From 3713d357c8257d74d870627e06aece1e0ed580e0 Mon Sep 17 00:00:00 2001
From: Hamish Coleman <hamish@zot.org>
Date: Fri, 5 Nov 2021 12:57:30 +0000
Subject: [PATCH] Document the tricky code - TODO, make it less tricky

---
 src/supernode.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/supernode.c b/src/supernode.c
index 167d0b3..8e78a77 100644
--- a/src/supernode.c
+++ b/src/supernode.c
@@ -639,10 +639,24 @@ int main (int argc, char * const argv[]) {
         scan->socket_fd = sss_node.sock;
 
 #ifndef WIN32
+    /*
+     * If no uid/gid is specified on the commandline, use the uid/gid of the
+     * first found out of user "n2n" or "nobody"
+     */
     if(((pw = getpwnam ("n2n")) != NULL) || ((pw = getpwnam ("nobody")) != NULL)) {
+        /*
+         * If the uid/gid is not set from the CLI, set it from getpwnam
+         * otherwise reset it to zero
+         * (TODO: this looks wrong)
+         */
         sss_node.userid = sss_node.userid == 0 ? pw->pw_uid : 0;
         sss_node.groupid = sss_node.groupid == 0 ? pw->pw_gid : 0;
     }
+
+    /*
+     * If we have a non-zero requested uid/gid, attempt to switch to use
+     * those
+     */
     if((sss_node.userid != 0) || (sss_node.groupid != 0)) {
         traceEvent(TRACE_NORMAL, "dropping privileges to uid=%d, gid=%d",
 	                 (signed int)sss_node.userid, (signed int)sss_node.groupid);