[X2Go-Commits] [x2goclient] 29/45: onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when starting sshd in user mode.
git-admin at x2go.org
git-admin at x2go.org
Mon May 25 02:41:22 CEST 2015
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch bugfix/osx
in repository x2goclient.
commit c3b90741ecae4ad8fee2056034c94c43f6e5d122
Author: Mihai Moldovan <ionic at ionic.de>
Date: Sat Mar 21 03:58:18 2015 +0100
onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when starting sshd in user mode.
Put the authorized_keys file in there. Check and set correct permissions
for both the directory and authorized_keys file. Generalize some
Windows-specific sections by using QDir and QFile.
---
debian/changelog | 4 ++
src/onmainwindow.cpp | 183 +++++++++++++++++++++++++++++++++-----------------
2 files changed, 126 insertions(+), 61 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 35944da..3de7fc7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -477,6 +477,10 @@ x2goclient (4.0.4.0-0x2go1) UNRELEASED; urgency=low
warnings with GCC. Fix a few whitespace issues.
- appdialog.cpp: initialize parent in default case. Another GCC compile
warning fix.
+ - onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when
+ starting sshd in user mode. Put the authorized_keys file in there. Check
+ and set correct permissions for both the directory and authorized_keys
+ file. Generalize some Windows-specific sections by using QDir and QFile.
[ Fernando Pedemonte ]
* New upstream release (4.0.4.0):
diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp
index 5b664b2..b02b04d 100644
--- a/src/onmainwindow.cpp
+++ b/src/onmainwindow.cpp
@@ -7898,43 +7898,54 @@ void ONMainWindow::slotRetExportDir ( bool result,QString output,
QByteArray line = file.readLine();
file.close();
- QString authofname=homeDir;
-#ifdef Q_OS_WIN
- QDir dir;
- dir.mkpath ( authofname+"\\.x2go\\.ssh" );
- x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh";
+ QDir authorized_keys_dir (homeDir);
- authofname=wapiShortFileName ( authofname ) +"/.x2go";
-#endif
- authofname+="/.ssh/authorized_keys" ;
- file.setFileName ( authofname );
- if ( !file.open ( QIODevice::ReadOnly | QIODevice::Text ) )
- {
- printSshDError_noAuthorizedKeysFile();
- QFile::remove
- ( key+".pub" );
- return;
+ /*
+ * Do the user SSHD/global SSHD dance here and either use the
+ * private .x2go/.ssh or the global .ssh dir.
+ */
+ if (userSshd) {
+ authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/");
}
+ authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/");
+ QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys");
- QTemporaryFile tfile ( authofname );
- tfile.open();
- tfile.setAutoRemove ( true );
- QTextStream out ( &tfile );
+ /*
+ * We do not try to create the file first.
+ * This has been already done in startX2goMount().
+ * We wouldn't be here if that failed.
+ */
+ if (!authorized_keys_file.open (QIODevice::ReadOnly | QIODevice::Text)) {
+ printSshDError_noAuthorizedKeysFile ();
+ QFile::remove (key + ".pub");
+ return;
+ }
- while ( !file.atEnd() )
- {
- QByteArray newline = file.readLine();
- if ( newline!=line )
- out<<newline;
+ QTemporaryFile tfile (authorized_keys_file.fileName ());
+ tfile.open ();
+ tfile.setPermissions (QFile::ReadOwner | QFile::WriteOwner);
+ tfile.setAutoRemove (true);
+ QTextStream out (&tfile);
+
+ /*
+ * Copy the content of the authorized_keys file to our new temporary file
+ * and remove the public authorized key for the current "session" again.
+ */
+ while (!authorized_keys_file.atEnd ()) {
+ QByteArray newline = authorized_keys_file.readLine ();
+ if (newline != line)
+ out << newline;
}
- file.close();
- tfile.close();
- file.remove();
- tfile.copy ( authofname );
- QFile::remove
- ( key+".pub" );
+
+ authorized_keys_file.close ();
+ tfile.close ();
+
+ authorized_keys_file.remove ();
+
+ tfile.copy (authorized_keys_file.fileName ());
+ QFile::remove (key + ".pub");
}
@@ -9070,41 +9081,90 @@ void ONMainWindow::startX2goMount()
QByteArray line = file.readLine();
file.close();
- QString authofname=homeDir;
-#ifdef Q_OS_WIN
- QDir tdir;
- tdir.mkpath ( authofname+"\\.x2go\\.ssh" );
- x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh";
+ QDir authorized_keys_dir (homeDir);
- authofname=wapiShortFileName ( authofname ) +"/.x2go";
-#endif
- authofname+= "/.ssh/authorized_keys" ;
+ /*
+ * Do the user SSHD/global SSHD dance here and either use the
+ * private .x2go/.ssh or the global .ssh dir.
+ */
+ if (userSshd) {
+ authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/");
+ }
- QFile file1 ( authofname );
+ authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/");
+ QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys");
- if ( !file1.open ( QIODevice::WriteOnly | QIODevice::Text |
- QIODevice::Append ) )
- {
- QString message=tr ( "Unable to write:\n" ) + authofname;
- QMessageBox::critical ( 0l,tr ( "Error" ),message,
- QMessageBox::Ok,
- QMessageBox::NoButton );
- QFile::remove
- ( fsExportKey+".pub" );
- return;
+ if (userSshd) {
+ x2goDebug << "Creating dir " << authorized_keys_dir.absolutePath ();
+ authorized_keys_dir.mkpath (authorized_keys_dir.absolutePath ());
+ }
+ x2goDebug << "Potentially creating file " << authorized_keys_file.fileName ();
+ if (!authorized_keys_file.open (QIODevice::WriteOnly | QIODevice::Text | QIODevice::Append)) {
+ QString message = tr ("Unable to create or append to file: ") + authorized_keys_file.fileName ();
+ QMessageBox::critical (0l, tr ("Error"), message,
+ QMessageBox::Ok, QMessageBox::NoButton);
+ QFile::remove (fsExportKey + ".pub");
+ return;
}
- directory* dir=getExpDir ( fsExportKey );
- bool rem=dir->isRemovable;
- if ( !dir )
- return;
- QTextStream out ( &file1 );
- out<<line;
- file1.close();
+#ifdef Q_OS_UNIX
+ QFile::Permissions authorized_keys_file_perm = authorized_keys_file.permissions ();
+ QFile::Permissions authorized_keys_file_target_perm = QFile::ReadOwner | QFile::WriteOwner;
+
+ bool permission_error = false;
+
+ /*
+ * Try to set the permissions if they are wrong.
+ * (sshd would disallow such a file.)
+ */
+ if (authorized_keys_file_perm != authorized_keys_file_target_perm) {
+ if (!authorized_keys_file.setPermissions (authorized_keys_file_target_perm)) {
+ /* FIXME: use a function for this... */
+ QString message = tr ("Unable to change the permissions of file: ") + authorized_keys_file.fileName ();
+ message += "\n" + tr ("This is an error because sshd would deny such a file.");
+ QMessageBox::critical (NULL, tr ("Error"), message,
+ QMessageBox::Ok, QMessageBox::NoButton);
+ permission_error = true;
+ }
+ }
+
+ QFile::Permissions authorized_keys_dir_perm = QFile (authorized_keys_dir.absolutePath ()).permissions ();
+ QFile::Permissions authorized_keys_dir_target_perm = QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner;
+
+ /*
+ * Try to set the permissions if they are wrong.
+ * (sshd would disallow such a directory.)
+ */
+ if (authorized_keys_dir_perm != authorized_keys_dir_target_perm) {
+ if (!QFile (authorized_keys_dir.absolutePath ()).setPermissions (authorized_keys_dir_target_perm)) {
+ /* FIXME: use a function for this... */
+ QString message = tr ("Unable to change the permissions of directory: ") + authorized_keys_dir.absolutePath ();
+ message += "\n" + tr ("This is an error because sshd would deny such a directory.");
+ QMessageBox::critical (NULL, tr ("Error"), message,
+ QMessageBox::Ok, QMessageBox::NoButton);
+ permission_error = true;
+ }
+ }
+
+ if (permission_error) {
+ QFile::remove (fsExportKey + ".pub");
+ return;
+ }
+#endif /* defined (Q_OS_UNIX) */
+
+ directory* dir = getExpDir (fsExportKey);
+ bool rem = dir->isRemovable;
+ if (!dir) {
+ return;
+ }
- x2goDebug<<"Temporarily activated public key from file "<<fsExportKey<<".pub."<<endl;
+ QTextStream out (&authorized_keys_file);
+ out << line;
+ authorized_keys_file.close ();
+
+ x2goDebug << "Temporarily activated public key from file " << fsExportKey << ".pub.";
QString passwd=getCurrentPass();
QString user=getCurrentUname();
@@ -9878,18 +9938,19 @@ void ONMainWindow::generateEtcFiles()
QFile file ( etcDir +"/sshd_config" );
if ( !file.open ( QIODevice::WriteOnly | QIODevice::Text ) )
return;
+ QString authKeyPath = homeDir + "/.x2go/.ssh/authorized_keys";
#ifdef Q_OS_WIN
- QString authKeyPath=cygwinPath ( homeDir+"/.x2go/.ssh/authorized_keys" );
- authKeyPath.replace(wapiGetUserName(),"%u");
-#endif
+ authKeyPath = cygwinPath (authKeyPath);
+ authKeyPath.replace (wapiGetUserName (), "%u");
+#endif /* defined (Q_OS_WIN) */
QTextStream out ( &file );
out<<"StrictModes no\n"<<
"UsePrivilegeSeparation no\n"<<
"PidFile " + varDir + "/sshd.pid\n" <<
+ "AuthorizedKeysFile \"" << authKeyPath << "\"\n" <<
#ifdef Q_OS_WIN
"Subsystem shell "<< wapiShortFileName ( appDir) +"/sh"+"\n"<<
"Subsystem sftp "<< wapiShortFileName ( appDir) +"/sftp-server"+"\n"<<
- "AuthorizedKeysFile \""<<authKeyPath<<"\"";
#else
"Subsystem sftp "
<<appDir<<"/sftp-server\n";
--
Alioth's /srv/git/code.x2go.org/x2goclient.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
More information about the x2go-commits
mailing list