This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2goclient. from 36cad1d Update debian/changelog that commit "Do not attempt to perform Interaction with SSH Server" Fixes: #1258 new 18512d8 don't start gpg agent for PGP card authentication. Use system agent instead. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog | 4 + src/onmainwindow.cpp | 321 +++++++++------------------------------------------ src/onmainwindow.h | 12 +- 3 files changed, 63 insertions(+), 274 deletions(-) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient. commit 18512d863b217d960949afb320f9722c146a798e Author: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de> Date: Thu Mar 1 18:56:15 2018 +0100 don't start gpg agent for PGP card authentication. Use system agent instead. --- debian/changelog | 4 + src/onmainwindow.cpp | 321 +++++++++------------------------------------------ src/onmainwindow.h | 12 +- 3 files changed, 63 insertions(+), 274 deletions(-) diff --git a/debian/changelog b/debian/changelog index 2d72061..c34aed6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,10 @@ x2goclient (4.1.1.2-0x2go1) UNRELEASED; urgency=medium installation folder were changed to give users write access, or if x2goclient was copied/extracted to a folder where users could write. + [ Oleksandr Shneyder ] + * New upstream version (4.1.1.2): + - don't start gpg agent for PGP card authentication. Use system agent instead. + -- X2Go Release Manager <git-admin@x2go.org> Thu, 15 Feb 2018 22:01:32 +0100 x2goclient (4.1.1.1-0x2go1) unstable; urgency=medium diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp index fdc043b..4b1c9bb 100644 --- a/src/onmainwindow.cpp +++ b/src/onmainwindow.cpp @@ -198,7 +198,6 @@ ONMainWindow::ONMainWindow ( QWidget *parent ) :QMainWindow ( parent ) nxproxy=0l; soundServer=0l; scDaemon=0l; - gpgAgent=0l; statusLabel=0; gpg=0l; bBrokerLogout = NULL; @@ -1556,27 +1555,6 @@ void ONMainWindow::closeClient() delete soundServer; x2goDebug<<"Deleted the sound server."; } - if ( gpgAgent!=0l ) - { - if ( gpgAgent->state() ==QProcess::Running ) - { - x2goDebug<<"Terminating GPG Agent ..."; - gpgAgent->terminate(); - x2goDebug<<"Terminated GPG Agent."; - } - } - -#ifndef Q_OS_WIN - if ( agentPid.length() >0 ) - { - if ( checkAgentProcess() ) - { - QStringList arg; - arg<<"-9"<<agentPid; - QProcess::execute ( "kill",arg ); - } - } -#endif #ifdef Q_OS_WIN if ( xorg ) { @@ -3006,18 +2984,6 @@ SshMasterConnection* ONMainWindow::startSshConnection ( QString host, QString po x2goDebug<<"Starting new ssh connection to server:"<<host<<":"<<port<<" krbLogin: "<<krbLogin; - for ( int i=0; i<sshEnv.size(); ++i ) - { -#ifndef Q_OS_WIN - QStringList args=sshEnv[i].split ( "=" ); - x2goDebug<<"Setting ENV " + args[0] + tr(" to ") + args[1]; - setenv ( args[0].toLatin1(),args[1].toLatin1(),1 ); -#else - x2goDebug<<"Set ENV: "<<sshEnv[i]; - - _putenv ( sshEnv[i].toLatin1() ); -#endif - } if ( usePGPCard/*||useSshAgent*/ ) autologin=true; @@ -9123,32 +9089,6 @@ void ONMainWindow::externalLogout ( const QString& ) void ONMainWindow::slotStartPGPAuth() { scDaemon=new QProcess ( this ); - QStringList arguments; - arguments<<"--multi-server"; - - /* FIXME: probably use add_to_path () instead. */ - - QProcessEnvironment scdaemon_env = QProcessEnvironment::systemEnvironment (); - - QString path_env_separator = ":"; - /* Let's hope that's really the only override... */ -#ifdef Q_OS_WIN - path_env_separator = ";"; -#endif - - QString new_path_value = scdaemon_env.value ("PATH", ""); - - if (!new_path_value.isEmpty ()) { - new_path_value += path_env_separator; - } - - new_path_value += "/usr/lib/gnupg2/"; - - scdaemon_env.insert ("PATH", new_path_value); - - x2goDebug << "New PATH value for scdaemon: " << new_path_value; - - scDaemon->setProcessEnvironment (scdaemon_env); connect ( scDaemon,SIGNAL ( readyReadStandardError() ),this, SLOT ( slotScDaemonStdErr() ) ); @@ -9160,37 +9100,16 @@ void ONMainWindow::slotStartPGPAuth() slotScDaemonFinished ( int, QProcess::ExitStatus ) ) ); connect (scDaemon, SIGNAL (error (QProcess::ProcessError)), this, SLOT (slotScDaemonError (QProcess::ProcessError))); - scDaemon->start ( "scdaemon",arguments ); - QTimer::singleShot ( 3000, this, SLOT ( slotCheckScDaemon() ) ); - isScDaemonOk=false; -} + scDaemon->start ( "pcsc_scan"); -void ONMainWindow::slotCheckScDaemon() -{ - if ( !isScDaemonOk ) - { - scDaemon->kill(); - } } + void ONMainWindow::slotScDaemonStdErr() { QString stdOut ( scDaemon->readAllStandardError() ); stdOut=stdOut.simplified(); - - x2goDebug<<"SCDAEMON error: "<<stdOut; - - if ( stdOut.indexOf ( "updating slot" ) !=-1 || - stdOut.indexOf ( "updating status of slot" ) !=-1 ) - { - isScDaemonOk=true; - //USABLE or PRESENT - if ( ( stdOut.indexOf ( "0x0002" ) !=-1 ) || - ( stdOut.indexOf ( "0x0007" ) !=-1 ) ) - { - scDaemon->kill(); - } - } + x2goDebug<<"PCSC error: "<<stdOut; } void ONMainWindow::slotScDaemonStdOut() @@ -9198,56 +9117,46 @@ void ONMainWindow::slotScDaemonStdOut() QString stdOut ( scDaemon->readAllStandardOutput() ); stdOut=stdOut.simplified(); - x2goDebug<<"SCDAEMON out: "<<stdOut; + x2goDebug<<"PCSC out: "<<stdOut; + if(stdOut.indexOf("Card state: Card inserted")!=-1) + { + startGPG(); + } + if(stdOut.indexOf("Card state: Card removed")!=-1) + { + cardReady=false; + if ( cardStarted ) + { + cardStarted=false; + if ( nxproxy ) + if ( nxproxy->state() ==QProcess::Running ) + { + x2goDebug<<"Suspending session ..."; + slotSuspendSessFromSt(); + x2goDebug<<"Suspended session."; + } + } + } } void ONMainWindow::slotScDaemonFinished ( int , QProcess::ExitStatus ) { + //this should not happen, restart... scDaemon=0l; - if ( isScDaemonOk ) - { - - x2goDebug<<"SCDAEMON finished."<<endl; - - gpg=new QProcess ( this ); - QStringList arguments; - arguments<<"--card-status"; - connect ( gpg,SIGNAL ( readyReadStandardError() ), - this,SLOT ( slotGpgError() ) ); - connect ( gpg,SIGNAL ( finished ( int, - QProcess::ExitStatus ) ),this, - SLOT ( slotGpgFinished ( int, - QProcess::ExitStatus ) ) ); - gpg->start ( "gpg",arguments ); - } - else - slotStartPGPAuth(); + x2goDebug<<"SCDAEMON finished."<<endl; + slotStartPGPAuth(); } void ONMainWindow::slotScDaemonError (QProcess::ProcessError error) { - QString main_text ("scdaemon "); + QString main_text ("pcsc_scan "); QString informative_text; switch (error) { case QProcess::FailedToStart: { main_text += tr ("failed to start."); - informative_text = tr ("Check whether the package providing \"scdaemon\" is installed.\n" + informative_text = tr ("Check whether the package providing \"pcsc_scan\" is installed.\n" "The current search path is: "); - QProcessEnvironment tmp_env = QProcessEnvironment::systemEnvironment (); - - if (!(scDaemon->processEnvironment ().isEmpty ())) { - tmp_env = scDaemon->processEnvironment (); - } - - QString path_val = tmp_env.value ("PATH", "unknown"); - - /* Add a newline every 100 characters. */ - for (std::size_t i = 100; i < static_cast<std::size_t> (path_val.size ()); i += 100) { - path_val.insert (i, "\n"); - } - - informative_text += path_val; break; } case QProcess::Crashed: { @@ -9375,111 +9284,50 @@ void ONMainWindow::slotGpgFinished ( int exitCode, "This card is unknown to the X2Go system." ), QMessageBox::Ok, QMessageBox::NoButton ); - QTimer::singleShot ( 1000, this, - SLOT ( slotStartPGPAuth() ) ); } else - startGPGAgent ( login,appId ); + { + cardReady=true; + cardLogin=login; + //card is ready + GPGCardLogin(login); + } } - else - QTimer::singleShot ( 1000, this, SLOT ( slotStartPGPAuth() ) ); gpg=0l; } - - -void ONMainWindow::startGPGAgent ( const QString& login, const QString& appId ) +void ONMainWindow::startGPG() { - QString gpgPath=homeDir +"/.x2goclient/gnupg"; - QDir d; - cardLogin=login; - d.mkpath ( gpgPath ); - QFile file ( gpgPath+"/scd-event" ); - if ( !file.open ( QIODevice::WriteOnly | QIODevice::Text ) ) - { - QMessageBox::critical ( - 0l,tr ( "Error" ), - tr ( - "Unable to create file: " ) + - gpgPath+"/scd-event" - ,QMessageBox::Ok, - QMessageBox::NoButton ); - exit ( -1 ); - } - QTextStream out ( &file ); - out << "#!/bin/bash\n\n" - "if [ \"$6\" != \"0x0002\" ] && [ \"$6\" != " - "\"0x0007\" ]\n\ - then\n\ - kill -9 $_assuan_pipe_connect_pid\n\ - fi"<<endl; - file.close(); - file.setPermissions ( gpgPath+"/scd-event", - QFile::ReadOwner| - QFile::WriteOwner| - QFile::ExeOwner ); - gpgAgent=new QProcess ( this ); - QStringList arguments; - arguments<<"--pinentry-program"<<"/usr/bin/pinentry-x2go"<< - "--enable-ssh-support"<<"--daemon"<<"--no-detach"; - - connect ( gpgAgent,SIGNAL ( finished ( int,QProcess::ExitStatus ) ), - this, - SLOT ( slotGpgAgentFinished ( int, - QProcess::ExitStatus ) ) ); + QStringList arguments; + gpg=new QProcess ( this ); + arguments<<"--card-status"; + connect ( gpg,SIGNAL ( readyReadStandardError() ), + this,SLOT ( slotGpgError() ) ); + connect ( gpg,SIGNAL ( finished ( int, + QProcess::ExitStatus ) ),this, + SLOT ( slotGpgFinished ( int, + QProcess::ExitStatus ) ) ); + gpg->start ( "gpg",arguments ); + x2goDebug<<"gpg started"; - QStringList env=QProcess::systemEnvironment(); - env<<"GNUPGHOME="+gpgPath<<"CARDAPPID="+appId; - gpgAgent->setEnvironment ( env ); - gpgAgent->start ( "gpg-agent",arguments ); } -void ONMainWindow::slotGpgAgentFinished ( int , QProcess::ExitStatus ) +void ONMainWindow::GPGCardLogin ( const QString& cardLogin) { - QString stdOut ( gpgAgent->readAllStandardOutput() ); - stdOut=stdOut.simplified(); - stdOut.replace ( " ","" ); - QStringList envLst=stdOut.split ( ";" ); - QString gpg_agent_info=envLst[0].split ( "=" ) [1]; - QString ssh_auth_sock=envLst[2].split ( "=" ) [1]; - agentPid=envLst[4].split ( "=" ) [1]; - - x2goDebug<<"GPG Agent info: "<<gpg_agent_info<<ssh_auth_sock<<agentPid; - x2goDebug<<"GPG Agent PID: "<<agentPid; - x2goDebug<<"GPG Agent out: "<<envLst[0]<<envLst[2]<<envLst[4]; - - agentCheckTimer->start ( 1000 ); - cardReady=true; - - sshEnv.clear(); - sshEnv<<envLst[0]<<envLst[2]<<envLst[4]; - if ( !useLdap ) { - if ( passForm->isVisible() && !brokerMode) - { - if ( passForm->isEnabled() ) - { - if ( login->isEnabled() ) - { - login->setText ( cardLogin ); - slotSessEnter(); - return; - } - } + if ( passForm->isVisible() && !brokerMode) + { + if ( passForm->isEnabled() ) + { + if ( login->isEnabled() ) + { + login->setText ( cardLogin ); + slotSessEnter(); + } + } } - QProcess sshadd ( this ); //using it to start scdaemon - sshadd.setEnvironment ( sshEnv ); - QStringList arguments; - arguments<<"-l"; - sshadd.start ( "ssh-add",arguments ); - sshadd.waitForFinished ( -1 ); - QString sshout ( sshadd.readAllStandardOutput() ); - sshout=sshout.simplified(); - - x2goDebug<<"ssh-add out: "<<sshout; - if(brokerMode && (!config.brokerAutologoff)) { broker->getUserSessions(); @@ -9487,23 +9335,6 @@ void ONMainWindow::slotGpgAgentFinished ( int , QProcess::ExitStatus ) } else { - if ( selectSessionDlg->isVisible() || - sessionStatusDlg->isVisible() ) - { - QProcess sshadd ( this ); //using it to start scdaemon - sshadd.setEnvironment ( sshEnv ); - QStringList arguments; - arguments<<"-l"; - sshadd.start ( "ssh-add",arguments ); - sshadd.waitForFinished ( -1 ); - QString sshout ( sshadd.readAllStandardOutput() ); - sshout=sshout.simplified(); - - x2goDebug<<"ssh-add out: "<<sshout; - - return; - } - if ( passForm->isVisible() ) slotClosePass(); uname->setText ( cardLogin ); @@ -9513,44 +9344,6 @@ void ONMainWindow::slotGpgAgentFinished ( int , QProcess::ExitStatus ) } -void ONMainWindow::slotCheckAgentProcess() -{ - if ( checkAgentProcess() ) - return; - agentCheckTimer->stop(); - cardReady=false; - if ( cardStarted ) - { - cardStarted=false; - if ( nxproxy ) - if ( nxproxy->state() ==QProcess::Running ) - { - x2goDebug<<"Suspending session ..."; - slotSuspendSessFromSt(); - x2goDebug<<"Suspended session."; -// nxproxy->terminate(); - } - } - - x2goDebug<<"GPG Agent finished."; - slotStartPGPAuth(); -} - -bool ONMainWindow::checkAgentProcess() -{ - QFile file ( "/proc/"+agentPid+"/cmdline" ); - if ( file.open ( QIODevice::ReadOnly | QIODevice::Text ) ) - { - QString line ( file.readLine() ); - file.close(); - if ( line.indexOf ( "gpg-agent" ) !=-1 ) - { - return true; - } - } - return false; -} - #if defined ( Q_OS_DARWIN ) QString ONMainWindow::getXDisplay() { diff --git a/src/onmainwindow.h b/src/onmainwindow.h index 2d6f1ec..3e051a3 100644 --- a/src/onmainwindow.h +++ b/src/onmainwindow.h @@ -790,7 +790,6 @@ private: QProcess* ssh; QProcess* soundServer; QProcess* scDaemon; - QProcess* gpgAgent; QProcess* gpg; LDAPSession* ld; long embedParent; @@ -803,7 +802,6 @@ private: bool newSession; bool runStartApp; bool ldapOnly; - bool isScDaemonOk; #ifdef Q_OS_LINUX bool directRDP; #endif @@ -891,8 +889,6 @@ private: bool shadowSession; int firstUid; int lastUid; - QStringList sshEnv; - QString agentPid; bool cardReady; HttpBrokerClient* broker; @@ -968,8 +964,8 @@ private: void setUsersEnabled ( bool enable ); void externalLogout ( const QString& logoutDir ); void externalLogin ( const QString& loginDir ); - void startGPGAgent ( const QString& login, - const QString& appId ); + void startGPG(); + void GPGCardLogin ( const QString& cardLogin); void closeClient(); void continueNormalSession(); void continueLDAPSession(); @@ -1152,10 +1148,6 @@ private slots: QProcess::ExitStatus exitStatus ); void slotScDaemonError (QProcess::ProcessError error); void slotGpgError(); - void slotCheckScDaemon(); - void slotGpgAgentFinished ( int exitCode, - QProcess::ExitStatus exitStatus ); - void slotCheckAgentProcess(); void slotExecXmodmap(); void slotCreateSessionIcon(); void slotFindProxyWin(); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git