X2Go Bug report logs -
#405
x2gomountdirs/sshfs hangs indefinitely if
Reported by: "Roger D. Serwy" <roger.serwy@gmail.com>
Date: Tue, 21 Jan 2014 06:45:02 UTC
Severity: grave
Tags: confirmed, pending
Fixed in version 4.0.1.19
Done: X2Go Release Manager <git-admin@x2go.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to x2go-dev@lists.berlios.de, X2Go Developers <x2go-dev@lists.berlios.de>
:
Bug#405
; Package x2goclient
.
(Tue, 21 Jan 2014 06:45:02 GMT) (full text, mbox, link).
Acknowledgement sent
to "Roger D. Serwy" <roger.serwy@gmail.com>
:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.berlios.de>
.
(Tue, 21 Jan 2014 06:45:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
Package: x2goclient
Version: 4.0.1.2
Severity: Grave
I am using ArchLinux Linux 3.12.6-1-ARCH #1 SMP PREEMPT Fri Dec 20 19:39:00 CET 2013
When "Client side printing support" is enabled, x2goclient appends an entry to ~/.ssh/authorized_keys.
Worse, these entries are not removed when exiting x2goclient.
This is a security risk, as the user did not intend to allow permanent access to that particular key,
especially when the client computer runs an OpenSSH server.
Performing chmod -w ~/.ssh/authorized_keys and then running x2goclient with client side printing gives
an error message: "Unable to write : /home/serwy/.ssh/authorized_keys". This message is generated
in void ONMainWindow::startX2goMount() at line 8867 in onmainwindow.cpp.
x2goclient shouldn't need to write to ~/.ssh/authorized_keys.
Regards,
Roger Serwy
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#405
; Package x2goclient
.
(Thu, 08 Jan 2015 14:05:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Thu, 08 Jan 2015 14:05:02 GMT) (full text, mbox, link).
Message #10 received at 405@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tag -1 confirmed
Control: reassign -1 x2goserver
Control: retitle -1 x2gomountdirs/sshfs hangs indefinitely if
client-side sshd is down
Hi,
I have spent the last 1.5 days with hunting down the cause for #405.
The phenomenon is:
o client-side is Linux (or maybe Mac OS X)
o sshd ist not running on the client machine
o the session profile has printing or client-side folder sharing enabled
If X2Go Client launches a remote session it does the following things:
o set up a reverse port forwarding tunnel that allows
<server-side-localhost>:<fsPort> -> <client-side-localhost>:<sshd-Port>
o if sshd is not running, the above will still work...
o then x2gomountdirs is evoked...
o ... which attempts to run sshfs against <server-side-localhost>:<fsPort>
o however, in X2Go Client this triggers an I/O error because the client-side
sshd is not listening / not running
I studied the X2Go Client code (sshmasterconnection.cpp and
sshprocess.cpp) very deeply and added several new debug messages +
improved the debugging output of existing messages.
In X2Go Client, the mounting of a client-side folder uses two SSH
channel inside this reverse port forwarding tunnel:
o one SSH channel for the tunnel itself
o one SSH channel per x2gomountdirs command call evoked on the server
Furthermore, X2Go Client can detect if failures occur in x2gomountdirs
this way:
o something strange happens while executing the command (SSH
disconnects etc.)
o the stdOut of the evoked command (x2gomountdirs) is empty while
stdErr is not
So, (and I did not know this), all X2Go Server side commands
(/usr/bin/x2go*) should properly write to stderr if things go wrong
and leave stdOut untouched at the same time.
The problem now is: if x2gomountdirs is not detected as "failing"
(which it is not), the sshfs pubkey required for client-side folder
sharing is not removed from the .ssh/authorized_keys file.
Furthermore, X2Go Client detects the I/O errors on the sshfs tunnel
channel, but cannot relate to that to the x2gomountdirs command evoked
via the SSH command channel.
My first attempts targetted getting X2Go Client to tidy up the
authorized_keys file whenever a tunnel failure occurs. X2Go Client
should be able to detect this, but this would require a partial
redesign of the complete reverse port forwarding mechanism. I
disrecommend doing this for the current X2Go Client implementation,
but we should keep it in the back of our heads for a later redesign.
It took about 8h to come to this conclusion.
My second approach (and I will commit soon is this):
o evoke sshfs command with "timeout 30 sshfs <options>"
o print error messages to STDERR (not to STDOUT)
o and make sure we unregister the mount point if sshfs fails (with
fusermount -u)
Wit this approach, X2Go Client tries to call x2gomountdirs,
x2gomountdirs fails after 30 seconds with error messages printed to
STDERR. This gets caught by X2Go Client and then the
post-startX2goMount code is triggered which removes the used pubkey
from ~/.ssh/authorized_keys.
Commit will come in a minute...
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Added tag(s) confirmed.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 405-submit@bugs.x2go.org
.
(Thu, 08 Jan 2015 14:05:02 GMT) (full text, mbox, link).
Bug reassigned from package 'x2goclient' to 'x2goserver'.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 405-submit@bugs.x2go.org
.
(Thu, 08 Jan 2015 14:05:02 GMT) (full text, mbox, link).
No longer marked as found in versions 4.0.1.2.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 405-submit@bugs.x2go.org
.
(Thu, 08 Jan 2015 14:05:02 GMT) (full text, mbox, link).
Changed Bug title to 'x2gomountdirs/sshfs hangs indefinitely if' from 'x2goclient pollutes ~/.ssh/authorized_keys'
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to 405-submit@bugs.x2go.org
.
(Thu, 08 Jan 2015 14:05:02 GMT) (full text, mbox, link).
Message sent on
to "Roger D. Serwy" <roger.serwy@gmail.com>
:
Bug#405.
(Thu, 08 Jan 2015 14:05:03 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#405
; Package x2goserver
.
(Thu, 08 Jan 2015 14:25:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Thu, 08 Jan 2015 14:25:01 GMT) (full text, mbox, link).
Message #26 received at 405@bugs.x2go.org (full text, mbox, reply):
tag #405 pending
fixed #405 4.0.1.19
thanks
Hello,
X2Go issue #405 (src:x2goserver) reported by you has been
fixed in X2Go Git. You can see the changelog below, and you can
check the diff of the fix at:
http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=d6b726d
The issue will most likely be fixed in src:x2goserver (4.0.1.19).
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
commit d6b726dc6b9ad2945d3a3218ce2eeaef6474257a
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Thu Jan 8 13:26:21 2015 +0100
Start sshfs with a timeout of 30 seconds (because it never finishes if something is wrong with the client-side TCP socket). Also remove/unmount mountpoints erroneously registered sshfs mountpoints if sshfs command times out. (Fixes: #405).
diff --git a/debian/changelog b/debian/changelog
index 4d34828..bf219da 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -55,6 +55,11 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium
- Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere.
Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server.
- Allow usernames in session IDs of length 48 chars.
+ - Start sshfs with a timeout of 30 seconds (because it never finishes if
+ something is wrong with the client-side TCP socket). Also remove/unmount
+ mountpoints erroneously registered sshfs mountpoints if sshfs command
+ times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes:
+ #405).
* debian/control:
+ Add D (x2goserver): libfile-which-perl.
+ Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2).
Added tag(s) pending.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Thu, 08 Jan 2015 14:25:02 GMT) (full text, mbox, link).
Marked as fixed in versions 4.0.1.19.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Thu, 08 Jan 2015 14:25:02 GMT) (full text, mbox, link).
Message sent on
to "Roger D. Serwy" <roger.serwy@gmail.com>
:
Bug#405.
(Thu, 08 Jan 2015 14:25:03 GMT) (full text, mbox, link).
Marked Bug as done
Request was from X2Go Release Manager <git-admin@x2go.org>
to control@bugs.x2go.org
.
(Tue, 24 Feb 2015 20:55:38 GMT) (full text, mbox, link).
Notification sent
to "Roger D. Serwy" <roger.serwy@gmail.com>
:
Bug acknowledged by developer.
(Tue, 24 Feb 2015 20:55:38 GMT) (full text, mbox, link).
Message sent on
to "Roger D. Serwy" <roger.serwy@gmail.com>
:
Bug#405.
(Tue, 24 Feb 2015 20:55:46 GMT) (full text, mbox, link).
Message #40 received at 405-submitter@bugs.x2go.org (full text, mbox, reply):
close #405
thanks
Hello,
we are very hopeful that X2Go issue #405 reported by you
has been resolved in the new release (4.0.1.19) of the
X2Go source project »src:x2goserver«.
You can view the complete changelog entry of src:x2goserver (4.0.1.19)
below, and you can use the following link to view all the code changes
between this and the last release of src:x2goserver.
http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=49c91751e560ad09ab4490cc3bd6687509c05755;hp=724d2eefe399485a71e79c705a0aad125e853230
If you feel that the issue has not been resolved satisfyingly, feel
free to reopen this bug report or submit a follow-up report with
further observations described based on the new released version
of src:x2goserver.
Thanks a lot for contributing to X2Go!!!
light+love
X2Go Git Admin (on behalf of the sender of this mail)
---
X2Go Component: src:x2goserver
Version: 4.0.1.19-0x2go1
Status: RELEASE
Date: Tue, 24 Feb 2015 21:49:22 +0100
Fixes: 405 632 633 638 644 664 668 671 672 675 676 678 697 698 700 712 715 727 728 770
Changes:
x2goserver (4.0.1.19-0x2go1) RELEASED; urgency=medium
.
[ Mike Gabriel ]
* New upstream version (4.0.1.19):
- Use File::Which to detect if sshfs command is available
before trying to mount a client-side folder.
- Be a bit more tolerant when trying to detect if a
desktop icon is to be removed (using regexp, not
eq).
- Xsession script: Prevent bash failures when sourcing external bash
scripts beyond our scope. (Fixes: #632, #675).
- x2gogetapps: Support scanning of sub-directories when searching for
.desktop files. We allow to dive down one level into subdirs, we on
purpose do not recursively dive into the complete subtree. (Fixes: #633).
- Make man2html an optional tool. Don't fail if it is missing on the
build system (required for openSUSE/SLES builds).
- Fix x2goserver-xsession/Makefile on SUSE. Detect SUSE distro and create
Xsession related directory symlinks (xinitrc.d and Xclients.d).
- Hack for x2goserver-xsession/Makefile during SUSE builds. If
directoy /usr/share/doc/packages/brp-check-suse is present, the build env
is also considered to be a SUSE system.
- Trigger Xsession code for SUSE systems (look for /etc/SUSE-brand or
/etc/SuSE-release for SUSE system recognition). (Fixes: #671).
- x2gosqlitewrapper.c: Fix rpmlint error: no-return-in-nonvoid-function.
Return the exitcode of execve().
- Fix gramma in error message (in x2goresume-session).
- x2gocleansessions: Call x2gormforward also on terminated sessions. This
will make sure that re-assigned ports are really available on new session
startup.
- x2golistsessions(_root): Only update session state in session DB if
x2goagent's state file really exists. This addresses a problem that occurs
when x2golistsessions gets called via an x2gobroker-agent. The
x2golistsessions script may show session states (--all-servers) of
sessions on other servers that have session states files on their remote
/tmp dirs. These files are not accessible for that x2golistsessions script
and should simply be ignored. (Fixes: #638).
- Provide pam_namespace support for has_agent_state_file() function.
- Fix missing session list output if state file does not exist on the
machine that runs x2golistsessions(_root).
- Accept more verbose "DENY" output from x2godesktopsharing.
- Make sure that all "su"-to-user-contexts use /bin/sh for wrapping around
the executed command (in x2gocleansessions and x2golistsessions_root).
- Also enforce /bin/sh as shell in su command in x2goprint.
- README.i18n: Add file that explains the translation workflow for
this package. Thanks to Mark Pedersen-Cook for drafting this file.
- Make SSH agent forwarding work after having reconnected via SSH and
having resumed a session. (Fixes: #672). Thanks to Robert Siemer for
coming up with that idea.
- Fix cross-user X2Go Desktop Sharing after being broken by implementing
clipboard mode feature (and probably other code changes).
- Document session startup / resumption failures (and their reasons) in
server-side log output.
- Handle AD domain users gracefully when X2Go is used with SQLite DB
backend. (Fixes: #664).
- Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere.
Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server.
- Allow usernames in session IDs of length 48 chars.
- Start sshfs with a timeout of 30 seconds (because it never finishes if
something is wrong with the client-side TCP socket). Also remove/unmount
mountpoints erroneously registered sshfs mountpoints if sshfs command
times out. Furthermore, print errors to STDERR (not STDOUT). (Fixes:
#405).
- Handle execution of ss command from Perl script x2golistdesktops in a way
that not only works on Debian, but also on Fedora et al. (Fixes: #727).
- Provide legacy support for old File::Path packages in x2godbadmin.
(Fixes: #715).
- Fix wrong evocation of x2gosyslog ("error" -> "err").
- Use "undef $dbh" instead of "$dbh->disconnect()". Fixes SQLite3 issues on
SLE 11.x.
- Only call $dbh->sqlite_busy_timeout() if the $dbh object is capable of
that. Works around a too-old DBD::SQLite package on SLE 11.x.
- Legacy for applications (and X2Go scripts) that expect $SSH_CLIENT to be
set in the X2Go session's environment. (Fixes: #644).
- Add man page for x2gogetapps. Weave into that a security / disclaimer
message as proposed by Stefan Baur. (Fixes: #728).
* debian/control:
+ Add D (x2goserver): libfile-which-perl.
+ Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2-0~). (Fixes: #700).
+ Bump Standards: to 3.9.6. No changes needed.
+ Don't depend on libdb-pg-perl for armhf builds. (Fixes: #712). Thanks to
Heinrich Schuchardt for providing information on this.
+ Upgrade to D again (bin:package x2goserver): xfonts-base (Fixes: #770).
* debian/x2goserver.docs:
+ Install README.i18n file into bin:package x2goserver.
* x2goserver.spec:
+ Add to R: perl(File::Which).
+ Additionally adapt to building on openSUSE/SLES.
+ No shell expansion possible in obs-build, detect perl version only for
non-SUSE builds.
+ Add to R: x2goserver-xsession.
+ Don't mention /etc/x2go/x2gosql/sql twice (directly and with wildcard).
+ No %{_sysconfdir}/x2go/Xclients.d on SUSE systems.
+ Use %{_localstatedir} instead of %{_sharedstatedir}.
+ Use proper if... then... clauses.
+ For SUSE builds: Add to R: shadow (useradd, groupadd).
+ Replace historical "egrep" with "grep -E".
+ Systemd support for SUSE >= 12.10.
+ Set %defattr macro for every bin:package.
+ SUSE and Fedora/RHEL have different package group names.
+ Add x2goserver-rpmlintrc file to handle some rpmlint errors and warnings.
+ SUSE has openssh, but no openssh-server.
+ Add to R (x2goserver): perl-X2Go-Server.
+ Add to R (diverse): perl(Config::Simple), perl(Switch) and
perl(Capture::Tiny).
+ Add to R (x2goserver): perl(File::BaseDir).
+ Don't hard-code /var/lib/ in $HOME path of to-be-created user
"x2gouser".
+ Add to BR: findutils.
+ For Fedora-like systems, don't make x2goserver bin:package authoritative
for non-X2Go directories. (Fixes: #676).
+ Remove macro call %systemd_pre for Fedora/EPEL-7 builds. No such macro in
Fedora/RHEL7. (Fixes: 698).
+ Create system user x2gouser with $HOME in /var/lib/x2go. (Fixes: #697).
+ Always set BuildRoot: parameter.
+ BuildRequires: SUSE <= 11.3 has xorg-x11, not xinit.
+ Requires (x2goserver-xsession): SUSE <= 11.3 has xorg-x11, not xinit.
+ No Bashisms in scriptlets.
+ rpmlint requires shared-mime-info at build time on SLE <= 11.3.
+ "%set_permissions" / "%verify_permissions" macros are not know in SLE <=
11.3. Using "%run permissions" and "%verify permissions" instead.
+ On SUSE, add permissions.d/x2goserver.
+ Fix SQLite wrapper permissions (02775 -> 02755)
+ Use if then clauses for creating user/group x2goprint.
.
[ Matthew L. Dailey ]
* New upstream version (4.0.1.19):
- x2gocleansessions: Redirect stdin, stdout and stderr to /dev/null, test
for the existence of the file descriptor before issuing the close,
only capture the file descriptor backreference in the regex and
send any close failures to syslog. (Fixes: #678).
.
[ Lars Wendler ]
* New upstream version (4.0.1.19):
- Use "printf" instead of "echo -n". (Fixes: #668).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#405
; Package x2goserver
.
(Tue, 24 Feb 2015 20:55:56 GMT) (full text, mbox, link).
Acknowledgement sent
to X2Go Release Manager <git-admin@x2go.org>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Tue, 24 Feb 2015 20:55:57 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.x2go.org>
to internal_control@bugs.x2go.org
.
(Wed, 25 Mar 2015 06:24:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Wed Oct 30 12:56:26 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.