Commit e423d75b authored by Aard's avatar Aard

[ssu] Properly restore uid/gid if authorized_keys already exists

[ssu] Warn if registration fails due to non-writable configuration
parent 2fa60209
...@@ -23,6 +23,13 @@ ...@@ -23,6 +23,13 @@
#include "../constants.h" #include "../constants.h"
static void restoreUid(){
if (getuid() == 0){
seteuid(0);
setegid(0);
}
}
Ssu::Ssu(): QObject(){ Ssu::Ssu(): QObject(){
errorFlag = false; errorFlag = false;
pendingRequests = 0; pendingRequests = 0;
...@@ -175,6 +182,12 @@ bool Ssu::registerDevice(QDomDocument *response){ ...@@ -175,6 +182,12 @@ bool Ssu::registerDevice(QDomDocument *response){
// if we came that far everything required for device registration is done // if we came that far everything required for device registration is done
settings->setValue("registered", true); settings->setValue("registered", true);
settings->sync(); settings->sync();
if (!settings->isWritable()){
setError("Configuration is not writable, device registration failed.");
return false;
}
emit registrationStatusChanged(); emit registrationStatusChanged();
return true; return true;
} }
...@@ -234,7 +247,8 @@ void Ssu::requestFinished(QNetworkReply *reply){ ...@@ -234,7 +247,8 @@ void Ssu::requestFinished(QNetworkReply *reply){
return; return;
} else { } else {
QByteArray data = reply->readAll(); QByteArray data = reply->readAll();
qDebug() << "RequestOutput" << data; ssuLog->print(LOG_DEBUG, QString("RequestOutput %1")
.arg(data.data()));
QDomDocument doc; QDomDocument doc;
QString xmlError; QString xmlError;
...@@ -248,6 +262,8 @@ void Ssu::requestFinished(QNetworkReply *reply){ ...@@ -248,6 +262,8 @@ void Ssu::requestFinished(QNetworkReply *reply){
if (!verifyResponse(&doc)) break; if (!verifyResponse(&doc)) break;
ssuLog->print(LOG_DEBUG, QString("Handling request of type %1")
.arg(action));
if (action == "register"){ if (action == "register"){
if (!registerDevice(&doc)) break; if (!registerDevice(&doc)) break;
} else if (action == "credentials"){ } else if (action == "credentials"){
...@@ -344,8 +360,8 @@ void Ssu::sendRegistration(QString usernameDomain, QString password){ ...@@ -344,8 +360,8 @@ void Ssu::sendRegistration(QString usernameDomain, QString password){
} }
#endif #endif
qDebug() << "Sending request to " << request.url(); ssuLog->print(LOG_DEBUG, QString("Sending request to %1")
//qDebug() << form.encodedQueryItems(); .arg(request.url().url()));
QNetworkReply *reply; QNetworkReply *reply;
...@@ -459,6 +475,7 @@ void Ssu::storeAuthorizedKeys(QByteArray data){ ...@@ -459,6 +475,7 @@ void Ssu::storeAuthorizedKeys(QByteArray data){
if (dir.exists(homePath + "/.ssh/authorized_keys")){ if (dir.exists(homePath + "/.ssh/authorized_keys")){
ssuLog->print(LOG_DEBUG, QString(".ssh/authorized_keys already exists in %1") ssuLog->print(LOG_DEBUG, QString(".ssh/authorized_keys already exists in %1")
.arg(homePath)); .arg(homePath));
restoreUid();
return; return;
} }
...@@ -466,6 +483,7 @@ void Ssu::storeAuthorizedKeys(QByteArray data){ ...@@ -466,6 +483,7 @@ void Ssu::storeAuthorizedKeys(QByteArray data){
if (!dir.mkdir(homePath + "/.ssh")){ if (!dir.mkdir(homePath + "/.ssh")){
ssuLog->print(LOG_DEBUG, QString("Unable to create .ssh in %1") ssuLog->print(LOG_DEBUG, QString("Unable to create .ssh in %1")
.arg(homePath)); .arg(homePath));
restoreUid();
return; return;
} }
...@@ -480,10 +498,7 @@ void Ssu::storeAuthorizedKeys(QByteArray data){ ...@@ -480,10 +498,7 @@ void Ssu::storeAuthorizedKeys(QByteArray data){
out.flush(); out.flush();
authorizedKeys.close(); authorizedKeys.close();
if (getuid() == 0){ restoreUid();
seteuid(0);
setegid(0);
}
} }
void Ssu::updateCredentials(bool force){ void Ssu::updateCredentials(bool force){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment