The branch, master has been updated via 6e7de2cf944d0e33436e6831e1b813c83d6f0e8f (commit) from 214487c2a586368f4811d813d7c196b293530afc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6e7de2cf944d0e33436e6831e1b813c83d6f0e8f Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Sun Sep 16 22:06:44 2012 +0200 fixing, securing x2gobroker-agent ----------------------------------------------------------------------- Summary of changes: lib/x2gobroker-agent.pl | 99 ++++++++++++++++++++++++----------------------- 1 files changed, 50 insertions(+), 49 deletions(-) The diff of changes is: diff --git a/lib/x2gobroker-agent.pl b/lib/x2gobroker-agent.pl index be9145c..aff2258 100755 --- a/lib/x2gobroker-agent.pl +++ b/lib/x2gobroker-agent.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -wU # This file is part of the X2Go Project - http://www.x2go.org # Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder@obviously-nice.de> @@ -22,58 +22,59 @@ use strict; -sub initUser +sub InitX2GoUser { my ($user, $uid, $gid, $home)=@_; - if (! -d "$home") - ### - ### FIXME: it should no be our job to create homes...!!! - ### Use pam_mkhomedir.so or similar or just have a - ### genuine system administration tool... (Mike) - ### - { - mkdir ("$home", 0700); - chown ($uid, $gid, $home); - } - if (! -e "$home/.x2go/sqlpass") - ### - ### FIXME: This code block will fail on most NFS mounted shares - ### and esp. on those mounted via NFSv4+Krb. (Mike) - ### + + if ( -f /etc/x2go/x2gosql/sql ) { - open my $save_out, ">&STDOUT"; - close (STDOUT); - system "/usr/lib/x2go/script/x2godbadmin", "--adduser", $user; - open STDOUT, ">&", $save_out; + # if we use the PostgreSQL session db backend we may have to add the + # user to the session database... + open(F,"/etc/x2go/x2gosql/sql"); + my @buf = <F>; + close(F); + if ( grep (/^backend=sqlite.*/, @buf) ) { + #if (( ! -e "$home/.x2go/sqlpass" ) + ### + ### FIXME: make the below code robust if homes are on NFS + ### + ### + #{ + # open my $save_out, ">&STDOUT"; + # close (STDOUT); + # system "x2godbadmin", "--adduser", $user; + # open STDOUT, ">&", $save_out; + #} + } } } -sub createKey +sub CreateKey { ### - ### FIXME: This bit of code look dangerous... My + ### FIXME: This bit of code looks dangerous... My ### authorized_keys file is starting to get ### scared... (Mike) ### - my ($uid, $gid, $home)=@_; - if (! -d "$home/.ssh") - { - mkdir ("$home/.ssh", 0700); - chown ($uid, $gid, "$home/.ssh"); - } - if( -e "$home/.ssh/authorized_keys") - { - unlink("$home/.ssh/authorized_keys"); - } - open my $save_out, ">&STDOUT"; - close (STDOUT); - system "/usr/bin/ssh-keygen", "-t", "dsa", "-N","","-f","$home/.ssh/authorized_keys"; - open STDOUT, ">&", $save_out; - open (F,"<$home/.ssh/authorized_keys"); - print <F>; - close (F); - unlink("$home/.ssh/authorized_keys"); - rename("$home/.ssh/authorized_keys.pub", "$home/.ssh/authorized_keys"); + #my ($uid, $gid, $home)=@_; + #if ( ! -d "$home/.ssh" ) + #{ + # mkdir ("$home/.ssh", 0700); + # chown ($uid, $gid, "$home/.ssh"); + #} + #if( -e "$home/.ssh/authorized_keys" ) + #{ + # unlink("$home/.ssh/authorized_keys"); + #} + #open my $save_out, ">&STDOUT"; + #close (STDOUT); + #system "/usr/bin/ssh-keygen", "-t", "dsa", "-N","","-f","$home/.ssh/authorized_keys"; + #open STDOUT, ">&", $save_out; + #open (F,"<$home/.ssh/authorized_keys"); + #print <F>; + #close (F); + #unlink("$home/.ssh/authorized_keys"); + #rename("$home/.ssh/authorized_keys.pub", "$home/.ssh/authorized_keys"); } $< = $>; @@ -92,32 +93,32 @@ if($uid < 1000) if($mode eq 'listsessions') { - initUser($name, $uid, $gid, $home); + InitX2GoUser($name, $uid, $gid, $home); print "OK\n"; - system "/bin/su", $name, "-c", "/usr/bin/x2golistsessions --all-servers"; + system "/bin/su", $name, "-c", "x2golistsessions --all-servers"; } if($mode eq 'getservers') { - initUser($name, $uid, $gid, $home); + InitX2GoUser($name, $uid, $gid, $home); print "OK\n"; - system "/bin/su", $name, "-c", "/usr/bin/x2gogetservers"; + system "/bin/su", $name, "-c", "x2gogetservers"; } if($mode eq 'key') { - initUser($name, $uid, $gid, $home); + InitX2GoUser($name, $uid, $gid, $home); print "OK\n"; createKey($uid, $gid, $home); } if($mode eq 'suspend') { - initUser($name, $uid, $gid, $home); + InitX2GoUser($name, $uid, $gid, $home); print "OK\n"; my $sid=shift; - system "/bin/su", $name, "-c", "/usr/bin/x2gosuspend-session $sid"; + system "/bin/su", $name, "-c", "x2gosuspend-session $sid"; } if($mode eq 'ping') hooks/post-receive -- x2gobroker.git (HTTP(S) Session broker for X2Go) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).