The branch, build-baikal has been updated via 6290a9f307423210fdb7f8f08f2eb9c52e5ad551 (commit) from b69329589121f2476a111622ec1cc34b12b5c112 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- Summary of changes: debian/changelog | 1 + httpbrokerclient.cpp | 4 +++- onmainwindow.cpp | 22 +++++++++++++++++----- onmainwindow.h | 4 +++- sessionwidget.cpp | 10 ++++++++++ sessionwidget.h | 1 + sshmasterconnection.cpp | 11 +++++++---- sshmasterconnection.h | 5 +++-- sshprocess.cpp | 14 +++++++++++--- sshprocess.h | 1 + 10 files changed, 57 insertions(+), 16 deletions(-) The diff of changes is: diff --git a/debian/changelog b/debian/changelog index 86465bd..e27b1a9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -68,6 +68,7 @@ x2goclient (4.0.1.2-0x2go2) UNRELEASED; urgency=low if x2gostartagent send LIMIT error. Current commit fixes this issue. - SshMasterConnection should use current user name if no user name is specified in session settings + - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker [ Heinrich Schuchardt ] * New upstream version (4.0.1.2): diff --git a/httpbrokerclient.cpp b/httpbrokerclient.cpp index 5bf9caf..6e7e067 100644 --- a/httpbrokerclient.cpp +++ b/httpbrokerclient.cpp @@ -92,7 +92,8 @@ void HttpBrokerClient::createSshConnection() { QUrl lurl ( config->brokerurl ); sshConnection=new SshMasterConnection (this, lurl.host(), lurl.port(22),false, - config->brokerUser, config->brokerPass,config->brokerSshKey,config->brokerAutologin, false,false); + config->brokerUser, config->brokerPass,config->brokerSshKey,config->brokerAutologin, + config->brokerKrbLogin, false); connect ( sshConnection, SIGNAL ( connectionOk(QString)), this, SLOT ( slotSshConnectionOk() ) ); connect ( sshConnection, SIGNAL ( serverAuthError ( int,QString, SshMasterConnection* ) ),this, @@ -643,3 +644,4 @@ QString HttpBrokerClient::getHexVal ( const QByteArray& ba ) } return val.join ( ":" ); } + diff --git a/onmainwindow.cpp b/onmainwindow.cpp index 4377e99..db2e349 100644 --- a/onmainwindow.cpp +++ b/onmainwindow.cpp @@ -106,6 +106,7 @@ ONMainWindow::ONMainWindow ( QWidget *parent ) :QMainWindow ( parent ) appSeparator=0; config.brokerNoAuth=false; config.brokerAutologin=false; + config.brokerKrbLogin=false; config.brokerAutologoff=false; config.published=false; cmdAutologin=false; @@ -1004,7 +1005,7 @@ void ONMainWindow::slotGetBrokerAuth() } if(config.brokerNoAuth) slotSessEnter(); - else if(config.brokerurl.indexOf("ssh://")==0 && (config.brokerAutologin || config.brokerSshKey.length()>0)) + else if(config.brokerurl.indexOf("ssh://")==0 && (config.brokerAutologin || config.brokerKrbLogin|| config.brokerSshKey.length()>0)) slotSessEnter(); } @@ -2808,7 +2809,7 @@ SshMasterConnection* ONMainWindow::startSshConnection ( QString host, QString po SshMasterConnection::ProxyType type, QString proxyserver, quint16 proxyport, QString proxylogin, QString proxypassword, QString proxyKey, - bool proxyAutologin) + bool proxyAutologin, bool proxyKrbLogin) { x2goInfof(8)<<tr("Starting connection to server: ") + host + ":" + port; SshMasterConnection* con; @@ -2845,7 +2846,7 @@ SshMasterConnection* ONMainWindow::startSshConnection ( QString host, QString po con=new SshMasterConnection (this, host, port.toInt(),acceptUnknownHosts, login, password,currentKey, autologin, krbLogin,useproxy, - type, proxyserver, proxyport, proxylogin, proxypassword, proxyKey,proxyAutologin); + type, proxyserver, proxyport, proxylogin, proxypassword, proxyKey,proxyAutologin, proxyKrbLogin); if (!getSrv) connect ( con, SIGNAL ( connectionOk(QString) ), this, SLOT ( slotSshConnectionOk() ) ); else @@ -3333,6 +3334,7 @@ bool ONMainWindow::startSession ( const QString& sid ) QString proxypassword; QString proxyKey; bool proxyAutologin=false; + bool proxyKrbLogin=false; user=getCurrentUname(); runRemoteCommand=true; @@ -3462,6 +3464,11 @@ bool ONMainWindow::startSession ( const QString& sid ) false ).toBool() ); + proxyKrbLogin=(st->setting()->value ( + sid+"/sshproxykrblogin", + false + ).toBool() ); + if(proxyKey.length()<=0 && proxyType==SshMasterConnection::PROXYSSH) { proxyKey=findSshKeyForServer(proxylogin, proxyserver, QString::number(proxyport)); @@ -3473,7 +3480,7 @@ bool ONMainWindow::startSession ( const QString& sid ) proxypassword=passwd; else { - if(useproxy && !proxyAutologin && proxyKey.length()<=0) + if(useproxy && !proxyAutologin && !proxyKrbLogin && proxyKey.length()<=0) { bool ok; bool useBrokerPassForProxy=false; @@ -3494,7 +3501,7 @@ bool ONMainWindow::startSession ( const QString& sid ) delete st; sshConnection=startSshConnection ( host,sshPort,acceptRsa,user,passwd,autologin, krblogin, false, useproxy,proxyType,proxyserver, - proxyport, proxylogin, proxypassword, proxyKey,proxyAutologin); + proxyport, proxylogin, proxypassword, proxyKey,proxyAutologin, proxyKrbLogin); return true; } @@ -6532,6 +6539,11 @@ bool ONMainWindow::parseParameter ( QString param ) config.brokerAutologin=true; return true; } + if ( param == "--broker-krblogin") + { + config.brokerKrbLogin=true; + return true; + } if ( param == "--broker-autologoff") { diff --git a/onmainwindow.h b/onmainwindow.h index 6f26417..116bccd 100644 --- a/onmainwindow.h +++ b/onmainwindow.h @@ -167,6 +167,7 @@ struct ConfigFile bool brokerNoAuth; bool brokerAutologin; bool brokerAutologoff; + bool brokerKrbLogin; QString brokerSshKey; QString brokerCaCertFile; QString iniFile; @@ -215,6 +216,7 @@ struct ConfigFile QString proxypassword; QString proxyKey; bool proxyAutologin; + bool proxyKrbLogin; }; @@ -894,7 +896,7 @@ private: SshMasterConnection::ProxyType type=SshMasterConnection::PROXYSSH, QString proxyserver=QString::null, quint16 proxyport=0, QString proxylogin=QString::null, QString proxypassword=QString::null, QString proxyKey=QString::null, - bool proxyAutologin=false ); + bool proxyAutologin=false, bool proxyKrbLogin=false ); void setProxyWinTitle(); QRect proxyWinGeometry(); void readApplications(); diff --git a/sessionwidget.cpp b/sessionwidget.cpp index 179e6da..5874a92 100644 --- a/sessionwidget.cpp +++ b/sessionwidget.cpp @@ -154,6 +154,8 @@ SessionWidget::SessionWidget ( QString id, ONMainWindow * mw, QIcon ( mainWindow->iconsPath ( "/16x16/file-open.png" ) ), QString::null,proxyBox ); cbProxyAutologin=new QCheckBox(tr("ssh-agent or default ssh key"),proxyBox); + cbProxyKrbLogin=new QCheckBox(tr("Kerberos 5 (GSSAPI) authentication"),proxyBox); + proxyLaout->addWidget(new QLabel(tr("Type:"),proxyBox),0,0,1,2); proxyLaout->addWidget(rbSshProxy,1,0,1,2); @@ -171,6 +173,7 @@ SessionWidget::SessionWidget ( QString id, ONMainWindow * mw, proxyLaout->addWidget(proxyKey,3,4,1,1); proxyLaout->addWidget(pbOpenProxyKey,3,5,1,1); proxyLaout->addWidget(cbProxyAutologin,4,3,1,3); + proxyLaout->addWidget(cbProxyKrbLogin,5,3,1,3); #ifndef Q_WS_HILDON @@ -333,6 +336,7 @@ void SessionWidget::slot_proxyType() { bool isSsh=rbSshProxy->isChecked(); cbProxyAutologin->setVisible(isSsh); + cbProxyKrbLogin->setVisible(isSsh); proxyKey->setVisible(isSsh); proxyKeyLabel->setVisible(isSsh); pbOpenProxyKey->setVisible(isSsh); @@ -588,6 +592,10 @@ void SessionWidget::readConfig() sessionId+"/sshproxyautologin", false ).toBool() ); + cbProxyKrbLogin->setChecked(st.setting()->value ( + sessionId+"/sshproxykrblogin", + false + ).toBool() ); if(proxyHost->text().indexOf(":")!=-1) { @@ -750,6 +758,7 @@ void SessionWidget::setDefaults() cbProxySamePass->setChecked(false); cbProxySameUser->setChecked(false); cbProxyAutologin->setChecked(false); + cbProxyKrbLogin->setChecked(false); QTimer::singleShot(1, this,SLOT(slot_proxySameLogin())); QTimer::singleShot(2, this,SLOT(slot_proxyType())); @@ -864,6 +873,7 @@ void SessionWidget::saveSettings() st.setting()->setValue (sessionId+"/sshproxysamepass",cbProxySamePass->isChecked()); st.setting()->setValue (sessionId+"/sshproxysameuser",cbProxySameUser->isChecked()); st.setting()->setValue (sessionId+"/sshproxyautologin",cbProxyAutologin->isChecked()); + st.setting()->setValue (sessionId+"/sshproxykrblogin",cbProxyKrbLogin->isChecked()); st.setting()->sync(); } diff --git a/sessionwidget.h b/sessionwidget.h index b8e7b1f..e3858cc 100644 --- a/sessionwidget.h +++ b/sessionwidget.h @@ -95,6 +95,7 @@ private: QCheckBox* cbProxySameUser; QCheckBox* cbProxySamePass; QCheckBox* cbProxyAutologin; + QCheckBox* cbProxyKrbLogin; QLineEdit* proxyKey; QPushButton* pbOpenProxyKey; QLabel* proxyKeyLabel; diff --git a/sshmasterconnection.cpp b/sshmasterconnection.cpp index fef5e5b..092cf9c 100644 --- a/sshmasterconnection.cpp +++ b/sshmasterconnection.cpp @@ -151,7 +151,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, QString host, int por QString pass, QString key, bool autologin, bool krblogin, bool useproxy, ProxyType type, QString proxyserver, quint16 proxyport, QString proxylogin, QString proxypassword, QString proxykey, - bool proxyautologin ) : QThread ( parent ) + bool proxyautologin, bool proxyKrbLogin ) : QThread ( parent ) { #if defined ( Q_OS_DARWIN ) // Mac OS X provides only 512KB stack space for secondary threads. @@ -180,6 +180,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, QString host, int por this->proxyport=proxyport; this->proxylogin=proxylogin; this->proxypassword=proxypassword; + this->proxyKrbLogin=proxyKrbLogin; reverseTunnel=false; mainWnd=(ONMainWindow*) parent; kerberos=krblogin; @@ -212,7 +213,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, ONMainWindow* mwd, QS int remotePort, QString localHost, int localPort, SshProcess* creator, bool useproxy, ProxyType type, QString proxyserver, quint16 proxyport, QString proxylogin, QString proxypassword, QString proxykey, - bool proxyautologin, int localProxyPort) : QThread ( parent ) + bool proxyautologin, bool proxyKrbLogin, int localProxyPort) : QThread ( parent ) { #if defined ( Q_OS_DARWIN ) setStackSize (sizeof (char) * 1024 * 1024 * 2); @@ -236,6 +237,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, ONMainWindow* mwd, QS this->proxypassword=proxypassword; this->proxytype=type; this->proxyautologin=proxyautologin; + this->proxyKrbLogin=proxyKrbLogin; this->proxykey=proxykey; this->localProxyPort=localProxyPort; reverseTunnelLocalHost=localHost; @@ -360,7 +362,7 @@ SshMasterConnection* SshMasterConnection::reverseTunnelConnection ( SshProcess* SshMasterConnection* con=new SshMasterConnection (this, mainWnd, host,port,acceptUnknownServers,user,pass, key,autologin, remotePort,localHost, localPort,creator, useproxy, proxytype, proxyserver, proxyport, proxylogin, - proxypassword, proxykey, proxyautologin, localProxyPort ); + proxypassword, proxykey, proxyautologin, proxyKrbLogin, localProxyPort ); con->kerberos=kerberos; con->setVerficationCode(challengeAuthVerificationCode); @@ -393,7 +395,7 @@ void SshMasterConnection::run() { sshProxy=new SshMasterConnection (0, proxyserver, proxyport,acceptUnknownServers, - proxylogin, proxypassword, proxykey, proxyautologin, kerberos, false); + proxylogin, proxypassword, proxykey, proxyautologin, proxyKrbLogin, false); connect ( sshProxy, SIGNAL ( connectionOk(QString) ), this, SLOT ( slotSshProxyConnectionOk() ) ); connect ( sshProxy, SIGNAL ( serverAuthError ( int,QString,SshMasterConnection* ) ),this, @@ -955,6 +957,7 @@ bool SshMasterConnection::userAuthWithPass() bool SshMasterConnection::userAuthAuto() { + x2goDebug<<"auth auto"; int rc = ssh_userauth_autopubkey ( my_ssh_session, "" ); int i=0; while(rc != SSH_AUTH_SUCCESS) diff --git a/sshmasterconnection.h b/sshmasterconnection.h index 8a8c6a2..7354e50 100644 --- a/sshmasterconnection.h +++ b/sshmasterconnection.h @@ -63,7 +63,7 @@ public: QString pass, QString key, bool autologin, bool krblogin=false, bool useproxy=false, ProxyType type=PROXYSSH, QString proxyserver=QString::null, quint16 proxyport=0, QString proxylogin=QString::null, QString proxypassword=QString::null, QString proxyKey=QString::null, - bool proxyAutologin=false); + bool proxyAutologin=false, bool proxyKrbLogin=false); ~SshMasterConnection(); static void finalizeLibSsh(); void addChannelConnection(SshProcess* creator, int sock, QString forwardHost, @@ -108,7 +108,7 @@ private: int remotePort, QString localHost, int localPort, SshProcess* creator, bool useproxy=false, ProxyType type=PROXYSSH, QString proxyserver=QString::null, quint16 proxyport=0, QString proxylogin=QString::null, QString proxypassword=QString::null, QString proxyKey=QString::null, - bool proxyAutologin=false, int localProxyPort=0); + bool proxyAutologin=false, bool proxyKrbLogin=false, int localProxyPort=0); bool sshConnect(); bool userAuthWithPass(); bool userAuthAuto(); @@ -169,6 +169,7 @@ private: QString proxypassword; ProxyType proxytype; bool proxyautologin; + bool proxyKrbLogin; QString proxykey; QStringList authErrors; bool autologin; diff --git a/sshprocess.cpp b/sshprocess.cpp index 3aaad4b..b147150 100644 --- a/sshprocess.cpp +++ b/sshprocess.cpp @@ -256,6 +256,7 @@ void SshProcess::startTunnel(const QString& forwardHost, uint forwardPort, const uint localPort, bool reverse) { tunnel=true; + tunnelOkEmited=false; if(!masterCon->useKerberos()) { this->forwardHost=forwardHost; @@ -280,7 +281,7 @@ void SshProcess::startTunnel(const QString& forwardHost, uint forwardPort, const #endif QString::number(masterCon->getPort())+" "+ masterCon->getUser()+"@"+ - masterCon->getHost() + " -N "; + masterCon->getHost() + " -N -v "; if (!reverse) sshString+=" -L " + QString::number(localPort)+":"+forwardHost+":"+QString::number(forwardPort); else @@ -304,11 +305,9 @@ void SshProcess::startTunnel(const QString& forwardHost, uint forwardPort, const SLOT(slotSshProcFinished(int,QProcess::ExitStatus))); connect(proc,SIGNAL(readyReadStandardError()),this,SLOT(slotSshProcStdErr())); connect(proc,SIGNAL(readyReadStandardOutput()),this,SLOT(slotSshProcStdOut())); - emit sshTunnelOk(pid); } } - void SshProcess::slotStdErr(SshProcess* creator, QByteArray data) { if (creator!=this) @@ -317,6 +316,15 @@ void SshProcess::slotStdErr(SshProcess* creator, QByteArray data) x2goDebug<<"new err data:"<<data<<endl; #endif stdErrString+=data; + + if(tunnel && !tunnelOkEmited) + { + if(stdErrString.indexOf("Entering interactive session")!=-1) + { + tunnelOkEmited=true; + emit sshTunnelOk(pid); + } + } } void SshProcess::slotStdOut(SshProcess* creator, QByteArray data) diff --git a/sshprocess.h b/sshprocess.h index d1e05bf..e28f435 100644 --- a/sshprocess.h +++ b/sshprocess.h @@ -73,6 +73,7 @@ private: QProcess* proc; QString procUuid; bool execProcess; + bool tunnelOkEmited; private slots: void slotCheckNewConnection(); hooks/post-receive -- x2goclient.git (X2Go Client) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goclient.git" (X2Go Client).