X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=srsd.c;h=0958bfd6f5d17be031f7cde4422d7023a51e43ae;hb=1ff926eac33152aee930a454ac1d3dec6e6e5faf;hp=467c2f271dbbe1f81348858f1455d1c0308f4ba1;hpb=320d839e39b3f6860823f5ecc839838d93c40414;p=apps%2Fpfixtools.git

diff --git a/srsd.c b/srsd.c
index 467c2f2..0958bfd 100644
--- a/srsd.c
+++ b/srsd.c
@@ -45,9 +45,12 @@
 #include "mem.h"
 #include "buffer.h"
 
-#define DAEMON_NAME             "srsd"
+#define DAEMON_NAME             "pfix-srsd"
 #define DEFAULT_ENCODER_PORT    10000
 #define DEFAULT_DECODER_PORT    10001
+#define RUNAS_USER              "nobody"
+#define RUNAS_GROUP             "nogroup"
+
 #define __tostr(x)  #x
 #define STR(x)      __tostr(x)
 
@@ -213,12 +216,15 @@ module_exit(main_shutdown);
 
 void usage(void)
 {
-    fputs("usage: "DAEMON_NAME" [ -e <port> ] [ -d <port> ] domain secrets\n"
+    fputs("usage: "DAEMON_NAME" [options] domain secrets\n"
           "\n"
+          "Options:\n"
           "    -e <port>    port to listen to for encoding requests\n"
           "                 (default: "STR(DEFAULT_ENCODER_PORT)")\n"
           "    -d <port>    port to listen to for decoding requests\n"
           "                 (default: "STR(DEFAULT_DECODER_PORT)")\n"
+          "    -p <pidfile> file to write our pid to\n"
+          "    -u           unsafe mode: don't drop privilegies\n"
          , stderr);
 }
 
@@ -349,12 +355,12 @@ static srs_t *srs_read_secrets(const char *sfile)
         int n = strlen(buf);
 
         ++lineno;
-        if (buf[n - 1] != '\n') {
+        if (n == sizeof(buf) - 1 && buf[n - 1] != '\n') {
             syslog(LOG_CRIT, "%s:%d: line too long", sfile, lineno);
             goto error;
         }
-
-        srs_add_secret(srs, buf);
+        m_strrtrim(buf);
+        srs_add_secret(srs, skipspaces(buf));
     }
 
     if (!lineno) {
@@ -373,9 +379,13 @@ static srs_t *srs_read_secrets(const char *sfile)
 
 int main(int argc, char *argv[])
 {
+    bool unsafe  = false;
     int port_enc = DEFAULT_ENCODER_PORT;
     int port_dec = DEFAULT_DECODER_PORT;
+    const char *pidfile = NULL;
 
+    FILE *f = NULL;
+    int res;
     srs_t *srs;
 
     if (atexit(common_shutdown)) {
@@ -384,7 +394,7 @@ int main(int argc, char *argv[])
     }
     common_initialize();
 
-    for (int c = 0; (c = getopt(argc, argv, "he:d:")) >= 0; ) {
+    for (int c = 0; (c = getopt(argc, argv, "he:d:p:u")) >= 0; ) {
         switch (c) {
           case 'e':
             port_enc = atoi(optarg);
@@ -392,6 +402,12 @@ int main(int argc, char *argv[])
           case 'd':
             port_dec = atoi(optarg);
             break;
+          case 'p':
+            pidfile = optarg;
+            break;
+          case 'u':
+            unsafe = true;
+            break;
           default:
             usage();
             return EXIT_FAILURE;
@@ -408,5 +424,37 @@ int main(int argc, char *argv[])
         return EXIT_FAILURE;
     }
 
-    return main_loop(srs, argv[optind], port_enc, port_dec);
+    if (pidfile) {
+        f = fopen(pidfile, "w");
+        if (!f) {
+            syslog(LOG_CRIT, "unable to write pidfile %s", pidfile);
+        }
+        fprintf(f, "%d\n", getpid());
+        fflush(f);
+    }
+
+    if (!unsafe && drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
+        syslog(LOG_CRIT, "unable to drop privileges");
+        return EXIT_FAILURE;
+    }
+
+    if (daemon_detach() < 0) {
+        syslog(LOG_CRIT, "unable to fork");
+        return EXIT_FAILURE;
+    }
+
+    if (f) {
+        rewind(f);
+        ftruncate(fileno(f), 0);
+        fprintf(f, "%d\n", getpid());
+        fflush(f);
+    }
+    res = main_loop(srs, argv[optind], port_enc, port_dec);
+    if (f) {
+        rewind(f);
+        ftruncate(fileno(f), 0);
+        fclose(f);
+        f = NULL;
+    }
+    return res;
 }