mirror of https://github.com/dswd/vpncloud.git
Also drop privileges in foreground mode
This commit is contained in:
parent
7307b25405
commit
04e2892c8e
|
@ -230,6 +230,18 @@ dependencies = [
|
||||||
"void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
"void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "nix"
|
||||||
|
version = "0.15.0"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
dependencies = [
|
||||||
|
"bitflags 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
"cc 1.0.47 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
"cfg-if 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
"libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
"void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "nom"
|
name = "nom"
|
||||||
version = "4.2.3"
|
version = "4.2.3"
|
||||||
|
@ -254,6 +266,15 @@ name = "ppv-lite86"
|
||||||
version = "0.2.6"
|
version = "0.2.6"
|
||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "privdrop"
|
||||||
|
version = "0.3.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
dependencies = [
|
||||||
|
"libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
"nix 0.15.0 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "proc-macro2"
|
name = "proc-macro2"
|
||||||
version = "1.0.6"
|
version = "1.0.6"
|
||||||
|
@ -551,6 +572,7 @@ dependencies = [
|
||||||
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
"log 0.4.8 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"net2 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)",
|
"net2 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"pkg-config 0.3.17 (registry+https://github.com/rust-lang/crates.io-index)",
|
"pkg-config 0.3.17 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
"privdrop 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"rand 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
"rand 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"ring 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)",
|
"ring 0.16.9 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
"serde 1.0.103 (registry+https://github.com/rust-lang/crates.io-index)",
|
"serde 1.0.103 (registry+https://github.com/rust-lang/crates.io-index)",
|
||||||
|
@ -728,10 +750,12 @@ dependencies = [
|
||||||
"checksum memchr 2.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "88579771288728879b57485cc7d6b07d648c9f0141eb955f8ab7f9d45394468e"
|
"checksum memchr 2.2.1 (registry+https://github.com/rust-lang/crates.io-index)" = "88579771288728879b57485cc7d6b07d648c9f0141eb955f8ab7f9d45394468e"
|
||||||
"checksum net2 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)" = "42550d9fb7b6684a6d404d9fa7250c2eb2646df731d1c06afc06dcee9e1bcf88"
|
"checksum net2 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)" = "42550d9fb7b6684a6d404d9fa7250c2eb2646df731d1c06afc06dcee9e1bcf88"
|
||||||
"checksum nix 0.14.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6c722bee1037d430d0f8e687bbdbf222f27cc6e4e68d5caf630857bb2b6dbdce"
|
"checksum nix 0.14.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6c722bee1037d430d0f8e687bbdbf222f27cc6e4e68d5caf630857bb2b6dbdce"
|
||||||
|
"checksum nix 0.15.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3b2e0b4f3320ed72aaedb9a5ac838690a8047c7b275da22711fddff4f8a14229"
|
||||||
"checksum nom 4.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2ad2a91a8e869eeb30b9cb3119ae87773a8f4ae617f41b1eb9c154b2905f7bd6"
|
"checksum nom 4.2.3 (registry+https://github.com/rust-lang/crates.io-index)" = "2ad2a91a8e869eeb30b9cb3119ae87773a8f4ae617f41b1eb9c154b2905f7bd6"
|
||||||
"checksum percent-encoding 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "31010dd2e1ac33d5b46a5b413495239882813e0369f8ed8a5e266f173602f831"
|
"checksum percent-encoding 1.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "31010dd2e1ac33d5b46a5b413495239882813e0369f8ed8a5e266f173602f831"
|
||||||
"checksum pkg-config 0.3.17 (registry+https://github.com/rust-lang/crates.io-index)" = "05da548ad6865900e60eaba7f589cc0783590a92e940c26953ff81ddbab2d677"
|
"checksum pkg-config 0.3.17 (registry+https://github.com/rust-lang/crates.io-index)" = "05da548ad6865900e60eaba7f589cc0783590a92e940c26953ff81ddbab2d677"
|
||||||
"checksum ppv-lite86 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "74490b50b9fbe561ac330df47c08f3f33073d2d00c150f719147d7c54522fa1b"
|
"checksum ppv-lite86 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "74490b50b9fbe561ac330df47c08f3f33073d2d00c150f719147d7c54522fa1b"
|
||||||
|
"checksum privdrop 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "432c2e1a6d9d56e3c14710a9b807ade349c48ccd5647bcda9a175f40f81ca5a9"
|
||||||
"checksum proc-macro2 1.0.6 (registry+https://github.com/rust-lang/crates.io-index)" = "9c9e470a8dc4aeae2dee2f335e8f533e2d4b347e1434e5671afc49b054592f27"
|
"checksum proc-macro2 1.0.6 (registry+https://github.com/rust-lang/crates.io-index)" = "9c9e470a8dc4aeae2dee2f335e8f533e2d4b347e1434e5671afc49b054592f27"
|
||||||
"checksum quote 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "053a8c8bcc71fcce321828dc897a98ab9760bef03a4fc36693c231e5b3216cfe"
|
"checksum quote 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "053a8c8bcc71fcce321828dc897a98ab9760bef03a4fc36693c231e5b3216cfe"
|
||||||
"checksum rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293"
|
"checksum rand 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "552840b97013b1a26992c11eac34bdd778e464601a4c2054b5f0bff7c6761293"
|
||||||
|
|
|
@ -28,6 +28,7 @@ igd = "0.9"
|
||||||
siphasher = "0.3"
|
siphasher = "0.3"
|
||||||
daemonize = "0.4"
|
daemonize = "0.4"
|
||||||
ring = "0.16"
|
ring = "0.16"
|
||||||
|
privdrop = "0.3"
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
cc = "^1"
|
cc = "^1"
|
||||||
|
|
10
src/main.rs
10
src/main.rs
|
@ -277,6 +277,16 @@ fn run<P: Protocol>(config: Config) {
|
||||||
daemonize = daemonize.pid_file(pid_file).chown_pid_file(true);
|
daemonize = daemonize.pid_file(pid_file).chown_pid_file(true);
|
||||||
}
|
}
|
||||||
try_fail!(daemonize.start(), "Failed to daemonize: {}");
|
try_fail!(daemonize.start(), "Failed to daemonize: {}");
|
||||||
|
} else if config.user.is_some() || config.group.is_some() {
|
||||||
|
info!("Dropping privileges");
|
||||||
|
let mut pd = privdrop::PrivDrop::default();
|
||||||
|
if let Some(user) = config.user {
|
||||||
|
pd = pd.user(user);
|
||||||
|
}
|
||||||
|
if let Some(group) = config.group {
|
||||||
|
pd = pd.group(group);
|
||||||
|
}
|
||||||
|
try_fail!(pd.apply(), "Failed to drop privileges: {}");
|
||||||
}
|
}
|
||||||
cloud.run();
|
cloud.run();
|
||||||
if let Some(script) = config.ifdown {
|
if let Some(script) = config.ifdown {
|
||||||
|
|
|
@ -31,8 +31,8 @@ Options:
|
||||||
interface.
|
interface.
|
||||||
--pid-file <file> Store the process id in this file when
|
--pid-file <file> Store the process id in this file when
|
||||||
daemonizing.
|
daemonizing.
|
||||||
--user <user> Run as other user when daemonizing.
|
--user <user> Run as other user.
|
||||||
--group <group> Run as other group when daemonizing.
|
--group <group> Run as other group.
|
||||||
--log-file <file> Print logs also to this file.
|
--log-file <file> Print logs also to this file.
|
||||||
--stats-file <file> Print statistics to this file.
|
--stats-file <file> Print statistics to this file.
|
||||||
--no-port-forwarding Disable automatic port forward.
|
--no-port-forwarding Disable automatic port forward.
|
||||||
|
|
|
@ -146,8 +146,7 @@ vpncloud(1) -- Peer-to-peer VPN
|
||||||
* `--group <group>`:
|
* `--group <group>`:
|
||||||
|
|
||||||
Change the user and/or group of the process once all the setup has been
|
Change the user and/or group of the process once all the setup has been
|
||||||
done and before spawning the background process. This option is only used
|
done.
|
||||||
when running in background.
|
|
||||||
|
|
||||||
* `--log-file <file>`:
|
* `--log-file <file>`:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue