Add privbind and systemd agent commands.

cmars · Nov 22, 2017 · ed3e409 · ed3e409
1 parent a8c850d
commit ed3e409
Show file tree

Hide file tree

Showing 2 changed files with 133 additions and 0 deletions.
diff --git a/cmd/agentPrivbind.go b/cmd/agentPrivbind.go
@@ -0,0 +1,61 @@
+// +build linux
+
+// Copyright © 2017 Casey Marshall
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cmd
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+
+	"github.com/spf13/cobra"
+)
+
+// agentPrivbindCmd represents the agentPrivbind command
+var agentPrivbindCmd = &cobra.Command{
+	Use:   "privbind",
+	Short: "Allow binding to privileged ports",
+	Long: `Configure the local system to allow importing remote services on
+privileged ports (<1024).`,
+	Run: func(cmd *cobra.Command, args []string) {
+		binaryPath, err := filepath.Abs(os.Args[0])
+		if err != nil {
+			log.Fatalf("%v", err)
+		}
+		if os.Getuid() == 0 {
+			cmd := exec.Command("setcap", "cap_net_bind_service=+ep", binaryPath)
+			log.Printf("%#v", cmd)
+			err := cmd.Run()
+			if err != nil {
+				log.Fatalf("setcap failed: %v", err)
+			}
+		} else {
+			cmd := exec.Command("/bin/sh", "-c",
+				fmt.Sprintf("sudo setcap 'cap_net_bind_service=+ep' %s", binaryPath))
+			log.Printf("%#v", cmd)
+			err := cmd.Run()
+			if err != nil {
+				log.Fatalf("setcap failed: %v", err)
+			}
+		}
+	},
+}
+
+func init() {
+	agentCmd.AddCommand(agentPrivbindCmd)
+}
diff --git a/cmd/agentSystemd.go b/cmd/agentSystemd.go
@@ -0,0 +1,72 @@
+// +build linux
+
+// Copyright © 2017 Casey Marshall
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package cmd
+
+import (
+	"log"
+	"os"
+	"path/filepath"
+	"text/template"
+
+	"github.com/spf13/cobra"
+)
+
+var serviceTemplate = template.Must(template.New("systemd").Parse(`
+[Unit]
+Description=Onion-routed mesh
+
+[Service]
+ExecStart={{.BinaryPath}} agent run
+Restart=always
+{{ if .Username -}}
+User={{ .Username }}
+{{- else -}}
+User=ubuntu
+{{- end }}
+
+[Install]
+WantedBy=multi-user.target
+`))
+
+var serviceUser string
+
+// agentSystemdCmd represents the agentSystemd command
+var agentSystemdCmd = &cobra.Command{
+	Use:   "systemd",
+	Short: "Generate a systemd service that operates ormesh",
+	Run: func(cmd *cobra.Command, args []string) {
+		binaryPath, err := filepath.Abs(os.Args[0])
+		if err != nil {
+			log.Fatalf("%v", err)
+		}
+		err = serviceTemplate.Execute(os.Stdout, struct {
+			BinaryPath string
+			Username   string
+		}{
+			BinaryPath: binaryPath,
+			Username:   serviceUser,
+		})
+		if err != nil {
+			log.Fatalf("%v", err)
+		}
+	},
+}
+
+func init() {
+	agentSystemdCmd.Flags().StringVarP(&serviceUser, "user", "u", "", "User to run ormesh as")
+	agentCmd.AddCommand(agentSystemdCmd)
+}