New version: 0.3.0

 - Move copyright to 2021
 - Improve/Fix README.md
 - Add doc-comments
 - Fix funtion-name (parse_and_valided_args -> parse_and_validate_args)
 - Allow underscores in domain-names
 - Add support --blocklist of fdns>=0.9.64.2
 - Add --help message
 - Code quality and panic-message enhancements

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "fdns4users"
-version = "0.2.0"
+version = "0.3.0"
 authors = ["rusty-snake"]
 edition = "2018"
 description = "Allow unprivileged users to start fdns."

LICENSE

@@ -1,4 +1,4 @@
-Copyright © 2020 rusty-snake
+Copyright © 2020,2021 rusty-snake
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -21,4 +21,3 @@ SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-

README.md

@@ -22,7 +22,7 @@ fdns4users --proxy-addr=127.70.74.68 --whitelist=debian.org &
 firejail --dns=127.70.74.68 wget "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.6.0-amd64-netinst.iso"
 ```
 
-`--proxy-addr` must be the first argument and only use `127.70.74.*`.
+`--proxy-addr` must be the first argument and start with `127.70.74.`.
 
 ## Alternatives
 
@@ -53,9 +53,10 @@ polkit.addRule(function(action, subject) {
 
     const IP = "127\\.70\\.74\\.[0-9]{1,3}";
     const PROXY_ADDR = `--proxy-addr=${IP}`;
+    const BLOCKLIST = `--blocklist=[A-Za-z0-9._-]+`;
     const WHITELIST = `--whitelist=[A-Za-z0-9._-]+`;
-    const ZOM_WHITELIST = `( ${WHITELIST})*`;
-    const RE = new RegExp(`^${PROGRAM} ${PROXY_ADDR}${ZOM_WHITELIST}$`);
+    const ZOM_BWLIST = `( ${WHITELIST}| ${BLOCKLIST})*`;
+    const RE = new RegExp(`^${PROGRAM} ${PROXY_ADDR}${ZOM_BWLIST}$`);
 
     // Debugging: uncomment to see the final RegExp
     //polkit.log(RE.toString());
@@ -70,12 +71,12 @@ polkit.addRule(function(action, subject) {
 ```
 
 This allows the user john to start `/usr/bin/fdns --proxy-addr=127.70.68.*` with
-`--whitelist=DOMAIN1`, `--whitelist=DOMAIN2`, ….
+`--whitelist=example1.com`, `--whitelist=example2.com`, `--blocklist=example3.com` ….
 
 ## License
 
 ```
-Copyright © 2020 rusty-snake
+Copyright © 2020,2021 rusty-snake
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

src/main.rs

@@ -1,5 +1,5 @@
 /*
- * Copyright © 2020 rusty-snake
+ * Copyright © 2020,2021 rusty-snake
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -25,17 +25,21 @@
  */
 
 use std::env;
-use std::process::Command;
+use std::process::{exit, Command};
 
+/// The path to the fdns binary
 const FDNS: &str = "/usr/bin/fdns";
 
+/// The main function
+///
+/// Start [fdns](FDNS) as root with the arguments returned by [`parse_and_validate_args`].
 fn main() {
     // Defense in Depth: set the effetive-UID to the real-UID
     unsafe {
         assert!(libc::seteuid(libc::getuid()) == 0);
     }
 
-    let (proxy_addr, fdns_args) = parse_and_valided_args(&mut env::args().skip(1));
+    let (proxy_addr, fdns_args) = parse_and_validate_args(&mut env::args().skip(1));
 
     // set real, effective and saved UID and GID to root
     unsafe {
@@ -54,32 +58,71 @@ fn main() {
         .unwrap();
 }
 
-fn parse_and_valided_args<T: Iterator<Item = String>>(args: &mut T) -> (String, Vec<String>) {
+/// Parse and validate the arguments
+///
+/// The first argument must be `--proxy-addr=127.70.74.[0-9]{1,3}` or `--help`.
+/// All other arguments are optional. Currently supported are `--blocklist=[A-Za-z0-9._-]+` and
+/// `--whitelist=[A-Za-z0-9._-]+` in any order and number.
+fn parse_and_validate_args<T: Iterator<Item = String>>(args: &mut T) -> (String, Vec<String>) {
     // validate first commandline arg (--proxy-addr)
     let proxy_addr = {
-        let arg = args
+        let arg_1 = args
             .next()
             .expect("No command-line arguments given. --proxy-addr must be given.");
-        if arg.starts_with("--proxy-addr=127.70.74.")
-            && arg[23..].chars().all(|c| c.is_ascii_digit())
-            && 24 <= arg.len()
-            && arg.len() <= 26
+
+        if arg_1 == "--help" {
+            help()
+        }
+
+        if arg_1.starts_with("--proxy-addr=127.70.74.")
+            && arg_1[23..].chars().all(|c| c.is_ascii_digit())
+            && 24 <= arg_1.len()
+            && arg_1.len() <= 26
         {
-            arg
+            arg_1
         } else {
-            panic!("Invalid first argument (--proxy-addr)");
+            panic!(
+                "Invalid first argument, must be --help or --proxy-addr with a allowed IP-address."
+            );
         }
     };
 
-    // parse left over commandline args, keep only '--whitelist=[A-Za-z0-9.-]*'
+    // parse left over commandline args, keep only '--whitelist=[A-Za-z0-9._-]*'
+    // and '--blocklist=[A-Za-z0-9._-]*'
     let fdns_args = args
         .filter(|arg| {
-            arg.starts_with("--whitelist=")
+            (arg.starts_with("--blocklist=") || arg.starts_with("--whitelist="))
                 && arg[12..]
                     .chars()
-                    .all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-')
+                    .all(|c| c.is_ascii_alphanumeric() || c == '.' || c == '-' || c == '_')
         })
         .collect::<Vec<_>>();
 
     (proxy_addr, fdns_args)
 }
+
+/// Show help and exit
+fn help() -> ! {
+    unsafe {
+        let uid = libc::getuid();
+        assert!(libc::setresuid(uid, uid, uid) == 0);
+    }
+
+    print!(
+        "{} {} -- {}
+
+USAGE:
+    {0} --help
+    {0} --proxy-addr=127.70.74.<DIGITS> [OPTIONS]
+
+OPTIONS:
+    --blocklist=<DOMAIN>
+    --whitelist=<DOMAIN>
+",
+        env!("CARGO_PKG_NAME"),
+        env!("CARGO_PKG_VERSION"),
+        env!("CARGO_PKG_DESCRIPTION"),
+    );
+
+    exit(0);
+}