Make hash length and hash minimum length configurable

init/postsrsd.default.in

@@ -23,6 +23,12 @@ SRS_SEPARATOR==
 #
 SRS_SECRET=@SYSCONF_DIR@/@PROJECT_NAME@.secret
 
+# Length of hash to be used in rewritten addresses
+SRS_HASHLENGTH=4
+
+# Minimum length of hash to accept when validating return addresses
+SRS_HASHMIN=4
+
 # Local ports for TCP list.
 # These ports are used to bind the TCP list for postfix. If you change
 # these, you have to modify the postfix settings accordingly. The ports

init/postsrsd.systemd.in

@@ -17,7 +17,7 @@ EnvironmentFile=-/run/@PROJECT_NAME@/default
 # Load the real configuration.
 EnvironmentFile=@CONFIG_DIR@/@PROJECT_NAME@
 
-ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "${SRS_FORWARD_PORT}" -r "${SRS_REVERSE_PORT}" -d "${SRS_DOMAIN}" -s "${SRS_SECRET}" -a "${SRS_SEPARATOR}" -u "${RUN_AS}" -c "${CHROOT}" -X"${SRS_EXCLUDE_DOMAINS}"
+ExecStart=@CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "${SRS_FORWARD_PORT}" -r "${SRS_REVERSE_PORT}" -d "${SRS_DOMAIN}" -s "${SRS_SECRET}" -a "${SRS_SEPARATOR}" -n "${SRS_HASHLENGTH}" -N "${SRS_HASHMIN}" -u "${RUN_AS}" -c "${CHROOT}" -X"${SRS_EXCLUDE_DOMAINS}"
 
 [Install]
 WantedBy=multi-user.target

init/postsrsd.sysv-lsb.in

@@ -44,7 +44,7 @@ case "$1" in
 		--pidfile $PIDFILE \
 		--name $NAME \
 		--startas $DAEMON \
-		-- -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -u "$RUN_AS" -p "$PIDFILE" -c "$CHROOT" -D -X"$SRS_EXCLUDE_DOMAINS"
+		-- -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -n "$SRS_HASHLENGTH" -N "$SRS_HASHMIN" -u "$RUN_AS" -p "$PIDFILE" -c "$CHROOT" -D -X"$SRS_EXCLUDE_DOMAINS"
 	then
 	    log_end_msg 0
 	else

init/postsrsd.sysv-redhat.in

@@ -35,7 +35,8 @@ test -r "$SRS_SECRET" -a -n "$SRS_DOMAIN" || exit 0
 do_start()
 {
 	echo -n "Starting $DESC: "
-	daemon $DAEMON -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" \
+	daemon $DAEMON -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" \
+	               -s "$SRS_SECRET" -n "$SRS_HASHLENGTH" -N "$SRS_HASHMIN" \
 	               -u "$RUN_AS" -p "$PIDFILE" -a "$SRS_SEPARATOR" -c "$CHROOT" -D -X"$SRS_EXCLUDE_DOMAINS"
 	RETVAL=$?
 	echo

init/postsrsd.upstart.in

@@ -9,6 +9,6 @@ script
 	SRS_DOMAIN=`postconf -h mydomain || true`
 	SRS_EXCLUDE_DOMAINS=
 	. "@CONFIG_DIR@/@PROJECT_NAME@"
-	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -u "$RUN_AS" -c "$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
+	exec @CMAKE_INSTALL_PREFIX@/sbin/@POSTSRSD@ -f "$SRS_FORWARD_PORT" -r "$SRS_REVERSE_PORT" -d "$SRS_DOMAIN" -s "$SRS_SECRET" -a "$SRS_SEPARATOR" -n "$SRS_HASHLENGTH" -N "$SRS_HASHMIN" -u "$RUN_AS" -c "$CHROOT" -X"$SRS_EXCLUDE_DOMAINS"
 end script
 

postsrsd.c

@@ -219,6 +219,8 @@ static void show_help ()
     "   -s<file>       read secrets from file (required)\n"
     "   -d<domain>     set domain name for rewrite (required)\n"
     "   -a<char>       set first separator character which can be one of: -=+ (default: =)\n"
+    "   -n<num>        length of hash to be used in rewritten addresses (default: 4)\n"
+    "   -N<num>        minimum length of hash to accept for validation (default: 4)\n"
     "   -l<addr>       set socket listen address (default: 127.0.0.1)\n"
     "   -f<port>       set port for the forward SRS lookup (default: 10001)\n"
     "   -r<port>       set port for the reverse SRS lookup (default: 10002)\n"
@@ -242,7 +244,7 @@ typedef void(*handle_t)(srs_t*, FILE*, const char*, const char*, const char**);
 
 int main (int argc, char **argv)
 {
-  int opt, timeout = 1800, family = AF_UNSPEC;
+  int opt, timeout = 1800, family = AF_UNSPEC, hashlength = 0, hashmin = 0;
   int daemonize = FALSE;
   char *listen_addr = NULL, *forward_service = NULL, *reverse_service = NULL,
        *user = NULL, *domain = NULL, *chroot_dir = NULL;
@@ -265,7 +267,7 @@ int main (int argc, char **argv)
   tmp = strrchr(argv[0], '/');
   if (tmp) self = strdup(tmp + 1); else self = strdup(argv[0]);
 
-  while ((opt = getopt(argc, argv, "46d:a:l:f:r:s:u:t:p:c:X::Dhev")) != -1) {
+  while ((opt = getopt(argc, argv, "46d:a:l:f:r:s:n:N:u:t:p:c:X::Dhev")) != -1) {
     switch (opt) {
       case '?':
         return EXIT_FAILURE;
@@ -296,6 +298,12 @@ int main (int argc, char **argv)
       case 's':
         secret_file = strdup(optarg);
         break;
+      case 'n':
+        hashlength = atoi(optarg);
+        break;
+      case 'N':
+        hashmin = atoi(optarg);
+        break;
       case 'p':
         pid_file = strdup(optarg);
         break;
@@ -334,6 +342,10 @@ int main (int argc, char **argv)
           domain = strdup(getenv("SRS_DOMAIN"));
         if ( getenv("SRS_SEPARATOR") != NULL )
           separator = *getenv("SRS_SEPARATOR");
+        if ( getenv("SRS_HASHLENGTH") != NULL )
+          hashlength = atoi(getenv("SRS_HASHLENGTH"));
+        if ( getenv("SRS_HASHMIN") != NULL )
+          hashmin = atoi(getenv("SRS_HASHMIN"));
         if ( getenv("SRS_FORWARD_PORT") != NULL )
           forward_service = strdup(getenv("SRS_FORWARD_PORT"));
         if ( getenv("SRS_REVERSE_PORT") != NULL )
@@ -473,6 +485,10 @@ int main (int argc, char **argv)
   fclose (sf);
 
   srs_set_separator (srs, separator);
+  if (hashlength)
+    srs_set_hashlength (srs, hashlength);
+  if (hashmin)
+    srs_set_hashmin (srs, hashmin);
 
   for (sc = 0; sc < socket_count; ++sc) {
     fds[sc].fd = sockets[sc];

srs2.c

@@ -371,7 +371,7 @@ srs_hash_check(srs_t *srs, char *hash, int nargs, ...)
 	len = strlen(hash);
 	if (len < srs->hashmin)
 		return SRS_EHASHTOOSHORT;
-	if (len < srs->hashlength) {
+	if (len > srs->hashlength) {
 		tmp = alloca(srs->hashlength + 1);
 		strncpy(tmp, hash, srs->hashlength);
 		tmp[srs->hashlength] = '\0';