From abo@dsl.dk Thu Mar 7 10:50:16 2013 Received: (at submit) by bugs.x2go.org; 7 Mar 2013 09:50:16 +0000 Received: from eu1sys200aog116.obsmtp.com (eu1sys200aog116.obsmtp.com [207.126.144.141]) by ymir (Postfix) with SMTP id 036075DB0D for ; Thu, 7 Mar 2013 10:50:15 +0100 (CET) Received: from mail-oa0-f72.google.com ([209.85.219.72]) (using TLSv1) by eu1sys200aob116.postini.com ([207.126.147.11]) with SMTP ID DSNKUThi1wGbKce1vam8cX7Nr22tJe/lWyEE@postini.com; Thu, 07 Mar 2013 09:50:16 UTC Received: by mail-oa0-f72.google.com with SMTP id j6so1885995oag.3 for ; Thu, 07 Mar 2013 01:50:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dsl.dk; s=google; h=x-received:mime-version:x-received:date:message-id:subject:from:to :content-type; bh=H0N0ff6qDaP9VKEpDGSDtxE3z9SopwnG6jxGbIYS61I=; b=QRIG0t6LWc9KGEYN6tBVbklxaoKAeZwN4Qs9XcD3IzA3Pw/8kyMXhA55nEuy9iz6Zx /9J3NcMVOZ1uUQUqlN1IfsD0N3O3/C+p83gswr3e+gfAQryeLIiug/8bw6EMdf/5MrVA gThqmXT6AHQnwED9u0cgNnahYGaMRMgo8mNdE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:x-received:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=H0N0ff6qDaP9VKEpDGSDtxE3z9SopwnG6jxGbIYS61I=; b=k87pHVXSc4/oOZeFNehPSmqZssSStLREfYuMaRqiPbjbZULht8NXCEYzyHeVj2kQsh Y04FtcGmjFWOnU076bBTN7Cucgez+YQUXKOD8oMj2IPFw7AWDO0auiGT61esH1l57jZO p+/Qa47otNQZpjHCRylYHfWJuqtzF1xUIRXL3WBodtat9ZROfuKBBiY4NlYEieZ6IGlR A/++25Jpj2nE/RLOJ2VxSjBs59YJVOOvEYB/FK8upzkb5TDZOwLDykgSRx1Qx6e1KYBr MZzwhIgZgddZ1bN6UUHlzTBQU2XOfhVNZc11iwjPECL6rFYQQWxv7zz/Daa1+AIMqJyI +v9w== X-Received: by 10.182.31.109 with SMTP id z13mr25557105obh.37.1362649814752; Thu, 07 Mar 2013 01:50:14 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.182.31.109 with SMTP id z13mr25557102obh.37.1362649814559; Thu, 07 Mar 2013 01:50:14 -0800 (PST) Received: by 10.182.95.211 with HTTP; Thu, 7 Mar 2013 01:50:13 -0800 (PST) Date: Thu, 7 Mar 2013 10:50:13 +0100 Message-ID: Subject: X2Gobroker: session autologin does not work From: Anders Bruun Olsen To: submit@bugs.x2go.org Content-Type: multipart/alternative; boundary=14dae93b5c802680de04d752a237 X-Gm-Message-State: ALoCoQlFK56JmVtuO2gk+8TczwLAVuxKCtXW5y2MFNqpt8N0NMhm2tFFJjLsTJZ5z5i4+CFoUxrg+FLEAR0UwNfOmdl5qRkVGs0rtTJJTXVzV+U7SJ0HNibi60sEqBersEn3GFLXF5R7k8g/kr77FpTUWPZgSigWWg== --14dae93b5c802680de04d752a237 Content-Type: text/plain; charset=UTF-8 Package: x2gobroker Version: 0.0.0.7 When broker-session-autologin=true is set for a profile, a temp ssh-key-pair is generated. The pubkey is added to %h/.x2go/authorized_keys on the term-server and the private key is given to x2goclient. Unfortunately this does not seem to work for us. When we try to login this way, a dialog box is shown, asking for a "passphrase to decrypt a key". At first in our test-setup we thought this worked, because I already had password-less login to the terminal-servers using ssh-keys. As soon as I move my .ssh dir, this other problem occurs. It also occurs for for users without any ssh-keys setup. I can see that the pubkey is successfully added (and removed after 20 seconds) on the term-server in $HOME/.x2go/authorized_keys. The sshd on the term-server is set to also look in %h/.x2go/authorized_keys. -- Anders Bruun Olsen It-ansvarlig Det Danske Sprog- og Litteraturselskab (Society for Danish Language and Literature) --14dae93b5c802680de04d752a237 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Package: x2gobroker
Version: 0.0.0.7

When broker-session-autologin=3Dtrue is set for a profile, a temp s= sh-key-pair is generated. The pubkey is added to %h/.x2go/authorized_keys o= n the term-server and the private key is given to x2goclient. Unfortunately= this does not seem to work for us. When we try to login this way, a dialog= box is shown, asking for a "passphrase to decrypt a key".
At first in our test-setup we thought this worked, because I already h= ad password-less login to the terminal-servers using ssh-keys. As soon as I= move my .ssh dir, this other problem occurs. It also occurs for for users = without any ssh-keys setup. I can see that the pubkey is successfully added= (and removed after 20 seconds) on the term-server in $HOME/.x2go/authorize= d_keys. The sshd on the term-server is set to also look in %h/.x2go/authori= zed_keys.

--
Anders Bruun Olsen
It-ansvarlig
Det Danske Spro= g- og Litteraturselskab
(Society for Danish Language and Literature)
--14dae93b5c802680de04d752a237-- From mike.gabriel@das-netzwerkteam.de Thu Mar 7 11:56:00 2013 Received: (at 141) by bugs.x2go.org; 7 Mar 2013 10:56:00 +0000 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 6C3E15DB0D; Thu, 7 Mar 2013 11:56:00 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 3B626AA7; Thu, 7 Mar 2013 11:56:00 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 29A113BB3A; Thu, 7 Mar 2013 11:56:00 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aCrZx5cB8jm0; Thu, 7 Mar 2013 11:56:00 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 086643BB3B; Thu, 7 Mar 2013 11:56:00 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id E1E913B9AB; Thu, 7 Mar 2013 11:55:59 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on grimnir.das-netzwerkteam.de X-Spam-Flag: NO X-Spam-Status: No, hits=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, MIME_QP_LONG_LINE,URIBL_BLOCKED autolearn=ham version=3.3.1 running as userid= X-Spam-Level: X-Spam-Bayes-Score: 0.0000 Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id A1A7F3BB3A; Thu, 7 Mar 2013 11:55:59 +0100 (CET) Received: from 55-24-142-46.pool.kielnet.net (55-24-142-46.pool.kielnet.net [46.142.24.55]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 07 Mar 2013 11:55:59 +0100 Message-ID: <20130307115559.16374hjx9nmkx7wf@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Thu, 07 Mar 2013 11:55:59 +0100 From: Mike Gabriel To: Anders Bruun Olsen , 141@bugs.x2go.org Cc: control@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#141: X2Gobroker: session autologin does not work References: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_4exlfwdt6xxb"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_4exlfwdt6xxb Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable reassign #141 x2goclient found #141 4.0.0.4 tag #141 moreinfo thanks Hi Anders, I suspect that this is not a broker issue. On Do 07 M=C3=A4r 2013 10:50:13 CET Anders Bruun Olsen wrote: > When broker-session-autologin=3Dtrue is set for a profile, a temp > ssh-key-pair is generated. The pubkey is added to %h/.x2go/authorized_keys > on the term-server and the private key is given to x2goclient. > Unfortunately this does not seem to work for us. When we try to login this > way, a dialog box is shown, asking for a "passphrase to decrypt a key". > At first in our test-setup we thought this worked, because I already had > password-less login to the terminal-servers using ssh-keys. ACK. > As soon as I > move my .ssh dir, this other problem occurs. It also occurs for for users What do you mean by ,,as soon as I move my .ssh dir''. I think that =20 this point may be crucial to fix this bug. > without any ssh-keys setup. I can see that the pubkey is successfully adde= d > (and removed after 20 seconds) on the term-server in > $HOME/.x2go/authorized_keys. The sshd on the term-server is set to also > look in %h/.x2go/authorized_keys. Ack. Mike --=20 DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf= b --=_4exlfwdt6xxb Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJROHI/AAoJEJr0azAldxsxswYP+wbY0Tlg1k1c0LKhiMx8iy9w JFHOKnX4Khin+jrcVHz5XhHUttkHsVaO/S5kvaV3LSvfQ8Pu7J7mJpETnf5v4v4k m/B+9SygsTMlmcPLhX3QCowzsi3H5lsfVX5ui3buE6hS7kkfxZXK9mxx1XhlH65q ZqAFH+StH840v7qEK91VSRQ37ExvCwN0XqgQMk7TwvefebPUZSCkb+ngpXHhKWlv GG7hPcgi1fIjD2bOAxDZW+eatHQU/NtRMLa8JJK5LQtPcYIHyomMW7ixTX/RfKEC m+gyKC9o38dcZMAXynvz/qLmbQsve0RHgs7+EgUWecqtqW7ha0GPnLL91o4UVce8 BHZvq/8zfyCX+Z6kQHlPxkbdOBP8ScrmCQtu6jJgM7hdgXGrGWmGrODAFTDcaudg /ejvNKU+bcYu05n2wWtXnXZ1QC2V2A39w9q4fqXz4qxQslWFEmVYeZpQeDqtie0D stX7zx++8nLYB0HMB0HFEJBJS2JbtloqsQfRkHBeHsOPomG7+CP5l5vfUUvWHV2f R7CDfbNSrSYQ6EMdSC+Gws1SEerVyaAg0B3uBBPrLCxnki3lVFC2O3OFE7BnoGOA sbcjASo7/RfFR+G0FOQOL2nGpmyQ0sqM++XfrcXey5jsCJ6ueLcZmQIroBQW7Nbv vIjn1t2RsU2K9CTz7nm1 =lPrm -----END PGP SIGNATURE----- --=_4exlfwdt6xxb-- From abo@dsl.dk Thu Mar 7 13:42:39 2013 Received: (at 141) by bugs.x2go.org; 7 Mar 2013 12:42:39 +0000 Received: from eu1sys200aog111.obsmtp.com (eu1sys200aog111.obsmtp.com [207.126.144.131]) by ymir (Postfix) with SMTP id DF52D5DB0D for <141@bugs.x2go.org>; Thu, 7 Mar 2013 13:42:38 +0100 (CET) Received: from mail-ia0-f198.google.com ([209.85.210.198]) (using TLSv1) by eu1sys200aob111.postini.com ([207.126.147.11]) with SMTP ID DSNKUTiLKdKKpsVEc84HYJGKTuFSCWxa2wOH@postini.com; Thu, 07 Mar 2013 12:42:39 UTC Received: by mail-ia0-f198.google.com with SMTP id y26so1474861iab.9 for <141@bugs.x2go.org>; Thu, 07 Mar 2013 04:42:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dsl.dk; s=google; h=x-received:mime-version:x-received:date:message-id:subject:from:to :content-type; bh=LkdRpMZ/phJlIsIElmuYaUAiDXYRTTTDyMGuK1hbCYQ=; b=FOVUYWrGQ+TbfocSRHHKwLHcog3b57X2g7YtQJ5hJYCyAnHC1d6awlN5pnEwhV6iai Awxzl/wy6fwKazEFuSX7lg4HjqRQix9m1Hbu7E34hPVAdXj9fNV43GOZXzZaHAAfSsDC Srtt5DbhU6eCoNoMzHtTvsHYKXUxLgJlS0HA8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:mime-version:x-received:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=LkdRpMZ/phJlIsIElmuYaUAiDXYRTTTDyMGuK1hbCYQ=; b=bnwedD4wL/BDvVEMOPMc1H3VWvG5q0trM9f7XL6xMqOKWx1Qr5L9+spTOGVPbHulZr Okc+xp0Wi9oz7hCxVXRj2FmjvbNeMeRXOl4OlnuLmGQpkrADGeBs97rgKgK92uuGdeFd 3FW1Uui+2WgQMBVcAJy747y+JB787b32KNLEPPuRn31pVphN8mOEqPJ5S2b7B3A5I5x6 DmINX3cua0zmcbkB/8WkWgy/2dKr+owC1XPhP07XYq9NGb/hJbOVJ3lBqqh3ciSRnhe7 eZVZATt5h9cfIYL56lAuxSSsMYS90C6FhjuOH7pwgDX6STdRibog8sA4KarVh9Ew4kUM NPvA== X-Received: by 10.182.146.42 with SMTP id sz10mr25701233obb.83.1362660129433; Thu, 07 Mar 2013 04:42:09 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.182.146.42 with SMTP id sz10mr25701224obb.83.1362660129141; Thu, 07 Mar 2013 04:42:09 -0800 (PST) Received: by 10.182.95.211 with HTTP; Thu, 7 Mar 2013 04:42:08 -0800 (PST) Date: Thu, 7 Mar 2013 13:42:08 +0100 Message-ID: Subject: Bug#141: X2Gobroker: session autologin does not work From: Anders Bruun Olsen To: 141@bugs.x2go.org Content-Type: multipart/alternative; boundary=f46d04462b74f2dd3a04d75508b2 X-Gm-Message-State: ALoCoQmrRUd3KLkemG+jHfrgC8El/H782YuwKq4XtlJGssMLlnJK56SmDcMdQJj/OMNWyACbjIUjGNUXCEZh+EpptNgRWymxYfGhB+wsY0+a7HRJe4Q0vE4BXMdGBwjjxI9AVzuqytnv6IQHAOhbCiYvUq8STSzXAg== --f46d04462b74f2dd3a04d75508b2 Content-Type: text/plain; charset=UTF-8 This problem was partially fixed by clearing my .x2go and .x2goclient dirs, meaning it might be a combination of ecdsa keys in .ssh and something in .x2go*. There is still the problem where x2goclient asks for a passphrase and you have to click cancel (pressing escape will result in an "authentication failed" dialog). -- Anders Bruun Olsen It-ansvarlig Det Danske Sprog- og Litteraturselskab (Society for Danish Language and Literature) --f46d04462b74f2dd3a04d75508b2 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
This problem was partially fixed by clearing my .x2go and = .x2goclient dirs, meaning it might be a combination of ecdsa keys in .ssh a= nd something in .x2go*.

There is still the problem where= x2goclient asks for a passphrase and you have to click cancel (pressing es= cape will result in an "authentication failed" dialog).

--
Anders Bruun Olsen
It-ansvarlig
Det Danske Spro= g- og Litteraturselskab
(Society for Danish Language and Literature)
--f46d04462b74f2dd3a04d75508b2-- From mike.gabriel@das-netzwerkteam.de Sat Apr 20 20:52:45 2013 Received: (at 141) by bugs.x2go.org; 20 Apr 2013 18:52:46 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id BE9015DB20; Sat, 20 Apr 2013 20:52:45 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 586E3C63; Sat, 20 Apr 2013 20:52:40 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 2AA733B977; Sat, 20 Apr 2013 20:52:40 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UV9MZ5HZj8nY; Sat, 20 Apr 2013 20:52:40 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id EC1483B979; Sat, 20 Apr 2013 20:52:39 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B647F3B977; Sat, 20 Apr 2013 20:52:39 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id 1AF503B979; Sat, 20 Apr 2013 20:52:39 +0200 (CEST) Received: from 176-180-142-46.pool.kielnet.net (176-180-142-46.pool.kielnet.net [46.142.180.176]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Sat, 20 Apr 2013 20:52:39 +0200 Message-ID: <20130420205239.87507fsoftcfnqbb@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Sat, 20 Apr 2013 20:52:39 +0200 From: Mike Gabriel To: 141@bugs.x2go.org Cc: control@bugs.x2go.org Subject: Fwd: [X2Go-Dev] autologin with x2goclient in broker-mode: analysis and fix for "enter passphrase"-bug MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_cvquj4r8ttj"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_cvquj4r8ttj Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit tag #141 - moreinfo thanks Detailed analysis from Anders below... ----- Weitergeleitete Nachricht von abo@dsl.dk ----- Datum: Fri, 19 Apr 2013 16:16:47 +0200 Von: Anders Bruun Olsen Antwort an: x2go-dev@lists.berlios.de Betreff: [X2Go-Dev] autologin with x2goclient in broker-mode: analysis and fix for "enter passphrase"-bug An: x2go-dev Hi guys, I just spent most of the day digging through source code for x2goclient (reminds my why I code Python rather than C++ :) ), trying to understand why the "enter passphrase" dialog box appears when the broker is set to do autologin. Summary of the bug: x2gobroker can be setup to do autologin of users, to avoid users having to enter their credentials twice. This is accomplished by the broker placing a temporary SSH public key in $HOME/.x2go/authorized_keys and handing the matching private key to the client. This temporary key is then removed after a short while. Unfortunately, on all machines I have tested with, including thinclients, x2goclient pops up a dialog box with the text "Enter passphrase to decrypt a key" after authenticating against the broker and choosing a session with autologin enabled. Pressing cancel on this dialog box will on my desktop machine result in the autologin completing and getting logged in. However on the x2gothinclient I tested with, the dialog box would just pop up again and again and login would never occur. Analysis of the bug: When autologin is enabled, SshMasterConnection::userAuth() will react by calling userAuthAuto(), which will look for ssh keys and if you, like me, have an ssh key with a passphrase, it will want to try out this key by asking for the passphrase (despite having ssh-agent running). If it does not find a key, it also asks for a passphrase, at least on my system. The reasons for this aren't really important here, in my oppinion. The important question here is why it even looks for other keys when the nice broker has provided a key. Further analysis and testing showed me that after userAuthAuto() exists without having gotten a proper key loaded (by pressing Cancel on the dialog box), userAuth() will then test if a key is loaded. And because httpbrokerclient has recieved a key and put it into the config-variable, a key IS available. This key is then used for login and all is good. Looking closer at the code revealed that setting config->autologin to true was actually not needed at all, and is the culprit here. If autologin is false, then userAuth() will still see that there is a key loaded, and happily log in the user. My naive fix for this bug: In ONMainWindow::startSession(), make setting the autologin variable dependent upon not being in brokerMode: diff --git a/onmainwindow.cpp b/onmainwindow.cpp index 31dbc17..bc2b70f 100644 --- a/onmainwindow.cpp +++ b/onmainwindow.cpp @@ -3249,8 +3249,9 @@ bool ONMainWindow::startSession ( const QString& sid ) QString cmd=st->setting()->value ( sid+"/command", ( QVariant ) QString::null ).toString(); - autologin=st->setting()->value ( sid+"/autologin", - ( QVariant ) false ).toBool(); + if (!brokerMode) + autologin=st->setting()->value ( sid+"/autologin", + ( QVariant ) false ).toBool(); krblogin=st->setting()->value ( sid+"/krblogin", ( QVariant ) false ).toBool(); #ifdef Q_OS_LINUX I can't say what other consequences this might have, not knowing the code well enough, but initial tests on my system shows that it works. This patch is against git/master btw. -- Anders Bruun Olsen It-ansvarlig Det Danske Sprog- og Litteraturselskab (Society for Danish Language and Literature) ----- Ende der weitergeleiteten Nachricht ----- -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_cvquj4r8ttj Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJRcuP2AAoJEJr0azAldxsxcLsP/jVRm16XqVUTkcChaIxVADl2 UdVRXzv5B25bT5suHBEedHKJcBv5B8nxaA+8O2/3efe19KONZl2VzN5WgggnwIDD Nn3lyAgjfNotIXH0jVNr29AsZz0vs8opSiwGTYA8kt1SMWhjPLlqm674UzqZ+adu qoPBctij1XJrX0mwnzSO2KIMcKjK786ne7ExcGfKPK2+8nlnPOihww53wdu2qe+Q G7JAzjGSQ9ScY/xKEpnr1RFft6CyaMMhp9rQE8j5TO6BQBNE5z193dGsombINYEI lal9kliEPeTyVb4DxzGwHshJM2yVAivymVbdyPlj/4piclee/UhTx2LMAr4nzDUV s52JikfqiFJrG69kezHEaK9v2pu5aPq+Fvy0dkbbMmenT+sDM0Tz+y++Pq2PHEFB uDGpigXGbJjT+Z1/eSOMbaZ77HNnrpL0N8bCb6+R7LMPbzJxxvZ4CL7TExoHVCM7 HhUSzgXCiTerOicflP9bYYwlrg1suwcynOZg9mlJPEkevRmQh4TdZUsbaJIPg4id xaYrFbNRuoBCVEcPEvcLt+MeW5JDJt0L3qvv9qgx1nKHQW5Qn3sGEzknPm0yJ+o3 Kr7KVRmnAon8yxiHEG2yijzFUq1ALDxtmMaifrc4WL21OdlB3Ja/qVG+HXlDIXPs xSoJsd+c8I6qMRTPxXuc =fZk7 -----END PGP SIGNATURE----- --=_cvquj4r8ttj-- From mike.gabriel@das-netzwerkteam.de Mon Apr 22 01:07:04 2013 Received: (at control) by bugs.x2go.org; 21 Apr 2013 23:07:13 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 713FE5DB20; Mon, 22 Apr 2013 01:07:04 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 25ABFDE4; Mon, 22 Apr 2013 01:07:04 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 0B1E53B954; Mon, 22 Apr 2013 01:07:04 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I8ya1NeauB+2; Mon, 22 Apr 2013 01:07:03 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id DEFAD3B957; Mon, 22 Apr 2013 01:07:03 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id BA8CA3B954; Mon, 22 Apr 2013 01:07:03 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id 6550E3B957; Mon, 22 Apr 2013 01:07:03 +0200 (CEST) Received: from 146-176-142-46.pool.kielnet.net (146-176-142-46.pool.kielnet.net [46.142.176.146]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Mon, 22 Apr 2013 01:07:03 +0200 Message-ID: <20130422010703.19292xwil9lzpfdj@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Mon, 22 Apr 2013 01:07:03 +0200 From: Mike Gabriel To: 141@bugs.x2go.org Cc: control@bugs.x2go.org, 141-submitter@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#141: Fwd: autologin with x2goclient in broker-mode: analysis and fix for "enter passphrase"-bug References: <20130420205239.87507fsoftcfnqbb@mail.das-netzwerkteam.de> In-Reply-To: <20130420205239.87507fsoftcfnqbb@mail.das-netzwerkteam.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_2v6u8siuil1z"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_2v6u8siuil1z Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit clone #141 -1 retitle -1 missing public SSH key file should throw an error severity -1 minor tag #141 pending fixed #141 4.0.1.1 thanks Hi Anders, On Sa 20 Apr 2013 20:52:39 CEST Mike Gabriel wrote: > Analysis of the bug: > When autologin is enabled, SshMasterConnection::userAuth() will react by > calling userAuthAuto(), which will look for ssh keys and if you, like me, > have an ssh key with a passphrase, it will want to try out this key by > asking for the passphrase (despite having ssh-agent running). If it does > not find a key, it also asks for a passphrase, at least on my system. The > reasons for this aren't really important here, in my oppinion. The > important question here is why it even looks for other keys when the nice > broker has provided a key. Further analysis and testing showed me that > after userAuthAuto() exists without having gotten a proper key loaded (by > pressing Cancel on the dialog box), userAuth() will then test if a key is > loaded. And because httpbrokerclient has recieved a key and put it into the > config-variable, a key IS available. This key is then used for login and > all is good. Looking closer at the code revealed that setting > config->autologin to true was actually not needed at all, and is the > culprit here. If autologin is false, then userAuth() will still see that > there is a key loaded, and happily log in the user. Thanks for this detailled analysis. It indeed put me on some trail that worked. > My naive fix for this bug: > In ONMainWindow::startSession(), make setting the autologin variable > dependent upon not being in brokerMode: > > diff --git a/onmainwindow.cpp b/onmainwindow.cpp > index 31dbc17..bc2b70f 100644 > --- a/onmainwindow.cpp > +++ b/onmainwindow.cpp > @@ -3249,8 +3249,9 @@ bool ONMainWindow::startSession ( const QString& sid ) > > QString cmd=st->setting()->value ( sid+"/command", > ( QVariant ) QString::null > ).toString(); > - autologin=st->setting()->value ( sid+"/autologin", > - ( QVariant ) false ).toBool(); > + if (!brokerMode) > + autologin=st->setting()->value ( sid+"/autologin", > + ( QVariant ) false ).toBool(); > krblogin=st->setting()->value ( sid+"/krblogin", > ( QVariant ) false ).toBool(); > #ifdef Q_OS_LINUX > > I can't say what other consequences this might have, not knowing the code > well enough, but initial tests on my system shows that it works. This patch > is against git/master btw. The above fix is not appropriate as it will disable the autologin feature completely when x2goclient is in broker mode. That works for your setup, but is not a generic solution. My approach is here: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=fe4408b12c982b81c56c52f37230865f4e9f41ea @Alex: please cross-check. Thanks! Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_2v6u8siuil1z Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJRdHEXAAoJEJr0azAldxsxPfUP/A75z6Y5OtfeuYdFAZ2tEoQp XO4z6JIxU2oeyUcW9TKCNUM97yat70ErAwaZDnRntr6DCu8SLg9S5t9YM/U/+2zm 8qL/QRy30qXeUkgjfLso5MwII9wpA7EYY+Hl6M4guNQW4DiXiYcWlxtj+jNH3uX8 Hex87D+fob6bX6YKGDhAXLJIslPUmiat9mK8jBvphwm+6ZCccexi07rcPORsRtzM UcQpfKY2WIdakw0o2iO4Kgn5Y/VeM6MgMhhBHl35b/GNhC+Ui/djZj94UqIXmsQ+ Y6WT2yANcH5GJ9xawwPd6IpmkYSG61d3+QjQXL5i2zMGjCaVmULN18Ev9SDWD9qG H/KwhDbd/xf40ejAENZ9HLCb12gD8NGNycF9onbC8uiH8mxtxLJlcoFWKcgUjOfZ fRs3cwSF459tagTJIMfrlN/mHNc/XsSSJuof11iKsKoRRUA7sGNB52Hsxp1AeNrB XjXtbwgz7TsThdpWY+Boo7L8Th/XhqC6CW/55b8Cg6d+3FAx6G0hERAhoVuiDvxU rTdSG0X0NUekOHItNsLK3DhFIP5+/WS/gGiGC0/2vtMhIzSlzGgFbbl6XJOXrZna G1buYsDhTuWEt6F9f95nQl/PQPXm8DkOSc37hTFrxq7Jr8Tr9U+xTYBGrEFA/9fI 1u6peQeXME0k4T0h94Hs =GqkW -----END PGP SIGNATURE----- --=_2v6u8siuil1z-- From mike.gabriel@das-netzwerkteam.de Mon Apr 22 01:13:19 2013 Received: (at 184) by bugs.x2go.org; 21 Apr 2013 23:13:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir (Postfix) with ESMTPS id 440F35DB20 for <184@bugs.x2go.org>; Mon, 22 Apr 2013 01:13:19 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 1B5ABDE4 for <184@bugs.x2go.org>; Mon, 22 Apr 2013 01:13:19 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 098C43B954 for <184@bugs.x2go.org>; Mon, 22 Apr 2013 01:13:19 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CmzmalSp6Zo1 for <184@bugs.x2go.org>; Mon, 22 Apr 2013 01:13:18 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id D769A3B957 for <184@bugs.x2go.org>; Mon, 22 Apr 2013 01:13:18 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B9C0F3B954 for <184@bugs.x2go.org>; Mon, 22 Apr 2013 01:13:18 +0200 (CEST) Received: by grimnir.das-netzwerkteam.de (Postfix, from userid 33) id 7227A3B957; Mon, 22 Apr 2013 01:13:18 +0200 (CEST) Received: from 146-176-142-46.pool.kielnet.net (146-176-142-46.pool.kielnet.net [46.142.176.146]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Mon, 22 Apr 2013 01:13:18 +0200 Message-ID: <20130422011318.12203ap9ogfyfh5a@mail.das-netzwerkteam.de> X-Priority: 3 (Normal) Date: Mon, 22 Apr 2013 01:13:18 +0200 From: Mike Gabriel To: 184@bugs.x2go.org Subject: x2goclient behaviour in cases where SSH pubkeys are not found MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=_36fe0kctfki6"; protocol="application/pgp-signature"; micalg="pgp-sha1" Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.4) This message is in MIME format and has been PGP signed. --=_36fe0kctfki6 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit Hi Alex, hi Devs, But #184 is a clone of #141 with a different topic now: x2goclient behaviour in cases where SSH pubkeys are not found during the investigation of a fix for #141 [1] I found out this: o in session profile, specify a key file that does not exist o start a session -> x2goclient will ask you for the (non-existent) keys passphrase Better: an error message should be thrown that informs the user correctly Something similar happens if autologin==true and the user does not have a key loaded in ssh-agent nor does he have some default SSH key files in his $HOME/.ssh: o start a session -> x2goclient will ask you for the (non-existent) keys passphrase Better: an error message should be thrown that informs the user correctly [1] http://bugs.x2go.org/141 Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb --=_36fe0kctfki6 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Unterschrift Content-Disposition: inline Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJRdHKOAAoJEJr0azAldxsxnpsP/2U6KM/4ErkKhTBBioyUdPR/ Isy+bPTi25gOY3Cyh12RyeOc+iZo16GT7ixZyZh13Xfy/frfTTyZ7ZeMGJmXYzwv YlPi8lk8O1c5c46O+CYMcucyf1QmIkS7zQmjUPQBRdiIwEvz+nSUgQFVnegRrthK eNw6k3ccee1dwfVJxZaawOMtuEvxx4PMYIT8nRruE0W40cPIznePdc9W4uSScH13 oaMRpd+YqYlxRM5DLdI2l1MRiNVMGzgviJ1fbNLeHtQ9LgnrOdd5XTHBKvkWpoNC e0uGGqSHmotxwmGdKmfZkYIR9t8oXhfOngFFdIPqP3ci6VErRS6jqDqIx4yKKFiD 1D5MR9/vDwf961f/rPYGbzqIz2kF1nrxolcYLiR8j0MMpNZfn5nLN9tNoPvXDVYp wOhMcfbH0AvTWxT1tbdFeGQPnasfgZdEme9PmJXJPFP2sy5+znZI0zG+m/q3vg4Y hqCk/fUbKjbkgoAiJqU6qf7BNDY0+vdZYC09vjHontFJ5UcSygtP3uKX4m9vNJ1w TayM15pWU+c6agnfP5ka0L1J0xwbCt8GYdxlQu3ShBldLy+1DzohW/GmUl2L6Ig6 9AwQ8XYwKuwabzowPmLtnv1DZMwqs+TUSrUqlMWzkkava8P5oVLH14yysdWprJvf JsWhzRMFn+F9UuPAm7Oe =mzs3 -----END PGP SIGNATURE----- --=_36fe0kctfki6-- From kab@euronet.nl Mon Sep 28 09:31:39 2015 Received: (at 184) by bugs.x2go.org; 28 Sep 2015 07:31:48 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: **** X-Spam-Status: No, score=4.1 required=5.0 tests=BAYES_80, FREEMAIL_FORGED_REPLYTO,LOTS_OF_MONEY,URIBL_BLOCKED autolearn=no version=3.3.2 X-Greylist: delayed 901 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Mon, 28 Sep 2015 09:31:39 CEST Received: from fe01.em.euronet.nl (fe01.em.euronet.nl [194.134.4.232]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 72EEF3BC4B; Mon, 28 Sep 2015 09:31:39 +0200 (CEST) Received: from mbox02.em.euronet.nl (mbox02.em.euronet.nl [194.134.4.152]) by fe01.em.euronet.nl (Postfix) with ESMTP id 1453FC6F49; Mon, 28 Sep 2015 09:16:38 +0200 (CEST) Date: Mon, 28 Sep 2015 09:16:37 +0200 (CEST) From: Phil Naidoo Reply-To: Phil Naidoo Message-ID: <804614597.9528011443424597995.JavaMail.root@mbox02.em.euronet.nl> Subject: =?utf-8?Q?Dringend_unterst=C3=BCtzung_gesucht!!!?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [169.0.51.102] X-Mailer: Zimbra 6.0.1_GA_1816.DEBIAN5_64 (ZimbraWebClient - FF3.0 (Win)/6.0.1_GA_1816.DEBIAN5_64) To: undisclosed-recipients:; Phil Naidoo = =20 Johannesburg South Africa E-Mail: phil-naidoo@outlook.com Dringend unterst=C3=BCtzung g= esucht!!! Hallo,=20 mein Name ist Phil Naidoo, Chefredakteur der ABSA Bank of South Africa. Ic= h war ein sehr enger Freund von Matthias Berger, Staatsb=C3=BCrger ihres L= andes. Matthias Berger arbeitete mit Diamond Mine firma in Botswana zusamme= n. Am 19 Dezember 2011 verungl=C3=BCckte Matthias Berger mit seiner Familie= bei einem Hubschrauberabsturz. Alle Insassen des Hubschrauber starben bei= dem Unfall. Seit dem haben wir zahlreiche Erkundigungen bei Ihre Botschaft= hier in S=C3=BCd Afrika und Botswana angestellt um Verwandte von Herr Matt= hias Berger ausfindig zu machen. Leider waren wir bisher erfolglos. Nach zahlreichen ergebnisslosen Versuchen Herr Matthias Berger Verwandten = ausfindig zu machen, habe ich mich entschieden Ihren Namen /E-mail Addresse= =C3=BCbers dasoertliche site ausfindig zu machen, da sie die gleiche Natio= nalit=C3=A4t haben. Ich habe Sie kontaktiert um Ihnen dabei zu assistieren = Anspruch auf einen Betrag von 8.2 Millionen US Dollar, hinterlassen von mei= nem Freund Herr Matthias Berger zu erheben, bevor es von der ABSA Bank of S= outh Africa konfeziert wird . Die ABSA Bank of South Afrika hat mich benach= richtigt das ich einen Verwandten ausfindig machen muss oder das Geld wird = innerhalb der n=C3=A4chsten 21 Arbeitstagen konfesziert. In meiner Position= als Chefredakteur der ABSA Bank of South Afrika ist es mir M=C3=B6glich da= s Geld auf ein g=C3=BCltiges ausl=C3=A4ndisches Konto zu =C3=BCberweien mit= der Sicherung das das Geld komplett sein wird bis ich in Ihr Land komme um= das Geld mit Ihnen zu teilen. Da es mir seit Vier Jahren nicht gelungen ist Verwandschaft von Herr Matthi= as Berger ausfindig zu machen, versuche ich Ihr Einverst=C3=A4ndnis zu beko= mmen Sie als n=C3=A4chste Verwandten des Verstorbenen zu pr=C3=A4sentieren = da Sie die gleiche Nationalit=C3=A4t haben und somit das Geld zu Ihnen =C3= =BCberwiesen werden kann. Wenn Sie an meinen Vorschlag interessiert sind, k= =C3=B6nnen wir die Teilungsverh=C3=A4ltnisse und Uberweisungsmodalit=C3=A4t= en besprechen. Ich besitze alle n=C3=B6tigen Informationen und gesetzlichen= Dokumente um Ihre Anspruchsforderung zu unterst=C3=BCtzen falls Se sich da= zu entscheiden. Ich brauche nur Ihre ehrliche Zustimmung zur Zusammenarbeit um uns diese Tr= ansaktion zu erm=C3=B6glichen. Ich garantiere Ihnen das dies nur unter lega= len/ gesetzlichen Vorraussetzungen stattfinden wird. Bitte kontaktiren Sie mich unter meiner E-mail:phil-naidoo@outlook.com =09 Mit freundlichen Gr=C3=BCssen Phil Naidoo