X2Go Bug report logs -
#1036
add support for Mobile-OTP (MOTP) tokens
Reported by: Tor Perkins <x2go23@noid.net>
Date: Mon, 16 May 2016 16:10:02 UTC
Severity: normal
Tags: patch, pending
Found in version 4.0.5.2
Fixed in version 4.0.5.2
Done: X2Go Release Manager <git-admin@x2go.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1036
; Package x2goclient
.
(Mon, 16 May 2016 16:10:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Tor Perkins <x2go23@noid.net>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Mon, 16 May 2016 16:10:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: x2goclient
Version: 4.0.5.2
Tags: patch
Hello,
There is very nice OTP (One Time Password) algorithm called "Mobile-OTP"
(MOTP). Here is a link for more information:
http://motp.sourceforge.net/
This small patch extends x2goclient's OTP support to accommodate MOTP.
The patch adds a new string ("passcode:") to challenge_auth_code_prompts_[].
It also adds some comments that indicates the source of the various prompt
strings in that array.
MOTP is a very nice algorithm that is worthy of support for several reasons.
It is "free" and "open" and does not rely on a third party infrastructure to
operate.
It is a Time-based One Time Password (TOTP) algorithm (like OATH can be), with
a distinguishing advantage; it does 2FA ("2 Factor Authentication") innately.
That is because it requires a 4 digit PIN to be entered every time it is used.
The PIN is not stored in the "token" (i.e. smartphone), so a stolen phone
does an attacker no good...
It is well established and popular. There are many versions of the "token"
available (much more than just IOS and Android apps). It is supported by
several "backend" systems (like LinOTP). Please refer to the "Links" section
on the project page for many more examples...
Thanks for your consideration! X2Go rocks!
- Tor
[add-support-for-Mobile-OTP-MOTP-tokens.patch (text/x-patch, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1036
; Package x2goclient
.
(Sun, 19 Jun 2016 23:55:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mihai Moldovan <ionic@ionic.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sun, 19 Jun 2016 23:55:02 GMT) (full text, mbox, link).
Message #10 received at 1036@bugs.x2go.org (full text, mbox, reply):
tag #1036 pending
fixed #1036 4.0.5.2
thanks
Hello,
X2Go issue #1036 (src:x2goclient) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:
http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=044f22f
The issue will most likely be fixed in src:x2goclient (4.0.5.2).
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
commit 044f22fd5f7f1c544ffe7906c18a0cf017e31d11
Author: Tor Perkins <x2go34@noid.net>
Date: Sun Jun 19 04:28:39 2016 +0200
src/sshmasterconnection.cpp: add support for Mobile OTP tokens and references for the other token types. Fixes: #1036.
diff --git a/debian/changelog b/debian/changelog
index f074d93..a6807b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -57,6 +57,8 @@ x2goclient (4.0.5.2-0x2go1) UNRELEASED; urgency=medium
- src/{onmainwindow,sshmasterconnection}.{cpp,h}: add support for ANSI
X9.9 OTP tokens. Fixes: #1027. For this to work correctly, the challenge
string needs to be displayed to the user.
+ - src/sshmasterconnection.cpp: add support for Mobile OTP tokens and
+ references for the other token types. Fixes: #1036.
[ Oleksandr Shneyder ]
* New upstream release (4.0.5.2):
Added tag(s) pending.
Request was from Mihai Moldovan <ionic@ionic.de>
to control@bugs.x2go.org
.
(Sun, 19 Jun 2016 23:55:03 GMT) (full text, mbox, link).
Marked as fixed in versions 4.0.5.2.
Request was from Mihai Moldovan <ionic@ionic.de>
to control@bugs.x2go.org
.
(Sun, 19 Jun 2016 23:55:03 GMT) (full text, mbox, link).
Message sent on
to Tor Perkins <x2go23@noid.net>
:
Bug#1036.
(Sun, 19 Jun 2016 23:55:03 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#1036
; Package x2goclient
.
(Mon, 19 Sep 2016 04:20:05 GMT) (full text, mbox, link).
Acknowledgement sent
to X2Go Release Manager <git-admin@x2go.org>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Mon, 19 Sep 2016 04:20:05 GMT) (full text, mbox, link).
Message #22 received at 1036@bugs.x2go.org (full text, mbox, reply):
close #1036
thanks
Hello,
we are very hopeful that X2Go issue #1036 reported by you
has been resolved in the new release (4.0.5.2) of the
X2Go source project »src:x2goclient«.
You can view the complete changelog entry of src:x2goclient (4.0.5.2)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.
http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=81f6a8140cd077c41b27f68c8d4e3a2bf0e23f5e;hp=c80b04add271dcdac482c2526708a21b0ec4932c
If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.
Thanks a lot for contributing to X2Go!!!
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
X2Go Component: src:x2goclient
Version: 4.0.5.2-0x2go1
Status: RELEASE
Date: Mon, 19 Sep 2016 06:13:14 +0200
Fixes: 1003 1019 1027 1036 1079
Changes:
x2goclient (4.0.5.2-0x2go1) RELEASED; urgency=medium
.
[ Klaus Ade Johnstad ]
* New upstream version (4.0.5.2):
- res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file.
.
[ Mihai Moldovan ]
* New upstream release (4.0.5.2):
- res/i18n/x2goclient_nb_no.ts: fixup translation by respecting the
original messages' format, typo fixes and other changes.
- res/i18n/x2goclient_fi.ts: fixup translation by respecting the original
messages' format and other changes.
- src/{ongetpass,onmainwindow}.cpp: fixup QPlastiqueStyle usage on Qt5.
This particular style has been removed/replaced by Fusion, which
incorporates features of both Plastique and Clearlooks styles.
- x2goclient.spec: whitespace only.
- src/onmainwindow.cpp: add (default) MacPorts prefix, /usr/local/bin and
/opt/X11/bin to x2goclient's environment and child environments before
starting xmodmap. Fixes: #1019. Requires a re-release of X2Go Client for
OS X.
- src/x2goutils.{cpp,h}: add new function add_to_path () to add multiple
entries to a PATH-like string if they do not exist in there yet.
- src/onmainwindow.cpp: replace old code to modify the PATH value with the
new add_to_path () function.
- src/{onmainwindow,sshmasterconnection}.cpp: refactoring and whitespace only
changes following up the #1027 patch.
- src/onmainwindow.h: add new enum for selecting SSH host key types.
- src/onmainwindow.h: rename ONMainWindow::generateHostDsaKey () to
ONMainWindow::generateHostKey () and make key type selectible. Fixes:
#1003. Host key type selection currently only works within the code. Replace
calls to former ONMainWindow::generateHostDsaKey () with the generalized
function and request an RSA-type key.
- src/help.cpp: actually make help descriptions translatable. Looks ugly
and is cumbersome to use, but there seems to be no other way to do
that...
- src/help.h: typo fix in comment only.
- src/onmainwindow.cpp: add some comments related to maybe using
add_to_path ().
- src/onmainwindow.cpp: work around changed SSH host key locations in OS X
10.11+. Fixes: #1079. Also check /etc/ssh/ for keys.
- src/onmainwindow.cpp: fix last commit by using QFileInfo instead of
QDir. This lets us use the exists () member function correctly.
- {nsis/x2goclient.nsi,res/i18n/x2goclient_{da,es,et,fi,nl,zh_tw}.ts}:
replace left-overs of "X2go" with the correct "X2Go" spelling.
This mostly touches obsolete strings and file names, that need to be
cleaned, but it's still worthwhile to not have it show up when searching
for the old string. Given that NTFS is normally case-insensitive,
removing the files will still work.
* debian/control:
- Maintainer change in package: X2Go Developers <x2go-dev@lists.x2go.org>.
- Uploaders: add myself. Also, force a rebuild due to the changed
versioning.
.
[ Mike DePaulo ]
* New upstream release (4.0.5.2):
- Windows: add sshd debug1 logging when using the --debug flag.
- Windows: Revert back to Cygwin components that have not been
"rebased"
- Windows: Update PuTTY from 0.66 to 0.67, which fixes
CVE-2016-2563.
- Windows: Update bundled Win32 OpenSSL from 1.0.1q to 1.0.1t,
which fixes the multiple CVEs announced on 2016-01-28,
2016-03-01 & 2016-05-03.
.
[ Martti Pitkänen ]
* New upstream version (4.0.5.2):
- res/i18n/x2goclient_fi.ts: update Finnish translation file.
- res/i18n/x2goclient_fi.ts: update Finnish translation file.
.
[ Sébastien Ducoulombier ]
* New upstream version (4.0.5.2):
- misc {src/,x2goclient.pro}: port to Qt5.
.
[ Tor Perkins ]
* New upstream release (4.0.5.2):
- src/{onmainwindow,sshmasterconnection}.{cpp,h}: add support for ANSI
X9.9 OTP tokens. Fixes: #1027. For this to work correctly, the challenge
string needs to be displayed to the user.
- src/sshmasterconnection.cpp: add support for Mobile OTP tokens and
references for the other token types. Fixes: #1036.
.
[ Oleksandr Shneyder ]
* New upstream release (4.0.5.2):
- reset session data in broker config.
- add "--no-autoresume" parameter.
.
[ Peter Barth ]
* New upstream release (4.0.5.2):
- res/i18n/x2goclient_de.ts: fix typo in close message.
Marked Bug as done
Request was from X2Go Release Manager <git-admin@x2go.org>
to control@bugs.x2go.org
.
(Mon, 19 Sep 2016 04:20:14 GMT) (full text, mbox, link).
Notification sent
to Tor Perkins <x2go23@noid.net>
:
Bug acknowledged by developer.
(Mon, 19 Sep 2016 04:20:14 GMT) (full text, mbox, link).
Message sent on
to Tor Perkins <x2go23@noid.net>
:
Bug#1036.
(Mon, 19 Sep 2016 04:20:22 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.x2go.org>
to internal_control@bugs.x2go.org
.
(Mon, 17 Oct 2016 05:25:59 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Thu Nov 21 13:58:29 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.