[X2Go-Commits] x2goserver.git - master (branch) updated: 3.1.1.3-213-ge6cdad1

X2Go dev team git-admin at x2go.org
Mon Sep 23 23:02:58 CEST 2013 

The branch, master has been updated
       via  e6cdad130e1aebe7fa94022b3f7fe0d1cf6c4f8c (commit)
      from  f7f414b7b87e13e89e9eb9109e00562fa6aecc86 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e6cdad130e1aebe7fa94022b3f7fe0d1cf6c4f8c
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Mon Sep 23 23:02:25 2013 +0200

    With PostgreSQL as session db backend, prevent the root user from launching sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user. (Fixes: #310).

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog              |    3 +++
 x2goserver/bin/x2gostartagent |    5 +++++
 x2goserver/sbin/x2godbadmin   |    7 +++++--
 3 files changed, 13 insertions(+), 2 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 2b362eb..6a70599 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -70,6 +70,9 @@ x2goserver (4.0.1.7-0~x2go1) UNRELEASED; urgency=low
       (Fixes: #285).
     - Provide sudoers.d/x2goserver file that allows sudoed commands under
       KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
+    - With PostgreSQL as session db backend, prevent the root user from
+      launching sessions. Also, prevent x2gouser_root from being added as a
+      PostgreSQL user. (Fixes: #310).
   * /debian/control:
     - Update LONG_DESCRIPTIONS.
     - Move xfonts-base from Recommends: field to Depends: field (bin:package
diff --git a/x2goserver/bin/x2gostartagent b/x2goserver/bin/x2gostartagent
index 1b3f454..607a35e 100755
--- a/x2goserver/bin/x2gostartagent
+++ b/x2goserver/bin/x2gostartagent
@@ -27,6 +27,11 @@ $X2GO_LIB_PATH/x2gosyslog "$0" "info" "$(basename $0) called with options: $@"
 X2GO_PORT=49 #First port for X2GO=50
 SSH_PORT=30000 #First ssh port 30001
 
+if egrep "^backend[ ]*=[ ]*postgres" /etc/x2go/x2gosql/sql 1>/dev/null 2>/dev/null && [ "x$USER" = "xroot" ]; then
+	echo "The super-user \"root\" is not allowed to launch X2Go sessions."
+	exit -1
+fi
+
 X2GO_ROOT="${HOME}/.x2go"
 export NX_ROOT=$X2GO_ROOT
 
diff --git a/x2goserver/sbin/x2godbadmin b/x2goserver/sbin/x2godbadmin
index 5362905..4f10b02 100755
--- a/x2goserver/sbin/x2godbadmin
+++ b/x2goserver/sbin/x2godbadmin
@@ -308,9 +308,12 @@ sub add_user()
 {
 	my $user=shift;
 	my ($name, $pass, $uid, $pgid, $quota, $comment, $gcos, $dir, $shell, $expire) = getpwnam($user);
-	if (! $uid)
+	if (! $name)
 	{
-		print "Can not find user ($user)\n";
+		print "Cannot find user ($user)\n";
+		return;
+	} elsif ($name == "root") {
+		print "The super-user \"root\" is not allowed to use X2Go\n";
 		return;
 	}
 	$pass=`makepasswd`;


hooks/post-receive
-- 
x2goserver.git (X2Go Server)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2goserver.git" (X2Go Server).

More information about the x2go-commits mailing list