in src/guacd/daemon.c [295:613]
int main(int argc, char* argv[]) {
/* Server */
int socket_fd;
struct addrinfo* addresses;
struct addrinfo* current_address;
char bound_address[1024];
char bound_port[64];
int opt_on = 1;
struct addrinfo hints = {
.ai_family = AF_UNSPEC,
.ai_socktype = SOCK_STREAM,
.ai_protocol = IPPROTO_TCP
};
/* Client */
struct sockaddr_in client_addr;
socklen_t client_addr_len;
int connected_socket_fd;
#ifdef ENABLE_SSL
SSL_CTX* ssl_context = NULL;
#endif
guacd_proc_map* map = guacd_proc_map_alloc();
/* General */
int retval;
#ifdef HAVE_DECL_PTHREAD_SETATTR_DEFAULT_NP
/* Set default stack size */
pthread_attr_t default_pthread_attr;
pthread_attr_init(&default_pthread_attr);
pthread_attr_setstacksize(&default_pthread_attr, GUACD_THREAD_STACK_SIZE);
pthread_setattr_default_np(&default_pthread_attr);
#endif // HAVE_DECL_PTHREAD_SETATTR_DEFAULT_NP
/* Load configuration */
guacd_config* config = guacd_conf_load();
if (config == NULL || guacd_conf_parse_args(config, argc, argv))
exit(EXIT_FAILURE);
/* If requested, simply print version and exit, without initializing the
* logging system, etc. */
if (config->print_version) {
printf("Guacamole proxy daemon (guacd) version " VERSION "\n");
exit(EXIT_SUCCESS);
}
/* Init logging as early as possible */
guacd_log_level = config->max_log_level;
openlog(GUACD_LOG_NAME, LOG_PID, LOG_DAEMON);
/* Log start */
guacd_log(GUAC_LOG_INFO, "Guacamole proxy daemon (guacd) version " VERSION " started");
/* Get addresses for binding */
if ((retval = getaddrinfo(config->bind_host, config->bind_port,
&hints, &addresses))) {
guacd_log(GUAC_LOG_ERROR, "Error parsing given address or port: %s",
gai_strerror(retval));
exit(EXIT_FAILURE);
}
/* Attempt binding of each address until success */
current_address = addresses;
while (current_address != NULL) {
int retval;
/* Resolve hostname */
if ((retval = getnameinfo(current_address->ai_addr,
current_address->ai_addrlen,
bound_address, sizeof(bound_address),
bound_port, sizeof(bound_port),
NI_NUMERICHOST | NI_NUMERICSERV)))
guacd_log(GUAC_LOG_ERROR, "Unable to resolve host: %s",
gai_strerror(retval));
/* Get socket */
socket_fd = socket(current_address->ai_family, SOCK_STREAM, 0);
if (socket_fd < 0) {
guacd_log(GUAC_LOG_ERROR, "Error opening socket: %s", strerror(errno));
/* Unable to get a socket for the resolved address family, try next */
current_address = current_address->ai_next;
continue;
}
/* Allow socket reuse */
if (setsockopt(socket_fd, SOL_SOCKET, SO_REUSEADDR,
(void*) &opt_on, sizeof(opt_on))) {
guacd_log(GUAC_LOG_WARNING, "Unable to set socket options for reuse: %s",
strerror(errno));
}
/* Attempt to bind socket to address */
if (bind(socket_fd,
current_address->ai_addr,
current_address->ai_addrlen) == 0) {
guacd_log(GUAC_LOG_DEBUG, "Successfully bound "
"%s socket to host %s, port %s",
(current_address->ai_family == AF_INET) ? "AF_INET" : "AF_INET6",
bound_address, bound_port);
/* Done if successful bind */
break;
}
/* Otherwise log information regarding bind failure */
close(socket_fd);
socket_fd = -1;
guacd_log(GUAC_LOG_DEBUG, "Unable to bind %s socket to "
"host %s, port %s: %s",
(current_address->ai_family == AF_INET) ? "AF_INET" : "AF_INET6",
bound_address, bound_port, strerror(errno));
/* Try next address */
current_address = current_address->ai_next;
}
/* If unable to bind to anything, fail */
if (current_address == NULL) {
guacd_log(GUAC_LOG_ERROR, "Unable to bind socket to any addresses.");
exit(EXIT_FAILURE);
}
#ifdef ENABLE_SSL
/* Init SSL if enabled */
if (config->key_file != NULL || config->cert_file != NULL) {
guacd_log(GUAC_LOG_INFO, "Communication will require SSL/TLS.");
#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
/* Init threadsafety in OpenSSL */
guacd_openssl_init_locks(CRYPTO_num_locks());
CRYPTO_set_id_callback(guacd_openssl_id_callback);
CRYPTO_set_locking_callback(guacd_openssl_locking_callback);
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* Init OpenSSL for OpenSSL Versions < 1.1.0 */
SSL_library_init();
SSL_load_error_strings();
ssl_context = SSL_CTX_new(SSLv23_server_method());
#else
/* Set up OpenSSL for OpenSSL Versions >= 1.1.0 */
ssl_context = SSL_CTX_new(TLS_server_method());
#endif
/* Load key */
if (config->key_file != NULL) {
guacd_log(GUAC_LOG_INFO, "Using PEM keyfile %s", config->key_file);
if (!SSL_CTX_use_PrivateKey_file(ssl_context, config->key_file, SSL_FILETYPE_PEM)) {
guacd_log(GUAC_LOG_ERROR, "Unable to load keyfile.");
exit(EXIT_FAILURE);
}
}
else
guacd_log(GUAC_LOG_WARNING, "No PEM keyfile given - SSL/TLS may not work.");
/* Load cert file if specified */
if (config->cert_file != NULL) {
guacd_log(GUAC_LOG_INFO, "Using certificate file %s", config->cert_file);
if (!SSL_CTX_use_certificate_chain_file(ssl_context, config->cert_file)) {
guacd_log(GUAC_LOG_ERROR, "Unable to load certificate.");
exit(EXIT_FAILURE);
}
}
else
guacd_log(GUAC_LOG_WARNING, "No certificate file given - SSL/TLS may not work.");
}
#endif
/* Daemonize if requested */
if (!config->foreground) {
/* Attempt to daemonize process */
if (daemonize()) {
guacd_log(GUAC_LOG_ERROR, "Could not become a daemon.");
exit(EXIT_FAILURE);
}
}
/* Write PID file if requested */
if (config->pidfile != NULL) {
/* Attempt to open pidfile and write PID */
FILE* pidf = fopen(config->pidfile, "w");
if (pidf) {
fprintf(pidf, "%d\n", getpid());
fclose(pidf);
}
/* Fail if could not write PID file*/
else {
guacd_log(GUAC_LOG_ERROR, "Could not write PID file: %s", strerror(errno));
exit(EXIT_FAILURE);
}
}
/* Ignore SIGPIPE */
if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGPIPE to ignore. "
"SIGPIPE may cause termination of the daemon.");
}
/* Ignore SIGCHLD (force automatic removal of children) */
if (signal(SIGCHLD, SIG_IGN) == SIG_ERR) {
guacd_log(GUAC_LOG_INFO, "Could not set handler for SIGCHLD to ignore. "
"Child processes may pile up in the process table.");
}
/* Clean up and exit if SIGINT or SIGTERM signals are caught */
struct sigaction signal_stop_action = { .sa_handler = signal_stop_handler };
sigaction(SIGINT, &signal_stop_action, NULL);
sigaction(SIGTERM, &signal_stop_action, NULL);
/* Log listening status */
guacd_log(GUAC_LOG_INFO, "Listening on host %s, port %s", bound_address, bound_port);
/* Free addresses */
freeaddrinfo(addresses);
/* Listen for connections */
if (listen(socket_fd, 5) < 0) {
guacd_log(GUAC_LOG_ERROR, "Could not listen on socket: %s", strerror(errno));
return 3;
}
/* Daemon loop */
while (!stop_everything) {
pthread_t child_thread;
/* Accept connection */
client_addr_len = sizeof(client_addr);
connected_socket_fd = accept(socket_fd,
(struct sockaddr*) &client_addr, &client_addr_len);
if (connected_socket_fd < 0) {
if (errno == EINTR)
guacd_log(GUAC_LOG_DEBUG, "Accepting of further client connection(s) interrupted by signal.");
else
guacd_log(GUAC_LOG_ERROR, "Could not accept client connection: %s", strerror(errno));
continue;
}
/* Set TCP_NODELAY to avoid any latency that would otherwise be added by the OS'
* networking stack and Nagle's algorithm */
const int SO_TRUE = 1;
setsockopt(connected_socket_fd, IPPROTO_TCP, TCP_NODELAY,
(const void*) &SO_TRUE, sizeof(SO_TRUE));
/* Create parameters for connection thread */
guacd_connection_thread_params* params = guac_mem_alloc(sizeof(guacd_connection_thread_params));
if (params == NULL) {
guacd_log(GUAC_LOG_ERROR, "Could not create connection thread: %s", strerror(errno));
continue;
}
params->map = map;
params->connected_socket_fd = connected_socket_fd;
#ifdef ENABLE_SSL
params->ssl_context = ssl_context;
#endif
/* Spawn thread to handle connection */
pthread_create(&child_thread, NULL, guacd_connection_thread, params);
pthread_detach(child_thread);
}
/* Stop all connections */
if (map != NULL) {
guacd_proc_map_foreach(map, stop_process_callback, NULL);
/*
* FIXME: Clean up the proc map. This is not as straightforward as it
* might seem, since the detached connection threads will attempt to
* remove the connection processes from the map when they complete,
* which will also happen upon shutdown. So there's a good chance that
* this map cleanup will happen at the same time as the thread cleanup.
* The map _does_ have locking mechanisms in place for ensuring thread
* safety, but cleaning up the map also requires destroying those locks,
* making them unusable for this case. One potential fix could be to
* join every one of the connection threads instead of detaching them,
* but that does complicate the cleanup of thread resources.
*/
}
/* Close socket */
if (close(socket_fd) < 0) {
guacd_log(GUAC_LOG_ERROR, "Could not close socket: %s", strerror(errno));
return 3;
}
#ifdef ENABLE_SSL
if (ssl_context != NULL) {
#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
guacd_openssl_free_locks(CRYPTO_num_locks());
#endif
SSL_CTX_free(ssl_context);
}
#endif
return 0;
}