X-Git-Url: http://git.madism.org/?a=blobdiff_plain;f=srsd.c;h=bdd98a8e2d88bbe85b20dd9574d643f44536a03b;hb=e3d9a582b6ff0bef16a6c1e7f506d9088379c77a;hp=26280de513e98d2e36abb4f19f04de50c4c115e3;hpb=90f03cb500b9d269c49291a257eb9472fd6c8fad;p=apps%2Fpfixtools.git

diff --git a/srsd.c b/srsd.c
index 26280de..bdd98a8 100644
--- a/srsd.c
+++ b/srsd.c
@@ -1,5 +1,5 @@
 /******************************************************************************/
-/*          postlicyd: a postfix policy daemon with a lot of features         */
+/*          pfixtools: a collection of postfix related tools                  */
 /*          ~~~~~~~~~                                                         */
 /*  ________________________________________________________________________  */
 /*                                                                            */
@@ -45,9 +45,12 @@
 #include "mem.h"
 #include "buffer.h"
 
-#define DAEMON_NAME             "srsd"
+#define DAEMON_NAME             "pfix-srsd"
 #define DEFAULT_ENCODER_PORT    10000
 #define DEFAULT_DECODER_PORT    10001
+#define RUNAS_USER              "nobody"
+#define RUNAS_GROUP             "nogroup"
+
 #define __tostr(x)  #x
 #define STR(x)      __tostr(x)
 
@@ -172,7 +175,7 @@ int start_listener(int epollfd, int port, bool decoder)
     int sock;
 
     addr.sin_port = htons(port);
-    sock = tcp_listen((const struct sockaddr *)&addr, sizeof(addr));
+    sock = tcp_listen_nonblock((const struct sockaddr *)&addr, sizeof(addr));
     if (sock < 0) {
         return -1;
     }
@@ -198,13 +201,13 @@ static int main_initialize(void)
     signal(SIGINT,  &common_sighandler);
     signal(SIGTERM, &common_sighandler);
     signal(SIGHUP,  &common_sighandler);
+    signal(SIGSEGV, &common_sighandler);
     syslog(LOG_INFO, "Starting...");
     return 0;
 }
 
 static void main_shutdown(void)
 {
-    syslog(LOG_INFO, cleanexit ? "Stopping..." : "Unclean exit...");
     closelog();
 }
 
@@ -213,12 +216,15 @@ module_exit(main_shutdown);
 
 void usage(void)
 {
-    fputs("usage: "DAEMON_NAME" [ -e <port> ] [ -d <port> ] domain secrets\n"
+    fputs("usage: "DAEMON_NAME" [options] domain secrets\n"
           "\n"
+          "Options:\n"
           "    -e <port>    port to listen to for encoding requests\n"
           "                 (default: "STR(DEFAULT_ENCODER_PORT)")\n"
           "    -d <port>    port to listen to for decoding requests\n"
           "                 (default: "STR(DEFAULT_DECODER_PORT)")\n"
+          "    -p <pidfile> file to write our pid to\n"
+          "    -u           unsafe mode: don't drop privilegies\n"
          , stderr);
 }
 
@@ -326,7 +332,6 @@ int main_loop(srs_t *srs, const char *domain, int port_enc, int port_dec)
     close(epollfd);
 
   error:
-    cleanexit = true;
     return exitcode;
 }
 
@@ -349,12 +354,12 @@ static srs_t *srs_read_secrets(const char *sfile)
         int n = strlen(buf);
 
         ++lineno;
-        if (buf[n - 1] != '\n') {
+        if (n == sizeof(buf) - 1 && buf[n - 1] != '\n') {
             syslog(LOG_CRIT, "%s:%d: line too long", sfile, lineno);
             goto error;
         }
-
-        srs_add_secret(srs, buf);
+        m_strrtrim(buf);
+        srs_add_secret(srs, skipspaces(buf));
     }
 
     if (!lineno) {
@@ -373,9 +378,13 @@ static srs_t *srs_read_secrets(const char *sfile)
 
 int main(int argc, char *argv[])
 {
+    bool unsafe  = false;
     int port_enc = DEFAULT_ENCODER_PORT;
     int port_dec = DEFAULT_DECODER_PORT;
+    const char *pidfile = NULL;
 
+    FILE *f = NULL;
+    int res;
     srs_t *srs;
 
     if (atexit(common_shutdown)) {
@@ -384,7 +393,7 @@ int main(int argc, char *argv[])
     }
     common_initialize();
 
-    for (int c = 0; (c = getopt(argc, argv, "he:d:")) >= 0; ) {
+    for (int c = 0; (c = getopt(argc, argv, "he:d:p:u")) >= 0; ) {
         switch (c) {
           case 'e':
             port_enc = atoi(optarg);
@@ -392,6 +401,12 @@ int main(int argc, char *argv[])
           case 'd':
             port_dec = atoi(optarg);
             break;
+          case 'p':
+            pidfile = optarg;
+            break;
+          case 'u':
+            unsafe = true;
+            break;
           default:
             usage();
             return EXIT_FAILURE;
@@ -408,5 +423,38 @@ int main(int argc, char *argv[])
         return EXIT_FAILURE;
     }
 
-    return main_loop(srs, argv[optind], port_enc, port_dec);
+    if (pidfile) {
+        f = fopen(pidfile, "w");
+        if (!f) {
+            syslog(LOG_CRIT, "unable to write pidfile %s", pidfile);
+        }
+        fprintf(f, "%d\n", getpid());
+        fflush(f);
+    }
+
+    if (!unsafe && drop_privileges(RUNAS_USER, RUNAS_GROUP) < 0) {
+        syslog(LOG_CRIT, "unable to drop privileges");
+        return EXIT_FAILURE;
+    }
+
+    if (daemon_detach() < 0) {
+        syslog(LOG_CRIT, "unable to fork");
+        return EXIT_FAILURE;
+    }
+
+    if (f) {
+        rewind(f);
+        ftruncate(fileno(f), 0);
+        fprintf(f, "%d\n", getpid());
+        fflush(f);
+    }
+    res = main_loop(srs, argv[optind], port_enc, port_dec);
+    if (f) {
+        rewind(f);
+        ftruncate(fileno(f), 0);
+        fclose(f);
+        f = NULL;
+    }
+    syslog(LOG_INFO, "Stopping...");
+    return res;
 }