Verifying the server user to work with sudo (#1254)

* checking that the username is root Changing the mechanism for checking that the username is root * wheel group check (#1198) Checking if the user is included in the wheel group * Checking requirements in script (#1210) * Checking requirements in script Checking requirements for sudo users in script * Adding error handling Adding error handling in the server controller for: Sudo package is not pre-installed for sudo users. Server user or associated group is not listed in the sudoers file. Server user password required * adding error codes * added extended error descriptions * checking sudo permission for root Сhecking sudo permission for root. Сhecking and redefining the system language. * Username if whoami returns an error Сommand to use home directory name if whoami returns error or is missing. * Correcting text error Correction of the text of the extended description of the package manager error * Updating translations * Optimization check_user_in_sudo.sh * exceptions for missing uname * output only for groups sudo or wheel
2024-12-01 13:51:03 +04:00 · 2024-12-01 13:51:03 +04:00 · 076b076cd9
commit 076b076cd9
parent 85fa1ad8b1
13 changed files with 48 additions and 38 deletions
--- a/client/core/controllers/serverController.cpp
+++ b/client/core/controllers/serverController.cpp
@ -751,10 +751,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
 ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container)
 {
    if (credentials.userName == "root") {
        return ErrorCode::NoError;
    }
    QString stdOut;
    auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
        stdOut += data + "\n";
@ -770,6 +766,12 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
    if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel"))
        return ErrorCode::ServerUserNotInSudo;
    if (stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found"))
        return ErrorCode::SudoPackageIsNotPreinstalled;
    if (stdOut.contains("sudoers"))
        return ErrorCode::ServerUserNotAllowedInSudoers;
    if (stdOut.contains("password is required"))
        return ErrorCode::ServerUserPasswordRequired;
    return error;
 }
--- a/client/core/defs.h
+++ b/client/core/defs.h
@ -56,6 +56,9 @@ namespace amnezia
        ServerCancelInstallation = 204,
        ServerUserNotInSudo = 205,
        ServerPacketManagerError = 206,
        SudoPackageIsNotPreinstalled = 207,
        ServerUserNotAllowedInSudoers = 208,
        ServerUserPasswordRequired = 209,
        // Ssh connection errors
        SshRequestDeniedError = 300,
--- a/client/core/errorstrings.cpp
+++ b/client/core/errorstrings.cpp
@ -19,8 +19,11 @@ QString errorString(ErrorCode code) {
    case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
    case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
    case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
-    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
+    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break;
-    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;
+    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break;
    case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break;
    case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("The user is not allowed in sudoers"); break;
    case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
    // Libssh errors
    case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;
--- a/client/server_scripts/check_user_in_sudo.sh
+++ b/client/server_scripts/check_user_in_sudo.sh
@ -1,2 +1,4 @@
-CUR_USER=$(whoami);\
+CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\
-groups $CUR_USER
+echo $LANG | grep -qE "en_US.UTF-8|^C.UTF-8" || export LC_ALL=C;\
 if [ "$CUR_USER" = "root" ]; then command -v sudo > /dev/null 2>&1 && sudo -nu $CUR_USER sudo -n uname > /dev/null;\
 else groups $CUR_USER | grep -E "\<sudo\>|\<wheel\>" && sudo -nu $CUR_USER sudo -n uname > /dev/null; fi
--- a/client/server_scripts/prepare_host.sh
+++ b/client/server_scripts/prepare_host.sh
@ -1,4 +1,4 @@
-CUR_USER=$(whoami);\
+CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\
 sudo mkdir -p $DOCKERFILE_FOLDER;\
 sudo chown $CUR_USER $DOCKERFILE_FOLDER;\
 if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \
--- a/client/translations/amneziavpn_ar_EG.ts
+++ b/client/translations/amneziavpn_ar_EG.ts
@ -3254,8 +3254,8 @@ Already installed containers were found on the server. All installed containers
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>ليس لدي المستخدم الصلحيات لأستخدام sudo</translation>
+        <translation>المستخدم ليس عضوًا في مجموعة sudo</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="26"/>
@ -3319,7 +3319,7 @@ Already installed containers were found on the server. All installed containers
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
        <translation>خطأ في الخادم: خطأ في مدير الحزم</translation>
    </message>
    <message>
--- a/client/translations/amneziavpn_fa_IR.ts
+++ b/client/translations/amneziavpn_fa_IR.ts
@ -3388,8 +3388,8 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>The user does not have permission to use sudo</translation>
+        <translation>کاربر عضو گروه sudo نیست</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="26"/>
@ -3510,8 +3510,8 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
-        <translation>Server error: Packet manager error</translation>
+        <translation>خطای سرور: خطای مدیر بسته</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="34"/>
--- a/client/translations/amneziavpn_hi_IN.ts
+++ b/client/translations/amneziavpn_hi_IN.ts
@ -3354,13 +3354,13 @@ Already installed containers were found on the server. All installed containers
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>उपयोगकर्ता के पास sudo का उपयोग करने की अनुमति नहीं है</translation>
+        <translation>उपयोगकर्ता sudo समूह का सदस्य नहीं है</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
-        <translation>सर्वर त्रुटि: पैकेट प्रबंधक त्रुटि</translation>
+        <translation>सर्वर त्रुटि: पैकेज प्रबंधक त्रुटि</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="26"/>
--- a/client/translations/amneziavpn_my_MM.ts
+++ b/client/translations/amneziavpn_my_MM.ts
@ -3250,8 +3250,8 @@ Already installed containers were found on the server. All installed containers
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>ဤအသုံးပြုသူသည် sudo ကိုအသုံးပြုရန်ခွင့်ပြုချက်မရှိပါ</translation>
+        <translation>ဤအသုံးပြုသူသည် sudo အဖွဲ့၏ အဖွဲ့ဝင်မဟုတ်ပါ</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="26"/>
@ -3315,8 +3315,8 @@ Already installed containers were found on the server. All installed containers
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
-        <translation>ဆာဗာ မှားယွင်းမှု: Packet Manager မှားယွင်းမှု</translation>
+        <translation>ဆာဗာ အမှား- Package manager အမှား</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="34"/>
--- a/client/translations/amneziavpn_ru_RU.ts
+++ b/client/translations/amneziavpn_ru_RU.ts
@ -3524,12 +3524,12 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>У пользователя нет прав на использование sudo</translation>
+        <translation>Пользователь не входит в группу sudo</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
        <translation>Ошибка сервера: ошибка менеджера пакетов</translation>
    </message>
    <message>
--- a/client/translations/amneziavpn_uk_UA.ts
+++ b/client/translations/amneziavpn_uk_UA.ts
@ -3620,13 +3620,13 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>The user does not have permission to use sudo</translation>
+        <translation>Користувач не входить до групи sudo</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
-        <translation type="unfinished"></translation>
+        <translation>Помилка сервера: помилка менеджера пакетів</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="26"/>
--- a/client/translations/amneziavpn_ur_PK.ts
+++ b/client/translations/amneziavpn_ur_PK.ts
@ -3353,8 +3353,8 @@ Already installed containers were found on the server. All installed containers
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>صارف کو sudo استعمال کرنے کی اجازت نہیں ہے</translation>
+        <translation>صارف sudo گروپ کا رکن نہیں ہے</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="26"/>
@ -3418,7 +3418,7 @@ Already installed containers were found on the server. All installed containers
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
        <translation>سرور خطا: پیکیج منیجر خطا</translation>
    </message>
    <message>
--- a/client/translations/amneziavpn_zh_CN.ts
+++ b/client/translations/amneziavpn_zh_CN.ts
@ -3603,13 +3603,13 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
+        <source>The user is not a member of the sudo group</source>
-        <translation>用户没有root权限</translation>
+        <translation>用户不是 sudo 组的成员</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
-        <translation type="unfinished"></translation>
+        <translation>服务器错误：包管理器错误</translation>
    </message>
    <message>
        <location filename="../core/errorstrings.cpp" line="26"/>