From unknown Fri Mar 29 02:50:58 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: point out that x2gobroker is not a security feature Reply-To: Stefan Baur , 666@bugs.x2go.org Resent-From: Stefan Baur Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 07 Nov 2014 00:00:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.141531814222456 (code B); Fri, 07 Nov 2014 00:00:02 +0000 Received: (at submit) by bugs.x2go.org; 6 Nov 2014 23:55:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 09B475DEA7 for ; Fri, 7 Nov 2014 00:55:41 +0100 (CET) Received: from [192.168.0.3] (HSI-KBW-078-043-170-197.hsi4.kabel-badenwuerttemberg.de [78.43.170.197]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0M8hmN-1Y0mFX0FN5-00wFtX; Fri, 07 Nov 2014 00:50:40 +0100 Message-ID: <545C095F.2020707@baur-itcs.de> Date: Fri, 07 Nov 2014 00:50:55 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:m8LNWoQmEuzRwnakkAPyKKbg34uesauIohxoLVE37vk EqitIA6oZMxOTQr1sRXl6rMgBV3nlicY04sEBwhPhWi6SqTGC/ eVnN/Oescp5mXzQEmqLp682qgjCHtLcBrDMAHhmLVRq491ap1h 33rF3OiRk7iN+0LPwwuIV6hRkfKa6rNvMtXhhZWh4TMUEAAWPF U1NHfj7yK4rk5S6OAxRYKOC881XV7lHgvOdh8+URH/JFoCcrqw uxMLTWOCL/pDdu7fbJy9oCWydmKj2Eb3RmpmIVK/Upe0VjyURb zAOIErGbJcTsXaNQdFJxcP8UN20jEW0SQ6+rqFXQfJuAoxDoh/ 4fvq6pZfJQxA5PtZhaHbPb2wTVrjy/kmDs36tv6yH X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: x2gobroker Severity: wishlist Please add a prominent note to x2gobroker's man page that it is *not* intended as a security feature - a user can still launch x2goclient without the broker parameter and set it to run any executable the user has exec permission for on the server. As always, group membership and file permissions *MUST* (MUST as defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to limit a user's access to executables on the server. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUXAlfAAoJEG7d9BjNvlEZ+eAH/06sGKiAbYx5Lzf5ehEZcM/R 5lumXu0SOVHsCIen/KRAHP+MQ+wvGngNawo0PZsJBZyhvHQ/SeUMrotR3MSPFB3S ZDYvznt4LEfBbKbm4uabBmFOiSndFaFlyZzwt95z/SrAdaLidphUXlkTI0Mu5UOI qVQbZWtBUNmEF+I1MalAvpGCZ+JK3BpSg88Y7XDqZvQfTcUUBxr9MGWBxKL5CHlK Lt6jIZzXdxX+RWK7SmA5zYpUCG7yZcR6EzSnq7U1cDqW3XNG/QvddvS4IL04/u/U 068Tl/gHhKr3vquDjyMjXnuP8TbBFuTmDb6qbJeyY+UrC/n5kmXIlFRrBkZPnKM= =ej1y -----END PGP SIGNATURE----- From unknown Fri Mar 29 02:50:58 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: [X2Go-Dev] Bug#666: point out that x2gobroker is not a security feature Reply-To: Mike Gabriel , 666@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 08 Jan 2015 23:45:00 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by 666-submit@bugs.x2go.org id=B666.142076066624308 (code B ref 666); Thu, 08 Jan 2015 23:45:00 +0000 Received: (at 666) by bugs.x2go.org; 8 Jan 2015 23:44:26 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 1C20F3BC4F for <666@bugs.x2go.org>; Fri, 9 Jan 2015 00:44:25 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id C8CDD9F3; Fri, 9 Jan 2015 00:44:24 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B480D3BA1F; Fri, 9 Jan 2015 00:44:24 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVhLXny9kVXo; Fri, 9 Jan 2015 00:44:24 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 5D27D3BA08; Fri, 9 Jan 2015 00:44:24 +0100 (CET) Received: from p5B3B8A30.dip0.t-ipconnect.de (p5B3B8A30.dip0.t-ipconnect.de [91.59.138.48]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 08 Jan 2015 23:44:24 +0000 Date: Thu, 08 Jan 2015 23:44:24 +0000 Message-ID: <20150108234424.Horde.ofgocuZ8EobF8khVLgaqLg2@mail.das-netzwerkteam.de> From: Mike Gabriel To: Stefan Baur , 666@bugs.x2go.org In-Reply-To: <545C095F.2020707@baur-itcs.de> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 91.59.138.48 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_4ML1exOe5JmNiMKgENfGKg3"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_4ML1exOe5JmNiMKgENfGKg3 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Stefan, On Fr 07 Nov 2014 00:50:55 CET, Stefan Baur wrote: > Package: x2gobroker > Severity: wishlist > > Please add a prominent note to x2gobroker's man page that it is *not* > intended as a security feature - a user can still launch x2goclient > without the broker parameter and set it to run any executable the user > has exec permission for on the server. > > As always, group membership and file permissions *MUST* (MUST as > defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to > limit a user's access to executables on the server. > > - -Stefan Do you think you could write down such an additional note for the man=20=20 page=20and send it back to this bug (in plain text)? I will work that text into the man page then. Thanks, Mike PS: if you will, tag this bug with "patch" once you have sent that=20=20 text=20passage... --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_4ML1exOe5JmNiMKgENfGKg3 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUrxZYAAoJEJr0azAldxsxQpoP/jmPyK/OjB+1DEr7oQFvqmb/ XTvAjEHqjZD+uAIvFbOg+r73DscdpWkrqD1G/atZFenx0k3pBKWdF7mL7yoxlXrk yWRL1QW6AccjvuD/UQShRrpVmQpLldhfUwysYQAE+MoYKOkndUsVjnFAR+R9+61J KjbPMAhfpkt+6HH/toxJKlFPUg0yNILAUNljPw33omuveasz/IUizb6Ov3UT+y0S Rh31uUT3QnGIpCT+K8ORnujie72K7FBbipaLaDM74tKx0ZK65hLe22qzBZ/rQT28 tU85NEMgIObRtsBuIAxexYJukxtP4h+AjDTKRcqDmK0NpDiyVZIeL/iIFKUQBUv3 crr16ADgCGxPeCbkLyO/T3KL/OhKfaEDxxPnhmdFwhd9BlwUibF8j+paC5HicOl9 xiVaSyKYH0Y64AgW1x5Qh17s6I0j/E2wYU6prLog01HH/GeADk0ObsTSNu3Lw2/n gJg387QHs7WSF9ypiRJ+3W+g1xpv5vVp+5qaaAJCon6u0451Flpm5oZzlt5qfPvG XV9z72w/239FjeIVOvrADupeN1gqvjFML0+899yVWQ3IjhWOYvVvyDpwFc+Ham3V UwJGnpWwbTsTEroxaiAkoQ0xYFpxek/29DYwepi+i06CXHLHpZdwXTU9nczPLYhG J2xfxUKa/K9WuNM9agXj =ldA+ -----END PGP SIGNATURE----- --=_4ML1exOe5JmNiMKgENfGKg3-- From unknown Fri Mar 29 02:50:58 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: [X2Go-Dev] Bug#666: point out that x2gobroker is not a security feature Reply-To: Stefan Baur , 666@bugs.x2go.org Resent-From: Stefan Baur Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 09 Jan 2015 10:25:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: Received: via spool by 666-submit@bugs.x2go.org id=B666.14207989895657 (code B ref 666); Fri, 09 Jan 2015 10:25:01 +0000 Received: (at 666) by bugs.x2go.org; 9 Jan 2015 10:23:09 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7181A5DEA9 for <666@bugs.x2go.org>; Fri, 9 Jan 2015 11:23:07 +0100 (CET) Received: from [192.168.0.3] ([188.105.114.135]) by mrelayeu.kundenserver.de (mreue101) with ESMTPSA (Nemesis) id 0LfzrP-1XSkG90hCd-00paEm; Fri, 09 Jan 2015 11:23:06 +0100 Message-ID: <54AFAC4E.8060103@baur-itcs.de> Date: Fri, 09 Jan 2015 11:24:14 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Mike Gabriel , 666@bugs.x2go.org References: <20150108234424.Horde.ofgocuZ8EobF8khVLgaqLg2@mail.das-netzwerkteam.de> In-Reply-To: <20150108234424.Horde.ofgocuZ8EobF8khVLgaqLg2@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:lSDPjNFXCkJVt9gh08FNB6INTZAIIcnwxMT1ytLfoCsHVdBvcpY i4nMEKkx1sYMkWfeg6LY7Zw9Npg3VRPFE0qa1mgoc01MsUoXixytnDViC534LKV/np0gCQg XZaloxdurTmzSOzbwosPTW86XlIJcbkG117z7E9s/GV0w2WuIYHEpCmCDKp15N1N2lZW88F 9ZjoQbpOVpUSg2uzev97Q== X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Control: tag -1 patch Control: clone -1 -2 Control: retitle -2 point out that X2GoServer's Published Application Mode is not a security feature Control: tag -2 patch Control: severity -2 wishlist Control: package -2 x2goserver > Do you think you could write down such an additional note for the > man page and send it back to this bug (in plain text)? > I will work that text into the man page then. > PS: if you will, tag this bug with "patch" once you have sent that > text passage... @Mike#1, I tried to clone and retitle this bug for X2GoServer's Published Application Mode. Please verify that this worked. - -Stefan This is the notice for X2GoBroker. For X2GoServer's PAM, see below. SECURITY NOTICE Users are advised to not misinterpret X2GoBroker's capabilites as a security feature. Even when using X2GoBroker, it is still possible for users to locally configure an X2GoClient with any setting they want, and use that to connect. So if you're trying to keep users from running a certain application on the host, using X2GoBroker to "lock" the configuration is the *wrong* way. The users will still be able to run that application by creating their own, local configuration file and using that. To keep users from running an application on the server, you have to use *filesystem permissions*. In the simplest case, this means setting chmod 750 or 550 on the particular application on the host, and making sure the users in question are not the owner and also not a member of the group specified for the application. Notice for X2GoServer's PAM (Published Application Mode) is here: SECURITY NOTICE Users are advised to not misinterpret X2GoServer's Published Application Mode as a security feature. Even when using Published Application Mode, it is still possible for users to locally configure an X2GoClient with any setting they want, and use that to connect. So if you're trying to keep users from running a certain application on the host, using Published Application Mode to "lock" the configuration is the *wrong* way. The users will still be able to run that application by creating their own, local configuration file and using that. To keep users from running an application on the server, you have to use *filesystem permissions*. In the simplest case, this means setting chmod 750 or 550 on the particular application on the host, and making sure the users in question are not the owner and also not a member of the group specified for the application. - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUr6xOAAoJEG7d9BjNvlEZMQ4IAJWMnnvvfP8RyN+nc52Se2ue A2uA5K6XAl7+vXajF+v/LNnkWsqowE0Z/Z5MGdzfpAPblHRF4qjVqUmcGLAK0lfH wauk9MxlmV3M+W+0wUoVbjlHcuCWs3USoefqw4ncLXMoYiokSOnmgY4wFzaRWSi9 yu7WeO9JQyphTODQoHGydDjVPiez00eOrW4cFGBccljr+O1wMjXe5fTK4igILEfd UYcLcCqSLuR/E0q7kL4ja8M+1ZaTkqcS2971pnBXF+xdBRDYe9HTBTDJC8XOyIwB z9zvEbQ5We3dc8H+ZJY12DVhgmAiTi53S2MF81NPrEJ41la1Wri8eV5oLy6aNDE= =BVtu -----END PGP SIGNATURE----- From unknown Fri Mar 29 02:50:58 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: X2Go issue (in src:x2gobroker) has been marked as pending for release Reply-To: Mike Gabriel , 666@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Mon, 30 Mar 2015 15:00:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: patch Received: via spool by 666-submit@bugs.x2go.org id=B666.142772748119772 (code B ref 666); Mon, 30 Mar 2015 15:00:01 +0000 Received: (at 666) by bugs.x2go.org; 30 Mar 2015 14:58:01 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 748815DAC8; Mon, 30 Mar 2015 16:57:57 +0200 (CEST) From: Mike Gabriel To: 666-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 666@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20150330145758.748815DAC8@ymir.das-netzwerkteam.de> Date: Mon, 30 Mar 2015 16:57:57 +0200 (CEST) tag #666 pending fixed #666 0.0.3.0 thanks Hello, X2Go issue #666 (src:x2gobroker) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=6652693 The issue will most likely be fixed in src:x2gobroker (0.0.3.0). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 6652693c1fe47dbc53f84db84fab34f70485951a Author: Mike Gabriel Date: Mon Mar 30 16:57:56 2015 +0200 Add security notice / disclaimer to x2gbroker.1 man page as suggested by Stefan Baur. (Fixes: #666). diff --git a/debian/changelog b/debian/changelog index 8ac74a1..a0640e5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -283,6 +283,8 @@ x2gobroker (0.0.3.0-0x2go1) UNRELEASED; urgency=low - man pages: Update date. - If non-load-balanced session profiles reference a non-reachable host, hand-back the system's hostname to X2Go Client / Python X2Go. + - Add security notice / disclaimer to x2gbroker.1 man page as suggested + by Stefan Baur. (Fixes: #666). * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. From unknown Fri Mar 29 02:50:58 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#666: X2Go issue (in src:x2gobroker) has been marked as closed Reply-To: X2Go Release Manager , 666@bugs.x2go.org Resent-From: X2Go Release Manager Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sat, 20 Jun 2015 12:15:30 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 666 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: pending patch Received: via spool by 666-submit@bugs.x2go.org id=B666.143480234029799 (code B ref 666); Sat, 20 Jun 2015 12:15:30 +0000 Received: (at 666) by bugs.x2go.org; 20 Jun 2015 12:12:20 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 43AB75DAA9; Sat, 20 Jun 2015 14:10:26 +0200 (CEST) From: X2Go Release Manager To: 666-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 666@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150620121026.43AB75DAA9@ymir.das-netzwerkteam.de> Date: Sat, 20 Jun 2015 14:10:26 +0200 (CEST) close #666 thanks Hello, we are very hopeful that X2Go issue #666 reported by you has been resolved in the new release (0.0.3.0) of the X2Go source project »src:x2gobroker«. You can view the complete changelog entry of src:x2gobroker (0.0.3.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2gobroker. http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=30c316e66f4173d0e3577fe85817e73f822a479e;hp=81e28ea24b269fb24559d70c462b846cf2f56edd If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2gobroker. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2gobroker Version: 0.0.3.0-0x2go1 Status: RELEASE Date: Sat, 20 Jun 2015 13:58:49 +0200 Fixes: 153 217 275 306 360 379 380 447 449 450 469 470 484 491 493 494 544 545 553 562 665 666 685 686 692 706 716 784 834 835 836 Changes: x2gobroker (0.0.3.0-0x2go1) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (0.0.3.0): - Add SSH support to X2Go Session Broker. (Fixes: #153). - Move x2gobroker executable to /usr/bin. - Update x2gobroker man page. - SSH broker: Only allow context change to another user for the magic user (default: x2gobroker). - Fix logrotate script: x2gobroker-wsgi. (Fixes: #275). - Get the cookie based extra-authentication working for SSH mode. - Get the cookie based extra-authentication working for HTTP mode. - Fix output of HTTP based connectivity test. - Do not let the broker crash if an agent is not reachable. Capture X2GoBrokerAgentExceptions when pinging the remote agent. (Fixes: #306). - When calling the agent's suspend_session function, make sure to pass on the remote_agent dictionary. - Provide empty directory /etc/x2go/broker/ssl. - Re-order x2gobroker main file. Move logging further to the back to allow taking command-line options into account. - Modify default x2gobroker-sessionprofiles.conf and provide something that will work with every default setup. - New broker session profile parameter: broker-agent-query-mode. Define agent query methods per session profile. - Rename base broker's use_session_autologin to get_session_autologin. - Fix Python2'isms in three exceptions. Thanks to Mathias Ewald for spotting. - Make test_suite callable via setup.py. - Provide a test function that checks if the basic broker agent setup (SSH private/public key pair) is available. If not, no SSH broker usage will be attempted. - Let a portscan preceed the SSH ping command. This notably reduces timeout duration if the host running the queried broker agent is down). - Catch RequestHandler errors and write them to the error log channel. - Raised verbosity level to INFO for session broker utilities. - Add sanity checks to x2gobroker-pubkeyauthorizer. - Report stderr results to the broker log channel (broker.log). This allows debugging of X2Go Session Broker Agent via the X2Go Session Broker logging instance. (Fixes: #217). - Fix the ping task in x2gobroker-agent.pl, process it without checking the given username. - Fix remote agent detection in case of some agents being down. - Add utils function: matching_hostnames(): test hostname lists for matching hostnames (with/without domain name). - Add fuzzy tolerance when comparing host name lists as found in session profile configuration and as reported by broker agent. - In x2gobroker.conf: describe the manifold ways of providing a second authorized_keys file location in SSH server daemon. Thanks to Stefan Heitmüller for pointing out more recent SSH server's configuration style. - WSGI implementation: keep SCRIPT_NAME in environ, as removing it causes AssertionErrors whenever we trigger a tornado.web.HTTPError. - Add password prompt to x2gobroker-testauth. Password prompt is used if the --password option is not used. - New authentication mechanism: none. Always authenticate a user, even if password is not provided or wrong. - Ship python2.6 asyncore patch (Debian squeeze python2.6 version) in python-x2gobroker's docs folder. - Show correct environment variables in log file prelude when WSGI is used. - Fix check-credentials = false for UCCS web frontend. - Add a start page (,,It works''). - Use IP addresses in apache2 config rather than hostnames. - Add new helper tool: x2gobroker-daemon-debug. - Add man page for x2gobroker-daemon-debug. - WebUI "plain": throw explainative log errors for every 404 http error. - Fix man pages (layout issues on x2gobroker-authservice man page). - Adapt man page installation to moval of x2gobroker(-testauth) from an sbin to a bin directory (executable for any user). - Make the inifile broker backend the default backend. (Fixes: #360). - Support daemonizing of the http broker. - Default to http broker mode when daemonizing the broker. - Support daemonizing of the authservice. - Detect RUNDIR in x2gobroker-authservice and use it for the default location of the authservice socket file. - Detect RUNDIR in x2gobroker Python module and use it for the default location of the authservice socket file. - Let x2gobroker-authservice take care of tidying up its own socket file. - Provide PAM config file for Debian and RHEL separately (as they differ). - Makefile: Clean up x2gobroker-agent binary. - Be more precise in Debian et al. init scripts when checking if the service is already running. - Add JSON WebUI backend for X2Go Session Broker. - JSON WebUI backend renders data of content type "text/json". - Provide configuration alternative to having /etc/defaults/* scripts parsed in by init scripts. Make X2Go Session Broker ready for being run via systemd. - Provide symlink x2gobroker-daemon. - Provide systemd service files for x2gobroker-daemon and x2gobroker-authservice. (Fixes: #379, #380). - Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd. Only drop privileges if x2gobroker(-daemon) is run as uidNumber 0. - Implement dynamic authid for JSON WebUI frontend. Add a generic metadata top level to the JSON output tree. - Store cookies in /var/lib/x2gobroker (path is more appropriate than previously suggested path /var/log/x2gobroker). - Handle selectsessions calls with a non-existent profile ID gracefully. - Session profiles with marker user=BROKER_USER will now auto-fill-in the broker username into the session profile's 'user' option. - Provide tool: x2gobroker-testagent. - Allow for broker clients to send in public SSH keys that the client may use for authentication to X2Go Servers. - broker agent: avoid one option system() calls in Perl. (Fixes: #784). - For user context changes: set the HOME dir of the new user correctly. - Reduce Paramiko/SSH verbosity (logging.ERROR) when connecting to remote broker agents. - Support adding remote broker agent's host keys via the x2gobroker-testagent tool. - If we received an SSH public key from a broker client, mark it as ACCEPTED after we deployed it, so that the client knows that it can its corresponding private key. - Fix https brokerage in x2gobroker-daemon-debug. - Load X2GOBROKER_DAEMON_USER's known_hosts key file before doing remote agent calls. - Fully rewrite agent.py. - Fix broker crashes when no session status is available for certain session profiles. - JSON webUI: run pre and post auth scripts also via this backend. - x2gobroker-daemon: become wrapper script, enable --mode HTTP by default. Provide some intelligence when run as daemon (killing children processes on reception of a SIGTERM, SIGINT, SIGQUIT, EXIT signal). - Rename sections for broker backends in x2gobroker.conf - Make config object of x2gobroker.conf available in authentication mechanism backends. - Fix SSH based broker client. - Fix several failing tests, adapt tests to current code base. - Introduce new global parameter for x2gobroker.conf: my-cookie-file. Allow storing the initial authentication cookie/ID in a read-protected file. - Explicitly set detach_process to True when calling daemon.DaemonContext(). Otherwise the daemons start but don't return to the cmdline prompt. (Fixes: #484). - Change agent API: all functions return a tuple where the first element denotes if the underlying agent call has been successful. - Correctly detect $HOME of the user that runs x2gobroker (including setuid calls via x2gobroker-ssh). - Enforce SSH agent query mode (instead of LOCAL mode) for SSH brokerage (as LOCAL query mode won't work due to a permission koan that has not yet been solved). - Fix interpretation of SSH_CLIENT env variable. - Make x2gobroker-agent usable/installable on non-X2Go server machines. (Fixes: #493). - Provide autologin support for session profiles that have an SSH proxy host configured. (Fixes: #494). - Fix IPv6 binding of the X2Go Session Broker daemon. If no bind port is given via the cmdline, obtain it from other means (via x2gobroker.defaults). - Rename LICENSE file to COPYING. - X2Go Broker Agent: Test if queried username exists on the system before performing the query. - Make sure bind_address and bind_port are correctly detected from /etc/default/x2gobroker-daemon and /etc/x2go/broker/defaults.cfg. - Move split_host_address() code into x2gobroker.utils. - Report to log what the broker agent replied to us. - Provide support for load-balancing to hosts that are all reachable over the same IP address, but different TCP/IP ports (e.g. docker instances or hosts behind a reverse NATed IPv4 gateway). This ended up in a rewrite of the complete selection_session() method of the base broker code. - Use physical host address and port (if provided) for contacting remote broker agent via SSH. - Update README and TODO. - Update copyright holders. Copyright is held only by people who actually contributed to the current code base. - logrotate configs: Rotated logs via "su x2gobroker adm". - Use hostname as hard-coded in server_list (from session profile configuration), don't try to strip off the domain name. - Consolidate x2gobroker.utils.split_host_address() with a test and rewrite completely. - Make sure that without configuration files, the HTTP broker listens to port 8080. - Provide legacy support for deprecated x2gobroker.conf global parameter 'check-credentials'. - Configure broker / authservice environment via .service files. - Load defaults.conf via authservices and for logger configuration, as well. - x2gobroker-authservice: Make sure socket file directory is created before trying to create the socket file itself. - Don't load defaults.conf twice. Only load it when initializing the loggers. - Provide a special PAM configuration file for SUSE systems (identical to the PAM configuration file for Debian). - defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, but also in the [daemon] and [authservice] section. - x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. - x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. - x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests. - Get several issues around select_session fixed via tests in the broker's backend base.py. - Add tests for broker agent queries. - Fix setting the remote agent's SSH port if the host option is of style " (:)". - During select_session: Re-add subdomain (if possible) to the hostname to make sure we can detect the host's : further down in the code. - Properly set (/var)/run/x2gobroker directory permissions when started via systemd. - Fix privilege check for the broker daemon's log directory. - Enable basic/random load-balancing for UCCS broker frontend. Make UCCS frontend aware of host session profile options of the form "host= (:). - Do a portscan on the remote's SSH port before querying a remote agent via SSH. - Don't return X2Go Servers that are actually down, currently. The X2Go Servers get probed via a short portscan on the remote's SSH port. If that portscan fails, another remote X2Go Server is chosen from the list of available server (if any). This portscanning functionality can be switched off via "default-portscan-x2goservers" in x2gobroker.conf or via "broker-portscan-x2goservers" per session profile. (Fixes: #692). - When load-balancing, switch to chosen server as remote broker agent before deploying SSH keys. - Allow resuming sessions from servers even if one offline server has left bogus in the session DB (plus unit tests). - Fix remote agent detection if one ore more X2Go Servers are offline and hostname does not match host address (plus unit test). - Allow remote agent calls via hostname or host address when using the format " ()" in the session profile. This can be useful if the is a valid address on the local network (broker <-> communication), but the host address is valid for clients (client <-> server communication). - Don't check for running/suspended session if the session profile will request a shadowing session. - Disabled broker agent calls and load-balancing for session profiles that will request shadowing sessions. - Mention "usebrokerpass" session profile option in x2gobroker-sessionprofiles.conf. - Provide desktop sharing (shadow session) example in x2gobroker-sessionprofiles.conf. - Makefile: Add installation rules for x2gobroker-loadchecker. - x2gobroker.1: Since systemd there are not only init scripts. Rephrasing man page. - New feature: x2gobroker-loadchecker daemon. (Fixes: #686). - x2gobroker-agent.pl: Use var name server_usage instead of server_load. Reflects better what that var denotes. - agent.py: Completion of several __doc__ strings (missing @return:, @rtype: fields). - X2GoBroker.check_for_sessions(): Fix check for shadow / non-shadow sessions. - x2gobroker.1: Mention x2gobroker-ssh in its man page, differentiate between the different modes (http/ssh) of the x2gobroker application. - Pre-release pyflakes cleanup. - agent.py: Capture login failures in checkload() function. - agent.py: Allow providing a custom logger instance in all functions. - LoadChecker.loadchecker(): Use load checker daemon's logger instance for logging actions taken place in agent.py. - agent.py: Make agent query mode LOCAL behave similar to agent query mode SSH if things go wrong. - agent.py: Set result to None, if SSH connection to broker agent fails. - Calculate our own MemAvailable value in x2gobroker-agent.pl. Only kernels newer than v3.14 offer the MemAvailable: field in /proc/meminfo. - x2gobroker-agent.pl: Fix regexp for detecting number of CPUs and CPU frequency. - x2gobroker-agent.pl: Fall-back CPU detection for virtualized systems (e.g. QEMU hosts). - LoadChecker.loadchecker(): Report about query failures, as well, in query cycle summary. - LoadCheckerServiceHandler(): Add line breaks in per-profile output. Return nothing if the load checker service is unreachable. - agent.py: Let get_servers() return a dictionary with hostnames as keys and number of sessions as values. - Fix X2GoBroker.use_load_checker(): Obtain broker-* option via X2GoBroker.get_profile_broker(), not via X2GoBroker.get_profile(). - Various improvements / fixes for session selection via the load checker daemon. - Adapt tests to new load checker service feature. - Only check for 'load_factors' key in remote_agent dict, if agent query mode is SSH. - Fix detection of running x2gobroker-daemon process in Debian's SystemV init script. - Set default log level to "WARNING", not "DEBUG". - defaults/x2gobroker-logchecker.default: Fix copy+paste errors. - doc/README.x2goclient+broker.getting-started: Mention how to launch PyHoca-GUI in broker mode. - etc/broker/defaults.conf: Fix copy+paste errors. - etc/x2gobroker-wsgi.*.conf: Make host ACLs Apache2.4 compliant. - logrotate/x2gobroker-loadchecker: The loadchecker.log file needs to be owned by user x2gobroker. - rpm/x2gobroker-*.init: Fix copy+paste errors. - man pages: Update date. - If non-load-balanced session profiles reference a non-reachable host, hand-back the system's hostname to X2Go Client / Python X2Go. - Add security notice / disclaimer to x2gbroker.1 man page as suggested by Stefan Baur. (Fixes: #666). - Provide x2gobroker system user public keys to broker agents with SSH options--strongly restricting the key usage--now. Modify x2gobroker- pubkeyauthorizer in a way that it replaces non-option keys with the newly provided optionized/restricted pubkeys. (Fixes: #685). - etc/x2gobroker.conf: Switch over to using dynamic auth cookies by default. - X2GoBroker.get_agent_query_mode(): Immediately return overridden query mode. Avoid logging of the configured query mode. Write the overridden query mode to the logger instance instead. - Don't enforce agent query mode "SSH" for x2gobroker-ssh anymore. - If a single-host is unreachable, return the host address, not the hostname and let X2Go Client release itself, that the host is unreachable. - x2gobroker-loadchecker: Don't freeze if load information for a complete load-balanced server farm is unavailable. - x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options. - x2gobroker-agent.pl: Add %U (uidNumber) and %G (primary gidNumber) as further possible substitutions for deriving the full path of the authorized_keys file where X2Go Broker Agent's deploys public SSH user keys to. (Fixes: #665). - agent.py: Use os.fork() instead of threading.Thread() to handle delayed executions of broker agent tasks. This assures that SSH pub keys are removed via the delauthkey broker agent task, if the SSH broker is used. (Fixes: #491). - Add run-optional-script support to SSH broker. - x2gobroker-ssh: When agent query mode is set to LOCAL, Execute x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes: #835). - When the x2gobroker-agent command call is shipped via $SSH_ORIGINAL_COMMAND environment var, make sure to strip-off "sh -c" from the command's beginning. - x2gobroker-agent.pl: Fix detection of X2Go's library path (x2gopath lib). - Implement "not-set" value for X2Go Client parameters. If a parameter is set to "not-set", the parameter won't be handed over to X2Go Client. (Fixes: #834, #836). - agent.py: Fix missing "task" parameter for task "ping" against a local broker agent. - Fix task ping when tested via the x2gobroker-testagent script. - Transliterate commands in session profiles to uppercase when checking if the command is supposed to launch a desktop session. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. + Recommend apache2 and libapache2-mod-wsgi for x2gobroker-wsgi. + Fix position of XS-Python-Version: field. + Rework LONG_DESCRIPTION of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Make x2gobroker-daemon a symlink and recognize HTTP mode by the executable's name. + Bump Standards: to 3.9.6. No changes needed. + Add to D (python-x2gobroker): python-urllib3. * debian/copyright: + Update file to match current status quo of upstream source files. * debian/x2gobroker-agent.dirs: + Provide empty log file directory. * debian/x2gobroker-wsgi postinst/postrm: + Make bin:package x2gobroker-wsgi compliant Debian's packaging style of Apache2.4 / Apache2.2. + On package purgal: Disable Apache2 config first and then attempt the removal of the x2gobroker user/group. + Pass $@ to our apacheconf_configure, apacheconf_remove functions to not break apache2-maintscript-helper. * debian/x2gobroker-ssh.postinst: + Assure proper file permissions, owner and group settings for x2gobroker-ssh. * debian/x2gobroker-ssh.prerm: + Drop dpkg-statoverride of /usr/bin/x2gobroker-ssh before package removal. * debian/*.postinst: + Assure that the log directory always exists (no matter what combination of packages got installed). * debian/python-x2gobroker.install: + Install defaults.conf into bin:package python-x2gobroker. * debian/source/format: + Switch to format 1.0. * rpm/*.init: + Provide initscripts that are likely to work on RHEL plus derivatives. * x2gobroker.spec: + Provide x2gobroker.spec file for building RPM packages. Inspired by the packaging work in OpenSuSE. + Split out python-x2gobroker sub-package. + Install Apache2 config symlinks to /etc/httpd (not /etc/apache2). + Make sure x2gobroker-agent wrapper gets installed into x2gobroker-agent sub-package. + Builds for EPEL-7 also have to systemd aware. + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Adapt to building on openSUSE/SLES. + Rework Description: of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Add x2gobroker-rpmlintrc file. + Don't package x2gobroker-daemon.1 nor x2gobroker-ssh.1 man pages twice. + On SUSE, we have /etc/apache2, not /etc/httpd. + On SUSE, we have to provide our own python-pampy package (and depend on that). In Fedora and RHEL, the same (upstream) software is named python-pam. (Fixes: #562). + For distro versions with systemd, provide /etc/x2go/broker/defaults.conf. For SysV distro versions, use /etc/defaults/* and source them via the init scripts. + No adm group on non-Debian systems by default. Using root instead on RPM based systems. + For Fedora 22 and beyond explicitly call python2 in all shebangs. + Add to BR: sudo (to have /etc/sudoers.d owned by some package). . [ Josh Lukens ] * New upstream version (0.0.3.0): - Add support for dynamic cookie based auth after initial password auth. (Fixes: #447). - Add support to run pre and post authentication scripts. (Fixes: #449). - Add auth mechanism https_get. (Fixes: #450). - Change pre and post scripts to use common codebase across frontends. (Fixes: #469). - Add ability to have script run in select session after server is selected. - Add basic support for pulling https_get authmech config from configuration file. (Fixes: #470). - Fix typos and host/port mixups in the remote_sshproxy logic. (Fixes: #544). - Make sure find_busy_servers in agent.py returns a tuple (recent API change) to not break profiles with multiple servers. (Fixes: #545). - On session resumption take profile's host list into account. Don't resume sessions the profile has not been configured for. (Fixes: #553). . [ Jason Alavaliant ] * New upstream version (0.0.3.0): - Handle spaces in broker login passwords when authservice is used. (Fixes: #706). - Don't strip off spaces from password strings. (Fixes: #716). . [ Mihai Moldovan ] * x2gobroker.spec: + Change all python-pampy references to python-pam on non-SUSE systems. + Fix %build scriptlet: add missing "done" in while; do; done shell script part. + Don't do a weird escape slash dance in sed's replace command. Simply use another separator. * debian/rules: + Try to call common-binary-indep from common-binary-arch. From unknown Fri Mar 29 02:50:58 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.502 (Entity 5.502) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#666 closed by X2Go Release Manager (X2Go issue (in src:x2gobroker) has been marked as closed) Message-ID: References: <20150620121026.43AB75DAA9@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: pending patch X-X2go-PR-Message: they-closed 666 X-X2go-PR-Package: x2gobroker X-X2go-PR-Source: x2gobroker Date: Sat, 20 Jun 2015 12:15:54 +0000 Content-Type: multipart/mixed; boundary="----------=_1434802554-14161-0" This is a multi-part message in MIME format... ------------=_1434802554-14161-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2gobroker package: #666: point out that x2gobroker is not a security feature It has been closed by X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager <= git-admin@x2go.org> by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1434802554-14161-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 20 Jun 2015 12:11:54 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=ham version=3.3.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id 43AB75DAA9; Sat, 20 Jun 2015 14:10:26 +0200 (CEST) From: X2Go Release Manager To: 666-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 666@bugs.x2go.org Subject: X2Go issue (in src:x2gobroker) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20150620121026.43AB75DAA9@ymir.das-netzwerkteam.de> Date: Sat, 20 Jun 2015 14:10:26 +0200 (CEST) close #666 thanks Hello, we are very hopeful that X2Go issue #666 reported by you has been resolved in the new release (0.0.3.0) of the X2Go source project »src:x2gobroker«. You can view the complete changelog entry of src:x2gobroker (0.0.3.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2gobroker. http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=30c316e66f4173d0e3577fe85817e73f822a479e;hp=81e28ea24b269fb24559d70c462b846cf2f56edd If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2gobroker. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2gobroker Version: 0.0.3.0-0x2go1 Status: RELEASE Date: Sat, 20 Jun 2015 13:58:49 +0200 Fixes: 153 217 275 306 360 379 380 447 449 450 469 470 484 491 493 494 544 545 553 562 665 666 685 686 692 706 716 784 834 835 836 Changes: x2gobroker (0.0.3.0-0x2go1) RELEASED; urgency=low . [ Mike Gabriel ] * New upstream version (0.0.3.0): - Add SSH support to X2Go Session Broker. (Fixes: #153). - Move x2gobroker executable to /usr/bin. - Update x2gobroker man page. - SSH broker: Only allow context change to another user for the magic user (default: x2gobroker). - Fix logrotate script: x2gobroker-wsgi. (Fixes: #275). - Get the cookie based extra-authentication working for SSH mode. - Get the cookie based extra-authentication working for HTTP mode. - Fix output of HTTP based connectivity test. - Do not let the broker crash if an agent is not reachable. Capture X2GoBrokerAgentExceptions when pinging the remote agent. (Fixes: #306). - When calling the agent's suspend_session function, make sure to pass on the remote_agent dictionary. - Provide empty directory /etc/x2go/broker/ssl. - Re-order x2gobroker main file. Move logging further to the back to allow taking command-line options into account. - Modify default x2gobroker-sessionprofiles.conf and provide something that will work with every default setup. - New broker session profile parameter: broker-agent-query-mode. Define agent query methods per session profile. - Rename base broker's use_session_autologin to get_session_autologin. - Fix Python2'isms in three exceptions. Thanks to Mathias Ewald for spotting. - Make test_suite callable via setup.py. - Provide a test function that checks if the basic broker agent setup (SSH private/public key pair) is available. If not, no SSH broker usage will be attempted. - Let a portscan preceed the SSH ping command. This notably reduces timeout duration if the host running the queried broker agent is down). - Catch RequestHandler errors and write them to the error log channel. - Raised verbosity level to INFO for session broker utilities. - Add sanity checks to x2gobroker-pubkeyauthorizer. - Report stderr results to the broker log channel (broker.log). This allows debugging of X2Go Session Broker Agent via the X2Go Session Broker logging instance. (Fixes: #217). - Fix the ping task in x2gobroker-agent.pl, process it without checking the given username. - Fix remote agent detection in case of some agents being down. - Add utils function: matching_hostnames(): test hostname lists for matching hostnames (with/without domain name). - Add fuzzy tolerance when comparing host name lists as found in session profile configuration and as reported by broker agent. - In x2gobroker.conf: describe the manifold ways of providing a second authorized_keys file location in SSH server daemon. Thanks to Stefan Heitmüller for pointing out more recent SSH server's configuration style. - WSGI implementation: keep SCRIPT_NAME in environ, as removing it causes AssertionErrors whenever we trigger a tornado.web.HTTPError. - Add password prompt to x2gobroker-testauth. Password prompt is used if the --password option is not used. - New authentication mechanism: none. Always authenticate a user, even if password is not provided or wrong. - Ship python2.6 asyncore patch (Debian squeeze python2.6 version) in python-x2gobroker's docs folder. - Show correct environment variables in log file prelude when WSGI is used. - Fix check-credentials = false for UCCS web frontend. - Add a start page (,,It works''). - Use IP addresses in apache2 config rather than hostnames. - Add new helper tool: x2gobroker-daemon-debug. - Add man page for x2gobroker-daemon-debug. - WebUI "plain": throw explainative log errors for every 404 http error. - Fix man pages (layout issues on x2gobroker-authservice man page). - Adapt man page installation to moval of x2gobroker(-testauth) from an sbin to a bin directory (executable for any user). - Make the inifile broker backend the default backend. (Fixes: #360). - Support daemonizing of the http broker. - Default to http broker mode when daemonizing the broker. - Support daemonizing of the authservice. - Detect RUNDIR in x2gobroker-authservice and use it for the default location of the authservice socket file. - Detect RUNDIR in x2gobroker Python module and use it for the default location of the authservice socket file. - Let x2gobroker-authservice take care of tidying up its own socket file. - Provide PAM config file for Debian and RHEL separately (as they differ). - Makefile: Clean up x2gobroker-agent binary. - Be more precise in Debian et al. init scripts when checking if the service is already running. - Add JSON WebUI backend for X2Go Session Broker. - JSON WebUI backend renders data of content type "text/json". - Provide configuration alternative to having /etc/defaults/* scripts parsed in by init scripts. Make X2Go Session Broker ready for being run via systemd. - Provide symlink x2gobroker-daemon. - Provide systemd service files for x2gobroker-daemon and x2gobroker-authservice. (Fixes: #379, #380). - Add --drop-privileges feature so that x2gobroker-daemon can drop root privileges when started via systemd. Only drop privileges if x2gobroker(-daemon) is run as uidNumber 0. - Implement dynamic authid for JSON WebUI frontend. Add a generic metadata top level to the JSON output tree. - Store cookies in /var/lib/x2gobroker (path is more appropriate than previously suggested path /var/log/x2gobroker). - Handle selectsessions calls with a non-existent profile ID gracefully. - Session profiles with marker user=BROKER_USER will now auto-fill-in the broker username into the session profile's 'user' option. - Provide tool: x2gobroker-testagent. - Allow for broker clients to send in public SSH keys that the client may use for authentication to X2Go Servers. - broker agent: avoid one option system() calls in Perl. (Fixes: #784). - For user context changes: set the HOME dir of the new user correctly. - Reduce Paramiko/SSH verbosity (logging.ERROR) when connecting to remote broker agents. - Support adding remote broker agent's host keys via the x2gobroker-testagent tool. - If we received an SSH public key from a broker client, mark it as ACCEPTED after we deployed it, so that the client knows that it can its corresponding private key. - Fix https brokerage in x2gobroker-daemon-debug. - Load X2GOBROKER_DAEMON_USER's known_hosts key file before doing remote agent calls. - Fully rewrite agent.py. - Fix broker crashes when no session status is available for certain session profiles. - JSON webUI: run pre and post auth scripts also via this backend. - x2gobroker-daemon: become wrapper script, enable --mode HTTP by default. Provide some intelligence when run as daemon (killing children processes on reception of a SIGTERM, SIGINT, SIGQUIT, EXIT signal). - Rename sections for broker backends in x2gobroker.conf - Make config object of x2gobroker.conf available in authentication mechanism backends. - Fix SSH based broker client. - Fix several failing tests, adapt tests to current code base. - Introduce new global parameter for x2gobroker.conf: my-cookie-file. Allow storing the initial authentication cookie/ID in a read-protected file. - Explicitly set detach_process to True when calling daemon.DaemonContext(). Otherwise the daemons start but don't return to the cmdline prompt. (Fixes: #484). - Change agent API: all functions return a tuple where the first element denotes if the underlying agent call has been successful. - Correctly detect $HOME of the user that runs x2gobroker (including setuid calls via x2gobroker-ssh). - Enforce SSH agent query mode (instead of LOCAL mode) for SSH brokerage (as LOCAL query mode won't work due to a permission koan that has not yet been solved). - Fix interpretation of SSH_CLIENT env variable. - Make x2gobroker-agent usable/installable on non-X2Go server machines. (Fixes: #493). - Provide autologin support for session profiles that have an SSH proxy host configured. (Fixes: #494). - Fix IPv6 binding of the X2Go Session Broker daemon. If no bind port is given via the cmdline, obtain it from other means (via x2gobroker.defaults). - Rename LICENSE file to COPYING. - X2Go Broker Agent: Test if queried username exists on the system before performing the query. - Make sure bind_address and bind_port are correctly detected from /etc/default/x2gobroker-daemon and /etc/x2go/broker/defaults.cfg. - Move split_host_address() code into x2gobroker.utils. - Report to log what the broker agent replied to us. - Provide support for load-balancing to hosts that are all reachable over the same IP address, but different TCP/IP ports (e.g. docker instances or hosts behind a reverse NATed IPv4 gateway). This ended up in a rewrite of the complete selection_session() method of the base broker code. - Use physical host address and port (if provided) for contacting remote broker agent via SSH. - Update README and TODO. - Update copyright holders. Copyright is held only by people who actually contributed to the current code base. - logrotate configs: Rotated logs via "su x2gobroker adm". - Use hostname as hard-coded in server_list (from session profile configuration), don't try to strip off the domain name. - Consolidate x2gobroker.utils.split_host_address() with a test and rewrite completely. - Make sure that without configuration files, the HTTP broker listens to port 8080. - Provide legacy support for deprecated x2gobroker.conf global parameter 'check-credentials'. - Configure broker / authservice environment via .service files. - Load defaults.conf via authservices and for logger configuration, as well. - x2gobroker-authservice: Make sure socket file directory is created before trying to create the socket file itself. - Don't load defaults.conf twice. Only load it when initializing the loggers. - Provide a special PAM configuration file for SUSE systems (identical to the PAM configuration file for Debian). - defaults.conf: Mention X2GOBROKER_DEBUG not only in the global section, but also in the [daemon] and [authservice] section. - x2gobroker-testauth: Don't use hard-coded default backend. Obtain X2GOBROKER_DEFAULT_BACKEND from x2gobroker.defaults instead. - x2gobroker-testauth: Improve help text of --backend option. Display the current backend default. - x2gobroker-authservice: Restructure logging. Enable log messages for authentication requests. - Get several issues around select_session fixed via tests in the broker's backend base.py. - Add tests for broker agent queries. - Fix setting the remote agent's SSH port if the host option is of style " (:)". - During select_session: Re-add subdomain (if possible) to the hostname to make sure we can detect the host's : further down in the code. - Properly set (/var)/run/x2gobroker directory permissions when started via systemd. - Fix privilege check for the broker daemon's log directory. - Enable basic/random load-balancing for UCCS broker frontend. Make UCCS frontend aware of host session profile options of the form "host= (:). - Do a portscan on the remote's SSH port before querying a remote agent via SSH. - Don't return X2Go Servers that are actually down, currently. The X2Go Servers get probed via a short portscan on the remote's SSH port. If that portscan fails, another remote X2Go Server is chosen from the list of available server (if any). This portscanning functionality can be switched off via "default-portscan-x2goservers" in x2gobroker.conf or via "broker-portscan-x2goservers" per session profile. (Fixes: #692). - When load-balancing, switch to chosen server as remote broker agent before deploying SSH keys. - Allow resuming sessions from servers even if one offline server has left bogus in the session DB (plus unit tests). - Fix remote agent detection if one ore more X2Go Servers are offline and hostname does not match host address (plus unit test). - Allow remote agent calls via hostname or host address when using the format " ()" in the session profile. This can be useful if the is a valid address on the local network (broker <-> communication), but the host address is valid for clients (client <-> server communication). - Don't check for running/suspended session if the session profile will request a shadowing session. - Disabled broker agent calls and load-balancing for session profiles that will request shadowing sessions. - Mention "usebrokerpass" session profile option in x2gobroker-sessionprofiles.conf. - Provide desktop sharing (shadow session) example in x2gobroker-sessionprofiles.conf. - Makefile: Add installation rules for x2gobroker-loadchecker. - x2gobroker.1: Since systemd there are not only init scripts. Rephrasing man page. - New feature: x2gobroker-loadchecker daemon. (Fixes: #686). - x2gobroker-agent.pl: Use var name server_usage instead of server_load. Reflects better what that var denotes. - agent.py: Completion of several __doc__ strings (missing @return:, @rtype: fields). - X2GoBroker.check_for_sessions(): Fix check for shadow / non-shadow sessions. - x2gobroker.1: Mention x2gobroker-ssh in its man page, differentiate between the different modes (http/ssh) of the x2gobroker application. - Pre-release pyflakes cleanup. - agent.py: Capture login failures in checkload() function. - agent.py: Allow providing a custom logger instance in all functions. - LoadChecker.loadchecker(): Use load checker daemon's logger instance for logging actions taken place in agent.py. - agent.py: Make agent query mode LOCAL behave similar to agent query mode SSH if things go wrong. - agent.py: Set result to None, if SSH connection to broker agent fails. - Calculate our own MemAvailable value in x2gobroker-agent.pl. Only kernels newer than v3.14 offer the MemAvailable: field in /proc/meminfo. - x2gobroker-agent.pl: Fix regexp for detecting number of CPUs and CPU frequency. - x2gobroker-agent.pl: Fall-back CPU detection for virtualized systems (e.g. QEMU hosts). - LoadChecker.loadchecker(): Report about query failures, as well, in query cycle summary. - LoadCheckerServiceHandler(): Add line breaks in per-profile output. Return nothing if the load checker service is unreachable. - agent.py: Let get_servers() return a dictionary with hostnames as keys and number of sessions as values. - Fix X2GoBroker.use_load_checker(): Obtain broker-* option via X2GoBroker.get_profile_broker(), not via X2GoBroker.get_profile(). - Various improvements / fixes for session selection via the load checker daemon. - Adapt tests to new load checker service feature. - Only check for 'load_factors' key in remote_agent dict, if agent query mode is SSH. - Fix detection of running x2gobroker-daemon process in Debian's SystemV init script. - Set default log level to "WARNING", not "DEBUG". - defaults/x2gobroker-logchecker.default: Fix copy+paste errors. - doc/README.x2goclient+broker.getting-started: Mention how to launch PyHoca-GUI in broker mode. - etc/broker/defaults.conf: Fix copy+paste errors. - etc/x2gobroker-wsgi.*.conf: Make host ACLs Apache2.4 compliant. - logrotate/x2gobroker-loadchecker: The loadchecker.log file needs to be owned by user x2gobroker. - rpm/x2gobroker-*.init: Fix copy+paste errors. - man pages: Update date. - If non-load-balanced session profiles reference a non-reachable host, hand-back the system's hostname to X2Go Client / Python X2Go. - Add security notice / disclaimer to x2gbroker.1 man page as suggested by Stefan Baur. (Fixes: #666). - Provide x2gobroker system user public keys to broker agents with SSH options--strongly restricting the key usage--now. Modify x2gobroker- pubkeyauthorizer in a way that it replaces non-option keys with the newly provided optionized/restricted pubkeys. (Fixes: #685). - etc/x2gobroker.conf: Switch over to using dynamic auth cookies by default. - X2GoBroker.get_agent_query_mode(): Immediately return overridden query mode. Avoid logging of the configured query mode. Write the overridden query mode to the logger instance instead. - Don't enforce agent query mode "SSH" for x2gobroker-ssh anymore. - If a single-host is unreachable, return the host address, not the hostname and let X2Go Client release itself, that the host is unreachable. - x2gobroker-loadchecker: Don't freeze if load information for a complete load-balanced server farm is unavailable. - x2gobroker-pubkeyauthorizer: Handle replacement of SSH pubkeys with wrong/ old SSH options. - x2gobroker-agent.pl: Add %U (uidNumber) and %G (primary gidNumber) as further possible substitutions for deriving the full path of the authorized_keys file where X2Go Broker Agent's deploys public SSH user keys to. (Fixes: #665). - agent.py: Use os.fork() instead of threading.Thread() to handle delayed executions of broker agent tasks. This assures that SSH pub keys are removed via the delauthkey broker agent task, if the SSH broker is used. (Fixes: #491). - Add run-optional-script support to SSH broker. - x2gobroker-ssh: When agent query mode is set to LOCAL, Execute x2gobroker-agent via sudo as group "X2GOBROKER_DAEMON_GROUP". (Fixes: #835). - When the x2gobroker-agent command call is shipped via $SSH_ORIGINAL_COMMAND environment var, make sure to strip-off "sh -c" from the command's beginning. - x2gobroker-agent.pl: Fix detection of X2Go's library path (x2gopath lib). - Implement "not-set" value for X2Go Client parameters. If a parameter is set to "not-set", the parameter won't be handed over to X2Go Client. (Fixes: #834, #836). - agent.py: Fix missing "task" parameter for task "ping" against a local broker agent. - Fix task ping when tested via the x2gobroker-testagent script. - Transliterate commands in session profiles to uppercase when checking if the command is supposed to launch a desktop session. * debian/control: + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Replace LDAP support with session brokerage support in LONG_DESCRIPTION. + Fix SYNOPSIS texts. + Recommend apache2 and libapache2-mod-wsgi for x2gobroker-wsgi. + Fix position of XS-Python-Version: field. + Rework LONG_DESCRIPTION of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Make x2gobroker-daemon a symlink and recognize HTTP mode by the executable's name. + Bump Standards: to 3.9.6. No changes needed. + Add to D (python-x2gobroker): python-urllib3. * debian/copyright: + Update file to match current status quo of upstream source files. * debian/x2gobroker-agent.dirs: + Provide empty log file directory. * debian/x2gobroker-wsgi postinst/postrm: + Make bin:package x2gobroker-wsgi compliant Debian's packaging style of Apache2.4 / Apache2.2. + On package purgal: Disable Apache2 config first and then attempt the removal of the x2gobroker user/group. + Pass $@ to our apacheconf_configure, apacheconf_remove functions to not break apache2-maintscript-helper. * debian/x2gobroker-ssh.postinst: + Assure proper file permissions, owner and group settings for x2gobroker-ssh. * debian/x2gobroker-ssh.prerm: + Drop dpkg-statoverride of /usr/bin/x2gobroker-ssh before package removal. * debian/*.postinst: + Assure that the log directory always exists (no matter what combination of packages got installed). * debian/python-x2gobroker.install: + Install defaults.conf into bin:package python-x2gobroker. * debian/source/format: + Switch to format 1.0. * rpm/*.init: + Provide initscripts that are likely to work on RHEL plus derivatives. * x2gobroker.spec: + Provide x2gobroker.spec file for building RPM packages. Inspired by the packaging work in OpenSuSE. + Split out python-x2gobroker sub-package. + Install Apache2 config symlinks to /etc/httpd (not /etc/apache2). + Make sure x2gobroker-agent wrapper gets installed into x2gobroker-agent sub-package. + Builds for EPEL-7 also have to systemd aware. + Provide separate bin:package for SSH brokerage: x2gobroker-ssh. + Adapt to building on openSUSE/SLES. + Rework Description: of bin:package x2gobroker-agent. Imporve line breaks, so that we now have lines that are close to 80 chars long. + Add x2gobroker-rpmlintrc file. + Don't package x2gobroker-daemon.1 nor x2gobroker-ssh.1 man pages twice. + On SUSE, we have /etc/apache2, not /etc/httpd. + On SUSE, we have to provide our own python-pampy package (and depend on that). In Fedora and RHEL, the same (upstream) software is named python-pam. (Fixes: #562). + For distro versions with systemd, provide /etc/x2go/broker/defaults.conf. For SysV distro versions, use /etc/defaults/* and source them via the init scripts. + No adm group on non-Debian systems by default. Using root instead on RPM based systems. + For Fedora 22 and beyond explicitly call python2 in all shebangs. + Add to BR: sudo (to have /etc/sudoers.d owned by some package). . [ Josh Lukens ] * New upstream version (0.0.3.0): - Add support for dynamic cookie based auth after initial password auth. (Fixes: #447). - Add support to run pre and post authentication scripts. (Fixes: #449). - Add auth mechanism https_get. (Fixes: #450). - Change pre and post scripts to use common codebase across frontends. (Fixes: #469). - Add ability to have script run in select session after server is selected. - Add basic support for pulling https_get authmech config from configuration file. (Fixes: #470). - Fix typos and host/port mixups in the remote_sshproxy logic. (Fixes: #544). - Make sure find_busy_servers in agent.py returns a tuple (recent API change) to not break profiles with multiple servers. (Fixes: #545). - On session resumption take profile's host list into account. Don't resume sessions the profile has not been configured for. (Fixes: #553). . [ Jason Alavaliant ] * New upstream version (0.0.3.0): - Handle spaces in broker login passwords when authservice is used. (Fixes: #706). - Don't strip off spaces from password strings. (Fixes: #716). . [ Mihai Moldovan ] * x2gobroker.spec: + Change all python-pampy references to python-pam on non-SUSE systems. + Fix %build scriptlet: add missing "done" in while; do; done shell script part. + Don't do a weird escape slash dance in sed's replace command. Simply use another separator. * debian/rules: + Try to call common-binary-indep from common-binary-arch. ------------=_1434802554-14161-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 6 Nov 2014 23:55:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.10]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 09B475DEA7 for ; Fri, 7 Nov 2014 00:55:41 +0100 (CET) Received: from [192.168.0.3] (HSI-KBW-078-043-170-197.hsi4.kabel-badenwuerttemberg.de [78.43.170.197]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0M8hmN-1Y0mFX0FN5-00wFtX; Fri, 07 Nov 2014 00:50:40 +0100 Message-ID: <545C095F.2020707@baur-itcs.de> Date: Fri, 07 Nov 2014 00:50:55 +0100 From: Stefan Baur User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: submit@bugs.x2go.org Subject: point out that x2gobroker is not a security feature Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:m8LNWoQmEuzRwnakkAPyKKbg34uesauIohxoLVE37vk EqitIA6oZMxOTQr1sRXl6rMgBV3nlicY04sEBwhPhWi6SqTGC/ eVnN/Oescp5mXzQEmqLp682qgjCHtLcBrDMAHhmLVRq491ap1h 33rF3OiRk7iN+0LPwwuIV6hRkfKa6rNvMtXhhZWh4TMUEAAWPF U1NHfj7yK4rk5S6OAxRYKOC881XV7lHgvOdh8+URH/JFoCcrqw uxMLTWOCL/pDdu7fbJy9oCWydmKj2Eb3RmpmIVK/Upe0VjyURb zAOIErGbJcTsXaNQdFJxcP8UN20jEW0SQ6+rqFXQfJuAoxDoh/ 4fvq6pZfJQxA5PtZhaHbPb2wTVrjy/kmDs36tv6yH X-UI-Out-Filterresults: notjunk:1; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: x2gobroker Severity: wishlist Please add a prominent note to x2gobroker's man page that it is *not* intended as a security feature - a user can still launch x2goclient without the broker parameter and set it to run any executable the user has exec permission for on the server. As always, group membership and file permissions *MUST* (MUST as defined in RFC2119 https://www.ietf.org/rfc/rfc2119.txt) be used to limit a user's access to executables on the server. - -Stefan - -- BAUR-ITCS UG (haftungsbeschränkt) Geschäftsführer: Stefan Baur Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364 Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUXAlfAAoJEG7d9BjNvlEZ+eAH/06sGKiAbYx5Lzf5ehEZcM/R 5lumXu0SOVHsCIen/KRAHP+MQ+wvGngNawo0PZsJBZyhvHQ/SeUMrotR3MSPFB3S ZDYvznt4LEfBbKbm4uabBmFOiSndFaFlyZzwt95z/SrAdaLidphUXlkTI0Mu5UOI qVQbZWtBUNmEF+I1MalAvpGCZ+JK3BpSg88Y7XDqZvQfTcUUBxr9MGWBxKL5CHlK Lt6jIZzXdxX+RWK7SmA5zYpUCG7yZcR6EzSnq7U1cDqW3XNG/QvddvS4IL04/u/U 068Tl/gHhKr3vquDjyMjXnuP8TbBFuTmDb6qbJeyY+UrC/n5kmXIlFRrBkZPnKM= =ej1y -----END PGP SIGNATURE----- ------------=_1434802554-14161-0--