[tor-commits] [flashproxy/master] Add --privdrop-user option to allow dropping privileges.
dcf at torproject.org
dcf at torproject.org
Sun Jun 2 05:38:59 UTC 2013
commit ccb77ceafb744dca40e9602ec1ee6cd63f4a45f4
Author: David Fifield <david at bamsoftware.com>
Date: Sat Jun 1 20:49:27 2013 -0700
Add --privdrop-user option to allow dropping privileges.
---
facilitator/facilitator | 28 ++++++++++++++++++++--------
facilitator/facilitator-email-poller | 34 +++++++++++++++++++++++-----------
facilitator/facilitator-reg-daemon | 28 ++++++++++++++++++++--------
3 files changed, 63 insertions(+), 27 deletions(-)
diff --git a/facilitator/facilitator b/facilitator/facilitator
index b1f761b..cd3473a 100755
--- a/facilitator/facilitator
+++ b/facilitator/facilitator
@@ -34,6 +34,7 @@ class options(object):
relay_spec = None
daemonize = True
pid_filename = None
+ privdrop_username = None
safe_logging = True
@staticmethod
@@ -47,13 +48,14 @@ Usage: %(progname)s -r RELAY <OPTIONS>
Flash proxy facilitator: Register client addresses and serve them out
again. Listen on 127.0.0.1 and port PORT (by default %(port)d).
- -d, --debug don't daemonize, log to stdout.
- -h, --help show this help.
- -l, --log FILENAME write log to FILENAME (default \"%(log)s\").
- -p, --port PORT listen on PORT (by default %(port)d).
- --pidfile FILENAME write PID to FILENAME after daemonizing.
- -r, --relay RELAY send RELAY (host:port) to proxies as the relay to use.
- --unsafe-logging don't scrub IP addresses from logs.\
+ -d, --debug don't daemonize, log to stdout.
+ -h, --help show this help.
+ -l, --log FILENAME write log to FILENAME (default \"%(log)s\").
+ -p, --port PORT listen on PORT (by default %(port)d).
+ --pidfile FILENAME write PID to FILENAME after daemonizing.
+ --privdrop-user USER switch UID and GID to those of USER.
+ -r, --relay RELAY send RELAY (host:port) to proxies as the relay to use.
+ --unsafe-logging don't scrub IP addresses from logs.\
""" % {
"progname": sys.argv[0],
"port": DEFAULT_LISTEN_PORT,
@@ -326,7 +328,7 @@ def put_reg(reg):
def main():
opts, args = getopt.gnu_getopt(sys.argv[1:], "dhl:p:r:",
- ["debug", "help", "log=", "port=", "pidfile=", "relay=", "unsafe-logging"])
+ ["debug", "help", "log=", "port=", "pidfile=", "privdrop-user=", "relay=", "unsafe-logging"])
for o, a in opts:
if o == "-d" or o == "--debug":
options.daemonize = False
@@ -340,6 +342,8 @@ def main():
options.listen_port = int(a)
elif o == "--pidfile":
options.pid_filename = a
+ elif o == "--privdrop-user":
+ options.privdrop_username = a
elif o == "-r" or o == "--relay":
try:
options.set_relay_spec(a)
@@ -380,6 +384,14 @@ The -r option is required. Give it the relay that will be sent to proxies.
f.close()
sys.exit(0)
+ if options.privdrop_username is not None:
+ log(u"dropping privileges to those of user %s" % options.privdrop_username)
+ try:
+ fac.drop_privs(options.privdrop_username)
+ except BaseException, e:
+ print >> sys.stderr, "Can't drop privileges:", str(e)
+ sys.exit(1)
+
try:
server.serve_forever()
except KeyboardInterrupt:
diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller
index 349a1fe..6b5dd60 100755
--- a/facilitator/facilitator-email-poller
+++ b/facilitator/facilitator-email-poller
@@ -72,6 +72,7 @@ class options(object):
log_file = sys.stdout
daemonize = True
pid_filename = None
+ privdrop_username = None
safe_logging = True
imaplib_debug = False
use_certificate_pin = True
@@ -94,16 +95,17 @@ Facilitator-side helper for the facilitator-reg-email rendezvous. Polls
an IMAP server for email messages with client registrations, deletes
them, and forwards the registrations to the facilitator.
- -d, --debug don't daemonize, log to stdout.
- --disable-pin don't check server public key against a known pin.
- -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s").
- -h, --help show this help.
- -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s").
- --imaplib-debug show raw IMAP messages (will include email password).
- -l, --log FILENAME write log to FILENAME (default \"%(log)s\").
- -p, --pass=PASSFILE use the email password contained in PASSFILE.
- --pidfile FILENAME write PID to FILENAME after daemonizing.
- --unsafe-logging don't scrub email password and IP addresses from logs.\
+ -d, --debug don't daemonize, log to stdout.
+ --disable-pin don't check server public key against a known pin.
+ -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s").
+ -h, --help show this help.
+ -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s").
+ --imaplib-debug show raw IMAP messages (will include email password).
+ -l, --log FILENAME write log to FILENAME (default \"%(log)s\").
+ -p, --pass=PASSFILE use the email password contained in PASSFILE.
+ --pidfile FILENAME write PID to FILENAME after daemonizing.
+ --privdrop-user USER switch UID and GID to those of USER.
+ --unsafe-logging don't scrub email password and IP addresses from logs.\
""" % {
"progname": sys.argv[0],
"email_addr": DEFAULT_EMAIL_ADDRESS,
@@ -125,7 +127,7 @@ def log(msg):
options.email_addr = DEFAULT_EMAIL_ADDRESS
options.imap_addr = (DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT)
-opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"])
+opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "privdrop-user=", "unsafe-logging"])
for o, a in opts:
if o == "-d" or o == "--debug":
options.daemonize = False
@@ -147,6 +149,8 @@ for o, a in opts:
options.password_filename = a
elif o == "--pidfile":
options.pid_filename = a
+ elif o == "--privdrop-user":
+ options.privdrop_username = a
elif o == "--unsafe-logging":
options.safe_logging = False
@@ -191,6 +195,14 @@ if options.daemonize:
f.close()
sys.exit(0)
+if options.privdrop_username is not None:
+ log(u"dropping privileges to those of user %s" % options.privdrop_username)
+ try:
+ fac.drop_privs(options.privdrop_username)
+ except BaseException, e:
+ print >> sys.stderr, "Can't drop privileges:", str(e)
+ sys.exit(1)
+
if options.imaplib_debug:
imaplib.Debug = 4
diff --git a/facilitator/facilitator-reg-daemon b/facilitator/facilitator-reg-daemon
index a935650..b250e71 100755
--- a/facilitator/facilitator-reg-daemon
+++ b/facilitator/facilitator-reg-daemon
@@ -35,6 +35,7 @@ class options(object):
log_file = sys.stdout
daemonize = True
pid_filename = None
+ privdrop_username = None
safe_logging = True
def usage(f = sys.stdout):
@@ -45,13 +46,14 @@ registrations and registers them with a local facilitator. This program
exists on its own in order to isolate the reading of key material in a
single process.
- -d, --debug don't daemonize, log to stdout.
- -h, --help show this help.
- -k, --key=KEYFILE read the private key from KEYFILE (required).
- -l, --log FILENAME write log to FILENAME (default \"%(log)s\").
- -p, --port PORT listen on PORT (by default %(port)d).
- --pidfile FILENAME write PID to FILENAME after daemonizing.
- --unsafe-logging don't scrub email password and IP addresses from logs.\
+ -d, --debug don't daemonize, log to stdout.
+ -h, --help show this help.
+ -k, --key=KEYFILE read the private key from KEYFILE (required).
+ -l, --log FILENAME write log to FILENAME (default \"%(log)s\").
+ -p, --port PORT listen on PORT (by default %(port)d).
+ --pidfile FILENAME write PID to FILENAME after daemonizing.
+ --privdrop-user USER switch UID and GID to those of USER.
+ --unsafe-logging don't scrub email password and IP addresses from logs.\
""" % {
"progname": sys.argv[0],
"log": DEFAULT_LOG_FILENAME,
@@ -134,7 +136,7 @@ class Server(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
def main():
global rsa
- opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", ["debug", "help", "key=", "log=", "port=", "pidfile=", "unsafe-logging"])
+ opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", ["debug", "help", "key=", "log=", "port=", "pidfile=", "privdrop-user=", "unsafe-logging"])
for o, a in opts:
if o == "-d" or o == "--debug":
options.daemonize = False
@@ -150,6 +152,8 @@ def main():
options.listen_port = int(a)
elif o == "--pidfile":
options.pid_filename = a
+ elif o == "--privdrop-user":
+ options.privdrop_username = a
elif o == "--unsafe-logging":
options.safe_logging = False
@@ -198,6 +202,14 @@ def main():
f.close()
sys.exit(0)
+ if options.privdrop_username is not None:
+ log(u"dropping privileges to those of user %s" % options.privdrop_username)
+ try:
+ fac.drop_privs(options.privdrop_username)
+ except BaseException, e:
+ print >> sys.stderr, "Can't drop privileges:", str(e)
+ sys.exit(1)
+
try:
server.serve_forever()
except KeyboardInterrupt:
More information about the tor-commits
mailing list