X2Go Bug report logs - #1183
Pass broker creds to RDP client as plaintext

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Walid MOGHRABI <w.moghrabi@servicemagic.eu>

Date: Wed, 31 May 2017 14:45:02 UTC

Severity: wishlist

Tags: patch

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#1183: [X2Go-Dev] Bug#1183: Bug#1183: Pass broker creds to RDP client as plaintext
Reply-To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 1183@bugs.x2go.org
Resent-From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Sat, 03 Jun 2017 21:50:01 +0000
Resent-Message-ID: <handler.1183.B1183.14965265301123@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 1183
X-X2Go-PR-Package: x2goclient
X-X2Go-PR-Keywords: patch
Received: via spool by 1183-submit@bugs.x2go.org id=B1183.14965265301123
          (code B ref 1183); Sat, 03 Jun 2017 21:50:01 +0000
Received: (at 1183) by bugs.x2go.org; 3 Jun 2017 21:48:50 +0000
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.1
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id BEEA25DAD5
	for <1183@bugs.x2go.org>; Sat,  3 Jun 2017 23:48:48 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id pGka7WAGY6dD for <1183@bugs.x2go.org>;
	Sat,  3 Jun 2017 23:48:41 +0200 (CEST)
Received: from fregna.das-netzwerkteam.de (fregna.das-netzwerkteam.de [148.251.53.130])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 547F35DAD4
	for <1183@bugs.x2go.org>; Sat,  3 Jun 2017 23:48:41 +0200 (CEST)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [IPv6:2a01:4f8:202:1381::105])
	by fregna.das-netzwerkteam.de (Postfix) with ESMTPS id 3702F6067B;
	Sat,  3 Jun 2017 21:48:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 2DCF5C7CDF;
	Sat,  3 Jun 2017 23:48:41 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Wmit3Hd4BBjc; Sat,  3 Jun 2017 23:48:36 +0200 (CEST)
Received: from das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 97233C7CE0;
	Sat,  3 Jun 2017 23:48:36 +0200 (CEST)
Received: from p20030058BD448F00468500FFFE8EEA5E.dip0.t-ipconnect.de
 (p20030058BD448F00468500FFFE8EEA5E.dip0.t-ipconnect.de
 [2003:58:bd44:8f00:4685:ff:fe8e:ea5e]) by mail.das-netzwerkteam.de (Horde
 Framework) with HTTPS; Sat, 03 Jun 2017 21:48:36 +0000
Date: Sat, 03 Jun 2017 21:48:36 +0000
Message-ID: <20170603214836.Horde.KM_ApxTzVTUOd-joEonczDd@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Walid MOGHRABI <w.moghrabi@servicemagic.eu>, 1183@bugs.x2go.org
References: <20170531195828.Horde.vAcyRcGCGpIX0L09g1bH-8e@mail.das-netzwerkteam.de>
 <922067046.11109892.1496306815562.JavaMail.root@servicemagic.eu>
In-Reply-To: <922067046.11109892.1496306815562.JavaMail.root@servicemagic.eu>
User-Agent: Horde Application Framework 5
Accept-Language: de,en
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 2003:58:bd44:8f00:4685:ff:fe8e:ea5e
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Firefox/45.0
Content-Type: multipart/signed; boundary="=_bswTktx9ws_uM57-AoXgOfA";
 protocol="application/pgp-signature"; micalg=pgp-sha256
MIME-Version: 1.0
[Message part 1 (text/plain, inline)]
HI Walid,

On  Do 01 Jun 2017 10:46:55 CEST, Walid MOGHRABI wrote:

> I'll take your requests into account but just to clarify :
>
>
>> 1. Please split up the RDP broker creds as session creds from the
>> --close-disconnect change.
>
> This little fix is related to this support since, in that particular  
> case which is broker mode + RDP session + --close-disconnect  
> activated, you couldn't have a one time authentication (at broker  
> auth).
> For that "one time auth" to work, I need a way to pass broker  
> credentials to the session and to close the client at the end of the  
> session in order to force a re-auth at broker login.
> Without the --close-disconnect fix, I can pass my credentials to the  
> RDP session but when finishing the session, I'm still on the broker  
> page with my session list and I don't re-auth which is what I wanted.
> I can easily split these patches since they are quite clearly  
> separated but I thought they were related to the same need that's  
> why I kept them together.

Please split off the change for --close-disconnect into a separate commit.

>> 2. Please let the cmdline option start with --broker-...
>>
>> --broker-use-creds-for-session
>
> ok
>
>> 3. Don't limit this functionality to RDP sessions only. It is
>> useful for all sorts of session
>> types (X2Go, DirectRDP, DirectXDMCP if already in (there were
>> rumours about such a new feature)).
>
> Well, I'm not aware of XDMCP and have nothing under my hand to test it.
> This patch affect RDP sessions only in fact because X2Go sessions  
> have heir own way to pass credentials from broker to x2go server  
> with the intermediate key auth so using this method for this kind of  
> session is purely useless.
> On the other hand, RDP sessions have no such key authentication  
> available so it is necessary to pass credentials as plaintext to  
> xfreerdp/rdesktop because in the case of the broker mode only, when  
> clicking on the session profile, the client is waiting for the  
> credentials but you are not prompted for them so the client stay  
> stuck in an unusable situation.
> So really, this is a "broker + RDP only" method that's why I  
> precised this was for RDP only in order not to confuse users who  
> might think this could be used for any type of connection.
>
> I'll modify the cmdline option name and wait for your comments on my  
> precisions.
>

IMHO, the --broker-use-creds-for-session could be a nice and cheap  
alternative to setting up x2gobroker-agent based authentication. So,  
it would be nice to have it working for X2Go and RDP sessions.

Thanks,
Mike
-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Tue Jan 31 21:01:58 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.