X2Go Bug report logs - #1258
x2goclient hangs when connecting with Kerberos auth

version graph

Package: x2goclient; Maintainer for x2goclient is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goclient is src:x2goclient.

Reported by: Mike DePaulo <mikedep333@gmail.com>

Date: Mon, 19 Feb 2018 04:30:02 UTC

Severity: normal

Tags: pending

Found in version 4.1.1.0

Fixed in version 4.1.1.2

Done: X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Full log


🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.507 (Entity 5.507)
X-Loop: owner@bugs.x2go.org
From: owner@bugs.x2go.org (X2Go Bug Tracking System)
Subject: Bug#1258 closed by X2Go Release Manager X2Go Release Manager
 <git-admin@x2go.org> (X2Go issue (in src:x2goclient) has been marked as
 closed)
Message-ID: <handler.1258.c.152969968021361.notifdone@bugs.x2go.org>
References: <20180622203430.AC85B5DA2B@ymir.das-netzwerkteam.de>
X-X2go-PR-Keywords: pending
X-X2go-PR-Message: they-closed 1258
X-X2go-PR-Package: x2goclient
X-X2go-PR-Source: x2goclient
Date: Fri, 22 Jun 2018 20:35:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1529699702-21531-0"
[Message part 1 (text/plain, inline)]
This is an automatic notification regarding your Bug report
which was filed against the x2goclient package:

#1258: x2goclient hangs when connecting with Kerberos auth

It has been closed by X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>.

Their explanation is attached below along with your original report.
If this explanation is unsatisfactory and you have not received a
better one in a separate message then please contact X2Go Release Manager X2Go Release Manager <git-admin@x2go.org> by
replying to this email.


-- 
X2Go Bug Tracking System
Contact owner@bugs.x2go.org with problems
[Message part 2 (message/rfc822, inline)]
From: X2Go Release Manager X2Go Release Manager <git-admin@x2go.org>
To: 1258-submitter@bugs.x2go.org
Cc: control@bugs.x2go.org, 1258@bugs.x2go.org
Subject: X2Go issue (in src:x2goclient) has been marked as closed
Date: Fri, 22 Jun 2018 22:34:30 +0200 (CEST)
close #1258
thanks

Hello,

we are very hopeful that X2Go issue #1258 reported by you
has been resolved in the new release (4.1.2.0) of the
X2Go source project »src:x2goclient«.

You can view the complete changelog entry of src:x2goclient (4.1.2.0)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=bc5c972f6fb84e6c542332d64f0403bb7ba440e3;hp=d8f5e5a4a51724ef3620e7f347644338e2449444

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goclient
Version: 4.1.2.0-0x2go1
Status: RELEASE
Date: Fri, 22 Jun 2018 22:30:29 +0200
Fixes: 1156 1258 1263
Changes:
 x2goclient (4.1.2.0-0x2go1) RELEASED; urgency=medium
 .
   [ Mike DePaulo ]
   * New upstream version (4.1.2.0):
     - src/sshmasterconnection.cpp: Do not attempt to perform Interaction with
       SSH Server (e.g. for changing expired password) when using
       GSSAPI/Kerberos because the interaction code does not support it yet.
       Fixes: #1258
     - Windows: Update PuTTY from 0.68 to 0.70, which fixes PuTTY vulns
       vuln-indirect-dll-hijack-2 & vuln-indirect-dll-hijack-3.
       Note that x2goclient was only ever affected if the permissions on the
       installation folder were changed to give users write access, or if
       x2goclient was copied/extracted to a folder where users could write.
     - Windows: Update Win32 OpenSSL from 1.0.2k to 1.0.2n
       Fixes several CVEs
     - Windows: Upgrade bundled VcXsrv from 1.17.0.0-3 (X2Go/Arctica Build)
       to 1.20.0.0 (upstream build)
         + Fixes https://github.com/ArcticaProject/nx-libs/issues/600
         + Incompatible with XP & Vista
         + Unmodified except for strip-nondeterminism being run on .gz files
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.1.2.0):
     - don't start gpg agent for PGP card authentication. Use system agent instead.
     - change search string for pcsc_scan.
     - destroy unused SSH sessions for LDAP authentication.
 .
   [ Mihai Moldovan ]
   * New upstream version (4.1.2.0):
     - misc: update version to 4.1.2.0.
     - res/img/svg: add new lxqt.svg icon file (really helix.svg).
     - res/img/icons/*x*: add new rasterized lxqt.png files in different sizes.
     - res/qresources.qrc: add new lxqt files.
     - src/{onmainwindow.cpp,session{button,widget}.{cpp,h}}: add support for
       LXQt. Fixes: #1263.
     - src/sshmasterconnection.cpp: stop libssh/OpenSSL from querying for a
       passphrase if started with a controlling terminal.
     - x2goclient.pro: remove plugin references.
     - misc: change http:// to https:// where appropriate, but in actual code
       and translation files for now.
     - Makefile: remove plugin references.
     - Makefile: remove x2goclient_*.qm files in clean rule.
     - x2gobrowserplugin-2.4_1/: remove.
     - provider/: remove.
     - INSTALL: remove plugin references.
     - {{build,config}_win_plugin.bat,config_linux_{,static_}plugin.sh}:
       remove.
     - config_win.bat: remove plugin references.
     - src/{configdialog.cpp,onmainwindow{.cpp,{,_privat}.h}}: remove plugin
       references.
     - src/editconnectiondialog.cpp: do not connect signals to slots that do
       not exist on non-Linux platforms.
     - src/onmainwindow.cpp: add -nopn parameter to VcXsrv startup options,
       making the binary fail if it wasn't able to bind the requested port on
       all addresses.
     - src/onmainwindow.cpp: print out current DISPLAY value in debug log while
       starting X.Org Server on Windows.
     - src/onmainwindow.{cpp,h}: don't error out directly if starting the X.Org
       Server failed on Windows. Instead, try starting it three times, each
       time with a higher DISPLAY offset. On busy client machines, several
       clients raced for the sockets previously and often failed to start. Also
       check if the server binary actually is still alive before doing the TCP
       connection checks. A dead server won't be able to listen on a socket in
       the first place.
     - {src/{onmainwindow.{cpp,h},help.cpp},man/man1/x2goclient.1}: add new
       option --xserver-start-limit, replacing the formerly hardcoded limit of
       three tries.
     - src/onmainwindow.{cpp,h}: fix compile error on Windows - use std::size_t
       instead of std::ssize_t, treat zero as infinity value while parsing
       option value.
     - src/onmainwindow.cpp: handle a disabled X.Org Server start limit
       correctly.
     - src/onmainwindow.cpp: fix other compile errors/typos.
     - src/onmainwindow.cpp: another compile error/typo fix.
     - src/onmainwindow.cpp: let client recognize new --xserver-start-limit
       param correctly.
     - src/onmainwindow.cpp: add -silent-dup-error parameter to VcXsrv startup
       options, forcing it to silently fail without showing a dialog and thus
       keeping the process running.
     - src/onmainwindow.cpp: re-add periodic xmodmap keyboard sync for OS
       X/macOS platforms. Was dropped some time ago by accident.
     - src/onmainwindow.cpp: fix compile error on OS X/macOS.
     - copy-deps-win32.bat: update to 20160121-4 Cygwin bundle, shipping with
       chgrp.
     - src/onmainwindow.cpp: fix user-facing error messages in Windows X.Org
       Server startup functions.
     - src/pulsemanager.cpp: use QByteArray's constData () instead of data (),
       since we'll never modify the data anyway.
     - src/onmainwindow.cpp: hook-in chgrp for ~/.x2go/etc on Windows platforms
       to work around a Cygwin permissions bug. Fixes: #1156.
     - src/onmainwindow.cpp: QProcess:nullDevice () is only available on Qt
       5.2+, so use a workaround for older versions.
     - src/onmainwindow.cpp: actually pass the correct group ID to the chgrp
       call and make sure that the warning dialog box also appears whenever the
       exit code indicates a failure.
     - src/onmainwindow.{cpp,h}: remove Cygwin permissions workaround via
       chgrp.
     - copy-deps-win32.bat: update to 20180615-1 Cygwin bundle, shipping with
       a further modified OpenSSH Server version at 7.7p1-1-x2go1 and without
       chgrp.
     - src/onmainwindow.cpp: disable private host key permissions check in
       OpenSSH Server on Windows. Fixes: #1156.
     - res/i18n/x2goclient_*.ts: update translation files.
     - res/i18n/x2goclient_fi.ts: whitespace and other fixups.
     - res/i18n/x2goclient_fi.ts: add missing numerus form translation and
       other fixups.
     - res/i18n/x2goclient_de.ts: another fixup I previously forgot about.
     - res/i18n/x2goclient_et.ts: whitespace and meta data fixup.
     - res/i18n/x2goclient_et.ts: typo fix: on+ma -> oma.
   * x2goclient.spec:
     - Remove plugin references.
   * debian/rules:
     - Remove plugin references.
     - Remove x2goclient_*.qm files removal.
   * debian/control:
     - Convert plugin packages to dummy transitional packages with no
       dependencies, remove other plugin references.
   * debian/:
     - x2goplugin{,-provider}.install: clear out.
     - {x2goplugin.dirs,x2goplugin-provider.dirs,x2goplugin-provider.links,
        x2goplugin-provider.post*}: remove.
   * debian/copyright:
     - Remove plugin references.
 .
   [ Martti Pitkänen ]
   * New upstream version (4.1.2.0):
     - res/i18n/x2goclient_fi.ts: update Finnish translation file.
 .
   [ Stefan Baur ]
   * New upstream release (4.1.2.0):
     - res/i18n/x2goclient_de.ts: update German translation file.
 .
   [ Sébastien Ducoulombier ]
   * New upstream version (4.1.2.0):
     - res/i18n/x2goclient_fr.ts: update French translation file.
 .
   [ Robert Parts ]
   * New upstream version (4.1.2.0):
     - res/i18n/x2goclient_et.ts: update Estonian translation file.

[Message part 3 (message/rfc822, inline)]
From: Mike DePaulo <mikedep333@gmail.com>
To: submit@bugs.x2go.org
Subject: x2goclient hangs when connecting with Kerberos auth
Date: Sun, 18 Feb 2018 23:28:12 -0500
Package: x2goclient
Version: 4.1.1.0

When attempting to connect to an X2Go server with GSSAPI/Kerberos
auth, x2goclient hangs indefinitely.

This was observed with nightly builds for Windows, and was assumed to
be Windows-specific.

The fix has already been committed to master. I will update master
with another commit (& change to debian/changelog) stating that this
was fixed:
commit 7cbd8d525309edb8bd05d27ec57ac72e2d8c90e8
Author: Mike DePaulo <mikedep333@gmail.com>
Date:   Sun Feb 18 19:52:22 2018 -0500

    Do not attempt to perform Interaction with SSH Server

    (e.g. for changing expired password) when using GSSAPI/Kerberos
    because the interaction code does not support it yet.


But as I was fixing it, I noticed that Linux & Mac OS X are probably
affected too.

The cause of the issue is that the new Interaction Dialog feature
introduced by this commit contains libssh-specific function calls, but
we use PuTTY binaries on Windows & the OpenSSH ssh client binary on
Linux/MacOS for GSSAPI/Kerberos:
commit 68bbf328132125eaad5c53b0ac82490bf818e42e
Author: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
Date:   Wed May 10 15:22:11 2017 +0200

    Interaction with SSH server (for example for changing expired
password). Fixes: #592.

And the "fix" for this is to bypass that new feature when
GSSAPI/Kerberos auth is used.

I will open up a separate issue about the fact that the Interaction
Dialog feature does not work with GSSAPI/Kerberos.

-Mike

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 17:32:53 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.