From 1c51ff02b5544e3d139caa7cffe8fe3625f4685c Mon Sep 17 00:00:00 2001
From: Edmund Tan <edmund.tan@virtech.com.sg>
Date: Tue, 22 Jul 2025 03:10:53 +0800
Subject: [PATCH] fix install script14

---
 UI/includes/config.php     | 69 ++++++++++++++++++++++++++++++++++++--
 UI/includes/enrollment.php | 15 +++++++--
 UI/install.sh              |  7 ++++
 3 files changed, 86 insertions(+), 5 deletions(-)

diff --git a/UI/includes/config.php b/UI/includes/config.php
index 7acfcff..77cee61 100644
--- a/UI/includes/config.php
+++ b/UI/includes/config.php
@@ -109,16 +109,79 @@ function logMessage($level, $message) {
 }
 
 /**
- * Check if running as root/admin
+ * Check if running as root/admin or has sudo privileges
  */
 function isRunningAsRoot() {
-    return posix_getuid() === 0;
+    // If actually running as root
+    if (posix_getuid() === 0) {
+        return true;
+    }
+    
+    // Test if we have sudo privileges by trying a simple sudo command
+    $output = '';
+    $returnCode = 0;
+    $testCommand = 'sudo -n whoami 2>/dev/null';
+    
+    $descriptorspec = [
+        0 => ['pipe', 'r'],
+        1 => ['pipe', 'w'],
+        2 => ['pipe', 'w']
+    ];
+    
+    $process = proc_open($testCommand, $descriptorspec, $pipes);
+    
+    if (is_resource($process)) {
+        fclose($pipes[0]);
+        $stdout = stream_get_contents($pipes[1]);
+        fclose($pipes[1]);
+        fclose($pipes[2]);
+        $returnCode = proc_close($process);
+        
+        // If sudo command succeeded, we have sudo privileges
+        return $returnCode === 0;
+    }
+    
+    return false;
 }
 
 /**
- * Execute system command safely
+ * Execute system command safely with automatic sudo for privileged operations
  */
 function executeCommand($command, &$output = null, &$returnCode = null) {
+    // Commands that typically need sudo privileges
+    $sudoCommands = [
+        'apt-get', 'systemctl', 'mkdir', 'chmod', 'chown', 'curl', 'gpg', 
+        'ziti', 'cp', 'mv', 'rm', 'ln', 'update-alternatives'
+    ];
+    
+    // Check if command needs sudo and doesn't already have it
+    $needsSudo = false;
+    $commandParts = explode(' ', trim($command));
+    $baseCommand = $commandParts[0];
+    
+    // Skip if already has sudo
+    if ($baseCommand !== 'sudo') {
+        foreach ($sudoCommands as $sudoCmd) {
+            if ($baseCommand === $sudoCmd || strpos($command, $sudoCmd) !== false) {
+                $needsSudo = true;
+                break;
+            }
+        }
+        
+        // Also check for file operations in system directories
+        if (strpos($command, '/etc/') !== false || 
+            strpos($command, '/var/') !== false || 
+            strpos($command, '/usr/') !== false ||
+            strpos($command, '/opt/') !== false) {
+            $needsSudo = true;
+        }
+    }
+    
+    // Add sudo if needed and we're not already root
+    if ($needsSudo && posix_getuid() !== 0) {
+        $command = 'sudo ' . $command;
+    }
+    
     $descriptorspec = [
         0 => ['pipe', 'r'],  // stdin
         1 => ['pipe', 'w'],  // stdout
diff --git a/UI/includes/enrollment.php b/UI/includes/enrollment.php
index 30db864..d163a38 100644
--- a/UI/includes/enrollment.php
+++ b/UI/includes/enrollment.php
@@ -194,9 +194,14 @@ class EnrollmentManager {
         
         // Add repository to sources list
         $repoContent = 'deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable debian main';
-        if (!file_put_contents('/etc/apt/sources.list.d/openziti-release.list', $repoContent)) {
+        $tempFile = tempnam(sys_get_temp_dir(), 'openziti-repo');
+        file_put_contents($tempFile, $repoContent);
+        
+        if (!executeCommand("cp '$tempFile' /etc/apt/sources.list.d/openziti-release.list")) {
+            unlink($tempFile);
             throw new Exception('Failed to add OpenZiti repository');
         }
+        unlink($tempFile);
         
         // Update package list
         $this->reportProgress('INSTALL', 'Updating package list...');
@@ -408,9 +413,15 @@ StandardError=append:/var/log/ziti-router.log
 WantedBy=multi-user.target
 EOF;
         
-        if (!file_put_contents(SYSTEMD_SERVICE_FILE, $serviceContent)) {
+        // Write service file using sudo
+        $tempFile = tempnam(sys_get_temp_dir(), 'ziti-service');
+        file_put_contents($tempFile, $serviceContent);
+        
+        if (!executeCommand("cp '$tempFile' " . SYSTEMD_SERVICE_FILE)) {
+            unlink($tempFile);
             throw new Exception('Failed to create systemd service file');
         }
+        unlink($tempFile);
         
         // Reload systemd and enable service
         if (!executeCommand('systemctl daemon-reload')) {
diff --git a/UI/install.sh b/UI/install.sh
index 72c5bf4..fd2c8cc 100644
--- a/UI/install.sh
+++ b/UI/install.sh
@@ -356,6 +356,13 @@ www-data ALL=(ALL) NOPASSWD: /usr/bin/which
 www-data ALL=(ALL) NOPASSWD: /usr/bin/hostname
 www-data ALL=(ALL) NOPASSWD: /usr/bin/uname
 www-data ALL=(ALL) NOPASSWD: /usr/bin/lsb_release
+www-data ALL=(ALL) NOPASSWD: /usr/bin/cp
+www-data ALL=(ALL) NOPASSWD: /usr/bin/mv
+www-data ALL=(ALL) NOPASSWD: /usr/bin/rm
+www-data ALL=(ALL) NOPASSWD: /usr/bin/ln
+www-data ALL=(ALL) NOPASSWD: /usr/bin/whoami
+www-data ALL=(ALL) NOPASSWD: /usr/bin/tee
+www-data ALL=(ALL) NOPASSWD: /usr/bin/cat
 EOF
     
     # Validate sudoers file