server, service: added running as effective user

Makefile.am

@@ -87,14 +87,28 @@ EXTRA_DIST = \
 	vendor/*
 
 
-SYSTEMD_LIBDIR = /lib/systemd/system
+FREEBSD_LOCALBASE = /usr/local
+FREEBSD_RCDIR = $(FREEBSD_LOCALBASE)/etc/rc.d
+LINUX_SYSTEMDDIR = /lib/systemd/system
 
 install-data-local:
 	test -z $(DESTDIR)$(srv_confdir) || $(MKDIR_P) $(DESTDIR)$(srv_confdir)
 	test -z $(DESTDIR)$(srv_logdir) || $(MKDIR_P) $(DESTDIR)$(srv_logdir)
 	test -z $(DESTDIR)$(srv_rundir) || $(MKDIR_P) $(DESTDIR)$(srv_rundir)
 	test -z $(DESTDIR)$(SYSTEMD_LIBDIR) || $(MKDIR_P) $(DESTDIR)$(SYSTEMD_LIBDIR)
-	$(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(SYSTEMD_LIBDIR)
+if FREEBSD_OS
+	test -z $(DESTDIR)$(FREEBSD_RCDIR) || $(MKDIR_P) $(DESTDIR)$(FREEBSD_RCDIR)
+	$(INSTALL_DATA) initrc/minilbd $(DESTDIR)$(FREEBSD_RCDIR)
+	chmod a+x $(DESTDIR)$(FREEBSD_RCDIR)/minilbd
+endif
+if LINUX_OS
+if SYSTEMD
+	test -z $(DESTDIR)$(LINUX_SYSTEMDDIR) || $(MKDIR_P) $(DESTDIR)$(LINUX_SYSTEMDDIR)
+	$(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(LINUX_SYSTEMDDIR)
+endif
+endif
+
+
 
 GENDIR=pkg/mlbctl
 grpc:

Makefile.in

@@ -103,7 +103,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
  configure.lineno config.status.lineno
 mkinstalldirs = $(install_sh) -d
 CONFIG_CLEAN_FILES = app/config/variant.go initrc/minilbd.service \
-	debian/control debian/changelog
+	initrc/minilbd debian/control debian/changelog
 CONFIG_CLEAN_VPATH_FILES =
 am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)"
 PROGRAMS = $(bin_PROGRAMS) $(sbin_PROGRAMS)
@@ -176,6 +176,7 @@ am__DIST_COMMON = $(srcdir)/Makefile.in \
 	$(top_srcdir)/app/config/variant.go.in \
 	$(top_srcdir)/debian/changelog.in \
 	$(top_srcdir)/debian/control.in \
+	$(top_srcdir)/initrc/minilbd.in \
 	$(top_srcdir)/initrc/minilbd.service.in README.md config.guess \
 	config.sub install-sh missing
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
@@ -244,6 +245,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
 PODMAN = @PODMAN@
 PROTOC = @PROTOC@
 ROOT_GROUP = @ROOT_GROUP@
+RUN_USER = @RUN_USER@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
 SORT = @SORT@
@@ -293,16 +295,19 @@ pdfdir = @pdfdir@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
+run_user = @run_user@
 runstatedir = @runstatedir@
 sbindir = @sbindir@
 sharedstatedir = @sharedstatedir@
 srcdir = @srcdir@
+srv_bindir = @srv_bindir@
 srv_confdir = @srv_confdir@
 srv_datadir = @srv_datadir@
 srv_devel_mode = @srv_devel_mode@
 srv_libdir = @srv_libdir@
 srv_logdir = @srv_logdir@
 srv_rundir = @srv_rundir@
+srv_sbindir = @srv_sbindir@
 srv_sharedir = @srv_sharedir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
@@ -368,7 +373,9 @@ EXTRA_DIST = \
 	README.md \
 	vendor/*
 
-SYSTEMD_LIBDIR = /lib/systemd/system
+FREEBSD_LOCALBASE = /usr/local
+FREEBSD_RCDIR = $(FREEBSD_LOCALBASE)/etc/rc.d
+LINUX_SYSTEMDDIR = /lib/systemd/system
 GENDIR = pkg/mlbctl
 BUILD_DIR = $(shell pwd)/TMP.build
 DIST_DIR = $(shell pwd)/DIST
@@ -414,6 +421,8 @@ app/config/variant.go: $(top_builddir)/config.status $(top_srcdir)/app/config/va
 	cd $(top_builddir) && $(SHELL) ./config.status $@
 initrc/minilbd.service: $(top_builddir)/config.status $(top_srcdir)/initrc/minilbd.service.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
+initrc/minilbd: $(top_builddir)/config.status $(top_srcdir)/initrc/minilbd.in
+	cd $(top_builddir) && $(SHELL) ./config.status $@
 debian/control: $(top_builddir)/config.status $(top_srcdir)/debian/control.in
 	cd $(top_builddir) && $(SHELL) ./config.status $@
 debian/changelog: $(top_builddir)/config.status $(top_srcdir)/debian/changelog.in
@@ -884,7 +893,11 @@ install-data-local:
 	test -z $(DESTDIR)$(srv_logdir) || $(MKDIR_P) $(DESTDIR)$(srv_logdir)
 	test -z $(DESTDIR)$(srv_rundir) || $(MKDIR_P) $(DESTDIR)$(srv_rundir)
 	test -z $(DESTDIR)$(SYSTEMD_LIBDIR) || $(MKDIR_P) $(DESTDIR)$(SYSTEMD_LIBDIR)
-	$(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(SYSTEMD_LIBDIR)
+@FREEBSD_OS_TRUE@	test -z $(DESTDIR)$(FREEBSD_RCDIR) || $(MKDIR_P) $(DESTDIR)$(FREEBSD_RCDIR)
+@FREEBSD_OS_TRUE@	$(INSTALL_DATA) initrc/minilbd $(DESTDIR)$(FREEBSD_RCDIR)
+@FREEBSD_OS_TRUE@	chmod a+x $(DESTDIR)$(FREEBSD_RCDIR)/minilbd
+@LINUX_OS_TRUE@@SYSTEMD_TRUE@	test -z $(DESTDIR)$(LINUX_SYSTEMDDIR) || $(MKDIR_P) $(DESTDIR)$(LINUX_SYSTEMDDIR)
+@LINUX_OS_TRUE@@SYSTEMD_TRUE@	$(INSTALL_DATA) initrc/minilbd.service $(DESTDIR)$(LINUX_SYSTEMDDIR)
 grpc:
 	mkdir -p $(GENDIR)
 	$(PROTOC) --proto_path=proto --go_out=$(GENDIR) --go-grpc_out=$(GENDIR) proto/mlbctl.proto

app/config/config.go

@@ -36,6 +36,7 @@ type Config struct {
 	RunPath  string  `json:"runfile"    yaml:"runfile"`
 	AsDaemon bool    `json:"asDaemon"   yaml:"asDaemon"`
 	LogLimit int64   `json:"logLimit"   yaml:logLimit`
+	RunUser  string  `json:"runUser"    yaml:runUser`
 }
 
 func NewConfig() (*Config, error) {
@@ -45,6 +46,7 @@ func NewConfig() (*Config, error) {
 		},
 		AsDaemon: false,
 		LogLimit: 1024 * 1024 * 10, // 10 Mb
+		RunUser:  "daemon",
 	}
 	hostname, err := os.Hostname()
 	if err != nil {

app/config/variant.go

@@ -1,9 +1,10 @@
 package config
 
 const (
-	confdirPath    = "/home/ziggi/Projects/minilb/etc/minilb"
+	confdirPath = "/etc/minilb"
-	rundirPath     = "/home/ziggi/Projects/minilb/tmp/run"
+	rundirPath  = "/var/run/minilb"
-	logdirPath     = "/home/ziggi/Projects/minilb/tmp/log"
+	logdirPath  = "/var/log/minilb"
-	datadirPath    = "/home/ziggi/Projects/minilb/tmp/data"
+	datadirPath = "/var/lib/minilb"
-	packageVersion = "0.0.1"
+	pkgVersion  = "0.0.1"
+	runUser     = "daemon"
 )

app/config/variant.go.in

@@ -5,6 +5,6 @@ const (
 	rundirPath  = "@srv_rundir@"
 	logdirPath  = "@srv_logdir@"
 	datadirPath = "@srv_datadir@"
-	packageVersion = "@PACKAGE_VERSION@"
+	pkgVersion  = "@PACKAGE_VERSION@"
+	runUser     = "@run_user@"
 )
-

app/server/server.go

@@ -3,6 +3,7 @@ package server
 import (
 	"context"
 	"fmt"
+	"net"
 	"os"
 	"os/signal"
 	"os/user"
@@ -17,6 +18,7 @@ import (
 	"helmet/app/logger"
 	"helmet/app/operator"
 	"helmet/app/service"
+	"helmet/pkg/network"
 	"helmet/pkg/x509crt"
 )
 
@@ -32,6 +34,7 @@ type Server struct {
 	ctx      context.Context
 	cancel   context.CancelFunc
 	wg       sync.WaitGroup
+	listen   net.Listener
 }
 
 func NewServer() (*Server, error) {
@@ -66,23 +69,66 @@ func (srv *Server) Build() error {
 	var err error
 	srv.log.Infof("Build server")
 
+	// Get effective user uid/guid
+	usr, err := user.Lookup(srv.conf.RunUser)
+	if err != nil {
+		return err
+	}
+	uid64, err := strconv.ParseInt(usr.Uid, 10, 64)
+	if err != nil {
+		return err
+	}
+	gid64, err := strconv.ParseInt(usr.Gid, 10, 64)
+	if err != nil {
+		return err
+	}
+	uid := int(uid64)
+	gid := int(gid64)
+
 	if srv.conf.AsDaemon {
 		logDir := filepath.Dir(srv.conf.LogPath)
-		srv.log.Infof("Create %s dir", logDir)
+		srv.log.Infof("Create log dir: %s", logDir)
 		err = os.MkdirAll(logDir, 0750)
 		if err != nil {
 			return err
 		}
+		err = os.Chown(logDir, uid, gid)
+		if err != nil {
+			return err
+		}
 		runDir := filepath.Dir(srv.conf.RunPath)
-		srv.log.Infof("Create %s dir", runDir)
+		srv.log.Infof("Create run dir: %s", runDir)
 		err = os.MkdirAll(runDir, 0750)
 		if err != nil {
 			return err
 		}
+		err = os.Chown(runDir, uid, gid)
+		if err != nil {
+			return err
 		}
+	}
+	// Create listener
+	addrinfo := ":" + strconv.FormatUint(uint64(srv.conf.Service.Port), 10)
+	listener, err := network.CreateListener(addrinfo)
+	if err != nil {
+		return err
+	}
+	srv.listen = listener
+
+	// Change effective user
+	err = syscall.Setuid(uid)
+	if err != nil {
+		return err
+	}
+	uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
+	usr, err = user.LookupId(uidstr)
+	if err != nil {
+		return err
+	}
+	srv.log.Warningf("Now run as user: %s", usr.Username)
 
 	// Create X509 certs
-	srv.x509cert, srv.x509key, err = x509crt.CreateX509SelfSignedCert(srv.conf.Hostname)
+	srv.x509cert, srv.x509key, err = x509crt.CreateCertKey(srv.conf.Hostname)
 	if err != nil {
 		return err
 	}
@@ -103,8 +149,7 @@ func (srv *Server) Build() error {
 
 	// Create service
 	serviceConfig := &service.ServiceConfig{
-		PortNum:  srv.conf.Service.Port,
+		Listener: srv.listen,
-		Hostname: srv.conf.Hostname,
 		Handler:  srv.hand,
 		Operator: srv.oper,
 		X509Cert: srv.x509cert,
@@ -123,86 +168,21 @@ func (srv *Server) Run() error {
 		return err
 	}
 	srv.log.Debugf("Server configuration:\n%s\n", yamlConfig)
-
 	srv.ctx, srv.cancel = context.WithCancel(context.Background())
 
 	currUser, err := user.Current()
 	if err != nil {
 		return err
 	}
-	srv.log.Infof("Running server as user %s", currUser.Username)
+	srv.log.Infof("Start server as user %s", currUser.Username)
-
+	uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10)
-	sigs := make(chan os.Signal, 1)
+	usr, err := user.LookupId(uidstr)
-	done := make(chan error, 1)
-
-	// Run service
-	startService := func(svc *service.Service, done chan error) {
-		err = svc.Run()
-		if err != nil {
-			srv.log.Errorf("Service error: %v", err)
-			done <- err
-		}
-	}
-	go startService(srv.svc, done)
-
-	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
-	var signal os.Signal
-	select {
-	case signal = <-sigs:
-		srv.log.Infof("Services stopped by signal: %v", signal)
-		srv.cancel()
-		srv.svc.Stop()
-		srv.wg.Wait()
-	}
-	return err
-}
-
-func (srv *Server) PseudoFork() error {
-	const successExit int = 0
-	var keyEnv string = "IMX0LTSELMRF8K"
-	var err error
-
-	_, isChild := os.LookupEnv(keyEnv)
-	switch {
-	case !isChild:
-		os.Setenv(keyEnv, "TRUE")
-		procAttr := syscall.ProcAttr{}
-		cwd, err := os.Getwd()
 	if err != nil {
 		return err
 	}
-		var sysFiles = make([]uintptr, 3)
+	srv.log.Infof("Run server as user %s", usr.Username)
-		sysFiles[0] = uintptr(syscall.Stdin)
-		sysFiles[1] = uintptr(syscall.Stdout)
-		sysFiles[2] = uintptr(syscall.Stderr)
 
-		procAttr.Files = sysFiles
-		procAttr.Env = os.Environ()
-		procAttr.Dir = cwd
-
-		_, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr)
-		if err != nil {
-			return err
-		}
-		os.Exit(successExit)
-	case isChild:
-		_, err = syscall.Setsid()
-		if err != nil {
-			return err
-		}
-	}
-	os.Unsetenv(keyEnv)
-	return err
-}
-
-func (srv *Server) Daemonize() error {
-	var err error
 	if srv.conf.AsDaemon {
-		// Restart process process
-		err = srv.PseudoFork()
-		if err != nil {
-			return err
-		}
 		// Redirect stdin
 		nullFile, err := os.OpenFile("/dev/null", os.O_RDWR, 0)
 		if err != nil {
@@ -232,11 +212,6 @@ func (srv *Server) Daemonize() error {
 		}
 		srv.logf = logFile
 		// Write process ID
-		rundir := filepath.Dir(srv.conf.RunPath)
-		err = os.MkdirAll(rundir, 0750)
-		if err != nil {
-			return err
-		}
 		pidFile, err := os.OpenFile(srv.conf.RunPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0640)
 		if err != nil {
 			return err
@@ -248,10 +223,46 @@ func (srv *Server) Daemonize() error {
 			return err
 		}
 	}
+
+	sigs := make(chan os.Signal, 1)
+	done := make(chan error, 1)
+
+	// Run service
+	startService := func(svc *service.Service, done chan error) {
+		err = svc.Run()
+		if err != nil {
+			srv.log.Errorf("Service error: %v", err)
+			done <- err
+		}
+	}
+	go startService(srv.svc, done)
+
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+	var signal os.Signal
+	select {
+	case signal = <-sigs:
+		srv.log.Infof("Services stopped by signal: %v", signal)
+		srv.cancel()
+		srv.svc.Stop()
+		srv.wg.Wait()
+	}
 	return err
 }
 
-func (srv *Server) Rotator() {
+func (srv *Server) Daemonize() error {
+	var err error
+	if srv.conf.AsDaemon {
+		// Restart process process
+		err = srv.pseudoFork()
+		if err != nil {
+			return err
+		}
+	}
+	return err
+}
+
+func (srv *Server) logRotator() {
+	// TODO: integrate into logger
 	srv.wg.Add(1)
 	var counter uint64
 	logFunc := func() {
@@ -289,3 +300,39 @@ func (srv *Server) Rotator() {
 	}
 	go logFunc()
 }
+
+func (srv *Server) pseudoFork() error {
+	const successExit int = 0
+	var keyEnv string = "IMX0LTSELMRF8K"
+	var err error
+	_, isChild := os.LookupEnv(keyEnv)
+	switch {
+	case !isChild:
+		os.Setenv(keyEnv, "TRUE")
+		procAttr := syscall.ProcAttr{}
+		cwd, err := os.Getwd()
+		if err != nil {
+			return err
+		}
+		var sysFiles = make([]uintptr, 3)
+		sysFiles[0] = uintptr(syscall.Stdin)
+		sysFiles[1] = uintptr(syscall.Stdout)
+		sysFiles[2] = uintptr(syscall.Stderr)
+
+		procAttr.Files = sysFiles
+		procAttr.Env = os.Environ()
+		procAttr.Dir = cwd
+		_, err = syscall.ForkExec(os.Args[0], os.Args, &procAttr)
+		if err != nil {
+			return err
+		}
+		os.Exit(successExit)
+	case isChild:
+		_, err = syscall.Setsid()
+		if err != nil {
+			return err
+		}
+	}
+	os.Unsetenv(keyEnv)
+	return err
+}

app/service/service.go

@@ -4,12 +4,10 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/json"
-	"fmt"
 	"net"
 
-	"helmet/app/logger"
-
 	"helmet/app/handler"
+	"helmet/app/logger"
 	"helmet/app/operator"
 
 	"google.golang.org/grpc"
@@ -22,8 +20,7 @@ import (
 type ServiceConfig struct {
 	Handler  *handler.Handler
 	Operator *operator.Operator
-	PortNum  uint32
+	Listener net.Listener
-	Hostname string
 	X509Cert []byte
 	X509Key  []byte
 }
@@ -33,11 +30,7 @@ type Service struct {
 	hand     *handler.Handler
 	oper     *operator.Operator
 	log      *logger.Logger
-	portnum  uint32
+	listen   net.Listener
-	hostname string
-
-	username string
-	password string
 	x509Cert []byte
 	x509Key  []byte
 }
@@ -46,8 +39,7 @@ func NewService(conf *ServiceConfig) *Service {
 	svc := Service{
 		hand:     conf.Handler,
 		oper:     conf.Operator,
-		portnum:  conf.PortNum,
+		listen:   conf.Listener,
-		hostname: conf.Hostname,
 		x509Cert: conf.X509Cert,
 		x509Key:  conf.X509Key,
 	}
@@ -60,12 +52,6 @@ func (svc *Service) Run() error {
 	var err error
 	svc.log.Infof("Service run")
 
-	listenSpec := fmt.Sprintf(":%d", svc.portnum)
-	listener, err := net.Listen("tcp", listenSpec)
-	if err != nil {
-		return err
-	}
-
 	tlsCert, err := tls.X509KeyPair(svc.x509Cert, svc.x509Key)
 	if err != nil {
 		return err
@@ -75,7 +61,6 @@ func (svc *Service) Run() error {
 		ClientAuth:         tls.NoClientCert,
 		InsecureSkipVerify: true,
 	}
-
 	tlsCredentials := credentials.NewTLS(&tlsConfig)
 	if err != nil {
 		return err
@@ -87,14 +72,13 @@ func (svc *Service) Run() error {
 	gsrvOpts := []grpc.ServerOption{
 		grpc.Creds(tlsCredentials),
 		grpc.ChainUnaryInterceptor(interceptors...),
-		//grpc.UnaryInterceptor(svc.authInterceptor),
 	}
 	svc.gsrv = grpc.NewServer(gsrvOpts...)
 
 	svc.hand.Register(svc.gsrv)
 
-	svc.log.Infof("Service listening at %v", listener.Addr())
+	svc.log.Infof("Service listening at %v", svc.listen.Addr())
-	err = svc.gsrv.Serve(listener)
+	err = svc.gsrv.Serve(svc.listen)
 	if err != nil {
 		return err
 	}

cmd/minilbd/starter/starter.go

@@ -57,7 +57,6 @@ func (sta *Starter) run(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-
 	srv.Config().AsDaemon = sta.runAsDaemon
 	srv.Config().Service.Port = sta.port
 
@@ -69,7 +68,6 @@ func (sta *Starter) run(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	srv.Rotator()
 	err = srv.Run()
 	if err != nil {
 		return err

configure

@@ -608,6 +608,8 @@ PACKAGE_URL=''
 ac_default_prefix=/usr/local
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
+srv_bindir
+srv_sbindir
 srv_datadir
 srv_libdir
 srv_sharedir
@@ -615,6 +617,8 @@ srv_rundir
 srv_logdir
 srv_confdir
 srv_devel_mode
+run_user
+RUN_USER
 SYSTEMD_FALSE
 SYSTEMD_TRUE
 LINUX_OS_FALSE
@@ -720,6 +724,7 @@ ac_subst_files=''
 ac_user_opts='
 enable_option_checking
 enable_silent_rules
+with_user
 enable_devel_mode
 with_confdir
 with_logdir
@@ -1365,6 +1370,7 @@ Optional Features:
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-user=${PACKAGE}  set executing user name
   --with-confdir=PATH     set configuration dir to PATH (default:
                           $SRV_CONFDIR)
   --with-logdir=PATH      set path for logdir (default: $SRV_LOGDIR)
@@ -3663,6 +3669,59 @@ test "x$prefix" == "xNONE" && prefix=$ac_default_prefix
 test "x$libexecdir" == "xNONE" && libexecdir=${prefix}/lib
 
 
+case $host_os in
+    *freebsd* )
+        default_user="daemon"
+        default_group="daemon"
+        ;;
+    *linux* )
+        default_user="daemon"
+        default_group="daemon"
+        ;;
+esac
+
+
+# Check whether --with-user was given.
+if test ${with_user+y}
+then :
+  withval=$with_user;  if test ! -z "$with_user" ; then
+                case $with_user in
+                        "")
+                                as_fn_error $? "You must specify user name" "$LINENO" 5
+                                ;;
+                        *)
+                                RUN_USER="$with_user"
+                                ;;
+                esac
+        else
+                RUN_USER="$default_user"
+        fi
+else case e in #(
+  e)  RUN_USER="$default_user"  ;;
+esac
+fi
+
+
+if test "x$enable_devel_mode" = "xyes"
+then :
+
+        RUN_USER="`id -un`"
+
+fi
+
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: run_user set as ${RUN_USER}" >&5
+printf "%s\n" "$as_me: run_user set as ${RUN_USER}" >&6;}
+
+printf "%s\n" "#define RUN_USER \"$RUN_USER\"" >>confdefs.h
+
+RUN_USER="$RUN_USER"
+
+
+printf "%s\n" "#define run_user \"$RUN_USER\"" >>confdefs.h
+
+run_user="$RUN_USER"
+
+
 
 # Check whether --enable-devel-mode was given.
 if test ${enable_devel_mode+y}
@@ -3706,7 +3765,6 @@ then :
 fi
 
 
-
 if test "x$enable_devel_mode" = "xyes"
 then :
 
@@ -3914,9 +3972,13 @@ srv_datadir="$SRV_DATADIR"
 printf "%s\n" "$as_me: srv_datadir set as ${SRV_DATADIR}" >&6;}
 
 
+srv_sbindir="${prefix}/sbin"
+
+srv_bindir="${prefix}/bin"
 
 
-ac_config_files="$ac_config_files Makefile app/config/variant.go initrc/minilbd.service debian/control debian/changelog"
+
+ac_config_files="$ac_config_files Makefile app/config/variant.go initrc/minilbd.service initrc/minilbd debian/control debian/changelog"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -4670,6 +4732,7 @@ do
     "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
     "app/config/variant.go") CONFIG_FILES="$CONFIG_FILES app/config/variant.go" ;;
     "initrc/minilbd.service") CONFIG_FILES="$CONFIG_FILES initrc/minilbd.service" ;;
+    "initrc/minilbd") CONFIG_FILES="$CONFIG_FILES initrc/minilbd" ;;
     "debian/control") CONFIG_FILES="$CONFIG_FILES debian/control" ;;
     "debian/changelog") CONFIG_FILES="$CONFIG_FILES debian/changelog" ;;
 

configure.ac

@@ -59,6 +59,44 @@ fi
 test "x$prefix" == "xNONE" && prefix=$ac_default_prefix
 test "x$libexecdir" == "xNONE" && libexecdir=${prefix}/lib
 
+dnl --------------------------------------------------------------------------------------
+
+case $host_os in
+    *freebsd* )
+        default_user="daemon"
+        default_group="daemon"
+        ;;
+    *linux* )
+        default_user="daemon"
+        default_group="daemon"
+        ;;
+esac
+
+AC_ARG_WITH(user,
+        AS_HELP_STRING([--with-user=${PACKAGE}],[set executing user name]),
+        [ if test ! -z "$with_user" ; then
+                case $with_user in
+                        "")
+                                AC_MSG_ERROR(You must specify user name)
+                                ;;
+                        *)
+                                RUN_USER="$with_user"
+                                ;;
+                esac
+        else
+                RUN_USER="$default_user"
+        fi ],
+        [ RUN_USER="$default_user" ])
+
+AS_IF([test "x$enable_devel_mode" = "xyes"], [
+        RUN_USER="`id -un`"
+])
+
+AC_MSG_NOTICE(run_user set as ${RUN_USER})
+AC_DEFINE_UNQUOTED(RUN_USER, "$RUN_USER", [effective user])
+AC_SUBST(RUN_USER, "$RUN_USER")
+AC_DEFINE_UNQUOTED(run_user, "$RUN_USER", [effective user])
+AC_SUBST(run_user, "$RUN_USER")
 
 dnl --------------------------------------------------------------------------------------
 
@@ -91,7 +129,6 @@ AC_ARG_WITH(confdir,
         esac
     fi ])
 
-
 AS_IF([test "x$enable_devel_mode" = "xyes"], [
     SRV_CONFDIR="${SRCDIR}/etc/${PACKAGE}"
     sysconfdir="${SRCDIR}/etc/${PACKAGE}"
@@ -240,12 +277,15 @@ AC_MSG_NOTICE(srv_datadir set as ${SRV_DATADIR})
 
 dnl --------------------------------------------------------------------------------------
 
+AC_SUBST(srv_sbindir, "${prefix}/sbin")
+AC_SUBST(srv_bindir, "${prefix}/bin")
 
 
 AC_CONFIG_FILES([
 Makefile
 app/config/variant.go
 initrc/minilbd.service
+initrc/minilbd
 debian/control
 debian/changelog
 ])

initrc/minilbd.in

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# $Id$
+#
+# PROVIDE: minilbd
+# REQUIRE: DAEMON
+
+. /etc/rc.subr
+
+name="minilbd"
+rcvar="minilbd_enable"
+
+pidfile="@srv_rundir@/minilbd.pid"
+command="@prefix@/sbin/${name}"
+command_args="--asDaemon=true"
+procname="@prefix@/sbin/${name}"
+
+load_rc_config ${name}
+
+: ${minilbd_enable:="NO"}
+
+run_rc_command "$1"
+#EOF
+

initrc/minilbd.service

@@ -3,10 +3,10 @@ Description=minilbd
 
 [Service]
 Type=forking
-ExecStart=@srv_sbindir@/minilbd -asDaemon=true
+ExecStart=/usr/sbin/minilbd --asDaemon=true
 ExecReload=/bin/kill -HUP $MAINPID
 ExecRestart=/bin/kill -HUP $MAINPID
-ExecStartPre=/usr/bin/install -d -o root -g root /home/ziggi/Projects/minilb/tmp/run /home/ziggi/Projects/minilb/tmp/log
+ExecStartPre=/usr/bin/install -d -o daemon  /var/run/minilb /var/log/minilb
 
 [Install]
 WantedBy=multi-user.target

initrc/minilbd.service.in

@@ -3,10 +3,10 @@ Description=minilbd
 
 [Service]
 Type=forking
-ExecStart=@srv_sbindir@/minilbd -asDaemon=true
+ExecStart=@srv_sbindir@/minilbd --asDaemon=true
 ExecReload=/bin/kill -HUP $MAINPID
 ExecRestart=/bin/kill -HUP $MAINPID
-ExecStartPre=/usr/bin/install -d -o root -g root @srv_rundir@ @srv_logdir@
+ExecStartPre=/usr/bin/install -d -o @run_user@  @srv_rundir@ @srv_logdir@
 
 [Install]
 WantedBy=multi-user.target

pkg/network/listen.go

@@ -0,0 +1,37 @@
+package network
+
+import (
+	"crypto/tls"
+	"net"
+)
+
+const protocol = "tcp"
+
+func CreateTLSListener(addrinfo string, x509cert, x509key []byte) (net.Listener, error) {
+	var listen net.Listener
+	var err error
+	tlsCert, err := tls.X509KeyPair(x509cert, x509key)
+	if err != nil {
+		return listen, err
+	}
+	tlsConfig := tls.Config{
+		Certificates:       []tls.Certificate{tlsCert},
+		ClientAuth:         tls.NoClientCert,
+		InsecureSkipVerify: true,
+	}
+	listen, err = tls.Listen(protocol, addrinfo, &tlsConfig)
+	if err != nil {
+		return listen, err
+	}
+	return listen, err
+}
+
+func CreateListener(addrinfo string) (net.Listener, error) {
+	var listen net.Listener
+	var err error
+	listen, err = net.Listen(protocol, addrinfo)
+	if err != nil {
+		return listen, err
+	}
+	return listen, err
+}

pkg/x509crt/x509cert.go

@@ -11,7 +11,7 @@ import (
 	"time"
 )
 
-func CreateX509SelfSignedCert(subject string, hostnames ...string) ([]byte, []byte, error) {
+func CreateCertKey(subject string, hostnames ...string) ([]byte, []byte, error) {
 	var err error
 
 	certPem := make([]byte, 0)
@@ -72,7 +72,7 @@ func CreateX509SelfSignedCert(subject string, hostnames ...string) ([]byte, []by
 	return certPem, keyPem, err
 }
 
-func CreateX509CACert(commonName string) ([]byte, []byte, error) {
+func CreateCACert(commonName string) ([]byte, []byte, error) {
 	var err error
 	certPem := make([]byte, 0)
 	keyPem := make([]byte, 0)

pkg/x509crt/x509cert_test.go

@@ -10,22 +10,16 @@ import (
 )
 
 func TestCert(t *testing.T) {
-
 	{
-		//caCert, caKey, err := CreateX509SelfSignedCert("test1")
+		caCert, caKey, err := CreateCertKey("test1")
-		//require.NoError(t, err)
+		require.NoError(t, err)
-		//fmt.Println(string(caCert))
+		fmt.Println(string(caCert))
-		//fmt.Println(string(caKey))
+		fmt.Println(string(caKey))
-	}
+	}
-	{
+	{
-		caCert, caKey, err := CreateX509CACert("test1")
+		caCert, caKey, err := CreateCACert("test1")
 		require.NoError(t, err)
 		fmt.Println(string(caCert))
 		fmt.Println(string(caKey))
-
-		// caCert, caKey, err = CreateX509Cert("test1", caKey)
-		// require.NoError(t, err)
-		// fmt.Println(string(caCert))
-		// fmt.Println(string(caKey))
 	}
 }