This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch bugfix/osx in repository x2goclient.
commit 075bc6a678ca92a0eac5d949621d04880d25e661 Author: Mihai Moldovan <io...@ionic.de> Date: Sat Mar 21 03:58:18 2015 +0100 onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when starting sshd in user mode. Put the authorized_keys file in there. Check and set correct permissions for both the directory and authorized_keys file. Generalize some Windows-specific sections by using QDir and QFile. --- debian/changelog | 4 ++ src/onmainwindow.cpp | 183 +++++++++++++++++++++++++++++++++----------------- 2 files changed, 126 insertions(+), 61 deletions(-) diff --git a/debian/changelog b/debian/changelog index 5892026..1919e33 100644 --- a/debian/changelog +++ b/debian/changelog @@ -59,6 +59,10 @@ x2goclient (4.0.5.3-0x2go1) UNRELEASED; urgency=medium warnings with GCC. Fix a few whitespace issues. - appdialog.cpp: initialize parent in default case. Another GCC compile warning fix. + - onmainwindow.cpp: correctly use ~/.x2go/.ssh as ssh directory when + starting sshd in user mode. Put the authorized_keys file in there. Check + and set correct permissions for both the directory and authorized_keys + file. Generalize some Windows-specific sections by using QDir and QFile. -- X2Go Release Manager <git-ad...@x2go.org> Mon, 19 Sep 2016 09:07:07 +0200 diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp index 6fbf930..915d092 100644 --- a/src/onmainwindow.cpp +++ b/src/onmainwindow.cpp @@ -8222,43 +8222,54 @@ void ONMainWindow::slotRetExportDir ( bool result,QString output, QByteArray line = file.readLine(); file.close(); - QString authofname=homeDir; -#ifdef Q_OS_WIN - QDir dir; - dir.mkpath ( authofname+"\\.x2go\\.ssh" ); - x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh"; + QDir authorized_keys_dir (homeDir); - authofname=wapiShortFileName ( authofname ) +"/.x2go"; -#endif - authofname+="/.ssh/authorized_keys" ; - file.setFileName ( authofname ); - if ( !file.open ( QIODevice::ReadOnly | QIODevice::Text ) ) - { - printSshDError_noAuthorizedKeysFile(); - QFile::remove - ( key+".pub" ); - return; + /* + * Do the user SSHD/global SSHD dance here and either use the + * private .x2go/.ssh or the global .ssh dir. + */ + if (userSshd) { + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/"); } + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/"); + QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys"); + + /* + * We do not try to create the file first. + * This has been already done in startX2goMount(). + * We wouldn't be here if that failed. + */ + if (!authorized_keys_file.open (QIODevice::ReadOnly | QIODevice::Text)) { + printSshDError_noAuthorizedKeysFile (); + QFile::remove (key + ".pub"); + return; + } - QTemporaryFile tfile ( authofname ); - tfile.open(); - tfile.setAutoRemove ( true ); - QTextStream out ( &tfile ); + QTemporaryFile tfile (authorized_keys_file.fileName ()); + tfile.open (); + tfile.setPermissions (QFile::ReadOwner | QFile::WriteOwner); + tfile.setAutoRemove (true); + QTextStream out (&tfile); - while ( !file.atEnd() ) - { - QByteArray newline = file.readLine(); - if ( newline!=line ) - out<<newline; + /* + * Copy the content of the authorized_keys file to our new temporary file + * and remove the public authorized key for the current "session" again. + */ + while (!authorized_keys_file.atEnd ()) { + QByteArray newline = authorized_keys_file.readLine (); + if (newline != line) + out << newline; } - file.close(); - tfile.close(); - file.remove(); - tfile.copy ( authofname ); - QFile::remove - ( key+".pub" ); + + authorized_keys_file.close (); + tfile.close (); + + authorized_keys_file.remove (); + + tfile.copy (authorized_keys_file.fileName ()); + QFile::remove (key + ".pub"); } @@ -9489,41 +9500,90 @@ void ONMainWindow::startX2goMount() QByteArray line = file.readLine(); file.close(); - QString authofname=homeDir; -#ifdef Q_OS_WIN - QDir tdir; - tdir.mkpath ( authofname+"\\.x2go\\.ssh" ); - x2goDebug<<"Creating "<<authofname+"\\.x2go\\.ssh"; + QDir authorized_keys_dir (homeDir); - authofname=wapiShortFileName ( authofname ) +"/.x2go"; -#endif - authofname+= "/.ssh/authorized_keys" ; + /* + * Do the user SSHD/global SSHD dance here and either use the + * private .x2go/.ssh or the global .ssh dir. + */ + if (userSshd) { + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.x2go/"); + } - QFile file1 ( authofname ); + authorized_keys_dir = QDir (authorized_keys_dir.absolutePath () + "/.ssh/"); + QFile authorized_keys_file (authorized_keys_dir.absolutePath () + "/authorized_keys"); - if ( !file1.open ( QIODevice::WriteOnly | QIODevice::Text | - QIODevice::Append ) ) - { - QString message=tr ( "Unable to write:\n" ) + authofname; - QMessageBox::critical ( 0l,tr ( "Error" ),message, - QMessageBox::Ok, - QMessageBox::NoButton ); - QFile::remove - ( fsExportKey+".pub" ); - return; + if (userSshd) { + x2goDebug << "Creating dir " << authorized_keys_dir.absolutePath (); + authorized_keys_dir.mkpath (authorized_keys_dir.absolutePath ()); + } + x2goDebug << "Potentially creating file " << authorized_keys_file.fileName (); + if (!authorized_keys_file.open (QIODevice::WriteOnly | QIODevice::Text | QIODevice::Append)) { + QString message = tr ("Unable to create or append to file: ") + authorized_keys_file.fileName (); + QMessageBox::critical (0l, tr ("Error"), message, + QMessageBox::Ok, QMessageBox::NoButton); + QFile::remove (fsExportKey + ".pub"); + return; } - directory* dir=getExpDir ( fsExportKey ); - bool rem=dir->isRemovable; - if ( !dir ) - return; - QTextStream out ( &file1 ); - out<<line; - file1.close(); +#ifdef Q_OS_UNIX + QFile::Permissions authorized_keys_file_perm = authorized_keys_file.permissions (); + QFile::Permissions authorized_keys_file_target_perm = QFile::ReadOwner | QFile::WriteOwner; + + bool permission_error = false; + + /* + * Try to set the permissions if they are wrong. + * (sshd would disallow such a file.) + */ + if (authorized_keys_file_perm != authorized_keys_file_target_perm) { + if (!authorized_keys_file.setPermissions (authorized_keys_file_target_perm)) { + /* FIXME: use a function for this... */ + QString message = tr ("Unable to change the permissions of file: ") + authorized_keys_file.fileName (); + message += "\n" + tr ("This is an error because sshd would deny such a file."); + QMessageBox::critical (NULL, tr ("Error"), message, + QMessageBox::Ok, QMessageBox::NoButton); + permission_error = true; + } + } + + QFile::Permissions authorized_keys_dir_perm = QFile (authorized_keys_dir.absolutePath ()).permissions (); + QFile::Permissions authorized_keys_dir_target_perm = QFile::ReadOwner | QFile::WriteOwner | QFile::ExeOwner; + + /* + * Try to set the permissions if they are wrong. + * (sshd would disallow such a directory.) + */ + if (authorized_keys_dir_perm != authorized_keys_dir_target_perm) { + if (!QFile (authorized_keys_dir.absolutePath ()).setPermissions (authorized_keys_dir_target_perm)) { + /* FIXME: use a function for this... */ + QString message = tr ("Unable to change the permissions of directory: ") + authorized_keys_dir.absolutePath (); + message += "\n" + tr ("This is an error because sshd would deny such a directory."); + QMessageBox::critical (NULL, tr ("Error"), message, + QMessageBox::Ok, QMessageBox::NoButton); + permission_error = true; + } + } - x2goDebug<<"Temporarily activated public key from file "<<fsExportKey<<".pub."<<endl; + if (permission_error) { + QFile::remove (fsExportKey + ".pub"); + return; + } +#endif /* defined (Q_OS_UNIX) */ + + directory* dir = getExpDir (fsExportKey); + bool rem = dir->isRemovable; + if (!dir) { + return; + } + + QTextStream out (&authorized_keys_file); + out << line; + authorized_keys_file.close (); + + x2goDebug << "Temporarily activated public key from file " << fsExportKey << ".pub."; QString passwd=getCurrentPass(); QString user=getCurrentUname(); @@ -10306,18 +10366,19 @@ void ONMainWindow::generateEtcFiles() QFile file ( etcDir +"/sshd_config" ); if ( !file.open ( QIODevice::WriteOnly | QIODevice::Text ) ) return; + QString authKeyPath = homeDir + "/.x2go/.ssh/authorized_keys"; #ifdef Q_OS_WIN - QString authKeyPath=cygwinPath ( homeDir+"/.x2go/.ssh/authorized_keys" ); - authKeyPath.replace(wapiGetUserName(),"%u"); -#endif + authKeyPath = cygwinPath (authKeyPath); + authKeyPath.replace (wapiGetUserName (), "%u"); +#endif /* defined (Q_OS_WIN) */ QTextStream out ( &file ); out<<"StrictModes no\n"<< "UsePrivilegeSeparation no\n"<< "PidFile \"" + varDir + "/sshd.pid\"\n" << + "AuthorizedKeysFile \"" << authKeyPath << "\"\n" << #ifdef Q_OS_WIN "Subsystem shell "<< wapiShortFileName ( appDir) +"/sh"+"\n"<< "Subsystem sftp "<< wapiShortFileName ( appDir) +"/sftp-server"+"\n"<< - "AuthorizedKeysFile \""<<authKeyPath<<"\"\n"; #else "Subsystem sftp " /* This may need some sanitization, i.e., appDir could potentially include whitespace. */ -- Alioth's /srv/git/code.x2go.org/x2goclient.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goclient.git _______________________________________________ x2go-commits mailing list x2go-commits@lists.x2go.org http://lists.x2go.org/listinfo/x2go-commits