Commit 1ef15997 authored by ale's avatar ale
Browse files

run with a FIFO as input, or standard log files

parent 922c5b9a
...@@ -2,21 +2,74 @@ package main ...@@ -2,21 +2,74 @@ package main
import ( import (
"flag" "flag"
"git.autistici.org/ale/postfix-tlswatch"
"log" "log"
"os" "os"
"syscall"
"time" "time"
"git.autistici.org/ale/postfix-tlswatch"
) )
var ( var (
dbPath = flag.String("db", "/var/lib/postfix-tlswatch/db", "Database directory") dbPath = flag.String("db", "/var/lib/postfix-tlswatch/db", "Database directory")
tlsPolicy = flag.String("policy", "ca-pinning", "TLS policy (strict | ca-pinning)") tlsPolicy = flag.String("policy", "ca-pinning", "TLS policy (strict | ca-pinning)")
tlsPolicyMapFile = flag.String("tls-policy-map", "/etc/postfix/maps/tls_policy", "Location of the Postfix tls_policy_map file") tlsPolicyMapFile = flag.String("tls-policy-map", "/etc/postfix/maps/tls_policy", "Location of the Postfix tls_policy_map file")
updatePeriod = flag.Duration("update-period", 900 * time.Second, "Update period") updatePeriod = flag.Duration("update-period", 900*time.Second, "Update period")
whitelistFile = flag.String("whitelist", "", "Domain whitelist file") whitelistFile = flag.String("whitelist", "", "Domain whitelist file")
blacklistFile = flag.String("blacklist", "", "Domain blacklist file") blacklistFile = flag.String("blacklist", "", "Domain blacklist file")
fifoPath = flag.String("fifo", "", "Read data from a FIFO (run as daemon)")
) )
func runOnce(scanner *tlswatch.Scanner) {
// If any command-line arguments are specified, process them,
// otherwise read from standard input.
if flag.NArg() > 0 {
for _, filename := range flag.Args() {
f, err := os.Open(filename)
if err != nil {
log.Printf("Error opening '%s': %s", filename, err)
continue
}
if err := scanner.Scan(f); err != nil {
log.Printf("Error processing '%s': %s", filename, err)
}
f.Close()
}
} else {
if err := scanner.Scan(os.Stdin); err != nil {
log.Fatal(err)
}
}
}
func runFifo(scanner *tlswatch.Scanner) {
// Create the FIFO if it does not exist, but raise a fatal
// error if it already exists and it's a standard file.
if info, err := os.Stat(*fifoPath); err == nil {
if info.Mode()&os.ModeNamedPipe != os.ModeNamedPipe {
log.Fatalf("%s is not a FIFO", *fifoPath)
}
} else {
if err := syscall.Mkfifo(*fifoPath, 0770); err != nil {
log.Fatal(err)
}
}
// Outer loop on reading from *fifoPath to ignore EOFs.
for {
f, err := os.Open(*fifoPath)
if err != nil {
log.Fatal(err)
}
if err := scanner.Scan(f); err != nil {
log.Fatal(err)
}
f.Close()
}
}
func main() { func main() {
flag.Parse() flag.Parse()
...@@ -48,7 +101,13 @@ func main() { ...@@ -48,7 +101,13 @@ func main() {
domainBl = tlswatch.ParseWildcardsFromFile(*blacklistFile) domainBl = tlswatch.ParseWildcardsFromFile(*blacklistFile)
} }
tlswatch.NewScanner(db, ch, errCh, domainWl, domainBl).Scan(os.Stdin) scanner := tlswatch.NewScanner(db, ch, errCh, domainWl, domainBl)
if *fifoPath != "" {
runFifo(scanner)
} else {
runOnce(scanner)
}
close(ch) close(ch)
close(errCh) close(errCh)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment