X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2Fbin%2Ffreeside-selfservice-server;h=c045893d18dc1afe646a2fea182a816f8bbf05af;hb=649ceeca76084d16d22013124bd7f80f053d75c4;hp=a83664db2fe56264d44362f4f107ff5b7bbe8ccf;hpb=efccaa2d081bfcaaddcf9d89da3c2a065b4caafb;p=freeside.git

diff --git a/FS/bin/freeside-selfservice-server b/FS/bin/freeside-selfservice-server
index a83664db2..c045893d1 100644
--- a/FS/bin/freeside-selfservice-server
+++ b/FS/bin/freeside-selfservice-server
@@ -25,8 +25,8 @@ use FS::Conf;
 use FS::cust_bill;
 use FS::cust_pkg;
 
-$Debug = 1; # >= 2 will log packet contents, including potentially compromising
-            # information
+$Debug = 1; # 2 will turn on more logging
+            # 3 will log packet contents, including passwords
 
 $shutdown = 0;
 $max_kids = '10'; #?
@@ -41,7 +41,6 @@ my $tag = scalar(@ARGV) ? shift : '';
 my $pid_file = "/var/run/freeside-selfservice-server.$user.$machine.pid";
 
 my $lock_file = "/usr/local/etc/freeside/selfservice.$machine.writelock";
-open(LOCKFILE,">$lock_file") or die "can't open $lock_file: $!";
 
 &init($user);
 
@@ -73,7 +72,9 @@ while (1) {
       &shutdown if $shutdown;
       if ( $keepalives && $keepalive_count++ > 10 ) {
         $keepalive_count = 0;
+        lock_write;
         nstore_fd( { _token => '_keepalive' }, $writer );
+        unlock_write;
       }
       next;
     }
@@ -96,7 +97,7 @@ while (1) {
     }
     warn "packet received\n".
          join('', map { " $_=>$packet->{$_}\n" } keys %$packet )
-      if $Debug > 1;
+      if $Debug > 2;
 
     if ( $packet->{_packet} eq '_enable_keepalive' ) {
       warn "enabling keep alives\n" if $Debug;
@@ -136,8 +137,9 @@ while (1) {
       }
       $rv->{_token} = $packet->{_token}; #identifier
 
-      warn "sending response\n" if $Debug;
+      open(LOCKFILE,">$lock_file") or die "can't open $lock_file: $!";
       lock_write;
+      warn "sending response\n" if $Debug;
       nstore_fd($rv, $writer) or die "FATAL: can't send response: $!";
       $writer->flush or die "FATAL: can't flush: $!";
       unlock_write;
@@ -148,6 +150,7 @@ while (1) {
 
   }
 
+  &shutdown if $shutdown;
   warn "connection lost, reconnecting\n" if $Debug;
   sleep 3;
 
@@ -197,6 +200,10 @@ sub init {
   #false laziness w/freeside-queued
   my $freeside_gid = scalar(getgrnam('freeside'))
     or die "can't setgid to freeside group\n";
+
+  open(LOCKFILE,">$lock_file") or die "can't open $lock_file: $!";
+  chown $FS::UID::freeside_uid, $freeside_gid, $lock_file;
+
   $) = $freeside_gid;
   $( = $freeside_gid;
   #if freebsd can't setuid(), presumably it can't setgid() either.  grr fleabsd
@@ -211,7 +218,7 @@ sub init {
   #eslaf
 
   $ENV{HOME} = (getpwuid($>))[7]; #for ssh
-  #adminsuidsetup $user;
+  adminsuidsetup $user;
 
   #$log_file = "/usr/local/etc/freeside/selfservice.". $FS::UID::datasrc; #MACHINE NAME
   $log_file = "/usr/local/etc/freeside/selfservice.$machine.log";
@@ -229,10 +236,12 @@ sub init {
 }
 
 sub shutdown {
+  &reap_kids;
   my $wait = 12; #wait up to 1 minute
   while ( $kids > 0 && $wait-- ) {
     warn "waiting for $kids children to terminate";
     sleep 5;
+    &reap_kids;
   }
   warn "abandoning $kids children" if $kids;
   kill 'TERM', $ssh_pid if $ssh_pid;
@@ -261,6 +270,8 @@ sub _do_logmsg {
 }
 
 sub lock_write {
+  warn "locking $lock_file mutex for write to write stream\n" if $Debug > 1;
+
   #broken on freebsd?
   #flock($writer, LOCK_EX) or die "FATAL: can't lock write stream: $!";
 
@@ -269,6 +280,8 @@ sub lock_write {
 }
 
 sub unlock_write {
+  warn "unlocking $lock_file mutex\n" if $Debug > 1;
+
   #broken on freebsd?
   #flock($writer, LOCK_UN) or die "WARNING: can't release write lock: $!";