Save resolver keys and certificates in the state

5 years ago · bc4b10f637
parent 0592855b25
commit bc4b10f637
3 changed files with 25 additions and 26 deletions
--- a/src/crypto.rs
+++ b/src/crypto.rs
@ -25,7 +25,7 @@ impl Signature {

 big_array! { BigArray; }

-#[derive(Serialize, Deserialize, Derivativ, Clone)]
+#[derive(Serialize, Deserialize, Derivative, Clone)]
 #[derivative(Default)]
 pub struct SignSK(
    #[serde(with = "BigArray")]
--- a/src/dnscrypt_certs.rs
+++ b/src/dnscrypt_certs.rs
@ -90,7 +90,7 @@ impl DNSCryptCert {
    }
 }

-#[derive(Serialize, Deserialize, Debug)]
+#[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct DNSCryptEncryptionParams {
    dnscrypt_cert: DNSCryptCert,
    resolver_kp: CryptKeyPair,
@ -141,13 +141,11 @@ impl DNSCryptEncryptionParamsUpdater {
        }
        let new_params = DNSCryptEncryptionParams::new(&self.globals.provider_kp);
        new_params_set.push(Arc::new(new_params));
-
        let state = State {
            provider_kp: self.globals.provider_kp.clone(),
-            dnscrypt_encryption_params_set: new_params_set,
+            dnscrypt_encryption_params_set: new_params_set.iter().map(|x| (**x).clone()).collect(),
        };
-        state.save(&self.globals.state_file);
-
+        let _ = state.save(&self.globals.state_file);
        *self.globals.dnscrypt_encryption_params_set.write() = Arc::new(new_params_set);
    }

--- a/src/main.rs
+++ b/src/main.rs
@ -397,6 +397,21 @@ fn main() -> Result<(), Error> {
    };
    let external_addr = SocketAddr::new(config.external_addr, 0);

+    let mut pd = PrivDrop::default();
+    if let Some(user) = &config.user {
+        pd = pd.user(user);
+    }
+    if let Some(group) = &config.group {
+        pd = pd.group(group);
+    }
+    if let Some(chroot) = &config.chroot {
+        pd = pd.chroot(chroot);
+    }
+    if config.user.is_some() || config.group.is_some() || config.chroot.is_some() {
+        info!("Dropping privileges");
+        pd.apply()?;
+    }
+
    let state_file = &config.state_file;
    let state = match State::from_file(state_file) {
        Err(_) => {
@ -414,7 +429,6 @@ fn main() -> Result<(), Error> {
        }
    };
    let provider_kp = state.provider_kp;
-
    for listen_addr_s in &config.listen_addrs {
        info!("Server address: {}", listen_addr_s);
        info!("Provider public key: {}", provider_kp.pk.as_string());
@ -431,33 +445,20 @@ fn main() -> Result<(), Error> {
        .unwrap();
        println!("DNS Stamp: {}", stamp);
    }
-
-    let dnscrypt_encryption_params = state
-        .dnscrypt_encryption_params
+    let dnscrypt_encryption_params_set = state
+        .dnscrypt_encryption_params_set
        .into_iter()
        .map(Arc::new)
        .collect::<Vec<_>>();
    let mut runtime_builder = tokio::runtime::Builder::new();
    runtime_builder.name_prefix("encrypted-dns-");
    let runtime = Arc::new(runtime_builder.build()?);
-
-    let mut pd = PrivDrop::default();
-    if let Some(user) = &config.user {
-        pd = pd.user(user);
-    }
-    if let Some(group) = &config.group {
-        pd = pd.group(group);
-    }
-    if let Some(chroot) = &config.chroot {
-        pd = pd.chroot(chroot);
-    }
-    if config.user.is_some() || config.group.is_some() || config.chroot.is_some() {
-        info!("Dropping privileges");
-        pd.apply()?;
-    }
    let globals = Arc::new(Globals {
        runtime: runtime.clone(),
-        dnscrypt_encryption_params_set: Arc::new(RwLock::new(Arc::new(dnscrypt_encryption_params))),
+        state_file: state_file.to_path_buf(),
+        dnscrypt_encryption_params_set: Arc::new(RwLock::new(Arc::new(
+            dnscrypt_encryption_params_set,
+        ))),
        provider_name,
        provider_kp,
        listen_addrs: config.listen_addrs,