[X2Go-Dev] [PATCHv2] Switch to DISPLAY env. var. and UNIX socket connection on OS, X.
Mihai Moldovan
ionic at ionic.de
Mon Feb 27 05:52:26 CET 2012
Detect the current X11 socket by examining the DISPLAY environment
variable, which is set to some UNIX socket path by launchd on each
user login.
Do a connection test via this UNIX socket.
Let nxproxy use the X server via the provided UNIX socket, instead
of connecting via TCP.
This allows users to shutdown network connections for X11, which is
a potential security risk. Even more so, if connection authentication
is turned off, which is required for "strange" setups via ssh tunnels,
it opens up your machine to any other computer it is reachable by
with no authentication.
Signed-off-by: Mihai Moldovan <ionic at ionic.de>
---
onmainwindow.cpp | 36 +++++++++---------
onmainwindow_part2.cpp | 9 +++-
onmainwindow_part3.cpp | 100 ++++++++++++++++--------------------------------
onmainwindow_privat.h | 6 +-
4 files changed, 61 insertions(+), 90 deletions(-)
diff --git a/onmainwindow.cpp b/onmainwindow.cpp
index 344c993..6118f1f 100644
--- a/onmainwindow.cpp
+++ b/onmainwindow.cpp
@@ -1,22 +1,22 @@
/***************************************************************************
-* Copyright (C) 2005-2012 by Oleksandr Shneyder *
-* oleksandr.shneyder at obviously-nice.de *
-* *
-* This program is free software; you can redistribute it and/or modify *
-* it under the terms of the GNU General Public License as published by F*
-* the Free Software Foundation; either version 2 of the License, or *
-* (at your option) any later version. *
-* *
-* This program is distributed in the hope that it will be useful, *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
-* GNU General Public License for more details. *
-* *
-* You should have received a copy of the GNU General Public License *
-* along with this program; if not, write to the *
-* Free Software Foundation, Inc., *
-* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
-***************************************************************************/
+ * Copyright (C) 2005-2012 by Oleksandr Shneyder *
+ * oleksandr.shneyder at obviously-nice.de *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
#include "onmainwindow_privat.h"
diff --git a/onmainwindow_part2.cpp b/onmainwindow_part2.cpp
index f43c179..e8df279 100644
--- a/onmainwindow_part2.cpp
+++ b/onmainwindow_part2.cpp
@@ -1900,12 +1900,17 @@ void ONMainWindow::slotTunnelOk()
env << "NX_CLIENT="+QCoreApplication::applicationFilePath ();
#if defined ( Q_OS_WIN ) || defined ( Q_OS_DARWIN )
+ // On Mac OS X, we want to make sure that DISPLAY is set to a proper value,
+ // but at the same time don't want to set the value ourselves but keep
+ // the provided one.
QString disp=getXDisplay();
if ( disp==QString::null )
{
//slotProxyerror ( QProcess::FailedToStart );
return;
}
+#endif // Q_OS_WIN || Q_OS_DARWIN
+#if defined ( Q_OS_WIN )
if ( dispInd==-1 )
{
env <<"DISPLAY=localhost:"+disp;
@@ -1917,8 +1922,8 @@ void ONMainWindow::slotTunnelOk()
/* x2goDebug<<"existing env DISPLAY("<<dispInd<<
") DISPLAY=localhost:"+disp<<endl;*/
}
-#endif
-#ifdef Q_OS_DARWIN
+#endif // Q_OS_WIN
+#if defined ( Q_OS_DARWIN )
//setting /usr/X11/bin to find xauth
env.insert (
0,
diff --git a/onmainwindow_part3.cpp b/onmainwindow_part3.cpp
index fb6a3ba..7eb14f3 100644
--- a/onmainwindow_part3.cpp
+++ b/onmainwindow_part3.cpp
@@ -1,22 +1,22 @@
/***************************************************************************
-* Copyright (C) 2005-2012 by Oleksandr Shneyder *
-* oleksandr.shneyder at obviously-nice.de *
-* *
-* This program is free software; you can redistribute it and/or modify *
-* it under the terms of the GNU General Public License as published by F*
-* the Free Software Foundation; either version 2 of the License, or *
-* (at your option) any later version. *
-* *
-* This program is distributed in the hope that it will be useful, *
-* but WITHOUT ANY WARRANTY; without even the implied warranty of *
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
-* GNU General Public License for more details. *
-* *
-* You should have received a copy of the GNU General Public License *
-* along with this program; if not, write to the *
-* Free Software Foundation, Inc., *
-* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
-***************************************************************************/
+ * Copyright (C) 2005-2012 by Oleksandr Shneyder *
+ * oleksandr.shneyder at obviously-nice.de *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
#include "onmainwindow_privat.h"
@@ -2054,63 +2054,29 @@ bool ONMainWindow::checkAgentProcess()
#if defined ( Q_OS_DARWIN )
QString ONMainWindow::getXDisplay()
{
- QTcpSocket tcpSocket ( this );
- uint dispNumber=0;
- QString xname,xdir,xopt;
- dispNumber=0;
- xdir=ConfigDialog::getXDarwinDirectory();
- xname=xdir+"/Contents/MacOS/X11";
- xopt=" -rootless :0";
+ QLocalSocket unixSocket (this);
+ QString xsocket (getenv ("DISPLAY"));
- //for newer versions of XQuartz start startx instead of X11.app
- xname="/usr/X11/bin/startx";
- xopt="";
- tcpSocket.connectToHost ( "127.0.0.1",6000+dispNumber );
-
- if ( tcpSocket.waitForConnected ( 3000 ) )
- {
- tcpSocket.close();
- return QString::number ( dispNumber );
- }
- if ( xname==QString::null )
+ // OS X starts the X11 server automatically, as soon as the launchd UNIX socket
+ // is accessed.
+ // On user login, the DISPLAY environment variable is set to this said existing
+ // socket.
+ // By now, we should have a socket. Test, if connecting works.
+ if ((!xsocket.isEmpty ()))
{
- QMessageBox::critical (
- this,tr ( "Can't connect to X-Server" ),
- tr (
- "Can't connect to X-Server\nPlease check your settings"
- ) );
- slotConfig();
- return QString::null;
- }
- QProcess* pr=new QProcess ( this );
- pr->setWorkingDirectory ( xdir );
- pr->start ( xname+" "+xopt,QIODevice::NotOpen );
- if ( pr->waitForStarted ( 3000 ) )
- {
-#ifdef Q_OS_DARWIN
- //FIXME: the call of unistd.h sleep() do not work on all
- // Mac OS X systems
- system ( "sleep 3" );
-#endif
+ unixSocket.connectToServer (xsocket);
- tcpSocket.connectToHost ( "127.0.0.1",6000+dispNumber );
- if ( tcpSocket.waitForConnected ( 1000 ) )
+ if (unixSocket.waitForConnected (10000))
{
- tcpSocket.close();
- return QString::number ( dispNumber );
+ unixSocket.disconnectFromServer ();
+ return (xsocket);
}
- QMessageBox::critical (
- this,tr ( "Can't connect to X-Server" ),
- tr (
- "Can't connect to X-Server\nPlease check your settings"
- ) );
- slotConfig();
- return QString::null;
}
+ // And if not, error out.
QMessageBox::critical (
- this,QString::null,
+ this,tr ( "Can't connect to X server\nPlease check your settings" ),
tr (
- "Can't start X Server\nPlease check your settings" ) );
+ "Can't start X server\nPlease check your settings" ) );
slotConfig();
return QString::null;
}
diff --git a/onmainwindow_privat.h b/onmainwindow_privat.h
index 9e4375a..aa049f7 100644
--- a/onmainwindow_privat.h
+++ b/onmainwindow_privat.h
@@ -1,6 +1,6 @@
/***************************************************************************
- * Copyright (C) 2005-2012 by Oleksandr Shneyder *
- * oleksandr.shneyder at obviously-nice.de *
+ * Copyright (C) 2005-2012 by Oleksandr Shneyder *
+ * oleksandr.shneyder at obviously-nice.de *
* *
* This program is free software; you can redistribute it and/or modify *
* it under the terms of the GNU General Public License as published by *
@@ -66,7 +66,7 @@
#include <QFileDialog>
#include <QHttp>
#include <QUrl>
-#include <QTcpSocket>
+#include <QLocalSocket>
#include <QPlastiqueStyle>
#include "sshprocess.h"
#include "imgframe.h"
--
1.7.9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4369 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20120227/d62cf10e/attachment.bin>
More information about the x2go-dev
mailing list