUSEADDR,
|
|
|
|
(void*) &opt_on, sizeof(opt_on))) {
|
2014-11-10 06:51:40 +00:00
|
|
|
guacd_log(GUAC_LOG_WARNING, "Unable to set socket options for reuse: %s",
|
2012-10-03 16:21:39 +00:00
|
|
|
strerror(errno));
|
2011-01-21 18:01:49 +00:00
|
|
|
}
|
|
|
|
|
2011-12-11 07:17:25 +00:00
|
|
|
/* Attempt binding of each address until success */
|
|
|
|
current_address = addresses;
|
|
|
|
while (current_address != NULL) {
|
|
|
|
|
2012-03-01 22:05:12 +00:00
|
|
|
int retval;
|
|
|
|
|
|
|
|
/* Resolve hostname */
|
|
|
|
if ((retval = getnameinfo(current_address->ai_addr,
|
|
|
|
current_address->ai_addrlen,
|
|
|
|
bound_address, sizeof(bound_address),
|
|
|
|
bound_port, sizeof(bound_port),
|
|
|
|
NI_NUMERICHOST | NI_NUMERICSERV)))
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Unable to resolve host: %s",
|
2012-03-01 22:05:12 +00:00
|
|
|
gai_strerror(retval));
|
|
|
|
|
2011-12-11 07:17:25 +00:00
|
|
|
/* Attempt to bind socket to address */
|
|
|
|
if (bind(socket_fd,
|
|
|
|
current_address->ai_addr,
|
|
|
|
current_address->ai_addrlen) == 0) {
|
|
|
|
|
2014-11-10 06:51:40 +00:00
|
|
|
guacd_log(GUAC_LOG_DEBUG, "Successfully bound socket to "
|
2012-03-16 02:25:46 +00:00
|
|
|
"host %s, port %s", bound_address, bound_port);
|
2012-03-01 22:05:12 +00:00
|
|
|
|
2011-12-11 07:17:25 +00:00
|
|
|
/* Done if successful bind */
|
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2012-03-16 02:29:02 +00:00
|
|
|
/* Otherwise log information regarding bind failure */
|
2011-12-11 07:17:25 +00:00
|
|
|
else
|
2014-11-10 06:51:40 +00:00
|
|
|
guacd_log(GUAC_LOG_DEBUG, "Unable to bind socket to "
|
2012-03-16 02:25:46 +00:00
|
|
|
"host %s, port %s: %s",
|
2012-03-01 22:05:12 +00:00
|
|
|
bound_address, bound_port, strerror(errno));
|
2011-12-11 07:17:25 +00:00
|
|
|
|
|
|
|
current_address = current_address->ai_next;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If unable to bind to anything, fail */
|
|
|
|
if (current_address == NULL) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Unable to bind socket to any addresses.");
|
2010-12-08 21:14:04 +00:00
|
|
|
exit(EXIT_FAILURE);
|
2011-12-11 07:17:25 +00:00
|
|
|
}
|
2010-12-08 21:14:04 +00:00
|
|
|
|
2013-07-22 20:37:30 +00:00
|
|
|
#ifdef ENABLE_SSL
|
|
|
|
/* Init SSL if enabled */
|
2014-09-08 18:09:29 +00:00
|
|
|
if (config->key_file != NULL || config->cert_file != NULL) {
|
2013-07-22 20:37:30 +00:00
|
|
|
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_INFO, "Communication will require SSL/TLS.");
|
2016-11-20 07:13:08 +00:00
|
|
|
|
2017-02-28 20:01:43 +00:00
|
|
|
#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
|
2016-11-20 07:13:08 +00:00
|
|
|
/* Init threadsafety in OpenSSL */
|
|
|
|
guacd_openssl_init_locks(CRYPTO_num_locks());
|
|
|
|
CRYPTO_set_id_callback(guacd_openssl_id_callback);
|
|
|
|
CRYPTO_set_locking_callback(guacd_openssl_locking_callback);
|
2017-02-27 18:40:18 +00:00
|
|
|
#endif
|
2016-11-20 07:13:08 +00:00
|
|
|
|
|
|
|
/* Init SSL */
|
2013-07-22 20:37:30 +00:00
|
|
|
SSL_library_init();
|
|
|
|
SSL_load_error_strings();
|
|
|
|
ssl_context = SSL_CTX_new(SSLv23_server_method());
|
|
|
|
|
2013-07-22 21:49:28 +00:00
|
|
|
/* Load key */
|
2014-09-08 18:09:29 +00:00
|
|
|
if (config->key_file != NULL) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_INFO, "Using PEM keyfile %s", config->key_file);
|
2014-09-08 18:09:29 +00:00
|
|
|
if (!SSL_CTX_use_PrivateKey_file(ssl_context, config->key_file, SSL_FILETYPE_PEM)) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Unable to load keyfile.");
|
2013-07-22 22:42:11 +00:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
2013-07-22 21:49:28 +00:00
|
|
|
}
|
2013-07-22 22:42:11 +00:00
|
|
|
else
|
2014-11-10 06:51:40 +00:00
|
|
|
guacd_log(GUAC_LOG_WARNING, "No PEM keyfile given - SSL/TLS may not work.");
|
2013-07-22 21:49:28 +00:00
|
|
|
|
|
|
|
/* Load cert file if specified */
|
2014-09-08 18:09:29 +00:00
|
|
|
if (config->cert_file != NULL) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_INFO, "Using certificate file %s", config->cert_file);
|
2014-09-08 18:09:29 +00:00
|
|
|
if (!SSL_CTX_use_certificate_chain_file(ssl_context, config->cert_file)) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Unable to load certificate.");
|
2013-07-22 21:49:28 +00:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
}
|
2013-07-22 22:42:11 +00:00
|
|
|
else
|
2014-11-10 06:51:40 +00:00
|
|
|
guacd_log(GUAC_LOG_WARNING, "No certificate file given - SSL/TLS may not work.");
|
2013-07-22 21:49:28 +00:00
|
|
|
|
2013-07-22 20:37:30 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2012-10-03 16:21:39 +00:00
|
|
|
/* Daemonize if requested */
|
2014-09-08 18:09:29 +00:00
|
|
|
if (!config->foreground) {
|
2012-05-25 06:44:50 +00:00
|
|
|
|
2012-10-03 16:21:39 +00:00
|
|
|
/* Attempt to daemonize process */
|
|
|
|
if (daemonize()) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not become a daemon.");
|
2012-05-23 09:56:49 +00:00
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
2010-12-18 01:26:57 +00:00
|
|
|
|
2012-10-03 16:21:39 +00:00
|
|
|
}
|
2011-02-28 04:27:12 +00:00
|
|
|
|
2012-10-03 16:21:39 +00:00
|
|
|
/* Write PID file if requested */
|
2014-09-08 18:09:29 +00:00
|
|
|
if (config->pidfile != NULL) {
|
2011-02-28 04:27:12 +00:00
|
|
|
|
2012-10-03 16:21:39 +00:00
|
|
|
/* Attempt to open pidfile and write PID */
|
2014-09-08 18:09:29 +00:00
|
|
|
FILE* pidf = fopen(config->pidfile, "w");
|
2012-10-03 16:21:39 +00:00
|
|
|
if (pidf) {
|
|
|
|
fprintf(pidf, "%d\n", getpid());
|
|
|
|
fclose(pidf);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Fail if could not write PID file*/
|
|
|
|
else {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not write PID file: %s", strerror(errno));
|
2012-10-03 16:21:39 +00:00
|
|
|
exit(EXIT_FAILURE);
|
2011-02-28 04:27:12 +00:00
|
|
|
}
|
2011-11-30 20:03:27 +00:00
|
|
|
|
2012-10-03 16:21:39 +00:00
|
|
|
}
|
2010-12-08 21:14:04 +00:00
|
|
|
|
2011-03-19 23:50:18 +00:00
|
|
|
/* Ignore SIGPIPE */
|
|
|
|
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGPIPE to ignore. "
|
2012-10-03 16:21:39 +00:00
|
|
|
"SIGPIPE may cause termination of the daemon.");
|
2011-03-20 07:21:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Ignore SIGCHLD (force automatic removal of children) */
|
|
|
|
if (signal(SIGCHLD, SIG_IGN) == SIG_ERR) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGCHLD to ignore. "
|
2012-10-03 16:21:39 +00:00
|
|
|
"Child processes may pile up in the process table.");
|
2011-03-19 23:50:18 +00:00
|
|
|
}
|
|
|
|
|
2012-03-01 22:05:12 +00:00
|
|
|
/* Log listening status */
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_INFO, "Listening on host %s, port %s", bound_address, bound_port);
|
2011-12-11 07:17:25 +00:00
|
|
|
|
|
|
|
/* Free addresses */
|
|
|
|
freeaddrinfo(addresses);
|
|
|
|
|
2015-09-28 00:58:53 +00:00
|
|
|
/* Listen for connections */
|
|
|
|
if (listen(socket_fd, 5) < 0) {
|
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not listen on socket: %s", strerror(errno));
|
|
|
|
return 3;
|
|
|
|
}
|
|
|
|
|
2010-12-08 21:14:04 +00:00
|
|
|
/* Daemon loop */
|
|
|
|
for (;;) {
|
|
|
|
|
2016-03-01 05:40:39 +00:00
|
|
|
pthread_t child_thread;
|
2010-12-08 21:14:04 +00:00
|
|
|
|
|
|
|
/* Accept connection */
|
|
|
|
client_addr_len = sizeof(client_addr);
|
2012-10-03 16:21:39 +00:00
|
|
|
connected_socket_fd = accept(socket_fd,
|
|
|
|
(struct sockaddr*) &client_addr, &client_addr_len);
|
|
|
|
|
2010-12-08 21:14:04 +00:00
|
|
|
if (connected_socket_fd < 0) {
|
2016-03-01 05:40:39 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not accept client connection: %s", strerror(errno));
|
|
|
|
continue;
|
2010-12-08 21:14:04 +00:00
|
|
|
}
|
|
|
|
|
2016-03-01 05:40:39 +00:00
|
|
|
/* Create parameters for connection thread */
|
|
|
|
guacd_connection_thread_params* params = malloc(sizeof(guacd_connection_thread_params));
|
|
|
|
if (params == NULL) {
|
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not create connection thread: %s", strerror(errno));
|
|
|
|
continue;
|
|
|
|
}
|
2013-07-22 20:37:30 +00:00
|
|
|
|
2016-03-01 05:40:39 +00:00
|
|
|
params->map = map;
|
|
|
|
params->connected_socket_fd = connected_socket_fd;
|
2013-07-22 20:37:30 +00:00
|
|
|
|
|
|
|
#ifdef ENABLE_SSL
|
2016-03-01 05:40:39 +00:00
|
|
|
params->ssl_context = ssl_context;
|
2013-07-22 20:37:30 +00:00
|
|
|
#endif
|
|
|
|
|
2016-03-01 05:40:39 +00:00
|
|
|
/* Spawn thread to handle connection */
|
|
|
|
pthread_create(&child_thread, NULL, guacd_connection_thread, params);
|
|
|
|
pthread_detach(child_thread);
|
2011-07-12 21:43:57 +00:00
|
|
|
|
2010-12-08 21:14:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Close socket */
|
2011-07-14 08:13:20 +00:00
|
|
|
if (close(socket_fd) < 0) {
|
2014-11-08 00:32:19 +00:00
|
|
|
guacd_log(GUAC_LOG_ERROR, "Could not close socket: %s", strerror(errno));
|
2010-12-08 21:14:04 +00:00
|
|
|
return 3;
|
|
|
|
}
|
|
|
|
|
2016-11-20 07:13:08 +00:00
|
|
|
#ifdef ENABLE_SSL
|
|
|
|
if (ssl_context != NULL) {
|
2017-02-28 20:01:43 +00:00
|
|
|
#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
|
2016-11-20 07:13:08 +00:00
|
|
|
guacd_openssl_free_locks(CRYPTO_num_locks());
|
2017-02-27 18:40:18 +00:00
|
|
|
#endif
|
2016-11-20 07:13:08 +00:00
|
|
|
SSL_CTX_free(ssl_context);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2010-12-08 21:14:04 +00:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|