/******************************************************************************/
-/* postlicyd: a postfix policy daemon with a lot of features */
+/* pfixtools: a collection of postfix related tools */
/* ~~~~~~~~~ */
/* ________________________________________________________________________ */
/* */
#include "mem.h"
#include "buffer.h"
-#define DAEMON_NAME "srsd"
+#define DAEMON_NAME "pfix-srsd"
#define DEFAULT_ENCODER_PORT 10000
#define DEFAULT_DECODER_PORT 10001
+#define RUNAS_USER "nobody"
+#define RUNAS_GROUP "nogroup"
+
#define __tostr(x) #x
#define STR(x) __tostr(x)
int sock;
addr.sin_port = htons(port);
- sock = tcp_listen((const struct sockaddr *)&addr, sizeof(addr));
+ sock = tcp_listen_nonblock((const struct sockaddr *)&addr, sizeof(addr));
if (sock < 0) {
return -1;
}
signal(SIGINT, &common_sighandler);
signal(SIGTERM, &common_sighandler);
signal(SIGHUP, &common_sighandler);
+ signal(SIGSEGV, &common_sighandler);
syslog(LOG_INFO, "Starting...");
return 0;
}
static void main_shutdown(void)
{
- syslog(LOG_INFO, cleanexit ? "Stopping..." : "Unclean exit...");
closelog();
}
void usage(void)
{
- fputs("usage: "DAEMON_NAME" [ -e <port> ] [ -d <port> ] domain secrets\n"
+ fputs("usage: "DAEMON_NAME" [options] domain secrets\n"
"\n"
+ "Options:\n"
" -e <port> port to listen to for encoding requests\n"
" (default: "STR(DEFAULT_ENCODER_PORT)")\n"
" -d <port> port to listen to for decoding requests\n"
" (default: "STR(DEFAULT_DECODER_PORT)")\n"
+ " -p <pidfile> file to write our pid to\n"
+ " -u unsafe mode: don't drop privilegies\n"
, stderr);
}
srsd_t *tmp;
int sock;
- sock = accept(srsd->fd, NULL, NULL);
+ sock = accept_nonblock(srsd->fd);
if (sock < 0) {
UNIXERR("accept");
continue;
close(epollfd);
error:
- cleanexit = true;
return exitcode;
}
int n = strlen(buf);
++lineno;
- if (buf[n - 1] != '\n') {
+ if (n == sizeof(buf) - 1 && buf[n - 1] != '\n') {
syslog(LOG_CRIT, "%s:%d: line too long", sfile, lineno);
goto error;
}
-
- srs_add_secret(srs, buf);
+ m_strrtrim(buf);
+ srs_add_secret(srs, skipspaces(buf));
}
if (!lineno) {
int main(int argc, char *argv[])
{
+ bool unsafe = false;
int port_enc = DEFAULT_ENCODER_PORT;
int port_dec = DEFAULT_DECODER_PORT;
+ const char *pidfile = NULL;
+ FILE *f = NULL;
+ int res;
srs_t *srs;
if (atexit(common_shutdown)) {
}
common_initialize();
- for (int c = 0; (c = getopt(argc, argv, "he:d:")) >= 0; ) {
+ for (int c = 0; (c = getopt(argc, argv, "he:d:p:u")) >= 0; ) {
switch (c) {
case 'e':
port_enc = atoi(optarg);
case 'd':
port_dec = atoi(optarg);
break;
+ case 'p':
+ pidfile = optarg;
+ break;
+ case 'u':
+ unsafe = true;
+ break;
default:
usage();
return EXIT_FAILURE;
return EXIT_FAILURE;
}
- return main_loop(srs, argv[optind], port_enc, port_dec);
+ if (pidfile) {
+ f = fopen(pidfile, "w");
+ if (!f) {
+ syslog(LOG_CRIT, "unable to write pidfile %s", pidfile);
+ }
+ fprintf(f, "%d\n", getpid());
+ fflush(f);
+ }
+
+ if (!unsafe && drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
+ syslog(LOG_CRIT, "unable to drop privileges");
+ return EXIT_FAILURE;
+ }
+
+ if (daemon_detach() < 0) {
+ syslog(LOG_CRIT, "unable to fork");
+ return EXIT_FAILURE;
+ }
+
+ if (f) {
+ rewind(f);
+ ftruncate(fileno(f), 0);
+ fprintf(f, "%d\n", getpid());
+ fflush(f);
+ }
+ res = main_loop(srs, argv[optind], port_enc, port_dec);
+ if (f) {
+ rewind(f);
+ ftruncate(fileno(f), 0);
+ fclose(f);
+ f = NULL;
+ }
+ syslog(LOG_INFO, "Stopping...");
+ return res;
}