[X2Go-Commits] [x2goserver] 01/01: Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes).

git-admin at x2go.org git-admin at x2go.org
Mon Nov 17 09:50:14 CET 2014 

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch release/4.0.1.x
in repository x2goserver.

commit cf4ce1f6209260867a17c5fde0e8e14cd318ffb4
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date:   Mon Nov 17 09:43:36 2014 +0100

    Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes).
---
 debian/changelog                      |    2 ++
 x2goserver/bin/x2golistdesktops       |   17 +++++++++-----
 x2goserver/bin/x2gostartagent         |   40 +++++++++++++++++++++++++++------
 x2goserver/lib/x2gosqlitewrapper.pl   |    2 +-
 x2goserver/lib/x2goutils.pm           |    2 +-
 x2goserver/sbin/x2gocleansessions     |   11 ++++++++-
 x2goserver/sbin/x2golistsessions_root |   22 ++++++++++++++++--
 7 files changed, 79 insertions(+), 17 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 33fb844..e6edd03 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -45,6 +45,8 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium
     - Make SSH agent forwarding work after having reconnected via SSH and
       having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming
       up with that idea.
+    - Fix cross-user X2Go Desktop Sharing after being broken by implementing
+      clipboard mode feature (and probably other code changes).
   * debian/control:
     + Add D (x2goserver): libfile-which-perl.
   * debian/x2goserver.docs:
diff --git a/x2goserver/bin/x2golistdesktops b/x2goserver/bin/x2golistdesktops
index 7c7afa2..78ea8c3 100755
--- a/x2goserver/bin/x2golistdesktops
+++ b/x2goserver/bin/x2golistdesktops
@@ -85,20 +85,27 @@ for(my $i=0;$i<@outp;$i++)
 	}
 }
 
-my $outp=`ls -1 /tmp/ | grep x2godesktopsharing_`;
+my $outp=`ls -1 /tmp/ | grep x2godesktopsharing_\@*\@:*`;
 @outp=split("\n","$outp");
 
 for(my $i=0;$i<@outp;$i++)
 {
 	my @ln=split("\@", at outp[$i]);
-	if ( @ln[1] ne $uname )
-	{
-		push (@displays, "@ln[1]\@@ln[2]\n");
+	if (( -r "/tmp/@outp[$i]" ) and ( -w "/tmp/@outp[$i]" )) {
+		my @ln=split("\@", at outp[$i]);
+		if ( @ln[1] ne $uname )
+		{
+			push (@displays, "@ln[1]\@@ln[2]");
+		}
 	}
 }
 
 if (@displays) {
-	print "@displays\n";
+	for(my $i=0;$i<@displays;$i++) {
+		if ( @displays[$i] ) {
+			print "@displays[$i]\n";
+		}
+	}
 }
 # closing syslog 
 closelog;
diff --git a/x2goserver/bin/x2gostartagent b/x2goserver/bin/x2gostartagent
index 5d9ffb1..dde18cf 100755
--- a/x2goserver/bin/x2gostartagent
+++ b/x2goserver/bin/x2gostartagent
@@ -60,7 +60,18 @@ fi
 
 REMOTE=localhost
 
-X2GO_CLIENT=`echo $SSH_CLIENT | awk '{print $1}'`
+# shadow sessions (via x2godesktopsharing) set the X2GO_CLIENT var in the process environment
+# so either it is already set or we obtain it from SSH_CLIENT/SSH_CONNECTION
+if [ -z "$X2GO_CLIENT" ] && [ -n "$SSH_CLIENT" ]; then
+	X2GO_CLIENT=`echo $SSH_CLIENT | awk '{print $1}'`
+elif [ -z "$X2GO_CLIENT" ] && [ -n "$SSH_CONNECTION" ]; then
+	X2GO_CLIENT=`echo $SSH_CONNECTION | awk '{print $1}'`
+fi
+if [ -z "$X2GO_CLIENT" ]; then
+	echo "The \$X2GO_CLIENT environment variable is not set (due to neither \$SSH_CLIENT nor \$SSH_CONNECTION variable being set). Aborting session startup."
+	exit -3
+fi
+
 $X2GO_LIB_PATH/x2gosyslog "$0" "debug" "client announced itself as ,,$X2GO_CLIENT''"
 
 X2GO_GEOMETRY="$1"; shift
@@ -72,10 +83,11 @@ X2GO_KBD_TYPE="$1"; shift
 X2GO_SET_KBD="$1"; shift
 X2GO_STYPE="$1"; shift
 X2GO_CMD="$1"; shift
-X2GO_CLIPBOARD="$1"; shift
 X2GO_RESIZE=1
 X2GO_FULLSCREEN=0
 
+X2GO_CLIPBOARD=""
+
 XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"}
 
 
@@ -85,16 +97,16 @@ if [ "$X2GO_STYPE" == "S" ]; then
 	SHADOW_USER=`echo $X2GO_CMD |awk '{split($0,a,"XSHAD"); print a[2]}'`
 	SHADOW_DESKTOP=`echo $X2GO_CMD |awk '{split($0,a,"XSHAD"); print a[3]}'`
 
-	test -z $1 && { 
+	if [ -z "$1" ]; then
 
 		# can this line be removed?
 		#echo "suser $SHADOW_USER user $USER " >> /tmp/uagent
 
 		$X2GO_LIB_PATH/x2gosyslog "$0" "debug" "shadow session requested: mode $SHADOW_MODE, user: $SHADOW_USER, desktop: $SHADOW_DESKTOP"
-	} || {
+	else
 		SHADREQ_USER="$1"; shift
 		$X2GO_LIB_PATH/x2gosyslog "$0" "debug" "preparing shadow session request for user $SHADREQ_USER, agent starts for user ${USER}"
-	}
+	fi
 
 	if [ "$SHADOW_USER" != "$USER" ]; then
 
@@ -104,8 +116,12 @@ if [ "$X2GO_STYPE" == "S" ]; then
 		$X2GO_LIB_PATH/x2gosyslog "$0" "debug" "command result is: $OUTPUT"
 		if [ "${OUTPUT:0:4}" == "DENY" ]; then
 			echo "ACCESS DENIED" 1>&2
+			DENIAL_REASON="${OUTPUT:5}"
+			if [ -z "$DENIAL_REASON" ]; then
+				DENIAL_REASON="the user ,,$SHADOW_USER'' does not seem to have desktop sharing activated"
+			fi
 			$X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: user $SHADOW_USER denied desktop sharing session"
-			$X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: reason: for desktop sharing denial ${OUTPUT:5}"
+			$X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: reason: for desktop sharing denial ${DENIAL_REASON}"
 			exit -1
 		fi
 		X2GO_COOKIE=`echo $OUTPUT | awk '{print $2}'`
@@ -123,6 +139,8 @@ if [ "$X2GO_STYPE" == "S" ]; then
 		echo $OUTPUT | awk '{print $6}'
 		echo $OUTPUT | awk '{print $7}'
 		exit 0
+	else
+		X2GO_CLIPBOARD="$1"; shift
 	fi
 fi
 
@@ -257,7 +275,15 @@ STATE_FILE="${X2GO_ROOT}/C-${SESSION_NAME}/state"
 # do not use $TMP or $TEMP here, the session.log file location has to be accessible by root
 SESSION_LOG="${SESSION_DIR}/session.log"
 mkdir -p "${SESSION_DIR}"
-chmod -f 0700 "${SESSION_DIR}"
+if [ "x$X2GO_STYPE" = "xS" ]; then
+	chmod -f 0710 "${SESSION_DIR}"
+	if groups "$USER" | grep x2godesktopsharing 1>/dev/null 2>/dev/null; then
+		$X2GO_LIB_PATH/x2gosyslog "$0" "info" "user ,,$USER'' grants access to ${SESSION_DIR} for group ,,x2godesktopsharing''"
+		chown :x2godesktopsharing "${SESSION_DIR}"
+	fi
+else
+	chmod -f 0700 "${SESSION_DIR}"
+fi
 touch "${SESSION_LOG}"
 chmod -f 0600 "${SESSION_LOG}"
 
diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl
index 7352a28..deb0925 100755
--- a/x2goserver/lib/x2gosqlitewrapper.pl
+++ b/x2goserver/lib/x2gosqlitewrapper.pl
@@ -522,7 +522,7 @@ sub check_user
 	# session id looks like someuser-51-1304005895_stDgnome-session_dp24
 	# during DB insertsession it only looks like someuser-51-1304005895
 	my $user = "$sid";
-	$user =~ s/$realuser-[0-9]{2,}-[0-9]{10,}.*/$realuser/;
+	$user =~ s/($realuser-[0-9]{2,}-[0-9]{10,}_st(D|R).*|.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD$realuser.*)/$realuser/;
 	$user eq $realuser or die "$realuser is not authorized";
 }
 
diff --git a/x2goserver/lib/x2goutils.pm b/x2goserver/lib/x2goutils.pm
index 13957c0..a7eb265 100644
--- a/x2goserver/lib/x2goutils.pm
+++ b/x2goserver/lib/x2goutils.pm
@@ -49,7 +49,7 @@ sub sanitizer {
 		$string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g;
 		if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) {
 			$string = $1;
-			if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-]*\_dp[\d]{1,2}$/) {
+			if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,31}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {
 				if ((length($1) > 0) and (length($1) < 48)){
 					return $string;
 				} else {return 0;}
diff --git a/x2goserver/sbin/x2gocleansessions b/x2goserver/sbin/x2gocleansessions
index 8ce3a68..db38e1e 100755
--- a/x2goserver/sbin/x2gocleansessions
+++ b/x2goserver/sbin/x2gocleansessions
@@ -88,7 +88,16 @@ sub is_running
 sub get_agent_state
 {
 	my $sess=@_[0];
-	my $user=@_[1];
+	my $user;
+
+	if ( $sess =~ m/.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD.*XSHADPP.*/ ) {
+		my $shadow_user = $sess;
+		$shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/;
+		$user = $shadow_user;
+	} else {
+		$user=@_[1];
+	}
+
 	my $state;
 	my $stateFile = "/tmp/.x2go-".$user."/C-".$sess."/state";
 	if (! -e $stateFile )
diff --git a/x2goserver/sbin/x2golistsessions_root b/x2goserver/sbin/x2golistsessions_root
index 8f9c06e..3686af3 100755
--- a/x2goserver/sbin/x2golistsessions_root
+++ b/x2goserver/sbin/x2golistsessions_root
@@ -44,7 +44,16 @@ sub is_suspended
 sub has_agent_state_file
 {
 	my $sess=@_[0];
-	my $user=@_[1];
+	my $user;
+
+	if ( $sess =~ m/.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD.*XSHADPP.*/ ) {
+		my $shadow_user = $sess;
+		$shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/;
+		$user = $shadow_user;
+	} else {
+		$user=@_[1];
+	}
+
 	my $stateFile;
 	if ( -d "/tmp-inst/${user}/.x2go-${user}" ) {
 		$stateFile="/tmp-inst/${user}/.x2go-".$user."/C-".$sess."/state";
@@ -61,7 +70,16 @@ sub has_agent_state_file
 sub get_agent_state
 {
 	my $sess=@_[0];
-	my $user=@_[1];
+	my $user;
+
+	if ( $sess =~ m/.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD.*XSHADPP.*/ ) {
+		my $shadow_user = $sess;
+		$shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/;
+		$user = $shadow_user;
+	} else {
+		$user=@_[1];
+	}
+
 	my $state;
 	my $stateFile = "/tmp/.x2go-".$user."/C-".$sess."/state";
 	if (! -e $stateFile )

--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git

More information about the x2go-commits mailing list