AZEN-SGG/amnezia-client
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Verifying the server user to work with sudo (#1254)

Browse source 
* checking that the username is root

Changing the mechanism for checking that the username is root

* wheel group check (#1198)

Checking if the user is included in the wheel group

* Checking requirements in script (#1210)

* Checking requirements in script

Checking requirements for sudo users in script

* Adding error handling

Adding error handling in the server controller for:
Sudo package is not pre-installed for sudo users.
Server user or associated group is not listed in the sudoers file.
Server user password required

* adding error codes

* added extended error descriptions

* checking sudo permission for root

Сhecking sudo permission for root.
Сhecking and redefining the system language.

* Username if whoami returns an error

Сommand to use home directory name if whoami returns error or is missing.

* Correcting text error

Correction of the text of the extended description of the package manager error

* Updating translations

* Optimization check_user_in_sudo.sh

* exceptions for missing uname

* output only for groups sudo or wheel
This commit is contained in:
lunardunno 2024-12-01 13:51:03 +04:00 committed by GitHub
parent 85fa1ad8b1
commit 076b076cd9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 48 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

10
client/core/controllers/serverController.cpp
View file

@ -751,10 +751,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container)
{
if (credentials.userName == "root") {
return ErrorCode::NoError;
}
QString stdOut;
auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
stdOut += data + "\n";
@ -770,6 +766,12 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel"))
return ErrorCode::ServerUserNotInSudo;
if (stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found"))
return ErrorCode::SudoPackageIsNotPreinstalled;
if (stdOut.contains("sudoers"))
return ErrorCode::ServerUserNotAllowedInSudoers;
if (stdOut.contains("password is required"))
return ErrorCode::ServerUserPasswordRequired;
return error;
}

3
client/core/defs.h
View file

@ -56,6 +56,9 @@ namespace amnezia
ServerCancelInstallation = 204,
ServerUserNotInSudo = 205,
ServerPacketManagerError = 206,
SudoPackageIsNotPreinstalled = 207,
ServerUserNotAllowedInSudoers = 208,
ServerUserPasswordRequired = 209,
// Ssh connection errors
SshRequestDeniedError = 300,

7
client/core/errorstrings.cpp
View file

@ -19,8 +19,11 @@ QString errorString(ErrorCode code) {
case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;
case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break;
case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break;
case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break;
case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("The user is not allowed in sudoers"); break;
case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
// Libssh errors
case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;

6
client/server_scripts/check_user_in_sudo.sh
View file

@ -1,2 +1,4 @@
CUR_USER=$(whoami);\
groups $CUR_USER
CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\
echo $LANG | grep -qE "en_US.UTF-8|^C.UTF-8" || export LC_ALL=C;\
if [ "$CUR_USER" = "root" ]; then command -v sudo > /dev/null 2>&1 && sudo -nu $CUR_USER sudo -n uname > /dev/null;\
else groups $CUR_USER | grep -E "\<sudo\>|\<wheel\>" && sudo -nu $CUR_USER sudo -n uname > /dev/null; fi

2
client/server_scripts/prepare_host.sh
View file

@ -1,4 +1,4 @@
CUR_USER=$(whoami);\
CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\
sudo mkdir -p $DOCKERFILE_FOLDER;\
sudo chown $CUR_USER $DOCKERFILE_FOLDER;\
if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \

6
client/translations/amneziavpn_ar_EG.ts
View file

@ -3254,8 +3254,8 @@ Already installed containers were found on the server. All installed containers
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation>ليس لدي المستخدم الصلحيات لأستخدام sudo</translation>
<source>The user is not a member of the sudo group</source>
<translation>المستخدم ليس عضوًا في مجموعة sudo</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="26"/>
@ -3319,7 +3319,7 @@ Already installed containers were found on the server. All installed containers
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<source>Server error: Package manager error</source>
<translation>خطأ في الخادم: خطأ في مدير الحزم</translation>
</message>
<message>

8
client/translations/amneziavpn_fa_IR.ts
View file

@ -3388,8 +3388,8 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation>The user does not have permission to use sudo</translation>
<source>The user is not a member of the sudo group</source>
<translation>کاربر عضو گروه sudo نیست</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="26"/>
@ -3510,8 +3510,8 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<translation>Server error: Packet manager error</translation>
<source>Server error: Package manager error</source>
<translation>خطای سرور: خطای مدیر بسته</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="34"/>

8
client/translations/amneziavpn_hi_IN.ts
View file

@ -3354,13 +3354,13 @@ Already installed containers were found on the server. All installed containers
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation> sudo ि </translation>
<source>The user is not a member of the sudo group</source>
<translation> sudo </translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<translation> ि: ि</translation>
<source>Server error: Package manager error</source>
<translation> ि: ि</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="26"/>

8
client/translations/amneziavpn_my_MM.ts
View file

@ -3250,8 +3250,8 @@ Already installed containers were found on the server. All installed containers
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation> sudo ကက</translation>
<source>The user is not a member of the sudo group</source>
<translation> sudo </translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="26"/>
@ -3315,8 +3315,8 @@ Already installed containers were found on the server. All installed containers
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<translation> မှု: Packet Manager </translation>
<source>Server error: Package manager error</source>
<translation> - Package manager </translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="34"/>

6
client/translations/amneziavpn_ru_RU.ts
View file

@ -3524,12 +3524,12 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation>У пользователя нет прав на использование sudo</translation>
<source>The user is not a member of the sudo group</source>
<translation>Пользователь не входит в группу sudo</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<source>Server error: Package manager error</source>
<translation>Ошибка сервера: ошибка менеджера пакетов</translation>
</message>
<message>

8
client/translations/amneziavpn_uk_UA.ts
View file

@ -3620,13 +3620,13 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation>The user does not have permission to use sudo</translation>
<source>The user is not a member of the sudo group</source>
<translation>Користувач не входить до групи sudo</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<translation type="unfinished"></translation>
<source>Server error: Package manager error</source>
<translation>Помилка сервера: помилка менеджера пакетів</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="26"/>

6
client/translations/amneziavpn_ur_PK.ts
View file

@ -3353,8 +3353,8 @@ Already installed containers were found on the server. All installed containers
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation>صارف کو sudo استعمال کرنے کی اجازت نہیں ہے</translation>
<source>The user is not a member of the sudo group</source>
<translation>صارف sudo گروپ کا رکن نہیں ہے</translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="26"/>
@ -3418,7 +3418,7 @@ Already installed containers were found on the server. All installed containers
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<source>Server error: Package manager error</source>
<translation>سرور خطا: پیکیج منیجر خطا</translation>
</message>
<message>

8
client/translations/amneziavpn_zh_CN.ts
View file

@ -3603,13 +3603,13 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="22"/>
<source>The user does not have permission to use sudo</source>
<translation>root权限</translation>
<source>The user is not a member of the sudo group</source>
<translation> sudo </translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="23"/>
<source>Server error: Packet manager error</source>
<translation type="unfinished"></translation>
<source>Server error: Package manager error</source>
<translation></translation>
</message>
<message>
<location filename="../core/errorstrings.cpp" line="26"/>