linux


Viber Desktop on Fedora 27 64bit: Viber cannot connect to the internet (OpenSSL error) 1

After updating our GNU/Linux distribution from Fedora 26 to Fedora 27, and maybe updating Viber Desktop client as well, Viber stopped working. To be more precise it could not connect to the internet any more. (Note: we used the RPM package of Viber Desktop to install Viber on our Fedora system).

Solution for the OpenSSL issue – Create a symbolic link to the missing library in the libraries folder of Viber

#Make sure all necessary packages are installed
sudo dnf install openssl openssl-devel;
#Create a symbolic link from the system installed libssl shared object to the Viber installation folder
sudo ln -s /usr/lib64/libssl.so.10 /opt/viber/lib/libssl.so;

Explanation and details – Optional Reading

To find the installation folder of Viber, we used the following command:

find / -iname viber 2>/dev/null;

that led us to the installation location of Viber which was /opt/viber/Viber.

Executing the binary in a terminal gave us the following errors

$ /opt/viber/Viber
 Qt WebEngine ICU data not found at /opt/viber/resources. Trying parent directory...
 Qt WebEngine resources not found at /opt/viber/resources. Trying parent directory...
 Qt WebEngine ICU data not found at /opt/viber/resources. Trying parent directory...
 Qt WebEngine resources not found at /opt/viber/resources. Trying parent directory...
 qt.network.ssl: QSslSocket: cannot resolve CRYPTO_num_locks
 qt.network.ssl: QSslSocket: cannot resolve CRYPTO_set_id_callback
 qt.network.ssl: QSslSocket: cannot resolve CRYPTO_set_locking_callback
 qt.network.ssl: QSslSocket: cannot resolve ERR_free_strings
 qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_cleanup
 qt.network.ssl: QSslSocket: cannot resolve EVP_CIPHER_CTX_init
 qt.network.ssl: QSslSocket: cannot resolve sk_new_null
 qt.network.ssl: QSslSocket: cannot resolve sk_push
 qt.network.ssl: QSslSocket: cannot resolve sk_free
 qt.network.ssl: QSslSocket: cannot resolve sk_num
 qt.network.ssl: QSslSocket: cannot resolve sk_pop_free
 qt.network.ssl: QSslSocket: cannot resolve sk_value
 qt.network.ssl: QSslSocket: cannot resolve SSL_library_init
 qt.network.ssl: QSslSocket: cannot resolve SSL_load_error_strings
 qt.network.ssl: QSslSocket: cannot resolve SSL_get_ex_new_index
 qt.network.ssl: QSslSocket: cannot resolve SSLv23_client_method
 qt.network.ssl: QSslSocket: cannot resolve SSLv23_server_method
 qt.network.ssl: QSslSocket: cannot resolve X509_STORE_CTX_get_chain
 qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf
 qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf
 qt.network.ssl: QSslSocket: cannot resolve SSLeay
 qt.network.ssl: QSslSocket: cannot resolve SSLeay_version
 qt.network.ssl: Incompatible version of OpenSSL
 qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
 qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
 qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 qt.network.ssl: QSslSocket: cannot call unresolved function SSLv23_client_method
 qt.network.ssl: QSslSocket: cannot call unresolved function SSL_library_init

From the error we could see that the application was trying to access the functions SSLv23_client_method and SSL_library_init and it could not find them.
It was obvious that the missing functions were related to the SSL protocol, so we executed the following to make sure all necessary OpenSSL packages were installed.

sudo dnf install openssl openssl-devel;

After that we tried Viber again and gave us the same error.
So we made the assumption that Viber could not ‘see’ the installation of OpenSSL.
Then we decided to use the following command to:

  1. find all shared objects (shared libraries) of OpenSSL on our system,
  2. list all of the available functions in each shared library and
  3. identify the ones that contain the SSLv23_client_method method.
find / -iname libssl.so* -print -exec sh -c 'nm -D "$1" | grep SSLv23_client_method' _ {} \; 2>/dev/null;

Executing the command yielded the following results:

$ find / -iname libssl.so* -print -exec sh -c 'nm -D "$1" | grep SSLv23_client_method' _ {} \; 2>/dev/null;
 /usr/lib/libssl.so
 /usr/lib/libssl.so.1.1
 /usr/lib/libssl.so.10
 00027880 T SSLv23_client_method
 /usr/lib/libssl.so.1.0.2m
 00027880 T SSLv23_client_method
 /usr/lib/libssl.so.1.1.0g
 /usr/lib64/libssl.so
 /usr/lib64/libssl.so.1.1
 /usr/lib64/libssl.so.10
 000000000002dd10 T SSLv23_client_method
 /usr/lib64/libssl.so.1.0.2m
 000000000002dd10 T SSLv23_client_method
 /usr/lib64/libssl.so.1.1.0g
 /opt/viber/lib/libssl.so

From the results two libraries in the lib64 folder got our interest, so we executed ls -l on both to check them out:

$ ls -l /usr/lib64/libssl.so.10 /usr/lib64/libssl.so.1.0.2m;
lrwxrwxrwx. 1 root root 16 Nov 13 13:52 /usr/lib64/libssl.so.10 -> libssl.so.1.0.2m
-rwxr-xr-x. 1 root root 448640 Nov 13 13:52 /usr/lib64/libssl.so.1.0.2m

As you can see in the results, the two files that got us interested were in end the same file so we decided to use /usr/lib64/libssl.so.10 whose name was not tight to a minor distribution version of the library and would automatically link to any minor updates in the future.

After examining the Viber installation folder in /opt/viber/, we saw that there was a lib folder there with no SSL libraries available (even though all the QT and networking libraries were there already):

$ ls /opt/viber/lib/
libicudata.so.52 libQt5Gui.so.5 libQt5Qml.so.5 libQt5WebEngine.so.5
libicui18n.so.52 libQt5Location.so.5 libQt5QuickControls2.so.5 libQt5WebEngineWidgets.so.5
libicuuc.so.52 libQt5MultimediaQuick_p.so.5 libQt5Quick.so.5 libQt5WebSockets.so.5
libpng12.so.0 libQt5Multimedia.so.5 libQt5QuickTemplates2.so.5 libQt5Widgets.so.5
libqgsttools_p.so.1 libQt5MultimediaWidgets.so.5 libQt5QuickWidgets.so.5 libQt5XcbQpa.so.5
libqrencode.so libQt5Network.so.5 libQt5Sql.so.5
libQt5Concurrent.so.5 libQt5OpenGL.so.5 libQt5Svg.so.5 libxcb-xinerama.so.0
libQt5Core.so.5 libQt5Positioning.so.5 libQt5WebChannel.so.5
libQt5DBus.so.5 libQt5PrintSupport.so.5 libQt5WebEngineCore.so.5

Examining our OS, we saw that in the rest of the locations were the QT libraries were installed there was a copy of the libssl as well.
So we decided to make a soft symbolic link of the /usr/lib64/libssl.so.10 shared library in the Viber libraries folder.
We did two tests:

  1. Creating a symbolic link named libssl.so.10 failed.
  2. Creating a symbolic link name libssl.so succeeded and solved the issue!

The command that we used was the following:

sudo ln -s /usr/lib64/libssl.so.10 /opt/viber/lib/libssl.so;

After performing this step, Viber was working again as expected!

$ sudo ln -s /usr/lib64/libssl.so.10 /opt/viber/lib/libssl.so;
 $ /opt/viber/Viber
 Qt WebEngine ICU data not found at /opt/viber/resources. Trying parent directory...
 Qt WebEngine resources not found at /opt/viber/resources. Trying parent directory...
 Qt WebEngine ICU data not found at /opt/viber/resources. Trying parent directory...
 Qt WebEngine resources not found at /opt/viber/resources. Trying parent directory...
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 QQuickItem: Cannot set activeFocusOnTab to false once item is the active focus item.
 qml: type=""
 qml: type=""
 qrc:/QML/Feed/FeedView.qml:98:5: QML ListViewEx: Binding loop detected for property "bottomMargin"
 QObject: Cannot create children for a parent that is in a different thread.
 (Parent is QObject(0x7f3f5f970520), parent's thread is QThread(0x4191210), current thread is QThread(0x515f5b0)
 Invalid SOS parameters for sequential JPEG

Success!

Advertisements

Start Arduino IDE as root on Fedora / Allow root to start an X application

Solution

Execute the following as a normal user

xhost +si:localuser:root;
sudo ./arduino;

Background Story and More Information

Recently we needed to start the official Arduino IDE as root on Fedora to allow the application to take control of the serial port.
We were getting the following error whenever we tried to upload the application to the board:

processing.app.debug.RunnerException
 at cc.arduino.packages.uploaders.SerialUploader.uploadUsingPreferences(SerialUploader.java:160)
 at cc.arduino.UploaderUtils.upload(UploaderUtils.java:78)
 at processing.app.SketchController.upload(SketchController.java:713)
 at processing.app.SketchController.exportApplet(SketchController.java:686)
 at processing.app.Editor$DefaultExportHandler.run(Editor.java:2168)
 at java.lang.Thread.run(Thread.java:748)
Caused by: processing.app.SerialException: Error touching serial port '/dev/ttyACM0'.
 at processing.app.Serial.touchForCDCReset(Serial.java:107)
 at cc.arduino.packages.uploaders.SerialUploader.uploadUsingPreferences(SerialUploader.java:144)
 ... 5 more
Caused by: jssc.SerialPortException: Port name - /dev/ttyACM0; Method name - openPort(); Exception type - Permission denied.
 at jssc.SerialPort.openPort(SerialPort.java:170)
 at processing.app.Serial.touchForCDCReset(Serial.java:101)
 ... 6 more

So, we tried to start the arduino IDE using root and got another error:

[[email protected] bin]$ sudo ./arduino;
[sudo] password for george: 
No protocol specified
Picked up JAVA_TOOL_OPTIONS: 
No protocol specified
java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.
	at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
	at sun.awt.X11GraphicsEnvironment.access$200(X11GraphicsEnvironment.java:65)
	at sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java:115)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.awt.X11GraphicsEnvironment.(X11GraphicsEnvironment.java:74)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:264)
	at java.awt.GraphicsEnvironment.createGE(GraphicsEnvironment.java:103)
	at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvironment.java:82)
	at sun.awt.X11.XToolkit.(XToolkit.java:126)
	at java.lang.Class.forName0(Native Method)
	at java.lang.Class.forName(Class.java:264)
	at java.awt.Toolkit$2.run(Toolkit.java:860)
	at java.awt.Toolkit$2.run(Toolkit.java:855)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:854)
	at java.awt.SystemColor.updateSystemColors(SystemColor.java:473)
	at java.awt.SystemColor.(SystemColor.java:465)
	at processing.app.Theme.init(Theme.java:84)
	at processing.app.Base.(Base.java:219)
	at processing.app.Base.main(Base.java:144)

This error occurred because the default configuration of the X server permissions did not allow the root to connect to it.
To verify this, we used xhost (the X server access control program) to check the permissions.
Executing xhost with no command line arguments gave us a message indicating whether or not access control was currently enabled, followed by the list of those users allowed to connect.
For example in our case the output was as follows:

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:george

To add root to the list of users that was allowed to start an X application we executed the following command:

[[email protected] bin]$ xhost +si:localuser:root
localuser:root being added to access control list

Executing xhost again, we got the updated list which included the root

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:root
SI:localuser:george

After this, we were able to start arduino IDE using sudo with no problems.

[[email protected] bin]$ sudo ./arduino;

Note: This patch is not permanent, we actually execute it once at every restart of the machine.


How To Install on GNU/Linux CentOS 7 the LAMP stack (Apache, MySQL, PHP) + phpMyAdmin

Following you will find the commands to perform the installation of the LAMP stack (Apache, MySQL, PHP) and phpMyAdmin on a GNU/Linux CentOS 7.
In this guide we kept the information to the bare minimum about what is what.

Installation

To perform the installation, please execute the following as a user with administrative rights:

#Update your system
sudo yum update -y;
#Install Apache, MariaDB (MySQL), PHP (with MySQL support and phpMyAdmin which is a free software tool written in PHP, intended to handle the administration of MySQL over the Web)
sudo yum install httpd mariadb-server mariadb php php-mysql phpmyadmin -y;
#Start Apache (PHP will start with Apache as module)
sudo systemctl start httpd;
#Enable Apache to start on boot
sudo systemctl enable httpd;
#Start MariaDB(MySQL)
sudo systemctl start mariadb;
#Enable MariaDB(MySQL) to start on boot
sudo systemctl enable mariadb;

Configuration of MariaDB (MySQL)

By now, your system should have all necessary packages installed and the services up and running.
Now it is best to configure your MariaDB (MySQL) in a way to disable some test data and test accounts and assign a password to your root user.
Execute the following to do so:

sudo mysql_secure_installation;

This tool will ask you for your current database root password. Since you just installed MariaDB (MySQL) you should not have one, so leave the field empty and press enter.
We recommend to answer with Y (Yes) in all of the security questions of this tool and set a strong password for your root user.

sudo mysql_secure_installation;

Following is the output we got from this tool:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
 password for the root user.  If you've just installed MariaDB, and
 you haven't set the root password yet, the password will be blank,
 so you should just press enter here.

Enter current password for root (enter for none):
 OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
 root user without the proper authorisation.

Set root password? [Y/n] Y
 New password:
 Re-enter new password:
 Password updated successfully!
 Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
 to log into MariaDB without having to have a user account created for
 them.  This is intended only for testing, and to make the installation
 go a bit smoother.  You should remove them before moving into a
 production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
 ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
 access.  This is also intended only for testing, and should be removed
 before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
 will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
 installation should now be secure.

Thanks for using MariaDB!

Configuration of the firewall

Executing the following will enable access to your web-server from the network for http and https.

sudo firewall-cmd --permanent --zone=public --add-service=http;
sudo firewall-cmd --permanent --zone=public --add-service=https;
sudo firewall-cmd --reload;

Location of files / Where to upload your website

In CentOS 7, the directory where the website pages are located is at /var/www/html/.
You can place your html and php code there.

Configuration of phpMyAdmin

phpMyAdmin should be available at http://<IP of the web server>/phpmyadmin
The access to phpMyAdmin is controlled by the Apache Virtual Host File for phpMyAdmin that is found here /etc/httpd/conf.d/phpMyAdmin.conf.
By default, this configuration file only allows access to phpMyAdmin from the localhost (127.0.0.1).
In case you want to access it from another machine, you need to modify this file.
Before doing any changes, make a backup of the original file first:

 sudo cp /etc/httpd/conf.d/phpMyAdmin.conf /etc/httpd/conf.d/phpMyAdmin.conf.original;

To enable access only for a specific IP

Edit the Apache Virtual Host File for phpMyAdmin (/etc/httpd/conf.d/phpMyAdmin.conf) and change every reference of 127.0.0.1 with the IP address of the machine you want to give access to.

There should be four lines that you need to change.
In our installation it was the following lines:

  1. 17Require ip 127.0.0.1
  2. 25Allow from 127.0.0.1
  3. 34Require ip 127.0.0.1
  4. 42Allow from 127.0.0.1

Then restart the Apache service to apply the changes:

sudo systemctl restart httpd;

To enable access to any IP

Delete the existing file and create a new one.

sudo rm /etc/httpd/conf.d/phpMyAdmin.conf;
sudo touch /etc/httpd/conf.d/phpMyAdmin.conf;

Using the editor of your choice add the following content and save it:

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
 AllowOverride None
 Options None
 Allow from All
 Require all granted
</Directory>

Then restart the Apache service to apply the changes:

sudo systemctl restart httpd;

Following is the original content of our Apache Virtual Host File for phpMyAdmin (/etc/httpd/conf.d/phpMyAdmin.conf)

phpMyAdmin.conf (compressed) (114 downloads)

$ cat /etc/httpd/conf.d/phpMyAdmin.conf
 # phpMyAdmin - Web based MySQL browser written in php
 #
 # Allows only localhost by default
 #
 # But allowing phpMyAdmin to anyone other than localhost should be considered
 # dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
 AddDefaultCharset UTF-8

 <IfModule mod_authz_core.c>
  # Apache 2.4
  <RequireAny>
   Require ip 192.168.0.20
   Require ip ::1
  </RequireAny>
 </IfModule>
 <IfModule !mod_authz_core.c>
  # Apache 2.2
  Order Deny,Allow
  Deny from All
  Allow from 192.168.0.20
  Allow from ::1
  </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
 <IfModule mod_authz_core.c>
  # Apache 2.4
  <RequireAny>
   Require ip 192.168.0.20
   Require ip ::1
  </RequireAny>
 </IfModule>
 <IfModule !mod_authz_core.c>
  # Apache 2.2
  Order Deny,Allow
  Deny from All
  Allow from 192.168.0.20
  Allow from ::1
 </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
 <Directory /usr/share/phpMyAdmin/libraries/>
  Order Deny,Allow
  Deny from All
  Allow from None
 </Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
  Order Deny,Allow
  Deny from All
  Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
 Order Deny,Allow
 Deny from All
 Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

phpMyAdmin.conf (compressed) (114 downloads)


Start CLion as root on Fedora 1

Solution

Execute the following as a normal user

xhost +si:localuser:root;
sudo ./clion.sh;

Background Story and More Information

Recently we needed to start CLion as root on Fedora to allow the application we were developing to bind the DHCP service of the system.
When we tried to start CLion as root we got the following error:

java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.

Specifically, the whole error log was as follows:

[[email protected] bin]$ sudo ./clion.sh 
[sudo] password for george: 
No protocol specified

Start Failed: Failed to initialize graphics environment

java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY variable.
    at sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
    at sun.awt.X11GraphicsEnvironment.access$200(X11GraphicsEnvironment.java:65)
    at sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java:115)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.awt.X11GraphicsEnvironment.<clinit>(X11GraphicsEnvironment.java:74)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:264)
    at java.awt.GraphicsEnvironment.createGE(GraphicsEnvironment.java:103)
    at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(GraphicsEnvironment.java:82)
    at sun.awt.X11.XToolkit.<clinit>(XToolkit.java:126)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:264)
    at java.awt.Toolkit$2.run(Toolkit.java:860)
    at java.awt.Toolkit$2.run(Toolkit.java:855)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.awt.Toolkit.getDefaultToolkit(Toolkit.java:854)
    at java.awt.Toolkit.getEventQueue(Toolkit.java:1734)
    at java.awt.EventQueue.isDispatchThread(EventQueue.java:1043)
    at javax.swing.SwingUtilities.isEventDispatchThread(SwingUtilities.java:1361)
    at javax.swing.text.StyleContext.reclaim(StyleContext.java:454)
    at javax.swing.text.StyleContext.addAttribute(StyleContext.java:311)
    at javax.swing.text.html.StyleSheet.addAttribute(StyleSheet.java:578)
    at javax.swing.text.StyleContext$NamedStyle.addAttribute(StyleContext.java:1501)
    at javax.swing.text.StyleContext$NamedStyle.setName(StyleContext.java:1312)
    at javax.swing.text.StyleContext$NamedStyle.<init>(StyleContext.java:1259)
    at javax.swing.text.StyleContext.addStyle(StyleContext.java:107)
    at javax.swing.text.StyleContext.<init>(StyleContext.java:87)
    at javax.swing.text.html.StyleSheet.<init>(StyleSheet.java:166)
    at javax.swing.text.html.HTMLEditorKit.getStyleSheet(HTMLEditorKit.java:391)
    at com.intellij.util.ui.UIUtil.<clinit>(UIUtil.java:102)
    at com.intellij.ide.plugins.PluginManager.start(PluginManager.java:73)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.intellij.ide.Bootstrap.main(Bootstrap.java:39)
    at com.intellij.idea.Main.main(Main.java:81)

This error occurred because the default configuration of the X server permissions did not allow the root to connect to it.
To verify this, we used xhost X server access control program to check the permissions.
Executing xhost with no command line arguments gave us a message indicating whether or not access control was currently enabled, followed by the list of those users allowed to connect.
For example in our case the output was as follows:

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:george

To add root to the list of users that was allowed to start an X application we executed the following command:

[[email protected] bin]$ xhost +si:localuser:root
localuser:root being added to access control list

Executing xhost again, we got the updated list which included the root

[[email protected] bin]$ xhost
access control enabled, only authorized clients can connect
SI:localuser:root
SI:localuser:george

After this, we were able to start CLion using sudo with no problems.

[[email protected] bin]$ sudo ./clion.sh

Note: This patch is not permanent, we actually execute it once at every restart of the machine.


Fedora 24: Solution to gcrypt.h: No such file or directory

Recently we tried to compile cisco-decrypt.c* on Fedora 24 (64bit).
We got the full source code from the website of Maurice Massar.
Download full source code here: cisco-decrypt.c (compressed) (184 downloads)

We needed this tool to configure the Gnome 3 native network client to connect to a specific Cisco VPN network.
During the configuration we setup a “Cisco Compatible VPN (vpnc)” VPN.

* Please note that this tool is NOT a hacking nor cracking tool. In order for you to make any use of it, you need to have a valid PCF file given to you by your system administrator. It is only useful when you need to get the group password to configure a system that does not accept the PCF file with the encrypted password.

To compile the code you can use one of the following two methods:

Compilation method 1

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)

If the package libgcrypt-devel is not installed you will get a prompt message as follows, which will instruct you to install the missing package.
You need to type y to both questions so that the installation will proceed. Once the installation is done, execute once more the compilation command.

As you can see below, you might get a whole bunch of errors, ignore them and try to compile once more. It seems to be a bug that will not affect the end result (at least in this scenario).

gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
bash: libgcrypt-config: command not found...
Install package 'libgcrypt-devel' to provide command 'libgcrypt-config'? [N/y] y

Proceed with changes? [N/y] y

gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Loading: No such file or directory
gcc: error: list: No such file or directory
gcc: error: of: No such file or directory
gcc: error: packages....: No such file or directory
gcc: error: The: No such file or directory
gcc: error: following: No such file or directory
gcc: error: packages: No such file or directory
gcc: error: have: No such file or directory
gcc: error: to: No such file or directory
gcc: error: be: No such file or directory
gcc: error: installed:: No such file or directory
gcc: error: libgcrypt-devel-1.6.6-1.fc24.x86_64: No such file or directory
gcc: error: Development: No such file or directory
gcc: error: files: No such file or directory
gcc: error: for: No such file or directory
gcc: error: the: No such file or directory
gcc: error: libgcrypt: No such file or directory
gcc: error: package: No such file or directory
gcc: error: libgpg-error-devel-1.24-1.fc24.x86_64: No such file or directory
gcc: error: Development: No such file or directory
gcc: error: files: No such file or directory
gcc: error: for: No such file or directory
gcc: error: the: No such file or directory
gcc: error: libgpg-error: No such file or directory
gcc: error: package: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: for: No such file or directory
gcc: error: authentication...: No such file or directory
gcc: error: Waiting: No such file or directory
gcc: error: in: No such file or directory
gcc: error: queue...: No such file or directory
gcc: error: Downloading: No such file or directory
gcc: error: packages...: No such file or directory
gcc: error: Requesting: No such file or directory
gcc: error: data...: No such file or directory
gcc: error: Testing: No such file or directory
gcc: error: changes...: No such file or directory
gcc: error: Installing: No such file or directory
gcc: error: packages...: No such file or directory

Compilation method 2

In case the above method does not work for you for some reason, you can try the following.

gcc -Wall -o cisco-decrypt cisco-decrypt.c -lgcrypt

If the package libgcrypt-devel is not installed you will get an error as follows.

gcc -Wall -o cisco-decrypt cisco-decrypt.c -lgcrypt
cisco-decrypt.c:30:20: fatal error: gcrypt.h: No such file or directory
 #include <gcrypt.h>
                    ^
compilation terminated.

In this case use

sudo dnf install libgcrypt-devel

to install the missing library and try again to compile.

To use

Open your PCF file with a text editor. Find the line that starts with enc_GroupPwd= and copy the characters after that.

Paste the characters as the first command line argument to the newly compiled application. The password will be the line returned right after.

./cisco-decrypt 886E2FC74BFCD8B6FAF47784C386A50D0C1A5D0528D1E682B7EBAB6B2E91E792E389914767193F9114FA26C1E192034754F85FC97ED36509
Th!sIsMyK3y#

Other notes

In the case you get these errors:

/tmp/ccHrH1kZ.o: In function `c_decrypt':
cisco-decrypt.c:(.text+0x243): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x267): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x2b4): undefined reference to `gcry_md_hash_buffer'
cisco-decrypt.c:(.text+0x31d): undefined reference to `gcry_cipher_open'
cisco-decrypt.c:(.text+0x33b): undefined reference to `gcry_cipher_setkey'
cisco-decrypt.c:(.text+0x356): undefined reference to `gcry_cipher_setiv'
cisco-decrypt.c:(.text+0x382): undefined reference to `gcry_cipher_decrypt'
cisco-decrypt.c:(.text+0x391): undefined reference to `gcry_cipher_close'
/tmp/ccHrH1kZ.o: In function `main':
cisco-decrypt.c:(.text+0x41e): undefined reference to `gcry_check_version'
collect2: error: ld returned 1 exit status

It most probably means that you did not add on your compilation command one of the following two parameters

  1. $(libgcrypt-config –libs –cflags)
  2. -lgcrypt

You need one of these two options to be on the command line to compile.