From unknown Fri Mar 29 12:05:20 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1183: Pass broker creds to RDP client as plaintext Reply-To: Walid MOGHRABI , 1183@bugs.x2go.org Resent-From: Walid MOGHRABI Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 31 May 2017 14:45:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 1183 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: patch Received: via spool by submit@bugs.x2go.org id=B.149624166212950 (code B); Wed, 31 May 2017 14:45:02 +0000 Received: (at submit) by bugs.x2go.org; 31 May 2017 14:41:02 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-0.5 required=3.0 tests=BAYES_05,RCVD_IN_DNSWL_NONE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 683805DAD3 for ; Wed, 31 May 2017 16:41:00 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T0XKuv2dxFeh for ; Wed, 31 May 2017 16:40:53 +0200 (CEST) Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [176.31.236.17]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 92B935DACE for ; Wed, 31 May 2017 16:40:53 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id 39A1380A921FB for ; Wed, 31 May 2017 16:40:50 +0200 (CEST) X-Amavis-Modified: Mail body modified (using disclaimer) - zm-01.servicemagic.eu X-Virus-Scanned: amavisd-new at servicemagic.eu Received: from zm-01.servicemagic.eu ([127.0.0.1]) by localhost (zm-01.servicemagic.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4JGhYKAUZMkQ for ; Wed, 31 May 2017 16:40:49 +0200 (CEST) Received: from zm-01.servicemagic.eu (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id B3E3E807FF98B for ; Wed, 31 May 2017 16:40:49 +0200 (CEST) Date: Wed, 31 May 2017 16:40:49 +0200 (CEST) From: Walid MOGHRABI To: submit@bugs.x2go.org Message-ID: <1693780969.10950067.1496241649670.JavaMail.root@servicemagic.eu> In-Reply-To: <1917592832.211198.1490277173586.JavaMail.root@servicemagic.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_10950065_501909624.1496241649669" X-Originating-IP: [10.33.100.52] X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC58 (Linux)/7.2.0_GA_2669) ------=_Part_10950065_501909624.1496241649669 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit package: x2goclient priority: wishlist tags: patch This is a proposal patch in order to let the RDP client use the credentials used at broker auth login so that users can enter them only once in broker mode. This patch also add support for --close-disconnect in broker mode + RDP Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you ------=_Part_10950065_501909624.1496241649669 Content-Type: text/x-patch; name=x2goclient-pass-broker-creds-to-rdp-client.patch Content-Disposition: attachment; filename=x2goclient-pass-broker-creds-to-rdp-client.patch Content-Transfer-Encoding: base64 LS0tIC9ob21lL3dhbGlkL0J1cmVhdS94MmdvY2xpZW50LWN1cnJlbnQvc3JjL2hlbHAuY3BwCisr KyAvaG9tZS93YWxpZC9CdXJlYXUveDJnb2NsaWVudC9zcmMvaGVscC5jcHAKQEAgLTE1OCw2ICsx NTgsNyBAQAogICBBRERfT1BUICgiLS1icm9rZXItc3NoLWtleT08cGF0aCB0byBrZXk+IiwgUVRf VFJBTlNMQVRFX05PT1AgKCJIZWxwIiwgIlNldHMgdGhlIHBhdGggdG8gYW4gU1NIIGtleSB0byB1 c2UgZm9yIGF1dGhlbnRpY2F0aW9uIGFnYWluc3QgYW4gU1NIIHNlc3Npb24gYnJva2VyLiBUaGUg Y2xpZW50J3MgYmVoYXZpb3IgaXMgdW5kZWZpbmVkIGlmIHRoaXMgZmxhZyBpcyB1c2VkIGZvciBu b24tU1NIIHNlc3Npb24gYnJva2Vycy4iKSk7CiAgIEFERF9PUFQgKCItLWJyb2tlci1hdXRvbG9n aW4iLCBRVF9UUkFOU0xBVEVfTk9PUCAoIkhlbHAiLCAiRW5hYmxlcyB0aGUgdXNlIG9mIHRoZSBk ZWZhdWx0IFNTSCBrZXkgb3IgU1NIIGFnZW50IGZvciBhdXRoZW50aWNhdGlvbiBhZ2FpbnN0IGFu IFNTSCBzZXNzaW9uIGJyb2tlci4gVGhlIGNsaWVudCdzIGJlaGF2aW9yIGlzIHVuZGVmaW5lZCBp ZiB0aGlzIGZsYWcgaXMgdXNlZCBmb3Igbm9uLVNTSCBzZXNzaW9uIGJyb2tlcnMuIikpOwogICBB RERfT1BUICgiLS1icm9rZXItbm9hdXRoIiwgUVRfVFJBTlNMQVRFX05PT1AgKCJIZWxwIiwgIkRv ZXMgbm90IGFzayBmb3IgdXNlciBjcmVkZW50aWFscyBkdXJpbmcgc2Vzc2lvbiBicm9rZXIgYXV0 aGVudGljYXRpb24uIFRoaXMgY2FuIGJlIHVzZWZ1bCBpZiB5b3UgYXJlIHVzaW5nIGFuIEhUVFAo Uykgc2Vzc2lvbiBicm9rZXIgd2l0aG91dCBhdXRoZW50aWNhdGlvbi4gSWYgeW91IHJ1biBhbiBI VFRQKFMpIHNlcnZlciB3aXRob3V0IGF1dGhlbnRpY2F0aW9uLCBidXQgd2l0aCB1c2VyLXNwZWNp ZmljIHByb2ZpbGVzLCB0aGVuIHB1dCB0aGUgdXNlciBuYW1lIGludG8gdGhlIGJyb2tlciBVUkwg KHJlZmVyIHRvIC0tYnJva2VyLXVybC4pIFRoZSB1c2VyIG5hbWUgdGhlbiB3aWxsIGJlIGV4dHJh Y3RlZCBmcm9tIHRoZSBicm9rZXIgVVJMIGFuZCBiZSBzZW50IHRvIHRoZSBzZXNzaW9uIGJyb2tl ci4gVGhlIGNsaWVudCdzIGJlaGF2aW9yIGlzIHVuZGVmaW5lZCBpZiB0aGlzIGZsYWcgaXMgdXNl ZCBmb3Igbm9uLUhUVFAoUykgc2Vzc2lvbiBicm9rZXJzLiIpKTsKKyAgQUREX09QVCAoIi0tdXNl LWJyb2tlci1jcmVkcy1mb3ItcmRwLXNlc3Npb24iLCBRVF9UUkFOU0xBVEVfTk9PUCAoIkhlbHAi LCAiUGFzcyBicm9rZXIgY3JlZGVudGlhbHMgYXMgcGxhaW4gdGV4dCB0byBkaXJlY3RSRFAgc2Vz c2lvbnMgd2hlbiB1c2luZyBicm9rZXIgbW9kZSB3aXRoIGJyb2tlciBhdXRoZW50aWNhdGlvbi4i KSk7CiAgIEFERF9PUFQgKCItLWJhY2tncm91bmQ9PHN2Zy1maWxlPiIsIFFUX1RSQU5TTEFURV9O T09QICgiSGVscCIsICJVc2UgYSBjdXN0b20vYnJhbmRlZCBiYWNrZ3JvdW5kIGltYWdlIChTVkcg Zm9ybWF0KSBmb3IgWDJHbyBDbGllbnQncyBtYWluIHdpbmRvdy4iKSk7CiAgIEFERF9PUFQgKCIt LWJyYW5kaW5nPTxzdmctZmlsZT4iLCBRVF9UUkFOU0xBVEVfTk9PUCAoIkhlbHAiLCAiVXNlIGEg Y3VzdG9tIGljb24gKFNWRyBmb3JtYXQpIGZvciBhZGRpdGlvbmFsIGJyYW5kaW5nIHRvIHJlcGxh Y2UgdGhlIGRlZmF1bHQgaW4gdGhlIGxvd2VyIGxlZnQgY29ybmVyIG9mIFgyR28gQ2xpZW50J3Mg bWFpbiB3aW5kb3cuIikpOwogCgoKLS0tIC9ob21lL3dhbGlkL0J1cmVhdS94MmdvY2xpZW50LWN1 cnJlbnQvc3JjL29ubWFpbndpbmRvdy5oCisrKyAvaG9tZS93YWxpZC9CdXJlYXUveDJnb2NsaWVu dC9zcmMvb25tYWlud2luZG93LmgKQEAgLTYwOSw2ICs2MDksNyBAQAogICAgIGJvb2wga2VlcFRy YXlJY29uOwogICAgIGJvb2wgaGlkZUZvbGRlclNoYXJpbmc7CiAgICAgYm9vbCBicm9rZXJOb2F1 dGhXaXRoU2Vzc2lvblVzZXJuYW1lOworICAgIGJvb2wgYnJva2VyQ3JlZHNGb3JSRFBTZXNzaW9u OwogICAgIGJvb2wgZGVmYXVsdFVzZVNvdW5kOwogICAgIGJvb2wgZGVmYXVsdFhpbmVyYW1hOwog ICAgIGJvb2wgY2FyZFN0YXJ0ZWQ7CgoKCi0tLSAvaG9tZS93YWxpZC9CdXJlYXUveDJnb2NsaWVu dC1jdXJyZW50L3NyYy9vbm1haW53aW5kb3cuY3BwCisrKyAvaG9tZS93YWxpZC9CdXJlYXUveDJn b2NsaWVudC9zcmMvb25tYWlud2luZG93LmNwcApAQCAtNzQsNiArNzQsNyBAQAogICAgIGtlZXBU cmF5SWNvbj1mYWxzZTsKICAgICBoaWRlRm9sZGVyU2hhcmluZz1mYWxzZTsKICAgICBicm9rZXJO b2F1dGhXaXRoU2Vzc2lvblVzZXJuYW1lPWZhbHNlOworICAgIGJyb2tlckNyZWRzRm9yUkRQU2Vz c2lvbj1mYWxzZTsKICAgICB0aGluTW9kZT1mYWxzZTsKICAgICBjbG9zZURpc2Nvbm5lY3Q9ZmFs c2U7CiAgICAgc2hvd0hhbHRCdG49ZmFsc2U7CkBAIC0zNDgyLDggKzM0ODMsMTYgQEAKICAgICB9 CiAgICAgZWxzZQogICAgIHsKLSAgICAgICAgdXNlcj1zdC0+c2V0dGluZygpLT52YWx1ZSAoIHNp ZCsiL3VzZXIiLAotICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKCBRVmFy aWFudCApICIiKS50b1N0cmluZygpOworICAgICAgICBpZiAoYnJva2VyQ3JlZHNGb3JSRFBTZXNz aW9uKQorICAgICAgICB7CisgICAgICAgICAgICB1c2VyPWxvZ2luLT50ZXh0KCk7CisgICAgICAg ICAgICBwYXNzd29yZD1wYXNzLT50ZXh0KCk7CisgICAgICAgIH0KKyAgICAgICAgZWxzZQorICAg ICAgICB7CisgICAgICAgICAgICB1c2VyPXN0LT5zZXR0aW5nKCktPnZhbHVlICggc2lkKyIvdXNl ciIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKCBRVmFyaWFu dCApICIiKS50b1N0cmluZygpOworICAgICAgICB9CiAgICAgfQogCiAgICAgbnhwcm94eT1uZXcg UVByb2Nlc3M7CkBAIC02MjMwLDYgKzYyMzksMTAgQEAKICNpZmRlZiBRX09TX0xJTlVYCiAgICAg aWYgKGRpcmVjdFJEUCkKICAgICB7CisgICAgICAgIGlmIChjbG9zZURpc2Nvbm5lY3QpCisgICAg ICAgIHsKKyAgICAgICAgICAgIGNsb3NlKCk7CisgICAgICAgIH0KICAgICAgICAgcGFzcy0+c2V0 VGV4dCAoICIiICk7CiAgICAgICAgIFFUaW1lcjo6c2luZ2xlU2hvdCAoIDIwMDAsdGhpcywKICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgU0xPVCAoIHNsb3RTaG93UGFzc0Zvcm0oKSApICk7 CkBAIC03NDI1LDYgKzc0MzgsMTIgQEAKICAgICAgICAgcmV0dXJuIHRydWU7CiAgICAgfQogCisg ICAgaWYgKCBwYXJhbT09Ii0tdXNlLWJyb2tlci1jcmVkcy1mb3ItcmRwLXNlc3Npb24iICkKKyAg ICB7CisgICAgICAgIGJyb2tlckNyZWRzRm9yUkRQU2Vzc2lvbj10cnVlOworICAgICAgICByZXR1 cm4gdHJ1ZTsKKyAgICB9CisKICAgICAvL2ZvcmNlIHRvIHNob3cgdHJheWljb24KICAgICBpZiAo cGFyYW0gPT0gIi0tdHJheS1pY29uIikKICAgICB7Cgo= ------=_Part_10950065_501909624.1496241649669-- From unknown Fri Mar 29 12:05:20 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1183: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext Reply-To: Mike Gabriel , 1183@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 31 May 2017 20:00:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1183 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: patch Received: via spool by 1183-submit@bugs.x2go.org id=B1183.149626072130116 (code B ref 1183); Wed, 31 May 2017 20:00:02 +0000 Received: (at 1183) by bugs.x2go.org; 31 May 2017 19:58:41 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 4393C5DAD3 for <1183@bugs.x2go.org>; Wed, 31 May 2017 21:58:40 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dwe-wFogG9hk for <1183@bugs.x2go.org>; Wed, 31 May 2017 21:58:33 +0200 (CEST) Received: from fregna.das-netzwerkteam.de (fregna.das-netzwerkteam.de [148.251.53.130]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 637A05DACE for <1183@bugs.x2go.org>; Wed, 31 May 2017 21:58:33 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [IPv6:2a01:4f8:202:1381::105]) by fregna.das-netzwerkteam.de (Postfix) with ESMTPS id 0F47A60748; Wed, 31 May 2017 19:58:33 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 03AA5C7C8A; Wed, 31 May 2017 21:58:33 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QMEavv4nciCW; Wed, 31 May 2017 21:58:28 +0200 (CEST) Received: from das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 73CE8C7C85; Wed, 31 May 2017 21:58:28 +0200 (CEST) Received: from p57B5CC09.dip0.t-ipconnect.de (p57B5CC09.dip0.t-ipconnect.de [87.181.204.9]) by mail.das-netzwerkteam.de (Horde Framework) with HTTPS; Wed, 31 May 2017 19:58:28 +0000 Date: Wed, 31 May 2017 19:58:28 +0000 Message-ID: <20170531195828.Horde.vAcyRcGCGpIX0L09g1bH-8e@mail.das-netzwerkteam.de> From: Mike Gabriel To: Walid MOGHRABI , 1183@bugs.x2go.org References: <1917592832.211198.1490277173586.JavaMail.root@servicemagic.eu> <1693780969.10950067.1496241649670.JavaMail.root@servicemagic.eu> In-Reply-To: <1693780969.10950067.1496241649670.JavaMail.root@servicemagic.eu> User-Agent: Horde Application Framework 5 Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 87.181.204.9 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Content-Type: multipart/signed; boundary="=_pXq0OcvXuYV6HgJ8HoRarfo"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_pXq0OcvXuYV6HgJ8HoRarfo Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Walid, On Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote: > package: x2goclient > priority: wishlist > tags: patch > > This is a proposal patch in order to let the RDP client use the=20=20 >=20credentials used at broker auth login so that users can enter them=20= =20 >=20only once in broker mode. > > This patch also add support for --close-disconnect in broker mode + RDP I just looked at your patch. Requests before patch can get accepted: 1. Please split up the RDP broker creds as session creds from the=20=20 --close-disconnect=20change. 2. Please let the cmdline option start with --broker-... --broker-use-creds-for-session 3. Don't limit this functionality to RDP sessions only. It is=20=20 useful=20for all sorts of session types (X2Go, DirectRDP, DirectXDMCP if already in (there were=20=20 rumours=20about such a new feature)). Thanks for your work on X2Go, Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de --=_pXq0OcvXuYV6HgJ8HoRarfo Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIzBAABCAAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlkvIGMACgkQmvRrMCV3 GzGmWQ//V7hpqpHA4DMO6nsv1Ftv8xf4MMpnCKcOdtaoQWIoI/fQpFtqFJQw32EO DaacVob6IjsEG6yuvnMfcogiuZkuUUj8qNonuC/5Y7dtc74xarr/asVzmBBzZhJv Qp8w1te2/GPPjf1cqHRNEmzz5KSRrT+aUvtEgPXjxF7wO43w4+xi2qCiFGS4RLMK gx4Z0WFiXQFN1G2Gip4fKove4MAlafK5fvKKVrxAmwKskBWq5c/ggF632VY6W+7y T1JF3QN7rmZO7pBXNE/01vRvZ5mXUg62NgBYSywL/0NP03ABkJX2eynx6ST3GpCU JF19qebh0ATxQZCDHX18mQHW7+Ur2Nc7OJ9iy6wARMdqvwRlacVIShe8dGEDAqfg 9mA8oQjI6AEzuNxl7T+PwT9J0b3JsrqpojtjuYkts1o+7Q79B3QT8lOUPR99mVAe 32Kk2ZOW5lcXhP46j5VAH6cudMQzn8jncnGvv82kwFehTioQ690g5FGVdN76gXPj VzK+jGXC4mtRVLrAhJFbvFhhfedW1adH5B2+Pl6WzDmERNWv6RPnvosa4iVPotjT se+/bStZSFybFVhOEbY0T/gLmD+oZt4ybbP8Z5uW9z5cjHQ8WCLOwdhhCEXahigu 3e5lW88SVbbxrqL/AIwLR69jkMu8Y80sdo84WtzSJYIjvCGv0nQ= =/S6D -----END PGP SIGNATURE----- --=_pXq0OcvXuYV6HgJ8HoRarfo-- From unknown Fri Mar 29 12:05:20 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1183: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext Reply-To: Walid MOGHRABI , 1183@bugs.x2go.org Resent-From: Walid MOGHRABI Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 01 Jun 2017 08:50:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1183 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: patch Received: via spool by 1183-submit@bugs.x2go.org id=B1183.149630690220369 (code B ref 1183); Thu, 01 Jun 2017 08:50:01 +0000 Received: (at 1183) by bugs.x2go.org; 1 Jun 2017 08:48:22 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,MIME_QP_LONG_LINE, RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id E951B5DAD3 for <1183@bugs.x2go.org>; Thu, 1 Jun 2017 10:48:20 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8prVEKmu6Rf for <1183@bugs.x2go.org>; Thu, 1 Jun 2017 10:48:14 +0200 (CEST) Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [176.31.236.17]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 473C05DACE for <1183@bugs.x2go.org>; Thu, 1 Jun 2017 10:48:12 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id 95ED281828DB4; Thu, 1 Jun 2017 10:48:12 +0200 (CEST) X-Amavis-Modified: Mail body modified (using disclaimer) - zm-01.servicemagic.eu X-Virus-Scanned: amavisd-new at servicemagic.eu Received: from zm-01.servicemagic.eu ([127.0.0.1]) by localhost (zm-01.servicemagic.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqG1XgeaEfAC; Thu, 1 Jun 2017 10:48:09 +0200 (CEST) Received: from zm-01.servicemagic.eu (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id 7F148816EC545; Thu, 1 Jun 2017 10:46:57 +0200 (CEST) Date: Thu, 1 Jun 2017 10:46:55 +0200 (CEST) From: Walid MOGHRABI To: Mike Gabriel Cc: 1183@bugs.x2go.org Message-ID: <922067046.11109892.1496306815562.JavaMail.root@servicemagic.eu> In-Reply-To: <20170531195828.Horde.vAcyRcGCGpIX0L09g1bH-8e@mail.das-netzwerkteam.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.33.100.52] X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC58 (Linux)/7.2.0_GA_2669) I'll take your requests into account but just to clarify : > 1. Please split up the RDP broker creds as session creds from the=20 > --close-disconnect change.=20 This little fix is related to this support since, in that particular case w= hich is broker mode + RDP session + --close-disconnect activated, you could= n't have a one time authentication (at broker auth). For that "one time auth" to work, I need a way to pass broker credentials t= o the session and to close the client at the end of the session in order to= force a re-auth at broker login. Without the --close-disconnect fix, I can pass my credentials to the RDP se= ssion but when finishing the session, I'm still on the broker page with my = session list and I don't re-auth which is what I wanted. I can easily split these patches since they are quite clearly separated but= I thought they were related to the same need that's why I kept them togeth= er. > 2. Please let the cmdline option start with --broker-...=20 > > --broker-use-creds-for-session=20 ok > 3. Don't limit this functionality to RDP sessions only. It is=20 > useful for all sorts of session=20 > types (X2Go, DirectRDP, DirectXDMCP if already in (there were=20 > rumours about such a new feature)).=20 Well, I'm not aware of XDMCP and have nothing under my hand to test it. This patch affect RDP sessions only in fact because X2Go sessions have heir= own way to pass credentials from broker to x2go server with the intermedia= te key auth so using this method for this kind of session is purely useless= . On the other hand, RDP sessions have no such key authentication available s= o it is necessary to pass credentials as plaintext to xfreerdp/rdesktop bec= ause in the case of the broker mode only, when clicking on the session prof= ile, the client is waiting for the credentials but you are not prompted for= them so the client stay stuck in an unusable situation. So really, this is a "broker + RDP only" method that's why I precised this = was for RDP only in order not to confuse users who might think this could b= e used for any type of connection. I'll modify the cmdline option name and wait for your comments on my precis= ions.=20 Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 ----- Mail original -----=20 De: "Mike Gabriel" =20 =C3=80: "Walid MOGHRABI" , 1183@bugs.x2go.org= =20 Envoy=C3=A9: Mercredi 31 Mai 2017 21:58:28=20 Objet: Re: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintex= t=20 Hi Walid,=20 On Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote:=20 > package: x2goclient=20 > priority: wishlist=20 > tags: patch=20 >=20 > This is a proposal patch in order to let the RDP client use the=20 > credentials used at broker auth login so that users can enter them=20 > only once in broker mode.=20 >=20 > This patch also add support for --close-disconnect in broker mode + RDP= =20 I just looked at your patch.=20 Requests before patch can get accepted:=20 1. Please split up the RDP broker creds as session creds from the=20 --close-disconnect change.=20 2. Please let the cmdline option start with --broker-...=20 --broker-use-creds-for-session=20 3. Don't limit this functionality to RDP sessions only. It is=20 useful for all sorts of session=20 types (X2Go, DirectRDP, DirectXDMCP if already in (there were=20 rumours about such a new feature)).=20 Thanks for your work on X2Go,=20 Mike=20 --=20 DAS-NETZWERKTEAM=20 mike gabriel, herweg 7, 24357 fleckeby=20 mobile: +49 (1520) 1976 148=20 landline: +49 (4354) 8390 139=20 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31=20 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you From unknown Fri Mar 29 12:05:20 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1183: [X2Go-Dev] Bug#1183: Bug#1183: Pass broker creds to RDP client as plaintext Reply-To: Mike Gabriel , 1183@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sat, 03 Jun 2017 21:50:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1183 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: patch Received: via spool by 1183-submit@bugs.x2go.org id=B1183.14965265301123 (code B ref 1183); Sat, 03 Jun 2017 21:50:01 +0000 Received: (at 1183) by bugs.x2go.org; 3 Jun 2017 21:48:50 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id BEEA25DAD5 for <1183@bugs.x2go.org>; Sat, 3 Jun 2017 23:48:48 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGka7WAGY6dD for <1183@bugs.x2go.org>; Sat, 3 Jun 2017 23:48:41 +0200 (CEST) Received: from fregna.das-netzwerkteam.de (fregna.das-netzwerkteam.de [148.251.53.130]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 547F35DAD4 for <1183@bugs.x2go.org>; Sat, 3 Jun 2017 23:48:41 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [IPv6:2a01:4f8:202:1381::105]) by fregna.das-netzwerkteam.de (Postfix) with ESMTPS id 3702F6067B; Sat, 3 Jun 2017 21:48:41 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 2DCF5C7CDF; Sat, 3 Jun 2017 23:48:41 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wmit3Hd4BBjc; Sat, 3 Jun 2017 23:48:36 +0200 (CEST) Received: from das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 97233C7CE0; Sat, 3 Jun 2017 23:48:36 +0200 (CEST) Received: from p20030058BD448F00468500FFFE8EEA5E.dip0.t-ipconnect.de (p20030058BD448F00468500FFFE8EEA5E.dip0.t-ipconnect.de [2003:58:bd44:8f00:4685:ff:fe8e:ea5e]) by mail.das-netzwerkteam.de (Horde Framework) with HTTPS; Sat, 03 Jun 2017 21:48:36 +0000 Date: Sat, 03 Jun 2017 21:48:36 +0000 Message-ID: <20170603214836.Horde.KM_ApxTzVTUOd-joEonczDd@mail.das-netzwerkteam.de> From: Mike Gabriel To: Walid MOGHRABI , 1183@bugs.x2go.org References: <20170531195828.Horde.vAcyRcGCGpIX0L09g1bH-8e@mail.das-netzwerkteam.de> <922067046.11109892.1496306815562.JavaMail.root@servicemagic.eu> In-Reply-To: <922067046.11109892.1496306815562.JavaMail.root@servicemagic.eu> User-Agent: Horde Application Framework 5 Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 2003:58:bd44:8f00:4685:ff:fe8e:ea5e X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Content-Type: multipart/signed; boundary="=_bswTktx9ws_uM57-AoXgOfA"; protocol="application/pgp-signature"; micalg=pgp-sha256 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_bswTktx9ws_uM57-AoXgOfA Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable HI Walid, On Do 01 Jun 2017 10:46:55 CEST, Walid MOGHRABI wrote: > I'll take your requests into account but just to clarify : > > >> 1. Please split up the RDP broker creds as session creds from the >> --close-disconnect change. > > This little fix is related to this support since, in that particular=20= =20 >=20case which is broker mode + RDP session + --close-disconnect=20=20 >=20activated, you couldn't have a one time authentication (at broker=20=20 >=20auth). > For that "one time auth" to work, I need a way to pass broker=20=20 >=20credentials to the session and to close the client at the end of the=20= =20 >=20session in order to force a re-auth at broker login. > Without the --close-disconnect fix, I can pass my credentials to the=20= =20 >=20RDP session but when finishing the session, I'm still on the broker=20= =20 >=20page with my session list and I don't re-auth which is what I wanted. > I can easily split these patches since they are quite clearly=20=20 >=20separated but I thought they were related to the same need that's=20=20 >=20why I kept them together. Please split off the change for --close-disconnect into a separate commit. >> 2. Please let the cmdline option start with --broker-... >> >> --broker-use-creds-for-session > > ok > >> 3. Don't limit this functionality to RDP sessions only. It is >> useful for all sorts of session >> types (X2Go, DirectRDP, DirectXDMCP if already in (there were >> rumours about such a new feature)). > > Well, I'm not aware of XDMCP and have nothing under my hand to test it. > This patch affect RDP sessions only in fact because X2Go sessions=20=20 >=20have heir own way to pass credentials from broker to x2go server=20=20 >=20with the intermediate key auth so using this method for this kind of=20= =20 >=20session is purely useless. > On the other hand, RDP sessions have no such key authentication=20=20 >=20available so it is necessary to pass credentials as plaintext to=20=20 >=20xfreerdp/rdesktop because in the case of the broker mode only, when=20= =20 >=20clicking on the session profile, the client is waiting for the=20=20 >=20credentials but you are not prompted for them so the client stay=20=20 >=20stuck in an unusable situation. > So really, this is a "broker + RDP only" method that's why I=20=20 >=20precised this was for RDP only in order not to confuse users who=20=20 >=20might think this could be used for any type of connection. > > I'll modify the cmdline option name and wait for your comments on my=20= =20 >=20precisions. > IMHO, the --broker-use-creds-for-session could be a nice and cheap=20=20 alternative=20to setting up x2gobroker-agent based authentication. So,=20= =20 it=20would be nice to have it working for X2Go and RDP sessions. Thanks, Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de --=_bswTktx9ws_uM57-AoXgOfA Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIzBAABCAAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlkzLrQACgkQmvRrMCV3 GzF4nxAAoOaFsE4hOVAsuT04XA62h/MaXl419L/79OsY01Dtx4wq+EFp7QWdVjIY 45m2JH1zoqhDc3alzkF+4W+vO4gBabHroP9tFrRKyz17AtSNe3I2B3wS22dEZ93N CjMZkQ3Ra2DW3goTqK9/vVb1hJ2KLz9IQHqNMOzd7O1Usah/DcFpyRllXSWX8rnW 2DuDY634u0GDbrgeyuOUznzq0pOcbSutNPeVrkESMtvpVD+hgEWyXVR7aahdenig 17TVcrPjY1SI7jtBTI3MjTv4gpq7tmrFcVM3CnD9OaQ5Sns8SFqlNhB3TmlhKdgS /lew60g4T1ZLCMaep4i0cl7MSZvhT3kAz/u6aRA5Hg25svwqBhFGo+uRsYQxVj7c ke/mVEgTKh/CBJ7xiRA2pmheaWnihNbDfjbuDvuLf2mQYH+Ll9fk3c7I++bJPMoM uItLT3MinF9cRHH5+B6jySk50b9M6fY51U7tRwXSVvBp54FWh/eTbzBZAIzzIhTf fGApqv9uJ5Bqi36sRKbNpBiNVYt1R37xT475n8W7lhkFtTWGwsEtVyN7b3sw8VK0 8aJueeLoIEIn4fKXpK1UrdN32bHXLMxTx/HG9vxqdJ61J/YdEoI54Ld0Iod6WPXr JmYMchSn6sDH4AFDHe1eoIWrdFehthI7wPVc/bMANHyas2hQEXY= =k0LA -----END PGP SIGNATURE----- --=_bswTktx9ws_uM57-AoXgOfA--