X2Go Bug report logs - #218
x2gobroker: Hostname is used instead of FQDN

Toggle useless messages

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Anders Bruun Olsen <abo@dsl.dk>

To: submit@bugs.x2go.org

Subject: x2gobroker: Hostname is used instead of FQDN

Date: Wed, 22 May 2013 15:30:29 +0200

[Message part 1 (text/plain, inline)]

Package: x2gobroker
Version: 0.0.2.2

I am setting up a loadbalanced cluster of x2go servers with a broker in
front. There are thinclients on the LAN accessing the broker/cluster and
there will be users logging on from outside. Users on the LAN are served
term1.example.lan and term2.example.lan, whereas users from outside get
term1.example.com and term2.example.com. So far everything has worked fine,
but now I have started testing outside access, which does not work.
x2gobroker (with autologin) tells x2goclient to access term1 or term2 - it
leaves out the rest of the domain name. This works fine on the LAN, because
the machines there have example.lan set as their searchdomain, but machines
from outside can't resolve "term1" to "term1.example.com" and need to be
given the FQDN. Please note that the FQDNs is specified in the
sessionprofiles, but x2goclient still tries to resolve the short version of
the name.

-- 
Anders Bruun Olsen
It-ansvarlig
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)

[Message part 2 (text/html, inline)]

Message #10 received at 218@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: 218@bugs.x2go.org

Cc: control@bugs.x2go.org, 218-submitter@bugs.x2go.org

Subject: Re: [X2Go-Dev] Bug#218: x2gobroker: Hostname is used instead of FQDN

Date: Wed, 22 May 2013 17:53:35 +0200

[Message part 1 (text/plain, inline)]

tag #218 confirmed
thanks

Hi Anders,

On Mi 22 Mai 2013 15:30:29 CEST Anders Bruun Olsen wrote:

> Package: x2gobroker
> Version: 0.0.2.2
>
> I am setting up a loadbalanced cluster of x2go servers with a broker in
> front. There are thinclients on the LAN accessing the broker/cluster and
> there will be users logging on from outside. Users on the LAN are served
> term1.example.lan and term2.example.lan, whereas users from outside get
> term1.example.com and term2.example.com. So far everything has worked fine,
> but now I have started testing outside access, which does not work.
> x2gobroker (with autologin) tells x2goclient to access term1 or term2 - it
> leaves out the rest of the domain name. This works fine on the LAN, because
> the machines there have example.lan set as their searchdomain, but machines
> from outside can't resolve "term1" to "term1.example.com" and need to be
> given the FQDN. Please note that the FQDNs is specified in the
> sessionprofiles, but x2goclient still tries to resolve the short version of
> the name.

A fix for this is not so trivial, as it seems. The ,,wrong'' hostname  
is produced by x2golistsession on the server that the x2gobroker-agent  
gets executed on.

Obviously, your external clients call the X2Go Session Broker. The  
session broker knows a list of possible hosts for sending the  
select_session query to. The server that gets asked responds with a  
hostname from the X2Go session DB, that is not necessarily what you  
configured in X2Go Session Broker's x2gobroker-sessionprofiles.conf.

So, what is needed is a backwards mapping between the result that gets  
returned by x2gobroker-agent (i.e. the returned server name /  
hostname) back to the FQDN hostnames configured in X2Go Session  
Broker. The mapping is not bijective here, it is more about guessing  
and shooting blindfolded.

/me scratches his head on the best approach for this...

Mike




-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 2 (application/pgp-signature, inline)]

Message #20 received at 218@bugs.x2go.org (full text, mbox, reply):

From: Anders Bruun Olsen <abo@dsl.dk>

To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 218@bugs.x2go.org, x2go-dev <x2go-dev@lists.berlios.de>

Subject: Re: [X2Go-Dev] Bug#218: Bug#218: x2gobroker: Hostname is used instead of FQDN

Date: Mon, 27 May 2013 10:54:46 +0200

[Message part 1 (text/plain, inline)]

I obviously don't know the algorithm used to figure out which server is
selected, but in my ignorance, I would think the way to do it should be
something like this:

1. Ask all servers if they have a running session for the user trying to
log in.
2. If any servers answer possitively, send the configured hostname to the
client.
3. Ask all servers for the needed information.
4. Do the math on the broker, to figure out which server to select.
5. Send the selected server to the client.

Every time the broker talks to a server, it would keep the information
about which server it is talking to, in memory and just associate the
returned information with that server. I really don't see why it is
neccesary for the servers to reply back with who they think they are, nor
who their counterparts in the cluster are.

The fact that the algorithm relies on the servers to identify themselves
also seems to me to be a potential security hole. What if a local user
achieved enough administrative rights to change the hostname. Couldn't he
then get the broker to send users to a server that he controls?



2013/5/22 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

> tag #218 confirmed
> thanks
>
> Hi Anders,
>
> On Mi 22 Mai 2013 15:30:29 CEST Anders Bruun Olsen wrote:
>
>  Package: x2gobroker
>> Version: 0.0.2.2
>>
>> I am setting up a loadbalanced cluster of x2go servers with a broker in
>> front. There are thinclients on the LAN accessing the broker/cluster and
>> there will be users logging on from outside. Users on the LAN are served
>> term1.example.lan and term2.example.lan, whereas users from outside get
>> term1.example.com and term2.example.com. So far everything has worked
>> fine,
>> but now I have started testing outside access, which does not work.
>> x2gobroker (with autologin) tells x2goclient to access term1 or term2 - it
>> leaves out the rest of the domain name. This works fine on the LAN,
>> because
>> the machines there have example.lan set as their searchdomain, but
>> machines
>> from outside can't resolve "term1" to "term1.example.com" and need to be
>> given the FQDN. Please note that the FQDNs is specified in the
>> sessionprofiles, but x2goclient still tries to resolve the short version
>> of
>> the name.
>>
>
> A fix for this is not so trivial, as it seems. The ,,wrong'' hostname is
> produced by x2golistsession on the server that the x2gobroker-agent gets
> executed on.
>
> Obviously, your external clients call the X2Go Session Broker. The session
> broker knows a list of possible hosts for sending the select_session query
> to. The server that gets asked responds with a hostname from the X2Go
> session DB, that is not necessarily what you configured in X2Go Session
> Broker's x2gobroker-sessionprofiles.**conf.
>
> So, what is needed is a backwards mapping between the result that gets
> returned by x2gobroker-agent (i.e. the returned server name / hostname)
> back to the FQDN hostnames configured in X2Go Session Broker. The mapping
> is not bijective here, it is more about guessing and shooting blindfolded.
>
> /me scratches his head on the best approach for this...
>
> Mike
>
>
>
>
> --
>
> DAS-NETZWERKTEAM
> mike gabriel, herweg 7, 24357 fleckeby
> fon: +49 (1520) 1976 148
>
> GnuPG Key ID 0x25771B31
> mail: mike.gabriel@das-netzwerkteam.**de<mike.gabriel@das-netzwerkteam.de>,
> http://das-netzwerkteam.de
>
> freeBusy:
> https://mail.das-netzwerkteam.**de/freebusy/m.gabriel%40das-**
> netzwerkteam.de.xfb<https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb>
>
> _______________________________________________
> X2Go-Dev mailing list
> X2Go-Dev@lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/x2go-dev
>



-- 
Anders Bruun Olsen
It-ansvarlig
Det Danske Sprog- og Litteraturselskab
(Society for Danish Language and Literature)

[Message part 2 (text/html, inline)]

Message #25 received at 218@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: 218-submitter@bugs.x2go.org

Cc: control@bugs.x2go.org, 218@bugs.x2go.org

Subject: X2Go issue (in src:x2gobroker) has been marked as pending for release

Date: Thu, 30 May 2013 00:36:43 +0200 (CEST)

tag #218 pending
fixed #218 0.0.2.3
thanks

Hello,

X2Go issue #218 (src:x2gobroker) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:

    http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=b0cefb7

The issue will most likely be fixed in src:x2gobroker (0.0.2.3).

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
commit b0cefb72b896ea34c724d0a8b79f9f8edadff7b5
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Thu May 30 00:33:04 2013 +0200

    inifile broker: Allow explicit specification combinations of »<hostname> (<address>)« in host= session profile field. (Fixes: #218).

diff --git a/debian/changelog b/debian/changelog
index a6b1619..d9e5f35 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 x2gobroker (0.0.2.3-0~x2go1) UNRELEASED; urgency=low
 
-  * Continue development...
+  * New upstream version (0.0.2.3):
+    - inifile broker: Allow explicit specification combinations of
+      »<hostname> (<address>)« in host= session profile field. (Fixes: #218).
 
  -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Wed, 22 May 2013 17:42:12 +0200
 

Message #37 received at 218@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

To: 218-submitter@bugs.x2go.org

Cc: control@bugs.x2go.org, 218@bugs.x2go.org

Subject: X2Go issue (in src:x2gobroker) has been marked as closed

Date: Fri, 7 Jun 2013 23:22:19 +0200 (CEST)

close #218
thanks

Hello,

we are very hopeful that X2Go issue #218 reported by you
has been resolved in the new release (0.0.2.3) of the
X2Go source project »src:x2gobroker«.

You can view the complete changelog entry of src:x2gobroker (0.0.2.3)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2gobroker.

    http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=5a969b79741be3d85dc82738361dfda4fc10c75d;hp=6a16a5739fc702c12d3cc8738837a8a29cae8c12

If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2gobroker.

Thanks a lot for contributing to X2Go!!!

light+love
X2Go Git Admin (on behalf of the sender of this mail)

---
X2Go Component: src:x2gobroker
Version: 0.0.2.3
Status: RELEASE
Date: Fri, 07 Jun 2013 23:21:29 +0200
Fixes: 152 218
Changes: 
 x2gobroker (0.0.2.3) RELEASED; urgency=low
 .
   * New upstream version (0.0.2.3):
     - inifile broker: Allow explicit specification combinations of
       »<hostname> (<address>)« in host= session profile field. (Fixes: #218).
     - Add rootless=false to example session profiles for all Desktop sessions in
       x2gobroker-sessionprofiles.conf.
     - Handle the rootless property automatically for know-by-name desktop
       sessions.
     - Make enable-plain-output, enable-uccs-output functional.
     - Add agent-quer-mode »NONE«. Disable X2Go Broker Agent calls completely.
     - Add status={S,R} to session profile list items when returned through X2Go
       Session Broker. (Fixes: #152). Handle taking over of running sessions and
       resuming sessions more reliably. Provide mechanism to suspend/terminate
       sessions through X2Go Server's (>= 4.0.1.0) x2gocleansessions daemon.

Send a report that this bug log contains spam.