Add options to guacd. Update docs.
This commit is contained in:
parent
bb74730629
commit
6792b65d4c
@ -55,6 +55,10 @@
|
||||
#include <syslog.h>
|
||||
#include <libgen.h>
|
||||
|
||||
#ifdef ENABLE_SSL
|
||||
#include <openssl/ssl.h>
|
||||
#endif
|
||||
|
||||
#include <guacamole/client.h>
|
||||
#include <guacamole/error.h>
|
||||
#include <guacamole/instruction.h>
|
||||
@ -67,7 +71,7 @@
|
||||
#define GUACD_DEV_NULL "/dev/null"
|
||||
#define GUACD_ROOT "/"
|
||||
|
||||
void guacd_handle_connection(int fd) {
|
||||
void guacd_handle_connection(guac_socket* socket) {
|
||||
|
||||
guac_client* client;
|
||||
guac_client_plugin* plugin;
|
||||
@ -78,9 +82,6 @@ void guacd_handle_connection(int fd) {
|
||||
guac_instruction* connect;
|
||||
int init_result;
|
||||
|
||||
/* Open guac_socket */
|
||||
guac_socket* socket = guac_socket_open(fd);
|
||||
|
||||
/* Get protocol from select instruction */
|
||||
select = guac_instruction_expect(
|
||||
socket, GUACD_USEC_TIMEOUT, "select");
|
||||
@ -362,11 +363,17 @@ int main(int argc, char* argv[]) {
|
||||
int opt;
|
||||
int foreground = 0;
|
||||
|
||||
#ifdef ENABLE_SSL
|
||||
/* SSL */
|
||||
char* cert_file = NULL;
|
||||
SSL_CTX* ssl_context = NULL;
|
||||
#endif
|
||||
|
||||
/* General */
|
||||
int retval;
|
||||
|
||||
/* Parse arguments */
|
||||
while ((opt = getopt(argc, argv, "l:b:p:f")) != -1) {
|
||||
while ((opt = getopt(argc, argv, "l:b:p:C:A:f")) != -1) {
|
||||
if (opt == 'l') {
|
||||
listen_port = strdup(optarg);
|
||||
}
|
||||
@ -379,12 +386,34 @@ int main(int argc, char* argv[]) {
|
||||
else if (opt == 'p') {
|
||||
pidfile = strdup(optarg);
|
||||
}
|
||||
#ifdef ENABLE_SSL
|
||||
else if (opt == 'C') {
|
||||
cert_file = strdup(optarg);
|
||||
}
|
||||
else if (opt == 'A') {
|
||||
fprintf(stderr, "The -a option is not yet implemented.\n");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#else
|
||||
else if (opt == 'C' || opt == 'A') {
|
||||
fprintf(stderr,
|
||||
"This %s does not have SSL/TLS support compiled in.\n"
|
||||
"If you wish to enable support for the -%c option, please install libssl and "
|
||||
"recompile %s.\n",
|
||||
argv[0], opt, argv[0]);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
|
||||
fprintf(stderr, "USAGE: %s"
|
||||
" [-l LISTENPORT]"
|
||||
" [-b LISTENADDRESS]"
|
||||
" [-p PIDFILE]"
|
||||
#ifdef ENABLE_SSL
|
||||
" [-c CERTIFICATE_FILE]"
|
||||
" [-a CIPHER1:CIPHER2:...]"
|
||||
#endif
|
||||
" [-f]\n", argv[0]);
|
||||
|
||||
exit(EXIT_FAILURE);
|
||||
@ -468,6 +497,21 @@ int main(int argc, char* argv[]) {
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
#ifdef ENABLE_SSL
|
||||
/* Init SSL if enabled */
|
||||
if (cert_file != NULL) {
|
||||
|
||||
guacd_log_info("Using certificate file %s", cert_file);
|
||||
guacd_log_info("Communication will be encrypted with SSL/TLS.");
|
||||
|
||||
SSL_library_init();
|
||||
SSL_load_error_strings();
|
||||
|
||||
ssl_context = SSL_CTX_new(SSLv23_server_method());
|
||||
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Daemonize if requested */
|
||||
if (!foreground) {
|
||||
|
||||
@ -554,7 +598,22 @@ int main(int argc, char* argv[]) {
|
||||
|
||||
/* If child, start client, and exit when finished */
|
||||
else if (child_pid == 0) {
|
||||
guacd_handle_connection(connected_socket_fd);
|
||||
|
||||
guac_socket* socket;
|
||||
|
||||
#ifdef ENABLE_SSL
|
||||
|
||||
/* If SSL chosen, use it */
|
||||
if (ssl_context != NULL)
|
||||
guacd_log_info("STUB: SSL ENABLED - would have used SSL here.");
|
||||
|
||||
socket = guac_socket_open(connected_socket_fd);
|
||||
#else
|
||||
/* Open guac_socket */
|
||||
socket = guac_socket_open(connected_socket_fd);
|
||||
#endif
|
||||
|
||||
guacd_handle_connection(socket);
|
||||
close(connected_socket_fd);
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
.TH guacd 8 "6 May 2012" "version 0.6.2" "Guacamole"
|
||||
.TH guacd 8 "22 Jul 2013" "version 0.8.2" "Guacamole"
|
||||
.
|
||||
.SH NAME
|
||||
guacd \- Guacamole proxy daemon
|
||||
@ -7,7 +7,9 @@ guacd \- Guacamole proxy daemon
|
||||
.B guacd
|
||||
[\fB-b\fR \fIHOST\fR]
|
||||
[\fB-l\fR \fIPORT\fR]
|
||||
[\fB-p\fR \fIFILE\fR]
|
||||
[\fB-p\fR \fIPID FILE\fR]
|
||||
[\fB-C\fR \fICERTIFICATE FILE\fR]
|
||||
[\fB-A\fR \fICIPHER1:CIPHER2:...\fR]
|
||||
[\fB-f\fR]
|
||||
.
|
||||
.SH DESCRIPTION
|
||||
@ -46,5 +48,27 @@ Causes
|
||||
to run in the foreground, rather than automatically forking into the
|
||||
background.
|
||||
.
|
||||
.SH SSL/TLS OPTIONS
|
||||
If libssl was present at the time
|
||||
.B guacd
|
||||
was compiled, it will contain SSL/TLS support, and connections between the
|
||||
web application and
|
||||
.B guacd
|
||||
can be encrypted if a certificate file is given.
|
||||
.TP
|
||||
\fB-C\fR \fICERTIFICATE FILE\fR
|
||||
Enables SSL/TLS using the given cerficiate file. Future connections to
|
||||
this instance of
|
||||
.B guacd
|
||||
will require SSL/TLS enabled in the client (the web application). If
|
||||
this option is not given, communication with guacd must be unencrypted.
|
||||
[\fB-A\fR \fICIPHER1:CIPHER2:...\fR]
|
||||
.TP
|
||||
\fB-a\fR \fICIPHER1:CIPHER2:...\fR
|
||||
Given a colon-delimited list of ciphers, this option selects which
|
||||
ciphers will be available for SSL/TLS connections. If this option is
|
||||
not given, and encryption is enabled, all ciphers will be available
|
||||
for use.
|
||||
.
|
||||
.SH AUTHOR
|
||||
Written by Michael Jumper <zhangmaike@users.sourceforge.net>
|
||||
Written by Michael Jumper <mike.jumper@guac-dev.org>
|
||||
|
@ -47,9 +47,12 @@
|
||||
static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
|
||||
void* buf, size_t count) {
|
||||
|
||||
#if 0
|
||||
/* Read from socket */
|
||||
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
||||
int retval = 0; /* STUB */
|
||||
int retval;
|
||||
|
||||
/* STUB */
|
||||
|
||||
/* Record errors in guac_error */
|
||||
if (retval < 0) {
|
||||
@ -58,15 +61,21 @@ static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
|
||||
}
|
||||
|
||||
return retval;
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
|
||||
const void* buf, size_t count) {
|
||||
|
||||
#if 0
|
||||
/* Write data to socket */
|
||||
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
|
||||
int retval = 0; /* STUB */
|
||||
int retval;
|
||||
|
||||
/* STUB */
|
||||
|
||||
/* Record errors in guac_error */
|
||||
if (retval < 0) {
|
||||
@ -75,6 +84,10 @@ static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
|
||||
}
|
||||
|
||||
return retval;
|
||||
#endif
|
||||
|
||||
return count;
|
||||
|
||||
}
|
||||
|
||||
static int __guac_socket_ssl_select_handler(guac_socket* socket, int usec_timeout) {
|
||||
|
Loading…
Reference in New Issue
Block a user