[X2Go-Commits] [x2goserver] 01/01: Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes).
git-admin at x2go.org
git-admin at x2go.org
Mon Nov 17 09:50:14 CET 2014
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch release/4.0.1.x
in repository x2goserver.
commit cf4ce1f6209260867a17c5fde0e8e14cd318ffb4
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Mon Nov 17 09:43:36 2014 +0100
Fix cross-user X2Go Desktop Sharing after being broken by implementing clipboard mode feature (and probably other code changes).
---
debian/changelog | 2 ++
x2goserver/bin/x2golistdesktops | 17 +++++++++-----
x2goserver/bin/x2gostartagent | 40 +++++++++++++++++++++++++++------
x2goserver/lib/x2gosqlitewrapper.pl | 2 +-
x2goserver/lib/x2goutils.pm | 2 +-
x2goserver/sbin/x2gocleansessions | 11 ++++++++-
x2goserver/sbin/x2golistsessions_root | 22 ++++++++++++++++--
7 files changed, 79 insertions(+), 17 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 33fb844..e6edd03 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -45,6 +45,8 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium
- Make SSH agent forwarding work after having reconnected via SSH and
having resumed a session. (Fixes: #672). Thanks to Robert Siemer for coming
up with that idea.
+ - Fix cross-user X2Go Desktop Sharing after being broken by implementing
+ clipboard mode feature (and probably other code changes).
* debian/control:
+ Add D (x2goserver): libfile-which-perl.
* debian/x2goserver.docs:
diff --git a/x2goserver/bin/x2golistdesktops b/x2goserver/bin/x2golistdesktops
index 7c7afa2..78ea8c3 100755
--- a/x2goserver/bin/x2golistdesktops
+++ b/x2goserver/bin/x2golistdesktops
@@ -85,20 +85,27 @@ for(my $i=0;$i<@outp;$i++)
}
}
-my $outp=`ls -1 /tmp/ | grep x2godesktopsharing_`;
+my $outp=`ls -1 /tmp/ | grep x2godesktopsharing_\@*\@:*`;
@outp=split("\n","$outp");
for(my $i=0;$i<@outp;$i++)
{
my @ln=split("\@", at outp[$i]);
- if ( @ln[1] ne $uname )
- {
- push (@displays, "@ln[1]\@@ln[2]\n");
+ if (( -r "/tmp/@outp[$i]" ) and ( -w "/tmp/@outp[$i]" )) {
+ my @ln=split("\@", at outp[$i]);
+ if ( @ln[1] ne $uname )
+ {
+ push (@displays, "@ln[1]\@@ln[2]");
+ }
}
}
if (@displays) {
- print "@displays\n";
+ for(my $i=0;$i<@displays;$i++) {
+ if ( @displays[$i] ) {
+ print "@displays[$i]\n";
+ }
+ }
}
# closing syslog
closelog;
diff --git a/x2goserver/bin/x2gostartagent b/x2goserver/bin/x2gostartagent
index 5d9ffb1..dde18cf 100755
--- a/x2goserver/bin/x2gostartagent
+++ b/x2goserver/bin/x2gostartagent
@@ -60,7 +60,18 @@ fi
REMOTE=localhost
-X2GO_CLIENT=`echo $SSH_CLIENT | awk '{print $1}'`
+# shadow sessions (via x2godesktopsharing) set the X2GO_CLIENT var in the process environment
+# so either it is already set or we obtain it from SSH_CLIENT/SSH_CONNECTION
+if [ -z "$X2GO_CLIENT" ] && [ -n "$SSH_CLIENT" ]; then
+ X2GO_CLIENT=`echo $SSH_CLIENT | awk '{print $1}'`
+elif [ -z "$X2GO_CLIENT" ] && [ -n "$SSH_CONNECTION" ]; then
+ X2GO_CLIENT=`echo $SSH_CONNECTION | awk '{print $1}'`
+fi
+if [ -z "$X2GO_CLIENT" ]; then
+ echo "The \$X2GO_CLIENT environment variable is not set (due to neither \$SSH_CLIENT nor \$SSH_CONNECTION variable being set). Aborting session startup."
+ exit -3
+fi
+
$X2GO_LIB_PATH/x2gosyslog "$0" "debug" "client announced itself as ,,$X2GO_CLIENT''"
X2GO_GEOMETRY="$1"; shift
@@ -72,10 +83,11 @@ X2GO_KBD_TYPE="$1"; shift
X2GO_SET_KBD="$1"; shift
X2GO_STYPE="$1"; shift
X2GO_CMD="$1"; shift
-X2GO_CLIPBOARD="$1"; shift
X2GO_RESIZE=1
X2GO_FULLSCREEN=0
+X2GO_CLIPBOARD=""
+
XAUTHORITY=${XAUTHORITY:-"$HOME/.Xauthority"}
@@ -85,16 +97,16 @@ if [ "$X2GO_STYPE" == "S" ]; then
SHADOW_USER=`echo $X2GO_CMD |awk '{split($0,a,"XSHAD"); print a[2]}'`
SHADOW_DESKTOP=`echo $X2GO_CMD |awk '{split($0,a,"XSHAD"); print a[3]}'`
- test -z $1 && {
+ if [ -z "$1" ]; then
# can this line be removed?
#echo "suser $SHADOW_USER user $USER " >> /tmp/uagent
$X2GO_LIB_PATH/x2gosyslog "$0" "debug" "shadow session requested: mode $SHADOW_MODE, user: $SHADOW_USER, desktop: $SHADOW_DESKTOP"
- } || {
+ else
SHADREQ_USER="$1"; shift
$X2GO_LIB_PATH/x2gosyslog "$0" "debug" "preparing shadow session request for user $SHADREQ_USER, agent starts for user ${USER}"
- }
+ fi
if [ "$SHADOW_USER" != "$USER" ]; then
@@ -104,8 +116,12 @@ if [ "$X2GO_STYPE" == "S" ]; then
$X2GO_LIB_PATH/x2gosyslog "$0" "debug" "command result is: $OUTPUT"
if [ "${OUTPUT:0:4}" == "DENY" ]; then
echo "ACCESS DENIED" 1>&2
+ DENIAL_REASON="${OUTPUT:5}"
+ if [ -z "$DENIAL_REASON" ]; then
+ DENIAL_REASON="the user ,,$SHADOW_USER'' does not seem to have desktop sharing activated"
+ fi
$X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: user $SHADOW_USER denied desktop sharing session"
- $X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: reason: for desktop sharing denial ${OUTPUT:5}"
+ $X2GO_LIB_PATH/x2gosyslog "$0" "err" "ERROR: reason: for desktop sharing denial ${DENIAL_REASON}"
exit -1
fi
X2GO_COOKIE=`echo $OUTPUT | awk '{print $2}'`
@@ -123,6 +139,8 @@ if [ "$X2GO_STYPE" == "S" ]; then
echo $OUTPUT | awk '{print $6}'
echo $OUTPUT | awk '{print $7}'
exit 0
+ else
+ X2GO_CLIPBOARD="$1"; shift
fi
fi
@@ -257,7 +275,15 @@ STATE_FILE="${X2GO_ROOT}/C-${SESSION_NAME}/state"
# do not use $TMP or $TEMP here, the session.log file location has to be accessible by root
SESSION_LOG="${SESSION_DIR}/session.log"
mkdir -p "${SESSION_DIR}"
-chmod -f 0700 "${SESSION_DIR}"
+if [ "x$X2GO_STYPE" = "xS" ]; then
+ chmod -f 0710 "${SESSION_DIR}"
+ if groups "$USER" | grep x2godesktopsharing 1>/dev/null 2>/dev/null; then
+ $X2GO_LIB_PATH/x2gosyslog "$0" "info" "user ,,$USER'' grants access to ${SESSION_DIR} for group ,,x2godesktopsharing''"
+ chown :x2godesktopsharing "${SESSION_DIR}"
+ fi
+else
+ chmod -f 0700 "${SESSION_DIR}"
+fi
touch "${SESSION_LOG}"
chmod -f 0600 "${SESSION_LOG}"
diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl
index 7352a28..deb0925 100755
--- a/x2goserver/lib/x2gosqlitewrapper.pl
+++ b/x2goserver/lib/x2gosqlitewrapper.pl
@@ -522,7 +522,7 @@ sub check_user
# session id looks like someuser-51-1304005895_stDgnome-session_dp24
# during DB insertsession it only looks like someuser-51-1304005895
my $user = "$sid";
- $user =~ s/$realuser-[0-9]{2,}-[0-9]{10,}.*/$realuser/;
+ $user =~ s/($realuser-[0-9]{2,}-[0-9]{10,}_st(D|R).*|.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD$realuser.*)/$realuser/;
$user eq $realuser or die "$realuser is not authorized";
}
diff --git a/x2goserver/lib/x2goutils.pm b/x2goserver/lib/x2goutils.pm
index 13957c0..a7eb265 100644
--- a/x2goserver/lib/x2goutils.pm
+++ b/x2goserver/lib/x2goutils.pm
@@ -49,7 +49,7 @@ sub sanitizer {
$string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g;
if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) {
$string = $1;
- if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-]*\_dp[\d]{1,2}$/) {
+ if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,31}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {
if ((length($1) > 0) and (length($1) < 48)){
return $string;
} else {return 0;}
diff --git a/x2goserver/sbin/x2gocleansessions b/x2goserver/sbin/x2gocleansessions
index 8ce3a68..db38e1e 100755
--- a/x2goserver/sbin/x2gocleansessions
+++ b/x2goserver/sbin/x2gocleansessions
@@ -88,7 +88,16 @@ sub is_running
sub get_agent_state
{
my $sess=@_[0];
- my $user=@_[1];
+ my $user;
+
+ if ( $sess =~ m/.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD.*XSHADPP.*/ ) {
+ my $shadow_user = $sess;
+ $shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/;
+ $user = $shadow_user;
+ } else {
+ $user=@_[1];
+ }
+
my $state;
my $stateFile = "/tmp/.x2go-".$user."/C-".$sess."/state";
if (! -e $stateFile )
diff --git a/x2goserver/sbin/x2golistsessions_root b/x2goserver/sbin/x2golistsessions_root
index 8f9c06e..3686af3 100755
--- a/x2goserver/sbin/x2golistsessions_root
+++ b/x2goserver/sbin/x2golistsessions_root
@@ -44,7 +44,16 @@ sub is_suspended
sub has_agent_state_file
{
my $sess=@_[0];
- my $user=@_[1];
+ my $user;
+
+ if ( $sess =~ m/.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD.*XSHADPP.*/ ) {
+ my $shadow_user = $sess;
+ $shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/;
+ $user = $shadow_user;
+ } else {
+ $user=@_[1];
+ }
+
my $stateFile;
if ( -d "/tmp-inst/${user}/.x2go-${user}" ) {
$stateFile="/tmp-inst/${user}/.x2go-".$user."/C-".$sess."/state";
@@ -61,7 +70,16 @@ sub has_agent_state_file
sub get_agent_state
{
my $sess=@_[0];
- my $user=@_[1];
+ my $user;
+
+ if ( $sess =~ m/.*-[0-9]{2,}-[0-9]{10,}_stS(0|1)XSHAD.*XSHADPP.*/ ) {
+ my $shadow_user = $sess;
+ $shadow_user =~ s/.*XSHAD(.*)XSHADPP.*/$1/;
+ $user = $shadow_user;
+ } else {
+ $user=@_[1];
+ }
+
my $state;
my $stateFile = "/tmp/.x2go-".$user."/C-".$sess."/state";
if (! -e $stateFile )
--
Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git
More information about the x2go-commits
mailing list