From unknown Thu Mar 28 14:21:29 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1183: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintext Reply-To: Walid MOGHRABI , 1183@bugs.x2go.org Resent-From: Walid MOGHRABI Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Thu, 01 Jun 2017 08:50:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1183 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: patch Received: via spool by 1183-submit@bugs.x2go.org id=B1183.149630690220369 (code B ref 1183); Thu, 01 Jun 2017 08:50:01 +0000 Received: (at 1183) by bugs.x2go.org; 1 Jun 2017 08:48:22 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,MIME_QP_LONG_LINE, RCVD_IN_DNSWL_BLOCKED,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id E951B5DAD3 for <1183@bugs.x2go.org>; Thu, 1 Jun 2017 10:48:20 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f8prVEKmu6Rf for <1183@bugs.x2go.org>; Thu, 1 Jun 2017 10:48:14 +0200 (CEST) Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [176.31.236.17]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 473C05DACE for <1183@bugs.x2go.org>; Thu, 1 Jun 2017 10:48:12 +0200 (CEST) Received: from localhost (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id 95ED281828DB4; Thu, 1 Jun 2017 10:48:12 +0200 (CEST) X-Amavis-Modified: Mail body modified (using disclaimer) - zm-01.servicemagic.eu X-Virus-Scanned: amavisd-new at servicemagic.eu Received: from zm-01.servicemagic.eu ([127.0.0.1]) by localhost (zm-01.servicemagic.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jqG1XgeaEfAC; Thu, 1 Jun 2017 10:48:09 +0200 (CEST) Received: from zm-01.servicemagic.eu (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id 7F148816EC545; Thu, 1 Jun 2017 10:46:57 +0200 (CEST) Date: Thu, 1 Jun 2017 10:46:55 +0200 (CEST) From: Walid MOGHRABI To: Mike Gabriel Cc: 1183@bugs.x2go.org Message-ID: <922067046.11109892.1496306815562.JavaMail.root@servicemagic.eu> In-Reply-To: <20170531195828.Horde.vAcyRcGCGpIX0L09g1bH-8e@mail.das-netzwerkteam.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [10.33.100.52] X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC58 (Linux)/7.2.0_GA_2669) I'll take your requests into account but just to clarify : > 1. Please split up the RDP broker creds as session creds from the=20 > --close-disconnect change.=20 This little fix is related to this support since, in that particular case w= hich is broker mode + RDP session + --close-disconnect activated, you could= n't have a one time authentication (at broker auth). For that "one time auth" to work, I need a way to pass broker credentials t= o the session and to close the client at the end of the session in order to= force a re-auth at broker login. Without the --close-disconnect fix, I can pass my credentials to the RDP se= ssion but when finishing the session, I'm still on the broker page with my = session list and I don't re-auth which is what I wanted. I can easily split these patches since they are quite clearly separated but= I thought they were related to the same need that's why I kept them togeth= er. > 2. Please let the cmdline option start with --broker-...=20 > > --broker-use-creds-for-session=20 ok > 3. Don't limit this functionality to RDP sessions only. It is=20 > useful for all sorts of session=20 > types (X2Go, DirectRDP, DirectXDMCP if already in (there were=20 > rumours about such a new feature)).=20 Well, I'm not aware of XDMCP and have nothing under my hand to test it. This patch affect RDP sessions only in fact because X2Go sessions have heir= own way to pass credentials from broker to x2go server with the intermedia= te key auth so using this method for this kind of session is purely useless= . On the other hand, RDP sessions have no such key authentication available s= o it is necessary to pass credentials as plaintext to xfreerdp/rdesktop bec= ause in the case of the broker mode only, when clicking on the session prof= ile, the client is waiting for the credentials but you are not prompted for= them so the client stay stuck in an unusable situation. So really, this is a "broker + RDP only" method that's why I precised this = was for RDP only in order not to confuse users who might think this could b= e used for any type of connection. I'll modify the cmdline option name and wait for your comments on my precis= ions.=20 Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 ----- Mail original -----=20 De: "Mike Gabriel" =20 =C3=80: "Walid MOGHRABI" , 1183@bugs.x2go.org= =20 Envoy=C3=A9: Mercredi 31 Mai 2017 21:58:28=20 Objet: Re: [X2Go-Dev] Bug#1183: Pass broker creds to RDP client as plaintex= t=20 Hi Walid,=20 On Mi 31 Mai 2017 16:40:49 CEST, Walid MOGHRABI wrote:=20 > package: x2goclient=20 > priority: wishlist=20 > tags: patch=20 >=20 > This is a proposal patch in order to let the RDP client use the=20 > credentials used at broker auth login so that users can enter them=20 > only once in broker mode.=20 >=20 > This patch also add support for --close-disconnect in broker mode + RDP= =20 I just looked at your patch.=20 Requests before patch can get accepted:=20 1. Please split up the RDP broker creds as session creds from the=20 --close-disconnect change.=20 2. Please let the cmdline option start with --broker-...=20 --broker-use-creds-for-session=20 3. Don't limit this functionality to RDP sessions only. It is=20 useful for all sorts of session=20 types (X2Go, DirectRDP, DirectXDMCP if already in (there were=20 rumours about such a new feature)).=20 Thanks for your work on X2Go,=20 Mike=20 --=20 DAS-NETZWERKTEAM=20 mike gabriel, herweg 7, 24357 fleckeby=20 mobile: +49 (1520) 1976 148=20 landline: +49 (4354) 8390 139=20 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31=20 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you