MFA: Changing ownership of conf dir
The .conf directory created during secret key generation requires a
change in ownership to allow Google Authenticator to read and write.
TOTP verification will fail if the correct permissions are not set.
Tested By:
- curl /redfish/v1/AccountService/Accounts/
<str>/Actions/ManagerAccount.GenerateSecretKey
- curl /redfish/v1/AccountService/Accounts/
<str>/Actions/ManagerAccount.VerifyTimeBasedOneTimePassword
Result:
TOTP was successfully verified.
Change-Id: I1a13800894a0a11c7236748fea94db6e466987ee
Signed-off-by: Abhilash Raju <abhilash.kollam@gmail.com>
diff --git a/users.cpp b/users.cpp
index 9008008..29aaf27 100644
--- a/users.cpp
+++ b/users.cpp
@@ -205,8 +205,7 @@
{
return manager.userPasswordExpired(userName);
}
-bool changeFileOwnership(const std::string& filePath,
- const std::string& userName)
+bool changeFileOwnership(const std::string& userName)
{
// Get the user ID
passwd* pwd = getpwnam(userName.c_str());
@@ -216,10 +215,17 @@
return false;
}
// Change the ownership of the file
- if (chown(filePath.c_str(), pwd->pw_uid, pwd->pw_gid) != 0)
+ // Change ownership recursively for the user's home directory
+ std::string homeDir = std::format("/home/{}/", userName);
+ for (const auto& entry :
+ std::filesystem::recursive_directory_iterator(homeDir))
{
- lg2::error("Ownership change error {PATH}", "PATH", filePath);
- return false;
+ if (chown(entry.path().c_str(), pwd->pw_uid, pwd->pw_gid) != 0)
+ {
+ lg2::error("Ownership change error {PATH}", "PATH",
+ entry.path().string());
+ return false;
+ }
}
return true;
}
@@ -267,7 +273,7 @@
std::string secret;
std::getline(file, secret);
file.close();
- if (!changeFileOwnership(path, userName))
+ if (!changeFileOwnership(userName))
{
throw UnsupportedRequest();
}