Bug#924601: unblock: remmina/1.3.3+dfsg-2

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#924601: unblock: remmina/1.3.3+dfsg-2
From: "Matteo F. Vescovi" <mfv@debian.org>
Date: Thu, 14 Mar 2019 21:58:45 +0100
Message-id: <[🔎] 87imwl18ca.fsf@localhost>
Reply-to: "Matteo F. Vescovi" <mfv@debian.org>, 924601@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package remmina

Version 1.3.3+dfsg-2 (now in unstable/sid) aims to fix a particular
issue introduced in former 1.3.3+dfsg-1 revision about SSH plugin
failing to work properly if a public key is not provided.

Upstream noticed this and via #924319 requested a new upload to fix the
problem, providing a simple patch to achieve it. The main rationale for
this change is explained in the bug report above.

Attached, you'll find a debdiff for 1.3.3+dfsg-1 -> 1.3.3+dfsg-2.

unblock remmina/1.3.3+dfsg-2

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru remmina-1.3.3+dfsg/debian/changelog remmina-1.3.3+dfsg/debian/changelog
--- remmina-1.3.3+dfsg/debian/changelog	2019-02-28 22:39:06.000000000 +0100
+++ remmina-1.3.3+dfsg/debian/changelog	2019-03-12 20:51:31.000000000 +0100
@@ -1,3 +1,10 @@
+remmina (1.3.3+dfsg-2) unstable; urgency=medium
+
+  * debian/patches/: patchset updated
+    - 01-SSH_fix.patch added (Closes: #924319)
+
+ -- Matteo F. Vescovi <mfv@debian.org>  Tue, 12 Mar 2019 20:51:31 +0100
+
 remmina (1.3.3+dfsg-1) unstable; urgency=medium
 
   * New upstream release
diff -Nru remmina-1.3.3+dfsg/debian/patches/01-SSH_fix.patch remmina-1.3.3+dfsg/debian/patches/01-SSH_fix.patch
--- remmina-1.3.3+dfsg/debian/patches/01-SSH_fix.patch	1970-01-01 01:00:00.000000000 +0100
+++ remmina-1.3.3+dfsg/debian/patches/01-SSH_fix.patch	2019-03-12 20:46:20.000000000 +0100
@@ -0,0 +1,165 @@
+Description: SSH plugin not working if pubkey is not supplied
+Author: Antenore Gatta <antenore@remmina.org>
+Bug: https://gitlab.com/Remmina/Remmina/issues/1850
+Bug-Debian: https://bugs.debian.org/924319
+Date: 2019-03-11
+
+diff --git a/src/remmina_sftp_client.c b/src/remmina_sftp_client.c
+index 0f43f2b3..3540e1c1 100644
+--- a/src/remmina_sftp_client.c
++++ b/src/remmina_sftp_client.c
+@@ -507,7 +507,7 @@ remmina_sftp_client_thread_main(gpointer data)
+ 		if (!sftp) {
+ 			sftp = remmina_sftp_new_from_ssh(REMMINA_SSH(client->sftp));
+ 			if (!remmina_ssh_init_session(REMMINA_SSH(sftp)) ||
+-			    remmina_ssh_auth(REMMINA_SSH(sftp), NULL) <= 0 ||
++			    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, NULL, NULL) <= 0 ||
+ 			    !remmina_sftp_open(sftp)) {
+ 				remmina_sftp_client_thread_set_error(client, task, (REMMINA_SSH(sftp))->error);
+ 				remmina_ftp_task_free(task);
+@@ -980,7 +980,7 @@ remmina_sftp_client_new_init(RemminaSFTP *sftp)
+ 	gdk_display_flush(display);
+ 
+ 	if (!remmina_ssh_init_session(REMMINA_SSH(sftp)) ||
+-	    remmina_ssh_auth(REMMINA_SSH(sftp), NULL) <= 0 ||
++	    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, NULL, NULL) <= 0 ||
+ 	    !remmina_sftp_open(sftp)) {
+ 		dialog = gtk_message_dialog_new(GTK_WINDOW(gtk_widget_get_toplevel(client)),
+ 			GTK_DIALOG_MODAL, GTK_MESSAGE_ERROR, GTK_BUTTONS_OK,
+diff --git a/src/remmina_sftp_plugin.c b/src/remmina_sftp_plugin.c
+index af55c4cf..08994ac1 100644
+--- a/src/remmina_sftp_plugin.c
++++ b/src/remmina_sftp_plugin.c
+@@ -135,7 +135,7 @@ remmina_plugin_sftp_main_thread(gpointer data)
+ 		/* Create SFTP connection based on existing SSH session */
+ 		sftp = remmina_sftp_new_from_ssh(ssh);
+ 		if (remmina_ssh_init_session(REMMINA_SSH(sftp)) &&
+-		    remmina_ssh_auth(REMMINA_SSH(sftp), NULL) > 0 &&
++		    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, gp, remminafile) > 0 &&
+ 		    remmina_sftp_open(sftp)) {
+ 			cont = TRUE;
+ 		}
+diff --git a/src/remmina_ssh.c b/src/remmina_ssh.c
+index 9e6ba2a8..851d4446 100644
+--- a/src/remmina_ssh.c
++++ b/src/remmina_ssh.c
+@@ -229,13 +229,16 @@ remmina_ssh_auth_pubkey(RemminaSSH *ssh)
+ 
+ 	g_snprintf (pubkey, sizeof(pubkey), "%s.pub", ssh->privkeyfile);
+ 
+-	ret = ssh_pki_import_pubkey_file( pubkey, &key);
+-	if (ret != SSH_OK) {
+-		remmina_ssh_set_error(ssh, _("SSH public key cannot be imported: %s"));
+-		return 0;
++	/*G_FILE_TEST_EXISTS*/
++	if (g_file_test(pubkey, G_FILE_TEST_EXISTS)) {
++		ret = ssh_pki_import_pubkey_file(pubkey, &key);
++		if (ret != SSH_OK) {
++			remmina_ssh_set_error(ssh, _("SSH public key cannot be imported: %s"));
++			return 0;
++		}
++		ssh_key_free(key);
+ 	}
+ 
+-	ssh_key_free(key);
+ 
+ 	if ( ssh_pki_import_privkey_file( ssh->privkeyfile, (ssh->passphrase ? ssh->passphrase : ""),
+ 		NULL, NULL, &key ) != SSH_OK ) {
+@@ -258,10 +261,33 @@ remmina_ssh_auth_pubkey(RemminaSSH *ssh)
+ }
+ 
+ static gint
+-remmina_ssh_auth_auto_pubkey(RemminaSSH* ssh)
++remmina_ssh_auth_auto_pubkey(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *remminafile)
+ {
+ 	TRACE_CALL(__func__);
+-	gint ret = ssh_userauth_publickey_auto(ssh->session, NULL, ssh->passphrase);
++
++	gboolean disablepasswordstoring;
++	gboolean save_password;
++	gchar *pwd;
++	gchar *pwdtype = "ssh_passphrase";
++	gint ret;
++
++	if (!ssh->passphrase) {
++		disablepasswordstoring = remmina_file_get_int(remminafile, "disablepasswordstoring", FALSE);
++		ret = remmina_protocol_widget_panel_authpwd(gp, REMMINA_AUTHPWD_TYPE_SSH_PRIVKEY, !disablepasswordstoring);
++		save_password = remmina_protocol_widget_get_savepassword(gp);
++
++		if (ret == GTK_RESPONSE_OK) {
++			if (save_password) {
++				pwd = remmina_protocol_widget_get_password(gp);
++				remmina_file_set_string(remminafile, pwdtype, pwd);
++				g_free(pwd);
++			}
++		} else {
++			return -1;
++		}
++		ssh->passphrase = remmina_protocol_widget_get_password(gp);
++	}
++	ret = ssh_userauth_publickey_auto(ssh->session, NULL, ssh->passphrase);
+ 
+ 	if (ret != SSH_AUTH_SUCCESS) {
+ 		remmina_ssh_set_error(ssh, _("SSH automatic public key authentication failed: %s"));
+@@ -308,7 +334,7 @@ remmina_ssh_auth_gssapi(RemminaSSH *ssh)
+ }
+ 
+ gint
+-remmina_ssh_auth(RemminaSSH *ssh, const gchar *password)
++remmina_ssh_auth(RemminaSSH *ssh, const gchar *password, RemminaProtocolWidget *gp, RemminaFile *remminafile)
+ {
+ 	TRACE_CALL(__func__);
+ 	gint method;
+@@ -359,7 +385,7 @@ remmina_ssh_auth(RemminaSSH *ssh, const gchar *password)
+ 
+ 	case SSH_AUTH_AUTO_PUBLICKEY:
+ 		/* ssh_agent or none */
+-		return remmina_ssh_auth_auto_pubkey(ssh);
++		return remmina_ssh_auth_auto_pubkey(ssh, gp, remminafile);
+ 
+ #if 0
+ 	/* Not yet supported by libssh */
+@@ -472,7 +498,7 @@ remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *re
+ 		return FALSE;
+ 	}
+ 	/* Try empty password or existing password/passphrase first */
+-	ret = remmina_ssh_auth(ssh, remmina_file_get_string(remminafile, pwdtype));
++	ret = remmina_ssh_auth(ssh, remmina_file_get_string(remminafile, pwdtype), gp, remminafile);
+ 	if (ret > 0) return 1;
+ 
+ 	/* Requested for a non-empty password */
+@@ -499,7 +525,7 @@ remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *re
+ 			return -1;
+ 		}
+ 		pwd = remmina_protocol_widget_get_password(gp);
+-		ret = remmina_ssh_auth(ssh, pwd);
++		ret = remmina_ssh_auth(ssh, pwd, gp, remminafile);
+ 		g_free(pwd);
+ 	}
+ 
+diff --git a/src/remmina_ssh.h b/src/remmina_ssh.h
+index ec97bd43..29d7e930 100644
+--- a/src/remmina_ssh.h
++++ b/src/remmina_ssh.h
+@@ -96,7 +96,7 @@ gboolean remmina_ssh_init_session(RemminaSSH *ssh);
+ 
+ /* Authenticate SSH session */
+ /* -1: Require password; 0: Failed; 1: Succeeded */
+-gint remmina_ssh_auth(RemminaSSH *ssh, const gchar *password);
++gint remmina_ssh_auth(RemminaSSH *ssh, const gchar *password, RemminaProtocolWidget *gp, RemminaFile *remminafile);
+ 
+ /* -1: Cancelled; 0: Failed; 1: Succeeded */
+ gint remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *remminafile);
+diff --git a/src/remmina_ssh_plugin.c b/src/remmina_ssh_plugin.c
+index 3bdfef22..8f9bc4ba 100644
+--- a/src/remmina_ssh_plugin.c
++++ b/src/remmina_ssh_plugin.c
+@@ -289,7 +289,7 @@ remmina_plugin_ssh_main_thread(gpointer data)
+ 		/* Create SSH Shell connection based on existing SSH session */
+ 		shell = remmina_ssh_shell_new_from_ssh(ssh);
+ 		if (remmina_ssh_init_session(REMMINA_SSH(shell)) &&
+-		    remmina_ssh_auth(REMMINA_SSH(shell), NULL) > 0 &&
++		    remmina_ssh_auth(REMMINA_SSH(shell), NULL, gp, remminafile) > 0 &&
+ 		    remmina_ssh_shell_open(shell, (RemminaSSHExitFunc)
+ 			    remmina_plugin_service->protocol_plugin_close_connection, gp)) {
+ 			cont = TRUE;
diff -Nru remmina-1.3.3+dfsg/debian/patches/series remmina-1.3.3+dfsg/debian/patches/series
--- remmina-1.3.3+dfsg/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ remmina-1.3.3+dfsg/debian/patches/series	2019-03-11 20:31:12.000000000 +0100
@@ -0,0 +1 @@
+01-SSH_fix.patch

-- 
Matteo F. Vescovi

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#924601: marked as done (unblock: remmina/1.3.3+dfsg-2)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#924600: unblock: google-compute-image-packages/20190124-3
Next by Date: Bug#924603: unblock: python-tesserocr/2.4.0-4
Previous by thread: Bug#924600: marked as done (unblock: google-compute-image-packages/20190124-3)
Next by thread: Bug#924601: marked as done (unblock: remmina/1.3.3+dfsg-2)
Index(es):
- Date
- Thread