+ srsd_t *srsd = p_new(srsd_t, 1);
+ srsd->fd = -1;
+ return srsd;
+}
+
+static void srsd_delete(srsd_t **srsd)
+{
+ if (*srsd) {
+ if ((*srsd)->fd >= 0)
+ close((*srsd)->fd);
+ buffer_wipe(&(*srsd)->ibuf);
+ buffer_wipe(&(*srsd)->obuf);
+ p_delete(srsd);
+ }
+}
+
+void urldecode(char *s, char *end)
+{
+ char *p = s;
+
+ while (*p) {
+ if (*p == '%' && end - p >= 3) {
+ int h = (hexval(p[1]) << 4) | hexval(p[2]);
+
+ if (h >= 0) {
+ *s++ = h;
+ p += 3;
+ continue;
+ }
+ }
+
+ *s++ = *p++;
+ }
+ *s++ = '\0';
+}
+
+int process_srs(srs_t *srs, const char *domain, srsd_t *srsd)
+{
+ while (srsd->ibuf.len > 4) {
+ char buf[BUFSIZ], *p, *q, *nl;
+ int err;
+
+ nl = strchr(srsd->ibuf.data + 4, '\n');
+ if (!nl) {
+ if (srsd->ibuf.len > BUFSIZ) {
+ syslog(LOG_ERR, "unreasonnable amount of data without a \\n");
+ return -1;
+ }
+ return 0;
+ }
+
+ if (strncmp("get ", srsd->ibuf.data, 4)) {
+ syslog(LOG_ERR, "bad request, not starting with \"get \"");
+ return -1;
+ }
+
+ for (p = srsd->ibuf.data + 4; p < nl && isspace(*p); p++);
+ for (q = nl++; q >= p && isspace(*q); *q-- = '\0');
+
+ if (p == q) {
+ buffer_addstr(&srsd->obuf, "400 empty request ???\n");
+ syslog(LOG_WARNING, "empty request");
+ goto skip;
+ }
+
+ urldecode(p, q);
+
+ if (srsd->decoder) {
+ err = srs_reverse(srs, buf, ssizeof(buf), p);
+ } else {
+ err = srs_forward(srs, buf, ssizeof(buf), p, domain);
+ }
+
+ if (err == 0) {
+ buffer_addstr(&srsd->obuf, "200 ");
+ buffer_addstr(&srsd->obuf, buf);
+ } else {
+ switch (SRS_ERROR_TYPE(err)) {
+ case SRS_ERRTYPE_SRS:
+ case SRS_ERRTYPE_SYNTAX:
+ buffer_addstr(&srsd->obuf, "500 ");
+ break;
+ default:
+ buffer_addstr(&srsd->obuf, "400 ");
+ break;
+ }
+ buffer_addstr(&srsd->obuf, srs_strerror(err));
+ }
+ buffer_addch(&srsd->obuf, '\n');
+
+ skip:
+ buffer_consume(&srsd->ibuf, nl - srsd->ibuf.data);
+ }
+
+ return 0;
+}
+
+int start_listener(int epollfd, int port, bool decoder)
+{
+ struct sockaddr_in addr = {
+ .sin_family = AF_INET,
+ .sin_addr = { htonl(INADDR_LOOPBACK) },
+ };
+ struct epoll_event evt = { .events = EPOLLIN };
+ srsd_t *tmp;
+ int sock;
+
+ addr.sin_port = htons(port);
+ sock = tcp_listen_nonblock((const struct sockaddr *)&addr, sizeof(addr));
+ if (sock < 0) {
+ return -1;
+ }
+
+ evt.data.ptr = tmp = srsd_new();
+ tmp->fd = sock;
+ tmp->decoder = decoder;
+ tmp->listener = true;
+ if (epoll_ctl(epollfd, EPOLL_CTL_ADD, sock, &evt) < 0) {
+ UNIXERR("epoll_ctl");
+ return -1;
+ }
+ return 0;
+}
+
+/* }}} */
+/* administrivia {{{ */
+
+static int main_initialize(void)
+{
+ openlog(DAEMON_NAME, LOG_PID, LOG_MAIL);
+ signal(SIGPIPE, SIG_IGN);
+ signal(SIGINT, &common_sighandler);
+ signal(SIGTERM, &common_sighandler);
+ signal(SIGHUP, &common_sighandler);
+ syslog(LOG_INFO, "Starting...");
+ return 0;
+}
+
+static void main_shutdown(void)
+{
+ syslog(LOG_INFO, cleanexit ? "Stopping..." : "Unclean exit...");
+ closelog();
+}
+
+module_init(main_initialize);
+module_exit(main_shutdown);
+
+void usage(void)
+{
+ fputs("usage: "DAEMON_NAME" [options] domain secrets\n"
+ "\n"
+ "Options:\n"
+ " -e <port> port to listen to for encoding requests\n"
+ " (default: "STR(DEFAULT_ENCODER_PORT)")\n"
+ " -d <port> port to listen to for decoding requests\n"
+ " (default: "STR(DEFAULT_DECODER_PORT)")\n"
+ " -p <pidfile> file to write our pid to\n"
+ " -u unsafe mode: don't drop privilegies\n"
+ , stderr);
+}
+
+/* }}} */
+
+int main_loop(srs_t *srs, const char *domain, int port_enc, int port_dec)
+{
+ int exitcode = EXIT_SUCCESS;
+ int epollfd = epoll_create(128);
+
+ if (epollfd < 0) {
+ UNIXERR("epoll_create");
+ exitcode = EXIT_FAILURE;
+ goto error;
+ }
+
+ if (start_listener(epollfd, port_enc, false) < 0)
+ return EXIT_FAILURE;
+ if (start_listener(epollfd, port_dec, true) < 0)
+ return EXIT_FAILURE;
+
+ while (!sigint) {
+ struct epoll_event evts[1024];
+ int n;
+
+ n = epoll_wait(epollfd, evts, countof(evts), -1);
+ if (n < 0) {
+ if (errno != EAGAIN && errno != EINTR) {
+ UNIXERR("epoll_wait");
+ exitcode = EXIT_FAILURE;
+ break;
+ }
+ continue;
+ }
+
+ while (--n >= 0) {
+ srsd_t *srsd = evts[n].data.ptr;
+
+ if (srsd->listener) {
+ struct epoll_event evt = { .events = EPOLLIN };
+ srsd_t *tmp;
+ int sock;
+
+ sock = accept_nonblock(srsd->fd);
+ if (sock < 0) {
+ UNIXERR("accept");
+ continue;
+ }
+
+ evt.data.ptr = tmp = srsd_new();
+ tmp->decoder = srsd->decoder;
+ tmp->fd = sock;
+ if (epoll_ctl(epollfd, EPOLL_CTL_ADD, sock, &evt) < 0) {
+ UNIXERR("epoll_ctl");
+ srsd_delete(&tmp);
+ close(sock);
+ }
+ continue;
+ }
+
+ if (evts[n].events & EPOLLIN) {
+ int res = buffer_read(&srsd->ibuf, srsd->fd, -1);
+
+ if ((res < 0 && errno != EINTR && errno != EAGAIN)
+ || res == 0)
+ {
+ srsd_delete(&srsd);
+ continue;
+ }
+
+ if (process_srs(srs, domain, srsd) < 0) {
+ srsd_delete(&srsd);
+ continue;
+ }
+ }
+
+ if ((evts[n].events & EPOLLOUT) && srsd->obuf.len) {
+ int res = write(srsd->fd, srsd->obuf.data, srsd->obuf.len);
+
+ if (res < 0 && errno != EINTR && errno != EAGAIN) {
+ srsd_delete(&srsd);
+ continue;
+ }
+
+ if (res > 0) {
+ buffer_consume(&srsd->obuf, res);
+ }
+ }
+
+ if (srsd->watchwr == !srsd->obuf.len) {
+ struct epoll_event evt = {
+ .events = EPOLLIN | (srsd->obuf.len ? EPOLLOUT : 0),
+ .data.ptr = srsd,
+ };
+ if (epoll_ctl(epollfd, EPOLL_CTL_MOD, srsd->fd, &evt) < 0) {
+ UNIXERR("epoll_ctl");
+ srsd_delete(&srsd);
+ continue;
+ }
+ srsd->watchwr = srsd->obuf.len != 0;
+ }
+ }
+ }
+
+ close(epollfd);
+
+ error:
+ cleanexit = true;
+ return exitcode;
+}
+
+static srs_t *srs_read_secrets(const char *sfile)
+{
+ srs_t *srs;