From 229a3a97fc07b42658fc71bd480d91a15168d29a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9E=D0=BB=D0=B5=D0=B3=20=D0=91=D0=BE=D1=80=D0=BE=D0=B4?= =?UTF-8?q?=D0=B8=D0=BD?= Date: Wed, 25 Mar 2026 12:21:58 +0200 Subject: [PATCH] mstore server: moving creating listener from service to service --- app/config/config.go | 4 +- app/config/variant.go | 2 +- app/server/server.go | 93 +++++++++++++++++++++++++++------- app/service/service.go | 55 +++----------------- cmd/mstored/starter/starter.go | 4 +- configure | 20 ++++---- 6 files changed, 97 insertions(+), 81 deletions(-) diff --git a/app/config/config.go b/app/config/config.go index 00f0eb7..301790f 100644 --- a/app/config/config.go +++ b/app/config/config.go @@ -22,7 +22,7 @@ import ( type Service struct { Address string `json:"address" yaml:"address"` - Port int64 `json:"port" yaml:"port"` + Port uint32 `json:"port" yaml:"port"` } type Database struct { @@ -49,6 +49,7 @@ type Config struct { Hostname string `json:"hostname" yaml:hostname` Hostnames []string `json:"hostnames" yaml:hostnames` LogLimit int64 `json:"logLimit" yaml:logLimit` + RunUser string `json:"runUser" yaml:runUser` } func NewConfig() *Config { @@ -84,6 +85,7 @@ func NewConfig() *Config { //Keypath: keypath, Hostnames: make([]string, 0), LogLimit: 1024 * 1024 * 10, // 10 Mb + RunUser: "daemon", } } diff --git a/app/config/variant.go b/app/config/variant.go index ab86399..652b419 100644 --- a/app/config/variant.go +++ b/app/config/variant.go @@ -5,6 +5,6 @@ const ( rundir = "/var/run/mstore" logdir = "/var/log/mstore" datadir = "/var/lib/mstore" - version = "0.2.3" + version = "0.2.4" srvname = "mstored" ) diff --git a/app/server/server.go b/app/server/server.go index e6b1049..236f55e 100644 --- a/app/server/server.go +++ b/app/server/server.go @@ -14,6 +14,7 @@ import ( "context" "fmt" "io/ioutil" + "net" "os" "os/signal" "os/user" @@ -54,6 +55,9 @@ type Server struct { cancel context.CancelFunc wg sync.WaitGroup logf *os.File + //x509cert []byte + //x509key []byte + listen net.Listener } func NewServer() (*Server, error) { @@ -85,7 +89,7 @@ func (srv *Server) SetDatadir(dir string) { srv.conf.Datadir = dir } -func (srv *Server) SetPort(port int64) { +func (srv *Server) SetPort(port uint32) { srv.conf.Service.Port = port } @@ -152,6 +156,21 @@ func (srv *Server) Build() error { confDump := srv.conf.String() srv.logg.Infof("Current server configuration is:\n%s\n", confDump) + usr, err := user.Lookup(srv.conf.RunUser) + if err != nil { + return err + } + uid64, err := strconv.ParseInt(usr.Uid, 10, 64) + if err != nil { + return err + } + gid64, err := strconv.ParseInt(usr.Gid, 10, 64) + if err != nil { + return err + } + uid := int(uid64) + gid := int(gid64) + if srv.conf.AsDaemon { logdir := filepath.Dir(srv.conf.Logpath) srv.logg.Infof("Creating log directory %s", logdir) @@ -159,12 +178,20 @@ func (srv *Server) Build() error { if err != nil { return err } + err = os.Chown(logdir, uid, gid) + if err != nil { + return err + } rundir := filepath.Dir(srv.conf.Runpath) srv.logg.Infof("Creating run directory %s", rundir) err = os.MkdirAll(rundir, 0750) if err != nil { return err } + err = os.Chown(rundir, uid, gid) + if err != nil { + return err + } } // Creating datadir @@ -176,6 +203,11 @@ func (srv *Server) Build() error { return err } } + err = os.Chown(datadir, uid, gid) + if err != nil { + return err + } + // Read state file srv.logg.Infof("Reading server status") err = srv.ReadStat() @@ -184,13 +216,45 @@ func (srv *Server) Build() error { } // Creating database dir dbdir := srv.conf.Database.Basepath - //if !auxtool.DirExists(dbdir) { srv.logg.Infof("Creating database directory %s ", dbdir) err = os.MkdirAll(dbdir, 0750) if err != nil { return err } - //} + + // Creating storage dir + srv.logg.Infof("Creating storage directory") + datadir = srv.conf.Database.Basepath + err = os.MkdirAll(datadir, 0750) + if err != nil { + return err + } + err = os.Chown(datadir, uid, gid) + if err != nil { + return err + } + + cert, key := []byte(srv.conf.X509Cert), []byte(srv.conf.X509Key) + addrinfo := fmt.Sprintf("%s:%d", srv.conf.Service.Address, srv.conf.Service.Port) + listener, err := CreateTLSListener(addrinfo, cert, key) + if err != nil { + return err + } + srv.listen = listener + + // Change effective user + err = syscall.Setuid(uid) + if err != nil { + return err + } + + uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10) + usr, err = user.LookupId(uidstr) + if err != nil { + return err + } + srv.logg.Warningf("Now run as user: %s", usr.Username) + // Creating database mdb := maindb.NewDatabase(dbdir) srv.logg.Infof("Opening main database") @@ -246,15 +310,7 @@ func (srv *Server) Build() error { return err } } - // Creating storage - srv.logg.Infof("Creating storage directory") - datadir = srv.conf.Database.Basepath - err = os.MkdirAll(datadir, 0750) - if err != nil { - return err - } - srv.logg.Infof("Creating storage") store := storage.NewStorage(datadir) srv.stor = store @@ -289,7 +345,6 @@ func (srv *Server) Build() error { if err != nil { return err } - // Creating handler srv.logg.Infof("Creating handler") handlerParams := &handler.HandlerParams{ @@ -305,10 +360,7 @@ func (srv *Server) Build() error { // Creating service serviceParams := &service.ServiceParams{ Handler: srv.hand, - X509Cert: srv.conf.X509Cert, - X509Key: srv.conf.X509Key, - Address: srv.conf.Service.Address, - Portnum: srv.conf.Service.Port, + Listener: srv.listen, } srv.logg.Infof("Creating service") srv.svc, err = service.NewService(serviceParams) @@ -320,7 +372,6 @@ func (srv *Server) Build() error { if err != nil { return err } - return err } @@ -331,7 +382,13 @@ func (srv *Server) Run() error { if err != nil { return err } - srv.logg.Infof("Server run as user %s", currUser.Username) + srv.logg.Infof("Server started with user: %s", currUser.Username) + uidstr := strconv.FormatInt(int64(syscall.Geteuid()), 10) + usr, err := user.LookupId(uidstr) + if err != nil { + return err + } + srv.logg.Infof("Server run with user: %s", usr.Username) srv.ctx, srv.cancel = context.WithCancel(context.Background()) svcDone := make(chan error, 1) diff --git a/app/service/service.go b/app/service/service.go index 075dc17..b4b0b47 100644 --- a/app/service/service.go +++ b/app/service/service.go @@ -11,8 +11,6 @@ package service import ( "context" - "crypto/tls" - "fmt" "net" "net/http" "time" @@ -22,26 +20,15 @@ import ( "mstore/app/router" ) -const protocol = "tcp" - type ServiceParams struct { Handler *handler.Handler - X509Cert string - X509Key string - Portnum int64 - Address string + Listener net.Listener } type Service struct { - hand *handler.Handler - rout *router.Router - logg *logger.Logger - - address string - portnum int64 - x509cert []byte - x509key []byte - + hand *handler.Handler + rout *router.Router + logg *logger.Logger listen net.Listener hsrv *http.Server } @@ -49,11 +36,8 @@ type Service struct { func NewService(params *ServiceParams) (*Service, error) { var err error svc := &Service{ - hand: params.Handler, - x509cert: []byte(params.X509Cert), - x509key: []byte(params.X509Key), - portnum: params.Portnum, - address: params.Address, + hand: params.Handler, + listen: params.Listener, } svc.logg = logger.NewLoggerWithSubject("service") return svc, err @@ -126,33 +110,6 @@ func (svc *Service) Build() error { svc.logg.Infof("%s\t%s", item.Method, item.RawPath) } - const useTLS = true - if useTLS { - tlsCert, err := tls.X509KeyPair(svc.x509cert, svc.x509key) - - if err != nil { - return err - } - - tlsConfig := tls.Config{ - Certificates: []tls.Certificate{tlsCert}, - ClientAuth: tls.NoClientCert, - InsecureSkipVerify: true, - } - - listenAddress := fmt.Sprintf("%s:%d", svc.address, svc.portnum) - svc.listen, err = tls.Listen(protocol, listenAddress, &tlsConfig) - if err != nil { - return err - } - - } else { - listenAddress := fmt.Sprintf("%s:%d", svc.address, svc.portnum) - svc.listen, err = net.Listen(protocol, listenAddress) - if err != nil { - return err - } - } svc.logg.Infof("Service listening at %v", svc.listen.Addr()) svc.hsrv = &http.Server{ Handler: svc.rout, diff --git a/cmd/mstored/starter/starter.go b/cmd/mstored/starter/starter.go index fbcdbb1..9aeef40 100644 --- a/cmd/mstored/starter/starter.go +++ b/cmd/mstored/starter/starter.go @@ -20,7 +20,7 @@ import ( type Starter struct { runAsDaemon bool - port int64 + port uint32 cmd *cobra.Command srv *server.Server } @@ -36,7 +36,7 @@ func NewStarter() *Starter { } cmd.CompletionOptions.DisableDefaultCmd = true cmd.Flags().BoolVarP(&sta.runAsDaemon, "asDaemon", "D", true, "Run service as daemon") - cmd.Flags().Int64VarP(&sta.port, "port", "P", 1025, "Service port") + cmd.Flags().Uint32VarP(&sta.port, "port", "P", 1025, "Service port") sta.cmd = cmd return sta diff --git a/configure b/configure index 05595fe..addd314 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for mstore 0.2.3. +# Generated by GNU Autoconf 2.72 for mstore 0.2.4. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2023 Free Software Foundation, @@ -600,8 +600,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='mstore' PACKAGE_TARNAME='mstore' -PACKAGE_VERSION='0.2.3' -PACKAGE_STRING='mstore 0.2.3' +PACKAGE_VERSION='0.2.4' +PACKAGE_STRING='mstore 0.2.4' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -1278,7 +1278,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures mstore 0.2.3 to adapt to many kinds of systems. +'configure' configures mstore 0.2.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1349,7 +1349,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of mstore 0.2.3:";; + short | recursive ) echo "Configuration of mstore 0.2.4:";; esac cat <<\_ACEOF @@ -1436,7 +1436,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -mstore configure 0.2.3 +mstore configure 0.2.4 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -1473,7 +1473,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by mstore $as_me 0.2.3, which was +It was created by mstore $as_me 0.2.4, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -2612,7 +2612,7 @@ fi # Define the identity of the package. PACKAGE='mstore' - VERSION='0.2.3' + VERSION='0.2.4' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -4448,7 +4448,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by mstore $as_me 0.2.3, which was +This file was extended by mstore $as_me 0.2.4, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -4503,7 +4503,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -mstore config.status 0.2.3 +mstore config.status 0.2.4 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\"