output errors to stderr
This commit is contained in:
parent
e311a94e98
commit
c611d46b4f
|
@ -27,8 +27,7 @@ func dropPrivileges(userToSwitchTo string) {
|
|||
// Check supplementary groups.
|
||||
groups, err := syscall.Getgroups()
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
fatalError(err)
|
||||
}
|
||||
for _, groupID := range groups {
|
||||
if groupID == 0 {
|
||||
|
@ -43,60 +42,53 @@ func dropPrivileges(userToSwitchTo string) {
|
|||
fmt.Println("When running as root, use the -u option to switch to an unprivileged user.")
|
||||
os.Exit(1)
|
||||
} else if rootPrimaryGroup || rootSupplementaryGroup {
|
||||
fmt.Println("The user running the program is in the root group;")
|
||||
fmt.Println("use the -u option to switch to an unprivileged user.")
|
||||
os.Exit(1)
|
||||
fatalError("The user running the program is in the root group;\n" +
|
||||
"use the -u option to switch to an unprivileged user.")
|
||||
}
|
||||
|
||||
} else { // userToSwitchTo != ""
|
||||
} else { // userToSwitchTo != ""
|
||||
|
||||
// Get user and group IDs for the user we want to switch to.
|
||||
userInfo, err := user.Lookup(userToSwitchTo)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
fatalError(err)
|
||||
}
|
||||
// Convert group id and user id from string to int.
|
||||
gid, err := strconv.Atoi(userInfo.Gid)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
fatalError(err)
|
||||
}
|
||||
uid, err := strconv.Atoi(userInfo.Uid)
|
||||
if err != nil {
|
||||
fmt.Println(err)
|
||||
os.Exit(1)
|
||||
fatalError(err)
|
||||
}
|
||||
// If the user we want to switch to has root privileges, stop execution.
|
||||
if uid == 0 || gid == 0 {
|
||||
fmt.Println("Running as root is not allowed.")
|
||||
os.Exit(1)
|
||||
fatalError("Running as root is not allowed.")
|
||||
}
|
||||
// Unset supplementary group IDs.
|
||||
err = syscall.Setgroups([]int{})
|
||||
if err != nil {
|
||||
fmt.Println("Failed to unset supplementary group IDs: " + err.Error())
|
||||
fmt.Fprintln(os.Stderr,
|
||||
"Failed to unset supplementary group IDs: "+err.Error())
|
||||
if rootSupplementaryGroup {
|
||||
fmt.Println("Failed to drop root privileges. Exiting...")
|
||||
os.Exit(1)
|
||||
fatalError("Failed to drop root privileges. Exiting...")
|
||||
}
|
||||
}
|
||||
// Set group ID (real and effective).
|
||||
err = syscall.Setgid(gid)
|
||||
if err != nil {
|
||||
fmt.Println("Failed to set group ID: " + err.Error())
|
||||
fmt.Fprintln(os.Stderr, "Failed to set group ID: "+err.Error())
|
||||
if rootPrimaryGroup {
|
||||
fmt.Println("Failed to drop root privileges. Exiting...")
|
||||
os.Exit(1)
|
||||
fatalError("Failed to drop root privileges. Exiting...")
|
||||
}
|
||||
}
|
||||
// Set user ID (real and effective).
|
||||
err = syscall.Setuid(uid)
|
||||
if err != nil {
|
||||
fmt.Println("Failed to set user ID: " + err.Error())
|
||||
fmt.Fprintln(os.Stderr, "Failed to set user ID: "+err.Error())
|
||||
if rootUser {
|
||||
fmt.Println("Failed to drop root privileges. Exiting...")
|
||||
os.Exit(1)
|
||||
fatalError("Failed to drop root privileges. Exiting...")
|
||||
}
|
||||
}
|
||||
|
||||
|
|
19
server.go
19
server.go
|
@ -9,11 +9,11 @@ import (
|
|||
"encoding/binary"
|
||||
"encoding/json"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io"
|
||||
"log"
|
||||
"net"
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
)
|
||||
|
@ -34,6 +34,14 @@ func (c prefixConn) Read(p []byte) (int, error) {
|
|||
return c.Reader.Read(p)
|
||||
}
|
||||
|
||||
// Output to stderr and exit with error code 1.
|
||||
// Like log.Fatal, but without the date&time prefix.
|
||||
// Used before starting the server loop.
|
||||
func fatalError(err ...any) {
|
||||
logger := log.New(os.Stderr, "", 0)
|
||||
logger.Fatal(err...)
|
||||
}
|
||||
|
||||
const html = `<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<meta charset="utf-8">
|
||||
|
@ -275,15 +283,13 @@ func main() {
|
|||
flag.Parse()
|
||||
hostAndPort = flag.Arg(0)
|
||||
if certFile == "" || keyFile == "" || hostAndPort == "" {
|
||||
fmt.Println("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
|
||||
return
|
||||
fatalError("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
|
||||
}
|
||||
|
||||
// Load cert
|
||||
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
return
|
||||
fatalError(err)
|
||||
}
|
||||
// TLS config
|
||||
tlsConfig := tls.Config{
|
||||
|
@ -295,8 +301,7 @@ func main() {
|
|||
// Listen for connections
|
||||
ln, err := net.Listen("tcp", hostAndPort)
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
return
|
||||
fatalError(err)
|
||||
}
|
||||
defer ln.Close()
|
||||
|
||||
|
|
Loading…
Reference in New Issue