Merge pull request #1278 from amnezia-vpn/checking_sudo_permissions

Checking server user permissions to use sudo
amnezia-vpn · Jan 15, 2025 · d5a9d60 · d5a9d60
2 parents db83555 + 464aa4c
commit d5a9d60
Show file tree

Hide file tree

Showing 13 changed files with 46 additions and 38 deletions.
diff --git a/client/core/controllers/serverController.cpp b/client/core/controllers/serverController.cpp
@@ -757,10 +757,6 @@ ErrorCode ServerController::isServerPortBusy(const ServerCredentials &credential
 
 ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, DockerContainer container)
 {
-    if (credentials.userName == "root") {
-        return ErrorCode::NoError;
-    }
-
     QString stdOut;
     auto cbReadStdOut = [&](const QString &data, libssh::Client &) {
         stdOut += data + "\n";
@@ -774,8 +770,14 @@ ErrorCode ServerController::isUserInSudo(const ServerCredentials &credentials, D
     const QString scriptData = amnezia::scriptData(SharedScriptType::check_user_in_sudo);
     ErrorCode error = runScript(credentials, replaceVars(scriptData, genVarsForScript(credentials)), cbReadStdOut, cbReadStdErr);
 
-    if (!stdOut.contains("sudo"))
+    if (credentials.userName != "root" && !stdOut.contains("sudo") && !stdOut.contains("wheel"))
         return ErrorCode::ServerUserNotInSudo;
+    if (credentials.userName != "root" && stdOut.contains("sudo:") && !stdOut.contains("uname:") && stdOut.contains("not found"))
+        return ErrorCode::SudoPackageIsNotPreinstalled;
+    if (stdOut.contains("sudoers"))
+        return ErrorCode::ServerUserNotAllowedInSudoers;
+    if (stdOut.contains("password is required"))
+        return ErrorCode::ServerUserPasswordRequired;
 
     return error;
 }

diff --git a/client/core/defs.h b/client/core/defs.h
@@ -56,6 +56,9 @@ namespace amnezia
         ServerCancelInstallation = 204,
         ServerUserNotInSudo = 205,
         ServerPacketManagerError = 206,
+        SudoPackageIsNotPreinstalled = 207,
+        ServerUserNotAllowedInSudoers = 208,
+        ServerUserPasswordRequired = 209,
 
         // Ssh connection errors
         SshRequestDeniedError = 300,

diff --git a/client/core/errorstrings.cpp b/client/core/errorstrings.cpp
@@ -19,8 +19,11 @@ QString errorString(ErrorCode code) {
     case(ErrorCode::ServerContainerMissingError): errorMessage = QObject::tr("Server error: Docker container missing"); break;
     case(ErrorCode::ServerDockerFailedError): errorMessage = QObject::tr("Server error: Docker failed"); break;
     case(ErrorCode::ServerCancelInstallation): errorMessage = QObject::tr("Installation canceled by user"); break;
-    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user does not have permission to use sudo"); break;
-    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Packet manager error"); break;
+    case(ErrorCode::ServerUserNotInSudo): errorMessage = QObject::tr("The user is not a member of the sudo group"); break;
+    case(ErrorCode::ServerPacketManagerError): errorMessage = QObject::tr("Server error: Package manager error"); break;
+    case(ErrorCode::SudoPackageIsNotPreinstalled): errorMessage = QObject::tr("The sudo package is not pre-installed"); break;
+    case(ErrorCode::ServerUserNotAllowedInSudoers): errorMessage = QObject::tr("Action not allowed in sudoers"); break;
+    case(ErrorCode::ServerUserPasswordRequired): errorMessage = QObject::tr("The user's password is required"); break;
 
     // Libssh errors
     case(ErrorCode::SshRequestDeniedError): errorMessage = QObject::tr("SSH request was denied"); break;

diff --git a/client/server_scripts/check_user_in_sudo.sh b/client/server_scripts/check_user_in_sudo.sh
@@ -8,4 +8,4 @@ CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\
 echo $LANG | grep -qE '^(en_US.UTF-8|C.UTF-8|C)$' || export LC_ALL=C;\
 if [ "$CUR_USER" = "root" ] || ( groups "$CUR_USER" | grep -E '\<(sudo|wheel)\>' ); then \
   sudo -K && sudo -nu $CUR_USER $pm $opt > /dev/null && sudo -n $pm $opt > /dev/null;\
-fi
+fi
diff --git a/client/server_scripts/prepare_host.sh b/client/server_scripts/prepare_host.sh
@@ -1,4 +1,4 @@
-CUR_USER=$(whoami);\
+CUR_USER=$(whoami 2> /dev/null || echo ~ | sed 's/.*\///');\
 sudo mkdir -p $DOCKERFILE_FOLDER;\
 sudo chown $CUR_USER $DOCKERFILE_FOLDER;\
 if ! sudo docker network ls | grep -q amnezia-dns-net; then sudo docker network create \

diff --git a/client/translations/amneziavpn_ar_EG.ts b/client/translations/amneziavpn_ar_EG.ts
@@ -3334,8 +3334,8 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>ليس لدي المستخدم الصلحيات لأستخدام sudo</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>المستخدم ليس عضوًا في مجموعة sudo</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="26"/>
@@ -3399,7 +3399,7 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
         <translation>خطأ في الخادم: خطأ في مدير الحزم</translation>
     </message>
     <message>

diff --git a/client/translations/amneziavpn_fa_IR.ts b/client/translations/amneziavpn_fa_IR.ts
@@ -3468,8 +3468,8 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>The user does not have permission to use sudo</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>کاربر عضو گروه sudo نیست</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="26"/>
@@ -3590,8 +3590,8 @@ It&apos;s okay as long as it&apos;s from someone you trust.</source>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
-        <translation>Server error: Packet manager error</translation>
+        <source>Server error: Package manager error</source>
+        <translation>خطای سرور: خطای مدیر بسته</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="34"/>

diff --git a/client/translations/amneziavpn_hi_IN.ts b/client/translations/amneziavpn_hi_IN.ts
@@ -3434,13 +3434,13 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>उपयोगकर्ता के पास sudo का उपयोग करने की अनुमति नहीं है</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>उपयोगकर्ता sudo समूह का सदस्य नहीं है</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
-        <translation>सर्वर त्रुटि: पैकेट प्रबंधक त्रुटि</translation>
+        <source>Server error: Package manager error</source>
+        <translation>सर्वर त्रुटि: पैकेज प्रबंधक त्रुटि</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="26"/>

diff --git a/client/translations/amneziavpn_my_MM.ts b/client/translations/amneziavpn_my_MM.ts
@@ -3330,8 +3330,8 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>ဤအသုံးပြုသူသည် sudo ကိုအသုံးပြုရန်ခွင့်ပြုချက်မရှိပါ</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>ဤအသုံးပြုသူသည် sudo အဖွဲ့၏ အဖွဲ့ဝင်မဟုတ်ပါ</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="26"/>
@@ -3395,8 +3395,8 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
-        <translation>ဆာဗာ မှားယွင်းမှု: Packet Manager မှားယွင်းမှု</translation>
+        <source>Server error: Package manager error</source>
+        <translation>ဆာဗာ အမှား- Package manager အမှား</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="34"/>

diff --git a/client/translations/amneziavpn_ru_RU.ts b/client/translations/amneziavpn_ru_RU.ts
@@ -3604,12 +3604,12 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>У пользователя нет прав на использование sudo</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>Пользователь не входит в группу sudo</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
         <translation>Ошибка сервера: ошибка менеджера пакетов</translation>
     </message>
     <message>

diff --git a/client/translations/amneziavpn_uk_UA.ts b/client/translations/amneziavpn_uk_UA.ts
@@ -3700,13 +3700,13 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>The user does not have permission to use sudo</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>Користувач не входить до групи sudo</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
-        <translation type="unfinished"></translation>
+        <source>Server error: Package manager error</source>
+        <translation>Помилка сервера: помилка менеджера пакетів</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="26"/>

diff --git a/client/translations/amneziavpn_ur_PK.ts b/client/translations/amneziavpn_ur_PK.ts
@@ -3433,8 +3433,8 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>صارف کو sudo استعمال کرنے کی اجازت نہیں ہے</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>صارف sudo گروپ کا رکن نہیں ہے</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="26"/>
@@ -3498,7 +3498,7 @@ Already installed containers were found on the server. All installed containers
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
+        <source>Server error: Package manager error</source>
         <translation>سرور خطا: پیکیج منیجر خطا</translation>
     </message>
     <message>

diff --git a/client/translations/amneziavpn_zh_CN.ts b/client/translations/amneziavpn_zh_CN.ts
@@ -3675,13 +3675,13 @@ and will not be shared or disclosed to the Amnezia or any third parties</source>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="22"/>
-        <source>The user does not have permission to use sudo</source>
-        <translation>用户没有root权限</translation>
+        <source>The user is not a member of the sudo group</source>
+        <translation>用户不是 sudo 组的成员</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="23"/>
-        <source>Server error: Packet manager error</source>
-        <translation type="unfinished"></translation>
+        <source>Server error: Package manager error</source>
+        <translation>服务器错误：包管理器错误</translation>
     </message>
     <message>
         <location filename="../core/errorstrings.cpp" line="26"/>