From bc4b10f637ce628d0ef60bc222e1ca790cae5c48 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 19 Sep 2019 21:08:49 +0200 Subject: [PATCH] Save resolver keys and certificates in the state --- src/crypto.rs | 2 +- src/dnscrypt_certs.rs | 8 +++----- src/main.rs | 41 +++++++++++++++++++++-------------------- 3 files changed, 25 insertions(+), 26 deletions(-) diff --git a/src/crypto.rs b/src/crypto.rs index d8e6d25..44ac80d 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -25,7 +25,7 @@ impl Signature { big_array! { BigArray; } -#[derive(Serialize, Deserialize, Derivativ, Clone)] +#[derive(Serialize, Deserialize, Derivative, Clone)] #[derivative(Default)] pub struct SignSK( #[serde(with = "BigArray")] diff --git a/src/dnscrypt_certs.rs b/src/dnscrypt_certs.rs index df9bdec..a196e7b 100644 --- a/src/dnscrypt_certs.rs +++ b/src/dnscrypt_certs.rs @@ -90,7 +90,7 @@ impl DNSCryptCert { } } -#[derive(Serialize, Deserialize, Debug)] +#[derive(Serialize, Deserialize, Debug, Clone)] pub struct DNSCryptEncryptionParams { dnscrypt_cert: DNSCryptCert, resolver_kp: CryptKeyPair, @@ -141,13 +141,11 @@ impl DNSCryptEncryptionParamsUpdater { } let new_params = DNSCryptEncryptionParams::new(&self.globals.provider_kp); new_params_set.push(Arc::new(new_params)); - let state = State { provider_kp: self.globals.provider_kp.clone(), - dnscrypt_encryption_params_set: new_params_set, + dnscrypt_encryption_params_set: new_params_set.iter().map(|x| (**x).clone()).collect(), }; - state.save(&self.globals.state_file); - + let _ = state.save(&self.globals.state_file); *self.globals.dnscrypt_encryption_params_set.write() = Arc::new(new_params_set); } diff --git a/src/main.rs b/src/main.rs index 7268c9a..da13408 100644 --- a/src/main.rs +++ b/src/main.rs @@ -397,6 +397,21 @@ fn main() -> Result<(), Error> { }; let external_addr = SocketAddr::new(config.external_addr, 0); + let mut pd = PrivDrop::default(); + if let Some(user) = &config.user { + pd = pd.user(user); + } + if let Some(group) = &config.group { + pd = pd.group(group); + } + if let Some(chroot) = &config.chroot { + pd = pd.chroot(chroot); + } + if config.user.is_some() || config.group.is_some() || config.chroot.is_some() { + info!("Dropping privileges"); + pd.apply()?; + } + let state_file = &config.state_file; let state = match State::from_file(state_file) { Err(_) => { @@ -414,7 +429,6 @@ fn main() -> Result<(), Error> { } }; let provider_kp = state.provider_kp; - for listen_addr_s in &config.listen_addrs { info!("Server address: {}", listen_addr_s); info!("Provider public key: {}", provider_kp.pk.as_string()); @@ -431,33 +445,20 @@ fn main() -> Result<(), Error> { .unwrap(); println!("DNS Stamp: {}", stamp); } - - let dnscrypt_encryption_params = state - .dnscrypt_encryption_params + let dnscrypt_encryption_params_set = state + .dnscrypt_encryption_params_set .into_iter() .map(Arc::new) .collect::>(); let mut runtime_builder = tokio::runtime::Builder::new(); runtime_builder.name_prefix("encrypted-dns-"); let runtime = Arc::new(runtime_builder.build()?); - - let mut pd = PrivDrop::default(); - if let Some(user) = &config.user { - pd = pd.user(user); - } - if let Some(group) = &config.group { - pd = pd.group(group); - } - if let Some(chroot) = &config.chroot { - pd = pd.chroot(chroot); - } - if config.user.is_some() || config.group.is_some() || config.chroot.is_some() { - info!("Dropping privileges"); - pd.apply()?; - } let globals = Arc::new(Globals { runtime: runtime.clone(), - dnscrypt_encryption_params_set: Arc::new(RwLock::new(Arc::new(dnscrypt_encryption_params))), + state_file: state_file.to_path_buf(), + dnscrypt_encryption_params_set: Arc::new(RwLock::new(Arc::new( + dnscrypt_encryption_params_set, + ))), provider_name, provider_kp, listen_addrs: config.listen_addrs,