Blob Blame Raw
From cf09831f97308534a6d66a5cd1e99ec5ea646226 Mon Sep 17 00:00:00 2001
From: Julius Milan <jmilan@redhat.com>
Date: Tue, 5 Dec 2017 17:05:49 +0100
Subject: [PATCH 04/22] reporter-rhtsupport: read configuration from user's
 home

Problem was, that /etc/libreport/plugins/rhtsupport.conf has read
permissions set also for others and passwords are stored there as
plain text.

As solution, rhtsupport.conf can be newly placed in users home:
$HOME/.config/libreport/rhtsupport.conf
where users can safely store their credentials, also credentials provided
on first run of reporter-rhtsupport are stored there.

Added warning to /etc/libreport/plugins/rhtsupport.conf for system admin
to be aware that file is readable by everyone and should not contain
confidential credentials.

Related to rhbz#1008994, rhbz#1008977
---
 src/lib/ureport.c                 |  6 +++++-
 src/plugins/report.c              |  4 ++--
 src/plugins/reporter-rhtsupport.c | 10 +++++++++-
 src/plugins/rhtsupport.conf       |  4 ++++
 4 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/lib/ureport.c b/src/lib/ureport.c
index 9e8bbd6a..a595015c 100644
--- a/src/lib/ureport.c
+++ b/src/lib/ureport.c
@@ -245,8 +245,12 @@ ureport_server_config_load_basic_auth(struct ureport_server_config *config,
     {
         settings = new_map_string();
 
-        if (!load_plugin_conf_file("rhtsupport.conf", settings, /*skip key w/o values:*/ false))
+        char *local_conf = xasprintf("%s"USER_HOME_CONFIG_PATH"/rhtsupport.conf", getenv("HOME"));
+
+        if (!load_plugin_conf_file("rhtsupport.conf", settings, /*skip key w/o values:*/ false) &&
+            !load_conf_file(local_conf, settings, /*skip key w/o values:*/ false))
             error_msg_and_die("Could not get RHTSupport credentials");
+        free(local_conf);
 
         username = get_map_string_item_or_NULL(settings, "Login");
         password = get_map_string_item_or_NULL(settings, "Password");
diff --git a/src/plugins/report.c b/src/plugins/report.c
index e6e976bf..3a5d52ca 100644
--- a/src/plugins/report.c
+++ b/src/plugins/report.c
@@ -43,8 +43,8 @@ int main(int argc, char **argv)
         "first one invokes upload to RHTSupport and second - to Bugzilla.\n"
         "\n"
         "Configuration (such as login data) can be supplied via files\n"
-        CONF_DIR"/plugins/bugzilla.conf and\n"
-        CONF_DIR"/plugins/rhtsupport.conf,\n"
+        CONF_DIR"/plugins/bugzilla.conf and $HOME"USER_HOME_CONFIG_PATH"/bugzilla.conf and\n"
+        CONF_DIR"/plugins/rhtsupport.conf and $HOME"USER_HOME_CONFIG_PATH"/rhtsupport.conf,\n"
         "or via environment variables - read documentation of\n"
         "reporter-bugzilla and reporter-rhtsupport tools."
     );
diff --git a/src/plugins/reporter-rhtsupport.c b/src/plugins/reporter-rhtsupport.c
index 0ab06618..6ea92523 100644
--- a/src/plugins/reporter-rhtsupport.c
+++ b/src/plugins/reporter-rhtsupport.c
@@ -509,10 +509,12 @@ int main(int argc, char **argv)
         "Reports a problem to RHTSupport.\n"
         "\n"
         "If not specified, CONFFILE defaults to "CONF_DIR"/plugins/rhtsupport.conf\n"
+        "and user's local ~"USER_HOME_CONFIG_PATH"/rhtsupport.conf.\n"
         "Its lines should have 'PARAM = VALUE' format.\n"
         "Recognized string parameters: URL, Login, Password, BigFileURL.\n"
         "Recognized numeric parameter: BigSizeMB.\n"
         "Recognized boolean parameter (VALUE should be 1/0, yes/no): SSLVerify.\n"
+        "User's local configuration overrides the system wide configuration.\n"
         "Parameters can be overridden via $RHTSupport_PARAM environment variables.\n"
         "\n"
         "Option -t uploads FILEs to the already created case on RHTSupport site.\n"
@@ -521,7 +523,7 @@ int main(int argc, char **argv)
         "to enter case ID to which you want to upload the FILEs.\n"
         "\n"
         "Option -tCASE uploads FILEs to the case CASE on RHTSupport site.\n"
-        "-d DIR is ignored."
+        "-d DIR is ignored.\n"
         "\n"
         "Option -u sends ABRT crash statistics data (uReport) before creating a new case.\n"
         "uReport configuration is loaded from UR_CONFFILE which defaults to\n"
@@ -559,7 +561,13 @@ int main(int argc, char **argv)
     /* Parse config, extract necessary params */
     map_string_t *settings = new_map_string();
     if (!conf_file)
+    {
         conf_file = g_list_append(conf_file, (char*) CONF_DIR"/plugins/rhtsupport.conf");
+        char *local_conf = xasprintf("%s"USER_HOME_CONFIG_PATH"/rhtsupport.conf", getenv("HOME"));
+        conf_file = g_list_append(conf_file, local_conf);
+        free(local_conf);
+
+    }
     while (conf_file)
     {
         const char *fn = (char *)conf_file->data;
diff --git a/src/plugins/rhtsupport.conf b/src/plugins/rhtsupport.conf
index 325be92d..91baa90a 100644
--- a/src/plugins/rhtsupport.conf
+++ b/src/plugins/rhtsupport.conf
@@ -1,3 +1,7 @@
+# NOTE this file is readable by everyone, do NOT store here sensitive data,
+# for such cases should be used config file in user's home,
+# i.e.: $HOME/.config/libreport/rhtsupport.conf
+
 # Uncomment and specify these parameters if you want to use
 # reporter-rhtsupport and/or "report --target strata" tools
 # outside of libreport's GUI (i.e. from command line
-- 
2.14.3