[X2Go-Dev] Bug#141: Bug#141: Fwd: autologin with x2goclient in broker-mode: analysis and fix for "enter passphrase"-bug

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Mon Apr 22 01:07:03 CEST 2013


clone #141 -1
retitle -1 missing public SSH key file should throw an error
severity -1 minor
tag #141 pending
fixed #141 4.0.1.1
thanks

Hi Anders,

On Sa 20 Apr 2013 20:52:39 CEST Mike Gabriel wrote:

> Analysis of the bug:
> When autologin is enabled, SshMasterConnection::userAuth() will react by
> calling userAuthAuto(), which will look for ssh keys and if you, like me,
> have an ssh key with a passphrase, it will want to try out this key by
> asking for the passphrase (despite having ssh-agent running). If it does
> not find a key, it also asks for a passphrase, at least on my system. The
> reasons for this aren't really important here, in my oppinion. The
> important question here is why it even looks for other keys when the nice
> broker has provided a key. Further analysis and testing showed me that
> after userAuthAuto() exists without having gotten a proper key loaded (by
> pressing Cancel on the dialog box), userAuth() will then test if a key is
> loaded. And because httpbrokerclient has recieved a key and put it into the
> config-variable, a key IS available. This key is then used for login and
> all is good. Looking closer at the code revealed that setting
> config->autologin to true was actually not needed at all, and is the
> culprit here. If autologin is false, then userAuth() will still see that
> there is a key loaded, and happily log in the user.

Thanks for this detailled analysis. It indeed put me on some trail  
that worked.

> My naive fix for this bug:
> In ONMainWindow::startSession(), make setting the autologin variable
> dependent upon not being in brokerMode:
>
> diff --git a/onmainwindow.cpp b/onmainwindow.cpp
> index 31dbc17..bc2b70f 100644
> --- a/onmainwindow.cpp
> +++ b/onmainwindow.cpp
> @@ -3249,8 +3249,9 @@ bool ONMainWindow::startSession ( const QString& sid )
>
>      QString cmd=st->setting()->value ( sid+"/command",
>                                         ( QVariant ) QString::null
> ).toString();
> -    autologin=st->setting()->value ( sid+"/autologin",
> -                                     ( QVariant ) false ).toBool();
> +    if (!brokerMode)
> +        autologin=st->setting()->value ( sid+"/autologin",
> +                                         ( QVariant ) false ).toBool();
>      krblogin=st->setting()->value ( sid+"/krblogin",
>                                      ( QVariant ) false ).toBool();
>  #ifdef Q_OS_LINUX
>
> I can't say what other consequences this might have, not knowing the code
> well enough, but initial tests on my system shows that it works. This patch
> is against git/master btw.

The above fix is not appropriate as it will disable the autologin  
feature completely when x2goclient is in broker mode. That works for  
your setup, but is not a generic solution.

My approach is here:
http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=fe4408b12c982b81c56c52f37230865f4e9f41ea

@Alex: please cross-check. Thanks!

Greets,
Mike


-- 

DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20130422/b6fa9e0f/attachment.pgp>


More information about the x2go-dev mailing list