From 0ff6671cec0bc8db106f094400425ada5d4faf7a Mon Sep 17 00:00:00 2001
From: Roland Reichwein <mail@reichwein.it>
Date: Mon, 6 Apr 2020 19:19:23 +0200
Subject: Don't use privileged ports as user

---
 config.cpp     | 5 ++++-
 https.cpp      | 2 +-
 webserver.conf | 5 +++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/config.cpp b/config.cpp
index 072b1bd..6dbd8ee 100644
--- a/config.cpp
+++ b/config.cpp
@@ -87,7 +87,10 @@ void Config::readConfigfile(std::string filename)
       } else
        throw std::runtime_error("Unknown element: "s + x.first);
      }
-     m_sockets.push_back(socket_struct);
+     if (geteuid() != 0 && stoi(socket_struct.port) < 1024)
+      std::cout << "Warning: Skipping privileged port " << socket_struct.port << std::endl;
+     else
+      m_sockets.push_back(socket_struct);
     }
    }
   }
diff --git a/https.cpp b/https.cpp
index 9be69a8..161efad 100644
--- a/https.cpp
+++ b/https.cpp
@@ -604,7 +604,7 @@ Server::Server(Config& config, boost::asio::io_context& ioc, const Socket& socke
    if (site.name == serve_site) {
     std::shared_ptr<ssl::context> ctx {std::make_shared<ssl::context>(tls_method)};
 
-    std::cout << "Creating SSL context/cert for site " << serve_site << std::endl;
+    std::cout << "Creating SSL context/cert for site " << serve_site << " on port " << socket.port << std::endl;
 
     load_server_certificate(*ctx, site.cert_path, site.key_path);
     SSL_CTX_set_tlsext_servername_callback(ctx->native_handle(), servername_callback);
diff --git a/webserver.conf b/webserver.conf
index 38af8ab..7749739 100644
--- a/webserver.conf
+++ b/webserver.conf
@@ -56,6 +56,11 @@
    <port>8081</port>
    <protocol>https</protocol>
   </socket>
+  <socket>
+   <address>127.0.0.1</address>
+   <port>443</port>
+   <protocol>https</protocol>
+  </socket>
  </sockets>
 </webserver>
 
-- 
cgit v1.2.3