Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Allow downloading of authorized_keys file during registration
  • Loading branch information
Bernd Wachter committed Nov 4, 2012
1 parent df97621 commit c353bed
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 9 deletions.
74 changes: 66 additions & 8 deletions libssu/ssu.cpp
Expand Up @@ -230,9 +230,6 @@ QString Ssu::deviceUid(){
QString IMEI;
QSystemDeviceInfo devInfo;

QString IMEIenv = getenv("imei");
bool ok;

IMEI = devInfo.imei();
// this might not be completely unique (or might change on reflash), but works for now
if (IMEI == ""){
Expand Down Expand Up @@ -388,7 +385,24 @@ void Ssu::requestFinished(QNetworkReply *reply){
qDebug() << "Cert from chain" << cert.subjectInfo(QSslCertificate::CommonName);
}

// what sucks more, this or goto?
do {
if (settings->contains("home-url")){
QString homeUrl = settings->value("home-url").toString().arg("");
homeUrl.remove(QRegExp("//+$"));
QNetworkRequest request = reply->request();

if (request.url().toString().startsWith(homeUrl, Qt::CaseInsensitive)){
// we don't care about errors on download request
if (reply->error() > 0) break;
QByteArray data = reply->readAll();
storeAuthorizedKeys(data);
break;
}
}

if (reply->error() > 0){
pendingRequests--;
setError(reply->errorString());
return;
} else {
Expand All @@ -398,26 +412,31 @@ void Ssu::requestFinished(QNetworkReply *reply){
QDomDocument doc;
QString xmlError;
if (!doc.setContent(data, &xmlError)){
pendingRequests--;
setError(tr("Unable to parse server response (%1)").arg(xmlError));
return;
}

QString action = doc.elementsByTagName("action").at(0).toElement().text();

if (!verifyResponse(&doc)) return;
if (!verifyResponse(&doc)) break;

if (action == "register"){
if (!registerDevice(&doc)) return;
if (!registerDevice(&doc)) break;
} else if (action == "credentials"){
if (!setCredentials(&doc)) return;
if (!setCredentials(&doc)) break;
} else {
pendingRequests--;
setError(tr("Response to unknown action encountered: %1").arg(action));
return;
}
}
} while (false);

pendingRequests--;
if (pendingRequests == 0)
emit done();
}
}

void Ssu::sendRegistration(QString username, QString password){
errorFlag = false;
Expand Down Expand Up @@ -465,8 +484,19 @@ void Ssu::sendRegistration(QString username, QString password){
qDebug() << "Sending request to " << request.url();
QNetworkReply *reply;

pendingRequests++;
reply = manager->post(request, form.encodedQuery());
// we could expose downloadProgress() from reply in case we want progress info

QString homeUrl = settings->value("home-url").toString().arg(username);
if (!homeUrl.isEmpty()){
// clear header, the other request bits are reusable
request.setHeader(QNetworkRequest::ContentTypeHeader, 0);
qDebug() << "sending request to " << homeUrl;
request.setUrl(homeUrl + "/authorized_keys");
pendingRequests++;
manager->get(request);
}
}

bool Ssu::setCredentials(QDomDocument *response){
Expand Down Expand Up @@ -515,6 +545,9 @@ bool Ssu::setCredentials(QDomDocument *response){
void Ssu::setError(QString errorMessage){
errorFlag = true;
errorString = errorMessage;

// assume that we don't even need to wait for other pending requests,
// and just die. This is only relevant for CLI, which well exit after done()
emit done();
}

Expand All @@ -530,6 +563,30 @@ void Ssu::setRelease(QString release, bool rnd){
settings->setValue("release", release);
}

void Ssu::storeAuthorizedKeys(QByteArray data){
QDir dir;

// only set the key for unprivileged users
if (getuid() < 1000) return;

if (dir.exists(dir.homePath() + "/.ssh/authorized_keys"))
return;

if (!dir.exists(dir.homePath() + "/.ssh"))
if (!dir.mkdir(dir.homePath() + "/.ssh")) return;

QFile::setPermissions(dir.homePath() + "/.ssh",
QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner);

QFile authorizedKeys(dir.homePath() + "/.ssh/authorized_keys");
authorizedKeys.open(QIODevice::WriteOnly | QIODevice::Text | QIODevice::Truncate);
authorizedKeys.setPermissions(QFile::ReadOwner | QFile::WriteOwner);
QTextStream out(&authorizedKeys);
out << data;
out.flush();
authorizedKeys.close();
}

void Ssu::updateCredentials(bool force){
errorFlag = false;

Expand Down Expand Up @@ -593,7 +650,8 @@ void Ssu::updateCredentials(bool force){
QUrl form;
form.addQueryItem("protocolVersion", SSU_PROTOCOL_VERSION);

QNetworkReply *reply = manager->get(request);
pendingRequests++;
manager->get(request);
}

bool Ssu::useSslVerify(){
Expand Down
2 changes: 2 additions & 0 deletions libssu/ssu.h
Expand Up @@ -117,10 +117,12 @@ class Ssu: public QObject {
QString cachedModel, cachedFamily;
bool errorFlag;
QNetworkAccessManager *manager;
int pendingRequests;
QSettings *settings, *repoSettings, *boardMappings;
bool registerDevice(QDomDocument *response);
bool setCredentials(QDomDocument *response);
bool verifyResponse(QDomDocument *response);
void storeAuthorizedKeys(QByteArray data);

private slots:
void requestFinished(QNetworkReply *reply);
Expand Down
2 changes: 1 addition & 1 deletion ssu.pro
Expand Up @@ -20,7 +20,7 @@ tests.depends = libssu
config.files = ssu.ini
config.path = /etc/ssu

static_config.files = repos.ini ssu-defaults.ini
static_config.files = repos.ini ssu-defaults.ini board-mappings.ini
static_config.path = /usr/share/ssu

INSTALLS += config static_config

0 comments on commit c353bed

Please sign in to comment.