commit ccb77ceafb744dca40e9602ec1ee6cd63f4a45f4 Author: David Fifield <david@bamsoftware.com> Date: Sat Jun 1 20:49:27 2013 -0700 Add --privdrop-user option to allow dropping privileges. --- facilitator/facilitator | 28 ++++++++++++++++++++-------- facilitator/facilitator-email-poller | 34 +++++++++++++++++++++++----------- facilitator/facilitator-reg-daemon | 28 ++++++++++++++++++++-------- 3 files changed, 63 insertions(+), 27 deletions(-) diff --git a/facilitator/facilitator b/facilitator/facilitator index b1f761b..cd3473a 100755 --- a/facilitator/facilitator +++ b/facilitator/facilitator @@ -34,6 +34,7 @@ class options(object): relay_spec = None daemonize = True pid_filename = None + privdrop_username = None safe_logging = True @staticmethod @@ -47,13 +48,14 @@ Usage: %(progname)s -r RELAY <OPTIONS> Flash proxy facilitator: Register client addresses and serve them out again. Listen on 127.0.0.1 and port PORT (by default %(port)d). - -d, --debug don't daemonize, log to stdout. - -h, --help show this help. - -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). - -p, --port PORT listen on PORT (by default %(port)d). - --pidfile FILENAME write PID to FILENAME after daemonizing. - -r, --relay RELAY send RELAY (host:port) to proxies as the relay to use. - --unsafe-logging don't scrub IP addresses from logs.\ + -d, --debug don't daemonize, log to stdout. + -h, --help show this help. + -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). + -p, --port PORT listen on PORT (by default %(port)d). + --pidfile FILENAME write PID to FILENAME after daemonizing. + --privdrop-user USER switch UID and GID to those of USER. + -r, --relay RELAY send RELAY (host:port) to proxies as the relay to use. + --unsafe-logging don't scrub IP addresses from logs.\ """ % { "progname": sys.argv[0], "port": DEFAULT_LISTEN_PORT, @@ -326,7 +328,7 @@ def put_reg(reg): def main(): opts, args = getopt.gnu_getopt(sys.argv[1:], "dhl:p:r:", - ["debug", "help", "log=", "port=", "pidfile=", "relay=", "unsafe-logging"]) + ["debug", "help", "log=", "port=", "pidfile=", "privdrop-user=", "relay=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False @@ -340,6 +342,8 @@ def main(): options.listen_port = int(a) elif o == "--pidfile": options.pid_filename = a + elif o == "--privdrop-user": + options.privdrop_username = a elif o == "-r" or o == "--relay": try: options.set_relay_spec(a) @@ -380,6 +384,14 @@ The -r option is required. Give it the relay that will be sent to proxies. f.close() sys.exit(0) + if options.privdrop_username is not None: + log(u"dropping privileges to those of user %s" % options.privdrop_username) + try: + fac.drop_privs(options.privdrop_username) + except BaseException, e: + print >> sys.stderr, "Can't drop privileges:", str(e) + sys.exit(1) + try: server.serve_forever() except KeyboardInterrupt: diff --git a/facilitator/facilitator-email-poller b/facilitator/facilitator-email-poller index 349a1fe..6b5dd60 100755 --- a/facilitator/facilitator-email-poller +++ b/facilitator/facilitator-email-poller @@ -72,6 +72,7 @@ class options(object): log_file = sys.stdout daemonize = True pid_filename = None + privdrop_username = None safe_logging = True imaplib_debug = False use_certificate_pin = True @@ -94,16 +95,17 @@ Facilitator-side helper for the facilitator-reg-email rendezvous. Polls an IMAP server for email messages with client registrations, deletes them, and forwards the registrations to the facilitator. - -d, --debug don't daemonize, log to stdout. - --disable-pin don't check server public key against a known pin. - -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s"). - -h, --help show this help. - -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s"). - --imaplib-debug show raw IMAP messages (will include email password). - -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). - -p, --pass=PASSFILE use the email password contained in PASSFILE. - --pidfile FILENAME write PID to FILENAME after daemonizing. - --unsafe-logging don't scrub email password and IP addresses from logs.\ + -d, --debug don't daemonize, log to stdout. + --disable-pin don't check server public key against a known pin. + -e, --email=ADDRESS log in as ADDRESS (default "%(email_addr)s"). + -h, --help show this help. + -i, --imap=HOST[:PORT] use the given IMAP server (default "%(imap_addr)s"). + --imaplib-debug show raw IMAP messages (will include email password). + -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). + -p, --pass=PASSFILE use the email password contained in PASSFILE. + --pidfile FILENAME write PID to FILENAME after daemonizing. + --privdrop-user USER switch UID and GID to those of USER. + --unsafe-logging don't scrub email password and IP addresses from logs.\ """ % { "progname": sys.argv[0], "email_addr": DEFAULT_EMAIL_ADDRESS, @@ -125,7 +127,7 @@ def log(msg): options.email_addr = DEFAULT_EMAIL_ADDRESS options.imap_addr = (DEFAULT_IMAP_HOST, DEFAULT_IMAP_PORT) -opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "unsafe-logging"]) +opts, args = getopt.gnu_getopt(sys.argv[1:], "de:hi:l:p:", ["debug", "disable-pin", "email=", "help", "imap=", "imaplib-debug", "log=", "pass=", "pidfile=", "privdrop-user=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False @@ -147,6 +149,8 @@ for o, a in opts: options.password_filename = a elif o == "--pidfile": options.pid_filename = a + elif o == "--privdrop-user": + options.privdrop_username = a elif o == "--unsafe-logging": options.safe_logging = False @@ -191,6 +195,14 @@ if options.daemonize: f.close() sys.exit(0) +if options.privdrop_username is not None: + log(u"dropping privileges to those of user %s" % options.privdrop_username) + try: + fac.drop_privs(options.privdrop_username) + except BaseException, e: + print >> sys.stderr, "Can't drop privileges:", str(e) + sys.exit(1) + if options.imaplib_debug: imaplib.Debug = 4 diff --git a/facilitator/facilitator-reg-daemon b/facilitator/facilitator-reg-daemon index a935650..b250e71 100755 --- a/facilitator/facilitator-reg-daemon +++ b/facilitator/facilitator-reg-daemon @@ -35,6 +35,7 @@ class options(object): log_file = sys.stdout daemonize = True pid_filename = None + privdrop_username = None safe_logging = True def usage(f = sys.stdout): @@ -45,13 +46,14 @@ registrations and registers them with a local facilitator. This program exists on its own in order to isolate the reading of key material in a single process. - -d, --debug don't daemonize, log to stdout. - -h, --help show this help. - -k, --key=KEYFILE read the private key from KEYFILE (required). - -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). - -p, --port PORT listen on PORT (by default %(port)d). - --pidfile FILENAME write PID to FILENAME after daemonizing. - --unsafe-logging don't scrub email password and IP addresses from logs.\ + -d, --debug don't daemonize, log to stdout. + -h, --help show this help. + -k, --key=KEYFILE read the private key from KEYFILE (required). + -l, --log FILENAME write log to FILENAME (default \"%(log)s\"). + -p, --port PORT listen on PORT (by default %(port)d). + --pidfile FILENAME write PID to FILENAME after daemonizing. + --privdrop-user USER switch UID and GID to those of USER. + --unsafe-logging don't scrub email password and IP addresses from logs.\ """ % { "progname": sys.argv[0], "log": DEFAULT_LOG_FILENAME, @@ -134,7 +136,7 @@ class Server(SocketServer.ThreadingMixIn, SocketServer.TCPServer): def main(): global rsa - opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", ["debug", "help", "key=", "log=", "port=", "pidfile=", "unsafe-logging"]) + opts, args = getopt.gnu_getopt(sys.argv[1:], "dhk:l:p:", ["debug", "help", "key=", "log=", "port=", "pidfile=", "privdrop-user=", "unsafe-logging"]) for o, a in opts: if o == "-d" or o == "--debug": options.daemonize = False @@ -150,6 +152,8 @@ def main(): options.listen_port = int(a) elif o == "--pidfile": options.pid_filename = a + elif o == "--privdrop-user": + options.privdrop_username = a elif o == "--unsafe-logging": options.safe_logging = False @@ -198,6 +202,14 @@ def main(): f.close() sys.exit(0) + if options.privdrop_username is not None: + log(u"dropping privileges to those of user %s" % options.privdrop_username) + try: + fac.drop_privs(options.privdrop_username) + except BaseException, e: + print >> sys.stderr, "Can't drop privileges:", str(e) + sys.exit(1) + try: server.serve_forever() except KeyboardInterrupt: