Moved seteuid

2022-06-01 09:24:56 +00:00
parent f8a7584a13
commit 936081ddb5
3 changed files with 39 additions and 25 deletions
--- a/src/runner.c
+++ b/src/runner.c
@@ -21,6 +21,7 @@
 #include <string.h>
 #include <assert.h>

+#include <pwd.h>
 #include <poll.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ -54,6 +55,27 @@ void runServer(int connfd, Sitefile *site, Listener *listener,
 			createLog("Socket type is somehow invalid");
 			return;
 	}
+	if (context == NULL) {
+		createErrorLog("Failed to create context", errno);
+		exit(EXIT_FAILURE);
+	}
+
+	{
+		struct passwd *swebs, *root;
+		swebs = getpwnam("swebs");
+		if (swebs == NULL)
+			createLog("Couldn't find swebs user");
+		else
+			if (seteuid(swebs->pw_uid))
+				createErrorLog("seteuid() failed", errno);
+		root = getpwnam("root");
+		if (root != NULL) {
+		/* I don't know why this if statement could be false but we have it
+		 * just in case. */
+			if (geteuid() == root->pw_uid)
+				createLog("swebs probably should not be run as root");
+		}
+	}

 	for (;;) {
 		int i;
--- a/src/setup.c
+++ b/src/setup.c
@@ -19,7 +19,6 @@
 #include <stdarg.h>
 #include <stdlib.h>

-#include <pwd.h>
 #include <errno.h>
 #include <unistd.h>

@@ -153,23 +152,4 @@ NULL
 		fprintf(stderr, "Couldn't open logs file %s\n", logout);
 		exit(EXIT_FAILURE);
 	}
-
-	{
-		struct passwd *swebs, *root;
-		swebs = getpwnam("swebs");
-		if (swebs == NULL)
-			createLog("Couldn't find swebs user");
-		else
-			if (seteuid(swebs->pw_uid))
-				createErrorLog("seteuid() failed", errno);
-		root = getpwnam("root");
-		if (root == NULL) {
-			createLog("Couldn't find root user, quitting");
-			exit(EXIT_FAILURE);
-		}
-		if (geteuid() == root->pw_uid) {
-			createLog("swebs should not be run as root");
-			exit(EXIT_FAILURE);
-		}
-	}
 }
--- a/src/sockets.c
+++ b/src/sockets.c
@@ -19,6 +19,7 @@
 #include <assert.h>
 #include <stdlib.h>

+#include <errno.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/socket.h>
@@ -82,15 +83,21 @@ Context *createContext(SocketType type, ...) {
 			certfile = va_arg(ap, char *);

 			if (gnutls_certificate_allocate_credentials(&ret->creds)
-					< 0)
+					< 0) {
+				createLog("gnutls_certificate_allocate_credentials() failed");
 				goto error;
+			}
 			if (gnutls_certificate_set_x509_key_file(ret->creds,
 					certfile, keyfile,
-					GNUTLS_X509_FMT_PEM) < 0)
+					GNUTLS_X509_FMT_PEM) < 0) {
+				createLog("gnutls_certificate_set_x509_key_file() failed");
 				goto error;
+			}
 			if (gnutls_priority_init(&ret->priority, NULL, NULL)
-					< 0)
+					< 0) {
+				createLog("gnutls_priority_init() failed");
 				goto error;
+			}
 #if GNUTLS_VERSION_NUMBER >= 0x030506
 			gnutls_certificate_set_known_dh_params(ret->creds,
 					GNUTLS_SEC_PARAM_MEDIUM);
@@ -101,8 +108,13 @@ Context *createContext(SocketType type, ...) {
 	va_end(ap);
 	return ret;
 error:
-	free(ret);
-	return NULL;
+	{
+		int olderrno;
+		olderrno = errno;
+		free(ret);
+		errno = olderrno;
+		return NULL;
+	}
 }

 int acceptConnection(Listener *listener) {