mirrors/dnscrypt-proxy
1
0
Fork 0
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git synced 2025-04-05 06:07:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

user.Lookup() may not be available on some platforms

Browse source 
So, explain what's going on, support numeric ids, try to be a bit
more friendly to these platforms
This commit is contained in:
Frank Denis 2018-10-03 17:57:39 +02:00
parent 4f02f44279
commit 772c8d0e6c
1 changed files with 13 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

21
dnscrypt-proxy/privilege_linux.go
View file

@ -22,23 +22,28 @@ func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
if currentUser.Uid != "0" { if currentUser.Uid != "0" {
dlog.Fatal("I need root permissions. Try again with 'sudo'") dlog.Fatal("I need root permissions. Try again with 'sudo'")
} }
user, err := user.Lookup(userStr) userInfo, err := user.Lookup(userStr)
args := os.Args args := os.Args
if err != nil { if err != nil {
dlog.Fatal(err) uid, err2 := strconv.Atoi(userStr)
if err2 != nil || uid <= 0 {
dlog.Fatalf("Unable to retrieve any information about user [%s]: [%s] - Remove the user_name directive from the configuration file in order to avoid identity switch", userStr, err)
}
dlog.Warnf("Unable to retrieve any information about user [%s]: [%s] - Switching to user id [%v] with the same group id, as [%v] looks like a user id. But you should remove or fix the user_name directive in the configuration file if possible", userStr, err, uid, uid)
userInfo = &user.User{Uid: userStr, Gid: userStr}
} }
uid, err := strconv.Atoi(user.Uid) uid, err := strconv.Atoi(userInfo.Uid)
if err != nil { if err != nil {
dlog.Fatal(err) dlog.Fatal(err)
} }
gid, err := strconv.Atoi(user.Gid) gid, err := strconv.Atoi(userInfo.Gid)
if err != nil { if err != nil {
dlog.Fatal(err) dlog.Fatal(err)
} }
execPath, err := exec.LookPath(args[0]) execPath, err := exec.LookPath(args[0])
if err != nil { if err != nil {
dlog.Fatal(err) dlog.Fatalf("Unable to get the path to the dnscrypt-proxy executable file: [%s]", err)
} }
path, err := filepath.Abs(execPath) path, err := filepath.Abs(execPath)
if err != nil { if err != nil {
@ -52,13 +57,13 @@ func (proxy *Proxy) dropPrivilege(userStr string, fds []*os.File) {
dlog.Notice("Dropping privileges") dlog.Notice("Dropping privileges")
runtime.LockOSThread() runtime.LockOSThread()
if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGROUPS, uintptr(0), uintptr(0), 0); rcode != 0 { if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGROUPS, uintptr(0), uintptr(0), 0); rcode != 0 {
dlog.Fatalf("Unable to drop additional groups: %s", err) dlog.Fatalf("Unable to drop additional groups: [%s]", err)
} }
if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0); rcode != 0 { if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETGID, uintptr(gid), 0, 0); rcode != 0 {
dlog.Fatalf("Unable to drop user privileges: %s", err) dlog.Fatalf("Unable to drop user privileges: [%s]", err)
} }
if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0); rcode != 0 { if _, _, rcode := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0); rcode != 0 {
dlog.Fatalf("Unable to drop user privileges: %s", err) dlog.Fatalf("Unable to drop user privileges: [%s]", err)
} }
maxfd := uintptr(0) maxfd := uintptr(0)
for _, fd := range fds { for _, fd := range fds {