import from minilb repo

2026-03-25 16:55:28 +02:00
parent 8efe7090be
commit 3aa1e52a5d
37 changed files with 1977 additions and 424 deletions
--- a/app/config/config.go
+++ b/app/config/config.go
@@ -36,6 +36,7 @@ type Config struct {
 	RunPath  string  `json:"runfile"    yaml:"runfile"`
 	AsDaemon bool    `json:"asDaemon"   yaml:"asDaemon"`
 	LogLimit int64   `json:"logLimit"   yaml:logLimit`
+	RunUser  string  `json:"runUser"    yaml:runUser`
 }

 func NewConfig() (*Config, error) {
@@ -45,6 +46,7 @@ func NewConfig() (*Config, error) {
 		},
 		AsDaemon: false,
 		LogLimit: 1024 * 1024 * 10, // 10 Mb
+		RunUser:  "daemon",
 	}
 	hostname, err := os.Hostname()
 	if err != nil {
--- a/app/config/variant.go
+++ b/app/config/variant.go
@@ -1,9 +1,10 @@
 package config

 const (
-	confdirPath    = "/home/ziggi/Projects/gserver/etc/minilb"
-	rundirPath     = "/home/ziggi/Projects/gserver/tmp/run"
-	logdirPath     = "/home/ziggi/Projects/gserver/tmp/log"
-	datadirPath    = "/home/ziggi/Projects/gserver/tmp/data"
-	packageVersion = "0.0.1"
+	confdirPath = "/etc/minilb"
+	rundirPath  = "/var/run/minilb"
+	logdirPath  = "/var/log/minilb"
+	datadirPath = "/var/lib/minilb"
+	pkgVersion  = "0.0.1"
+	runUser     = "daemon"
 )
--- a/app/config/variant.go.in
+++ b/app/config/variant.go.in
@@ -1,10 +1,10 @@
 package config

 const (
-	confdirPath   = "@srv_confdir@"
-	rundirPath    = "@srv_rundir@"
-	logdirPath    = "@srv_logdir@"
-        datadirPath   = "@srv_datadir@"
-	packageVersion = "@PACKAGE_VERSION@"
+	confdirPath = "@srv_confdir@"
+	rundirPath  = "@srv_rundir@"
+	logdirPath  = "@srv_logdir@"
+	datadirPath = "@srv_datadir@"
+	pkgVersion  = "@PACKAGE_VERSION@"
+	runUser     = "@run_user@"
 )
-
--- a/app/handler/handler.go
+++ b/app/handler/handler.go
@@ -15,13 +15,13 @@ type HandlerConfig struct {

 type Handler struct {
 	mlbctl.UnimplementedControlServer
-	lg  *operator.Operator
-	log *logger.Logger
+	oper *operator.Operator
+	log  *logger.Logger
 }

 func NewHandler(conf *HandlerConfig) *Handler {
 	hand := Handler{
-		lg: conf.Operator,
+		oper: conf.Operator,
 	}
 	hand.log = logger.NewLogger("handler")
 	return &hand
--- a/app/handler/hello.go
+++ b/app/handler/hello.go
@@ -9,6 +9,6 @@ import (
 func (hand *Handler) GetHello(ctx context.Context, req *mlbctl.GetHelloParams) (*mlbctl.GetHelloResult, error) {
 	var err error
 	hand.log.Debugf("Handle getHello request")
-	res, err := hand.lg.GetHello(ctx, req)
+	res, err := hand.oper.GetHello(ctx, req)
 	return res, err
 }
--- a/app/handler/proxy.go
+++ b/app/handler/proxy.go
@@ -0,0 +1,25 @@
+package handler
+
+import (
+	"context"
+
+	"helmet/pkg/mlbctl"
+)
+
+func (hand *Handler) ListForwarders(ctx context.Context, req *mlbctl.ListForwardersParams) (*mlbctl.ListForwardersResult, error) {
+	var err error
+	res, err := hand.oper.ListForwarders(ctx, req)
+	return res, err
+}
+
+func (hand *Handler) CreateForwarder(ctx context.Context, req *mlbctl.CreateForwarderParams) (*mlbctl.CreateForwarderResult, error) {
+	var err error
+	res, err := hand.oper.CreateForwarder(ctx, req)
+	return res, err
+}
+
+func (hand *Handler) DeleteForwarder(ctx context.Context, req *mlbctl.DeleteForwarderParams) (*mlbctl.DeleteForwarderResult, error) {
+	var err error
+	res, err := hand.oper.DeleteForwarder(ctx, req)
+	return res, err
+}
--- a/app/operator/oper.go
+++ b/app/operator/oper.go
@@ -4,6 +4,7 @@ import (
 	"helmet/app/logger"

 	"helmet/app/config"
+	"helmet/app/rproxy"
 )

 type OperatorConfig struct {
@@ -13,13 +14,15 @@ type OperatorConfig struct {
 type Operator struct {
 	log   *logger.Logger
 	auths []config.Auth
+	proxy *rproxy.Proxy
 }

 func NewOperator(conf *OperatorConfig) (*Operator, error) {
 	var err error
-	lg := &Operator{
+	oper := &Operator{
 		auths: conf.Auths,
 	}
-	lg.log = logger.NewLogger("operator")
-	return lg, err
+	oper.log = logger.NewLogger("operator")
+	oper.proxy = rproxy.NewProxy()
+	return oper, err
 }
--- a/app/operator/proxy.go
+++ b/app/operator/proxy.go
@@ -0,0 +1,44 @@
+package operator
+
+import (
+	"context"
+
+	"helmet/pkg/mlbctl"
+)
+
+func (oper *Operator) ListForwarders(ctx context.Context, params *mlbctl.ListForwardersParams) (*mlbctl.ListForwardersResult, error) {
+	var err error
+
+	res := &mlbctl.ListForwardersResult{
+		Forwarders: make([]*mlbctl.Forwarder, 0),
+	}
+	for _, forw := range oper.proxy.Forwarders {
+		oForw := &mlbctl.Forwarder{
+			Lport:        forw.Lport,
+			Dport:        forw.Dport,
+			Destinations: make([]*mlbctl.Destination, 0),
+		}
+		for _, dest := range forw.Dests {
+			oDest := &mlbctl.Destination{
+				Address: dest.Address,
+			}
+			oForw.Destinations = append(oForw.Destinations, oDest)
+		}
+		res.Forwarders = append(res.Forwarders, oForw)
+	}
+	return res, err
+}
+
+func (oper *Operator) CreateForwarder(ctx context.Context, params *mlbctl.CreateForwarderParams) (*mlbctl.CreateForwarderResult, error) {
+	var err error
+	res := &mlbctl.CreateForwarderResult{}
+	err = oper.proxy.AddForwarder(ctx, params.Lport, params.Dport, params.Destinations...)
+	return res, err
+}
+
+func (oper *Operator) DeleteForwarder(ctx context.Context, params *mlbctl.DeleteForwarderParams) (*mlbctl.DeleteForwarderResult, error) {
+	var err error
+	res := &mlbctl.DeleteForwarderResult{}
+	err = oper.proxy.DeleteForwarder(ctx, params.Lport)
+	return res, err
+}
--- a/app/rproxy/proxy.go
+++ b/app/rproxy/proxy.go
@@ -0,0 +1,192 @@
+package rproxy
+
+import (
+	"context"
+	"errors"
+	"io"
+	"log"
+	"math/rand"
+	"net"
+	"strconv"
+	"sync"
+)
+
+type Proxy struct {
+	Forwarders []*Forwarder       `json:"forwarders"  yaml:"forwarders"`
+	ctx        context.Context    `json:"-"           yaml:"-"`
+	cancel     context.CancelFunc `json:"-"           yaml:"-"`
+	wg         sync.WaitGroup     `json:"-"           yaml:"-"`
+}
+
+func NewProxy() *Proxy {
+	ctx, cancel := context.WithCancel(context.Background())
+	return &Proxy{
+		Forwarders: make([]*Forwarder, 0),
+		ctx:        ctx,
+		cancel:     cancel,
+	}
+}
+
+func (bal *Proxy) AddForwarder(ctx context.Context, lport, dport uint32, addrs ...string) error {
+	var err error
+	forw, err := NewForwarder(ctx, lport, dport, addrs...)
+	if err != nil {
+		return err
+	}
+	bal.Forwarders = append(bal.Forwarders, forw)
+	bal.wg.Add(1)
+	go forw.Listen(&bal.wg)
+	return err
+}
+
+func (bal *Proxy) DeleteForwarder(ctx context.Context, lport uint32) error {
+	var err error
+	forwarders := make([]*Forwarder, 0)
+	for _, forw := range bal.Forwarders {
+		if forw.Lport == lport {
+			forw.Stop()
+			continue
+		}
+		forwarders = append(forwarders, forw)
+	}
+	bal.Forwarders = forwarders
+	return err
+}
+
+func (bal *Proxy) Start() error {
+	var err error
+	for _, forw := range bal.Forwarders {
+		bal.wg.Add(1)
+		go forw.Listen(&bal.wg)
+	}
+	bal.wg.Wait()
+	return err
+}
+
+func (bal *Proxy) Stop() error {
+	var err error
+	for _, forw := range bal.Forwarders {
+		forw.Stop()
+	}
+	return err
+}
+
+type Forwarder struct {
+	listen net.Listener       `json:"-"      yaml:"-"`
+	ctx    context.Context    `json:"-"      yaml:"-"`
+	cancel context.CancelFunc `json:"-"      yaml:"-"`
+	Lport  uint32             `json:"lport"  yaml:"lport"`
+	Dport  uint32             `json:"dport"  yaml:"dport"`
+	Dests  []*Destination     `json:"dests"  yaml:"dests"`
+}
+
+func NewForwarder(ctx context.Context, lport, dport uint32, addrs ...string) (*Forwarder, error) {
+	ctx, cancel := context.WithCancel(ctx)
+	forw := &Forwarder{
+		Dests:  make([]*Destination, 0),
+		Lport:  lport,
+		Dport:  dport,
+		ctx:    ctx,
+		cancel: cancel,
+	}
+	for _, addr := range addrs {
+		dest := NewDestination(addr)
+		forw.Dests = append(forw.Dests, dest)
+	}
+	port := ":" + strconv.FormatUint(uint64(forw.Lport), 10)
+	listen, err := net.Listen("tcp", port)
+	if err != nil {
+		return forw, err
+	}
+	forw.listen = listen
+	return forw, err
+}
+
+func (forw *Forwarder) Listen(wg *sync.WaitGroup) {
+	log.Printf("Start listening on %d\n", forw.Lport)
+	defer wg.Done()
+	for {
+		conn, err := forw.listen.Accept()
+		if err != nil {
+			log.Printf("Listen err: %v\n", err)
+			return
+		}
+		go forw.handle(forw.ctx, conn)
+	}
+}
+
+func (forw *Forwarder) Stop() error {
+	return forw.listen.Close()
+}
+
+func (forw *Forwarder) handle(ctx context.Context, inconn net.Conn) {
+	log.Printf("Handler on %d started\n", forw.Lport)
+	defer inconn.Close()
+	if len(forw.Dests) == 0 {
+		return
+	}
+	addrnum := rand.Uint32() % uint32(len(forw.Dests))
+	ipaddr := forw.Dests[addrnum].Address
+	dstaddr := ipaddr + ":" + strconv.FormatUint(uint64(forw.Dport), 10)
+	outconn, err := net.Dial("tcp", dstaddr)
+	if err != nil {
+		return
+	}
+	var wg sync.WaitGroup
+	wg.Add(1)
+	go forw.stream(&wg, inconn, outconn)
+	wg.Add(1)
+	go forw.stream(&wg, outconn, inconn)
+	wg.Wait()
+	log.Printf("Handler on %d stopped\n", forw.Lport)
+}
+
+func (forw *Forwarder) stream(wg *sync.WaitGroup, inconn io.Reader, outconn io.Writer) {
+	defer wg.Done()
+	_, err := copy(forw.ctx, outconn, inconn)
+	if err != nil {
+		log.Printf("Copy err: %v\n", err)
+	}
+}
+
+type Destination struct {
+	Address string `json:"address"  yaml:"address"`
+}
+
+func NewDestination(addr string) *Destination {
+	return &Destination{
+		Address: addr,
+	}
+}
+
+func copy(ctx context.Context, writer io.Writer, reader io.Reader) (int64, error) {
+	var err error
+	var size int64
+	var halt bool
+	buffer := make([]byte, 1024*4)
+	for {
+		select {
+		case <-ctx.Done():
+			err = errors.New("Break copy by context")
+			break
+		default:
+		}
+		rsize, err := reader.Read(buffer)
+		if err == io.EOF {
+			err = nil
+			halt = true
+		}
+		if err != nil {
+			return size, err
+		}
+		wsize, err := writer.Write(buffer[0:rsize])
+		size += int64(wsize)
+		if err != nil {
+			return size, err
+		}
+		if halt {
+			break
+		}
+	}
+	return size, err
+}
--- a/app/server/server.go
+++ b/app/server/server.go
@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 	"fmt"
+	"net"
 	"os"
 	"os/signal"
 	"os/user"
@@ -17,6 +18,7 @@ import (
 	"helmet/app/logger"
 	"helmet/app/operator"
 	"helmet/app/service"
+	"helmet/pkg/network"
 	"helmet/pkg/x509crt"
 )

@@ -32,6 +34,7 @@ type Server struct {
 	ctx      context.Context
 	cancel   context.CancelFunc
 	wg       sync.WaitGroup
+	listen   net.Listener
 }

 func NewServer() (*Server, error) {
@@ -66,23 +69,66 @@ func (srv *Server) Build() error {
 	var err error
 	srv.log.Infof("Build server")

+	// Get effective user uid/guid
+	usr, err := user.Lookup(srv.conf.RunUser)
+	if err != nil {
+		return err
+	}
+	uid64, err := strconv.ParseInt(usr.Uid, 10, 64)
+	if err != nil {
+		return err
+	}
+	gid64, err := strconv.ParseInt(usr.Gid, 10, 64)
+	if err != nil {
+		return err
+	}
+	uid := int(uid64)
+	gid := int(gid64)
+
 	if srv.conf.AsDaemon {
 		logDir := filepath.Dir(srv.conf.LogPath)
-		srv.log.Infof("Create %s dir", logDir)
+		srv.log.Infof("Create log dir: %s", logDir)
 		err = os.MkdirAll(logDir, 0750)
 		if err != nil {
 			return err
 		}
+		err = os.Chown(logDir, uid, gid)
+		if err != nil {
+			return err
+		}
 		runDir := filepath.Dir(srv.conf.RunPath)
-		srv.log.Infof("Create %s dir", runDir)
+		srv.log.Infof("Create run dir: %s", runDir)
 		err = os.MkdirAll(runDir, 0750)
 		if err != nil {
 			return err
 		}
+		err = os.Chown(runDir, uid, gid)
+		if err != nil {
+			return err
+		}
 	}
+	// Create listener
+	addrinfo := ":" + strconv.FormatUint(uint64(srv.conf.Service.Port), 10)
+	listener, err := network.CreateListener(addrinfo)
+	if err != nil {
+		return err
+	}
+	srv.listen = listener
+
+	// Change effective user
+	err = syscall.Setuid(uid)
+	if err != nil {
+		return err
+	}
+	uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
+	usr, err = user.LookupId(uidstr)
+	if err != nil {
+		return err
+	}
+	srv.log.Warningf("Now run as user: %s", usr.Username)

 	// Create X509 certs
-	srv.x509cert, srv.x509key, err = x509crt.CreateX509SelfSignedCert(srv.conf.Hostname)
+	srv.x509cert, srv.x509key, err = x509crt.CreateCertKey(srv.conf.Hostname)
 	if err != nil {
 		return err
 	}
@@ -103,8 +149,7 @@ func (srv *Server) Build() error {

 	// Create service
 	serviceConfig := &service.ServiceConfig{
-		PortNum:  srv.conf.Service.Port,
-		Hostname: srv.conf.Hostname,
+		Listener: srv.listen,
 		Handler:  srv.hand,
 		Operator: srv.oper,
 		X509Cert: srv.x509cert,
@@ -123,86 +168,21 @@ func (srv *Server) Run() error {
 		return err
 	}
 	srv.log.Debugf("Server configuration:\n%s\n", yamlConfig)
-
 	srv.ctx, srv.cancel = context.WithCancel(context.Background())

 	currUser, err := user.Current()
 	if err != nil {
 		return err
 	}
-	srv.log.Infof("Running server as user %s", currUser.Username)
-
-	sigs := make(chan os.Signal, 1)
-	done := make(chan error, 1)
-
-	// Run service
-	startService := func(svc *service.Service, done chan error) {
-		err = svc.Run()
-		if err != nil {
-			srv.log.Errorf("Service error: %v", err)
-			done <- err
-		}
+	srv.log.Infof("Start server as user %s", currUser.Username)
+	uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
+	usr, err := user.LookupId(uidstr)
+	if err != nil {
+		return err
 	}
-	go startService(srv.svc, done)
+	srv.log.Infof("Run server as user %s", usr.Username)

-	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
-	var signal os.Signal
-	select {
-	case signal = <-sigs:
-		srv.log.Infof("Services stopped by signal: %v", signal)
-		srv.cancel()
-		srv.svc.Stop()
-		srv.wg.Wait()
-	}
-	return err
-}
-
-func (srv *Server) PseudoFork() error {
-	const successExit int = 0
-	var keyEnv string = "IMX0LTSELMRF8K"
-	var err error
-
-	_, isChild := os.LookupEnv(keyEnv)
-	switch {
-	case !isChild:
-		os.Setenv(keyEnv, "TRUE")
-		procAttr := syscall.ProcAttr{}
-		cwd, err := os.Getwd()
-		if err != nil {
-			return err
-		}
-		var sysFiles = make([]uintptr, 3)
-		sysFiles[0] = uintptr(syscall.Stdin)
-		sysFiles[1] = uintptr(syscall.Stdout)
-		sysFiles[2] = uintptr(syscall.Stderr)
-
-		procAttr.Files = sysFiles
-		procAttr.Env = os.Environ()
-		procAttr.Dir = cwd
-
-		_, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr)
-		if err != nil {
-			return err
-		}
-		os.Exit(successExit)
-	case isChild:
-		_, err = syscall.Setsid()
-		if err != nil {
-			return err
-		}
-	}
-	os.Unsetenv(keyEnv)
-	return err
-}
-
-func (srv *Server) Daemonize() error {
-	var err error
 	if srv.conf.AsDaemon {
-		// Restart process process
-		err = srv.PseudoFork()
-		if err != nil {
-			return err
-		}
 		// Redirect stdin
 		nullFile, err := os.OpenFile("/dev/null", os.O_RDWR, 0)
 		if err != nil {
@@ -232,11 +212,6 @@ func (srv *Server) Daemonize() error {
 		}
 		srv.logf = logFile
 		// Write process ID
-		rundir := filepath.Dir(srv.conf.RunPath)
-		err = os.MkdirAll(rundir, 0750)
-		if err != nil {
-			return err
-		}
 		pidFile, err := os.OpenFile(srv.conf.RunPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0640)
 		if err != nil {
 			return err
@@ -248,13 +223,51 @@ func (srv *Server) Daemonize() error {
 			return err
 		}
 	}
+
+	sigs := make(chan os.Signal, 1)
+	done := make(chan error, 1)
+
+	// Run service
+	startService := func(svc *service.Service, done chan error) {
+		err = svc.Run()
+		if err != nil {
+			srv.log.Errorf("Service error: %v", err)
+			done <- err
+		}
+	}
+	go startService(srv.svc, done)
+
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+	var signal os.Signal
+	select {
+	case signal = <-sigs:
+		srv.log.Infof("Services stopped by signal: %v", signal)
+		srv.cancel()
+		srv.svc.Stop()
+		srv.wg.Wait()
+	}
 	return err
 }

-func (srv *Server) Rotator() {
+func (srv *Server) Daemonize() error {
+	var err error
+	if srv.conf.AsDaemon {
+		// Restart process process
+		err = srv.pseudoFork()
+		if err != nil {
+			return err
+		}
+	}
+	return err
+}
+
+func (srv *Server) logRotator() {
+	// TODO: integrate into logger
 	srv.wg.Add(1)
+	var counter uint64
 	logFunc := func() {
 		for {
+			counter += 1
 			select {
 			case <-srv.ctx.Done():
 				srv.wg.Done()
@@ -262,26 +275,64 @@ func (srv *Server) Rotator() {
 				return
 			default:
 			}
-			stat, err := srv.logf.Stat()
-			if err == nil && stat.Size() > srv.conf.LogLimit {
-				srv.log.Infof("Rotate log file")
-				countFiles := 3
-				for i := 1; i < countFiles; i++ {
-					nextName := fmt.Sprintf("%s.%d", srv.conf.LogPath, i+1)
-					prevName := fmt.Sprintf("%s.%d", srv.conf.LogPath, i)
-					os.Rename(prevName, nextName)
-				}
-				os.Rename(srv.conf.LogPath, srv.conf.LogPath+".1")
-				logFile, err := os.OpenFile(srv.conf.LogPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0640)
-				if err == nil {
-					syscall.Dup2(int(logFile.Fd()), int(os.Stdout.Fd()))
-					syscall.Dup2(int(logFile.Fd()), int(os.Stderr.Fd()))
-					srv.logf.Close()
-					srv.logf = logFile
+			if (counter % 60) == 1 {
+				stat, err := srv.logf.Stat()
+				if err == nil && stat.Size() > srv.conf.LogLimit {
+					srv.log.Infof("Rotate log file")
+					countFiles := 3
+					for i := 1; i < countFiles; i++ {
+						nextName := fmt.Sprintf("%s.%d", srv.conf.LogPath, i+1)
+						prevName := fmt.Sprintf("%s.%d", srv.conf.LogPath, i)
+						os.Rename(prevName, nextName)
+					}
+					os.Rename(srv.conf.LogPath, srv.conf.LogPath+".1")
+					logFile, err := os.OpenFile(srv.conf.LogPath, os.O_WRONLY|os.O_CREATE|os.O_APPEND, 0640)
+					if err == nil {
+						syscall.Dup2(int(logFile.Fd()), int(os.Stdout.Fd()))
+						syscall.Dup2(int(logFile.Fd()), int(os.Stderr.Fd()))
+						srv.logf.Close()
+						srv.logf = logFile
+					}
 				}
 			}
-			time.Sleep(3 * time.Second)
+			time.Sleep(1 * time.Second)
 		}
 	}
 	go logFunc()
 }
+
+func (srv *Server) pseudoFork() error {
+	const successExit int = 0
+	var keyEnv string = "IMX0LTSELMRF8K"
+	var err error
+	_, isChild := os.LookupEnv(keyEnv)
+	switch {
+	case !isChild:
+		os.Setenv(keyEnv, "TRUE")
+		procAttr := syscall.ProcAttr{}
+		cwd, err := os.Getwd()
+		if err != nil {
+			return err
+		}
+		var sysFiles = make([]uintptr, 3)
+		sysFiles[0] = uintptr(syscall.Stdin)
+		sysFiles[1] = uintptr(syscall.Stdout)
+		sysFiles[2] = uintptr(syscall.Stderr)
+
+		procAttr.Files = sysFiles
+		procAttr.Env = os.Environ()
+		procAttr.Dir = cwd
+		_, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr)
+		if err != nil {
+			return err
+		}
+		os.Exit(successExit)
+	case isChild:
+		_, err = syscall.Setsid()
+		if err != nil {
+			return err
+		}
+	}
+	os.Unsetenv(keyEnv)
+	return err
+}
--- a/app/service/service.go
+++ b/app/service/service.go
@@ -4,12 +4,10 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/json"
-	"fmt"
 	"net"

-	"helmet/app/logger"
-
 	"helmet/app/handler"
+	"helmet/app/logger"
 	"helmet/app/operator"

 	"google.golang.org/grpc"
@@ -22,8 +20,7 @@ import (
 type ServiceConfig struct {
 	Handler  *handler.Handler
 	Operator *operator.Operator
-	PortNum  uint32
-	Hostname string
+	Listener net.Listener
 	X509Cert []byte
 	X509Key  []byte
 }
@@ -33,11 +30,7 @@ type Service struct {
 	hand     *handler.Handler
 	oper     *operator.Operator
 	log      *logger.Logger
-	portnum  uint32
-	hostname string
-
-	username string
-	password string
+	listen   net.Listener
 	x509Cert []byte
 	x509Key  []byte
 }
@@ -46,8 +39,7 @@ func NewService(conf *ServiceConfig) *Service {
 	svc := Service{
 		hand:     conf.Handler,
 		oper:     conf.Operator,
-		portnum:  conf.PortNum,
-		hostname: conf.Hostname,
+		listen:   conf.Listener,
 		x509Cert: conf.X509Cert,
 		x509Key:  conf.X509Key,
 	}
@@ -60,12 +52,6 @@ func (svc *Service) Run() error {
 	var err error
 	svc.log.Infof("Service run")

-	listenSpec := fmt.Sprintf(":%d", svc.portnum)
-	listener, err := net.Listen("tcp", listenSpec)
-	if err != nil {
-		return err
-	}
-
 	tlsCert, err := tls.X509KeyPair(svc.x509Cert, svc.x509Key)
 	if err != nil {
 		return err
@@ -75,7 +61,6 @@ func (svc *Service) Run() error {
 		ClientAuth:         tls.NoClientCert,
 		InsecureSkipVerify: true,
 	}
-
 	tlsCredentials := credentials.NewTLS(&tlsConfig)
 	if err != nil {
 		return err
@@ -87,14 +72,13 @@ func (svc *Service) Run() error {
 	gsrvOpts := []grpc.ServerOption{
 		grpc.Creds(tlsCredentials),
 		grpc.ChainUnaryInterceptor(interceptors...),
-		//grpc.UnaryInterceptor(svc.authInterceptor),
 	}
 	svc.gsrv = grpc.NewServer(gsrvOpts...)

 	svc.hand.Register(svc.gsrv)

-	svc.log.Infof("Service listening at %v", listener.Addr())
-	err = svc.gsrv.Serve(listener)
+	svc.log.Infof("Service listening at %v", svc.listen.Addr())
+	err = svc.gsrv.Serve(svc.listen)
 	if err != nil {
 		return err
 	}