X2Go Bug report logs - #179
x2goclient in broker-mode does not allow logout

grave

[Message part 1 (text/plain, inline)]
Package: x2goclient
Version: 4.0.1.0

When you have logged in to a server in broker-mode, there is no way to
de-authenticate from the broker, other than closing x2goclient. This is not
a problem on a normal desktop machine, but on thinclients, it is not really
possible to close x2goclient, other than rebooting/shutting down the
machine. This means that users can't go to a thinclient, login and work,
logout and walk away from the machine to allow a different user to use it,
without rebooting the machine after having logged out. This is not
acceptable behavior for a thinclient setup. I think logging out of an
x2goserver should also trigger a deauthenticate from the broker, as this
mimicks the way x2goclient works when not in broker-mode.

-- 
Anders Bruun Olsen
It-ansvarlig
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)

[Message part 2 (text/html, inline)]
[Message part 1 (text/plain, inline)]
severity #179 grave
tag #179 confirmed
thanks

Hi Anders,

On Fr 19 Apr 2013 10:35:03 CEST Anders Bruun Olsen wrote:

> Package: x2goclient
> Version: 4.0.1.0
>
> When you have logged in to a server in broker-mode, there is no way to
> de-authenticate from the broker, other than closing x2goclient. This is not
> a problem on a normal desktop machine, but on thinclients, it is not really
> possible to close x2goclient, other than rebooting/shutting down the
> machine. This means that users can't go to a thinclient, login and work,
> logout and walk away from the machine to allow a different user to use it,
> without rebooting the machine after having logged out. This is not
> acceptable behavior for a thinclient setup. I think logging out of an
> x2goserver should also trigger a deauthenticate from the broker, as this
> mimicks the way x2goclient works when not in broker-mode.

I consider this as a grave issue and see to getting it fixed ASAP.

Greets,
Mike



-- 

DAS-NETZWERKTEAM
mike gabriel, rothenstein 5, 24214 neudorf-bornstein
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 2 (application/pgp-signature, inline)]
tag #179 pending
fixed #179 4.0.1.1
thanks

Hello,

X2Go issue #179 (src:x2goclient) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=e3b8739

The issue will most likely be fixed in src:x2goclient (4.0.1.1).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit e3b87397d75a7e246d29c4f94b1368e092f27207
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Wed Jun 12 13:23:05 2013 +0200

    Add cmdline option --broker-autologoff: Enforce re-authentication against X2Go Session Broker after a session has been suspended or terminated. (Fixes: #179).

diff --git a/debian/changelog b/debian/changelog
index 84daa74..c2dcc38 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -20,6 +20,9 @@ x2goclient (4.0.1.1-0~x2go1) UNRELEASED; urgency=low
       patch was applied. Segfault only occurred if the tray icon was not used.
     - Show session name in notification bubbles.
     - Update German translation.
+    - Add cmdline option --broker-autologoff: Enforce re-authentication against
+      X2Go Session Broker after a session has been suspended or terminated.
+      (Fixes: #179).
 
   [ Ezra Bühler ]
   * New upstream version (4.0.1.1):


Hi, Mike.

What do you think about making this behaviour default?
Because doing logoff by default seems to be a more secure way (and
default settings should be secure) + it doesn't require you to
close-and-reopen window if you want to de-authenticate from the broker
(and switch to other sessions).
I think it would be a good idea, especially if this session broker
system is mainly aimed at setups with thin clients (less configuration
changes for main use-case).


[Message part 1 (text/plain, inline)]
I personally think that it would be better to de-auth from the broker by
default, and then have a commandline option that tells x2goclient to stay
authenticated to the broker, when the connection to a server ends.


2013/6/12 Nable 80 <nable.maininbox@googlemail.com>

> Hi, Mike.
>
> What do you think about making this behaviour default?
> Because doing logoff by default seems to be a more secure way (and
> default settings should be secure) + it doesn't require you to
> close-and-reopen window if you want to de-authenticate from the broker
> (and switch to other sessions).
> I think it would be a good idea, especially if this session broker
> system is mainly aimed at setups with thin clients (less configuration
> changes for main use-case).
> _______________________________________________
> X2Go-Dev mailing list
> X2Go-Dev@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev
>



-- 
Anders Bruun Olsen
It-ansvarlig
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)

[Message part 2 (text/html, inline)]
close #179
thanks

Hello,

we are very hopeful that X2Go issue #179 reported by you
has been resolved in the new release (4.0.1.1) of the
X2Go source project »src:x2goclient«.

You can view the complete changelog entry of src:x2goclient (4.0.1.1)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goclient.

    http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=dad4fcc24868504be24ccc9a3ab0fcac41859080;hp=1b4260f86a6fda01c5263fa3d27504677a3cdfac

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goclient.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2goclient
Version: 4.0.1.1
Status: RELEASE
Date: Wed, 11 Sep 2013 12:06:02 +0200
Fixes: 141 142 151 164 165 177 179 183 214 222 226 243 255
Changes: 
 x2goclient (4.0.1.1) RELEASED; urgency=low
 .
   [ Nicolai Hansen ]
   * New upstream version (4.0.1.1):
     - Update Danish translation file.
 .
   [ Terje Andersen ]
   * New upstream version (4.0.1.1):
     - Update Norwegian Bokmaal translation file.
 .
   [ Oleksandr Shneyder ]
   * New upstream version (4.0.1.1):
     - Use "127.0.0.1" instead of localhost to avoid wrong IPv6 hostname
       resolution. (Fixes: #151).
     - Wait for x2gocmdexitmessage to return before closing in hidden mode.
     - Support for published applications in X2Go Plugin
     - Support for "shadow" mode in X2Go Plugin
 .
   [ Mike Gabriel ]
   * New upstream version (4.0.1.1):
     - If a priv SSH key has been specified, skip the autologin procedure.
       Let's consider a given SSH private key that fails to log the user
       in as an overall login failure. (Fixes: #141).
     - Avoid multiple selectUserSession requests when in broker
       mode.
     - Properly set the remote server address received via selectUserSession
       method when in broker mode. (Fixes: #226).
     - Fix segmentation fault that started occurring since the custom trayIcon
       patch was applied. Segfault only occurred if the tray icon was not used.
     - Show session name in notification bubbles.
     - Update German translation.
     - Add cmdline option --broker-autologoff: Enforce re-authentication against
       X2Go Session Broker after a session has been suspended or terminated.
       (Fixes: #179).
     - Enable full access desktop sharing across user accounts. (Fixes: #222).
     - Make X2Go Client aware of the MATE desktop environment.
     - Make X2Go Client work in SSH broker mode without the need of a auth-id
       file.
 .
   [ Heinrich Schuchardt ]
   * New upstream version (4.0.1.1):
     - Call ssh_clean_pubkey_hash() for deallocating public key hashes instead of
       just calling free(). Required under MS Windows as documented in libssh2
       API. (Fixes: #243). (For further details see:
       http://api.libssh.org/master/group__libssh__session.html).
   * Provide bin:package with debug symbols for X2Go Client. (Fixes: #255).
 .
   [ Ezra Bühler ]
   * New upstream version (4.0.1.1):
     - Fix auto-resume when session type is »Single Application«. (Fixes: #183).
 .
   [ Ricardo Díaz Martín ]
   * New upstream version (4.0.1.1):
     - Fix detection of maximum screen area available for a session. (Fixes:
       #165).
     - Use the session icon as tray icon, pop up notification bubble that informs
       about current session actions. (Fixes: #177).
     - Allow for setting maximum available desktop size as window size via the
       session profile card. Unfortunately, this feature is for now only
       available on Linux. (Fixes: #214).
 .
   [ Otto Kjell ]
   * New upstream version (4.0.1.1):
     - Enable debug mode through cmd line parameter. (Fixes: #142).
     - Standardize output to stdout+stderr and make it parseable.
 .
   [ Orion Poplawski ]
   * New upstream version (4.0.1.1):
     - Instead of using a hard-code DPI of 96, use local DPI settings for new
       sessions if not explicitly set in session profile (Fixes: #164).
 .
   [ Daniel Lindgren ]
   * New upstream version (4.0.1.1):
     - Update Swedish translation file.
 .
   [ Ricardo Díaz Martín ]
   * New upstream version (4.0.1.1):
     - Update Spanish translation file.



X2Go Bug report logs - #179 x2goclient in broker-mode does not allow logout

X2Go Bug report logs - #179
x2goclient in broker-mode does not allow logout