udp, http: move privilege drop code into aquatic_common

aquatic_udp/src/lib/config.rs

@@ -1,6 +1,6 @@
 use std::net::SocketAddr;
 
-use aquatic_common::access_list::AccessListConfig;
+use aquatic_common::{access_list::AccessListConfig, privileges::PrivilegeConfig};
 use aquatic_common::cpu_pinning::CpuPinningConfig;
 use serde::{Deserialize, Serialize};
 
@@ -99,17 +99,6 @@ pub struct CleaningConfig {
     pub max_connection_age: u64,
 }
 
-#[derive(Clone, Debug, Serialize, Deserialize)]
-#[serde(default)]
-pub struct PrivilegeConfig {
-    /// Chroot and switch user after binding to sockets
-    pub drop_privileges: bool,
-    /// Chroot to this path
-    pub chroot_path: String,
-    /// User to switch to after chrooting
-    pub user: String,
-}
-
 impl Default for Config {
     fn default() -> Self {
         Self {
@@ -177,13 +166,3 @@ impl Default for CleaningConfig {
         }
     }
 }
-
-impl Default for PrivilegeConfig {
-    fn default() -> Self {
-        Self {
-            drop_privileges: false,
-            chroot_path: ".".to_string(),
-            user: "nobody".to_string(),
-        }
-    }
-}

aquatic_udp/src/lib/glommio/mod.rs

@@ -1,11 +1,11 @@
 use std::sync::{atomic::AtomicUsize, Arc};
 
 use aquatic_common::access_list::AccessList;
+use aquatic_common::privileges::drop_privileges_after_socket_binding;
 use glommio::channels::channel_mesh::MeshBuilder;
 use glommio::prelude::*;
 
 use crate::config::Config;
-use crate::drop_privileges_after_socket_binding;
 
 mod common;
 pub mod handlers;
@@ -88,7 +88,7 @@ pub fn run(config: Config) -> anyhow::Result<()> {
         executors.push(executor);
     }
 
-    drop_privileges_after_socket_binding(&config, num_bound_sockets).unwrap();
+    drop_privileges_after_socket_binding(&config.privileges, num_bound_sockets, config.socket_workers).unwrap();
 
     for executor in executors {
         executor

aquatic_udp/src/lib/lib.rs

@@ -16,7 +16,6 @@ pub mod glommio;
 pub mod mio;
 
 use config::Config;
-use privdrop::PrivDrop;
 
 pub const APP_NAME: &str = "aquatic_udp: UDP BitTorrent tracker";
 
@@ -28,36 +27,4 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
             mio::run(config)
         }
     }
-}
-
-fn drop_privileges_after_socket_binding(
-    config: &Config,
-    num_bound_sockets: Arc<AtomicUsize>,
-) -> anyhow::Result<()> {
-    if config.privileges.drop_privileges {
-        let mut counter = 0usize;
-
-        loop {
-            let sockets = num_bound_sockets.load(Ordering::SeqCst);
-
-            if sockets == config.socket_workers {
-                PrivDrop::default()
-                    .chroot(config.privileges.chroot_path.clone())
-                    .user(config.privileges.user.clone())
-                    .apply()?;
-
-                break;
-            }
-
-            ::std::thread::sleep(Duration::from_millis(10));
-
-            counter += 1;
-
-            if counter == 500 {
-                panic!("Sockets didn't bind in time for privilege drop.");
-            }
-        }
-    }
-
-    Ok(())
-}
+}

aquatic_udp/src/lib/mio/mod.rs

@@ -6,6 +6,7 @@ use std::{
 };
 
 use anyhow::Context;
+use aquatic_common::privileges::drop_privileges_after_socket_binding;
 use crossbeam_channel::unbounded;
 
 pub mod common;
@@ -16,7 +17,6 @@ pub mod tasks;
 use aquatic_common::access_list::{AccessListArcSwap, AccessListMode, AccessListQuery};
 
 use crate::config::Config;
-use crate::drop_privileges_after_socket_binding;
 
 use common::State;
 
@@ -35,7 +35,7 @@ pub fn run(config: Config) -> ::anyhow::Result<()> {
 
     start_workers(config.clone(), state.clone(), num_bound_sockets.clone())?;
 
-    drop_privileges_after_socket_binding(&config, num_bound_sockets).unwrap();
+    drop_privileges_after_socket_binding(&config.privileges, num_bound_sockets, config.socket_workers).unwrap();
 
     loop {
         ::std::thread::sleep(Duration::from_secs(config.cleaning.interval));