This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2goclient.
commit 18512d863b217d960949afb320f9722c146a798e Author: Oleksandr Shneyder <o.shney...@phoca-gmbh.de> Date: Thu Mar 1 18:56:15 2018 +0100 don't start gpg agent for PGP card authentication. Use system agent instead. --- debian/changelog | 4 + src/onmainwindow.cpp | 321 +++++++++------------------------------------------ src/onmainwindow.h | 12 +- 3 files changed, 63 insertions(+), 274 deletions(-) diff --git a/debian/changelog b/debian/changelog index 2d72061..c34aed6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,10 @@ x2goclient (4.1.1.2-0x2go1) UNRELEASED; urgency=medium installation folder were changed to give users write access, or if x2goclient was copied/extracted to a folder where users could write. + [ Oleksandr Shneyder ] + * New upstream version (4.1.1.2): + - don't start gpg agent for PGP card authentication. Use system agent instead. + -- X2Go Release Manager <git-ad...@x2go.org> Thu, 15 Feb 2018 22:01:32 +0100 x2goclient (4.1.1.1-0x2go1) unstable; urgency=medium diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp index fdc043b..4b1c9bb 100644 --- a/src/onmainwindow.cpp +++ b/src/onmainwindow.cpp @@ -198,7 +198,6 @@ ONMainWindow::ONMainWindow ( QWidget *parent ) :QMainWindow ( parent ) nxproxy=0l; soundServer=0l; scDaemon=0l; - gpgAgent=0l; statusLabel=0; gpg=0l; bBrokerLogout = NULL; @@ -1556,27 +1555,6 @@ void ONMainWindow::closeClient() delete soundServer; x2goDebug<<"Deleted the sound server."; } - if ( gpgAgent!=0l ) - { - if ( gpgAgent->state() ==QProcess::Running ) - { - x2goDebug<<"Terminating GPG Agent ..."; - gpgAgent->terminate(); - x2goDebug<<"Terminated GPG Agent."; - } - } - -#ifndef Q_OS_WIN - if ( agentPid.length() >0 ) - { - if ( checkAgentProcess() ) - { - QStringList arg; - arg<<"-9"<<agentPid; - QProcess::execute ( "kill",arg ); - } - } -#endif #ifdef Q_OS_WIN if ( xorg ) { @@ -3006,18 +2984,6 @@ SshMasterConnection* ONMainWindow::startSshConnection ( QString host, QString po x2goDebug<<"Starting new ssh connection to server:"<<host<<":"<<port<<" krbLogin: "<<krbLogin; - for ( int i=0; i<sshEnv.size(); ++i ) - { -#ifndef Q_OS_WIN - QStringList args=sshEnv[i].split ( "=" ); - x2goDebug<<"Setting ENV " + args[0] + tr(" to ") + args[1]; - setenv ( args[0].toLatin1(),args[1].toLatin1(),1 ); -#else - x2goDebug<<"Set ENV: "<<sshEnv[i]; - - _putenv ( sshEnv[i].toLatin1() ); -#endif - } if ( usePGPCard/*||useSshAgent*/ ) autologin=true; @@ -9123,32 +9089,6 @@ void ONMainWindow::externalLogout ( const QString& ) void ONMainWindow::slotStartPGPAuth() { scDaemon=new QProcess ( this ); - QStringList arguments; - arguments<<"--multi-server"; - - /* FIXME: probably use add_to_path () instead. */ - - QProcessEnvironment scdaemon_env = QProcessEnvironment::systemEnvironment (); - - QString path_env_separator = ":"; - /* Let's hope that's really the only override... */ -#ifdef Q_OS_WIN - path_env_separator = ";"; -#endif - - QString new_path_value = scdaemon_env.value ("PATH", ""); - - if (!new_path_value.isEmpty ()) { - new_path_value += path_env_separator; - } - - new_path_value += "/usr/lib/gnupg2/"; - - scdaemon_env.insert ("PATH", new_path_value); - - x2goDebug << "New PATH value for scdaemon: " << new_path_value; - - scDaemon->setProcessEnvironment (scdaemon_env); connect ( scDaemon,SIGNAL ( readyReadStandardError() ),this, SLOT ( slotScDaemonStdErr() ) ); @@ -9160,37 +9100,16 @@ void ONMainWindow::slotStartPGPAuth() slotScDaemonFinished ( int, QProcess::ExitStatus ) ) ); connect (scDaemon, SIGNAL (error (QProcess::ProcessError)), this, SLOT (slotScDaemonError (QProcess::ProcessError))); - scDaemon->start ( "scdaemon",arguments ); - QTimer::singleShot ( 3000, this, SLOT ( slotCheckScDaemon() ) ); - isScDaemonOk=false; -} + scDaemon->start ( "pcsc_scan"); -void ONMainWindow::slotCheckScDaemon() -{ - if ( !isScDaemonOk ) - { - scDaemon->kill(); - } } + void ONMainWindow::slotScDaemonStdErr() { QString stdOut ( scDaemon->readAllStandardError() ); stdOut=stdOut.simplified(); - - x2goDebug<<"SCDAEMON error: "<<stdOut; - - if ( stdOut.indexOf ( "updating slot" ) !=-1 || - stdOut.indexOf ( "updating status of slot" ) !=-1 ) - { - isScDaemonOk=true; - //USABLE or PRESENT - if ( ( stdOut.indexOf ( "0x0002" ) !=-1 ) || - ( stdOut.indexOf ( "0x0007" ) !=-1 ) ) - { - scDaemon->kill(); - } - } + x2goDebug<<"PCSC error: "<<stdOut; } void ONMainWindow::slotScDaemonStdOut() @@ -9198,56 +9117,46 @@ void ONMainWindow::slotScDaemonStdOut() QString stdOut ( scDaemon->readAllStandardOutput() ); stdOut=stdOut.simplified(); - x2goDebug<<"SCDAEMON out: "<<stdOut; + x2goDebug<<"PCSC out: "<<stdOut; + if(stdOut.indexOf("Card state: Card inserted")!=-1) + { + startGPG(); + } + if(stdOut.indexOf("Card state: Card removed")!=-1) + { + cardReady=false; + if ( cardStarted ) + { + cardStarted=false; + if ( nxproxy ) + if ( nxproxy->state() ==QProcess::Running ) + { + x2goDebug<<"Suspending session ..."; + slotSuspendSessFromSt(); + x2goDebug<<"Suspended session."; + } + } + } } void ONMainWindow::slotScDaemonFinished ( int , QProcess::ExitStatus ) { + //this should not happen, restart... scDaemon=0l; - if ( isScDaemonOk ) - { - - x2goDebug<<"SCDAEMON finished."<<endl; - - gpg=new QProcess ( this ); - QStringList arguments; - arguments<<"--card-status"; - connect ( gpg,SIGNAL ( readyReadStandardError() ), - this,SLOT ( slotGpgError() ) ); - connect ( gpg,SIGNAL ( finished ( int, - QProcess::ExitStatus ) ),this, - SLOT ( slotGpgFinished ( int, - QProcess::ExitStatus ) ) ); - gpg->start ( "gpg",arguments ); - } - else - slotStartPGPAuth(); + x2goDebug<<"SCDAEMON finished."<<endl; + slotStartPGPAuth(); } void ONMainWindow::slotScDaemonError (QProcess::ProcessError error) { - QString main_text ("scdaemon "); + QString main_text ("pcsc_scan "); QString informative_text; switch (error) { case QProcess::FailedToStart: { main_text += tr ("failed to start."); - informative_text = tr ("Check whether the package providing \"scdaemon\" is installed.\n" + informative_text = tr ("Check whether the package providing \"pcsc_scan\" is installed.\n" "The current search path is: "); - QProcessEnvironment tmp_env = QProcessEnvironment::systemEnvironment (); - - if (!(scDaemon->processEnvironment ().isEmpty ())) { - tmp_env = scDaemon->processEnvironment (); - } - - QString path_val = tmp_env.value ("PATH", "unknown"); - - /* Add a newline every 100 characters. */ - for (std::size_t i = 100; i < static_cast<std::size_t> (path_val.size ()); i += 100) { - path_val.insert (i, "\n"); - } - - informative_text += path_val; break; } case QProcess::Crashed: { @@ -9375,111 +9284,50 @@ void ONMainWindow::slotGpgFinished ( int exitCode, "This card is unknown to the X2Go system." ), QMessageBox::Ok, QMessageBox::NoButton ); - QTimer::singleShot ( 1000, this, - SLOT ( slotStartPGPAuth() ) ); } else - startGPGAgent ( login,appId ); + { + cardReady=true; + cardLogin=login; + //card is ready + GPGCardLogin(login); + } } - else - QTimer::singleShot ( 1000, this, SLOT ( slotStartPGPAuth() ) ); gpg=0l; } - - -void ONMainWindow::startGPGAgent ( const QString& login, const QString& appId ) +void ONMainWindow::startGPG() { - QString gpgPath=homeDir +"/.x2goclient/gnupg"; - QDir d; - cardLogin=login; - d.mkpath ( gpgPath ); - QFile file ( gpgPath+"/scd-event" ); - if ( !file.open ( QIODevice::WriteOnly | QIODevice::Text ) ) - { - QMessageBox::critical ( - 0l,tr ( "Error" ), - tr ( - "Unable to create file: " ) + - gpgPath+"/scd-event" - ,QMessageBox::Ok, - QMessageBox::NoButton ); - exit ( -1 ); - } - QTextStream out ( &file ); - out << "#!/bin/bash\n\n" - "if [ \"$6\" != \"0x0002\" ] && [ \"$6\" != " - "\"0x0007\" ]\n\ - then\n\ - kill -9 $_assuan_pipe_connect_pid\n\ - fi"<<endl; - file.close(); - file.setPermissions ( gpgPath+"/scd-event", - QFile::ReadOwner| - QFile::WriteOwner| - QFile::ExeOwner ); - gpgAgent=new QProcess ( this ); - QStringList arguments; - arguments<<"--pinentry-program"<<"/usr/bin/pinentry-x2go"<< - "--enable-ssh-support"<<"--daemon"<<"--no-detach"; - - connect ( gpgAgent,SIGNAL ( finished ( int,QProcess::ExitStatus ) ), - this, - SLOT ( slotGpgAgentFinished ( int, - QProcess::ExitStatus ) ) ); + QStringList arguments; + gpg=new QProcess ( this ); + arguments<<"--card-status"; + connect ( gpg,SIGNAL ( readyReadStandardError() ), + this,SLOT ( slotGpgError() ) ); + connect ( gpg,SIGNAL ( finished ( int, + QProcess::ExitStatus ) ),this, + SLOT ( slotGpgFinished ( int, + QProcess::ExitStatus ) ) ); + gpg->start ( "gpg",arguments ); + x2goDebug<<"gpg started"; - QStringList env=QProcess::systemEnvironment(); - env<<"GNUPGHOME="+gpgPath<<"CARDAPPID="+appId; - gpgAgent->setEnvironment ( env ); - gpgAgent->start ( "gpg-agent",arguments ); } -void ONMainWindow::slotGpgAgentFinished ( int , QProcess::ExitStatus ) +void ONMainWindow::GPGCardLogin ( const QString& cardLogin) { - QString stdOut ( gpgAgent->readAllStandardOutput() ); - stdOut=stdOut.simplified(); - stdOut.replace ( " ","" ); - QStringList envLst=stdOut.split ( ";" ); - QString gpg_agent_info=envLst[0].split ( "=" ) [1]; - QString ssh_auth_sock=envLst[2].split ( "=" ) [1]; - agentPid=envLst[4].split ( "=" ) [1]; - - x2goDebug<<"GPG Agent info: "<<gpg_agent_info<<ssh_auth_sock<<agentPid; - x2goDebug<<"GPG Agent PID: "<<agentPid; - x2goDebug<<"GPG Agent out: "<<envLst[0]<<envLst[2]<<envLst[4]; - - agentCheckTimer->start ( 1000 ); - cardReady=true; - - sshEnv.clear(); - sshEnv<<envLst[0]<<envLst[2]<<envLst[4]; - if ( !useLdap ) { - if ( passForm->isVisible() && !brokerMode) - { - if ( passForm->isEnabled() ) - { - if ( login->isEnabled() ) - { - login->setText ( cardLogin ); - slotSessEnter(); - return; - } - } + if ( passForm->isVisible() && !brokerMode) + { + if ( passForm->isEnabled() ) + { + if ( login->isEnabled() ) + { + login->setText ( cardLogin ); + slotSessEnter(); + } + } } - QProcess sshadd ( this ); //using it to start scdaemon - sshadd.setEnvironment ( sshEnv ); - QStringList arguments; - arguments<<"-l"; - sshadd.start ( "ssh-add",arguments ); - sshadd.waitForFinished ( -1 ); - QString sshout ( sshadd.readAllStandardOutput() ); - sshout=sshout.simplified(); - - x2goDebug<<"ssh-add out: "<<sshout; - if(brokerMode && (!config.brokerAutologoff)) { broker->getUserSessions(); @@ -9487,23 +9335,6 @@ void ONMainWindow::slotGpgAgentFinished ( int , QProcess::ExitStatus ) } else { - if ( selectSessionDlg->isVisible() || - sessionStatusDlg->isVisible() ) - { - QProcess sshadd ( this ); //using it to start scdaemon - sshadd.setEnvironment ( sshEnv ); - QStringList arguments; - arguments<<"-l"; - sshadd.start ( "ssh-add",arguments ); - sshadd.waitForFinished ( -1 ); - QString sshout ( sshadd.readAllStandardOutput() ); - sshout=sshout.simplified(); - - x2goDebug<<"ssh-add out: "<<sshout; - - return; - } - if ( passForm->isVisible() ) slotClosePass(); uname->setText ( cardLogin ); @@ -9513,44 +9344,6 @@ void ONMainWindow::slotGpgAgentFinished ( int , QProcess::ExitStatus ) } -void ONMainWindow::slotCheckAgentProcess() -{ - if ( checkAgentProcess() ) - return; - agentCheckTimer->stop(); - cardReady=false; - if ( cardStarted ) - { - cardStarted=false; - if ( nxproxy ) - if ( nxproxy->state() ==QProcess::Running ) - { - x2goDebug<<"Suspending session ..."; - slotSuspendSessFromSt(); - x2goDebug<<"Suspended session."; -// nxproxy->terminate(); - } - } - - x2goDebug<<"GPG Agent finished."; - slotStartPGPAuth(); -} - -bool ONMainWindow::checkAgentProcess() -{ - QFile file ( "/proc/"+agentPid+"/cmdline" ); - if ( file.open ( QIODevice::ReadOnly | QIODevice::Text ) ) - { - QString line ( file.readLine() ); - file.close(); - if ( line.indexOf ( "gpg-agent" ) !=-1 ) - { - return true; - } - } - return false; -} - #if defined ( Q_OS_DARWIN ) QString ONMainWindow::getXDisplay() { diff --git a/src/onmainwindow.h b/src/onmainwindow.h index 2d6f1ec..3e051a3 100644 --- a/src/onmainwindow.h +++ b/src/onmainwindow.h @@ -790,7 +790,6 @@ private: QProcess* ssh; QProcess* soundServer; QProcess* scDaemon; - QProcess* gpgAgent; QProcess* gpg; LDAPSession* ld; long embedParent; @@ -803,7 +802,6 @@ private: bool newSession; bool runStartApp; bool ldapOnly; - bool isScDaemonOk; #ifdef Q_OS_LINUX bool directRDP; #endif @@ -891,8 +889,6 @@ private: bool shadowSession; int firstUid; int lastUid; - QStringList sshEnv; - QString agentPid; bool cardReady; HttpBrokerClient* broker; @@ -968,8 +964,8 @@ private: void setUsersEnabled ( bool enable ); void externalLogout ( const QString& logoutDir ); void externalLogin ( const QString& loginDir ); - void startGPGAgent ( const QString& login, - const QString& appId ); + void startGPG(); + void GPGCardLogin ( const QString& cardLogin); void closeClient(); void continueNormalSession(); void continueLDAPSession(); @@ -1152,10 +1148,6 @@ private slots: QProcess::ExitStatus exitStatus ); void slotScDaemonError (QProcess::ProcessError error); void slotGpgError(); - void slotCheckScDaemon(); - void slotGpgAgentFinished ( int exitCode, - QProcess::ExitStatus exitStatus ); - void slotCheckAgentProcess(); void slotExecXmodmap(); void slotCreateSessionIcon(); void slotFindProxyWin(); -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goclient.git _______________________________________________ x2go-commits mailing list x2go-commits@lists.x2go.org https://lists.x2go.org/listinfo/x2go-commits