1
0
mirror of https://github.com/dkmstr/openuds.git synced 2024-12-23 17:34:17 +03:00

added support for running as root and drop to an user later

This commit is contained in:
Adolfo Gómez García 2021-01-25 14:58:50 +01:00
parent 4313368f78
commit 41991590ca
3 changed files with 31 additions and 17 deletions

View File

@ -40,6 +40,7 @@ logger = logging.getLogger(__name__)
class ConfigurationType(typing.NamedTuple):
pidfile: str
user: str
log_level: str
log_file: str
@ -90,6 +91,7 @@ def read() -> ConfigurationType:
logsize = logsize[:-1]
return ConfigurationType(
pidfile=uds.get('pidfile', ''),
user=uds.get('user', ''),
log_level=uds.get('loglevel', 'ERROR'),
log_file=uds.get('logfile', ''),
log_size=int(logsize)*1024*1024,

View File

@ -2,6 +2,7 @@
# Pid file, optional
# pidfile = /tmp/udstunnel.pid
user = dkmaster
# Log level, valid are DEBUG, INFO, WARN, ERROR. Defaults to ERROR
loglevel = DEBUG

View File

@ -30,6 +30,7 @@
@author: Adolfo Gómez, dkmaster at dkmon dot com
'''
import os
import pwd
import sys
import argparse
import multiprocessing
@ -154,16 +155,42 @@ async def tunnel_proc_async(
def tunnel_main():
cfg = config.read()
# Create pid file
# Try to bind to port as running user
# Wait for socket incoming connections and spread them
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, True)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
sock.settimeout(3.0) # So we can check for stop from time to time
# We will not reuse port, we only want a UDS tunnel server running on a port
# but this may change on future...
# try:
# sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, True)
# except (AttributeError, OSError) as e:
# logger.warning('socket.REUSEPORT not available')
try:
sock.bind((cfg.listen_address, cfg.listen_port))
sock.listen(BACKLOG)
# If running as root, and requested drop privileges after port bind
if os.getuid() == 0 and cfg.user:
logger.debug('Changing to user %s', cfg.user)
pwu = pwd.getpwnam(cfg.user)
os.setgid(pwu.pw_gid)
os.setuid(pwu.pw_uid)
setup_log(cfg)
# Create pid file
if cfg.pidfile:
with open(cfg.pidfile, mode='w') as f:
f.write(str(os.getpid()))
except Exception as e:
sys.stderr.write(f'Tunnel startup error: {e}\n')
logger.error('MAIN: %s', e)
return
# Setup signal handlers
signal.signal(signal.SIGINT, stop_signal)
signal.signal(signal.SIGTERM, stop_signal)
@ -194,23 +221,7 @@ def tunnel_main():
best = (percent, c[0])
return best[1]
sock = None
try:
# Wait for socket incoming connections and spread them
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, True)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1)
# We will not reuse port, we only want a UDS tunnel server running on a port
# but this may change on future...
# try:
# sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEPORT, True)
# except (AttributeError, OSError) as e:
# logger.warning('socket.REUSEPORT not available')
sock.settimeout(3.0) # So we can check for stop from time to time
sock.bind((cfg.listen_address, cfg.listen_port))
sock.listen(BACKLOG)
while not do_stop:
try:
client, addr = sock.accept()