diff --git a/Makefile.am b/Makefile.am index 89c812e..1de7edf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -87,14 +87,28 @@ EXTRA_DIST = \ vendor/* -SYSTEMD_LIBDIR = /lib/systemd/system +FREEBSD_LOCALBASE = /usr/local +FREEBSD_RCDIR = $(FREEBSD_LOCALBASE)/etc/rc.d +LINUX_SYSTEMDDIR = /lib/systemd/system install-data-local: test -z $(DESTDIR)$(srv_confdir) || $(MKDIR_P) $(DESTDIR)$(srv_confdir) test -z $(DESTDIR)$(srv_logdir) || $(MKDIR_P) $(DESTDIR)$(srv_logdir) test -z $(DESTDIR)$(srv_rundir) || $(MKDIR_P) $(DESTDIR)$(srv_rundir) test -z $(DESTDIR)$(SYSTEMD_LIBDIR) || $(MKDIR_P) $(DESTDIR)$(SYSTEMD_LIBDIR) - $(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(SYSTEMD_LIBDIR) +if FREEBSD_OS + test -z $(DESTDIR)$(FREEBSD_RCDIR) || $(MKDIR_P) $(DESTDIR)$(FREEBSD_RCDIR) + $(INSTALL_DATA) initrc/minilbd $(DESTDIR)$(FREEBSD_RCDIR) + chmod a+x $(DESTDIR)$(FREEBSD_RCDIR)/minilbd +endif +if LINUX_OS +if SYSTEMD + test -z $(DESTDIR)$(LINUX_SYSTEMDDIR) || $(MKDIR_P) $(DESTDIR)$(LINUX_SYSTEMDDIR) + $(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(LINUX_SYSTEMDDIR) +endif +endif + + GENDIR=pkg/mlbctl grpc: diff --git a/Makefile.in b/Makefile.in index c95cc3c..51a366a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -103,7 +103,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = app/config/variant.go initrc/minilbd.service \ - debian/control debian/changelog + initrc/minilbd debian/control debian/changelog CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS) @@ -176,6 +176,7 @@ am__DIST_COMMON = $(srcdir)/Makefile.in \ $(top_srcdir)/app/config/variant.go.in \ $(top_srcdir)/debian/changelog.in \ $(top_srcdir)/debian/control.in \ + $(top_srcdir)/initrc/minilbd.in \ $(top_srcdir)/initrc/minilbd.service.in README.md config.guess \ config.sub install-sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -244,6 +245,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PODMAN = @PODMAN@ PROTOC = @PROTOC@ ROOT_GROUP = @ROOT_GROUP@ +RUN_USER = @RUN_USER@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SORT = @SORT@ @@ -293,16 +295,19 @@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +run_user = @run_user@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ +srv_bindir = @srv_bindir@ srv_confdir = @srv_confdir@ srv_datadir = @srv_datadir@ srv_devel_mode = @srv_devel_mode@ srv_libdir = @srv_libdir@ srv_logdir = @srv_logdir@ srv_rundir = @srv_rundir@ +srv_sbindir = @srv_sbindir@ srv_sharedir = @srv_sharedir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ @@ -368,7 +373,9 @@ EXTRA_DIST = \ README.md \ vendor/* -SYSTEMD_LIBDIR = /lib/systemd/system +FREEBSD_LOCALBASE = /usr/local +FREEBSD_RCDIR = $(FREEBSD_LOCALBASE)/etc/rc.d +LINUX_SYSTEMDDIR = /lib/systemd/system GENDIR = pkg/mlbctl BUILD_DIR = $(shell pwd)/TMP.build DIST_DIR = $(shell pwd)/DIST @@ -414,6 +421,8 @@ app/config/variant.go: $(top_builddir)/config.status $(top_srcdir)/app/config/va cd $(top_builddir) && $(SHELL) ./config.status $@ initrc/minilbd.service: $(top_builddir)/config.status $(top_srcdir)/initrc/minilbd.service.in cd $(top_builddir) && $(SHELL) ./config.status $@ +initrc/minilbd: $(top_builddir)/config.status $(top_srcdir)/initrc/minilbd.in + cd $(top_builddir) && $(SHELL) ./config.status $@ debian/control: $(top_builddir)/config.status $(top_srcdir)/debian/control.in cd $(top_builddir) && $(SHELL) ./config.status $@ debian/changelog: $(top_builddir)/config.status $(top_srcdir)/debian/changelog.in @@ -884,7 +893,11 @@ install-data-local: test -z $(DESTDIR)$(srv_logdir) || $(MKDIR_P) $(DESTDIR)$(srv_logdir) test -z $(DESTDIR)$(srv_rundir) || $(MKDIR_P) $(DESTDIR)$(srv_rundir) test -z $(DESTDIR)$(SYSTEMD_LIBDIR) || $(MKDIR_P) $(DESTDIR)$(SYSTEMD_LIBDIR) - $(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(SYSTEMD_LIBDIR) +@FREEBSD_OS_TRUE@ test -z $(DESTDIR)$(FREEBSD_RCDIR) || $(MKDIR_P) $(DESTDIR)$(FREEBSD_RCDIR) +@FREEBSD_OS_TRUE@ $(INSTALL_DATA) initrc/minilbd $(DESTDIR)$(FREEBSD_RCDIR) +@FREEBSD_OS_TRUE@ chmod a+x $(DESTDIR)$(FREEBSD_RCDIR)/minilbd +@LINUX_OS_TRUE@@SYSTEMD_TRUE@ test -z $(DESTDIR)$(LINUX_SYSTEMDDIR) || $(MKDIR_P) $(DESTDIR)$(LINUX_SYSTEMDDIR) +@LINUX_OS_TRUE@@SYSTEMD_TRUE@ $(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(LINUX_SYSTEMDDIR) grpc: mkdir -p $(GENDIR) $(PROTOC) --proto_path=proto --go_out=$(GENDIR) --go-grpc_out=$(GENDIR) proto/mlbctl.proto diff --git a/app/config/config.go b/app/config/config.go index fb6a977..45862f8 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -36,6 +36,7 @@ type Config struct { RunPath string `json:"runfile" yaml:"runfile"` AsDaemon bool `json:"asDaemon" yaml:"asDaemon"` LogLimit int64 `json:"logLimit" yaml:logLimit` + RunUser string `json:"runUser" yaml:runUser` } func NewConfig() (*Config, error) { @@ -45,6 +46,7 @@ func NewConfig() (*Config, error) { }, AsDaemon: false, LogLimit: 1024 * 1024 * 10, // 10 Mb + RunUser: "daemon", } hostname, err := os.Hostname() if err != nil { diff --git a/app/config/variant.go b/app/config/variant.go index 403740b..79c7709 100644 --- a/app/config/variant.go +++ b/app/config/variant.go @@ -1,9 +1,10 @@ package config const ( - confdirPath = "/home/ziggi/Projects/minilb/etc/minilb" - rundirPath = "/home/ziggi/Projects/minilb/tmp/run" - logdirPath = "/home/ziggi/Projects/minilb/tmp/log" - datadirPath = "/home/ziggi/Projects/minilb/tmp/data" - packageVersion = "0.0.1" + confdirPath = "/etc/minilb" + rundirPath = "/var/run/minilb" + logdirPath = "/var/log/minilb" + datadirPath = "/var/lib/minilb" + pkgVersion = "0.0.1" + runUser = "daemon" ) diff --git a/app/config/variant.go.in b/app/config/variant.go.in index 61e49bf..fa149de 100644 --- a/app/config/variant.go.in +++ b/app/config/variant.go.in @@ -1,10 +1,10 @@ package config const ( - confdirPath = "@srv_confdir@" - rundirPath = "@srv_rundir@" - logdirPath = "@srv_logdir@" - datadirPath = "@srv_datadir@" - packageVersion = "@PACKAGE_VERSION@" + confdirPath = "@srv_confdir@" + rundirPath = "@srv_rundir@" + logdirPath = "@srv_logdir@" + datadirPath = "@srv_datadir@" + pkgVersion = "@PACKAGE_VERSION@" + runUser = "@run_user@" ) - diff --git a/app/server/server.go b/app/server/server.go index 9c394d8..3f6009c 100644 --- a/app/server/server.go +++ b/app/server/server.go @@ -3,6 +3,7 @@ package server import ( "context" "fmt" + "net" "os" "os/signal" "os/user" @@ -17,6 +18,7 @@ import ( "helmet/app/logger" "helmet/app/operator" "helmet/app/service" + "helmet/pkg/network" "helmet/pkg/x509crt" ) @@ -32,6 +34,7 @@ type Server struct { ctx context.Context cancel context.CancelFunc wg sync.WaitGroup + listen net.Listener } func NewServer() (*Server, error) { @@ -66,23 +69,66 @@ func (srv *Server) Build() error { var err error srv.log.Infof("Build server") + // Get effective user uid/guid + usr, err := user.Lookup(srv.conf.RunUser) + if err != nil { + return err + } + uid64, err := strconv.ParseInt(usr.Uid, 10, 64) + if err != nil { + return err + } + gid64, err := strconv.ParseInt(usr.Gid, 10, 64) + if err != nil { + return err + } + uid := int(uid64) + gid := int(gid64) + if srv.conf.AsDaemon { logDir := filepath.Dir(srv.conf.LogPath) - srv.log.Infof("Create %s dir", logDir) + srv.log.Infof("Create log dir: %s", logDir) err = os.MkdirAll(logDir, 0750) if err != nil { return err } + err = os.Chown(logDir, uid, gid) + if err != nil { + return err + } runDir := filepath.Dir(srv.conf.RunPath) - srv.log.Infof("Create %s dir", runDir) + srv.log.Infof("Create run dir: %s", runDir) err = os.MkdirAll(runDir, 0750) if err != nil { return err } + err = os.Chown(runDir, uid, gid) + if err != nil { + return err + } } + // Create listener + addrinfo := ":" + strconv.FormatUint(uint64(srv.conf.Service.Port), 10) + listener, err := network.CreateListener(addrinfo) + if err != nil { + return err + } + srv.listen = listener + + // Change effective user + err = syscall.Setuid(uid) + if err != nil { + return err + } + uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10) + usr, err = user.LookupId(uidstr) + if err != nil { + return err + } + srv.log.Warningf("Now run as user: %s", usr.Username) // Create X509 certs - srv.x509cert, srv.x509key, err = x509crt.CreateX509SelfSignedCert(srv.conf.Hostname) + srv.x509cert, srv.x509key, err = x509crt.CreateCertKey(srv.conf.Hostname) if err != nil { return err } @@ -103,8 +149,7 @@ func (srv *Server) Build() error { // Create service serviceConfig := &service.ServiceConfig{ - PortNum: srv.conf.Service.Port, - Hostname: srv.conf.Hostname, + Listener: srv.listen, Handler: srv.hand, Operator: srv.oper, X509Cert: srv.x509cert, @@ -123,86 +168,21 @@ func (srv *Server) Run() error { return err } srv.log.Debugf("Server configuration:\n%s\n", yamlConfig) - srv.ctx, srv.cancel = context.WithCancel(context.Background()) currUser, err := user.Current() if err != nil { return err } - srv.log.Infof("Running server as user %s", currUser.Username) - - sigs := make(chan os.Signal, 1) - done := make(chan error, 1) - - // Run service - startService := func(svc *service.Service, done chan error) { - err = svc.Run() - if err != nil { - srv.log.Errorf("Service error: %v", err) - done <- err - } + srv.log.Infof("Start server as user %s", currUser.Username) + uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10) + usr, err := user.LookupId(uidstr) + if err != nil { + return err } - go startService(srv.svc, done) + srv.log.Infof("Run server as user %s", usr.Username) - signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM) - var signal os.Signal - select { - case signal = <-sigs: - srv.log.Infof("Services stopped by signal: %v", signal) - srv.cancel() - srv.svc.Stop() - srv.wg.Wait() - } - return err -} - -func (srv *Server) PseudoFork() error { - const successExit int = 0 - var keyEnv string = "IMX0LTSELMRF8K" - var err error - - _, isChild := os.LookupEnv(keyEnv) - switch { - case !isChild: - os.Setenv(keyEnv, "TRUE") - procAttr := syscall.ProcAttr{} - cwd, err := os.Getwd() - if err != nil { - return err - } - var sysFiles = make([]uintptr, 3) - sysFiles[0] = uintptr(syscall.Stdin) - sysFiles[1] = uintptr(syscall.Stdout) - sysFiles[2] = uintptr(syscall.Stderr) - - procAttr.Files = sysFiles - procAttr.Env = os.Environ() - procAttr.Dir = cwd - - _, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr) - if err != nil { - return err - } - os.Exit(successExit) - case isChild: - _, err = syscall.Setsid() - if err != nil { - return err - } - } - os.Unsetenv(keyEnv) - return err -} - -func (srv *Server) Daemonize() error { - var err error if srv.conf.AsDaemon { - // Restart process process - err = srv.PseudoFork() - if err != nil { - return err - } // Redirect stdin nullFile, err := os.OpenFile("/dev/null", os.O_RDWR, 0) if err != nil { @@ -232,11 +212,6 @@ func (srv *Server) Daemonize() error { } srv.logf = logFile // Write process ID - rundir := filepath.Dir(srv.conf.RunPath) - err = os.MkdirAll(rundir, 0750) - if err != nil { - return err - } pidFile, err := os.OpenFile(srv.conf.RunPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0640) if err != nil { return err @@ -248,10 +223,46 @@ func (srv *Server) Daemonize() error { return err } } + + sigs := make(chan os.Signal, 1) + done := make(chan error, 1) + + // Run service + startService := func(svc *service.Service, done chan error) { + err = svc.Run() + if err != nil { + srv.log.Errorf("Service error: %v", err) + done <- err + } + } + go startService(srv.svc, done) + + signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM) + var signal os.Signal + select { + case signal = <-sigs: + srv.log.Infof("Services stopped by signal: %v", signal) + srv.cancel() + srv.svc.Stop() + srv.wg.Wait() + } return err } -func (srv *Server) Rotator() { +func (srv *Server) Daemonize() error { + var err error + if srv.conf.AsDaemon { + // Restart process process + err = srv.pseudoFork() + if err != nil { + return err + } + } + return err +} + +func (srv *Server) logRotator() { + // TODO: integrate into logger srv.wg.Add(1) var counter uint64 logFunc := func() { @@ -289,3 +300,39 @@ func (srv *Server) Rotator() { } go logFunc() } + +func (srv *Server) pseudoFork() error { + const successExit int = 0 + var keyEnv string = "IMX0LTSELMRF8K" + var err error + _, isChild := os.LookupEnv(keyEnv) + switch { + case !isChild: + os.Setenv(keyEnv, "TRUE") + procAttr := syscall.ProcAttr{} + cwd, err := os.Getwd() + if err != nil { + return err + } + var sysFiles = make([]uintptr, 3) + sysFiles[0] = uintptr(syscall.Stdin) + sysFiles[1] = uintptr(syscall.Stdout) + sysFiles[2] = uintptr(syscall.Stderr) + + procAttr.Files = sysFiles + procAttr.Env = os.Environ() + procAttr.Dir = cwd + _, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr) + if err != nil { + return err + } + os.Exit(successExit) + case isChild: + _, err = syscall.Setsid() + if err != nil { + return err + } + } + os.Unsetenv(keyEnv) + return err +} diff --git a/app/service/service.go b/app/service/service.go index 220f324..24aed18 100644 --- a/app/service/service.go +++ b/app/service/service.go @@ -4,12 +4,10 @@ import ( "context" "crypto/tls" "encoding/json" - "fmt" "net" - "helmet/app/logger" - "helmet/app/handler" + "helmet/app/logger" "helmet/app/operator" "google.golang.org/grpc" @@ -22,8 +20,7 @@ import ( type ServiceConfig struct { Handler *handler.Handler Operator *operator.Operator - PortNum uint32 - Hostname string + Listener net.Listener X509Cert []byte X509Key []byte } @@ -33,11 +30,7 @@ type Service struct { hand *handler.Handler oper *operator.Operator log *logger.Logger - portnum uint32 - hostname string - - username string - password string + listen net.Listener x509Cert []byte x509Key []byte } @@ -46,8 +39,7 @@ func NewService(conf *ServiceConfig) *Service { svc := Service{ hand: conf.Handler, oper: conf.Operator, - portnum: conf.PortNum, - hostname: conf.Hostname, + listen: conf.Listener, x509Cert: conf.X509Cert, x509Key: conf.X509Key, } @@ -60,12 +52,6 @@ func (svc *Service) Run() error { var err error svc.log.Infof("Service run") - listenSpec := fmt.Sprintf(":%d", svc.portnum) - listener, err := net.Listen("tcp", listenSpec) - if err != nil { - return err - } - tlsCert, err := tls.X509KeyPair(svc.x509Cert, svc.x509Key) if err != nil { return err @@ -75,7 +61,6 @@ func (svc *Service) Run() error { ClientAuth: tls.NoClientCert, InsecureSkipVerify: true, } - tlsCredentials := credentials.NewTLS(&tlsConfig) if err != nil { return err @@ -87,14 +72,13 @@ func (svc *Service) Run() error { gsrvOpts := []grpc.ServerOption{ grpc.Creds(tlsCredentials), grpc.ChainUnaryInterceptor(interceptors...), - //grpc.UnaryInterceptor(svc.authInterceptor), } svc.gsrv = grpc.NewServer(gsrvOpts...) svc.hand.Register(svc.gsrv) - svc.log.Infof("Service listening at %v", listener.Addr()) - err = svc.gsrv.Serve(listener) + svc.log.Infof("Service listening at %v", svc.listen.Addr()) + err = svc.gsrv.Serve(svc.listen) if err != nil { return err } diff --git a/cmd/minilbd/starter/starter.go b/cmd/minilbd/starter/starter.go index e3c01aa..f0fa194 100644 --- a/cmd/minilbd/starter/starter.go +++ b/cmd/minilbd/starter/starter.go @@ -57,7 +57,6 @@ func (sta *Starter) run(cmd *cobra.Command, args []string) error { if err != nil { return err } - srv.Config().AsDaemon = sta.runAsDaemon srv.Config().Service.Port = sta.port @@ -69,7 +68,6 @@ func (sta *Starter) run(cmd *cobra.Command, args []string) error { if err != nil { return err } - srv.Rotator() err = srv.Run() if err != nil { return err diff --git a/configure b/configure index 4f24b26..817b676 100755 --- a/configure +++ b/configure @@ -608,6 +608,8 @@ PACKAGE_URL='' ac_default_prefix=/usr/local ac_subst_vars='LTLIBOBJS LIBOBJS +srv_bindir +srv_sbindir srv_datadir srv_libdir srv_sharedir @@ -615,6 +617,8 @@ srv_rundir srv_logdir srv_confdir srv_devel_mode +run_user +RUN_USER SYSTEMD_FALSE SYSTEMD_TRUE LINUX_OS_FALSE @@ -720,6 +724,7 @@ ac_subst_files='' ac_user_opts=' enable_option_checking enable_silent_rules +with_user enable_devel_mode with_confdir with_logdir @@ -1365,6 +1370,7 @@ Optional Features: Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-user=${PACKAGE} set executing user name --with-confdir=PATH set configuration dir to PATH (default: $SRV_CONFDIR) --with-logdir=PATH set path for logdir (default: $SRV_LOGDIR) @@ -3663,6 +3669,59 @@ test "x$prefix" == "xNONE" && prefix=$ac_default_prefix test "x$libexecdir" == "xNONE" && libexecdir=${prefix}/lib +case $host_os in + *freebsd* ) + default_user="daemon" + default_group="daemon" + ;; + *linux* ) + default_user="daemon" + default_group="daemon" + ;; +esac + + +# Check whether --with-user was given. +if test ${with_user+y} +then : + withval=$with_user; if test ! -z "$with_user" ; then + case $with_user in + "") + as_fn_error $? "You must specify user name" "$LINENO" 5 + ;; + *) + RUN_USER="$with_user" + ;; + esac + else + RUN_USER="$default_user" + fi +else case e in #( + e) RUN_USER="$default_user" ;; +esac +fi + + +if test "x$enable_devel_mode" = "xyes" +then : + + RUN_USER="`id -un`" + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: run_user set as ${RUN_USER}" >&5 +printf "%s\n" "$as_me: run_user set as ${RUN_USER}" >&6;} + +printf "%s\n" "#define RUN_USER \"$RUN_USER\"" >>confdefs.h + +RUN_USER="$RUN_USER" + + +printf "%s\n" "#define run_user \"$RUN_USER\"" >>confdefs.h + +run_user="$RUN_USER" + + # Check whether --enable-devel-mode was given. if test ${enable_devel_mode+y} @@ -3706,7 +3765,6 @@ then : fi - if test "x$enable_devel_mode" = "xyes" then : @@ -3914,9 +3972,13 @@ srv_datadir="$SRV_DATADIR" printf "%s\n" "$as_me: srv_datadir set as ${SRV_DATADIR}" >&6;} +srv_sbindir="${prefix}/sbin" + +srv_bindir="${prefix}/bin" -ac_config_files="$ac_config_files Makefile app/config/variant.go initrc/minilbd.service debian/control debian/changelog" + +ac_config_files="$ac_config_files Makefile app/config/variant.go initrc/minilbd.service initrc/minilbd debian/control debian/changelog" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -4670,6 +4732,7 @@ do "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "app/config/variant.go") CONFIG_FILES="$CONFIG_FILES app/config/variant.go" ;; "initrc/minilbd.service") CONFIG_FILES="$CONFIG_FILES initrc/minilbd.service" ;; + "initrc/minilbd") CONFIG_FILES="$CONFIG_FILES initrc/minilbd" ;; "debian/control") CONFIG_FILES="$CONFIG_FILES debian/control" ;; "debian/changelog") CONFIG_FILES="$CONFIG_FILES debian/changelog" ;; diff --git a/configure.ac b/configure.ac index 04397ff..6249877 100644 --- a/configure.ac +++ b/configure.ac @@ -59,6 +59,44 @@ fi test "x$prefix" == "xNONE" && prefix=$ac_default_prefix test "x$libexecdir" == "xNONE" && libexecdir=${prefix}/lib +dnl -------------------------------------------------------------------------------------- + +case $host_os in + *freebsd* ) + default_user="daemon" + default_group="daemon" + ;; + *linux* ) + default_user="daemon" + default_group="daemon" + ;; +esac + +AC_ARG_WITH(user, + AS_HELP_STRING([--with-user=${PACKAGE}],[set executing user name]), + [ if test ! -z "$with_user" ; then + case $with_user in + "") + AC_MSG_ERROR(You must specify user name) + ;; + *) + RUN_USER="$with_user" + ;; + esac + else + RUN_USER="$default_user" + fi ], + [ RUN_USER="$default_user" ]) + +AS_IF([test "x$enable_devel_mode" = "xyes"], [ + RUN_USER="`id -un`" +]) + +AC_MSG_NOTICE(run_user set as ${RUN_USER}) +AC_DEFINE_UNQUOTED(RUN_USER, "$RUN_USER", [effective user]) +AC_SUBST(RUN_USER, "$RUN_USER") +AC_DEFINE_UNQUOTED(run_user, "$RUN_USER", [effective user]) +AC_SUBST(run_user, "$RUN_USER") dnl -------------------------------------------------------------------------------------- @@ -91,7 +129,6 @@ AC_ARG_WITH(confdir, esac fi ]) - AS_IF([test "x$enable_devel_mode" = "xyes"], [ SRV_CONFDIR="${SRCDIR}/etc/${PACKAGE}" sysconfdir="${SRCDIR}/etc/${PACKAGE}" @@ -240,12 +277,15 @@ AC_MSG_NOTICE(srv_datadir set as ${SRV_DATADIR}) dnl -------------------------------------------------------------------------------------- +AC_SUBST(srv_sbindir, "${prefix}/sbin") +AC_SUBST(srv_bindir, "${prefix}/bin") AC_CONFIG_FILES([ Makefile app/config/variant.go initrc/minilbd.service +initrc/minilbd debian/control debian/changelog ]) diff --git a/initrc/minilbd.in b/initrc/minilbd.in new file mode 100644 index 0000000..4eb93ce --- /dev/null +++ b/initrc/minilbd.in @@ -0,0 +1,24 @@ +#!/bin/sh +# +# $Id$ +# +# PROVIDE: minilbd +# REQUIRE: DAEMON + +. /etc/rc.subr + +name="minilbd" +rcvar="minilbd_enable" + +pidfile="@srv_rundir@/minilbd.pid" +command="@prefix@/sbin/${name}" +command_args="--asDaemon=true" +procname="@prefix@/sbin/${name}" + +load_rc_config ${name} + +: ${minilbd_enable:="NO"} + +run_rc_command "$1" +#EOF + diff --git a/initrc/minilbd.service b/initrc/minilbd.service index ea610f7..2455c55 100644 --- a/initrc/minilbd.service +++ b/initrc/minilbd.service @@ -3,10 +3,10 @@ Description=minilbd [Service] Type=forking -ExecStart=@srv_sbindir@/minilbd -asDaemon=true +ExecStart=/usr/sbin/minilbd --asDaemon=true ExecReload=/bin/kill -HUP $MAINPID ExecRestart=/bin/kill -HUP $MAINPID -ExecStartPre=/usr/bin/install -d -o root -g root /home/ziggi/Projects/minilb/tmp/run /home/ziggi/Projects/minilb/tmp/log +ExecStartPre=/usr/bin/install -d -o daemon /var/run/minilb /var/log/minilb [Install] WantedBy=multi-user.target diff --git a/initrc/minilbd.service.in b/initrc/minilbd.service.in index c9b6132..7be8147 100644 --- a/initrc/minilbd.service.in +++ b/initrc/minilbd.service.in @@ -3,10 +3,10 @@ Description=minilbd [Service] Type=forking -ExecStart=@srv_sbindir@/minilbd -asDaemon=true +ExecStart=@srv_sbindir@/minilbd --asDaemon=true ExecReload=/bin/kill -HUP $MAINPID ExecRestart=/bin/kill -HUP $MAINPID -ExecStartPre=/usr/bin/install -d -o root -g root @srv_rundir@ @srv_logdir@ +ExecStartPre=/usr/bin/install -d -o @run_user@ @srv_rundir@ @srv_logdir@ [Install] WantedBy=multi-user.target diff --git a/pkg/network/listen.go b/pkg/network/listen.go new file mode 100644 index 0000000..419210c --- /dev/null +++ b/pkg/network/listen.go @@ -0,0 +1,37 @@ +package network + +import ( + "crypto/tls" + "net" +) + +const protocol = "tcp" + +func CreateTLSListener(addrinfo string, x509cert, x509key []byte) (net.Listener, error) { + var listen net.Listener + var err error + tlsCert, err := tls.X509KeyPair(x509cert, x509key) + if err != nil { + return listen, err + } + tlsConfig := tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + ClientAuth: tls.NoClientCert, + InsecureSkipVerify: true, + } + listen, err = tls.Listen(protocol, addrinfo, &tlsConfig) + if err != nil { + return listen, err + } + return listen, err +} + +func CreateListener(addrinfo string) (net.Listener, error) { + var listen net.Listener + var err error + listen, err = net.Listen(protocol, addrinfo) + if err != nil { + return listen, err + } + return listen, err +} diff --git a/pkg/x509crt/x509cert.go b/pkg/x509crt/x509cert.go index 2470372..b15b565 100644 --- a/pkg/x509crt/x509cert.go +++ b/pkg/x509crt/x509cert.go @@ -11,7 +11,7 @@ import ( "time" ) -func CreateX509SelfSignedCert(subject string, hostnames ...string) ([]byte, []byte, error) { +func CreateCertKey(subject string, hostnames ...string) ([]byte, []byte, error) { var err error certPem := make([]byte, 0) @@ -72,7 +72,7 @@ func CreateX509SelfSignedCert(subject string, hostnames ...string) ([]byte, []by return certPem, keyPem, err } -func CreateX509CACert(commonName string) ([]byte, []byte, error) { +func CreateCACert(commonName string) ([]byte, []byte, error) { var err error certPem := make([]byte, 0) keyPem := make([]byte, 0) diff --git a/pkg/x509crt/x509cert_test.go b/pkg/x509crt/x509cert_test.go index 05655a7..d53de59 100644 --- a/pkg/x509crt/x509cert_test.go +++ b/pkg/x509crt/x509cert_test.go @@ -10,22 +10,16 @@ import ( ) func TestCert(t *testing.T) { - { - //caCert, caKey, err := CreateX509SelfSignedCert("test1") - //require.NoError(t, err) - //fmt.Println(string(caCert)) - //fmt.Println(string(caKey)) - } - { - caCert, caKey, err := CreateX509CACert("test1") + caCert, caKey, err := CreateCertKey("test1") + require.NoError(t, err) + fmt.Println(string(caCert)) + fmt.Println(string(caKey)) + } + { + caCert, caKey, err := CreateCACert("test1") require.NoError(t, err) fmt.Println(string(caCert)) fmt.Println(string(caKey)) - - // caCert, caKey, err = CreateX509Cert("test1", caKey) - // require.NoError(t, err) - // fmt.Println(string(caCert)) - // fmt.Println(string(caKey)) } }