Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[ssu] Properly restore uid/gid if authorized_keys already exists
[ssu] Warn if registration fails due to non-writable configuration
  • Loading branch information
Bernd Wachter committed Sep 13, 2013
1 parent 2fa6020 commit e423d75
Showing 1 changed file with 22 additions and 7 deletions.
29 changes: 22 additions & 7 deletions libssu/ssu.cpp
Expand Up @@ -23,6 +23,13 @@

#include "../constants.h"

static void restoreUid(){
if (getuid() == 0){
seteuid(0);
setegid(0);
}
}

Ssu::Ssu(): QObject(){
errorFlag = false;
pendingRequests = 0;
Expand Down Expand Up @@ -175,6 +182,12 @@ bool Ssu::registerDevice(QDomDocument *response){
// if we came that far everything required for device registration is done
settings->setValue("registered", true);
settings->sync();

if (!settings->isWritable()){
setError("Configuration is not writable, device registration failed.");
return false;
}

emit registrationStatusChanged();
return true;
}
Expand Down Expand Up @@ -234,7 +247,8 @@ void Ssu::requestFinished(QNetworkReply *reply){
return;
} else {
QByteArray data = reply->readAll();
qDebug() << "RequestOutput" << data;
ssuLog->print(LOG_DEBUG, QString("RequestOutput %1")
.arg(data.data()));

QDomDocument doc;
QString xmlError;
Expand All @@ -248,6 +262,8 @@ void Ssu::requestFinished(QNetworkReply *reply){

if (!verifyResponse(&doc)) break;

ssuLog->print(LOG_DEBUG, QString("Handling request of type %1")
.arg(action));
if (action == "register"){
if (!registerDevice(&doc)) break;
} else if (action == "credentials"){
Expand Down Expand Up @@ -344,8 +360,8 @@ void Ssu::sendRegistration(QString usernameDomain, QString password){
}
#endif

qDebug() << "Sending request to " << request.url();
//qDebug() << form.encodedQueryItems();
ssuLog->print(LOG_DEBUG, QString("Sending request to %1")
.arg(request.url().url()));

QNetworkReply *reply;

Expand Down Expand Up @@ -459,13 +475,15 @@ void Ssu::storeAuthorizedKeys(QByteArray data){
if (dir.exists(homePath + "/.ssh/authorized_keys")){
ssuLog->print(LOG_DEBUG, QString(".ssh/authorized_keys already exists in %1")
.arg(homePath));
restoreUid();
return;
}

if (!dir.exists(homePath + "/.ssh"))
if (!dir.mkdir(homePath + "/.ssh")){
ssuLog->print(LOG_DEBUG, QString("Unable to create .ssh in %1")
.arg(homePath));
restoreUid();
return;
}

Expand All @@ -480,10 +498,7 @@ void Ssu::storeAuthorizedKeys(QByteArray data){
out.flush();
authorizedKeys.close();

if (getuid() == 0){
seteuid(0);
setegid(0);
}
restoreUid();
}

void Ssu::updateCredentials(bool force){
Expand Down

0 comments on commit e423d75

Please sign in to comment.