From unknown Thu Mar 28 11:12:18 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#1027 closed by X2Go Release Manager (X2Go issue (in src:x2goclient) has been marked as closed) Message-ID: References: <20160919041607.7122F5DA95@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending patch X-X2go-PR-Message: they-closed 1027 X-X2go-PR-Package: x2goclient X-X2go-PR-Source: x2goclient Date: Mon, 19 Sep 2016 04:20:12 +0000 Content-Type: multipart/mixed; boundary="----------=_1474258812-14188-0" This is a multi-part message in MIME format... ------------=_1474258812-14188-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2goclient package: #1027: generalize OTP support for challenge/response style tokens It has been closed by X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager <= git-admin@x2go.org> by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1474258812-14188-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 19 Sep 2016 04:16:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=3.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 524D75DA8E; Mon, 19 Sep 2016 06:16:21 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lfpz6goT-ZZ6; Mon, 19 Sep 2016 06:16:14 +0200 (CEST) Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 7122F5DA95; Mon, 19 Sep 2016 06:16:07 +0200 (CEST) From: X2Go Release Manager To: 1027-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 1027@bugs.x2go.org Subject: X2Go issue (in src:x2goclient) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20160919041607.7122F5DA95@ymir.das-netzwerkteam.de> Date: Mon, 19 Sep 2016 06:16:07 +0200 (CEST) close #1027 thanks Hello, we are very hopeful that X2Go issue #1027 reported by you has been resolved in the new release (4.0.5.2) of the X2Go source project »src:x2goclient«. You can view the complete changelog entry of src:x2goclient (4.0.5.2) below, and you can use the following link to view all the code changes between this and the last release of src:x2goclient. http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=81f6a8140cd077c41b27f68c8d4e3a2bf0e23f5e;hp=c80b04add271dcdac482c2526708a21b0ec4932c If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2goclient. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2goclient Version: 4.0.5.2-0x2go1 Status: RELEASE Date: Mon, 19 Sep 2016 06:13:14 +0200 Fixes: 1003 1019 1027 1036 1079 Changes: x2goclient (4.0.5.2-0x2go1) RELEASED; urgency=medium . [ Klaus Ade Johnstad ] * New upstream version (4.0.5.2): - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file. . [ Mihai Moldovan ] * New upstream release (4.0.5.2): - res/i18n/x2goclient_nb_no.ts: fixup translation by respecting the original messages' format, typo fixes and other changes. - res/i18n/x2goclient_fi.ts: fixup translation by respecting the original messages' format and other changes. - src/{ongetpass,onmainwindow}.cpp: fixup QPlastiqueStyle usage on Qt5. This particular style has been removed/replaced by Fusion, which incorporates features of both Plastique and Clearlooks styles. - x2goclient.spec: whitespace only. - src/onmainwindow.cpp: add (default) MacPorts prefix, /usr/local/bin and /opt/X11/bin to x2goclient's environment and child environments before starting xmodmap. Fixes: #1019. Requires a re-release of X2Go Client for OS X. - src/x2goutils.{cpp,h}: add new function add_to_path () to add multiple entries to a PATH-like string if they do not exist in there yet. - src/onmainwindow.cpp: replace old code to modify the PATH value with the new add_to_path () function. - src/{onmainwindow,sshmasterconnection}.cpp: refactoring and whitespace only changes following up the #1027 patch. - src/onmainwindow.h: add new enum for selecting SSH host key types. - src/onmainwindow.h: rename ONMainWindow::generateHostDsaKey () to ONMainWindow::generateHostKey () and make key type selectible. Fixes: #1003. Host key type selection currently only works within the code. Replace calls to former ONMainWindow::generateHostDsaKey () with the generalized function and request an RSA-type key. - src/help.cpp: actually make help descriptions translatable. Looks ugly and is cumbersome to use, but there seems to be no other way to do that... - src/help.h: typo fix in comment only. - src/onmainwindow.cpp: add some comments related to maybe using add_to_path (). - src/onmainwindow.cpp: work around changed SSH host key locations in OS X 10.11+. Fixes: #1079. Also check /etc/ssh/ for keys. - src/onmainwindow.cpp: fix last commit by using QFileInfo instead of QDir. This lets us use the exists () member function correctly. - {nsis/x2goclient.nsi,res/i18n/x2goclient_{da,es,et,fi,nl,zh_tw}.ts}: replace left-overs of "X2go" with the correct "X2Go" spelling. This mostly touches obsolete strings and file names, that need to be cleaned, but it's still worthwhile to not have it show up when searching for the old string. Given that NTFS is normally case-insensitive, removing the files will still work. * debian/control: - Maintainer change in package: X2Go Developers . - Uploaders: add myself. Also, force a rebuild due to the changed versioning. . [ Mike DePaulo ] * New upstream release (4.0.5.2): - Windows: add sshd debug1 logging when using the --debug flag. - Windows: Revert back to Cygwin components that have not been "rebased" - Windows: Update PuTTY from 0.66 to 0.67, which fixes CVE-2016-2563. - Windows: Update bundled Win32 OpenSSL from 1.0.1q to 1.0.1t, which fixes the multiple CVEs announced on 2016-01-28, 2016-03-01 & 2016-05-03. . [ Martti Pitkänen ] * New upstream version (4.0.5.2): - res/i18n/x2goclient_fi.ts: update Finnish translation file. - res/i18n/x2goclient_fi.ts: update Finnish translation file. . [ Sébastien Ducoulombier ] * New upstream version (4.0.5.2): - misc {src/,x2goclient.pro}: port to Qt5. . [ Tor Perkins ] * New upstream release (4.0.5.2): - src/{onmainwindow,sshmasterconnection}.{cpp,h}: add support for ANSI X9.9 OTP tokens. Fixes: #1027. For this to work correctly, the challenge string needs to be displayed to the user. - src/sshmasterconnection.cpp: add support for Mobile OTP tokens and references for the other token types. Fixes: #1036. . [ Oleksandr Shneyder ] * New upstream release (4.0.5.2): - reset session data in broker config. - add "--no-autoresume" parameter. . [ Peter Barth ] * New upstream release (4.0.5.2): - res/i18n/x2goclient_de.ts: fix typo in close message. ------------=_1474258812-14188-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 14 Apr 2016 21:22:59 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: * X-Spam-Status: No, score=1.9 required=3.0 tests=BAYES_50,DATE_IN_PAST_12_24, URIBL_BLOCKED autolearn=no version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 059665DA9D for ; Thu, 14 Apr 2016 23:22:58 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ro-AsnghQLow for ; Thu, 14 Apr 2016 23:22:51 +0200 (CEST) X-Greylist: delayed 399 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Thu, 14 Apr 2016 23:22:50 CEST Received: from anoid.noid.net (anoid.noid.net [74.95.194.161]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 0508D5DA97 for ; Thu, 14 Apr 2016 23:22:50 +0200 (CEST) Received: from anoid.noid.net (localhost.noid.net [127.0.0.1]) by anoid.noid.net (GNU) with ESMTP id cecdaa61 for ; Thu, 14 Apr 2016 14:16:09 -0700 (PDT) From: Tor Perkins Date: Wed, 13 Apr 2016 14:58:19 -0700 Subject: generalize OTP support for challenge/response style tokens To: submit@bugs.x2go.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------1.7.2.5" Message-ID: <20160414211604.088193AB405E@noid.net> X-Mini-Diatribe: To fix America: 1. Cut government in half 2. Wait thirty years 3. Repeat as necessary This is a multi-part message in MIME format. --------------1.7.2.5 Content-Type: text/plain; charset=UTF-8; format=fixed Content-Transfer-Encoding: 8bit Package: x2goclient Version: 4.0.5.2 Tags: patch Hello, I really like the new support for OTP (One Time Passwords). This patch adds support for ANSI X9.9 OTP tokens (and probably others too). These tokens look like tiny calculators. Here's a link to a typical example: http://www.safenet-inc.com/multi-factor-authentication/authenticators/one-time-password-otp/gold-challenge-response-token/ Here's a diagram of the "user experience" when using these tokens: http://www.safenet-inc.com/uploadedImages/images/products/data-protection/authentication-images/GOLD-challenge-response-diagram.png With this patch, if the SSH server sends a verification prompt to the X2Go client that contains the string "challenge", then the client will prompt the user for the verification code (as before), but this time it will show the user the actual content of the server's prompt. This enables the user to see what the "challenge" is. This is not a requirement for the time or event based algorithms currently supported. The X9.9 standard was very popular before the newer algorithms came along and there are many companies that use this style. Thanks for your consideration! X2Go rocks! - Tor --------------1.7.2.5 Content-Type: text/x-patch; name="0001-generalize-OTP-support-for-challenge-response-style-.patch" Content-Transfer-Encoding: 8bit Content-Disposition: attachment; filename="0001-generalize-OTP-support-for-challenge-response-style-.patch" diff --git a/src/onmainwindow.cpp b/src/onmainwindow.cpp index c7fffd7..18ca368 100644 --- a/src/onmainwindow.cpp +++ b/src/onmainwindow.cpp @@ -2825,6 +2825,8 @@ SshMasterConnection* ONMainWindow::startSshConnection ( QString host, QString po SLOT ( slotSshServerAuthError ( int,QString, SshMasterConnection* ) ) ); connect ( con, SIGNAL ( needPassPhrase(SshMasterConnection*, bool)),this, SLOT ( slotSshServerAuthPassphrase(SshMasterConnection*, bool)) ); + connect ( con, SIGNAL ( needChallengeResponse(SshMasterConnection*, QString)),this, + SLOT ( slotSshServerAuthChallengeResponse(SshMasterConnection*, QString)) ); connect ( con, SIGNAL ( userAuthError ( QString ) ),this,SLOT ( slotSshUserAuthError ( QString ) ) ); connect ( con, SIGNAL ( connectionError ( QString,QString ) ), this, SLOT ( slotSshConnectionError ( QString,QString ) ) ); @@ -2948,6 +2950,33 @@ void ONMainWindow::slotSshServerAuthPassphrase(SshMasterConnection* connection, } +void ONMainWindow::slotSshServerAuthChallengeResponse(SshMasterConnection* connection, QString Challenge) +{ + bool ok; + QString message; + + message=Challenge; + + QString phrase=QInputDialog::getText(0,connection->getUser()+"@"+connection->getHost()+":"+QString::number(connection->getPort()), + message,QLineEdit::Password,QString::null, &ok); + if(!ok) + { + phrase=QString::null; + } + else + { + if(phrase==QString::null) + phrase=""; + } + connection->setKeyPhrase(phrase); + if(isHidden()) + { + show(); + QTimer::singleShot(1, this, SLOT(hide())); + } +} + + void ONMainWindow::slotSshServerAuthError ( int error, QString sshMessage, SshMasterConnection* connection ) { if ( startHidden ) diff --git a/src/onmainwindow.h b/src/onmainwindow.h index 809fe5f..0962ac6 100644 --- a/src/onmainwindow.h +++ b/src/onmainwindow.h @@ -1036,6 +1036,7 @@ private slots: void slotSshConnectionError ( QString message, QString lastSessionError ); void slotSshServerAuthError ( int error, QString sshMessage, SshMasterConnection* connection ); void slotSshServerAuthPassphrase ( SshMasterConnection* connection, bool verificationCode ); + void slotSshServerAuthChallengeResponse( SshMasterConnection* connection, QString Challenge ); void slotSshUserAuthError ( QString error ); void slotSshConnectionOk(); void slotServSshConnectionOk(QString server); diff --git a/src/sshmasterconnection.cpp b/src/sshmasterconnection.cpp index 8ebac10..1d330a3 100644 --- a/src/sshmasterconnection.cpp +++ b/src/sshmasterconnection.cpp @@ -881,15 +881,21 @@ bool SshMasterConnection::userChallengeAuth() } bool has_challenge_auth_code_prompt = false; + bool need_to_display_auth_code_prompt = false; const std::size_t challenge_auth_code_prompts_size = (sizeof (challenge_auth_code_prompts_)/sizeof (*challenge_auth_code_prompts_)); - for (std::size_t i = 0; i < challenge_auth_code_prompts_size; ++i) { - x2goDebug << "Checking against known prompt #" << i << ": " << challenge_auth_code_prompts_[i] << endl; - - if (pr.startsWith (challenge_auth_code_prompts_[i])) { - has_challenge_auth_code_prompt = true; - break; - } + if( pr.contains("challenge", Qt::CaseInsensitive) ) { + x2goDebug << "prompt contains 'challenge': " << pr << endl; + has_challenge_auth_code_prompt = true; + need_to_display_auth_code_prompt = true; + } else { + for (std::size_t i = 0; i < challenge_auth_code_prompts_size; ++i) { + x2goDebug << "Checking against known prompt #" << i << ": " << challenge_auth_code_prompts_[i] << endl; + if (pr.startsWith (challenge_auth_code_prompts_[i])) { + has_challenge_auth_code_prompt = true; + break; + } + } } if (has_challenge_auth_code_prompt) { @@ -901,7 +907,11 @@ bool SshMasterConnection::userChallengeAuth() if(challengeAuthVerificationCode == QString::null) { keyPhraseReady=false; - emit needPassPhrase(this, true); + if (need_to_display_auth_code_prompt) { + emit needChallengeResponse(this, pr); + } else { + emit needPassPhrase(this, true); + } for(;;) { bool ready=false; diff --git a/src/sshmasterconnection.h b/src/sshmasterconnection.h index 0136ac4..79da49a 100644 --- a/src/sshmasterconnection.h +++ b/src/sshmasterconnection.h @@ -218,6 +218,7 @@ signals: void connectionOk( QString host); void needPassPhrase(SshMasterConnection*, bool verificationCode); + void needChallengeResponse(SshMasterConnection*, QString Challenge); }; --------------1.7.2.5-- ------------=_1474258812-14188-0--