[X2Go-Commits] x2goclient.git - master (branch) updated: 4.0.1.2-11-g2c005d9

X2Go dev team git-admin at x2go.org
Fri Jan 3 15:42:44 CET 2014


The branch, master has been updated
       via  2c005d94ce49157cd446f18bfacf85a3aa8eb427 (commit)
      from  70f0699c0ae5b8f26938d8cfa6c05d2cd5741070 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2c005d94ce49157cd446f18bfacf85a3aa8eb427
Author: Oleksandr Shneyder <o.shneyder at phoca-gmbh.de>
Date:   Fri Jan 3 15:42:33 2014 +0100

    make GSSAPI delegation configurable.

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog        |    1 +
 onmainwindow.cpp        |    6 +++++-
 sessionwidget.cpp       |   19 ++++++++++++++++---
 sessionwidget.h         |    2 ++
 sshmasterconnection.cpp |    2 ++
 sshmasterconnection.h   |    7 +++++++
 sshprocess.cpp          |   14 +++++++++++---
 7 files changed, 44 insertions(+), 7 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index dcc0433..23fd372 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ x2goclient (4.0.1.3-0x2go1) UNRELEASED; urgency=low
     - changed keyboard settings. Supported modes: auto, none and config with
       model/layout(variant)
     - Enables forwarding (delegation) of GSSAPI credentials to the server. 
+    - make GSSAPI delegation configurable.
 
   [ Orion Poplawski ]
   * New upstream version (4.0.1.3):
diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index 1c8bd8b..a1c6779 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -3325,6 +3325,7 @@ bool ONMainWindow::startSession ( const QString& sid )
     QString host;
     bool autologin=false;
     bool krblogin=false;
+    bool krbDelegation=false;
 
     bool useproxy=false;
     SshMasterConnection::ProxyType proxyType= SshMasterConnection::PROXYHTTP;
@@ -3378,6 +3379,8 @@ bool ONMainWindow::startSession ( const QString& sid )
                                      ( QVariant ) false ).toBool();
     krblogin=st->setting()->value ( sid+"/krblogin",
                                     ( QVariant ) false ).toBool();
+    krbDelegation=st->setting()->value ( sid+"/krbdelegation",
+                                         ( QVariant ) false ).toBool();
 #ifdef Q_OS_LINUX
     directRDP=(st->setting()->value ( sid+"/directrdp",
                                       ( QVariant ) false ).toBool() && cmd == "RDP");
@@ -3502,6 +3505,7 @@ bool ONMainWindow::startSession ( const QString& sid )
 
     sshConnection=startSshConnection ( host,sshPort,acceptRsa,user,passwd,autologin, krblogin, false, useproxy,proxyType,proxyserver,
                                        proxyport, proxylogin, proxypassword, proxyKey,proxyAutologin, proxyKrbLogin);
+    sshConnection->set_kerberosDelegation(krbDelegation);
     return true;
 }
 
@@ -6195,7 +6199,7 @@ void ONMainWindow::runCommand()
     command.replace ( " ","X2GO_SPACE_CHAR" );
     QString krbFwString;
 
-    if(sshConnection->useKerberos())
+    if(sshConnection->useKerberos() && sshConnection->get_kerberosDelegation())
     {
         krbFwString="KRB5CCNAME=`echo $KRB5CCNAME |sed 's/FILE://g'` \
         KRBFL=~/.x2go/C-"+resumingSession.sessionId+"/krb5cc ;\
diff --git a/sessionwidget.cpp b/sessionwidget.cpp
index 5874a92..418924d 100644
--- a/sessionwidget.cpp
+++ b/sessionwidget.cpp
@@ -126,8 +126,10 @@ SessionWidget::SessionWidget ( QString id, ONMainWindow * mw,
     sgbLay->addLayout ( keyLay );
     cbAutoLogin=new QCheckBox(tr("Try auto login (ssh-agent or default ssh key)"),sgb);
     cbKrbLogin=new QCheckBox(tr("Kerberos 5 (GSSAPI) authentication"),sgb);
+    cbKrbDelegation=new QCheckBox(tr("Delegation of GSSAPI credentials to the server"),sgb);
     sgbLay->addWidget(cbAutoLogin);
     sgbLay->addWidget(cbKrbLogin);
+    sgbLay->addWidget(cbKrbDelegation);
     cbProxy=new QCheckBox(tr("Use Proxy server for SSH connection"),sgb);
     proxyBox=new QGroupBox(tr("Proxy server"),sgb);
     sgbLay->addWidget(cbProxy);
@@ -260,6 +262,7 @@ SessionWidget::SessionWidget ( QString id, ONMainWindow * mw,
               SIGNAL ( nameChanged ( const QString & ) ) );
     connect (server, SIGNAL(textChanged(const QString&)),this, SLOT(slot_emitSettings()));
     connect (uname, SIGNAL(textChanged(const QString&)),this, SLOT(slot_emitSettings()));
+    connect (cbKrbLogin, SIGNAL(clicked(bool)), this, SLOT(slot_krbChecked()));
 #ifdef Q_OS_LINUX
     connect (rdpPort, SIGNAL(valueChanged(int)),this, SLOT(slot_emitSettings()));
 #endif
@@ -528,6 +531,9 @@ void SessionWidget::readConfig()
     cbKrbLogin->setChecked(st.setting()->value (
                                sessionId+"/krblogin",
                                ( QVariant ) false ).toBool());
+    cbKrbDelegation->setChecked(st.setting()->value (
+                                    sessionId+"/krbdelegation",
+                                    ( QVariant ) false ).toBool());
     sshPort->setValue (
         st.setting()->value (
             sessionId+"/sshport",
@@ -593,9 +599,9 @@ void SessionWidget::readConfig()
                                      false
                                  ).toBool() );
     cbProxyKrbLogin->setChecked(st.setting()->value (
-                                     sessionId+"/sshproxykrblogin",
-                                     false
-                                 ).toBool() );
+                                    sessionId+"/sshproxykrblogin",
+                                    false
+                                ).toBool() );
 
     if(proxyHost->text().indexOf(":")!=-1)
     {
@@ -718,6 +724,7 @@ void SessionWidget::readConfig()
 #ifdef Q_OS_LINUX
     slot_rdpDirectClicked();
 #endif
+    slot_krbChecked();
 }
 
 void SessionWidget::setDefaults()
@@ -790,6 +797,7 @@ void SessionWidget::saveSettings()
                              ( QVariant ) sshPort->value() );
     st.setting()->setValue(sessionId+"/autologin",( QVariant ) cbAutoLogin->isChecked());
     st.setting()->setValue(sessionId+"/krblogin",( QVariant ) cbKrbLogin->isChecked());
+    st.setting()->setValue(sessionId+"/krbdelegation",( QVariant ) cbKrbDelegation->isChecked());
 #ifdef Q_OS_LINUX
     st.setting()->setValue(sessionId+"/directrdp",( QVariant ) cbDirectRDP->isChecked());
 #endif
@@ -889,3 +897,8 @@ void SessionWidget::slot_emitSettings()
     emit settingsChanged(server->text(), QString::number( rdpPort->value()), uname->text());
 }
 #endif
+
+void SessionWidget::slot_krbChecked()
+{
+    cbKrbDelegation->setEnabled(cbKrbLogin->isChecked());
+}
diff --git a/sessionwidget.h b/sessionwidget.h
index e3858cc..fd98507 100644
--- a/sessionwidget.h
+++ b/sessionwidget.h
@@ -50,6 +50,7 @@ private slots:
     void slot_proxyType();
     void slot_proxySameLogin();
     void slot_proxyGetKey();
+    void slot_krbChecked();
 public slots:
 #ifdef Q_OS_LINUX
     void slot_rdpDirectClicked();
@@ -68,6 +69,7 @@ private:
     QLineEdit* key;
     QCheckBox* cbAutoLogin;
     QCheckBox* cbKrbLogin;
+    QCheckBox* cbKrbDelegation;
 #ifdef Q_OS_LINUX
     QCheckBox* cbDirectRDP;
 #endif
diff --git a/sshmasterconnection.cpp b/sshmasterconnection.cpp
index aa8269d..1dcd7fe 100755
--- a/sshmasterconnection.cpp
+++ b/sshmasterconnection.cpp
@@ -165,6 +165,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, QString host, int por
     nextPid=0;
 
     breakLoop=false;
+    kerberosDelegation=false;
     this->host=host;
     this->port=port;
     this->user=user;
@@ -222,6 +223,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, ONMainWindow* mwd, QS
     tcpNetworkProxy = NULL;
     sshProxy= NULL;
     sshProxyReady=false;
+    kerberosDelegation=false;
     breakLoop=false;
     this->host=host;
     this->port=port;
diff --git a/sshmasterconnection.h b/sshmasterconnection.h
index 7354e50..6494356 100644
--- a/sshmasterconnection.h
+++ b/sshmasterconnection.h
@@ -27,6 +27,12 @@
 #include <QTcpSocket>
 #include <QNetworkProxy>
 
+
+#define PROPERTY(TYPE,NAME)  private: TYPE NAME; \
+public: TYPE get_##NAME(){return NAME;} \
+void set_##NAME(TYPE VAL){NAME=VAL;}
+
+
 class ONMainWindow;
 class SshProcess;
 struct ChannelConnection
@@ -56,6 +62,7 @@ struct CopyRequest
 class SshMasterConnection: public QThread
 {
     Q_OBJECT
+    PROPERTY(bool, kerberosDelegation)
 public:
     enum ProxyType {PROXYSSH, PROXYHTTP};
     void run();
diff --git a/sshprocess.cpp b/sshprocess.cpp
index b9f690a..f2e847d 100755
--- a/sshprocess.cpp
+++ b/sshprocess.cpp
@@ -205,11 +205,19 @@ void SshProcess::startNormal(const QString& cmd)
         QString shcmd = "echo X2GODATABEGIN:" + uuidStr + "; "+cmd+"; echo X2GODATAEND:" + uuidStr;
         proc=new QProcess(this);
 #ifdef Q_OS_WIN
-        addPuttyReg(host, uuidStr);
-        host = uuidStr;
+        if(masterCon->get_kerberosDelegation())
+        {
+            addPuttyReg(host, uuidStr);
+            host = uuidStr;
+        }
         QString sshString="plink -batch -P "+
 #else
-        QString sshString=QString::null+"ssh"+ KEEPALIVE_OPTION +"-K -o GSSApiAuthentication=yes -o PasswordAuthentication=no -p "+
+        QString krbDelegOption=" -k ";
+        if(masterCon->get_kerberosDelegation())
+        {
+            krbDelegOption=" -K ";
+        }
+        QString sshString=QString::null+"ssh"+ KEEPALIVE_OPTION +krbDelegOption+" -o GSSApiAuthentication=yes -o PasswordAuthentication=no -p "+
 #endif
                           QString::number(masterCon->getPort())+" -l "+
                           masterCon->getUser()+" "+ host +  " \""+shcmd+"\"";


hooks/post-receive
-- 
x2goclient.git (X2Go Client)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goclient.git" (X2Go Client).




More information about the x2go-commits mailing list