From 9dea98f020827119b5ff3e6b13735688f4111b68 Mon Sep 17 00:00:00 2001 From: paldeflex Date: Mon, 10 Mar 2025 21:22:09 +0500 Subject: [PATCH 1/7] chore: README typo fixes (#1467) --- README_RU.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/README_RU.md b/README_RU.md index f9ca7d12..44681875 100644 --- a/README_RU.md +++ b/README_RU.md @@ -6,11 +6,11 @@ [![Gitpod ready-to-code](https://img.shields.io/badge/Gitpod-ready--to--code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/amnezia-vpn/amnezia-client) ### [English](https://github.com/amnezia-vpn/amnezia-client/blob/dev/README.md) | Русский -[AmneziaVPN](https://amnezia.org) — это open sourse VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере. +[AmneziaVPN](https://amnezia.org) — это open source VPN-клиент, ключевая особенность которого заключается в возможности развернуть собственный VPN на вашем сервере. [![Image](https://github.com/amnezia-vpn/amnezia-client/blob/dev/metadata/img-readme/uipic4.png)](https://amnezia.org) -### [Сайт](https://amnezia.org) | [Зеркало на сайт](https://storage.googleapis.com/amnezia/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting) +### [Сайт](https://amnezia.org) | [Зеркало сайта](https://storage.googleapis.com/amnezia/amnezia.org) | [Документация](https://docs.amnezia.org) | [Решение проблем](https://docs.amnezia.org/troubleshooting) > [!TIP] > Если [сайт Amnezia](https://amnezia.org) заблокирован в вашем регионе, вы можете воспользоваться [ссылкой на зеркало](https://storage.googleapis.com/amnezia/amnezia.org). @@ -30,7 +30,7 @@ - Классические VPN-протоколы: OpenVPN, WireGuard и IKEv2. - Протоколы с маскировкой трафика (обфускацией): OpenVPN с плагином [Cloak](https://github.com/cbeuw/Cloak), Shadowsocks (OpenVPN over Shadowsocks), [AmneziaWG](https://docs.amnezia.org/documentation/amnezia-wg/) and XRay. - Поддержка Split Tunneling — добавляйте любые сайты или приложения в список, чтобы включить VPN только для них. -- Поддерживает платформы: Windows, MacOS, Linux, Android, iOS. +- Поддерживает платформы: Windows, macOS, Linux, Android, iOS. - Поддержка конфигурации протокола AmneziaWG на [бета-прошивке Keenetic](https://docs.keenetic.com/ua/air/kn-1611/en/6319-latest-development-release.html#UUID-186c4108-5afd-c10b-f38a-cdff6c17fab3_section-idm33192196168192-improved). ## Ссылки @@ -38,10 +38,10 @@ - [https://amnezia.org](https://amnezia.org) - Веб-сайт проекта | [Альтернативная ссылка (зеркало)](https://storage.googleapis.com/kldscp/amnezia.org) - [https://docs.amnezia.org](https://docs.amnezia.org) - Документация - [https://www.reddit.com/r/AmneziaVPN](https://www.reddit.com/r/AmneziaVPN) - Reddit -- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддржки в Telegram (Английский) -- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддржки в Telegram (Фарси) -- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддржки в Telegram (Мьянма) -- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддржки в Telegram (Русский) +- [https://t.me/amnezia_vpn_en](https://t.me/amnezia_vpn_en) - Канал поддержки в Telegram (Английский) +- [https://t.me/amnezia_vpn_ir](https://t.me/amnezia_vpn_ir) - Канал поддержки в Telegram (Фарси) +- [https://t.me/amnezia_vpn_mm](https://t.me/amnezia_vpn_mm) - Канал поддержки в Telegram (Мьянма) +- [https://t.me/amnezia_vpn](https://t.me/amnezia_vpn) - Канал поддержки в Telegram (Русский) - [https://vpnpay.io/en/amnezia-premium/](https://vpnpay.io/en/amnezia-premium/) - Amnezia Premium | [Зеркало](https://storage.googleapis.com/kldscp/vpnpay.io/ru/amnezia-premium\) ## Технологии @@ -80,8 +80,8 @@ git submodule update --init --recursive Проверьте папку deploy для скриптов сборки. ### Как собрать iOS-приложение из исходного кода на MacOS -1. Убедитесь, что у вас установлен XCode версии 14 или выше. -2. Для генерации проекта XCode используется QT. Требуется версия QT 6.6.2. Установите QT для MacOS здесь или через QT Online Installer. Необходимые модули: +1. Убедитесь, что у вас установлен Xcode версии 14 или выше. +2. Для генерации проекта Xcode используется QT. Требуется версия QT 6.6.2. Установите QT для MacOS здесь или через QT Online Installer. Необходимые модули: - MacOS - iOS - Модуль совместимости с Qt 5 @@ -117,7 +117,7 @@ $QT_IOS_BIN/qt-cmake . -B build-ios -GXcode -DQT_HOST_PATH=$QT_MACOS_ROOT_DIR export PATH=$(PATH):/path/to/GOPATH/bin ``` -6. Откройте проект в XCode. Теперь вы можете тестировать, архивировать или публиковать приложение. +6. Откройте проект в Xcode. Теперь вы можете тестировать, архивировать или публиковать приложение. Если сборка завершится с ошибкой: ``` From b3ff120bcf6764e8b0423d699f63ea57ca9e275a Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Fri, 14 Mar 2025 17:39:58 +0400 Subject: [PATCH 2/7] Checking server user permissions to use sudo (#1442) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Username if whoami returns an error Сommand to use home directory name if whoami returns error or is missing for prepare_host.sh. * Update check_user_in_sudo.sh Сommand to use home directory name if whoami returns error or is missing for check_user_in_sudo.sh. Checking server user permissions to use sudo using a package manager or using uname. Сhecking and redefining the system language. Checking requirements for sudo users or root in script. * Cases have been changed and added. Changed description of the “Server User Not In Sudo” case. Corrected the name and description of the "ServerPacketManagerError" case. Packet to Package. Adding a "SudoPackageIsNotPreinstalled" case. Adding a "ServerUserNotAllowedInSudoers" case. Adding a "ServerUserPasswordRequired" case. * Serves errors have been changed and added. Corrected the name of the "ServerPacketManagerError" error to "ServerPackageManagerError". Adding a "SudoPackageIsNotPreinstalled" error. Adding a "ServerUserNotAllowedInSudoers" error. Adding a "ServerUserPasswordRequired" error. * Return ServerPacketManagerError Return to the name "ServerPacketManagerError". * Added errors handling Added new errors' handling to serverController.cpp. Permission checks are also performed for the root user. * Update translations Updating translations for two existing server errors. * Myanmar translation update * Update for my_MM.ts * checking for not allowed Checking for "not allowed" in stdOut * Removed "not allowed" Removed check for "not allowed" in stdOut * Removed nested launch Removed nested launch via sudo * Returned nested launch Returned nested launch via sudo * All checks with sudo Both checks with sudo always run. * Moved removing timestamp sudo Removing the sudo timestamp is done every time. * Checking the user directory Checking the accessibility of the user's home directory * Polishing Изменение порядка обработки ошибок. * changing detection order change the order of detection of inconsistencies: 1. sudo not preinstalled. (if user != root) 2. user not in sudo or wheel group. (if user != root) 3. user's directory is not accessible. (for all) 4. user not allowed in sudoers. (for all) 5. user password required. (for all) * Packet to Package * chore: bump version (#1463) * fix for sh (#1462) Fix for servers where sh is used as default shell. * Username if whoami returns an error Сommand to use home directory name if whoami returns error or is missing for prepare_host.sh. * Update check_user_in_sudo.sh Сommand to use home directory name if whoami returns error or is missing for check_user_in_sudo.sh. Checking server user permissions to use sudo using a package manager or using uname. Сhecking and redefining the system language. Checking requirements for sudo users or root in script. * Cases have been changed and added. Changed description of the “Server User Not In Sudo” case. Corrected the name and description of the "ServerPacketManagerError" case. Packet to Package. Adding a "SudoPackageIsNotPreinstalled" case. Adding a "ServerUserNotAllowedInSudoers" case. Adding a "ServerUserPasswordRequired" case. * Serves errors have been changed and added. Corrected the name of the "ServerPacketManagerError" error to "ServerPackageManagerError". Adding a "SudoPackageIsNotPreinstalled" error. Adding a "ServerUserNotAllowedInSudoers" error. Adding a "ServerUserPasswordRequired" error. * Return ServerPacketManagerError Return to the name "ServerPacketManagerError". * Update translations Updating translations for two existing server errors. * Added errors handling Added new errors' handling to serverController.cpp. Permission checks are also performed for the root user. * Myanmar translation update * Update for my_MM.ts * checking for not allowed Checking for "not allowed" in stdOut * Removed "not allowed" Removed check for "not allowed" in stdOut * Removed nested launch Removed nested launch via sudo * Returned nested launch Returned nested launch via sudo * All checks with sudo Both checks with sudo always run. * Moved removing timestamp sudo Removing the sudo timestamp is done every time. * Checking the user directory Checking the accessibility of the user's home directory * Polishing Изменение порядка обработки ошибок. * changing detection order change the order of detection of inconsistencies: 1. sudo not preinstalled. (if user != root) 2. user not in sudo or wheel group. (if user != root) 3. user's directory is not accessible. (for all) 4. user not allowed in sudoers. (for all) 5. user password required. (for all) * Undoing unintended changes Undoing unintended changes. * Undoing unintended change Undoing unintended change. * not allowed to use sudo The user is not allowed to use sudo on this server. * Capital letters in the error Capital letters in the error description. --------- Co-authored-by: albexk --- CMakeLists.txt | 4 ++-- client/core/controllers/serverController.cpp | 16 ++++++++++------ client/core/defs.h | 4 ++++ client/core/errorstrings.cpp | 8 ++++++-- client/server_scripts/check_user_in_sudo.sh | 15 +++++++++++++-- client/server_scripts/prepare_host.sh | 2 +- client/translations/amneziavpn_ar_EG.ts | 6 +++--- client/translations/amneziavpn_fa_IR.ts | 8 ++++---- client/translations/amneziavpn_hi_IN.ts | 8 ++++---- client/translations/amneziavpn_my_MM.ts | 8 ++++---- client/translations/amneziavpn_ru_RU.ts | 8 ++++---- client/translations/amneziavpn_uk_UA.ts | 8 ++++---- client/translations/amneziavpn_ur_PK.ts | 6 +++--- client/translations/amneziavpn_zh_CN.ts | 8 ++++---- 14 files changed, 66 insertions(+), 43 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0ccae139..4692f28f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN) -project(${PROJECT} VERSION 4.8.4.4 +project(${PROJECT} VERSION 4.8.4.3 DESCRIPTION "AmneziaVPN" HOMEPAGE_URL "https://amnezia.org/" ) @@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d") set(RELEASE_DATE "${CURRENT_DATE}") set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH}) -set(APP_ANDROID_VERSION_CODE 2081) +set(APP_ANDROID_VERSION_CODE 2080) if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux") set(MZ_PLATFORM_NAME "linux") diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index ee639ae9..05283195 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -709,7 +709,7 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential QString transportProto = containerConfig.value(config_key::transport_proto).toString(defaultTransportProto); // TODO reimplement with netstat - QString script = QString("which lsof > /dev/null 2>&1 || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port); + QString script = QString("which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port); for (auto &port : fixedPorts) { script = script.append("|:%1").arg(port); } @@ -757,10 +757,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container) { - if (credentials.userName == "root") { - return ErrorCode::NoError; - } - QString stdOut; auto cbReadStdOut = [&](const QString &data, libssh::Client &) { stdOut += data + "\n"; @@ -774,8 +770,16 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D const QString scriptData = amnezia::scriptData(SharedScriptType::check_user_in_sudo); ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr); - if (!stdOut.contains("sudo")) + if (credentials.userName != "root" && stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found")) + return ErrorCode::SudoPackageIsNotPreinstalled; + if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel")) return ErrorCode::ServerUserNotInSudo; + if (stdOut.contains("can't cd to") || stdOut.contains("Permission denied") || stdOut.contains("No such file or directory")) + return ErrorCode::ServerUserDirectoryNotAccessible; + if (stdOut.contains("sudoers") || stdOut.contains("is not allowed to run sudo on")) + return ErrorCode::ServerUserNotAllowedInSudoers; + if (stdOut.contains("password is required")) + return ErrorCode::ServerUserPasswordRequired; return error; } diff --git a/client/core/defs.h b/client/core/defs.h index 6c85c65d..e073d030 100644 --- a/client/core/defs.h +++ b/client/core/defs.h @@ -54,6 +54,10 @@ namespace amnezia ServerCancelInstallation = 204, ServerUserNotInSudo = 205, ServerPacketManagerError = 206, + SudoPackageIsNotPreinstalled = 207, + ServerUserDirectoryNotAccessible = 208, + ServerUserNotAllowedInSudoers = 209, + ServerUserPasswordRequired = 210, // Ssh connection errors SshRequestDeniedError = 300, diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index 2b9182cf..a3d54601 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -20,8 +20,12 @@ QString errorString(ErrorCode code) { case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break; case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break; case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break; - case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break; - case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break; + case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break; + case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break; + case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break; + case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break; + case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break; + case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break; // Libssh errors case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break; diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index e7ee953c..974131dd 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -1,2 +1,13 @@ -CUR_USER=$(whoami);\ -groups $CUR_USER \ No newline at end of file +if which apt-get > /dev/null 2>&1; then pm=$(which apt-get); opt="--version";\ +elif which dnf > /dev/null 2>&1; then pm=$(which dnf); opt="--version";\ +elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\ +elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\ +else pm="uname"; opt="-a";\ +fi;\ +CUR_USER=$(whoami 2>/dev/null || echo ~ | sed 's/.*\///');\ +echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\ +sudo -K;\ +cd ~;\ +if [ "$CUR_USER" = "root" ] || ( groups "$CUR_USER" | grep -E '\<(sudo|wheel)\>' ); then \ + sudo -nu $CUR_USER $pm $opt > /dev/null; sudo -n $pm $opt > /dev/null;\ +fi diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh index c6defdb0..22a50e31 100644 --- a/client/server_scripts/prepare_host.sh +++ b/client/server_scripts/prepare_host.sh @@ -1,4 +1,4 @@ -CUR_USER=$(whoami);\ +CUR_USER=$(whoami 2>/dev/null || echo ~ | sed 's/.*\///');\ sudo mkdir -p $DOCKERFILE_FOLDER;\ sudo chown $CUR_USER $DOCKERFILE_FOLDER;\ if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \ diff --git a/client/translations/amneziavpn_ar_EG.ts b/client/translations/amneziavpn_ar_EG.ts index 1d88eea0..773f5d05 100644 --- a/client/translations/amneziavpn_ar_EG.ts +++ b/client/translations/amneziavpn_ar_EG.ts @@ -3334,8 +3334,8 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - ليس لدي المستخدم الصلحيات لأستخدام sudo + The user is not a member of the sudo group + المستخدم ليس عضوًا في مجموعة sudo @@ -3399,7 +3399,7 @@ Already installed containers were found on the server. All installed containers - Server error: Packet manager error + Server error: Package manager error خطأ في الخادم: خطأ في مدير الحزم diff --git a/client/translations/amneziavpn_fa_IR.ts b/client/translations/amneziavpn_fa_IR.ts index c48606be..c1bfce7e 100644 --- a/client/translations/amneziavpn_fa_IR.ts +++ b/client/translations/amneziavpn_fa_IR.ts @@ -3468,8 +3468,8 @@ It's okay as long as it's from someone you trust. - The user does not have permission to use sudo - The user does not have permission to use sudo + The user is not a member of the sudo group + کاربر عضو گروه sudo نیست @@ -3590,8 +3590,8 @@ It's okay as long as it's from someone you trust. - Server error: Packet manager error - Server error: Packet manager error + Server error: Package manager error + خطای سرور: خطای مدیر بسته diff --git a/client/translations/amneziavpn_hi_IN.ts b/client/translations/amneziavpn_hi_IN.ts index db095d5c..a3fe2011 100644 --- a/client/translations/amneziavpn_hi_IN.ts +++ b/client/translations/amneziavpn_hi_IN.ts @@ -3434,13 +3434,13 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - उपयोगकर्ता के पास sudo का उपयोग करने की अनुमति नहीं है + The user is not a member of the sudo group + उपयोगकर्ता sudo समूह का सदस्य नहीं है - Server error: Packet manager error - सर्वर त्रुटि: पैकेट प्रबंधक त्रुटि + Server error: Package manager error + सर्वर त्रुटि: पैकेज प्रबंधक त्रुटि diff --git a/client/translations/amneziavpn_my_MM.ts b/client/translations/amneziavpn_my_MM.ts index 55243d1b..09819cfe 100644 --- a/client/translations/amneziavpn_my_MM.ts +++ b/client/translations/amneziavpn_my_MM.ts @@ -3330,8 +3330,8 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - ဤအသုံးပြုသူသည် sudo ကိုအသုံးပြုရန်ခွင့်ပြုချက်မရှိပါ + The user is not a member of the sudo group + ဤအသုံးပြုသူသည် sudo အုပ်စု၏အဖွဲ့ဝင်မဟုတ်ပါ @@ -3395,8 +3395,8 @@ Already installed containers were found on the server. All installed containers - Server error: Packet manager error - ဆာဗာ မှားယွင်းမှု: Packet Manager မှားယွင်းမှု + Server error: Package manager error + ဆာဗာ အမှား- Package manager အမှား diff --git a/client/translations/amneziavpn_ru_RU.ts b/client/translations/amneziavpn_ru_RU.ts index ddf6a212..c4ae0ffd 100644 --- a/client/translations/amneziavpn_ru_RU.ts +++ b/client/translations/amneziavpn_ru_RU.ts @@ -4038,13 +4038,13 @@ and will not be shared or disclosed to the Amnezia or any third parties - The user does not have permission to use sudo - У пользователя нет прав на использование sudo + The user is not a member of the sudo group + Пользователь не входит в группу sudo - Server error: Packet manager error - Ошибка сервера: ошибка менеджера пакетов + Server error: Package manager error + Ошибка сервера: Ошибка менеджера пакетов diff --git a/client/translations/amneziavpn_uk_UA.ts b/client/translations/amneziavpn_uk_UA.ts index 3709e30a..2875850c 100644 --- a/client/translations/amneziavpn_uk_UA.ts +++ b/client/translations/amneziavpn_uk_UA.ts @@ -3700,13 +3700,13 @@ and will not be shared or disclosed to the Amnezia or any third parties - The user does not have permission to use sudo - The user does not have permission to use sudo + The user is not a member of the sudo group + Користувач не входить до групи sudo - Server error: Packet manager error - + Server error: Package manager error + Помилка сервера: Помилка менеджера пакетів diff --git a/client/translations/amneziavpn_ur_PK.ts b/client/translations/amneziavpn_ur_PK.ts index 95419cba..e45ae5da 100644 --- a/client/translations/amneziavpn_ur_PK.ts +++ b/client/translations/amneziavpn_ur_PK.ts @@ -3433,8 +3433,8 @@ Already installed containers were found on the server. All installed containers - The user does not have permission to use sudo - صارف کو sudo استعمال کرنے کی اجازت نہیں ہے + The user is not a member of the sudo group + صارف sudo گروپ کا رکن نہیں ہے @@ -3498,7 +3498,7 @@ Already installed containers were found on the server. All installed containers - Server error: Packet manager error + Server error: Package manager error سرور خطا: پیکیج منیجر خطا diff --git a/client/translations/amneziavpn_zh_CN.ts b/client/translations/amneziavpn_zh_CN.ts index cd39c2a6..fa6a87d1 100644 --- a/client/translations/amneziavpn_zh_CN.ts +++ b/client/translations/amneziavpn_zh_CN.ts @@ -3675,13 +3675,13 @@ and will not be shared or disclosed to the Amnezia or any third parties - The user does not have permission to use sudo - 用户没有root权限 + The user is not a member of the sudo group + 用户不是 sudo 组的成员 - Server error: Packet manager error - + Server error: Package manager error + 服务器错误:包管理器错误 From 9fbea76b74552861894ec12b22e947bda47eaecb Mon Sep 17 00:00:00 2001 From: Yaroslav Date: Fri, 14 Mar 2025 14:40:27 +0100 Subject: [PATCH 3/7] There's a common issue of building iOS apps on Qt 6.8 because of new introduced ffmpeg dependency in multimedia Qt package (#1414) ref: https://community.esri.com/t5/qt-maps-sdk-questions/build-failure-on-ios-with-qt-6-8/m-p/1548701#M5339 --- client/CMakeLists.txt | 8 -------- 1 file changed, 8 deletions(-) diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt index 72adaf25..b3f775a0 100644 --- a/client/CMakeLists.txt +++ b/client/CMakeLists.txt @@ -31,10 +31,6 @@ add_definitions(-DDEV_AGW_PUBLIC_KEY="$ENV{DEV_AGW_PUBLIC_KEY}") add_definitions(-DDEV_AGW_ENDPOINT="$ENV{DEV_AGW_ENDPOINT}") add_definitions(-DDEV_S3_ENDPOINT="$ENV{DEV_S3_ENDPOINT}") -if(IOS) - set(PACKAGES ${PACKAGES} Multimedia) -endif() - if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID)) set(PACKAGES ${PACKAGES} Widgets) endif() @@ -48,10 +44,6 @@ set(LIBS ${LIBS} Qt6::Core5Compat Qt6::Concurrent ) -if(IOS) - set(LIBS ${LIBS} Qt6::Multimedia) -endif() - if(WIN32 OR (APPLE AND NOT IOS) OR (LINUX AND NOT ANDROID)) set(LIBS ${LIBS} Qt6::Widgets) endif() From fcb75e837d655f27d9aaa604cb0b7bc130c31d97 Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Wed, 19 Mar 2025 18:51:49 +0400 Subject: [PATCH 4/7] chore: correcting version (#1480) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Сorrecting version Correction: return to the correct version * Correction for SH --- CMakeLists.txt | 4 ++-- client/core/controllers/serverController.cpp | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4692f28f..0ccae139 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN) -project(${PROJECT} VERSION 4.8.4.3 +project(${PROJECT} VERSION 4.8.4.4 DESCRIPTION "AmneziaVPN" HOMEPAGE_URL "https://amnezia.org/" ) @@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d") set(RELEASE_DATE "${CURRENT_DATE}") set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH}) -set(APP_ANDROID_VERSION_CODE 2080) +set(APP_ANDROID_VERSION_CODE 2081) if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux") set(MZ_PLATFORM_NAME "linux") diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index 05283195..1788297c 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -709,7 +709,7 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential QString transportProto = containerConfig.value(config_key::transport_proto).toString(defaultTransportProto); // TODO reimplement with netstat - QString script = QString("which lsof &>/dev/null || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port); + QString script = QString("which lsof > /dev/null 2>&1 || true && sudo lsof -i -P -n 2>/dev/null | grep -E ':%1 ").arg(port); for (auto &port : fixedPorts) { script = script.append("|:%1").arg(port); } From 00f314039d93c0187653bd74ca883261d5b8573e Mon Sep 17 00:00:00 2001 From: lunardunno <126363523+lunardunno@users.noreply.github.com> Date: Thu, 20 Mar 2025 07:24:37 +0400 Subject: [PATCH 5/7] Patch for user checking. (#1481) * Direct use of the $HOME variable. * Sudo check witch variable $HOME. Direct use of the $HOME variable. * Changing for Error 208 Changing description and title for error 208 * Revert "Changing for Error 208" This reverts commit f45624c023474a7b8b5e6919f83c67fb122716a8. * Changing for Error 207 Changing description and title for Error 207 --- client/core/controllers/serverController.cpp | 2 +- client/core/defs.h | 2 +- client/core/errorstrings.cpp | 2 +- client/server_scripts/check_user_in_sudo.sh | 2 +- client/server_scripts/prepare_host.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp index 1788297c..d8c94f4d 100644 --- a/client/core/controllers/serverController.cpp +++ b/client/core/controllers/serverController.cpp @@ -771,7 +771,7 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr); if (credentials.userName != "root" && stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found")) - return ErrorCode::SudoPackageIsNotPreinstalled; + return ErrorCode::ServerSudoPackageIsNotPreinstalled; if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel")) return ErrorCode::ServerUserNotInSudo; if (stdOut.contains("can't cd to") || stdOut.contains("Permission denied") || stdOut.contains("No such file or directory")) diff --git a/client/core/defs.h b/client/core/defs.h index e073d030..2e683314 100644 --- a/client/core/defs.h +++ b/client/core/defs.h @@ -54,7 +54,7 @@ namespace amnezia ServerCancelInstallation = 204, ServerUserNotInSudo = 205, ServerPacketManagerError = 206, - SudoPackageIsNotPreinstalled = 207, + ServerSudoPackageIsNotPreinstalled = 207, ServerUserDirectoryNotAccessible = 208, ServerUserNotAllowedInSudoers = 209, ServerUserPasswordRequired = 210, diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp index a3d54601..9dcd8065 100644 --- a/client/core/errorstrings.cpp +++ b/client/core/errorstrings.cpp @@ -22,7 +22,7 @@ QString errorString(ErrorCode code) { case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break; case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break; case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break; - case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break; + case(ErrorCode::ServerSudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed on the server"); break; case(ErrorCode::ServerUserDirectoryNotAccessible): errorMessage = QObject::tr("The server user's home directory is not accessible"); break; case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break; case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break; diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh index 974131dd..685e6a18 100644 --- a/client/server_scripts/check_user_in_sudo.sh +++ b/client/server_scripts/check_user_in_sudo.sh @@ -4,7 +4,7 @@ elif which yum > /dev/null 2>&1; then pm=$(which yum); opt="--version";\ elif which pacman > /dev/null 2>&1; then pm=$(which pacman); opt="--version";\ else pm="uname"; opt="-a";\ fi;\ -CUR_USER=$(whoami 2>/dev/null || echo ~ | sed 's/.*\///');\ +CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\ echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\ sudo -K;\ cd ~;\ diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh index 22a50e31..1cc56a01 100644 --- a/client/server_scripts/prepare_host.sh +++ b/client/server_scripts/prepare_host.sh @@ -1,4 +1,4 @@ -CUR_USER=$(whoami 2>/dev/null || echo ~ | sed 's/.*\///');\ +CUR_USER=$(whoami 2>/dev/null || echo $HOME | sed 's/.*\///');\ sudo mkdir -p $DOCKERFILE_FOLDER;\ sudo chown $CUR_USER $DOCKERFILE_FOLDER;\ if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \ From 92689d084cfd82bc735e26d40c84de1b63810549 Mon Sep 17 00:00:00 2001 From: Nethius Date: Fri, 21 Mar 2025 10:25:44 +0700 Subject: [PATCH 6/7] feature/old api proxy (#1484) * feature: proxy old api requests through gateway * chore: bump version --- CMakeLists.txt | 4 +- .../controllers/api/apiConfigsController.cpp | 54 +++++++------------ 2 files changed, 20 insertions(+), 38 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0ccae139..21cd78f8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN) -project(${PROJECT} VERSION 4.8.4.4 +project(${PROJECT} VERSION 4.8.4.5 DESCRIPTION "AmneziaVPN" HOMEPAGE_URL "https://amnezia.org/" ) @@ -11,7 +11,7 @@ string(TIMESTAMP CURRENT_DATE "%Y-%m-%d") set(RELEASE_DATE "${CURRENT_DATE}") set(APP_MAJOR_VERSION ${CMAKE_PROJECT_VERSION_MAJOR}.${CMAKE_PROJECT_VERSION_MINOR}.${CMAKE_PROJECT_VERSION_PATCH}) -set(APP_ANDROID_VERSION_CODE 2081) +set(APP_ANDROID_VERSION_CODE 2082) if(${CMAKE_SYSTEM_NAME} STREQUAL "Linux") set(MZ_PLATFORM_NAME "linux") diff --git a/client/ui/controllers/api/apiConfigsController.cpp b/client/ui/controllers/api/apiConfigsController.cpp index b8696201..00e6ae3d 100644 --- a/client/ui/controllers/api/apiConfigsController.cpp +++ b/client/ui/controllers/api/apiConfigsController.cpp @@ -19,7 +19,7 @@ namespace constexpr char cloak[] = "cloak"; constexpr char awg[] = "awg"; - constexpr char apiEdnpoint[] = "api_endpoint"; + constexpr char apiEndpoint[] = "api_endpoint"; constexpr char accessToken[] = "api_key"; constexpr char certificate[] = "certificate"; constexpr char publicKey[] = "public_key"; @@ -251,7 +251,6 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const newServerConfig.insert(configKey::apiConfig, newApiConfig); newServerConfig.insert(configKey::authData, authData); - // newServerConfig.insert( m_serversModel->editServer(newServerConfig, serverIndex); if (reloadServiceConfig) { @@ -270,54 +269,37 @@ bool ApiConfigsController::updateServiceFromGateway(const int serverIndex, const bool ApiConfigsController::updateServiceFromTelegram(const int serverIndex) { - auto serverConfig = m_serversModel->getServerConfig(serverIndex); - auto installationUuid = m_settings->getInstallationUuid(true); - #ifdef Q_OS_IOS IosController::Instance()->requestInetAccess(); QThread::msleep(10); #endif - if (serverConfig.value(config_key::configVersion).toInt()) { - QNetworkRequest request; - request.setTransferTimeout(apiDefs::requestTimeoutMsecs); - request.setHeader(QNetworkRequest::ContentTypeHeader, "application/json"); - request.setRawHeader("Authorization", "Api-Key " + serverConfig.value(configKey::accessToken).toString().toUtf8()); - QString endpoint = serverConfig.value(configKey::apiEdnpoint).toString(); - request.setUrl(endpoint); + GatewayController gatewayController(m_settings->getGatewayEndpoint(), m_settings->isDevGatewayEnv(), apiDefs::requestTimeoutMsecs); - QString protocol = serverConfig.value(configKey::protocol).toString(); + auto serverConfig = m_serversModel->getServerConfig(serverIndex); + auto installationUuid = m_settings->getInstallationUuid(true); - ApiPayloadData apiPayloadData = generateApiPayloadData(protocol); + QString serviceProtocol = serverConfig.value(configKey::protocol).toString(); + ApiPayloadData apiPayloadData = generateApiPayloadData(serviceProtocol); - QJsonObject apiPayload = fillApiPayload(protocol, apiPayloadData); - apiPayload[configKey::uuid] = installationUuid; + QJsonObject apiPayload = fillApiPayload(serviceProtocol, apiPayloadData); + apiPayload[configKey::uuid] = installationUuid; + apiPayload[configKey::accessToken] = serverConfig.value(configKey::accessToken).toString(); + apiPayload[configKey::apiEndpoint] = serverConfig.value(configKey::apiEndpoint).toString(); - QByteArray requestBody = QJsonDocument(apiPayload).toJson(); + QByteArray responseBody; + ErrorCode errorCode = gatewayController.post(QString("%1v1/proxy_config"), apiPayload, responseBody); - QNetworkReply *reply = amnApp->networkManager()->post(request, requestBody); + if (errorCode == ErrorCode::NoError) { + fillServerConfig(serviceProtocol, apiPayloadData, responseBody, serverConfig); - QEventLoop wait; - connect(reply, &QNetworkReply::finished, &wait, &QEventLoop::quit); - - QList sslErrors; - connect(reply, &QNetworkReply::sslErrors, [this, &sslErrors](const QList &errors) { sslErrors = errors; }); - wait.exec(); - - auto errorCode = apiUtils::checkNetworkReplyErrors(sslErrors, reply); - if (errorCode != ErrorCode::NoError) { - reply->deleteLater(); - emit errorOccurred(errorCode); - return false; - } - - auto apiResponseBody = reply->readAll(); - reply->deleteLater(); - fillServerConfig(protocol, apiPayloadData, apiResponseBody, serverConfig); m_serversModel->editServer(serverConfig, serverIndex); emit updateServerFromApiFinished(); + return true; + } else { + emit errorOccurred(errorCode); + return false; } - return true; } bool ApiConfigsController::deactivateDevice() From 2a6e6a1e2494b8d0a94b25a72fe15d1057b81b23 Mon Sep 17 00:00:00 2001 From: Nethius Date: Fri, 21 Mar 2025 14:12:56 +0700 Subject: [PATCH 7/7] chore: bump version (#1485) --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 21cd78f8..b1246970 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 3.25.0 FATAL_ERROR) set(PROJECT AmneziaVPN) -project(${PROJECT} VERSION 4.8.4.5 +project(${PROJECT} VERSION 4.8.5.0 DESCRIPTION "AmneziaVPN" HOMEPAGE_URL "https://amnezia.org/" )