Improve privilege dropping; run cargo fmt

aquatic_ws/src/lib.rs

@@ -2,7 +2,7 @@ pub mod common;
 pub mod config;
 pub mod workers;
 
-use std::sync::{atomic::AtomicUsize, Arc};
+use std::sync::Arc;
 
 use aquatic_common::cpu_pinning::glommio::{get_worker_placement, set_affinity_for_util_worker};
 use aquatic_common::cpu_pinning::WorkerIndex;
@@ -11,7 +11,7 @@ use glommio::{channels::channel_mesh::MeshBuilder, prelude::*};
 use signal_hook::{consts::SIGUSR1, iterator::Signals};
 
 use aquatic_common::access_list::update_access_list;
-use aquatic_common::privileges::drop_privileges_after_socket_binding;
+use aquatic_common::privileges::PrivilegeDropper;
 
 use common::*;
 use config::Config;
@@ -61,7 +61,7 @@ fn run_workers(config: Config, state: State) -> anyhow::Result<()> {
     let request_mesh_builder = MeshBuilder::partial(num_peers, SHARED_IN_CHANNEL_SIZE);
     let response_mesh_builder = MeshBuilder::partial(num_peers, SHARED_IN_CHANNEL_SIZE * 16);
 
-    let num_bound_sockets = Arc::new(AtomicUsize::new(0));
+    let priv_dropper = PrivilegeDropper::new(config.privileges.clone(), config.socket_workers);
 
     let tls_config = Arc::new(create_rustls_config(
         &config.network.tls_certificate_path,
@@ -76,7 +76,7 @@ fn run_workers(config: Config, state: State) -> anyhow::Result<()> {
         let tls_config = tls_config.clone();
         let request_mesh_builder = request_mesh_builder.clone();
         let response_mesh_builder = response_mesh_builder.clone();
-        let num_bound_sockets = num_bound_sockets.clone();
+        let priv_dropper = priv_dropper.clone();
 
         let placement = get_worker_placement(
             &config.cpu_pinning,
@@ -93,7 +93,7 @@ fn run_workers(config: Config, state: State) -> anyhow::Result<()> {
                 tls_config,
                 request_mesh_builder,
                 response_mesh_builder,
-                num_bound_sockets,
+                priv_dropper,
             )
             .await
         });
@@ -128,13 +128,6 @@ fn run_workers(config: Config, state: State) -> anyhow::Result<()> {
         executors.push(executor);
     }
 
-    drop_privileges_after_socket_binding(
-        &config.privileges,
-        num_bound_sockets,
-        config.socket_workers,
-    )
-    .unwrap();
-
     if config.cpu_pinning.active {
         set_affinity_for_util_worker(
             &config.cpu_pinning,

aquatic_ws/src/workers/socket.rs

@@ -3,11 +3,11 @@ use std::cell::RefCell;
 use std::collections::BTreeMap;
 use std::os::unix::prelude::{FromRawFd, IntoRawFd};
 use std::rc::Rc;
-use std::sync::atomic::{AtomicUsize, Ordering};
 use std::sync::Arc;
 use std::time::{Duration, Instant};
 
 use aquatic_common::access_list::{create_access_list_cache, AccessListArcSwap, AccessListCache};
+use aquatic_common::privileges::PrivilegeDropper;
 use aquatic_common::rustls_config::RustlsConfig;
 use aquatic_common::CanonicalSocketAddr;
 use aquatic_ws_protocol::*;
@@ -53,14 +53,12 @@ pub async fn run_socket_worker(
     tls_config: Arc<RustlsConfig>,
     in_message_mesh_builder: MeshBuilder<(ConnectionMeta, InMessage), Partial>,
     out_message_mesh_builder: MeshBuilder<(ConnectionMeta, OutMessage), Partial>,
-    num_bound_sockets: Arc<AtomicUsize>,
+    priv_dropper: PrivilegeDropper,
 ) {
     let config = Rc::new(config);
     let access_list = state.access_list;
 
-    let listener = create_tcp_listener(&config);
-
-    num_bound_sockets.fetch_add(1, Ordering::SeqCst);
+    let listener = create_tcp_listener(&config, priv_dropper);
 
     let (in_message_senders, _) = in_message_mesh_builder.join(Role::Producer).await.unwrap();
     let in_message_senders = Rc::new(in_message_senders);
@@ -544,7 +542,7 @@ fn calculate_in_message_consumer_index(config: &Config, info_hash: InfoHash) ->
     (info_hash.0[0] as usize) % config.request_workers
 }
 
-fn create_tcp_listener(config: &Config) -> TcpListener {
+fn create_tcp_listener(config: &Config, priv_dropper: PrivilegeDropper) -> TcpListener {
     let domain = if config.network.address.is_ipv4() {
         socket2::Domain::IPV4
     } else {
@@ -568,5 +566,7 @@ fn create_tcp_listener(config: &Config) -> TcpListener {
         .listen(config.network.tcp_backlog)
         .unwrap_or_else(|err| panic!("socket: listen {}: {:?}", config.network.address, err));
 
+    priv_dropper.after_socket_creation();
+
     unsafe { TcpListener::from_raw_fd(socket.into_raw_fd()) }
 }