output errors to stderr

This commit is contained in:
nervuri 2023-03-11 12:00:39 +00:00
parent e311a94e98
commit c611d46b4f
2 changed files with 27 additions and 30 deletions

View File

@ -27,8 +27,7 @@ func dropPrivileges(userToSwitchTo string) {
// Check supplementary groups.
groups, err := syscall.Getgroups()
if err != nil {
fmt.Println(err)
os.Exit(1)
fatalError(err)
}
for _, groupID := range groups {
if groupID == 0 {
@ -43,60 +42,53 @@ func dropPrivileges(userToSwitchTo string) {
fmt.Println("When running as root, use the -u option to switch to an unprivileged user.")
os.Exit(1)
} else if rootPrimaryGroup || rootSupplementaryGroup {
fmt.Println("The user running the program is in the root group;")
fmt.Println("use the -u option to switch to an unprivileged user.")
os.Exit(1)
fatalError("The user running the program is in the root group;\n" +
"use the -u option to switch to an unprivileged user.")
}
} else { // userToSwitchTo != ""
} else { // userToSwitchTo != ""
// Get user and group IDs for the user we want to switch to.
userInfo, err := user.Lookup(userToSwitchTo)
if err != nil {
fmt.Println(err)
os.Exit(1)
fatalError(err)
}
// Convert group id and user id from string to int.
gid, err := strconv.Atoi(userInfo.Gid)
if err != nil {
fmt.Println(err)
os.Exit(1)
fatalError(err)
}
uid, err := strconv.Atoi(userInfo.Uid)
if err != nil {
fmt.Println(err)
os.Exit(1)
fatalError(err)
}
// If the user we want to switch to has root privileges, stop execution.
if uid == 0 || gid == 0 {
fmt.Println("Running as root is not allowed.")
os.Exit(1)
fatalError("Running as root is not allowed.")
}
// Unset supplementary group IDs.
err = syscall.Setgroups([]int{})
if err != nil {
fmt.Println("Failed to unset supplementary group IDs: " + err.Error())
fmt.Fprintln(os.Stderr,
"Failed to unset supplementary group IDs: "+err.Error())
if rootSupplementaryGroup {
fmt.Println("Failed to drop root privileges. Exiting...")
os.Exit(1)
fatalError("Failed to drop root privileges. Exiting...")
}
}
// Set group ID (real and effective).
err = syscall.Setgid(gid)
if err != nil {
fmt.Println("Failed to set group ID: " + err.Error())
fmt.Fprintln(os.Stderr, "Failed to set group ID: "+err.Error())
if rootPrimaryGroup {
fmt.Println("Failed to drop root privileges. Exiting...")
os.Exit(1)
fatalError("Failed to drop root privileges. Exiting...")
}
}
// Set user ID (real and effective).
err = syscall.Setuid(uid)
if err != nil {
fmt.Println("Failed to set user ID: " + err.Error())
fmt.Fprintln(os.Stderr, "Failed to set user ID: "+err.Error())
if rootUser {
fmt.Println("Failed to drop root privileges. Exiting...")
os.Exit(1)
fatalError("Failed to drop root privileges. Exiting...")
}
}

View File

@ -9,11 +9,11 @@ import (
"encoding/binary"
"encoding/json"
"flag"
"fmt"
"io"
"log"
"net"
"net/url"
"os"
"strings"
"time"
)
@ -34,6 +34,14 @@ func (c prefixConn) Read(p []byte) (int, error) {
return c.Reader.Read(p)
}
// Output to stderr and exit with error code 1.
// Like log.Fatal, but without the date&time prefix.
// Used before starting the server loop.
func fatalError(err ...any) {
logger := log.New(os.Stderr, "", 0)
logger.Fatal(err...)
}
const html = `<!DOCTYPE html>
<html lang="en">
<meta charset="utf-8">
@ -275,15 +283,13 @@ func main() {
flag.Parse()
hostAndPort = flag.Arg(0)
if certFile == "" || keyFile == "" || hostAndPort == "" {
fmt.Println("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
return
fatalError("usage: client-hello-mirror -c cert.pem -k key.pem [-u user] host:port")
}
// Load cert
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
log.Fatal(err)
return
fatalError(err)
}
// TLS config
tlsConfig := tls.Config{
@ -295,8 +301,7 @@ func main() {
// Listen for connections
ln, err := net.Listen("tcp", hostAndPort)
if err != nil {
log.Println(err)
return
fatalError(err)
}
defer ln.Close()