This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch bugfix/osx in repository x2goclient. from 6be999e appdialog.cpp: initialize parent in default case. Another GCC compile warning fix. new 13cea01 onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when starting sshd in user mode. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog | 4 ++ src/onmainwindow.cpp | 183 +++++++++++++++++++++++++++++++++----------------- 2 files changed, 126 insertions(+), 61 deletions(-) -- Alioth's /srv/git/code.x2go.org/x2goclient.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch bugfix/osx in repository x2goclient. commit 13cea01cc920c5ea4dc638cd24f79b0362d94209 Author: Mihai Moldovan <ionic@ionic.de> Date: Sat Mar 21 03:58:18 2015 +0100 onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when starting sshd in user mode. Put the authorized_keys file in there. Check and set correct permissions for both the directory and authorized_keys file. Generalize some Windows-specific sections by using QDir and QFile. --- debian/changelog | 4 ++ src/onmainwindow.cpp | 183 +++++++++++++++++++++++++++++++++----------------- 2 files changed, 126 insertions(+), 61 deletions(-) diff --git a/debian/changelog b/debian/changelog index 7fc62d0..73c0d67 100644 --- a/debian/changelog +++ b/debian/changelog @@ -289,6 +289,10 @@ x2goclient (4.0.4.0-0x2go1) UNRELEASED; urgency=low warnings with GCC. Fix a few whitespace issues. - appdialog.cpp: initialize parent in default case. Another GCC compile warning fix. + - onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when + starting sshd in user mode. Put the authorized_keys file in there. Check + and set correct permissions for both the directory and authorized_keys + file. Generalize some Windows-specific sections by using QDir and QFile. [ Fernando Pedemonte ] * New upstream release (4.0.4.0): diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp index d20fdde..50fa239 100644 --- a/src/onmainwindow.cpp +++ b/src/onmainwindow.cpp @@ -7911,43 +7911,54 @@ void ONMainWindow::slotRetExportDir ( bool result,QString output, QByteArray line = file.readLine(); file.close(); - QString authofname=homeDir; -#ifdef Q_OS_WIN - QDir dir; - dir.mkpath ( authofname+"\\.x2go\\.ssh" ); - x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh"; + QDir authorized_keys_dir (homeDir); - authofname=wapiShortFileName ( authofname ) +"/.x2go"; -#endif - authofname+="/.ssh/authorized_keys" ; - file.setFileName ( authofname ); - if ( !file.open ( QIODevice::ReadOnly | QIODevice::Text ) ) - { - printSshDError_noAuthorizedKeysFile(); - QFile::remove - ( key+".pub" ); - return; + /* + * Do the user SSHD/global SSHD dance here and either use the + * private .x2go/.ssh or the global .ssh dir. + */ + if (userSshd) { + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/"); } + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/"); + QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys"); - QTemporaryFile tfile ( authofname ); - tfile.open(); - tfile.setAutoRemove ( true ); - QTextStream out ( &tfile ); + /* + * We do not try to create the file first. + * This has been already done in startX2goMount(). + * We wouldn't be here if that failed. + */ + if (!authorized_keys_file.open (QIODevice::ReadOnly | QIODevice::Text)) { + printSshDError_noAuthorizedKeysFile (); + QFile::remove (key + ".pub"); + return; + } - while ( !file.atEnd() ) - { - QByteArray newline = file.readLine(); - if ( newline!=line ) - out<<newline; + QTemporaryFile tfile (authorized_keys_file.fileName ()); + tfile.open (); + tfile.setPermissions (QFile::ReadOwner | QFile::WriteOwner); + tfile.setAutoRemove (true); + QTextStream out (&tfile); + + /* + * Copy the content of the authorized_keys file to our new temporary file + * and remove the public authorized key for the current "session" again. + */ + while (!authorized_keys_file.atEnd ()) { + QByteArray newline = authorized_keys_file.readLine (); + if (newline != line) + out << newline; } - file.close(); - tfile.close(); - file.remove(); - tfile.copy ( authofname ); - QFile::remove - ( key+".pub" ); + + authorized_keys_file.close (); + tfile.close (); + + authorized_keys_file.remove (); + + tfile.copy (authorized_keys_file.fileName ()); + QFile::remove (key + ".pub"); } @@ -9087,41 +9098,90 @@ void ONMainWindow::startX2goMount() QByteArray line = file.readLine(); file.close(); - QString authofname=homeDir; -#ifdef Q_OS_WIN - QDir tdir; - tdir.mkpath ( authofname+"\\.x2go\\.ssh" ); - x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh"; + QDir authorized_keys_dir (homeDir); - authofname=wapiShortFileName ( authofname ) +"/.x2go"; -#endif - authofname+= "/.ssh/authorized_keys" ; + /* + * Do the user SSHD/global SSHD dance here and either use the + * private .x2go/.ssh or the global .ssh dir. + */ + if (userSshd) { + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/"); + } - QFile file1 ( authofname ); + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/"); + QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys"); - if ( !file1.open ( QIODevice::WriteOnly | QIODevice::Text | - QIODevice::Append ) ) - { - QString message=tr ( "Unable to write :\n" ) + authofname; - QMessageBox::critical ( 0l,tr ( "Error" ),message, - QMessageBox::Ok, - QMessageBox::NoButton ); - QFile::remove - ( fsExportKey+".pub" ); - return; + if (userSshd) { + x2goDebug << "Creating dir " << authorized_keys_dir.absolutePath (); + authorized_keys_dir.mkpath (authorized_keys_dir.absolutePath ()); + } + x2goDebug << "Potentially creating file " << authorized_keys_file.fileName (); + if (!authorized_keys_file.open (QIODevice::WriteOnly | QIODevice::Text | QIODevice::Append)) { + QString message = tr ("Unable to create or append to file: ") + authorized_keys_file.fileName (); + QMessageBox::critical (0l, tr ("Error"), message, + QMessageBox::Ok, QMessageBox::NoButton); + QFile::remove (fsExportKey + ".pub"); + return; } - directory* dir=getExpDir ( fsExportKey ); - bool rem=dir->isRemovable; - if ( !dir ) - return; - QTextStream out ( &file1 ); - out<<line; - file1.close(); +#ifdef Q_OS_UNIX + QFile::Permissions authorized_keys_file_perm = authorized_keys_file.permissions (); + QFile::Permissions authorized_keys_file_target_perm = QFile::ReadOwner | QFile::WriteOwner; + + bool permission_error = false; + + /* + * Try to set the permissions if they are wrong. + * (sshd would disallow such a file.) + */ + if (authorized_keys_file_perm != authorized_keys_file_target_perm) { + if (!authorized_keys_file.setPermissions (authorized_keys_file_target_perm)) { + /* FIXME: use a function for this... */ + QString message = tr ("Unable to change the permissions of file: ") + authorized_keys_file.fileName (); + message += "\n" + tr ("This is an error because sshd would deny such a file."); + QMessageBox::critical (NULL, tr ("Error"), message, + QMessageBox::Ok, QMessageBox::NoButton); + permission_error = true; + } + } + + QFile::Permissions authorized_keys_dir_perm = QFile (authorized_keys_dir.absolutePath ()).permissions (); + QFile::Permissions authorized_keys_dir_target_perm = QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner; + + /* + * Try to set the permissions if they are wrong. + * (sshd would disallow such a directory.) + */ + if (authorized_keys_dir_perm != authorized_keys_dir_target_perm) { + if (!QFile (authorized_keys_dir.absolutePath ()).setPermissions (authorized_keys_dir_target_perm)) { + /* FIXME: use a function for this... */ + QString message = tr ("Unable to change the permissions of directory: ") + authorized_keys_dir.absolutePath (); + message += "\n" + tr ("This is an error because sshd would deny such a directory."); + QMessageBox::critical (NULL, tr ("Error"), message, + QMessageBox::Ok, QMessageBox::NoButton); + permission_error = true; + } + } + + if (permission_error) { + QFile::remove (fsExportKey + ".pub"); + return; + } +#endif /* defined (Q_OS_UNIX) */ + + directory* dir = getExpDir (fsExportKey); + bool rem = dir->isRemovable; + if (!dir) { + return; + } - x2goDebug<<"Temporarily activated public key from file "<<fsExportKey<<".pub."<<endl; + QTextStream out (&authorized_keys_file); + out << line; + authorized_keys_file.close (); + + x2goDebug << "Temporarily activated public key from file " << fsExportKey << ".pub."; QString passwd=getCurrentPass(); QString user=getCurrentUname(); @@ -9895,18 +9955,19 @@ void ONMainWindow::generateEtcFiles() QFile file ( etcDir +"/sshd_config" ); if ( !file.open ( QIODevice::WriteOnly | QIODevice::Text ) ) return; + QString authKeyPath = homeDir + "/.x2go/.ssh/authorized_keys"; #ifdef Q_OS_WIN - QString authKeyPath=cygwinPath ( homeDir+"/.x2go/.ssh/authorized_keys" ); - authKeyPath.replace(wapiGetUserName(),"%u"); -#endif + authKeyPath = cygwinPath (authKeyPath); + authKeyPath.replace (wapiGetUserName (), "%u"); +#endif /* defined (Q_OS_WIN) */ QTextStream out ( &file ); out<<"StrictModes no\n"<< "UsePrivilegeSeparation no\n"<< "PidFile " + varDir + "/sshd.pid\n" << + "AuthorizedKeysFile \"" << authKeyPath << "\"\n" << #ifdef Q_OS_WIN "Subsystem shell "<< wapiShortFileName ( appDir) +"/sh"+"\n"<< "Subsystem sftp "<< wapiShortFileName ( appDir) +"/sftp-server"+"\n"<< - "AuthorizedKeysFile \""<<authKeyPath<<"\""; #else "Subsystem sftp " <<appDir<<"/sftp-server\n"; -- Alioth's /srv/git/code.x2go.org/x2goclient.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
-
git-admin@x2go.org