This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goserver. commit 1a9983eada2994337304832610d838f99e7b3f4e Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sun Nov 16 01:27:44 2014 +0100 Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes). --- X2Go/Server/Agent.pm | 6 +++- X2Go/Server/Agent/NX.pm | 34 +++++++++++++-------- X2Go/Server/DB/SQLite3.pm | 8 ++--- X2Go/Utils.pm | 5 +-- debian/changelog | 2 ++ x2goserver/bin/x2golistdesktops | 18 ++++++----- x2goserver/bin/x2golistshadowsessions | 4 ++- x2goserver/bin/x2gostartagent | 52 +++++++++++++++++++++++--------- x2goserver/lib/x2gochangestatus | 2 +- x2goserver/lib/x2gocreatesession | 2 +- x2goserver/lib/x2gocreateshadowsession | 4 +-- 11 files changed, 90 insertions(+), 47 deletions(-) diff --git a/X2Go/Server/Agent.pm b/X2Go/Server/Agent.pm index 5a71ca8..c232d30 100644 --- a/X2Go/Server/Agent.pm +++ b/X2Go/Server/Agent.pm @@ -42,7 +42,7 @@ load_module $agent_module; use base 'Exporter'; -our @EXPORT=( 'session_has_terminated', 'session_is_running', 'session_is_suspended' , 'has_agent_state_file', 'get_agent_state' ); +our @EXPORT=( 'session_has_terminated', 'session_is_running', 'session_is_suspended' , 'get_agent_state_file', 'has_agent_state_file', 'get_agent_state' ); @@ -60,6 +60,10 @@ sub session_is_suspended { return $agent_module->session_is_suspended(@_); } +sub get_agent_state_file { + return $agent_module->get_agent_state_file(@_); +} + sub has_agent_state_file { return $agent_module->has_agent_state_file(@_); } diff --git a/X2Go/Server/Agent/NX.pm b/X2Go/Server/Agent/NX.pm index 3e2ada6..831b1dd 100644 --- a/X2Go/Server/Agent/NX.pm +++ b/X2Go/Server/Agent/NX.pm @@ -71,17 +71,32 @@ sub session_is_running return 0; } -sub has_agent_state_file +sub get_agent_state_file { my $sess=@_[1]; - my $user=@_[2]; + my $user; + + if ( $sess =~ m/.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD.*XSHADPP.*/ ) { + my $shadow_user = $sess; + $shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/; + $user = $shadow_user; + } else { + $user=@_[2]; + } + my $stateFile; if ( -d "/tmp-inst/${user}/.x2go-${user}" ) { $stateFile="/tmp-inst/${user}/.x2go-".$user."/C-".$sess."/state"; } else { $stateFile = "/tmp/.x2go-".$user."/C-".$sess."/state"; } - if ( -e $stateFile ) + return $stateFile; +} + +sub has_agent_state_file +{ + my $stateFile = get_agent_state_file(@_); + if ( -e "$stateFile" ) { return 1; } @@ -90,18 +105,11 @@ sub has_agent_state_file sub get_agent_state { - my $sess=@_[1]; - my $user=@_[2]; my $state; - my $stateFile; - if ( -d "/tmp-inst/${user}/.x2go-${user}" ) { - $stateFile="/tmp-inst/${user}/.x2go-".$user."/C-".$sess."/state"; - } else { - $stateFile = "/tmp/.x2go-".$user."/C-".$sess."/state"; - } - if (! -e $stateFile ) + my $stateFile = get_agent_state_file(@_); + if (! -e "$stateFile" ) { - syslog('warning', "$sess: state file for this session does not exists: $stateFile (this can be ignored during session startups)"); + syslog('warning', "@_[1]: state file for this session does not exist: $stateFile (this can be ignored during session startups)"); $state="UNKNOWN"; } else diff --git a/X2Go/Server/DB/SQLite3.pm b/X2Go/Server/DB/SQLite3.pm index b1441da..d693809 100644 --- a/X2Go/Server/DB/SQLite3.pm +++ b/X2Go/Server/DB/SQLite3.pm @@ -297,11 +297,9 @@ sub db_createshadowsession my $fs_port=shift or die"argument \"fs_port\" missed"; $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $shadreq_user = shift or die "argument \"shadreq_user\" missed"; - my $fake_sid = $sid; - $fake_sid =~ s/^$shadreq_user-/$realuser-/; - check_user($fake_sid); + check_user($sid); my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?, - client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?"); + client=?,gr_port=?,sound_port=?,fs_port=?,tekictrl_port=-1,tekidata_port=-1 where session_id=? and uname=?"); $sth->execute($cookie, $pid, $client, $gr_port, $snd_port, $fs_port, $sid, $shadreq_user); if ($sth->err()) { @@ -658,7 +656,7 @@ sub check_user # session id looks like someuser-51-1304005895_stDgnome-session_dp24 # during DB insertsession it only looks like someuser-51-1304005895 my $user = "$sid"; - $user =~ s/$realuser-[0-9]{2,}-[0-9]{10,}.*/$realuser/; + $user =~ s/($realuser-[0-9]{2,}-[0-9]{10,}_st(D|R).*|.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD$realuser.*)/$realuser/; $user eq $realuser or die "$realuser is not authorized"; } diff --git a/X2Go/Utils.pm b/X2Go/Utils.pm index 61b77d3..85ee445 100644 --- a/X2Go/Utils.pm +++ b/X2Go/Utils.pm @@ -132,7 +132,7 @@ sub sanitizer { $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g; if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) { $string = $1; - if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,31}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-]*\_dp[\d]{1,2}$/) { + if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,31}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) { if ((length($1) > 0) and (length($1) < 32)){ return $string; } else {return 0;} @@ -159,7 +159,8 @@ sub system_capture_stdout_output { my $cmd = shift; my @args = @_; syslog("debug", "executing external command ,,$cmd'' with args: ".join(",", @args)); - return capture_stdout { system( $cmd, @args ); }; + my ($stdout, $stderr, @result) = capture { system( $cmd, @args ); }; + return $stdout; } diff --git a/debian/changelog b/debian/changelog index 6c1b987..a76dc00 100644 --- a/debian/changelog +++ b/debian/changelog @@ -182,6 +182,8 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium - Make SSH agent forwarding work after having reconnected via SSH and having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming up with that idea. + - Fix cross-user X2Go Desktop Sharing after being broken by implementing + clipboard mode feature (and probably other code changes). * debian/control: + Add D (x2goserver): libfile-which-perl. * debian/x2goserver.docs: diff --git a/x2goserver/bin/x2golistdesktops b/x2goserver/bin/x2golistdesktops index 058ede8..451eac1 100755 --- a/x2goserver/bin/x2golistdesktops +++ b/x2goserver/bin/x2golistdesktops @@ -86,20 +86,24 @@ for(my $i=0;$i<@outp;$i++) } } -my $outp=`ls -1 /tmp/ | grep x2godesktopsharing_`; +my $outp=`ls -1 /tmp/ | grep x2godesktopsharing_\@*\@:*`; @outp=split("\n","$outp"); for(my $i=0;$i<@outp;$i++) { - my @ln=split("\@",@outp[$i]); - if ( @ln[1] ne $uname ) - { - push (@displays, "@ln[1]\@@ln[2]\n"); + if (( -r "/tmp/@outp[$i]" ) and ( -w "/tmp/@outp[$i]" )) { + my @ln=split("\@",@outp[$i]); + if ( @ln[1] ne $uname ) + { + push (@displays, "@ln[1]\@@ln[2]"); + } } } -if (@displays) { - print "@displays\n"; +for(my $i=0;$i<@displays;$i++) { + if ( @displays[$i] ) { + print "@displays[$i]\n"; + } } # closing syslog closelog; diff --git a/x2goserver/bin/x2golistshadowsessions b/x2goserver/bin/x2golistshadowsessions index aad9c63..ac8cfaf 100755 --- a/x2goserver/bin/x2golistshadowsessions +++ b/x2goserver/bin/x2golistshadowsessions @@ -68,7 +68,9 @@ for (my $i=0;$i<@outp;$i++) { if (@sinfo[4]eq 'R') { - if(session_is_suspended(@sinfo[1], @sinfo[11])) + my $shadow_user = @sinfo[1]; + $shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/; + if(session_is_suspended(@sinfo[1], $shadow_user)) { db_changestatus( 'S', @sinfo[1] ); @outp[$i] =~ s/\|R\|/\|S\|/; diff --git a/x2goserver/bin/x2gostartagent b/x2goserver/bin/x2gostartagent index cf2c373..86f08d6 100755 --- a/x2goserver/bin/x2gostartagent +++ b/x2goserver/bin/x2gostartagent @@ -34,9 +34,6 @@ if egrep "^backend[ ]*=[ ]*postgres" /etc/x2go/x2gosql/sql 1>/dev/null 2>/dev/nu elif [ -z "$USER" ]; then echo "The \$USER environment variable is not set. Aborting session startup." exit -2 -elif [ -z "$SSH_CLIENT" ]; then - echo "The \$SSH_CLIENT environment variable is not set. Aborting session startup." - exit -3 elif [ -z "$HOME" ]; then echo "The \$HOME environment variable is not set. Aborting session startup." exit -4 @@ -62,7 +59,11 @@ fi REMOTE=localhost -X2GO_CLIENT=`echo $SSH_CLIENT | awk '{print $1}'` +if [ -z "$X2GO_CLIENT" ] && [ -n "$SSH_CLIENT" ]; then + X2GO_CLIENT=`echo $SSH_CLIENT | awk '{print $1}'` +elif [ -z "$X2GO_CLIENT" ] && [ -n "$SSH_CONNECTION" ]; then + X2GO_CLIENT=`echo $SSH_CONNECTION | awk '{print $1}'` +fi $X2GO_LIB_PATH/x2gosyslog "$0" "debug" "client announced itself as ,,$X2GO_CLIENT''" X2GO_GEOMETRY="$1"; shift @@ -74,10 +75,11 @@ X2GO_KBD_TYPE="$1"; shift X2GO_SET_KBD="$1"; shift X2GO_STYPE="$1"; shift X2GO_CMD="$1"; shift -X2GO_CLIPBOARD="$1"; shift X2GO_RESIZE=1 X2GO_FULLSCREEN=0 +X2GO_CLIPBOARD="" + XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"} @@ -87,16 +89,16 @@ if [ "$X2GO_STYPE" == "S" ]; then SHADOW_USER=`echo $X2GO_CMD |awk '{split($0,a,"XSHAD"); print a[2]}'` SHADOW_DESKTOP=`echo $X2GO_CMD |awk '{split($0,a,"XSHAD"); print a[3]}'` - test -z $1 && { + if [ -z "$1" ]; then # can this line be removed? #echo "suser $SHADOW_USER user $USER " >> /tmp/uagent $X2GO_LIB_PATH/x2gosyslog "$0" "debug" "shadow session requested: mode $SHADOW_MODE, user: $SHADOW_USER, desktop: $SHADOW_DESKTOP" - } || { + else SHADREQ_USER="$1"; shift $X2GO_LIB_PATH/x2gosyslog "$0" "debug" "preparing shadow session request for user $SHADREQ_USER, agent starts for user ${USER}" - } + fi if [ "$SHADOW_USER" != "$USER" ]; then @@ -107,8 +109,12 @@ if [ "$X2GO_STYPE" == "S" ]; then $X2GO_LIB_PATH/x2gosyslog "$0" "debug" "command result is: $OUTPUT" if [ "${OUTPUT:0:4}" == "DENY" ]; then echo "ACCESS DENIED" 1>&2 + DENIAL_REASON="${OUTPUT:5}" + if [ -z "$DENIAL_REASON" ]; then + DENIAL_REASON="the user ,,$SHADOW_USER'' does not seem to have desktop sharing activated" + fi $X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: user $SHADOW_USER denied desktop sharing session" - $X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: reason: for desktop sharing denial ${OUTPUT:5}" + $X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: reason for desktop sharing denial: ${DENIAL_REASON}" exit -1 fi X2GO_COOKIE=`echo $OUTPUT | awk '{print $2}'` @@ -127,6 +133,15 @@ if [ "$X2GO_STYPE" == "S" ]; then echo $OUTPUT | awk '{print $7}' exit 0 fi +else + + # only check the SSH_CLIENT variable for non-shadow sessions + if [ -z "$SSH_CLIENT" ]; then + echo "The \$SSH_CLIENT environment variable is not set. Aborting session startup." + exit -3 + fi + + X2GO_CLIPBOARD="$1"; shift fi LIMIT=`x2gosessionlimit` @@ -202,7 +217,7 @@ while [ "$OUTPUT" != "inserted" ]; do fi done -if [ "x$X2GO_TELEKINESIS_ENABLED" == "x0" ] || ! type -p telekinesis-server 1>/dev/null; then +if [ "x$X2GO_TELEKINESIS_ENABLED" == "x0" ] || [ "x$X2GO_STYPE" = "xS" ] || ! type -p telekinesis-server 1>/dev/null; then TEKICTRL_PORT="-1" TEKIDATA_PORT="-1" X2GO_TELEKINESIS_ENABLED="0" @@ -273,7 +288,7 @@ if [ ! -d "$X2GO_TMP_ROOT" ]; then fi SESSION_DIR="${X2GO_TMP_ROOT}/C-${SESSION_NAME}" -if [ "x$X2GO_TELEKINESIS_ENABLED" != "x0" ]; then +if [ "x$X2GO_TELEKINESIS_ENABLED" != "x0" ] && [ "x$X2GO_STYPE" != "xS" ]; then mkdir -p "${SESSION_DIR}/telekinesis/remote/" fi @@ -282,11 +297,18 @@ STATE_FILE="${SESSION_DIR}/state" # do not use $TMP or $TEMP here, the session.log file location has to be accessible by root SESSION_LOG="${SESSION_DIR}/session.log" mkdir -p "${SESSION_DIR}" -chmod -f 0700 "${SESSION_DIR}" +if [ "x$X2GO_STYPE" = "xS" ]; then + chmod -f 0710 "${SESSION_DIR}" + if groups "$USER" | grep x2godesktopsharing 1>/dev/null 2>/dev/null; then + $X2GO_LIB_PATH/x2gosyslog "$0" "info" "user ,,$USER'' grants access to ${SESSION_DIR} for group ,,x2godesktopsharing''" + chown :x2godesktopsharing "${SESSION_DIR}" + fi +else + chmod -f 0700 "${SESSION_DIR}" +fi touch "${SESSION_LOG}" chmod -f 0600 "${SESSION_LOG}" - if [ ! -d "$X2GO_ROOT/ssh" ]; then mkdir "$X2GO_ROOT/ssh" fi @@ -372,8 +394,10 @@ X2GO_AGENT_RETVAL=$? X2GO_SND_PORT=1024 if [ -n "$SHADREQ_USER" ]; then - $X2GO_LIB_PATH/x2gocreateshadowsession "$SESSION_NAME" "$X2GO_COOKIE" "$X2GO_AGENT_PID" "$X2GO_CLIENT" "$GR_PORT" "$SOUND_PORT" "$FS_PORT""$SHADREQ_USER" > /dev/null + $X2GO_LIB_PATH/x2gosyslog "$0" "info" "creating new shadow session: $SESSION_NAME $X2GO_COOKIE $X2GO_AGENT_PID $X2GO_CLIENT $GR_PORT $SOUND_PORT $FS_PORT $SHADREQ_USER" + $X2GO_LIB_PATH/x2gocreateshadowsession "$SESSION_NAME" "$X2GO_COOKIE" "$X2GO_AGENT_PID" "$X2GO_CLIENT" "$GR_PORT" "$SOUND_PORT" "$FS_PORT" "$SHADREQ_USER" > /dev/null else + $X2GO_LIB_PATH/x2gosyslog "$0" "info" "creating new session: $SESSION_NAME $X2GO_COOKIE $X2GO_AGENT_PID $X2GO_CLIENT $GR_PORT $SOUND_PORT $FS_PORT $TEKICTRL_PORT $TEKIDATA_PORT" $X2GO_LIB_PATH/x2gocreatesession "$SESSION_NAME" "$X2GO_COOKIE" "$X2GO_AGENT_PID" "$X2GO_CLIENT" "$GR_PORT" "$SOUND_PORT" "$FS_PORT" "$TEKICTRL_PORT" "$TEKIDATA_PORT" > /dev/null fi diff --git a/x2goserver/lib/x2gochangestatus b/x2goserver/lib/x2gochangestatus index 3e9d992..60ac418 100755 --- a/x2goserver/lib/x2gochangestatus +++ b/x2goserver/lib/x2gochangestatus @@ -36,4 +36,4 @@ my $sid=shift or die; db_changestatus($status, $sid); # closing syslog -closelog; \ No newline at end of file +closelog; diff --git a/x2goserver/lib/x2gocreatesession b/x2goserver/lib/x2gocreatesession index 3495e90..5864175 100755 --- a/x2goserver/lib/x2gocreatesession +++ b/x2goserver/lib/x2gocreatesession @@ -43,4 +43,4 @@ my $tekidata_port=shift or die; db_createsession($sid, $cookie, $pid, $client, $gr_port, $snd_port, $fs_port, $tekictrl_port, $tekidata_port); # closing syslog -closelog; \ No newline at end of file +closelog; diff --git a/x2goserver/lib/x2gocreateshadowsession b/x2goserver/lib/x2gocreateshadowsession index 39c7184..07c26d6 100755 --- a/x2goserver/lib/x2gocreateshadowsession +++ b/x2goserver/lib/x2gocreateshadowsession @@ -30,16 +30,16 @@ openlog($0,'cons,pid','user'); setlogmask( LOG_UPTO(loglevel()) ); +my $sid=shift or die; my $cookie=shift or die; my $pid=shift or die; my $client=shift or die; my $gr_port=shift or die; my $snd_port=shift or die; my $fs_port=shift or die; -my $sid=shift or die; my $shadreq_user=shift or die; db_createshadowsession($sid, $cookie, $pid, $client, $gr_port, $snd_port, $fs_port, $shadreq_user); # closing syslog -closelog; \ No newline at end of file +closelog; -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git