molly-brown/main.go

package main

import (
	"crypto/tls"
	"flag"
	"fmt"
	"log"
	"os"
	"os/signal"
	"strconv"
	"sync"
	"syscall"
)

var VERSION = "0.0.0"

func main() {
	var conf_file string
	var version bool

	// Parse args
	flag.StringVar(&conf_file, "c", "", "Path to config file")
	flag.BoolVar(&version, "v", false, "Print version and exit")
	flag.Parse()

	// If requested, print version and exit
	if version {
		fmt.Println("Molly Brown version", VERSION)
		os.Exit(0)
	}

	// Read config
	if conf_file == "" {
		_, err := os.Stat("/etc/molly.conf")
		if err == nil {
			conf_file = "/etc/molly.conf"
		}
	}
	config, err := getConfig(conf_file)
	if err != nil {
		log.Fatal(err)
	}

	// Run server and exit
	os.Exit(do_main(config))
}

func do_main(config Config) int {

	// If we are running as root, find the UID of the "nobody" user, before a
	// chroot() possibly stops seeing /etc/passwd
	privInfo, err := getUserInfo(config)
	if err != nil {
		log.Println("Exiting due to failure to apply security restrictions.")
		return 1
	}

	// Chroot, if asked
	if config.ChrootDir != "" {
		err := syscall.Chroot(config.ChrootDir)
		if err != nil {
			log.Println("Could not chroot to " + config.ChrootDir + ": " + err.Error())
			return 1
		}
	}

	// Open log files
	if config.ErrorLog != "" {
		errorLogFile, err := os.OpenFile(config.ErrorLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
		if err != nil {
			log.Println("Error opening error log file: " + err.Error())
			return 1
		}
		defer errorLogFile.Close()
		log.SetOutput(errorLogFile)
	}
	log.SetFlags(log.Ldate|log.Ltime)

	var accessLogFile *os.File
	if config.AccessLog == "-" {
		accessLogFile = os.Stdout
	} else if config.AccessLog != "" {
		accessLogFile, err = os.OpenFile(config.AccessLog, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
		if err != nil {
			log.Println("Error opening access log file: " + err.Error())
			return 1
		}
		defer accessLogFile.Close()
	}

	// Read TLS files, create TLS config
	// Check key file permissions first
	info, err := os.Stat(config.KeyPath)
	if err != nil {
		log.Println("Error opening TLS key file: " + err.Error())
		return 1
	}
	if uint64(info.Mode().Perm())&0444 == 0444 {
		log.Println("Refusing to use world-readable TLS key file " + config.KeyPath)
		return 1
	}
	cert, err := tls.LoadX509KeyPair(config.CertPath, config.KeyPath)
	if err != nil {
		log.Println("Error loading TLS keypair: " + err.Error())
		return 1
	}
	var tlscfg tls.Config
	tlscfg.Certificates = []tls.Certificate{cert}
	tlscfg.MinVersion = tls.VersionTLS12
	if len(config.CertificateZones) > 0 {
		tlscfg.ClientAuth = tls.RequestClientCert
	}

	// Try to chdir to /, so we don't block any mountpoints
	// But if we can't for some reason it's no big deal
        err = os.Chdir("/")
        if err != nil {
                log.Println("Could not change working directory to /: " + err.Error())
        }

	// Apply security restrictions
	err = enableSecurityRestrictions(config, privInfo)
	if err != nil {
		log.Println("Exiting due to failure to apply security restrictions.")
		return 1
	}

	// Create TLS listener
	listener, err := tls.Listen("tcp", ":"+strconv.Itoa(config.Port), &tlscfg)
	if err != nil {
		log.Println("Error creating TLS listener: " + err.Error())
		return 1
	}
	defer listener.Close()

	// Start log handling routines
	var accessLogEntries chan LogEntry
	if config.AccessLog == "" {
		accessLogEntries = nil
	} else {
		accessLogEntries := make(chan LogEntry, 10)
		go func() {
			for {
				entry := <-accessLogEntries
				writeLogEntry(accessLogFile, entry)
			}
		}()
	}

	// Start listening for signals
	shutdown := make(chan struct{})
	sigterm := make(chan os.Signal, 1)
	signal.Notify(sigterm, syscall.SIGTERM)
	go func() {
		<-sigterm
		log.Println("Caught SIGTERM.  Waiting for handlers to finish...")
		close(shutdown)
		listener.Close()
	}()

	// Infinite serve loop (SIGTERM breaks out)
	running := true
	var wg sync.WaitGroup
	for running {
		conn, err := listener.Accept()
		if err == nil {
			wg.Add(1)
			go handleGeminiRequest(conn, config, accessLogEntries, &wg)
		} else {
			select {
			case <-shutdown:
				running = false
			default:
				log.Println("Error accepting connection: " + err.Error())
			}
		}
	}
	// Wait for still-running handler Go routines to finish
	wg.Wait()
	log.Println("Exiting.")

	// Exit successfully
	return 0
}
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`package main`

			`import (`
			`"crypto/tls"`
			`"flag"`
Add -v flag to print version and exit. Closes #23. 2023-02-05 15:36:18 +01:00			`"fmt"`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`"log"`
			`"os"`
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`"os/signal"`
Add missing import from previous commit. 2020-05-21 22:50:33 +02:00			`"strconv"`
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`"sync"`
			`"syscall"`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`)`

Add -v flag to print version and exit. Closes #23. 2023-02-05 15:36:18 +01:00			`var VERSION = "0.0.0"`

Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`func main() {`
			`var conf_file string`
Add -v flag to print version and exit. Closes #23. 2023-02-05 15:36:18 +01:00			`var version bool`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00
Add -v flag to print version and exit. Closes #23. 2023-02-05 15:36:18 +01:00			`// Parse args`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`flag.StringVar(&conf_file, "c", "", "Path to config file")`
Add -v flag to print version and exit. Closes #23. 2023-02-05 15:36:18 +01:00			`flag.BoolVar(&version, "v", false, "Print version and exit")`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`flag.Parse()`
Add -v flag to print version and exit. Closes #23. 2023-02-05 15:36:18 +01:00
			`// If requested, print version and exit`
			`if version {`
			`fmt.Println("Molly Brown version", VERSION)`
			`os.Exit(0)`
			`}`

			`// Read config`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`if conf_file == "" {`
			`_, err := os.Stat("/etc/molly.conf")`
Broader config file error handling. 2020-07-01 19:56:43 +02:00			`if err == nil {`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`conf_file = "/etc/molly.conf"`
			`}`
			`}`
			`config, err := getConfig(conf_file)`
			`if err != nil {`
Use log.Fatal instead of fmt.Println and os.Exit. 2020-06-08 20:02:29 +02:00			`log.Fatal(err)`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`}`

Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`// Run server and exit`
			`os.Exit(do_main(config))`
			`}`

			`func do_main(config Config) int {`

Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00			`// If we are running as root, find the UID of the "nobody" user, before a`
			`// chroot() possibly stops seeing /etc/passwd`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`privInfo, err := getUserInfo(config)`
			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Exiting due to failure to apply security restrictions.")`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
			`}`
Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00
			`// Chroot, if asked`
			`if config.ChrootDir != "" {`
			`err := syscall.Chroot(config.ChrootDir)`
			`if err != nil {`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`log.Println("Could not chroot to " + config.ChrootDir + ": " + err.Error())`
			`return 1`
Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00			`}`
			`}`

Introduce error log. 2020-06-28 18:34:50 +02:00			`// Open log files`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`if config.ErrorLog != "" {`
			`errorLogFile, err := os.OpenFile(config.ErrorLog, os.O_APPEND\|os.O_CREATE\|os.O_WRONLY, 0644)`
Allow access and error logging to stdout by configuring a path of "-". Thanks to @icedquinn@blob.cat for the suggestion. 2021-01-24 17:09:47 +01:00			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Error opening error log file: " + err.Error())`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
Allow access and error logging to stdout by configuring a path of "-". Thanks to @icedquinn@blob.cat for the suggestion. 2021-01-24 17:09:47 +01:00			`}`
			`defer errorLogFile.Close()`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.SetOutput(errorLogFile)`
Add basic logging. 2019-11-06 18:38:41 +02:00			`}`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.SetFlags(log.Ldate\|log.Ltime)`
Use standard library logging facilities for error log. 2020-07-01 19:57:39 +02:00
Allow access and error logging to stdout by configuring a path of "-". Thanks to @icedquinn@blob.cat for the suggestion. 2021-01-24 17:09:47 +01:00			`var accessLogFile *os.File`
			`if config.AccessLog == "-" {`
			`accessLogFile = os.Stdout`
Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00			`} else if config.AccessLog != "" {`
Allow access and error logging to stdout by configuring a path of "-". Thanks to @icedquinn@blob.cat for the suggestion. 2021-01-24 17:09:47 +01:00			`accessLogFile, err = os.OpenFile(config.AccessLog, os.O_APPEND\|os.O_CREATE\|os.O_WRONLY, 0644)`
			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Error opening access log file: " + err.Error())`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
Allow access and error logging to stdout by configuring a path of "-". Thanks to @icedquinn@blob.cat for the suggestion. 2021-01-24 17:09:47 +01:00			`}`
			`defer accessLogFile.Close()`
Introduce error log. 2020-06-28 18:34:50 +02:00			`}`
Add basic logging. 2019-11-06 18:38:41 +02:00
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`// Read TLS files, create TLS config`
Refuse to use a world-readable TLS key. 2023-02-07 19:23:35 +01:00			`// Check key file permissions first`
			`info, err := os.Stat(config.KeyPath)`
			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Error opening TLS key file: " + err.Error())`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
Refuse to use a world-readable TLS key. 2023-02-07 19:23:35 +01:00			`}`
			`if uint64(info.Mode().Perm())&0444 == 0444 {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Refusing to use world-readable TLS key file " + config.KeyPath)`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
Refuse to use a world-readable TLS key. 2023-02-07 19:23:35 +01:00			`}`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`cert, err := tls.LoadX509KeyPair(config.CertPath, config.KeyPath)`
			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Error loading TLS keypair: " + err.Error())`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`}`
Do not request client certificates if we're never going to need them. 2023-02-19 15:17:45 +01:00			`var tlscfg tls.Config`
			`tlscfg.Certificates = []tls.Certificate{cert}`
			`tlscfg.MinVersion = tls.VersionTLS12`
			`if len(config.CertificateZones) > 0 {`
			`tlscfg.ClientAuth = tls.RequestClientCert`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`}`

Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00			`// Try to chdir to /, so we don't block any mountpoints`
			`// But if we can't for some reason it's no big deal`
			`err = os.Chdir("/")`
			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Could not change working directory to /: " + err.Error())`
Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00			`}`

			`// Apply security restrictions`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`err = enableSecurityRestrictions(config, privInfo)`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Exiting due to failure to apply security restrictions.")`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
			`}`
Chdir to / so that Molly doesn't interfere with unmounting. 2023-02-10 16:16:57 +01:00
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`// Create TLS listener`
Do not request client certificates if we're never going to need them. 2023-02-19 15:17:45 +01:00			`listener, err := tls.Listen("tcp", ":"+strconv.Itoa(config.Port), &tlscfg)`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`if err != nil {`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Error creating TLS listener: " + err.Error())`
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`return 1`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`}`
			`defer listener.Close()`

Introduce error log. 2020-06-28 18:34:50 +02:00			`// Start log handling routines`
Add support for chroot()ing server early after startup, more work toward issue #16. 2023-02-15 21:10:22 +01:00			`var accessLogEntries chan LogEntry`
			`if config.AccessLog == "" {`
			`accessLogEntries = nil`
			`} else {`
			`accessLogEntries := make(chan LogEntry, 10)`
			`go func() {`
			`for {`
			`entry := <-accessLogEntries`
			`writeLogEntry(accessLogFile, entry)`
			`}`
			`}()`
			`}`
First pass at a pledge/unveil implementation for OpenBSD. 2020-09-14 22:21:05 -04:00
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`// Start listening for signals`
			`shutdown := make(chan struct{})`
			`sigterm := make(chan os.Signal, 1)`
			`signal.Notify(sigterm, syscall.SIGTERM)`
			`go func() {`
			`<-sigterm`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Caught SIGTERM. Waiting for handlers to finish...")`
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`close(shutdown)`
			`listener.Close()`
			`}()`

			`// Infinite serve loop (SIGTERM breaks out)`
			`running := true`
			`var wg sync.WaitGroup`
			`for running {`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`conn, err := listener.Accept()`
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`if err == nil {`
			`wg.Add(1)`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`go handleGeminiRequest(conn, config, accessLogEntries, &wg)`
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`} else {`
			`select {`
Big ol' gofmt. 2023-02-10 17:19:21 +01:00			`case <-shutdown:`
			`running = false`
			`default:`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Error accepting connection: " + err.Error())`
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`}`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`}`
			`}`
Catch SIGTERM and shutdown gracefully. 2023-02-08 19:56:27 +01:00			`// Wait for still-running handler Go routines to finish`
			`wg.Wait()`
Just use the log package's default logger as the error log. 2023-02-19 15:04:34 +01:00			`log.Println("Exiting.")`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00
Avoid use of log.Fatal() or os.Exit() in main so defers are guaranteed to run. 2023-02-19 14:40:54 +01:00			`// Exit successfully`
			`return 0`
Initial bare bones implementation. 2019-11-06 17:08:44 +02:00			`}`