package org.cacert.gigi;
import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
import java.io.IOException;
+import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.security.GeneralSecurityException;
import java.security.Key;
public static void main(String[] args) throws Exception {
System.setProperty("jdk.tls.ephemeralDHKeySize", "4096");
- new Launcher().boot();
+ InputStream in;
+ if (args.length >= 1) {
+ in = new FileInputStream(new File(args[0]));
+ } else {
+ in = System.in;
+ }
+ new Launcher().boot(in);
}
Server s;
GigiConfig conf;
- public synchronized void boot() throws Exception {
+ private boolean isSystemPort(int port) {
+ return 1 <= port && port <= 1024;
+ }
+
+ public synchronized void boot(InputStream in) throws Exception {
Locale.setDefault(Locale.ENGLISH);
TimeZone.setDefault(TimeZone.getTimeZone("UTC"));
+ HttpURLConnection.setFollowRedirects(false);
- conf = GigiConfig.parse(System.in);
+ conf = GigiConfig.parse(in);
ServerConstants.init(conf.getMainProps());
initEmails(conf);
initHandlers();
s.start();
- if ((ServerConstants.getSecurePort() <= 1024 || ServerConstants.getPort() <= 1024) && !System.getProperty("os.name").toLowerCase().contains("win")) {
- SetUID uid = new SetUID();
- if ( !uid.setUid(65536 - 2, 65536 - 2).getSuccess()) {
- Log.getLogger(Launcher.class).warn("Couldn't set uid!");
+ if ((isSystemPort(ServerConstants.getSecurePort()) || isSystemPort(ServerConstants.getPort())) && !System.getProperty("os.name").toLowerCase().contains("win")) {
+ String uid_s = conf.getMainProps().getProperty("gigi.uid", Integer.toString(65536 - 2));
+ String gid_s = conf.getMainProps().getProperty("gigi.gid", Integer.toString(65536 - 2));
+ try {
+ int uid = Integer.parseInt(uid_s);
+ int gid = Integer.parseInt(gid_s);
+ if (uid == -1 && gid == -1) {
+ // skip setuid step
+ } else if (uid > 0 && gid > 0 && uid < 65536 && gid < 65536) {
+ SetUID.Status status = new SetUID().setUid(uid, gid);
+ if ( !status.getSuccess()) {
+ Log.getLogger(Launcher.class).warn(status.getMessage());
+ }
+ } else {
+ Log.getLogger(Launcher.class).warn("Invalid uid or gid (must satisfy 0 < id < 65536)");
+ }
+ } catch (NumberFormatException e) {
+ Log.getLogger(Launcher.class).warn("Invalid gigi.uid or gigi.gid", e);
}
}
}
protected static ServerConnector createConnector(GigiConfig conf, Server s, HttpConfiguration httpConfig, boolean doHttps) throws GeneralSecurityException, IOException {
ServerConnector connector;
+ int port;
if (doHttps) {
connector = new ServerConnector(s, createConnectionFactory(conf), new HttpConnectionFactory(httpConfig));
+ port = ServerConstants.getSecurePort();
} else {
connector = new ServerConnector(s, new HttpConnectionFactory(httpConfig));
+ port = ServerConstants.getPort();
}
- connector.setHost(conf.getMainProps().getProperty("host"));
- if (doHttps) {
- connector.setPort(ServerConstants.getSecurePort());
+ if (port == -1) {
+ connector.setInheritChannel(true);
} else {
- connector.setPort(ServerConstants.getPort());
+ connector.setHost(conf.getMainProps().getProperty("host"));
+ connector.setPort(port);
}
connector.setAcceptQueueSize(100);
return connector;
projects / gigi.git / blobdiff