X2Go Bug report logs - #1183
Pass broker creds to RDP client as plaintext

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Walid MOGHRABI <w.moghrabi@servicemagic.eu>

Date: Wed, 31 May 2017 14:45:02 UTC

Severity: wishlist

Tags: patch

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1183: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext
Reply-To: Walid MOGHRABI <w.moghrabi@servicemagic.eu>, 1183@bugs.x2go.org
Resent-From: Walid MOGHRABI <w.moghrabi@servicemagic.eu>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Thu, 01 Jun 2017 08:50:01 +0000
Resent-Message-ID: <handler.1183.B1183.149630690220369@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1183
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: patch
Received: via spool by 1183-submit@bugs.x2go.org id=B1183.149630690220369
          (code B ref 1183); Thu, 01 Jun 2017 08:50:01 +0000
Received: (at 1183) by bugs.x2go.org; 1 Jun 2017 08:48:22 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,MIME_QP_LONG_LINE,
	RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.1
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id E951B5DAD3
	for <1183@bugs.x2go.org>; Thu,  1 Jun 2017 10:48:20 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id f8prVEKmu6Rf for <1183@bugs.x2go.org>;
	Thu,  1 Jun 2017 10:48:14 +0200 (CEST)
Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [176.31.236.17])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 473C05DACE
	for <1183@bugs.x2go.org>; Thu,  1 Jun 2017 10:48:12 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by zm-01.servicemagic.eu (Postfix) with ESMTP id 95ED281828DB4;
	Thu,  1 Jun 2017 10:48:12 +0200 (CEST)
X-Amavis-Modified: Mail body modified (using disclaimer) -
	zm-01.servicemagic.eu
X-Virus-Scanned: amavisd-new at servicemagic.eu
Received: from zm-01.servicemagic.eu ([127.0.0.1])
	by localhost (zm-01.servicemagic.eu [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id jqG1XgeaEfAC; Thu,  1 Jun 2017 10:48:09 +0200 (CEST)
Received: from zm-01.servicemagic.eu (localhost.localdomain [127.0.0.1])
	by zm-01.servicemagic.eu (Postfix) with ESMTP id 7F148816EC545;
	Thu,  1 Jun 2017 10:46:57 +0200 (CEST)
Date: Thu, 1 Jun 2017 10:46:55 +0200 (CEST)
From: Walid MOGHRABI <w.moghrabi@servicemagic.eu>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Cc: 1183@bugs.x2go.org
Message-ID: <922067046.11109892.1496306815562.JavaMail.root@servicemagic.eu>
In-Reply-To: <20170531195828.Horde.vAcyRcGCGpIX0L09g1bH-8e@mail.das-netzwerkteam.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [10.33.100.52]
X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC58 (Linux)/7.2.0_GA_2669)
I'll take your requests into account but just to clarify :


> 1. Please split up the RDP broker creds as session creds from the 
> --close-disconnect change. 

This little fix is related to this support since, in that particular case which is broker mode + RDP session + --close-disconnect activated, you couldn't have a one time authentication (at broker auth).
For that "one time auth" to work, I need a way to pass broker credentials to the session and to close the client at the end of the session in order to force a re-auth at broker login.
Without the --close-disconnect fix, I can pass my credentials to the RDP session but when finishing the session, I'm still on the broker page with my session list and I don't re-auth which is what I wanted.
I can easily split these patches since they are quite clearly separated but I thought they were related to the same need that's why I kept them together.

> 2. Please let the cmdline option start with --broker-... 
>
> --broker-use-creds-for-session 

ok

> 3. Don't limit this functionality to RDP sessions only. It is 
> useful for all sorts of session 
> types (X2Go, DirectRDP, DirectXDMCP if already in (there were 
> rumours about such a new feature)). 

Well, I'm not aware of XDMCP and have nothing under my hand to test it.
This patch affect RDP sessions only in fact because X2Go sessions have heir own way to pass credentials from broker to x2go server with the intermediate key auth so using this method for this kind of session is purely useless.
On the other hand, RDP sessions have no such key authentication available so it is necessary to pass credentials as plaintext to xfreerdp/rdesktop because in the case of the broker mode only, when clicking on the session profile, the client is waiting for the credentials but you are not prompted for them so the client stay stuck in an unusable situation.
So really, this is a "broker + RDP only" method that's why I precised this was for RDP only in order not to confuse users who might think this could be used for any type of connection.

I'll modify the cmdline option name and wait for your comments on my precisions. 

Regards,
Walid Moghrabi

TRAVAUX.COM
BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403
13591 AIX EN PROVENCE CEDEX 3

----- Mail original ----- 

De: "Mike Gabriel" <mike.gabriel@das-netzwerkteam.de> 
À: "Walid MOGHRABI" <w.moghrabi@servicemagic.eu>, 1183@bugs.x2go.org 
Envoyé: Mercredi 31 Mai 2017 21:58:28 
Objet: Re: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext 

Hi Walid, 

On Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote: 

> package: x2goclient 
> priority: wishlist 
> tags: patch 
> 
> This is a proposal patch in order to let the RDP client use the 
> credentials used at broker auth login so that users can enter them 
> only once in broker mode. 
> 
> This patch also add support for --close-disconnect in broker mode + RDP 

I just looked at your patch. 

Requests before patch can get accepted: 

1. Please split up the RDP broker creds as session creds from the 
--close-disconnect change. 
2. Please let the cmdline option start with --broker-... 

--broker-use-creds-for-session 

3. Don't limit this functionality to RDP sessions only. It is 
useful for all sorts of session 
types (X2Go, DirectRDP, DirectXDMCP if already in (there were 
rumours about such a new feature)). 

Thanks for your work on X2Go, 
Mike 

-- 

DAS-NETZWERKTEAM 
mike gabriel, herweg 7, 24357 fleckeby 
mobile: +49 (1520) 1976 148 
landline: +49 (4354) 8390 139 

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
---
DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Dec 13 15:31:07 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.