11 files changed, 51 insertions, 44 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 26942d6..3a508bb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -44,6 +44,9 @@ set(CYNAGORA_SOVERSION ${PROJECT_VERSION_MAJOR})
 option(WITH_SYSTEMD       "should include systemd compatibility" ON)
 option(WITH_CYNARA_COMPAT "produce artifacts for compatibility with cynara" OFF)
 
+set(USER  cynagora CACHE STRING "user of the daemon")
+set(GROUP cynagora CACHE STRING "group of the daemon")
+
 set(DEFAULT_DB_DIR "${CMAKE_INSTALL_FULL_LOCALSTATEDIR}/lib/cynagora"
 	CACHE PATH "directory path of the database")
 set(DEFAULT_SOCKET_DIR "${CMAKE_INSTALL_FULL_RUNSTATEDIR}/cynagora"
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index f9034de..6de796d 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -96,7 +96,7 @@ target_compile_definitions(cynagorad PRIVATE
 	DEFAULT_INIT_FILE="${DEFAULT_INIT_FILE}"
 )
 if(WITH_SYSTEMD)
-	target_compile_definitions(cynagorad PRIVATE WITH_SYSTEMD_ACTIVATION)
+	target_compile_definitions(cynagorad PRIVATE WITH_SYSTEMD)
 	target_link_libraries(cynagorad ${libsystemd_LDFLAGS} ${libsystemd_LINK_LIBRARIES})
 	target_include_directories(cynagorad PRIVATE ${libsystemd_INCLUDE_DIRS})
 	target_compile_options(cynagorad PRIVATE ${libsystemd_CFLAGS})
diff --git a/src/cyn-server.c b/src/cyn-server.c
index abf37d7..fbef41b 100644
--- a/src/cyn-server.c
+++ b/src/cyn-server.c
@@ -35,6 +35,7 @@
 #include <sys/epoll.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 
 #include "data.h"
 #include "prot.h"
@@ -1008,6 +1009,7 @@ cyn_server_create(
 	const char *check_socket_spec,
 	const char *agent_socket_spec
 ) {
+	mode_t um;
 	cyn_server_t *srv;
 	int rc;
 
@@ -1030,7 +1032,9 @@ cyn_server_create(
 
 	/* create the admin server socket */
 	admin_socket_spec = cyn_get_socket_admin(admin_socket_spec);
+	um = umask(017);
 	srv->admin.fd = socket_open(admin_socket_spec, 1);
+	umask(um);
 	if (srv->admin.fd < 0) {
 		rc = -errno;
 		fprintf(stderr, "can't create admin server socket %s: %m\n", admin_socket_spec);
@@ -1049,7 +1053,9 @@ cyn_server_create(
 
 	/* create the check server socket */
 	check_socket_spec = cyn_get_socket_check(check_socket_spec);
+	um = umask(011);
 	srv->check.fd = socket_open(check_socket_spec, 1);
+	umask(um);
 	if (srv->check.fd < 0) {
 		rc = -errno;
 		fprintf(stderr, "can't create check server socket %s: %m\n", check_socket_spec);
@@ -1068,7 +1074,9 @@ cyn_server_create(
 
 	/* create the agent server socket */
 	agent_socket_spec = cyn_get_socket_agent(agent_socket_spec);
+	um = umask(017);
 	srv->agent.fd = socket_open(agent_socket_spec, 1);
+	umask(um);
 	if (srv->agent.fd < 0) {
 		rc = -errno;
 		fprintf(stderr, "can't create agent server socket %s: %m\n", agent_socket_spec);
diff --git a/src/main-cynagorad.c b/src/main-cynagorad.c
index 0af145c..836e7c8 100644
--- a/src/main-cynagorad.c
+++ b/src/main-cynagorad.c
@@ -38,7 +38,7 @@
 #include <sys/file.h>
 #include <sys/capability.h>
 
-#if defined(WITH_SYSTEMD_ACTIVATION)
+#if defined(WITH_SYSTEMD)
 #include <systemd/sd-daemon.h>
 #endif
 
@@ -82,11 +82,7 @@
 
 static
 const char
-shortopts[] = "d:g:hi:lmMOoS:u:v"
-#if defined(WITH_SYSTEMD_ACTIVATION)
-	"s"
-#endif
-;
+shortopts[] = "d:g:hi:lmMOoS:u:v";
 
 static
 const struct option
@@ -101,9 +97,6 @@ longopts[] = {
 	{ "own-db-dir", 0, NULL, _OWNDBDIR_ },
 	{ "own-socket-dir", 0, NULL, _OWNSOCKDIR_ },
 	{ "socketdir", 1, NULL, _SOCKETDIR_ },
-#if defined(WITH_SYSTEMD_ACTIVATION)
-	{ "systemd", 0, NULL, _SYSTEMD_ },
-#endif
 	{ "user", 1, NULL, _USER_ },
 	{ "version", 0, NULL, _VERSION_ },
 	{ NULL, 0, NULL, 0 }
@@ -116,9 +109,6 @@ helptxt[] =
 	"usage: cynagorad [options]...\n"
 	"\n"
 	"otpions:\n"
-#if defined(WITH_SYSTEMD_ACTIVATION)
-	"	-s, --systemd         socket activation by systemd\n"
-#endif
 	"	-u, --user xxx        set the user\n"
 	"	-g, --group xxx       set the group\n"
 	"	-i, --init xxx        initialize if needed the database with file xxx\n"
@@ -161,7 +151,6 @@ int main(int ac, char **av)
 	int help = 0;
 	int version = 0;
 	int error = 0;
-	int systemd = 0;
 	int uid = -1;
 	int gid = -1;
 	const char *init = NULL;
@@ -215,11 +204,6 @@ int main(int ac, char **av)
 		case _SOCKETDIR_:
 			socketdir = optarg;
 			break;
-#if defined(WITH_SYSTEMD_ACTIVATION)
-		case _SYSTEMD_:
-			systemd = 1;
-			break;
-#endif
 		case _USER_:
 			user = optarg;
 			break;
@@ -243,11 +227,6 @@ int main(int ac, char **av)
 	}
 	if (error)
 		return 1;
-	if (systemd && (socketdir || makesockdir)) {
-		fprintf(stderr, "can't set options --systemd and --%s together\n",
-			socketdir ? "socketdir" : "make-socket-dir");
-		return 1;
-	}
 
 	/* set the defaults */
 	dbdir = dbdir ?: DEFAULT_DB_DIR;
@@ -261,15 +240,30 @@ int main(int ac, char **av)
 
 	/* compute socket specs */
 	spec_socket_admin = spec_socket_check = spec_socket_agent = 0;
-	if (systemd) {
-		spec_socket_admin = strdup("sd:admin");
-		spec_socket_check = strdup("sd:check");
-		spec_socket_agent = strdup("sd:agent");
-	} else {
+#if defined(WITH_SYSTEMD)
+	{
+		char **names = 0;
+		rc = sd_listen_fds_with_names(0, &names);
+		if (rc >= 0 && names) {
+			for (rc = 0 ; names[rc] ; rc++) {
+				if (!strcmp(names[rc], "admin"))
+					spec_socket_admin = strdup("sd:admin");
+				else if (!strcmp(names[rc], "check"))
+					spec_socket_check = strdup("sd:check");
+				else if (!strcmp(names[rc], "agent"))
+					spec_socket_agent = strdup("sd:agent");
+				free(names[rc]);
+			}
+			free(names);
+		}
+	}
+#endif
+	if (!spec_socket_admin)
 		rc = asprintf(&spec_socket_admin, "%s:%s/%s", cyn_default_socket_scheme, socketdir, cyn_default_admin_socket_base);
+	if (!spec_socket_check)
 		rc = asprintf(&spec_socket_check, "%s:%s/%s", cyn_default_socket_scheme, socketdir, cyn_default_check_socket_base);
+	if (!spec_socket_agent)
 		rc = asprintf(&spec_socket_agent, "%s:%s/%s", cyn_default_socket_scheme, socketdir, cyn_default_agent_socket_base);
-	}
 	if (!spec_socket_admin || !spec_socket_check || !spec_socket_agent) {
 		fprintf(stderr, "can't make socket paths\n");
 		return 1;
@@ -361,9 +355,8 @@ int main(int ac, char **av)
 	}
 
 	/* ready ! */
-#if defined(WITH_SYSTEMD_ACTIVATION)
-	if (systemd)
-		sd_notify(0, "READY=1");
+#if defined(WITH_SYSTEMD)
+	sd_notify(0, "READY=1");
 #endif
 
 	/* serve */
diff --git a/src/meson.build b/src/meson.build
index bb0f4d7..c9778e8 100644
--- a/src/meson.build
+++ b/src/meson.build
@@ -79,7 +79,7 @@ executable('cynagorad', srvsrcs,
       '-DDEFAULT_DB_DIR="' + dbdir + '"',
       '-DDEFAULT_SOCKET_DIR="' + socketdir + '"',
       '-DDEFAULT_INIT_FILE="' + init_file + '"',
-      get_option('with-cynara-compat') ? '-DWITH_SYSTEMD_ACTIVATION' : '-DWITHOUT_SYSTEMD_ACTIVATION'
+      get_option('with-systemd') ? '-DWITH_SYSTEMD' : '-DWITHOUT_SYSTEMD'
    ],
    dependencies: [ sysd, cap ],
    link_with: corelib,
diff --git a/src/socket.c b/src/socket.c
index fde9648..6f8a060 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -32,7 +32,7 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 
-#if defined(WITH_SYSTEMD_ACTIVATION)
+#if defined(WITH_SYSTEMD)
 #include <systemd/sd-daemon.h>
 #endif
 
@@ -212,7 +212,7 @@ static int open_tcp(const char *spec, int server)
  */
 static int open_systemd(const char *spec)
 {
-#if defined(WITH_SYSTEMD_ACTIVATION)
+#if defined(WITH_SYSTEMD)
 	char **names;
 	int fd = -1;
 	int c = sd_listen_fds_with_names(0, &names);
diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
index c68f7f5..bb9d059 100644
--- a/systemd/CMakeLists.txt
+++ b/systemd/CMakeLists.txt
@@ -19,12 +19,13 @@
 set(SYSTEMD_UNIT_DIR "${CMAKE_INSTALL_FULL_LIBDIR}/systemd/system"
                   CACHE PATH "Path to systemd system unit files")
 
+CONFIGURE_FILE(cynagora.service.in            cynagora.service @ONLY)
 CONFIGURE_FILE(cynagora-admin.socket.in       cynagora-admin.socket @ONLY)
 CONFIGURE_FILE(cynagora-check.socket.in       cynagora-check.socket @ONLY)
 CONFIGURE_FILE(cynagora-agent.socket.in       cynagora-agent.socket @ONLY)
 
 INSTALL(FILES
-    ${CMAKE_CURRENT_SOURCE_DIR}/cynagora.service
+    ${CMAKE_CURRENT_BINARY_DIR}/cynagora.service
     ${CMAKE_CURRENT_SOURCE_DIR}/cynagora.target
     ${CMAKE_CURRENT_BINARY_DIR}/cynagora-admin.socket
     ${CMAKE_CURRENT_BINARY_DIR}/cynagora-check.socket
diff --git a/systemd/cynagora-admin.socket.in b/systemd/cynagora-admin.socket.in
index 622c023..b2f5874 100644
--- a/systemd/cynagora-admin.socket.in
+++ b/systemd/cynagora-admin.socket.in
@@ -1,7 +1,9 @@
 [Socket]
 FileDescriptorName=admin
 ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.admin
-SocketMode=0600
+SocketUser=@USER@
+SocketGroup=@GROUP@
+SocketMode=0660
 SmackLabelIPIn=@
 SmackLabelIPOut=@
 
diff --git a/systemd/cynagora-agent.socket.in b/systemd/cynagora-agent.socket.in
index a5e66b8..3671113 100644
--- a/systemd/cynagora-agent.socket.in
+++ b/systemd/cynagora-agent.socket.in
@@ -1,7 +1,9 @@
 [Socket]
 FileDescriptorName=agent
 ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.agent
-SocketMode=0600
+SocketUser=@USER@
+SocketGroup=@GROUP@
+SocketMode=0660
 SmackLabelIPIn=@
 SmackLabelIPOut=@
 
diff --git a/systemd/cynagora-check.socket.in b/systemd/cynagora-check.socket.in
index fcd6ed1..0eeae57 100644
--- a/systemd/cynagora-check.socket.in
+++ b/systemd/cynagora-check.socket.in
@@ -1,6 +1,8 @@
 [Socket]
 FileDescriptorName=check
 ListenStream=@DEFAULT_SOCKET_DIR@/cynagora.check
+SocketUser=@USER@
+SocketGroup=@GROUP@
 SocketMode=0666
 SmackLabelIPIn=*
 SmackLabelIPOut=@
diff --git a/systemd/cynagora.service b/systemd/cynagora.service.in
index 97a0f36..9035d00 100644
--- a/systemd/cynagora.service
+++ b/systemd/cynagora.service.in
@@ -4,7 +4,7 @@ Requires=afm-system-setup.service
 After=afm-system-setup.service
 
 [Service]
-ExecStart=/usr/bin/cynagorad --systemd --user cynagora --group cynagora --make-db-dir --own-db-dir
+ExecStart=/usr/bin/cynagorad --user @USER@ --group @GROUP@ --make-db-dir --own-db-dir
 
 Type=notify
 
@@ -15,11 +15,7 @@ Restart=always
 Sockets=cynagora-admin.socket
 Sockets=cynagora-check.socket
 Sockets=cynagora-agent.socket
-SmackProcessLabel=System
 
-#UMask=0000
-#User=cynagora
-#Group=cynagora
 #NoNewPrivileges=true
 
 [Install]