aquatic_udp: move privdrop code to crate root, use in glommio impl

2026-03-31 17:55:36 +00:00 · 2021-10-23 15:18:05 +02:00 · 2021-10-23 15:18:05 +02:00 · 0e58347ac4
commit 0e58347ac4
parent eafb88c345
4 changed files with 47 additions and 30 deletions
--- a/aquatic_udp/src/lib/glommio/mod.rs
+++ b/aquatic_udp/src/lib/glommio/mod.rs
@ -5,6 +5,7 @@ use glommio::channels::channel_mesh::MeshBuilder;
 use glommio::prelude::*;

 use crate::config::Config;
+use crate::drop_privileges_after_socket_binding;

 mod common;
 pub mod handlers;
@ -87,6 +88,8 @@ pub fn run(config: Config) -> anyhow::Result<()> {
        executors.push(executor);
    }

+    drop_privileges_after_socket_binding(&config, num_bound_sockets).unwrap();
+
    for executor in executors {
        executor
            .expect("failed to spawn local executor")
--- a/aquatic_udp/src/lib/lib.rs
+++ b/aquatic_udp/src/lib/lib.rs
@ -1,3 +1,11 @@
+use std::{
+    sync::{
+        atomic::{AtomicUsize, Ordering},
+        Arc,
+    },
+    time::Duration,
+};
+
 use cfg_if::cfg_if;

 pub mod common;
@ -7,6 +15,7 @@ pub mod glommio;
 pub mod mio;

 use config::Config;
+use privdrop::PrivDrop;

 pub const APP_NAME: &str = "aquatic_udp: UDP BitTorrent tracker";

@ -19,3 +28,35 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
        }
    }
 }
+
+fn drop_privileges_after_socket_binding(
+    config: &Config,
+    num_bound_sockets: Arc<AtomicUsize>,
+) -> anyhow::Result<()> {
+    if config.privileges.drop_privileges {
+        let mut counter = 0usize;
+
+        loop {
+            let sockets = num_bound_sockets.load(Ordering::SeqCst);
+
+            if sockets == config.socket_workers {
+                PrivDrop::default()
+                    .chroot(config.privileges.chroot_path.clone())
+                    .user(config.privileges.user.clone())
+                    .apply()?;
+
+                break;
+            }
+
+            ::std::thread::sleep(Duration::from_millis(10));
+
+            counter += 1;
+
+            if counter == 500 {
+                panic!("Sockets didn't bind in time for privilege drop.");
+            }
+        }
+    }
+
+    Ok(())
+}
--- a/aquatic_udp/src/lib/mio/mod.rs
+++ b/aquatic_udp/src/lib/mio/mod.rs
@ -2,15 +2,11 @@ use std::thread::Builder;
 use std::time::Duration;
 use std::{
    ops::Deref,
-    sync::{
-        atomic::{AtomicUsize, Ordering},
-        Arc,
-    },
+    sync::{atomic::AtomicUsize, Arc},
 };

 use anyhow::Context;
 use crossbeam_channel::unbounded;
-use privdrop::PrivDrop;

 pub mod common;
 pub mod handlers;
@ -20,6 +16,7 @@ pub mod tasks;
 use aquatic_common::access_list::{AccessListArcSwap, AccessListMode, AccessListQuery};

 use crate::config::Config;
+use crate::drop_privileges_after_socket_binding;

 use common::State;

@ -38,30 +35,7 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {

    start_workers(config.clone(), state.clone(), num_bound_sockets.clone())?;

-    if config.privileges.drop_privileges {
-        let mut counter = 0usize;
-
-        loop {
-            let sockets = num_bound_sockets.load(Ordering::SeqCst);
-
-            if sockets == config.socket_workers {
-                PrivDrop::default()
-                    .chroot(config.privileges.chroot_path.clone())
-                    .user(config.privileges.user.clone())
-                    .apply()?;
-
-                break;
-            }
-
-            ::std::thread::sleep(Duration::from_millis(10));
-
-            counter += 1;
-
-            if counter == 500 {
-                panic!("Sockets didn't bind in time for privilege drop.");
-            }
-        }
-    }
+    drop_privileges_after_socket_binding(&config, num_bound_sockets).unwrap();

    loop {
        ::std::thread::sleep(Duration::from_secs(config.cleaning.interval));