From 936081ddb5231c255896563dac588201d4d17539 Mon Sep 17 00:00:00 2001
From: Nate Choe <natechoe9@gmail.com>
Date: Wed, 1 Jun 2022 09:24:56 +0000
Subject: [PATCH] Moved seteuid

---
 src/runner.c  | 22 ++++++++++++++++++++++
 src/setup.c   | 20 --------------------
 src/sockets.c | 22 +++++++++++++++++-----
 3 files changed, 39 insertions(+), 25 deletions(-)

diff --git a/src/runner.c b/src/runner.c
index 929d181..5f294a6 100644
--- a/src/runner.c
+++ b/src/runner.c
@@ -21,6 +21,7 @@
 #include <string.h>
 #include <assert.h>
 
+#include <pwd.h>
 #include <poll.h>
 #include <fcntl.h>
 #include <unistd.h>
@@ -54,6 +55,27 @@ void runServer(int connfd, Sitefile *site, Listener *listener,
 			createLog("Socket type is somehow invalid");
 			return;
 	}
+	if (context == NULL) {
+		createErrorLog("Failed to create context", errno);
+		exit(EXIT_FAILURE);
+	}
+
+	{
+		struct passwd *swebs, *root;
+		swebs = getpwnam("swebs");
+		if (swebs == NULL)
+			createLog("Couldn't find swebs user");
+		else
+			if (seteuid(swebs->pw_uid))
+				createErrorLog("seteuid() failed", errno);
+		root = getpwnam("root");
+		if (root != NULL) {
+		/* I don't know why this if statement could be false but we have it
+		 * just in case. */
+			if (geteuid() == root->pw_uid)
+				createLog("swebs probably should not be run as root");
+		}
+	}
 
 	for (;;) {
 		int i;
diff --git a/src/setup.c b/src/setup.c
index a7f76bd..04962b3 100644
--- a/src/setup.c
+++ b/src/setup.c
@@ -19,7 +19,6 @@
 #include <stdarg.h>
 #include <stdlib.h>
 
-#include <pwd.h>
 #include <errno.h>
 #include <unistd.h>
 
@@ -153,23 +152,4 @@ NULL
 		fprintf(stderr, "Couldn't open logs file %s\n", logout);
 		exit(EXIT_FAILURE);
 	}
-
-	{
-		struct passwd *swebs, *root;
-		swebs = getpwnam("swebs");
-		if (swebs == NULL)
-			createLog("Couldn't find swebs user");
-		else
-			if (seteuid(swebs->pw_uid))
-				createErrorLog("seteuid() failed", errno);
-		root = getpwnam("root");
-		if (root == NULL) {
-			createLog("Couldn't find root user, quitting");
-			exit(EXIT_FAILURE);
-		}
-		if (geteuid() == root->pw_uid) {
-			createLog("swebs should not be run as root");
-			exit(EXIT_FAILURE);
-		}
-	}
 }
diff --git a/src/sockets.c b/src/sockets.c
index 93f89e8..4e0b600 100644
--- a/src/sockets.c
+++ b/src/sockets.c
@@ -19,6 +19,7 @@
 #include <assert.h>
 #include <stdlib.h>
 
+#include <errno.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <sys/socket.h>
@@ -82,15 +83,21 @@ Context *createContext(SocketType type, ...) {
 			certfile = va_arg(ap, char *);
 
 			if (gnutls_certificate_allocate_credentials(&ret->creds)
-					< 0)
+					< 0) {
+				createLog("gnutls_certificate_allocate_credentials() failed");
 				goto error;
+			}
 			if (gnutls_certificate_set_x509_key_file(ret->creds,
 					certfile, keyfile,
-					GNUTLS_X509_FMT_PEM) < 0)
+					GNUTLS_X509_FMT_PEM) < 0) {
+				createLog("gnutls_certificate_set_x509_key_file() failed");
 				goto error;
+			}
 			if (gnutls_priority_init(&ret->priority, NULL, NULL)
-					< 0)
+					< 0) {
+				createLog("gnutls_priority_init() failed");
 				goto error;
+			}
 #if GNUTLS_VERSION_NUMBER >= 0x030506
 			gnutls_certificate_set_known_dh_params(ret->creds,
 					GNUTLS_SEC_PARAM_MEDIUM);
@@ -101,8 +108,13 @@ Context *createContext(SocketType type, ...) {
 	va_end(ap);
 	return ret;
 error:
-	free(ret);
-	return NULL;
+	{
+		int olderrno;
+		olderrno = errno;
+		free(ret);
+		errno = olderrno;
+		return NULL;
+	}
 }
 
 int acceptConnection(Listener *listener) {