From david.fuhrmann@gmail.com  Wed Aug  7 17:56:48 2013
Received: (at 287) by bugs.x2go.org; 7 Aug 2013 15:56:49 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_DNSWL_LOW,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-ea0-f179.google.com (mail-ea0-f179.google.com [209.85.215.179])
	by ymir (Postfix) with ESMTPS id 7C8475DB1E
	for <287@bugs.x2go.org>; Wed,  7 Aug 2013 17:56:48 +0200 (CEST)
Received: by mail-ea0-f179.google.com with SMTP id b10so915272eae.38
        for <287@bugs.x2go.org>; Wed, 07 Aug 2013 08:56:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=sender:subject:mime-version:content-type:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=TULNUeSSB1zhMDjllI0tc3P7OXIb3vlzhHVtseH2vCE=;
        b=IoQdErGXdp4fxd0PpHd+z4XojCMldFB11ij0+2sCJkVdAA14OphREM1NMaM2LkWJm9
         Q14e/K4yX+mP0iWOyMh6AV1vSB3jf5o8ob/9XdcWxdwXhi011JOIvX8RaalHBgMB5WdV
         Z6eEGMgdyDz8Gr53m0cJacSdex1kvfRUtEv+P1Jgnl/wHjOU3gBVD1jXiFYICZcmSck+
         NwIUWA8W5IXr79DojZFbmhZx0coG7eGQ08k6BiCFZ83UOlhoVrTjWUSmr1z6wwjSy2ey
         EWRh/rGUEjekD6kamWjC5w7W0nK6awxClu4grIAToX62jEumPP4U/w7pVitweYpJgRPv
         BtgQ==
X-Received: by 10.14.179.131 with SMTP id h3mr3706273eem.102.1375891008151;
        Wed, 07 Aug 2013 08:56:48 -0700 (PDT)
Received: from [192.168.0.20] (erft-4d07d423.pool.mediaWays.net. [77.7.212.35])
        by mx.google.com with ESMTPSA id m54sm10723337eex.2.2013.08.07.08.56.46
        for <multiple recipients>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Wed, 07 Aug 2013 08:56:47 -0700 (PDT)
Sender: David Fuhrmann <david.fuhrmann@gmail.com>
Subject: Re: [X2Go-Dev] Bug#287: x2goserver allows to connect to ALL X server sessions by default
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Content-Type: text/plain; charset=us-ascii
From: David Fuhrmann <fuhrmann_mail@web.de>
X-Priority: 3 (Normal)
In-Reply-To: <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de>
Date: Wed, 7 Aug 2013 17:56:45 +0200
Cc: 287@bugs.x2go.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <7590CCCD-172A-4E9A-BF38-49ADA374C4C1@web.de>
References: <F7C30D2B-5461-457E-8088-7A0933A86EEF@web.de> <20130807114338.13215dfoanwep8sq@mail.das-netzwerkteam.de> <CANN0FUgL27BfEyQ_=4nLiY56rHjo5fGsf1OyDK47vLb2Gdi+jg@mail.gmail.com> <20130807160258.61246yer4vhkibo2@mail.das-netzwerkteam.de>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
X-Mailer: Apple Mail (2.1508)

Hi,

We are using a debian-based linux mint, and installed the server from =
the debian 7 repository IIRC.

I just tested at home on Ubuntu 10.04, and here it works fine. I think =
this might be some configuration issue.

Best,
David

Am 07.08.2013 um 16:02 schrieb Mike Gabriel =
<mike.gabriel@das-netzwerkteam.de>:

> control: tag -1 - wontfix
> control: tag -1 - not-a-bug
>=20
> Hi David,
>=20
> On Mi 07 Aug 2013 13:54:14 CEST David Fuhrmann wrote:
>=20
>> thanks
>>=20
>> ... for the answer. We just retested it today in our environment, and =
the
>> issue is still as described. Especially we did:
>>=20
>> 1) user_A starts a xfce x2go session on hostA, without starting
>> x2godesktopsharing.
>> 2) user_B logs in at hostA, using "connect to local desktop. It sees =
a X
>> session under its own user name, and a port. user_B can click on =
"full
>> access" and gets access to the session.
>>=20
>> Second test:
>> - user_A starts x2godesktopsharing, but leave the default setting (do =
not
>> allow access, with cross).
>> - user_B sees same behaviour as described above
>>=20
>> Third test:
>> - user_A starts x2godesktopsharing, but and enables access (green =
icon in
>> menu bar)
>> - user_B now sees two sessions in the session list: one with his own =
user
>> name, one with user_As user name. Both have the same port. If user_B
>> selects the one which has user_A as its name, he can only connect to =
view,
>> and eventually, this connection gets refused. (In the mean time, =
user_A
>> sees a question dialog asking user_B for access in the session.)
>> But still, user_B sees a session with his own name, and can connect =
to it
>> and gets full access to the xfce session started by user_A.
>>=20
>> So in summary: The x2godesktopsharing has no effect at all when it =
should
>> block all accesses, and only works partly when it should allow =
individual
>> access.
>>=20
>> In our environment, every machine has the same logins provided by an =
LDAP
>> server. I will retest at home to see how it behaves with normal local =
users.
>=20
> Ok, thanks for re-testing. I undo the taggings earlier made on this =
issue. This is indeed a big issue that needs immediate fixing!!!
>=20
> Next question: what distro are you on. I tested on Debian and it =
worked flawlessly. Do you have any chance to test on Debian or Ubuntu =
(if you are on some RPM based distro)?
>=20
> Greets,
> Mike
>=20
>=20
> --=20
>=20
> DAS-NETZWERKTEAM
> mike gabriel, herweg 7, 24357 fleckeby
> fon: +49 (1520) 1976 148
>=20
> GnuPG Key ID 0x25771B31
> mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
>=20
> freeBusy:
> =
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.=
xfb