nervuri
/
client-hello-mirror
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

output errors to stderr

This commit is contained in:
nervuri 2023-03-11 12:00:39 +00:00
parent e311a94e98
commit c611d46b4f
2 changed files with 27 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
drop_privileges.go
View File

@ -27,8 +27,7 @@ func dropPrivileges(userToSwitchTo string) {
// Check supplementary groups. // Check supplementary groups.
groups, err := syscall.Getgroups() groups, err := syscall.Getgroups()
if err != nil { if err != nil {
fmt.Println(err) fatalError(err)
os.Exit(1)
} }
for _, groupID := range groups { for _, groupID := range groups {
if groupID == 0 { if groupID == 0 {
@ -43,60 +42,53 @@ func dropPrivileges(userToSwitchTo string) {
fmt.Println("When running as root, use the -u option to switch to an unprivileged user.") fmt.Println("When running as root, use the -u option to switch to an unprivileged user.")
os.Exit(1) os.Exit(1)
} else if rootPrimaryGroup || rootSupplementaryGroup { } else if rootPrimaryGroup || rootSupplementaryGroup {
fmt.Println("The user running the program is in the root group;") fatalError("The user running the program is in the root group;\n" +
fmt.Println("use the -u option to switch to an unprivileged user.") "use the -u option to switch to an unprivileged user.")
os.Exit(1)
} }
} else { // userToSwitchTo != "" } else { // userToSwitchTo != ""
// Get user and group IDs for the user we want to switch to. // Get user and group IDs for the user we want to switch to.
userInfo, err := user.Lookup(userToSwitchTo) userInfo, err := user.Lookup(userToSwitchTo)
if err != nil { if err != nil {
fmt.Println(err) fatalError(err)
os.Exit(1)
} }
// Convert group id and user id from string to int. // Convert group id and user id from string to int.
gid, err := strconv.Atoi(userInfo.Gid) gid, err := strconv.Atoi(userInfo.Gid)
if err != nil { if err != nil {
fmt.Println(err) fatalError(err)
os.Exit(1)
} }
uid, err := strconv.Atoi(userInfo.Uid) uid, err := strconv.Atoi(userInfo.Uid)
if err != nil { if err != nil {
fmt.Println(err) fatalError(err)
os.Exit(1)
} }
// If the user we want to switch to has root privileges, stop execution. // If the user we want to switch to has root privileges, stop execution.
if uid == 0 || gid == 0 { if uid == 0 || gid == 0 {
fmt.Println("Running as root is not allowed.") fatalError("Running as root is not allowed.")
os.Exit(1)
} }
// Unset supplementary group IDs. // Unset supplementary group IDs.
err = syscall.Setgroups([]int{}) err = syscall.Setgroups([]int{})
if err != nil { if err != nil {
fmt.Println("Failed to unset supplementary group IDs: " + err.Error()) fmt.Fprintln(os.Stderr,
"Failed to unset supplementary group IDs: "+err.Error())
if rootSupplementaryGroup { if rootSupplementaryGroup {
fmt.Println("Failed to drop root privileges. Exiting...") fatalError("Failed to drop root privileges. Exiting...")
os.Exit(1)
} }
} }
// Set group ID (real and effective). // Set group ID (real and effective).
err = syscall.Setgid(gid) err = syscall.Setgid(gid)
if err != nil { if err != nil {
fmt.Println("Failed to set group ID: " + err.Error()) fmt.Fprintln(os.Stderr, "Failed to set group ID: "+err.Error())
if rootPrimaryGroup { if rootPrimaryGroup {
fmt.Println("Failed to drop root privileges. Exiting...") fatalError("Failed to drop root privileges. Exiting...")
os.Exit(1)
} }
} }
// Set user ID (real and effective). // Set user ID (real and effective).
err = syscall.Setuid(uid) err = syscall.Setuid(uid)
if err != nil { if err != nil {
fmt.Println("Failed to set user ID: " + err.Error()) fmt.Fprintln(os.Stderr, "Failed to set user ID: "+err.Error())
if rootUser { if rootUser {
fmt.Println("Failed to drop root privileges. Exiting...") fatalError("Failed to drop root privileges. Exiting...")
os.Exit(1)
} }
} }

19
server.go
View File

@ -9,11 +9,11 @@ import (
"encoding/binary" "encoding/binary"
"encoding/json" "encoding/json"
"flag" "flag"
"fmt"
"io" "io"
"log" "log"
"net" "net"
"net/url" "net/url"
"os"
"strings" "strings"
"time" "time"
) )
@ -34,6 +34,14 @@ func (c prefixConn) Read(p []byte) (int, error) {
return c.Reader.Read(p) return c.Reader.Read(p)
} }
// Output to stderr and exit with error code 1.
// Like log.Fatal, but without the date&time prefix.
// Used before starting the server loop.
func fatalError(err ...any) {
logger := log.New(os.Stderr, "", 0)
logger.Fatal(err...)
}
const html = `<!DOCTYPE html> const html = `<!DOCTYPE html>
<html lang="en"> <html lang="en">
<meta charset="utf-8"> <meta charset="utf-8">
@ -275,15 +283,13 @@ func main() {
flag.Parse() flag.Parse()
hostAndPort = flag.Arg(0) hostAndPort = flag.Arg(0)
if certFile == "" || keyFile == "" || hostAndPort == "" { if certFile == "" || keyFile == "" || hostAndPort == "" {
fmt.Println("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port") fatalError("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
return
} }
// Load cert // Load cert
cert, err := tls.LoadX509KeyPair(certFile, keyFile) cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil { if err != nil {
log.Fatal(err) fatalError(err)
return
} }
// TLS config // TLS config
tlsConfig := tls.Config{ tlsConfig := tls.Config{
@ -295,8 +301,7 @@ func main() {
// Listen for connections // Listen for connections
ln, err := net.Listen("tcp", hostAndPort) ln, err := net.Listen("tcp", hostAndPort)
if err != nil { if err != nil {
log.Println(err) fatalError(err)
return
} }
defer ln.Close() defer ln.Close()