X2Go Bug report logs - #1036
add support for Mobile-OTP (MOTP) tokens

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Tor Perkins <x2go23@noid.net>

Date: Mon, 16 May 2016 16:10:02 UTC

Severity: normal

Tags: patch, pending

Found in version 4.0.5.2

Fixed in version 4.0.5.2

Done: X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1036; Package x2goclient. (Mon, 16 May 2016 16:10:02 GMT) (full text, mbox, link).


Acknowledgement sent to Tor Perkins <x2go23@noid.net>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Mon, 16 May 2016 16:10:03 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Tor Perkins <x2go23@noid.net>
To: submit@bugs.x2go.org
Subject: add support for Mobile-OTP (MOTP) tokens
Date: Mon, 16 May 2016 08:56:28 -0700
[Message part 1 (text/plain, inline)]
Package: x2goclient
Version: 4.0.5.2
Tags: patch


Hello,

There is very nice OTP (One Time Password) algorithm called "Mobile-OTP"
(MOTP).  Here is a link for more information:

  http://motp.sourceforge.net/

This small patch extends x2goclient's OTP support to accommodate MOTP.

The patch adds a new string ("passcode:") to challenge_auth_code_prompts_[].
It also adds some comments that indicates the source of the various prompt
strings in that array.

MOTP is a very nice algorithm that is worthy of support for several reasons.

It is "free" and "open" and does not rely on a third party infrastructure to
operate.

It is a Time-based One Time Password (TOTP) algorithm (like OATH can be), with
a distinguishing advantage; it does 2FA ("2 Factor Authentication") innately.
That is because it requires a 4 digit PIN to be entered every time it is used.
The PIN is not stored in the "token" (i.e. smartphone), so a stolen phone
does an attacker no good...

It is well established and popular.  There are many versions of the "token"
available (much more than just IOS and Android apps).  It is supported by
several "backend" systems (like LinOTP).  Please refer to the "Links" section
on the project page for many more examples...

Thanks for your consideration!  X2Go rocks!

- Tor


[add-support-for-Mobile-OTP-MOTP-tokens.patch (text/x-patch, attachment)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1036; Package x2goclient. (Sun, 19 Jun 2016 23:55:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mihai Moldovan <ionic@ionic.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sun, 19 Jun 2016 23:55:02 GMT) (full text, mbox, link).


Message #10 received at 1036@bugs.x2go.org (full text, mbox, reply):

From: Mihai Moldovan <ionic@ionic.de>
To: 1036-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 1036@bugs.x2go.org
Subject: X2Go issue (in src:x2goclient) has been marked as pending for release
Date: Mon, 20 Jun 2016 01:50:38 +0200 (CEST)
tag #1036 pending
fixed #1036 4.0.5.2
thanks

Hello,

X2Go issue #1036 (src:x2goclient) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=044f22f

The issue will most likely be fixed in src:x2goclient (4.0.5.2).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit 044f22fd5f7f1c544ffe7906c18a0cf017e31d11
Author: Tor Perkins <x2go34@noid.net>
Date:   Sun Jun 19 04:28:39 2016 +0200

    src/sshmasterconnection.cpp: add support for Mobile OTP tokens and references for the other token types. Fixes: #1036.

diff --git a/debian/changelog b/debian/changelog
index f074d93..a6807b9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -57,6 +57,8 @@ x2goclient (4.0.5.2-0x2go1) UNRELEASED; urgency=medium
     - src/{onmainwindow,sshmasterconnection}.{cpp,h}: add support for ANSI
       X9.9 OTP tokens. Fixes: #1027. For this to work correctly, the challenge
       string needs to be displayed to the user.
+    - src/sshmasterconnection.cpp: add support for Mobile OTP tokens and
+      references for the other token types. Fixes: #1036.
 
   [ Oleksandr Shneyder ]
   * New upstream release (4.0.5.2):


Added tag(s) pending. Request was from Mihai Moldovan <ionic@ionic.de> to control@bugs.x2go.org. (Sun, 19 Jun 2016 23:55:03 GMT) (full text, mbox, link).


Marked as fixed in versions 4.0.5.2. Request was from Mihai Moldovan <ionic@ionic.de> to control@bugs.x2go.org. (Sun, 19 Jun 2016 23:55:03 GMT) (full text, mbox, link).


Message sent on to Tor Perkins <x2go23@noid.net>:
Bug#1036. (Sun, 19 Jun 2016 23:55:03 GMT) (full text, mbox, link).


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1036; Package x2goclient. (Mon, 19 Sep 2016 04:20:05 GMT) (full text, mbox, link).


Acknowledgement sent to X2Go Release Manager <git-admin@x2go.org>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Mon, 19 Sep 2016 04:20:05 GMT) (full text, mbox, link).


Message #22 received at 1036@bugs.x2go.org (full text, mbox, reply):

From: X2Go Release Manager <git-admin@x2go.org>
To: 1036-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 1036@bugs.x2go.org
Subject: X2Go issue (in src:x2goclient) has been marked as closed
Date: Mon, 19 Sep 2016 06:16:07 +0200 (CEST)
close #1036
thanks

Hello,

we are very hopeful that X2Go issue #1036 reported by you
has been resolved in the new release (4.0.5.2) of the
X2Go source project »src:x2goclient«.

You can view the complete changelog entry of src:x2goclient (4.0.5.2)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=81f6a8140cd077c41b27f68c8d4e3a2bf0e23f5e;hp=c80b04add271dcdac482c2526708a21b0ec4932c

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goclient
Version: 4.0.5.2-0x2go1
Status: RELEASE
Date: Mon, 19 Sep 2016 06:13:14 +0200
Fixes: 1003 1019 1027 1036 1079
Changes: 
 x2goclient (4.0.5.2-0x2go1) RELEASED; urgency=medium
 .
   [ Klaus Ade Johnstad ]
   * New upstream version (4.0.5.2):
     - res/i18n/x2goclient_nb_no.ts: update Bokmål (Norway) translation file.
 .
   [ Mihai Moldovan ]
   * New upstream release (4.0.5.2):
     - res/i18n/x2goclient_nb_no.ts: fixup translation by respecting the
       original messages' format, typo fixes and other changes.
     - res/i18n/x2goclient_fi.ts: fixup translation by respecting the original
       messages' format and other changes.
     - src/{ongetpass,onmainwindow}.cpp: fixup QPlastiqueStyle usage on Qt5.
       This particular style has been removed/replaced by Fusion, which
       incorporates features of both Plastique and Clearlooks styles.
     - x2goclient.spec: whitespace only.
     - src/onmainwindow.cpp: add (default) MacPorts prefix, /usr/local/bin and
       /opt/X11/bin to x2goclient's environment and child environments before
       starting xmodmap. Fixes: #1019. Requires a re-release of X2Go Client for
       OS X.
     - src/x2goutils.{cpp,h}: add new function add_to_path () to add multiple
       entries to a PATH-like string if they do not exist in there yet.
     - src/onmainwindow.cpp: replace old code to modify the PATH value with the
       new add_to_path () function.
     - src/{onmainwindow,sshmasterconnection}.cpp: refactoring and whitespace only
       changes following up the #1027 patch.
     - src/onmainwindow.h: add new enum for selecting SSH host key types.
     - src/onmainwindow.h: rename ONMainWindow::generateHostDsaKey () to
       ONMainWindow::generateHostKey () and make key type selectible. Fixes:
       #1003. Host key type selection currently only works within the code. Replace
       calls to former ONMainWindow::generateHostDsaKey () with the generalized
       function and request an RSA-type key.
     - src/help.cpp: actually make help descriptions translatable. Looks ugly
       and is cumbersome to use, but there seems to be no other way to do
       that...
     - src/help.h: typo fix in comment only.
     - src/onmainwindow.cpp: add some comments related to maybe using
       add_to_path ().
     - src/onmainwindow.cpp: work around changed SSH host key locations in OS X
       10.11+. Fixes: #1079. Also check /etc/ssh/ for keys.
     - src/onmainwindow.cpp: fix last commit by using QFileInfo instead of
       QDir. This lets us use the exists () member function correctly.
     - {nsis/x2goclient.nsi,res/i18n/x2goclient_{da,es,et,fi,nl,zh_tw}.ts}:
       replace left-overs of "X2go" with the correct "X2Go" spelling.
       This mostly touches obsolete strings and file names, that need to be
       cleaned, but it's still worthwhile to not have it show up when searching
       for the old string. Given that NTFS is normally case-insensitive,
       removing the files will still work.
   * debian/control:
     - Maintainer change in package: X2Go Developers <x2go-dev@lists.x2go.org>.
     - Uploaders: add myself. Also, force a rebuild due to the changed
       versioning.
 .
   [ Mike DePaulo ]
   * New upstream release (4.0.5.2):
     - Windows: add sshd debug1 logging when using the --debug flag.
     - Windows: Revert back to Cygwin components that have not been
       "rebased"
     - Windows: Update PuTTY from 0.66 to 0.67, which fixes
       CVE-2016-2563.
     - Windows: Update bundled Win32 OpenSSL from 1.0.1q to 1.0.1t,
       which fixes the multiple CVEs announced on 2016-01-28,
       2016-03-01 & 2016-05-03.
 .
   [ Martti Pitkänen ]
   * New upstream version (4.0.5.2):
     - res/i18n/x2goclient_fi.ts: update Finnish translation file.
     - res/i18n/x2goclient_fi.ts: update Finnish translation file.
 .
   [ Sébastien Ducoulombier ]
   * New upstream version (4.0.5.2):
     - misc {src/,x2goclient.pro}: port to Qt5.
 .
   [ Tor Perkins ]
   * New upstream release (4.0.5.2):
     - src/{onmainwindow,sshmasterconnection}.{cpp,h}: add support for ANSI
       X9.9 OTP tokens. Fixes: #1027. For this to work correctly, the challenge
       string needs to be displayed to the user.
     - src/sshmasterconnection.cpp: add support for Mobile OTP tokens and
       references for the other token types. Fixes: #1036.
 .
   [ Oleksandr Shneyder ]
   * New upstream release (4.0.5.2):
     - reset session data in broker config.
     - add "--no-autoresume" parameter.
 .
   [ Peter Barth ]
   * New upstream release (4.0.5.2):
     - res/i18n/x2goclient_de.ts: fix typo in close message.


Marked Bug as done Request was from X2Go Release Manager <git-admin@x2go.org> to control@bugs.x2go.org. (Mon, 19 Sep 2016 04:20:14 GMT) (full text, mbox, link).


Notification sent to Tor Perkins <x2go23@noid.net>:
Bug acknowledged by developer. (Mon, 19 Sep 2016 04:20:14 GMT) (full text, mbox, link).


Message sent on to Tor Perkins <x2go23@noid.net>:
Bug#1036. (Mon, 19 Sep 2016 04:20:22 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Mon, 17 Oct 2016 05:25:59 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sat Aug 24 13:36:36 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.