X2Go Bug report logs -
#1183
Pass broker creds to RDP client as plaintext
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient.
(Wed, 31 May 2017 14:45:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Walid MOGHRABI <w.moghrabi@servicemagic.eu>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>.
(Wed, 31 May 2017 14:45:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
package: x2goclient
priority: wishlist
tags: patch
This is a proposal patch in order to let the RDP client use the credentials used at broker auth login so that users can enter them only once in broker mode.
This patch also add support for --close-disconnect in broker mode + RDP
Regards,
Walid Moghrabi
TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you
[x2goclient-pass-broker-creds-to-rdp-client.patch (text/x-patch, attachment)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient.
(Wed, 31 May 2017 20:00:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>.
(Wed, 31 May 2017 20:00:02 GMT) (full text, mbox, link).
Message #10 received at 1183@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Walid,
On Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote:
> package: x2goclient
> priority: wishlist
> tags: patch
>
> This is a proposal patch in order to let the RDP client use the
> credentials used at broker auth login so that users can enter them
> only once in broker mode.
>
> This patch also add support for --close-disconnect in broker mode + RDP
I just looked at your patch.
Requests before patch can get accepted:
1. Please split up the RDP broker creds as session creds from the
--close-disconnect change.
2. Please let the cmdline option start with --broker-...
--broker-use-creds-for-session
3. Don't limit this functionality to RDP sessions only. It is
useful for all sorts of session
types (X2Go, DirectRDP, DirectXDMCP if already in (there were
rumours about such a new feature)).
Thanks for your work on X2Go,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient.
(Thu, 01 Jun 2017 08:50:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Walid MOGHRABI <w.moghrabi@servicemagic.eu>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>.
(Thu, 01 Jun 2017 08:50:02 GMT) (full text, mbox, link).
Message #15 received at 1183@bugs.x2go.org (full text, mbox, reply):
I'll take your requests into account but just to clarify :
> 1. Please split up the RDP broker creds as session creds from the
> --close-disconnect change.
This little fix is related to this support since, in that particular case which is broker mode + RDP session + --close-disconnect activated, you couldn't have a one time authentication (at broker auth).
For that "one time auth" to work, I need a way to pass broker credentials to the session and to close the client at the end of the session in order to force a re-auth at broker login.
Without the --close-disconnect fix, I can pass my credentials to the RDP session but when finishing the session, I'm still on the broker page with my session list and I don't re-auth which is what I wanted.
I can easily split these patches since they are quite clearly separated but I thought they were related to the same need that's why I kept them together.
> 2. Please let the cmdline option start with --broker-...
>
> --broker-use-creds-for-session
ok
> 3. Don't limit this functionality to RDP sessions only. It is
> useful for all sorts of session
> types (X2Go, DirectRDP, DirectXDMCP if already in (there were
> rumours about such a new feature)).
Well, I'm not aware of XDMCP and have nothing under my hand to test it.
This patch affect RDP sessions only in fact because X2Go sessions have heir own way to pass credentials from broker to x2go server with the intermediate key auth so using this method for this kind of session is purely useless.
On the other hand, RDP sessions have no such key authentication available so it is necessary to pass credentials as plaintext to xfreerdp/rdesktop because in the case of the broker mode only, when clicking on the session profile, the client is waiting for the credentials but you are not prompted for them so the client stay stuck in an unusable situation.
So really, this is a "broker + RDP only" method that's why I precised this was for RDP only in order not to confuse users who might think this could be used for any type of connection.
I'll modify the cmdline option name and wait for your comments on my precisions.
Regards,
Walid Moghrabi
TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3
----- Mail original -----
De: "Mike Gabriel" <mike.gabriel@das-netzwerkteam.de>
À: "Walid MOGHRABI" <w.moghrabi@servicemagic.eu>, 1183@bugs.x2go.org
Envoyé: Mercredi 31 Mai 2017 21:58:28
Objet: Re: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext
Hi Walid,
On Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote:
> package: x2goclient
> priority: wishlist
> tags: patch
>
> This is a proposal patch in order to let the RDP client use the
> credentials used at broker auth login so that users can enter them
> only once in broker mode.
>
> This patch also add support for --close-disconnect in broker mode + RDP
I just looked at your patch.
Requests before patch can get accepted:
1. Please split up the RDP broker creds as session creds from the
--close-disconnect change.
2. Please let the cmdline option start with --broker-...
--broker-use-creds-for-session
3. Don't limit this functionality to RDP sessions only. It is
useful for all sorts of session
types (X2Go, DirectRDP, DirectXDMCP if already in (there were
rumours about such a new feature)).
Thanks for your work on X2Go,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1183; Package x2goclient.
(Sat, 03 Jun 2017 21:50:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>.
(Sat, 03 Jun 2017 21:50:02 GMT) (full text, mbox, link).
Message #20 received at 1183@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
HI Walid,
On Do 01 Jun 2017 10:46:55 CEST, Walid MOGHRABI wrote:
> I'll take your requests into account but just to clarify :
>
>
>> 1. Please split up the RDP broker creds as session creds from the
>> --close-disconnect change.
>
> This little fix is related to this support since, in that particular
> case which is broker mode + RDP session + --close-disconnect
> activated, you couldn't have a one time authentication (at broker
> auth).
> For that "one time auth" to work, I need a way to pass broker
> credentials to the session and to close the client at the end of the
> session in order to force a re-auth at broker login.
> Without the --close-disconnect fix, I can pass my credentials to the
> RDP session but when finishing the session, I'm still on the broker
> page with my session list and I don't re-auth which is what I wanted.
> I can easily split these patches since they are quite clearly
> separated but I thought they were related to the same need that's
> why I kept them together.
Please split off the change for --close-disconnect into a separate commit.
>> 2. Please let the cmdline option start with --broker-...
>>
>> --broker-use-creds-for-session
>
> ok
>
>> 3. Don't limit this functionality to RDP sessions only. It is
>> useful for all sorts of session
>> types (X2Go, DirectRDP, DirectXDMCP if already in (there were
>> rumours about such a new feature)).
>
> Well, I'm not aware of XDMCP and have nothing under my hand to test it.
> This patch affect RDP sessions only in fact because X2Go sessions
> have heir own way to pass credentials from broker to x2go server
> with the intermediate key auth so using this method for this kind of
> session is purely useless.
> On the other hand, RDP sessions have no such key authentication
> available so it is necessary to pass credentials as plaintext to
> xfreerdp/rdesktop because in the case of the broker mode only, when
> clicking on the session profile, the client is waiting for the
> credentials but you are not prompted for them so the client stay
> stuck in an unusable situation.
> So really, this is a "broker + RDP only" method that's why I
> precised this was for RDP only in order not to confuse users who
> might think this could be used for any type of connection.
>
> I'll modify the cmdline option name and wait for your comments on my
> precisions.
>
IMHO, the --broker-use-creds-for-session could be a nice and cheap
alternative to setting up x2gobroker-agent based authentication. So,
it would be nice to have it working for X2Go and RDP sessions.
Thanks,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
[Message part 2 (application/pgp-signature, inline)]
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Tue Apr 16 11:12:10 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
