The branch, master has been updated via 2c005d94ce49157cd446f18bfacf85a3aa8eb427 (commit) from 70f0699c0ae5b8f26938d8cfa6c05d2cd5741070 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c005d94ce49157cd446f18bfacf85a3aa8eb427 Author: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de> Date: Fri Jan 3 15:42:33 2014 +0100 make GSSAPI delegation configurable. ----------------------------------------------------------------------- Summary of changes: debian/changelog | 1 + onmainwindow.cpp | 6 +++++- sessionwidget.cpp | 19 ++++++++++++++++--- sessionwidget.h | 2 ++ sshmasterconnection.cpp | 2 ++ sshmasterconnection.h | 7 +++++++ sshprocess.cpp | 14 +++++++++++--- 7 files changed, 44 insertions(+), 7 deletions(-) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index dcc0433..23fd372 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ x2goclient (4.0.1.3-0x2go1) UNRELEASED; urgency=low - changed keyboard settings. Supported modes: auto, none and config with model/layout(variant) - Enables forwarding (delegation) of GSSAPI credentials to the server. + - make GSSAPI delegation configurable. [ Orion Poplawski ] * New upstream version (4.0.1.3): diff --git a/onmainwindow.cpp b/onmainwindow.cpp index 1c8bd8b..a1c6779 100644 --- a/onmainwindow.cpp +++ b/onmainwindow.cpp @@ -3325,6 +3325,7 @@ bool ONMainWindow::startSession ( const QString& sid ) QString host; bool autologin=false; bool krblogin=false; + bool krbDelegation=false; bool useproxy=false; SshMasterConnection::ProxyType proxyType= SshMasterConnection::PROXYHTTP; @@ -3378,6 +3379,8 @@ bool ONMainWindow::startSession ( const QString& sid ) ( QVariant ) false ).toBool(); krblogin=st->setting()->value ( sid+"/krblogin", ( QVariant ) false ).toBool(); + krbDelegation=st->setting()->value ( sid+"/krbdelegation", + ( QVariant ) false ).toBool(); #ifdef Q_OS_LINUX directRDP=(st->setting()->value ( sid+"/directrdp", ( QVariant ) false ).toBool() && cmd == "RDP"); @@ -3502,6 +3505,7 @@ bool ONMainWindow::startSession ( const QString& sid ) sshConnection=startSshConnection ( host,sshPort,acceptRsa,user,passwd,autologin, krblogin, false, useproxy,proxyType,proxyserver, proxyport, proxylogin, proxypassword, proxyKey,proxyAutologin, proxyKrbLogin); + sshConnection->set_kerberosDelegation(krbDelegation); return true; } @@ -6195,7 +6199,7 @@ void ONMainWindow::runCommand() command.replace ( " ","X2GO_SPACE_CHAR" ); QString krbFwString; - if(sshConnection->useKerberos()) + if(sshConnection->useKerberos() && sshConnection->get_kerberosDelegation()) { krbFwString="KRB5CCNAME=`echo $KRB5CCNAME |sed 's/FILE://g'` \ KRBFL=~/.x2go/C-"+resumingSession.sessionId+"/krb5cc ;\ diff --git a/sessionwidget.cpp b/sessionwidget.cpp index 5874a92..418924d 100644 --- a/sessionwidget.cpp +++ b/sessionwidget.cpp @@ -126,8 +126,10 @@ SessionWidget::SessionWidget ( QString id, ONMainWindow * mw, sgbLay->addLayout ( keyLay ); cbAutoLogin=new QCheckBox(tr("Try auto login (ssh-agent or default ssh key)"),sgb); cbKrbLogin=new QCheckBox(tr("Kerberos 5 (GSSAPI) authentication"),sgb); + cbKrbDelegation=new QCheckBox(tr("Delegation of GSSAPI credentials to the server"),sgb); sgbLay->addWidget(cbAutoLogin); sgbLay->addWidget(cbKrbLogin); + sgbLay->addWidget(cbKrbDelegation); cbProxy=new QCheckBox(tr("Use Proxy server for SSH connection"),sgb); proxyBox=new QGroupBox(tr("Proxy server"),sgb); sgbLay->addWidget(cbProxy); @@ -260,6 +262,7 @@ SessionWidget::SessionWidget ( QString id, ONMainWindow * mw, SIGNAL ( nameChanged ( const QString & ) ) ); connect (server, SIGNAL(textChanged(const QString&)),this, SLOT(slot_emitSettings())); connect (uname, SIGNAL(textChanged(const QString&)),this, SLOT(slot_emitSettings())); + connect (cbKrbLogin, SIGNAL(clicked(bool)), this, SLOT(slot_krbChecked())); #ifdef Q_OS_LINUX connect (rdpPort, SIGNAL(valueChanged(int)),this, SLOT(slot_emitSettings())); #endif @@ -528,6 +531,9 @@ void SessionWidget::readConfig() cbKrbLogin->setChecked(st.setting()->value ( sessionId+"/krblogin", ( QVariant ) false ).toBool()); + cbKrbDelegation->setChecked(st.setting()->value ( + sessionId+"/krbdelegation", + ( QVariant ) false ).toBool()); sshPort->setValue ( st.setting()->value ( sessionId+"/sshport", @@ -593,9 +599,9 @@ void SessionWidget::readConfig() false ).toBool() ); cbProxyKrbLogin->setChecked(st.setting()->value ( - sessionId+"/sshproxykrblogin", - false - ).toBool() ); + sessionId+"/sshproxykrblogin", + false + ).toBool() ); if(proxyHost->text().indexOf(":")!=-1) { @@ -718,6 +724,7 @@ void SessionWidget::readConfig() #ifdef Q_OS_LINUX slot_rdpDirectClicked(); #endif + slot_krbChecked(); } void SessionWidget::setDefaults() @@ -790,6 +797,7 @@ void SessionWidget::saveSettings() ( QVariant ) sshPort->value() ); st.setting()->setValue(sessionId+"/autologin",( QVariant ) cbAutoLogin->isChecked()); st.setting()->setValue(sessionId+"/krblogin",( QVariant ) cbKrbLogin->isChecked()); + st.setting()->setValue(sessionId+"/krbdelegation",( QVariant ) cbKrbDelegation->isChecked()); #ifdef Q_OS_LINUX st.setting()->setValue(sessionId+"/directrdp",( QVariant ) cbDirectRDP->isChecked()); #endif @@ -889,3 +897,8 @@ void SessionWidget::slot_emitSettings() emit settingsChanged(server->text(), QString::number( rdpPort->value()), uname->text()); } #endif + +void SessionWidget::slot_krbChecked() +{ + cbKrbDelegation->setEnabled(cbKrbLogin->isChecked()); +} diff --git a/sessionwidget.h b/sessionwidget.h index e3858cc..fd98507 100644 --- a/sessionwidget.h +++ b/sessionwidget.h @@ -50,6 +50,7 @@ private slots: void slot_proxyType(); void slot_proxySameLogin(); void slot_proxyGetKey(); + void slot_krbChecked(); public slots: #ifdef Q_OS_LINUX void slot_rdpDirectClicked(); @@ -68,6 +69,7 @@ private: QLineEdit* key; QCheckBox* cbAutoLogin; QCheckBox* cbKrbLogin; + QCheckBox* cbKrbDelegation; #ifdef Q_OS_LINUX QCheckBox* cbDirectRDP; #endif diff --git a/sshmasterconnection.cpp b/sshmasterconnection.cpp index aa8269d..1dcd7fe 100755 --- a/sshmasterconnection.cpp +++ b/sshmasterconnection.cpp @@ -165,6 +165,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, QString host, int por nextPid=0; breakLoop=false; + kerberosDelegation=false; this->host=host; this->port=port; this->user=user; @@ -222,6 +223,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, ONMainWindow* mwd, QS tcpNetworkProxy = NULL; sshProxy= NULL; sshProxyReady=false; + kerberosDelegation=false; breakLoop=false; this->host=host; this->port=port; diff --git a/sshmasterconnection.h b/sshmasterconnection.h index 7354e50..6494356 100644 --- a/sshmasterconnection.h +++ b/sshmasterconnection.h @@ -27,6 +27,12 @@ #include <QTcpSocket> #include <QNetworkProxy> + +#define PROPERTY(TYPE,NAME) private: TYPE NAME; \ +public: TYPE get_##NAME(){return NAME;} \ +void set_##NAME(TYPE VAL){NAME=VAL;} + + class ONMainWindow; class SshProcess; struct ChannelConnection @@ -56,6 +62,7 @@ struct CopyRequest class SshMasterConnection: public QThread { Q_OBJECT + PROPERTY(bool, kerberosDelegation) public: enum ProxyType {PROXYSSH, PROXYHTTP}; void run(); diff --git a/sshprocess.cpp b/sshprocess.cpp index b9f690a..f2e847d 100755 --- a/sshprocess.cpp +++ b/sshprocess.cpp @@ -205,11 +205,19 @@ void SshProcess::startNormal(const QString& cmd) QString shcmd = "echo X2GODATABEGIN:" + uuidStr + "; "+cmd+"; echo X2GODATAEND:" + uuidStr; proc=new QProcess(this); #ifdef Q_OS_WIN - addPuttyReg(host, uuidStr); - host = uuidStr; + if(masterCon->get_kerberosDelegation()) + { + addPuttyReg(host, uuidStr); + host = uuidStr; + } QString sshString="plink -batch -P "+ #else - QString sshString=QString::null+"ssh"+ KEEPALIVE_OPTION +"-K -o GSSApiAuthentication=yes -o PasswordAuthentication=no -p "+ + QString krbDelegOption=" -k "; + if(masterCon->get_kerberosDelegation()) + { + krbDelegOption=" -K "; + } + QString sshString=QString::null+"ssh"+ KEEPALIVE_OPTION +krbDelegOption+" -o GSSApiAuthentication=yes -o PasswordAuthentication=no -p "+ #endif QString::number(masterCon->getPort())+" -l "+ masterCon->getUser()+" "+ host + " \""+shcmd+"\""; hooks/post-receive -- x2goclient.git (X2Go Client) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goclient.git" (X2Go Client).