output errors to stderr
This commit is contained in:
parent
e311a94e98
commit
c611d46b4f
|
@ -27,8 +27,7 @@ func dropPrivileges(userToSwitchTo string) {
|
||||||
// Check supplementary groups.
|
// Check supplementary groups.
|
||||||
groups, err := syscall.Getgroups()
|
groups, err := syscall.Getgroups()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fatalError(err)
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
for _, groupID := range groups {
|
for _, groupID := range groups {
|
||||||
if groupID == 0 {
|
if groupID == 0 {
|
||||||
|
@ -43,9 +42,8 @@ func dropPrivileges(userToSwitchTo string) {
|
||||||
fmt.Println("When running as root, use the -u option to switch to an unprivileged user.")
|
fmt.Println("When running as root, use the -u option to switch to an unprivileged user.")
|
||||||
os.Exit(1)
|
os.Exit(1)
|
||||||
} else if rootPrimaryGroup || rootSupplementaryGroup {
|
} else if rootPrimaryGroup || rootSupplementaryGroup {
|
||||||
fmt.Println("The user running the program is in the root group;")
|
fatalError("The user running the program is in the root group;\n" +
|
||||||
fmt.Println("use the -u option to switch to an unprivileged user.")
|
"use the -u option to switch to an unprivileged user.")
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
} else { // userToSwitchTo != ""
|
} else { // userToSwitchTo != ""
|
||||||
|
@ -53,50 +51,44 @@ func dropPrivileges(userToSwitchTo string) {
|
||||||
// Get user and group IDs for the user we want to switch to.
|
// Get user and group IDs for the user we want to switch to.
|
||||||
userInfo, err := user.Lookup(userToSwitchTo)
|
userInfo, err := user.Lookup(userToSwitchTo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fatalError(err)
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
// Convert group id and user id from string to int.
|
// Convert group id and user id from string to int.
|
||||||
gid, err := strconv.Atoi(userInfo.Gid)
|
gid, err := strconv.Atoi(userInfo.Gid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fatalError(err)
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
uid, err := strconv.Atoi(userInfo.Uid)
|
uid, err := strconv.Atoi(userInfo.Uid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fatalError(err)
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
// If the user we want to switch to has root privileges, stop execution.
|
// If the user we want to switch to has root privileges, stop execution.
|
||||||
if uid == 0 || gid == 0 {
|
if uid == 0 || gid == 0 {
|
||||||
fmt.Println("Running as root is not allowed.")
|
fatalError("Running as root is not allowed.")
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
// Unset supplementary group IDs.
|
// Unset supplementary group IDs.
|
||||||
err = syscall.Setgroups([]int{})
|
err = syscall.Setgroups([]int{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println("Failed to unset supplementary group IDs: " + err.Error())
|
fmt.Fprintln(os.Stderr,
|
||||||
|
"Failed to unset supplementary group IDs: "+err.Error())
|
||||||
if rootSupplementaryGroup {
|
if rootSupplementaryGroup {
|
||||||
fmt.Println("Failed to drop root privileges. Exiting...")
|
fatalError("Failed to drop root privileges. Exiting...")
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Set group ID (real and effective).
|
// Set group ID (real and effective).
|
||||||
err = syscall.Setgid(gid)
|
err = syscall.Setgid(gid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println("Failed to set group ID: " + err.Error())
|
fmt.Fprintln(os.Stderr, "Failed to set group ID: "+err.Error())
|
||||||
if rootPrimaryGroup {
|
if rootPrimaryGroup {
|
||||||
fmt.Println("Failed to drop root privileges. Exiting...")
|
fatalError("Failed to drop root privileges. Exiting...")
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// Set user ID (real and effective).
|
// Set user ID (real and effective).
|
||||||
err = syscall.Setuid(uid)
|
err = syscall.Setuid(uid)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println("Failed to set user ID: " + err.Error())
|
fmt.Fprintln(os.Stderr, "Failed to set user ID: "+err.Error())
|
||||||
if rootUser {
|
if rootUser {
|
||||||
fmt.Println("Failed to drop root privileges. Exiting...")
|
fatalError("Failed to drop root privileges. Exiting...")
|
||||||
os.Exit(1)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
19
server.go
19
server.go
|
@ -9,11 +9,11 @@ import (
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
|
||||||
"io"
|
"io"
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"os"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
@ -34,6 +34,14 @@ func (c prefixConn) Read(p []byte) (int, error) {
|
||||||
return c.Reader.Read(p)
|
return c.Reader.Read(p)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Output to stderr and exit with error code 1.
|
||||||
|
// Like log.Fatal, but without the date&time prefix.
|
||||||
|
// Used before starting the server loop.
|
||||||
|
func fatalError(err ...any) {
|
||||||
|
logger := log.New(os.Stderr, "", 0)
|
||||||
|
logger.Fatal(err...)
|
||||||
|
}
|
||||||
|
|
||||||
const html = `<!DOCTYPE html>
|
const html = `<!DOCTYPE html>
|
||||||
<html lang="en">
|
<html lang="en">
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
|
@ -275,15 +283,13 @@ func main() {
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
hostAndPort = flag.Arg(0)
|
hostAndPort = flag.Arg(0)
|
||||||
if certFile == "" || keyFile == "" || hostAndPort == "" {
|
if certFile == "" || keyFile == "" || hostAndPort == "" {
|
||||||
fmt.Println("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
|
fatalError("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load cert
|
// Load cert
|
||||||
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
fatalError(err)
|
||||||
return
|
|
||||||
}
|
}
|
||||||
// TLS config
|
// TLS config
|
||||||
tlsConfig := tls.Config{
|
tlsConfig := tls.Config{
|
||||||
|
@ -295,8 +301,7 @@ func main() {
|
||||||
// Listen for connections
|
// Listen for connections
|
||||||
ln, err := net.Listen("tcp", hostAndPort)
|
ln, err := net.Listen("tcp", hostAndPort)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Println(err)
|
fatalError(err)
|
||||||
return
|
|
||||||
}
|
}
|
||||||
defer ln.Close()
|
defer ln.Close()
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue