X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=main-postlicyd.c;h=ff5097fae14fb785db1961063529ece6a63df9e5;hb=e19b9956a229a2197ec33175f1da59629192c3aa;hp=fa92f0da9f5e46d4f2cbc5e3a597ffd86f6bc506;hpb=cd6d97ab05dc231c35cf0dd38afaa43f0ab1fd99;p=apps%2Fpfixtools.git

diff --git a/main-postlicyd.c b/main-postlicyd.c
index fa92f0d..ff5097f 100644
--- a/main-postlicyd.c
+++ b/main-postlicyd.c
@@ -41,6 +41,9 @@
 #include "tokens.h"
 
 #define DAEMON_NAME             "postlicyd"
+#define DEFAULT_PORT            10000
+#define RUNAS_USER              "nobody"
+#define RUNAS_GROUP             "nogroup"
 
 enum smtp_state {
     SMTP_UNKNOWN,
@@ -84,20 +87,9 @@ typedef struct query_t {
     const char *encryption_cipher;
     const char *encryption_keysize;
     const char *etrn_domain;
-
-    buffer_t data;
 } query_t;
 
-static query_t *query_init(query_t *rq) {
-    memset(rq, 0, offsetof(query_t, data));
-    buffer_init(&rq->data);
-    return rq;
-}
-static void query_wipe(query_t *rq) {
-    buffer_wipe(&rq->data);
-}
-
-static int postfix_parsejob(query_t *query)
+static int postfix_parsejob(query_t *query, char *p)
 {
 #define PARSE_CHECK(expr, error, ...)                                        \
     do {                                                                     \
@@ -107,9 +99,7 @@ static int postfix_parsejob(query_t *query)
         }                                                                    \
     } while (0)
 
-    char *p = vskipspaces(query->data.data);
-
-    memset(query, 0, offsetof(query_t, data));
+    p_clear(&query, 1);
     while (p[0] != '\r' || p[1] != '\n') {
         char *k, *v;
         int klen, vlen, vtk;
@@ -195,12 +185,13 @@ static int postfix_parsejob(query_t *query)
 
 static void *policy_run(int fd, void *data)
 {
-    query_t q;
-    query_init(&q);
+    buffer_t buf;
 
+    buffer_init(&buf);
     for (;;) {
-        int nb = buffer_read(&q.data, fd, -1);
+        int nb = buffer_read(&buf, fd, -1);
         const char *eoq;
+        query_t q;
 
         if (nb < 0) {
             if (errno == EAGAIN || errno == EINTR)
@@ -209,51 +200,30 @@ static void *policy_run(int fd, void *data)
             break;
         }
         if (nb == 0) {
-            if (q.data.len)
+            if (buf.len)
                 syslog(LOG_ERR, "unexpected end of data");
             break;
         }
 
-        eoq = strstr(q.data.data + MAX(0, q.data.len - 3), "\r\n\r\n");
+        eoq = strstr(buf.data + MAX(0, buf.len - 3), "\r\n\r\n");
         if (!eoq)
             continue;
 
-        if (postfix_parsejob(&q) < 0)
+        if (postfix_parsejob(&q, buf.data) < 0)
             break;
 
-        buffer_consume(&q.data, eoq + strlen("\r\n\r\n") - q.data.data);
+        buffer_consume(&buf, eoq + strlen("\r\n\r\n") - buf.data);
         if (xwrite(fd, "DUNNO\r\n", strlen("DUNNO\r\n"))) {
             UNIXERR("write");
             break;
         }
     }
+    buffer_wipe(&buf);
 
-    query_wipe(&q);
     close(fd);
     return NULL;
 }
 
-static int main_loop(void)
-{
-    int exitcode = EXIT_SUCCESS;
-    int sock = -1;
-
-    while (!sigint) {
-        int fd = accept(sock, NULL, 0);
-        if (fd < 0) {
-            if (errno != EINTR || errno != EAGAIN)
-                UNIXERR("accept");
-            continue;
-        }
-
-        thread_launch(policy_run, fd, NULL);
-        threads_join();
-    }
-
-    close(sock);
-    return exitcode;
-}
-
 /* administrivia {{{ */
 
 static int main_initialize(void)
@@ -262,6 +232,7 @@ static int main_initialize(void)
     signal(SIGPIPE, SIG_IGN);
     signal(SIGINT,  &common_sighandler);
     signal(SIGTERM, &common_sighandler);
+    signal(SIGHUP,  &common_sighandler);
     signal(SIGSEGV, &common_sighandler);
     syslog(LOG_INFO, "Starting...");
     return 0;
@@ -280,7 +251,9 @@ void usage(void)
     fputs("usage: "DAEMON_NAME" [options] config\n"
           "\n"
           "Options:\n"
+          "    -l <port>    port to listen to\n"
           "    -p <pidfile> file to write our pid to\n"
+          "    -f           stay in foreground\n"
          , stderr);
 }
 
@@ -288,14 +261,26 @@ void usage(void)
 
 int main(int argc, char *argv[])
 {
+    struct sockaddr_in addr = {
+        .sin_family = AF_INET,
+        .sin_addr   = { htonl(INADDR_LOOPBACK) },
+    };
     const char *pidfile = NULL;
-    int res;
+    bool daemonize = true;
+    int port = DEFAULT_PORT;
+    int sock = -1;
 
-    for (int c = 0; (c = getopt(argc, argv, "h" "p:")) >= 0; ) {
+    for (int c = 0; (c = getopt(argc, argv, "hf" "l:p:")) >= 0; ) {
         switch (c) {
           case 'p':
             pidfile = optarg;
             break;
+          case 'l':
+            port = atoi(optarg);
+            break;
+          case 'f':
+            daemonize = false;
+            break;
           default:
             usage();
             return EXIT_FAILURE;
@@ -312,13 +297,35 @@ int main(int argc, char *argv[])
         return EXIT_FAILURE;
     }
 
-    if (daemon_detach() < 0) {
+    if (drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
+        syslog(LOG_CRIT, "unable to drop privileges");
+        return EXIT_FAILURE;
+    }
+
+    if (daemonize && daemon_detach() < 0) {
         syslog(LOG_CRIT, "unable to fork");
         return EXIT_FAILURE;
     }
 
     pidfile_refresh();
-    res = main_loop();
+
+    addr.sin_port = htons(port);
+    sock = tcp_listen((struct sockaddr *)&addr, sizeof(addr));
+    if (sock < 0)
+        return EXIT_FAILURE;
+
+    while (!sigint) {
+        int fd = accept(sock, NULL, 0);
+        if (fd < 0) {
+            if (errno != EINTR && errno != EAGAIN)
+                UNIXERR("accept");
+            continue;
+        }
+        thread_launch(policy_run, fd, NULL);
+        threads_join();
+    }
+
+    close(sock);
     syslog(LOG_INFO, "Stopping...");
-    return res;
+    return EXIT_SUCCESS;
 }