From dc14b0c89b8c6c01567878086053347b244273eb Mon Sep 17 00:00:00 2001
From: Ken Moore <moorekou@gmail.com>
Date: Wed, 18 May 2016 13:40:54 -0400
Subject: [PATCH] Fix up all the file paths and such needed for sysadm-bridge
 to function. Now it should be usable when run either as root or as a user.

---
 src/bridge/BridgeServer.cpp    |  4 ++--
 src/bridge/globals.h           |  6 +++---
 src/bridge/main.cpp            | 15 ++++++++++-----
 src/bridge/sysadm-bridge-start | 16 ++++++++++++----
 4 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/src/bridge/BridgeServer.cpp b/src/bridge/BridgeServer.cpp
index 66e8950..eacc555 100644
--- a/src/bridge/BridgeServer.cpp
+++ b/src/bridge/BridgeServer.cpp
@@ -52,7 +52,7 @@ void BridgeServer::sendMessage(QString toID, QString msg){
 bool BridgeServer::setupWebSocket(quint16 port){
   //SSL Configuration
   QSslConfiguration config = QSslConfiguration::defaultConfiguration();
-	QFile CF( QStringLiteral(SSLCERTFILE) ); 
+	QFile CF( SSLFILEDIR +"/"+SSLCERTFILE ); 
 	  if(CF.open(QIODevice::ReadOnly) ){
 	    QSslCertificate CERT(&CF,QSsl::Pem);
 	    config.setLocalCertificate( CERT );
@@ -60,7 +60,7 @@ bool BridgeServer::setupWebSocket(quint16 port){
 	  }else{
 	    qWarning() << "Could not read WS certificate file:" << CF.fileName();
 	  }
-	QFile KF( QStringLiteral(SSLKEYFILE));
+	QFile KF( SSLFILEDIR +"/"+SSLKEYFILE );
 	  if(KF.open(QIODevice::ReadOnly) ){
 	    QSslKey KEY(&KF, QSsl::Rsa, QSsl::Pem);
 	    config.setPrivateKey( KEY );
diff --git a/src/bridge/globals.h b/src/bridge/globals.h
index a4a2a4c..94bac24 100644
--- a/src/bridge/globals.h
+++ b/src/bridge/globals.h
@@ -32,8 +32,8 @@
 
 // SSL Version/File defines
 #define SSLVERSION QSsl::TlsV1_0OrLater
-#define SSLCERTFILE "/usr/local/etc/sysadm/bridgeserver.crt"
-#define SSLKEYFILE "/usr/local/etc/sysadm/bridgeserver.key"
+#define SSLCERTFILE QString("bridgeserver.crt")
+#define SSLKEYFILE QString("bridgeserver.key")
 
 #define SETTINGSFILE "/var/db/sysadm-bridge.ini"
 
@@ -42,4 +42,4 @@
 
 extern QSettings* CONFIG;
 extern AuthorizationManager* AUTHSYSTEM;
-
+extern QString SSLFILEDIR;
diff --git a/src/bridge/main.cpp b/src/bridge/main.cpp
index 822c38d..e9d5fd3 100644
--- a/src/bridge/main.cpp
+++ b/src/bridge/main.cpp
@@ -14,8 +14,9 @@
 #define USELOG 1 //turn this to "0" for dumping all output to the CLI (for debugging)
 
 //Create any global classes/settings
-QSettings *CONFIG = new QSettings("sysadm","bridge");
+QSettings *CONFIG = 0;
 AuthorizationManager *AUTHSYSTEM = new AuthorizationManager();
+QString SSLFILEDIR;
 
 //Create the default logfile
 QFile logfile;
@@ -61,7 +62,9 @@ qDebug() << "    \"blacklist/fails_to_block\" (integer): Number of times a syste
 
 int main( int argc, char ** argv )
 {
-  qDebug() << "Using Config file:" << CONFIG->fileName();
+  if(getuid() != 0){ CONFIG = new QSettings("sysadm","bridge"); SSLFILEDIR=CONFIG->fileName().section("/",0,-2); }
+  else{ CONFIG = new QSettings("/var/db/sysadm-bridge.ini", QSettings::IniFormat);  SSLFILEDIR="/usr/local/etc/sysadm"; }
+  qDebug() << "Using Config file:" << CONFIG->fileName() << "SSL FILE DIR:" << SSLFILEDIR;
     //Evaluate input arguments
     quint16 port = 12149; //port number
     bool settingchange = false;
@@ -84,11 +87,13 @@ int main( int argc, char ** argv )
       else if( QString(argv[i])=="-import_ssl_file" && i+2<argc){
         i++; QString id = QString(argv[i]);
 	i++; QFile file(argv[i]);
+        settingchange=true;
  	if(!file.open(QIODevice::ReadOnly)){ qDebug() << "Could not open file:" << file.fileName(); }
         else{
           QString enc_key;
           if(file.fileName().endsWith(".crt")){ QSslCertificate cert(&file); enc_key = QString(cert.publicKey().toPem().toBase64()); }
           else if(file.fileName().endsWith(".key")){ QSslKey key(&file); enc_key = QString(key.toPem().toBase64());  }
+          file.close();
           if(enc_key.isEmpty()){ qDebug() << "Could not read key (need .crt or .key file)"; }
           else{
             qDebug() << "Registered Key:" << id << enc_key << "(base64)";
@@ -97,7 +102,7 @@ int main( int argc, char ** argv )
             CONFIG->setValue("RegisteredCerts/"+id+"/"+enc_key, "Date Registered: "+QDateTime::currentDateTime().toString(Qt::ISODate) );
           }
 	}
-        settingchange=true;
+        
  // -------------------------
       }else if( QString(argv[i])=="-import_ssl_pubkey" && i+2<argc){
         i++;  QString id = QString(argv[i]);
@@ -133,8 +138,8 @@ int main( int argc, char ** argv )
 
     //Setup the log file
     if(USELOG){
-      logfile.setFileName("/var/log/sysadm-bridge.log");
-      if(DEBUG){ qDebug() << "Log File:" << logfile.fileName(); }
+      logfile.setFileName(SSLFILEDIR+"/sysadm-bridge.log");
+      qDebug() << "Log File:" << logfile.fileName();
       if(QFile::exists(logfile.fileName()+".old")){ QFile::remove(logfile.fileName()+".old"); }
       if(logfile.exists()){ QFile::rename(logfile.fileName(), logfile.fileName()+".old"); }
       //Make sure the parent directory exists
diff --git a/src/bridge/sysadm-bridge-start b/src/bridge/sysadm-bridge-start
index 89c91ac..2621ae1 100644
--- a/src/bridge/sysadm-bridge-start
+++ b/src/bridge/sysadm-bridge-start
@@ -4,12 +4,20 @@
 
 ssl_keygen()
 {
-  if [ ! -d "/usr/local/etc/sysadm" ] ; then
-    mkdir -p /usr/local/etc/sysadm
+  #Determine where the files should be placed (based on user)
+  if [ `id -u` != "0" ] ; then
+   DIR="${XDG_CONFIG_HOME}/sysadm"
+  else
+    DIR="/usr/local/etc/sysadm"
   fi
+  #Now ensure the dir exists
+  if [ ! -d "${DIR}" ] ; then
+    mkdir -p ${DIR}
+  fi
+  #Now create the key/crt files
   openssl req -x509 -nodes -newkey rsa:2048 \
-    -keyout /usr/local/etc/sysadm/bridgeserver.key \
-    -out /usr/local/etc/sysadm/bridgeserver.crt -days 1024 \
+    -keyout ${DIR}/bridgeserver.key \
+    -out ${DIR}/bridgeserver.crt -days 1024 \
     -subj "/C=US/ST=MY/L=NULL/O=SysAdm/OU=SysAdm/CN=SysAdm/emailAddress=none@example.org" 2>/dev/null
 }