Re-use username for UID if it exists
This commit is contained in:
Quentin McGaw
@@ -14,9 +14,10 @@ import (
|
||||
"github.com/qdm12/golibs/network"
|
||||
)
|
||||
|
||||
func (c *configurator) MakeUnboundConf(ctx context.Context, settings settings.DNS, uid, gid int) (err error) {
|
||||
func (c *configurator) MakeUnboundConf(ctx context.Context, settings settings.DNS,
|
||||
username string, uid, gid int) (err error) {
|
||||
c.logger.Info("generating Unbound configuration")
|
||||
lines, warnings := generateUnboundConf(ctx, settings, c.client, c.logger)
|
||||
lines, warnings := generateUnboundConf(ctx, settings, username, c.client, c.logger)
|
||||
for _, warning := range warnings {
|
||||
c.logger.Warn(warning)
|
||||
}
|
||||
@@ -28,7 +29,7 @@ func (c *configurator) MakeUnboundConf(ctx context.Context, settings settings.DN
|
||||
}
|
||||
|
||||
// MakeUnboundConf generates an Unbound configuration from the user provided settings.
|
||||
func generateUnboundConf(ctx context.Context, settings settings.DNS,
|
||||
func generateUnboundConf(ctx context.Context, settings settings.DNS, username string,
|
||||
client network.Client, logger logging.Logger) (
|
||||
lines []string, warnings []error) {
|
||||
doIPv6 := "no"
|
||||
@@ -69,7 +70,7 @@ func generateUnboundConf(ctx context.Context, settings settings.DNS,
|
||||
"interface": "0.0.0.0",
|
||||
"port": "53",
|
||||
// Other
|
||||
"username": "\"nonrootuser\"",
|
||||
"username": fmt.Sprintf("%q", username),
|
||||
}
|
||||
|
||||
// Block lists
|
||||
|
||||
@@ -41,7 +41,7 @@ func Test_generateUnboundConf(t *testing.T) {
|
||||
logger := mock_logging.NewMockLogger(mockCtrl)
|
||||
logger.EXPECT().Info("%d hostnames blocked overall", 2).Times(1)
|
||||
logger.EXPECT().Info("%d IP addresses blocked overall", 3).Times(1)
|
||||
lines, warnings := generateUnboundConf(ctx, settings, client, logger)
|
||||
lines, warnings := generateUnboundConf(ctx, settings, "nonrootuser", client, logger)
|
||||
require.Len(t, warnings, 0)
|
||||
expected := `
|
||||
server:
|
||||
|
||||
@@ -15,7 +15,7 @@ import (
|
||||
type Configurator interface {
|
||||
DownloadRootHints(ctx context.Context, uid, gid int) error
|
||||
DownloadRootKey(ctx context.Context, uid, gid int) error
|
||||
MakeUnboundConf(ctx context.Context, settings settings.DNS, uid, gid int) (err error)
|
||||
MakeUnboundConf(ctx context.Context, settings settings.DNS, username string, uid, gid int) (err error)
|
||||
UseDNSInternally(IP net.IP)
|
||||
UseDNSSystemWide(ip net.IP, keepNameserver bool) error
|
||||
Start(ctx context.Context, logLevel uint8) (stdout io.ReadCloser, waitFn func() error, err error)
|
||||
|
||||
@@ -27,6 +27,7 @@ type looper struct {
|
||||
conf Configurator
|
||||
logger logging.Logger
|
||||
streamMerger command.StreamMerger
|
||||
username string
|
||||
uid int
|
||||
gid int
|
||||
loopLock sync.Mutex
|
||||
@@ -40,7 +41,7 @@ type looper struct {
|
||||
}
|
||||
|
||||
func NewLooper(conf Configurator, settings settings.DNS, logger logging.Logger,
|
||||
streamMerger command.StreamMerger, uid, gid int) Looper {
|
||||
streamMerger command.StreamMerger, username string, uid, gid int) Looper {
|
||||
return &looper{
|
||||
state: state{
|
||||
status: constants.Stopped,
|
||||
@@ -48,6 +49,7 @@ func NewLooper(conf Configurator, settings settings.DNS, logger logging.Logger,
|
||||
},
|
||||
conf: conf,
|
||||
logger: logger.WithPrefix("dns over tls: "),
|
||||
username: username,
|
||||
uid: uid,
|
||||
gid: gid,
|
||||
streamMerger: streamMerger,
|
||||
@@ -292,7 +294,7 @@ func (l *looper) updateFiles(ctx context.Context) (err error) {
|
||||
return err
|
||||
}
|
||||
settings := l.GetSettings()
|
||||
if err := l.conf.MakeUnboundConf(ctx, settings, l.uid, l.gid); err != nil {
|
||||
if err := l.conf.MakeUnboundConf(ctx, settings, l.username, l.uid, l.gid); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
|
||||
Reference in New Issue
Block a user