X2Go Bug report logs - #1183
Pass broker creds to RDP client as plaintext

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Walid MOGHRABI <w.moghrabi@servicemagic.eu>

Date: Wed, 31 May 2017 14:45:02 UTC

Severity: wishlist

Tags: patch

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient. (Wed, 31 May 2017 14:45:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Walid MOGHRABI <w.moghrabi@servicemagic.eu>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Wed, 31 May 2017 14:45:02 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.x2go.org (full text, mbox):

From: Walid MOGHRABI <w.moghrabi@servicemagic.eu>
To: submit@bugs.x2go.org
Subject: Pass broker creds to RDP client as plaintext
Date: Wed, 31 May 2017 16:40:49 +0200 (CEST)
[Message part 1 (text/plain, inline)]
package: x2goclient
priority: wishlist
tags: patch

This is a proposal patch in order to let the RDP client use the credentials used at broker auth login so that users can enter them only once in broker mode.

This patch also add support for --close-disconnect in broker mode + RDP


Regards,
Walid Moghrabi

TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3

---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you
[x2goclient-pass-broker-creds-to-rdp-client.patch (text/x-patch, attachment)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient. (Wed, 31 May 2017 20:00:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Wed, 31 May 2017 20:00:02 GMT) Full text and rfc822 format available.

Message #10 received at 1183@bugs.x2go.org (full text, mbox):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Walid MOGHRABI <w.moghrabi@servicemagic.eu>, 1183@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext
Date: Wed, 31 May 2017 19:58:28 +0000
[Message part 1 (text/plain, inline)]
Hi Walid,

On  Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote:

> package: x2goclient
> priority: wishlist
> tags: patch
>
> This is a proposal patch in order to let the RDP client use the  
> credentials used at broker auth login so that users can enter them  
> only once in broker mode.
>
> This patch also add support for --close-disconnect in broker mode + RDP

I just looked at your patch.

Requests before patch can get accepted:

  1. Please split up the RDP broker creds as session creds from the  
--close-disconnect change.
  2. Please let the cmdline option start with --broker-...

           --broker-use-creds-for-session

  3. Don't limit this functionality to RDP sessions only. It is  
useful for all sorts of session
     types (X2Go, DirectRDP, DirectXDMCP if already in (there were  
rumours about such a new feature)).

Thanks for your work on X2Go,
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient. (Thu, 01 Jun 2017 08:50:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Walid MOGHRABI <w.moghrabi@servicemagic.eu>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Thu, 01 Jun 2017 08:50:02 GMT) Full text and rfc822 format available.

Message #15 received at 1183@bugs.x2go.org (full text, mbox):

From: Walid MOGHRABI <w.moghrabi@servicemagic.eu>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Cc: 1183@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext
Date: Thu, 1 Jun 2017 10:46:55 +0200 (CEST)
I'll take your requests into account but just to clarify :


> 1. Please split up the RDP broker creds as session creds from the 
> --close-disconnect change. 

This little fix is related to this support since, in that particular case which is broker mode + RDP session + --close-disconnect activated, you couldn't have a one time authentication (at broker auth).
For that "one time auth" to work, I need a way to pass broker credentials to the session and to close the client at the end of the session in order to force a re-auth at broker login.
Without the --close-disconnect fix, I can pass my credentials to the RDP session but when finishing the session, I'm still on the broker page with my session list and I don't re-auth which is what I wanted.
I can easily split these patches since they are quite clearly separated but I thought they were related to the same need that's why I kept them together.

> 2. Please let the cmdline option start with --broker-... 
>
> --broker-use-creds-for-session 

ok

> 3. Don't limit this functionality to RDP sessions only. It is 
> useful for all sorts of session 
> types (X2Go, DirectRDP, DirectXDMCP if already in (there were 
> rumours about such a new feature)). 

Well, I'm not aware of XDMCP and have nothing under my hand to test it.
This patch affect RDP sessions only in fact because X2Go sessions have heir own way to pass credentials from broker to x2go server with the intermediate key auth so using this method for this kind of session is purely useless.
On the other hand, RDP sessions have no such key authentication available so it is necessary to pass credentials as plaintext to xfreerdp/rdesktop because in the case of the broker mode only, when clicking on the session profile, the client is waiting for the credentials but you are not prompted for them so the client stay stuck in an unusable situation.
So really, this is a "broker + RDP only" method that's why I precised this was for RDP only in order not to confuse users who might think this could be used for any type of connection.

I'll modify the cmdline option name and wait for your comments on my precisions. 

Regards,
Walid Moghrabi

TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3

----- Mail original ----- 

De: "Mike Gabriel" <mike.gabriel@das-netzwerkteam.de> 
À: "Walid MOGHRABI" <w.moghrabi@servicemagic.eu>, 1183@bugs.x2go.org 
Envoyé: Mercredi 31 Mai 2017 21:58:28 
Objet: Re: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext 

Hi Walid, 

On Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote: 

> package: x2goclient 
> priority: wishlist 
> tags: patch 
> 
> This is a proposal patch in order to let the RDP client use the 
> credentials used at broker auth login so that users can enter them 
> only once in broker mode. 
> 
> This patch also add support for --close-disconnect in broker mode + RDP 

I just looked at your patch. 

Requests before patch can get accepted: 

1. Please split up the RDP broker creds as session creds from the 
--close-disconnect change. 
2. Please let the cmdline option start with --broker-... 

--broker-use-creds-for-session 

3. Don't limit this functionality to RDP sessions only. It is 
useful for all sorts of session 
types (X2Go, DirectRDP, DirectXDMCP if already in (there were 
rumours about such a new feature)). 

Thanks for your work on X2Go, 
Mike 

-- 

DAS-NETZWERKTEAM 
mike gabriel, herweg 7, 24357 fleckeby 
mobile: +49 (1520) 1976 148 
landline: +49 (4354) 8390 139 

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient. (Sat, 03 Jun 2017 21:50:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sat, 03 Jun 2017 21:50:02 GMT) Full text and rfc822 format available.

Message #20 received at 1183@bugs.x2go.org (full text, mbox):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Walid MOGHRABI <w.moghrabi@servicemagic.eu>, 1183@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1183: Bug#1183: Pass broker creds to RDP client as plaintext
Date: Sat, 03 Jun 2017 21:48:36 +0000
[Message part 1 (text/plain, inline)]
HI Walid,

On  Do 01 Jun 2017 10:46:55 CEST, Walid MOGHRABI wrote:

> I'll take your requests into account but just to clarify :
>
>
>> 1. Please split up the RDP broker creds as session creds from the
>> --close-disconnect change.
>
> This little fix is related to this support since, in that particular  
> case which is broker mode + RDP session + --close-disconnect  
> activated, you couldn't have a one time authentication (at broker  
> auth).
> For that "one time auth" to work, I need a way to pass broker  
> credentials to the session and to close the client at the end of the  
> session in order to force a re-auth at broker login.
> Without the --close-disconnect fix, I can pass my credentials to the  
> RDP session but when finishing the session, I'm still on the broker  
> page with my session list and I don't re-auth which is what I wanted.
> I can easily split these patches since they are quite clearly  
> separated but I thought they were related to the same need that's  
> why I kept them together.

Please split off the change for --close-disconnect into a separate commit.

>> 2. Please let the cmdline option start with --broker-...
>>
>> --broker-use-creds-for-session
>
> ok
>
>> 3. Don't limit this functionality to RDP sessions only. It is
>> useful for all sorts of session
>> types (X2Go, DirectRDP, DirectXDMCP if already in (there were
>> rumours about such a new feature)).
>
> Well, I'm not aware of XDMCP and have nothing under my hand to test it.
> This patch affect RDP sessions only in fact because X2Go sessions  
> have heir own way to pass credentials from broker to x2go server  
> with the intermediate key auth so using this method for this kind of  
> session is purely useless.
> On the other hand, RDP sessions have no such key authentication  
> available so it is necessary to pass credentials as plaintext to  
> xfreerdp/rdesktop because in the case of the broker mode only, when  
> clicking on the session profile, the client is waiting for the  
> credentials but you are not prompted for them so the client stay  
> stuck in an unusable situation.
> So really, this is a "broker + RDP only" method that's why I  
> precised this was for RDP only in order not to confuse users who  
> might think this could be used for any type of connection.
>
> I'll modify the cmdline option name and wait for your comments on my  
> precisions.
>

IMHO, the --broker-use-creds-for-session could be a nice and cheap  
alternative to setting up x2gobroker-agent based authentication. So,  
it would be nice to have it working for X2Go and RDP sessions.

Thanks,
Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Tue Dec 11 00:04:31 2018; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.