aghnet: imp permissions logic

2023-02-06 16:11:55 +03:00
parent da1b53a3b4
commit 3918789ca7
5 changed files with 41 additions and 6 deletions
--- a/internal/aghnet/net.go
+++ b/internal/aghnet/net.go
@@ -80,6 +80,11 @@ func CanBindPrivilegedPorts() (can bool, err error) {
 	return canBindPrivilegedPorts()
 }

+// AcquirePermissions tries to acquire permissions to bind to privileged ports.
+func AcquirePermissions() (err error) {
+	return acquirePermissions()
+}
+
 // NetInterface represents an entry of network interfaces map.
 type NetInterface struct {
 	// Addresses are the network interface addresses.
--- a/internal/aghnet/net_bsd.go
+++ b/internal/aghnet/net_bsd.go
@@ -7,3 +7,7 @@ import "github.com/AdguardTeam/AdGuardHome/internal/aghos"
 func canBindPrivilegedPorts() (can bool, err error) {
 	return aghos.HaveAdminRights()
 }
+
+func acquirePermissions() (err error) {
+	return nil
+}
--- a/internal/aghnet/net_linux.go
+++ b/internal/aghnet/net_linux.go
@@ -23,17 +23,17 @@ const dhcpcdConf = "etc/dhcpcd.conf"

 func canBindPrivilegedPorts() (can bool, err error) {
 	res, err := unix.PrctlRetInt(
-		unix.PR_CAP_AMBIENT,
-		unix.PR_CAP_AMBIENT_RAISE,
+		unix.PR_CAPBSET_READ,
 		unix.CAP_NET_BIND_SERVICE,
 		0,
 		0,
+		0,
 	)
 	if err != nil {
 		if errors.Is(err, unix.EINVAL) {
 			// Older versions of Linux kernel do not support this.  Print a
 			// warning and check admin rights.
-			log.Info("warning: cannot check capability cap_net_bind_service: %s", err)
+			log.Info("warning: cannot check cap_net_bind_service: %s", err)
 		} else {
 			return false, err
 		}
@@ -45,6 +45,21 @@ func canBindPrivilegedPorts() (can bool, err error) {
 	return res == 1 || adm, nil
 }

+func acquirePermissions() (err error) {
+	_, err = unix.PrctlRetInt(
+		unix.PR_CAP_AMBIENT,
+		unix.PR_CAP_AMBIENT_RAISE,
+		unix.CAP_NET_BIND_SERVICE,
+		0,
+		0,
+	)
+	if err != nil {
+		return fmt.Errorf("raising cap_net_bind_service: %w", err)
+	}
+
+	return nil
+}
+
 // dhcpcdStaticConfig checks if interface is configured by /etc/dhcpcd.conf to
 // have a static IP.
 func (n interfaceName) dhcpcdStaticConfig(r io.Reader) (subsources []string, cont bool, err error) {
--- a/internal/aghnet/net_windows.go
+++ b/internal/aghnet/net_windows.go
@@ -43,3 +43,7 @@ func closePortChecker(c io.Closer) (err error) {
 func isAddrInUse(err syscall.Errno) (ok bool) {
 	return errors.Is(err, windows.WSAEADDRINUSE)
 }
+
+func acquirePermissions() (err error) {
+	return nil
+}