Add options to guacd. Update docs.

This commit is contained in:
Michael Jumper 2013-07-22 13:37:30 -07:00
parent bb74730629
commit 6792b65d4c
3 changed files with 107 additions and 11 deletions

View File

@ -55,6 +55,10 @@
#include <syslog.h>
#include <libgen.h>
#ifdef ENABLE_SSL
#include <openssl/ssl.h>
#endif
#include <guacamole/client.h>
#include <guacamole/error.h>
#include <guacamole/instruction.h>
@ -67,7 +71,7 @@
#define GUACD_DEV_NULL "/dev/null"
#define GUACD_ROOT "/"
void guacd_handle_connection(int fd) {
void guacd_handle_connection(guac_socket* socket) {
guac_client* client;
guac_client_plugin* plugin;
@ -78,9 +82,6 @@ void guacd_handle_connection(int fd) {
guac_instruction* connect;
int init_result;
/* Open guac_socket */
guac_socket* socket = guac_socket_open(fd);
/* Get protocol from select instruction */
select = guac_instruction_expect(
socket, GUACD_USEC_TIMEOUT, "select");
@ -362,11 +363,17 @@ int main(int argc, char* argv[]) {
int opt;
int foreground = 0;
#ifdef ENABLE_SSL
/* SSL */
char* cert_file = NULL;
SSL_CTX* ssl_context = NULL;
#endif
/* General */
int retval;
/* Parse arguments */
while ((opt = getopt(argc, argv, "l:b:p:f")) != -1) {
while ((opt = getopt(argc, argv, "l:b:p:C:A:f")) != -1) {
if (opt == 'l') {
listen_port = strdup(optarg);
}
@ -379,12 +386,34 @@ int main(int argc, char* argv[]) {
else if (opt == 'p') {
pidfile = strdup(optarg);
}
#ifdef ENABLE_SSL
else if (opt == 'C') {
cert_file = strdup(optarg);
}
else if (opt == 'A') {
fprintf(stderr, "The -a option is not yet implemented.\n");
exit(EXIT_FAILURE);
}
#else
else if (opt == 'C' || opt == 'A') {
fprintf(stderr,
"This %s does not have SSL/TLS support compiled in.\n"
"If you wish to enable support for the -%c option, please install libssl and "
"recompile %s.\n",
argv[0], opt, argv[0]);
exit(EXIT_FAILURE);
}
#endif
else {
fprintf(stderr, "USAGE: %s"
" [-l LISTENPORT]"
" [-b LISTENADDRESS]"
" [-p PIDFILE]"
#ifdef ENABLE_SSL
" [-c CERTIFICATE_FILE]"
" [-a CIPHER1:CIPHER2:...]"
#endif
" [-f]\n", argv[0]);
exit(EXIT_FAILURE);
@ -468,6 +497,21 @@ int main(int argc, char* argv[]) {
exit(EXIT_FAILURE);
}
#ifdef ENABLE_SSL
/* Init SSL if enabled */
if (cert_file != NULL) {
guacd_log_info("Using certificate file %s", cert_file);
guacd_log_info("Communication will be encrypted with SSL/TLS.");
SSL_library_init();
SSL_load_error_strings();
ssl_context = SSL_CTX_new(SSLv23_server_method());
}
#endif
/* Daemonize if requested */
if (!foreground) {
@ -554,7 +598,22 @@ int main(int argc, char* argv[]) {
/* If child, start client, and exit when finished */
else if (child_pid == 0) {
guacd_handle_connection(connected_socket_fd);
guac_socket* socket;
#ifdef ENABLE_SSL
/* If SSL chosen, use it */
if (ssl_context != NULL)
guacd_log_info("STUB: SSL ENABLED - would have used SSL here.");
socket = guac_socket_open(connected_socket_fd);
#else
/* Open guac_socket */
socket = guac_socket_open(connected_socket_fd);
#endif
guacd_handle_connection(socket);
close(connected_socket_fd);
return 0;
}

View File

@ -1,4 +1,4 @@
.TH guacd 8 "6 May 2012" "version 0.6.2" "Guacamole"
.TH guacd 8 "22 Jul 2013" "version 0.8.2" "Guacamole"
.
.SH NAME
guacd \- Guacamole proxy daemon
@ -7,7 +7,9 @@ guacd \- Guacamole proxy daemon
.B guacd
[\fB-b\fR \fIHOST\fR]
[\fB-l\fR \fIPORT\fR]
[\fB-p\fR \fIFILE\fR]
[\fB-p\fR \fIPID FILE\fR]
[\fB-C\fR \fICERTIFICATE FILE\fR]
[\fB-A\fR \fICIPHER1:CIPHER2:...\fR]
[\fB-f\fR]
.
.SH DESCRIPTION
@ -46,5 +48,27 @@ Causes
to run in the foreground, rather than automatically forking into the
background.
.
.SH SSL/TLS OPTIONS
If libssl was present at the time
.B guacd
was compiled, it will contain SSL/TLS support, and connections between the
web application and
.B guacd
can be encrypted if a certificate file is given.
.TP
\fB-C\fR \fICERTIFICATE FILE\fR
Enables SSL/TLS using the given cerficiate file. Future connections to
this instance of
.B guacd
will require SSL/TLS enabled in the client (the web application). If
this option is not given, communication with guacd must be unencrypted.
[\fB-A\fR \fICIPHER1:CIPHER2:...\fR]
.TP
\fB-a\fR \fICIPHER1:CIPHER2:...\fR
Given a colon-delimited list of ciphers, this option selects which
ciphers will be available for SSL/TLS connections. If this option is
not given, and encryption is enabled, all ciphers will be available
for use.
.
.SH AUTHOR
Written by Michael Jumper <zhangmaike@users.sourceforge.net>
Written by Michael Jumper <mike.jumper@guac-dev.org>

View File

@ -47,9 +47,12 @@
static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
void* buf, size_t count) {
#if 0
/* Read from socket */
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
int retval = 0; /* STUB */
int retval;
/* STUB */
/* Record errors in guac_error */
if (retval < 0) {
@ -58,15 +61,21 @@ static ssize_t __guac_socket_ssl_read_handler(guac_socket* socket,
}
return retval;
#endif
return 0;
}
static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
const void* buf, size_t count) {
#if 0
/* Write data to socket */
guac_socket_ssl_data* data = (guac_socket_ssl_data*) socket->data;
int retval = 0; /* STUB */
int retval;
/* STUB */
/* Record errors in guac_error */
if (retval < 0) {
@ -75,6 +84,10 @@ static ssize_t __guac_socket_ssl_write_handler(guac_socket* socket,
}
return retval;
#endif
return count;
}
static int __guac_socket_ssl_select_handler(guac_socket* socket, int usec_timeout) {