From unknown Tue Apr 28 14:01:39 2026
X-Loop: owner@bugs.x2go.org
Subject: Bug#1323: SSH proxy connection doesn't work for tunnel only accounts
Reply-To: Arcadie Cracan <acracan@gmail.com>, 1323@bugs.x2go.org
Resent-From: Arcadie Cracan <acracan@gmail.com>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Tue, 21 Aug 2018 13:45:02 +0000
Resent-Message-ID: <handler.1323.B.153485897030566@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: report 1323
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: 
Received: via spool by submit@bugs.x2go.org id=B.153485897030566
          (code B); Tue, 21 Aug 2018 13:45:02 +0000
Received: (at submit) by bugs.x2go.org; 21 Aug 2018 13:42:50 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=BAYES_20,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham autolearn_force=no
	version=3.4.1
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 586BC5DAE6
	for <submit@bugs.x2go.org>; Tue, 21 Aug 2018 15:42:47 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 7Mi0cdF9IB-P for <submit@bugs.x2go.org>;
	Tue, 21 Aug 2018 15:42:38 +0200 (CEST)
Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DB5305DACF
	for <submit@bugs.x2go.org>; Tue, 21 Aug 2018 15:42:37 +0200 (CEST)
Received: by mail-wm0-x236.google.com with SMTP id s9-v6so2981795wmh.3
        for <submit@bugs.x2go.org>; Tue, 21 Aug 2018 06:42:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=p/PDcxZ8PSBpSvMjD+Cijk67lbO50rANvnn/ilpplcw=;
        b=ImqEcUr1CuqFVDoUOpXsy2sWTziwYqHt8qd/yspnwbI+H0FufXtbbH4nCRofHLbtbL
         M+0qPhyhV989QR/opEN1LHhtQ2gwaKjOehg2j8l5Vh2z+aJfdOIkDmd3ZreZkUeovxOm
         BEY9ymGmEe2HC+BU1werdAGR0n0f36q9LD+43sdj0+ho+mtsbUpJMSO11C/Y8A4/uj7m
         5X3xb1Wra02f1jSGPH1hqqruBgW+sGnVa/IL1BOPp/X7BFP3lTLjBrG4eyPWSDaBIu6T
         wXIVHZZeKt9DEQK+cOjayq2EJdggxKm3s/mqAt89gQScfKA/w02IYsn3hMAVjmnFGFIF
         RVpQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=p/PDcxZ8PSBpSvMjD+Cijk67lbO50rANvnn/ilpplcw=;
        b=MQ8BE1wY/JcHHKej+QR/DuxiEfBJx1wp3yRAjSXzAMVppZLrUkrQ488hqz3CzHMxTy
         EnIznPnpzRnzi3tiRokJiVYdDKp9btQH9W7x84FjbDFfOPXY/9rofOxumY+j9zGF1mip
         kIYrApQUU0ttrtmUv2/mhkgABxacBNg8yRNoHL8mTYdHkAVpLCs3mUJEQORvZo4pE0Sa
         y7hIcXnMSkhLOrjWgPMd7Bl4pmMsvnO0e7Vm9ok6daqaqw5KRqeMBkn84Srj6V53ylEB
         RsVpEnIaMLv4A2I8FnQHV+GOr4lCUdWXT+I08DiaoE7LyjlO380JmmHK5wh45C8Nr5gq
         kXgg==
X-Gm-Message-State: AOUpUlFI/6lAeRUEXlmlzO+KiIwSjm9fKuAAMOGuRbCBNkfAKWv/yllP
	MJq8Gptm0XDYWw74c9RizUvIIoKn5OV2DA==
X-Google-Smtp-Source: AA+uWPzCRcWCYJUWz/nST0373ziB0+7gviHE9U8HVSeSKym377JTJmoaMkWYBzAcGuvJP6gYZLMsFQ==
X-Received: by 2002:a1c:752:: with SMTP id 79-v6mr30573768wmh.59.1534858957329;
        Tue, 21 Aug 2018 06:42:37 -0700 (PDT)
Received: from avocado.localnet ([109.100.20.68])
        by smtp.gmail.com with ESMTPSA id x82-v6sm7588822wmd.11.2018.08.21.06.42.36
        for <submit@bugs.x2go.org>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 21 Aug 2018 06:42:36 -0700 (PDT)
From: Arcadie Cracan <acracan@gmail.com>
To: submit@bugs.x2go.org
Date: Tue, 21 Aug 2018 16:38:24 +0300
Message-ID: <9001429.J6SYMhqjRr@avocado>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="nextPart4277334.1ANL7a3djk"
Content-Transfer-Encoding: 7Bit

This is a multi-part message in MIME format.

--nextPart4277334.1ANL7a3djk
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"

Package: x2goclient
Version: 4.1.2.1
Tag: patch

I use a ssh proxy server that allows only tunnel connections (i.e. doesn't 
allow the users to use the shell). After upgrading from Ubuntu 16.04 to 
18.04 x2goclient stopped working with my ssh proxy server.

I believe the reason for this is the call to the "checkLogin()" function 
even for ssh proxy connections (which in my opinion is not necessary).

I attach a patch that makes x2goclient skip the checkLogin() call (as it 
does for kerberos connections) for the ssh proxy connection.

Thank you for considering this patch.

Kind regards,
   Arcadie Cracan
--nextPart4277334.1ANL7a3djk
Content-Disposition: attachment; filename="0001-Skip-checkLogin-for-ssh-proxy-connection.patch"
Content-Transfer-Encoding: 7Bit
Content-Type: text/x-patch; charset="UTF-8"; name="0001-Skip-checkLogin-for-ssh-proxy-connection.patch"

>From 8286700d7cde027ba3897de8f177f83ee627de99 Mon Sep 17 00:00:00 2001
From: Arcadie Cracan <acracan@gmail.com>
Date: Tue, 21 Aug 2018 16:26:26 +0300
Subject: [PATCH] Skip checkLogin() for ssh proxy connection.

---
 src/sshmasterconnection.cpp | 10 +++++++++-
 src/sshmasterconnection.h   |  3 +++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp
index 049bee0..dc9962e 100644
--- a/src/sshmasterconnection.cpp
+++ b/src/sshmasterconnection.cpp
@@ -193,6 +193,7 @@ SshMasterConnection::SshMasterConnection (QObject* parent, QString host, int por
     this->proxyKrbLogin=proxyKrbLogin;
     mainWnd=(ONMainWindow*) parent;
     kerberos=krblogin;
+    isSshProxySession = false;
     challengeAuthVerificationCode=QString::null;
 
 #if LIBSSH_VERSION_INT >= SSH_VERSION_INT (0, 6, 0)
@@ -307,6 +308,12 @@ QString SshMasterConnection::getSourceFile(int pid)
 }
 
 
+void SshMasterConnection::setSshProxySession(bool isSshProxySession)
+{
+    this->isSshProxySession = isSshProxySession;
+}
+
+
 void SshMasterConnection::addReverseTunnelConnections()
 {
     reverseTunnelRequestMutex.lock();
@@ -548,6 +555,7 @@ void SshMasterConnection::run()
 //         connect ( interDlg, SIGNAL(textEntered(QString)), con, SLOT(interactionTextEnter(QString)));
 //         connect ( interDlg, SIGNAL(interrupt()), con, SLOT(interactionInterruptSlot()));
 
+        sshProxy->setSshProxySession(true);
         sshProxyReady=false;
         sshProxy->start();
 
@@ -726,7 +734,7 @@ void SshMasterConnection::run()
         x2goDebug<<"User authentication OK.";
 #endif
         // checkLogin() is currently specific to libssh.
-        if(kerberos)
+        if(kerberos || isSshProxySession)
             emit connectionOk(host);
         else
         {
diff --git a/src/sshmasterconnection.h b/src/sshmasterconnection.h
index 69bfa0d..fbaadda 100644
--- a/src/sshmasterconnection.h
+++ b/src/sshmasterconnection.h
@@ -123,6 +123,8 @@ public:
         return kerberos;
     };
 
+    void setSshProxySession(bool isSshProxySession=true);
+
 private:
     bool sshConnect();
     bool userAuthWithPass();
@@ -207,6 +209,7 @@ private:
     bool acceptUnknownServers;
     ONMainWindow* mainWnd;
     bool kerberos;
+    bool isSshProxySession;
     QString sshProcErrString;
     QTcpSocket *tcpProxySocket;
     QNetworkProxy *tcpNetworkProxy;
-- 
2.17.1


--nextPart4277334.1ANL7a3djk--