[X2Go-Commits] [x2goclient] 31/47: onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when starting sshd in user mode.

git-admin at x2go.org git-admin at x2go.org
Thu Jun 4 01:46:36 CEST 2015


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch bugfix/osx
in repository x2goclient.

commit 9d6e8f87bb026332aba998f41a35b4f8ce713881
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Sat Mar 21 03:58:18 2015 +0100

    onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when starting sshd in user mode.
    
    Put the authorized_keys file in there. Check and set correct permissions
    for both the directory and authorized_keys file. Generalize some
    Windows-specific sections by using QDir and QFile.
---
 debian/changelog     |    4 ++
 src/onmainwindow.cpp |  183 +++++++++++++++++++++++++++++++++-----------------
 2 files changed, 126 insertions(+), 61 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 88fd88c..e4d43dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -98,6 +98,10 @@ x2goclient (4.0.4.1-0x2go1) UNRELEASED; urgency=low
       warnings with GCC. Fix a few whitespace issues.
     - appdialog.cpp: initialize parent in default case. Another GCC compile
       warning fix.
+    - onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when
+      starting sshd in user mode. Put the authorized_keys file in there. Check
+      and set correct permissions for both the directory and authorized_keys
+      file. Generalize some Windows-specific sections by using QDir and QFile.
 
  -- X2Go Release Manager <git-admin at x2go.org>  Tue, 26 May 2015 21:42:09 +0200
 
diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp
index 82ac6b4..03710a5 100644
--- a/src/onmainwindow.cpp
+++ b/src/onmainwindow.cpp
@@ -7918,43 +7918,54 @@ void ONMainWindow::slotRetExportDir ( bool result,QString output,
 
     QByteArray line = file.readLine();
     file.close();
-    QString authofname=homeDir;
-#ifdef Q_OS_WIN
-    QDir dir;
-    dir.mkpath ( authofname+"\\.x2go\\.ssh" );
 
-    x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh";
+    QDir authorized_keys_dir (homeDir);
 
-    authofname=wapiShortFileName ( authofname ) +"/.x2go";
-#endif
-    authofname+="/.ssh/authorized_keys" ;
-    file.setFileName ( authofname );
-    if ( !file.open ( QIODevice::ReadOnly | QIODevice::Text ) )
-    {
-        printSshDError_noAuthorizedKeysFile();
-        QFile::remove
-        ( key+".pub" );
-        return;
+    /*
+     * Do the user SSHD/global SSHD dance here and either use the
+     * private .x2go/.ssh or the global .ssh dir.
+     */
+    if (userSshd) {
+      authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/");
     }
 
+    authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/");
+    QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys");
 
-    QTemporaryFile tfile ( authofname );
-    tfile.open();
-    tfile.setAutoRemove ( true );
-    QTextStream out ( &tfile );
+    /*
+     * We do not try to create the file first.
+     * This has been already done in startX2goMount().
+     * We wouldn't be here if that failed.
+     */
+    if (!authorized_keys_file.open (QIODevice::ReadOnly | QIODevice::Text)) {
+      printSshDError_noAuthorizedKeysFile ();
+      QFile::remove (key + ".pub");
+      return;
+    }
 
-    while ( !file.atEnd() )
-    {
-        QByteArray newline = file.readLine();
-        if ( newline!=line )
-            out<<newline;
+    QTemporaryFile tfile (authorized_keys_file.fileName ());
+    tfile.open ();
+    tfile.setPermissions (QFile::ReadOwner | QFile::WriteOwner);
+    tfile.setAutoRemove (true);
+    QTextStream out (&tfile);
+
+    /*
+     * Copy the content of the authorized_keys file to our new temporary file
+     * and remove the public authorized key for the current "session" again.
+     */
+    while (!authorized_keys_file.atEnd ()) {
+      QByteArray newline = authorized_keys_file.readLine ();
+      if (newline != line)
+        out << newline;
     }
-    file.close();
-    tfile.close();
-    file.remove();
-    tfile.copy ( authofname );
-    QFile::remove
-    ( key+".pub" );
+
+    authorized_keys_file.close ();
+    tfile.close ();
+
+    authorized_keys_file.remove ();
+
+    tfile.copy (authorized_keys_file.fileName ());
+    QFile::remove (key + ".pub");
 }
 
 
@@ -9177,41 +9188,90 @@ void ONMainWindow::startX2goMount()
 
     QByteArray line = file.readLine();
     file.close();
-    QString authofname=homeDir;
-#ifdef Q_OS_WIN
-    QDir tdir;
-    tdir.mkpath ( authofname+"\\.x2go\\.ssh" );
 
-    x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh";
+    QDir authorized_keys_dir (homeDir);
 
-    authofname=wapiShortFileName ( authofname ) +"/.x2go";
-#endif
-    authofname+= "/.ssh/authorized_keys" ;
+    /*
+     * Do the user SSHD/global SSHD dance here and either use the
+     * private .x2go/.ssh or the global .ssh dir.
+     */
+    if (userSshd) {
+      authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/");
+    }
 
-    QFile file1 ( authofname );
+    authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/");
+    QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys");
 
-    if ( !file1.open ( QIODevice::WriteOnly | QIODevice::Text |
-                       QIODevice::Append ) )
-    {
-        QString message=tr ( "Unable to write:\n" ) + authofname;
-        QMessageBox::critical ( 0l,tr ( "Error" ),message,
-                                QMessageBox::Ok,
-                                QMessageBox::NoButton );
-        QFile::remove
-        ( fsExportKey+".pub" );
-        return;
+    if (userSshd) {
+      x2goDebug << "Creating dir " << authorized_keys_dir.absolutePath ();
+      authorized_keys_dir.mkpath (authorized_keys_dir.absolutePath ());
+    }
 
+    x2goDebug << "Potentially creating file " << authorized_keys_file.fileName ();
+    if (!authorized_keys_file.open (QIODevice::WriteOnly | QIODevice::Text | QIODevice::Append)) {
+      QString message = tr ("Unable to create or append to file: ") + authorized_keys_file.fileName ();
+      QMessageBox::critical (0l, tr ("Error"), message,
+                             QMessageBox::Ok, QMessageBox::NoButton);
+      QFile::remove (fsExportKey + ".pub");
+      return;
     }
-    directory* dir=getExpDir ( fsExportKey );
-    bool rem=dir->isRemovable;
-    if ( !dir )
-        return;
 
-    QTextStream out ( &file1 );
-    out<<line;
-    file1.close();
+#ifdef Q_OS_UNIX
+    QFile::Permissions authorized_keys_file_perm = authorized_keys_file.permissions ();
+    QFile::Permissions authorized_keys_file_target_perm = QFile::ReadOwner | QFile::WriteOwner;
+
+    bool permission_error = false;
+
+    /*
+     * Try to set the permissions if they are wrong.
+     * (sshd would disallow such a file.)
+     */
+    if (authorized_keys_file_perm != authorized_keys_file_target_perm) {
+      if (!authorized_keys_file.setPermissions (authorized_keys_file_target_perm)) {
+        /* FIXME: use a function for this... */
+        QString message = tr ("Unable to change the permissions of file: ") + authorized_keys_file.fileName ();
+        message += "\n" + tr ("This is an error because sshd would deny such a file.");
+        QMessageBox::critical (NULL, tr ("Error"), message,
+                               QMessageBox::Ok, QMessageBox::NoButton);
+        permission_error = true;
+      }
+    }
+
+    QFile::Permissions authorized_keys_dir_perm = QFile (authorized_keys_dir.absolutePath ()).permissions ();
+    QFile::Permissions authorized_keys_dir_target_perm = QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner;
+
+    /*
+     * Try to set the permissions if they are wrong.
+     * (sshd would disallow such a directory.)
+     */
+    if (authorized_keys_dir_perm != authorized_keys_dir_target_perm) {
+      if (!QFile (authorized_keys_dir.absolutePath ()).setPermissions (authorized_keys_dir_target_perm)) {
+        /* FIXME: use a function for this... */
+        QString message = tr ("Unable to change the permissions of directory: ") + authorized_keys_dir.absolutePath ();
+        message += "\n" + tr ("This is an error because sshd would deny such a directory.");
+        QMessageBox::critical (NULL, tr ("Error"), message,
+                               QMessageBox::Ok, QMessageBox::NoButton);
+        permission_error = true;
+      }
+    }
+
+    if (permission_error) {
+      QFile::remove (fsExportKey + ".pub");
+      return;
+    }
+#endif /* defined (Q_OS_UNIX) */
+
+    directory* dir = getExpDir (fsExportKey);
+    bool rem = dir->isRemovable;
+    if (!dir) {
+      return;
+    }
 
-    x2goDebug<<"Temporarily activated public key from file "<<fsExportKey<<".pub."<<endl;
+    QTextStream out (&authorized_keys_file);
+    out << line;
+    authorized_keys_file.close ();
+
+    x2goDebug << "Temporarily activated public key from file " << fsExportKey << ".pub.";
 
     QString passwd=getCurrentPass();
     QString user=getCurrentUname();
@@ -9985,18 +10045,19 @@ void ONMainWindow::generateEtcFiles()
     QFile file ( etcDir +"/sshd_config" );
     if ( !file.open ( QIODevice::WriteOnly | QIODevice::Text ) )
         return;
+    QString authKeyPath = homeDir + "/.x2go/.ssh/authorized_keys";
 #ifdef Q_OS_WIN
-    QString authKeyPath=cygwinPath ( homeDir+"/.x2go/.ssh/authorized_keys" );
-    authKeyPath.replace(wapiGetUserName(),"%u");
-#endif
+    authKeyPath = cygwinPath (authKeyPath);
+    authKeyPath.replace (wapiGetUserName (), "%u");
+#endif /* defined (Q_OS_WIN) */
     QTextStream out ( &file );
     out<<"StrictModes no\n"<<
        "UsePrivilegeSeparation no\n"<<
        "PidFile " + varDir + "/sshd.pid\n" <<
+       "AuthorizedKeysFile \"" << authKeyPath << "\"\n" <<
 #ifdef Q_OS_WIN
        "Subsystem shell "<< wapiShortFileName ( appDir) +"/sh"+"\n"<<
        "Subsystem sftp "<< wapiShortFileName ( appDir) +"/sftp-server"+"\n"<<
-       "AuthorizedKeysFile \""<<authKeyPath<<"\"";
 #else
        "Subsystem sftp "
        <<appDir<<"/sftp-server\n";

--
Alioth's /srv/git/code.x2go.org/x2goclient.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goclient.git


More information about the x2go-commits mailing list