- Use unambiguous variable names (w/o package name conflict).
- Fail on invalid input such as the empty string or `:`.
- Do not change group without user, i.e. fail on `:group`.
- Parse input using mnemonic APIs.
- Do not juggle between integer types.
- Unset supplementary groups.
- Use set[ug]id(2) to follow the idiom of OpenBSD base programs.
(cannot use setres[ug]id(2) as macOS does not have them.)
Includes/Supersedes #1202.
Fixes#927.
I only tested on OpenBSD (so far), but other systems should just work.
Changing the real and effective user/group IDs and the saved
set-user/group-ID is not enough to get rid of intial access permissions.
The list of groups must be cleared also, otherwise a process changing
from, e.g. `root:root` to `nobody:nobody` retains rights to access
`:wheel` files (assuming `root` is a member of the `wheel` group).
For example:
```
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
# ./yggdrasil -autoconf -logto /dev/null -user nobody &
[1] 4337
# ps -o command,user,group,supgrp -U nobody
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody wheel,kmem,sys,tty,operator,staff,guest
```
Fix that so the process runs as mere
```
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody nobody
```
Fixes#927.
Creating UNIX sockets the listen() goroutine that races against the main
one dropping to an unprivileged user may cause startup failure when
privdrop happens before privileged filesystem access.
Setup or fail in New() and only do listen(2) in listen() to avoid this.
```
# yggdrasil -autoconf -user nobody
2024/11/03 21:15:27 Build name: yggdrasil-go
2024/11/03 21:15:27 Build version: 0.5.9
...
2024/11/03 21:15:27 Admin socket failed to listen: listen unix /var/run/yggdrasil.sock: bind: permission denied
```
Rerun, now the order is flipped:
```
# yggdrasil -autoconf -user nobody
2024/11/03 21:15:34 Build name: yggdrasil-go
2024/11/03 21:15:34 Build version: 0.5.9
[...]
2024/11/03 21:15:34 UNIX admin socket listening on /var/run/yggdrasil.sock
[...]
```
Fixes#927.
No need to extract it again when the url package provides it for us:
```
$ jq -n '{"AdminListen":"unix:///tmp/ygg.sock"}' | ./yggdrasil -useconf | grep 'admin socket'
2024/10/08 22:41:11 UNIX admin socket listening on /tmp/ygg.sock
```
Follow-up on #1176
This stood out to me while reading the code: [7:] is skipping "unix://",
so why not do that?
Doing so reveals a bug in the last line changed, where chmod(2) failure
would print just the prefix, not everything but it... easy to miss, but
now this kind of bug can no longer happen.
This cleans up the mess to configure an IP address on a tun(4) device.
Handrolling a hardcoded ioctl(2) request is far from perfect, but Go
(golang.org/sys/unix) is to blame here.
Tested on OpenBSD 7.6 -current where yggdrasil now drives the interface
would use of ifconfig or other helpers.
different from
https://github.com/yggdrasil-network/yggdrasil-go/pull/817 in that it
can resolve user names, automatically use user's primary gid & allows
specifying gid in the same argument, with `:` eg `username:groupname`.
feel free to criticize & suggest different argument name & description
because i didn't put much of thought to that.
---------
Co-authored-by: Neil <git@neilalexander.dev>
Co-authored-by: VNAT <xepjk@protonmail.com>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This PR updates Ironwood to include the new RTT-based link costing and
updates `yggdrasilctl` to report the cost in `getPeers`.
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
So, the function waiting for TUN to come up never succeeds:
```
func waitForTUNUp(ch <-chan wgtun.Event) bool {
t := time.After(time.Second * 5)
for {
select {
case ev := <-ch:
if ev == wgtun.EventUp {
return true
}
case <-t:
return false
}
}
}
```
I've tried the sleep for one second, and it works flawlessly on several
PCs.
Another point - sometimes, if the service stop abruptly (in case of some
errors) there is an old hidden device in the system, that we need to
uninstall, and then create new.
ws:// can be listened and dialed
wss:// is a convenience link for ws:// that supports dialing to ws://
peer.
---------
Signed-off-by: Vasyl Gello <vasek.gello@gmail.com>
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>
This PR updates the Wireguard dependency and updates to use new
vectorised reads/writes, which should reduce the number of syscalls and
improve performance.
This will only make a difference on Linux as this is the only platform
for which the Wireguard TUN library supports vectorised reads/writes.
For other platforms, single reads and writes will be performed as usual.
---------
Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com>