From unknown Thu Mar 28 11:35:32 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1234: acl-users-allow=ALL superceeds acl-users-deny Reply-To: Walid MOGHRABI , 1234@bugs.x2go.org Resent-From: Walid MOGHRABI Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Tue, 21 Nov 2017 17:30:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 1234 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: patch Received: via spool by submit@bugs.x2go.org id=B.151128513816366 (code B); Tue, 21 Nov 2017 17:30:02 +0000 Received: (at submit) by bugs.x2go.org; 21 Nov 2017 17:25:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 236335DACF for ; Tue, 21 Nov 2017 18:25:37 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQPJDRIQegSA for ; Tue, 21 Nov 2017 18:25:29 +0100 (CET) Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [176.31.236.17]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id B1E415DACB for ; Tue, 21 Nov 2017 18:25:29 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id D32F28182764A for ; Tue, 21 Nov 2017 18:25:28 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 zm-01.servicemagic.eu D32F28182764A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=servicemagic.eu; s=frmailing; t=1511285128; bh=QKmLM2TdlaXzJ36gWvOiQ7c78G6AKzRhsAgK6lAmNwA=; h=Date:From:To:In-Reply-To:Subject:From; b=XQ4eNmHyyI0/sB9riyPH0L2XmGk51aKfpYh6AcrGLpqY6BLP57lllOJRwK7wQUR/0 mI3qD/1QyHL0pmvWSknzoQn7GZ/C/EIxcdicxOeKCFBhcDTBDDcHblU8/1+hr7BadN XPJqaykTJ4Zv+aQYUdwNIlm07ygfxCBjIXebTR3Q= X-Amavis-Modified: Mail body modified (using disclaimer) - zm-01.servicemagic.eu X-Virus-Scanned: amavisd-new at servicemagic.eu Received: from zm-01.servicemagic.eu ([127.0.0.1]) by localhost (zm-01.servicemagic.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzM3EMNZLojE for ; Tue, 21 Nov 2017 18:25:23 +0100 (CET) Received: from zm-01.servicemagic.eu (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id EE51781D547FB for ; Tue, 21 Nov 2017 18:23:32 +0100 (CET) Date: Tue, 21 Nov 2017 18:23:32 +0100 (CET) From: Walid MOGHRABI To: submit@bugs.x2go.org Message-ID: <2074085984.30965501.1511285012453.JavaMail.root@servicemagic.eu> In-Reply-To: <973808472.30963275.1511284532921.JavaMail.root@servicemagic.eu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_30965499_1827115678.1511285012453" X-Originating-IP: [10.33.100.47] X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC62 (Linux)/7.2.0_GA_2669) ------=_Part_30965499_1827115678.1511285012453 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit package: x2gobroker priority: normal tags: patch When using ACLs with the session broker, I wanted to give access to a session setting to ALL users EXCEPT some (namely "formation{1..9}"). I tried this but it didn't work : ================================================= [TRAVAUX] fullscreen=true clipboard=none name=TRAVAUX host=tce-server (10.10.10.1) acl-users-allow=ALL acl-users-deny=formation1, formation2, formation3, formation4, formation5, formation6, formation7, formation8, formation9 acl-any-order=deny-allow ================================================= I played with many settings, changing order, using only the "acl-users-deny" option, ... none of them worked as expected. I ended in thinking that there was a bug with acl-users-allow=ALL which was taking over any other setting. I did a little fix that seem to work, at least for this use case. Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you ------=_Part_30965499_1827115678.1511285012453 Content-Type: text/x-patch; name=x2gobroker_acl-users-allow.patch Content-Disposition: attachment; filename=x2gobroker_acl-users-allow.patch Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhLy5naXRpZ25vcmUgYi8uZ2l0aWdub3JlCmluZGV4IDcyODhlZjUuLjE2MDU5 MjUgMTAwNjQ0Ci0tLSBhLy5naXRpZ25vcmUKKysrIGIvLmdpdGlnbm9yZQpAQCAtOSwzICs5LDUg QEAgZGViaWFuLyoucHJlcm0uZGViaGVscGVyCiBkZWJpYW4vKi5zdWJzdHZhcnMKIGRlYmlhbi8q eDJnbyovCiAqLmVnZy1pbmZvLworLy5wcm9qZWN0CisvLmdpdGlnbm9yZQpkaWZmIC0tZ2l0IGEv eDJnb2Jyb2tlci9icm9rZXJzL2Jhc2VfYnJva2VyLnB5IGIveDJnb2Jyb2tlci9icm9rZXJzL2Jh c2VfYnJva2VyLnB5CmluZGV4IGI2YTZlZTYuLjc5NTVjZGMgMTAwNjQ0Ci0tLSBhL3gyZ29icm9r ZXIvYnJva2Vycy9iYXNlX2Jyb2tlci5weQorKysgYi94MmdvYnJva2VyL2Jyb2tlcnMvYmFzZV9i cm9rZXIucHkKQEAgLTQzMSw3ICs0MzEsNyBAQCBjbGFzcyBYMkdvQnJva2VyKG9iamVjdCk6CiAg ICAgICAgICAgICBfYWxsb3dfdXNlciA9IEZhbHNlCiAgICAgICAgICAgICBfZGVueV91c2VyID0g RmFsc2UKIAotICAgICAgICAgICAgaWYgdXNlcm5hbWUgaW4gX2FjbHNbJ2FjbC11c2Vycy1hbGxv dyddIG9yICdBTEwnIGluIF9hY2xzWydhY2wtdXNlcnMtYWxsb3cnXToKKyAgICAgICAgICAgIGlm ICh1c2VybmFtZSBpbiBfYWNsc1snYWNsLXVzZXJzLWFsbG93J10gb3IgJ0FMTCcgaW4gX2FjbHNb J2FjbC11c2Vycy1hbGxvdyddKSBhbmQgdXNlcm5hbWUgbm90IGluIF9hY2xzWydhY2wtdXNlcnMt ZGVueSddOgogICAgICAgICAgICAgICAgIF9hbGxvd191c2VyX292ZXJyaWRlID0gVHJ1ZQogICAg ICAgICAgICAgICAgIF9hbGxvd191c2VyID0gVHJ1ZQoK ------=_Part_30965499_1827115678.1511285012453-- From unknown Thu Mar 28 11:35:32 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1234: [X2Go-Dev] acl-users-allow=ALL superceeds acl-users-deny Reply-To: Mihai Moldovan , 1234@bugs.x2go.org Resent-From: Mihai Moldovan Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sun, 26 Nov 2017 06:35:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1234 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: patch Received: via spool by 1234-submit@bugs.x2go.org id=B1234.151167803426026 (code B ref 1234); Sun, 26 Nov 2017 06:35:01 +0000 Received: (at 1234) by bugs.x2go.org; 26 Nov 2017 06:33:54 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id D8B6E5DACF for <1234@bugs.x2go.org>; Sun, 26 Nov 2017 07:33:53 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xf7wSjl_WWYb for <1234@bugs.x2go.org>; Sun, 26 Nov 2017 07:33:46 +0100 (CET) Received: from mail.ionic.de (ionic.de [87.98.244.45]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 8BD8D5DACC for <1234@bugs.x2go.org>; Sun, 26 Nov 2017 07:33:45 +0100 (CET) Received: from [10.30.16.16] (178.162.222.41.adsl.inet-telecom.org [178.162.222.41]) by mail.ionic.de (Postfix) with ESMTPSA id 565284F00206; Sun, 26 Nov 2017 07:33:45 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=ionic.de; s=default; t=1511678025; bh=wLNnA47qFvgEJJxudFDttQKPF/HXs3l6mux5JZgXyJY=; h=Subject:To:References:From:Date:In-Reply-To:From; b=r/oEwrCQH0QuJVc7td2PZt2IxtAecJ9NoXPys5oxzkf90jlTZcVeORLmaVyZzKY/y G32YMu8Z6heFk0qyfpVcm6xoP/sLqhE4QztxBJYR3bSFY33eIZGG880O8pF/EajOvQ ArnREPRxQemKXsEX9TabnrXlU5bj3UXhJAraFcj0= To: Walid MOGHRABI , 1234@bugs.x2go.org, mike.gabriel@sunweavers.net References: <2074085984.30965501.1511285012453.JavaMail.root@servicemagic.eu> From: Mihai Moldovan Message-ID: <1ff7d092-aa53-61cb-ba55-cfaeeb35f380@ionic.de> Date: Sun, 26 Nov 2017 07:33:40 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <2074085984.30965501.1511285012453.JavaMail.root@servicemagic.eu> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="MbHkASHGOqnVkoWOREAqlHGOlGI4SCnER" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MbHkASHGOqnVkoWOREAqlHGOlGI4SCnER Content-Type: multipart/mixed; boundary="l2f0bbvDCe0ldnVvA1MxRhc0GTXuTEfo2"; protected-headers="v1" From: Mihai Moldovan To: Walid MOGHRABI , 1234@bugs.x2go.org, mike.gabriel@sunweavers.net Message-ID: <1ff7d092-aa53-61cb-ba55-cfaeeb35f380@ionic.de> Subject: Re: [X2Go-Dev] acl-users-allow=ALL superceeds acl-users-deny References: <2074085984.30965501.1511285012453.JavaMail.root@servicemagic.eu> In-Reply-To: <2074085984.30965501.1511285012453.JavaMail.root@servicemagic.eu> --l2f0bbvDCe0ldnVvA1MxRhc0GTXuTEfo2 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable * On 11/21/2017 06:23 PM, Walid MOGHRABI wrote: > When using ACLs with the session broker, I wanted to give access to a s= ession setting to ALL users EXCEPT some (namely "formation{1..9}"). > I tried this but it didn't work : > [...] I really have no idea what the rules are supposed to be. For users, the current rules are (simplified, the actual rules are longer= but also redundant): [allow-deny]: allow && !deny [deny-allow]: allow (allow stands for "user explicitly listed in allow list", deny stands for= "user explicitly listed in deny list".) This doesn't make sense to me. For instance, a user not explicitly listed in the allowed list will be de= nied access in deny-allow mode, while in allow-deny mode; a user that is expli= citly granted access will still be denied if it is listed in the denied list. What was the original inspiration for this? It's not Apache httpd, since that has different rules... My na=C3=AFve understanding of this would be that: [allow-deny]: allow user if explicitly mentioned in allowed list, other= wise allow if not explicitly denied [deny-allow]: deny user if explicitly mentioned in denied list, otherwi= se allow Examples for [allow-deny] ("..." denotes a list *not* containing user): allow =3D { user, ... }; deny =3D { user, ... } =3D> ALLOW allow =3D { user, ... }; deny =3D { ... } =3D> ALLOW allow =3D { ... }; deny =3D { ... } =3D> ALLOW allow =3D { ... }; deny =3D { user, ...} =3D> DENY Examples for [deny-allow] ("..." denotes a list *not* containing user): allow =3D { user, ... }; deny =3D { user, ... } =3D> DENY allow =3D { user, ... }; deny =3D { ... } =3D> ALLOW allow =3D { ... }; deny =3D { ... } =3D> ALLOW allow =3D { ... }; deny =3D { user, ... } =3D> DENY This is useful because it allows access in the case a user is not a membe= r of any list (emulating the behavior of not using any ACL for a specific user= ) and otherwise giving correct precedence to a specific list. The current behavior is not explicitly documented either, but only "impli= citly" by code and tests, which makes it difficult to understand what is intende= d and what isn't. For instance, one test case explicitly mentions: [deny-allow] allow =3D { user }; deny =3D { ALL }; =3D> ALLOW which just doesn't make sense to me. If all users are denied and the ord= er is deny-allow, why would the user be allowed, even if it's in the allow list= ? The order isn't allow-deny, so if all users are denied with the deny-allow or= der, the allow list shouldn't even come into play. Mihai --l2f0bbvDCe0ldnVvA1MxRhc0GTXuTEfo2-- --MbHkASHGOqnVkoWOREAqlHGOlGI4SCnER Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCgAdFiEEbhHQj3UzgcdE8cg8H9Yu2W4lOocFAloaYEgACgkQH9Yu2W4l OochzQ/9ELc5hipb77suEsmB3hR0sn8nJpy1rP86QiFmUCNIGw4H5RJCP1JIaTk3 D7tm902FnTQ0+w50nuCyGZlUdazuGzPwCT2fDdExoZBNgkJOLxyXs9CTyC4QPpWx ugqX1zvPRCx5DVOIY98G0WLPLShc8YoStLG2AcTy9k1C0Gj0+SbrNRwkwU1Hwuox /25KmFCpxiLbVTn+VueB7O6lya+CPNOHhJmTPTYYfaLvqICRsVgh31jN16Q8i9x1 eX3VBIW23pawSa3Rl++g5BC+FYGRc8qLow/ZO8qglmbmlN4qCcuCCnaP3XoJSJyu UnQinC33aUt3wYYvA4aNdxd8hj9sR518K+ex3QjHTE0bbpNbZzowulZU6TcfRgIV stdY1kNj2VQ1ABw7I+1li4CJbQTvO6ne827/gFOOQTGUMdKc4aekBzb/zPFyCkMq 8ob8zDmAGIQ90j1XQ6uNPMl6RK17yxqCBr7XKI0rEgypHxdsAVMMd2Y7RuK0AWgn UbavGBsQzprMV/94hFU96k6UrYf4KAkV7U4BinaEuG9I2Hynz1/kwlC81Rt6mSqh CY3T4gJ3XEAidJ4CJKZNgEvS/7sR9Jl7TUiSqxUEB6sRcOStMAacxM2OOIPr8TDw 3har1cK0J3fqeP2v+vUf6knMBucYgJiz3bmgwRBDnvV25QgMgQM= =7KYH -----END PGP SIGNATURE----- --MbHkASHGOqnVkoWOREAqlHGOlGI4SCnER-- From unknown Thu Mar 28 11:35:32 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1234: X2Go issue (in src:x2gobroker) has been marked as pending for release Reply-To: Mike Gabriel , 1234@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Mon, 12 Feb 2018 15:00:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1234 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: patch Received: via spool by 1234-submit@bugs.x2go.org id=B1234.151844740228351 (code B ref 1234); Mon, 12 Feb 2018 15:00:01 +0000 Received: (at 1234) by bugs.x2go.org; 12 Feb 2018 14:56:42 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=3.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 4A5065DAEF; Mon, 12 Feb 2018 15:56:26 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iWD7JgmOiCPh; Mon, 12 Feb 2018 15:56:21 +0100 (CET) Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id C8CB45DACF; Mon, 12 Feb 2018 15:56:21 +0100 (CET) From: Mike Gabriel To: 1234-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 1234@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit X-Mailer: http://snipr.com/post-receive-tag-pending Message-Id: <20180212145621.C8CB45DACF@ymir.das-netzwerkteam.de> Date: Mon, 12 Feb 2018 15:56:21 +0100 (CET) tag #1234 pending fixed #1234 0.0.4.0 thanks Hello, X2Go issue #1234 (src:x2gobroker) reported by you has been fixed in X2Go Git. You can see the changelog below, and you can check the diff of the fix at: http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=75bc19e The issue will most likely be fixed in src:x2gobroker (0.0.4.0). light+love X2Go Git Admin (on behalf of the sender of this mail) --- commit 75bc19eea6433110733d53e4de23ab2703b19179 Author: Mike Gabriel Date: Mon Feb 12 15:53:33 2018 +0100 x2gobroker/brokers/base_broker.py: Entire rewrite of check_profile_acls() method. (Fixes: #1234). diff --git a/debian/changelog b/debian/changelog index 2d7940e..116897b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,6 +9,8 @@ x2gobroker (0.0.4.0-0x2go1) UNRELEASED; urgency=medium - x2gobroker/basicauth.py: Fix call of base64.decodestring on Python3. - Unit tests: Fix deep misunderstanding in the way allow-deny vs. deny-allow should actually work. + - x2gobroker/brokers/base_broker.py: Entire rewrite of + check_profile_acls() method. (Fixes: #1234). * debian/{control,compat}: Bump to DH version level 9. * debian/{control,x2gobroker-common.install}: + Split out common files into non-Pythonian bin:pkg. From unknown Thu Mar 28 11:35:32 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1234: X2Go issue (in src:x2gobroker) has been marked as closed Reply-To: X2Go Release Manager X2Go Release Manager , 1234@bugs.x2go.org Resent-From: X2Go Release Manager X2Go Release Manager Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Sat, 02 Feb 2019 21:10:06 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1234 X-X2Go-PR-Package: x2gobroker X-X2Go-PR-Keywords: patch pending Received: via spool by 1234-submit@bugs.x2go.org id=B1234.154914171530604 (code B ref 1234); Sat, 02 Feb 2019 21:10:06 +0000 Received: (at 1234) by bugs.x2go.org; 2 Feb 2019 21:08:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id E1A035DA81; Sat, 2 Feb 2019 22:08:25 +0100 (CET) From: X2Go Release Manager X2Go Release Manager To: 1234-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 1234@bugs.x2go.org Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20190202210825.E1A035DA81@ymir.das-netzwerkteam.de> Date: Sat, 2 Feb 2019 22:08:25 +0100 (CET) close #1234 thanks Hello, we are very hopeful that X2Go issue #1234 reported by you has been resolved in the new release (0.0.4.0) of the X2Go source project »src:x2gobroker«. You can view the complete changelog entry of src:x2gobroker (0.0.4.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2gobroker. http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=a2455880e34e31546054ce50abd1512c61430b51;hp=dbea0c7c20c58e6783ea796691f0881131ad6590 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2gobroker. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2gobroker Version: 0.0.4.0-0x2go1 Status: RELEASE Date: Sat, 02 Feb 2019 21:50:29 +0100 Fixes: 1013 1234 1240 1252 1315 Changes: x2gobroker (0.0.4.0-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (0.0.4.0): - Bump upstream version to 0.0.4.0. - Port to Python 3. (Fixes: #1240). - Drop left-over debug print() call. - Makefile: Assure that setup.py is run under Python3. - Improve debugging messages during authentication phase. - x2gobroker/basicauth.py: Fix call of base64.decodestring on Python3. - Unit tests: Fix deep misunderstanding in the way allow-deny vs. deny-allow should actually work. - x2gobroker/brokers/base_broker.py: Entire rewrite of check_profile_acls() method. (Fixes: #1234). - x2gobroker/tests/test_web_plain_base.py: Add test case for passwords with accentuated characters (using the testsuite_authmech for now). - Makefile: Support skipping installation of the x2gobroker PyModule. Useful when building with CDBS on Debian. - Makefile: Compress man pages. - Makefile: Run setup.py build at build time. - tmpfiles.d utilization: Create RUNDIR/x2gobroker via tmpfiles.d system. Fixes missing dir and flawed permissions when running under systemd. - etc/x2gobroker.conf: Mention the per-profile option for enabling/disabling load checker support. - sbin/{x2gobroker-pubkeyauthorizer,x2gobroker-keygen}: Use proper octal numbers for file permissions. - sbin/x2gobroker-pubkeyauthorizer: Fix key lookup in os.environ for Python3. - sbin/x2gobroker-pubkeyauthorizer: Some string/bytecode fixes for Python3. Plus urllib -> urllib.request. - sbin/x2gobroker-pubkeyauthorizer: Improve key integrity checker and move it further up. Plus one more Python2 -> Python3 issue fixed. - sbin/x2gobroker-pubkeyauthorizer: Drop unused binascii import. - x2gobroker-pubkeyauthorizer: Tiny Python2to3 fix. - load checker integration: Make the default-use-load-checker option work like all other default-* options. - uccs frontend: Convert datetime.datetime object to string before answering the http request with it. - x2gobroker/agent (check_load()): Bail out if no remote agent is given. - x2gobroker-testagent: Convert to Python3 (using 2to3 tool). - x2gobroker-loadchecker: Python3'ify iteration over dict keys. - x2gobroker/utils.py: Provide helper functions for pretty-formatting key fingerprints. - x2gobroker-keygen: Use new fingerprint formatting functions. - x2gobroker/agent.py: Bail out if no hostaddr contained in remote_agent. - x2gobroker/agent.py: No load-checking when remote_agent is set to 'LOCAL'. - x2gobroker/agent.py: Better sanity checks for remote_agent and its dict keys hostname and hostaddr. - x2gobroker/loadchecker.py: Report properly to the logger if we fail to obtain a load factor. - x2gobroker-loadchecker.service: loadchecker service needs to chuid to system user x2gobroker. (Fixes: #1252). - x2gobroker-loadchecker.service: File ownership should be x2gobroker:x2gobroker, too. - x2gobroker-loadchecker: No chown/chmod if we are not running as root (which is mostly the case). - x2gobroker/brokers/inifile_broker.py: Make sure profile['name'] has a fallback if not given in the session profile. - x2gobroker/brokers/inifile_broker.py: Also check for presence of 'host' and 'sshport'. - UCCS API change for X2Go Sessions: Rename "SessionType" to "Command". - obligatory profile keys: Move from inifile backend to UCCS frontend, as those requirements are frontend specific. - UCCS: Start working on API version 5. - x2gobroker/uccsjson.py: Hide private Python class properties from JSON dict (like ._api_version). - UCCS frontend: Fix API version check. - UCSS frontend: Propagate API version onwards to the X2GoServer JSON generator class. - infile broker backend: Fix handling of empty lists in session profile and session profile defaults. - etc/x2gobroker-wsgi.apache.*: Drop Apache2.2 support. - Log to system broker.log file when run via x2gobroker-ssh. - Getting started documentation: Rework document, convert to markdown, install into x2gobroker bin:pkg (on DEB based systems). - Makefile.docupload: Add apidoc target (running sphinx-apidoc). - docs/source: Initialize Sphinx API documentation's .rst files. - bin/x2gobroker: If binding the http server fails, a non-zero exit code should be returned. (Fixes: #1013). - x2gobroker/loadchecker.py: Don't re-read the x2gobroker.conf during each cycle of the load checking loop. Rather read it on service startup and require a service restart when x2gobroker.conf has been changed. - x2gobroker/loadchecker.py: Avoid rare cases where at the end of a load checking cycle a negative sleep time would have been calculated. (Fixes: #1315). Thanks to Walid Moghrabi for catching this. - HTTP broker: Add &login= support to plain and json broker frontends. - SSH broker: Add --login option. This now supports X2Go Broker user and X2Go Server username being different accounts. - bin/x2gobroker: Correctly use split_host_address() function call. - bin/x2gobroker: Don't override already defined logger objects, define them properly where needed. - Convert one more unicode object into (Python3) string. - x2gobroker/tests/test_broker_agent.py: Assure that tests are run without loadchecker usage. - broker-use-load-checker profile option: Also tolerate 'TRUE' and 'True'. - x2gobroker/agent.py: Fix failing execution of LOCAL broker agent. As the LOCAL broker agent is executed setuid root, we cannot Popen.terminate() (which is unneeded anyway) the process after its execution. - Ignore SSH broker events for now. Not sure if we will ever support that. - Finalize API documentation. - Fix regression flaw in x2gobroker/web/json.py, introduced by commit 9fa371e9. * debian/*: + Trigger Makefile's install target and install those files. Drop debhelper from-source-installation magic. * debian/{control,compat}: Bump to DH version level 9. * debian/{control,x2gobroker-common.install}: + Split out common files into non-Pythonian bin:pkg. * debian/*.install: + Add EOLs at EOF. + Add tmpfiles.d files into bin:pkgs. + Fix installation to /usr/lib/python3.x paths. * debian/control: + Drop from D (several bin:pkgs): python3-argparse, argparse is shipped with Python3 core. + Switch from libapache2-mod-wsgi to libapache2-mod-wsgi-py3. + Add B-D: dh-python. + Add B-D: python3-netaddr (for unit tests). * debian/x2gobroker-loadchecker.postinst: + Do chown/chmod on the correct file (not authservice.log, but loadchecker.log). * debian/python-x2gobroker-doc.doc-base: + Drop leading white-space in Abstract: field. * x2gobroker.spec: + Adapt to Python3 port. + Bump package version. + CentOS 6 + 7 have python34-devel, not python3-devel. + Enable debug_packages for openSUSE Tumbleweed (suse_version > 1500). + CentOS 6 + 7 have python34-setuptools, not python3-setuptools. + Fix removal of conf files in tmpfiles.d where needed. + Install tmpfiles.d configs into bin:pkgs. + Only install tmpfiles.d configs on systems that support/have systemd. + Some path fixes for the new tmpfiles.d/. + Make sure the build chroot has all it needs to run the PyModule's unit tests. + Let's try to get unit tests working on Fedora first... . [ Mihai Moldovan ] * New upstream version (0.0.4.0): - src/x2gobroker-{agent,ssh}.c: catch errors in setuid wrappers and add general return clause to make compilers happy. - Makefile: make sure that we actually append our custom CFLAGS and LDFLAGS values, even if passed in through the make command line. - src/x2gobroker-{agent,ssh}.c: fix compile warnings/errors. - src/x2gobroker-{agent,ssh}.c: fix more compile errors. - misc: copyright update. - misc: switch to HTTPS-based URLs where appropriate. - man/*: update date and version stamps pre-release. - misc: add missing coding modelines. * x2gobroker.spec: - Add %debug_package macro when debugging is to be enabled, hoping that it will actually generate proper debuginfo (and -source) sub packages owning files. - Whitespace only. - Remove obsolete EPEL 5 support. - Switch to HTTPS-based links. - Use more curly braces. - Pull in gcc and redhat-rpm-config. - Re-enable debug file generation to see which OS versions still fail. - %exclude does not work with curly braces, revert. - Remove %debug_package macro usage, breaks builds nowadays. - Pass down global flags in CFLAGS and LDFLAGS. - Fix %{__global_ldflags} usage if variable does not exist. - Commands don't seem to work when wrapped in curly braces (at least on *SuSE), so revert. From unknown Thu Mar 28 11:35:32 2024 MIME-Version: 1.0 X-Mailer: MIME-tools 5.507 (Entity 5.507) X-Loop: owner@bugs.x2go.org From: owner@bugs.x2go.org (X2Go Bug Tracking System) Subject: Bug#1234 closed by X2Go Release Manager X2Go Release Manager (X2Go issue (in src:x2gobroker) has been marked as closed) Message-ID: References: <20190202210825.E1A035DA81@ymir.das-netzwerkteam.de> X-X2go-PR-Keywords: patch pending X-X2go-PR-Message: they-closed 1234 X-X2go-PR-Package: x2gobroker X-X2go-PR-Source: x2gobroker Date: Sat, 02 Feb 2019 21:10:20 +0000 Content-Type: multipart/mixed; boundary="----------=_1549141820-32097-0" This is a multi-part message in MIME format... ------------=_1549141820-32097-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 This is an automatic notification regarding your Bug report which was filed against the x2gobroker package: #1234: acl-users-allow=3DALL superceeds acl-users-deny It has been closed by X2Go Release Manager X2Go Release Manager . Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact X2Go Release Manager X= 2Go Release Manager by replying to this email. --=20 X2Go Bug Tracking System Contact owner@bugs.x2go.org with problems ------------=_1549141820-32097-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at control) by bugs.x2go.org; 2 Feb 2019 21:09:15 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,NO_RELAYS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.2 Received: by ymir.das-netzwerkteam.de (Postfix, from userid 1005) id E1A035DA81; Sat, 2 Feb 2019 22:08:25 +0100 (CET) From: =?utf-8?q?X2Go_Release_Manager?= X2Go Release Manager To: 1234-submitter@bugs.x2go.org Cc: control@bugs.x2go.org, 1234@bugs.x2go.org Subject: X2Go issue (in src:x2gobroker) has been marked as closed Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit Message-Id: <20190202210825.E1A035DA81@ymir.das-netzwerkteam.de> Date: Sat, 2 Feb 2019 22:08:25 +0100 (CET) close #1234 thanks Hello, we are very hopeful that X2Go issue #1234 reported by you has been resolved in the new release (0.0.4.0) of the X2Go source project »src:x2gobroker«. You can view the complete changelog entry of src:x2gobroker (0.0.4.0) below, and you can use the following link to view all the code changes between this and the last release of src:x2gobroker. http://code.x2go.org/gitweb?p=x2gobroker.git;a=commitdiff;h=a2455880e34e31546054ce50abd1512c61430b51;hp=dbea0c7c20c58e6783ea796691f0881131ad6590 If you feel that the issue has not been resolved satisfyingly, feel free to reopen this bug report or submit a follow-up report with further observations described based on the new released version of src:x2gobroker. Thanks a lot for contributing to X2Go!!! light+love X2Go Git Admin (on behalf of the sender of this mail) --- X2Go Component: src:x2gobroker Version: 0.0.4.0-0x2go1 Status: RELEASE Date: Sat, 02 Feb 2019 21:50:29 +0100 Fixes: 1013 1234 1240 1252 1315 Changes: x2gobroker (0.0.4.0-0x2go1) RELEASED; urgency=medium . [ Mike Gabriel ] * New upstream version (0.0.4.0): - Bump upstream version to 0.0.4.0. - Port to Python 3. (Fixes: #1240). - Drop left-over debug print() call. - Makefile: Assure that setup.py is run under Python3. - Improve debugging messages during authentication phase. - x2gobroker/basicauth.py: Fix call of base64.decodestring on Python3. - Unit tests: Fix deep misunderstanding in the way allow-deny vs. deny-allow should actually work. - x2gobroker/brokers/base_broker.py: Entire rewrite of check_profile_acls() method. (Fixes: #1234). - x2gobroker/tests/test_web_plain_base.py: Add test case for passwords with accentuated characters (using the testsuite_authmech for now). - Makefile: Support skipping installation of the x2gobroker PyModule. Useful when building with CDBS on Debian. - Makefile: Compress man pages. - Makefile: Run setup.py build at build time. - tmpfiles.d utilization: Create RUNDIR/x2gobroker via tmpfiles.d system. Fixes missing dir and flawed permissions when running under systemd. - etc/x2gobroker.conf: Mention the per-profile option for enabling/disabling load checker support. - sbin/{x2gobroker-pubkeyauthorizer,x2gobroker-keygen}: Use proper octal numbers for file permissions. - sbin/x2gobroker-pubkeyauthorizer: Fix key lookup in os.environ for Python3. - sbin/x2gobroker-pubkeyauthorizer: Some string/bytecode fixes for Python3. Plus urllib -> urllib.request. - sbin/x2gobroker-pubkeyauthorizer: Improve key integrity checker and move it further up. Plus one more Python2 -> Python3 issue fixed. - sbin/x2gobroker-pubkeyauthorizer: Drop unused binascii import. - x2gobroker-pubkeyauthorizer: Tiny Python2to3 fix. - load checker integration: Make the default-use-load-checker option work like all other default-* options. - uccs frontend: Convert datetime.datetime object to string before answering the http request with it. - x2gobroker/agent (check_load()): Bail out if no remote agent is given. - x2gobroker-testagent: Convert to Python3 (using 2to3 tool). - x2gobroker-loadchecker: Python3'ify iteration over dict keys. - x2gobroker/utils.py: Provide helper functions for pretty-formatting key fingerprints. - x2gobroker-keygen: Use new fingerprint formatting functions. - x2gobroker/agent.py: Bail out if no hostaddr contained in remote_agent. - x2gobroker/agent.py: No load-checking when remote_agent is set to 'LOCAL'. - x2gobroker/agent.py: Better sanity checks for remote_agent and its dict keys hostname and hostaddr. - x2gobroker/loadchecker.py: Report properly to the logger if we fail to obtain a load factor. - x2gobroker-loadchecker.service: loadchecker service needs to chuid to system user x2gobroker. (Fixes: #1252). - x2gobroker-loadchecker.service: File ownership should be x2gobroker:x2gobroker, too. - x2gobroker-loadchecker: No chown/chmod if we are not running as root (which is mostly the case). - x2gobroker/brokers/inifile_broker.py: Make sure profile['name'] has a fallback if not given in the session profile. - x2gobroker/brokers/inifile_broker.py: Also check for presence of 'host' and 'sshport'. - UCCS API change for X2Go Sessions: Rename "SessionType" to "Command". - obligatory profile keys: Move from inifile backend to UCCS frontend, as those requirements are frontend specific. - UCCS: Start working on API version 5. - x2gobroker/uccsjson.py: Hide private Python class properties from JSON dict (like ._api_version). - UCCS frontend: Fix API version check. - UCSS frontend: Propagate API version onwards to the X2GoServer JSON generator class. - infile broker backend: Fix handling of empty lists in session profile and session profile defaults. - etc/x2gobroker-wsgi.apache.*: Drop Apache2.2 support. - Log to system broker.log file when run via x2gobroker-ssh. - Getting started documentation: Rework document, convert to markdown, install into x2gobroker bin:pkg (on DEB based systems). - Makefile.docupload: Add apidoc target (running sphinx-apidoc). - docs/source: Initialize Sphinx API documentation's .rst files. - bin/x2gobroker: If binding the http server fails, a non-zero exit code should be returned. (Fixes: #1013). - x2gobroker/loadchecker.py: Don't re-read the x2gobroker.conf during each cycle of the load checking loop. Rather read it on service startup and require a service restart when x2gobroker.conf has been changed. - x2gobroker/loadchecker.py: Avoid rare cases where at the end of a load checking cycle a negative sleep time would have been calculated. (Fixes: #1315). Thanks to Walid Moghrabi for catching this. - HTTP broker: Add &login= support to plain and json broker frontends. - SSH broker: Add --login option. This now supports X2Go Broker user and X2Go Server username being different accounts. - bin/x2gobroker: Correctly use split_host_address() function call. - bin/x2gobroker: Don't override already defined logger objects, define them properly where needed. - Convert one more unicode object into (Python3) string. - x2gobroker/tests/test_broker_agent.py: Assure that tests are run without loadchecker usage. - broker-use-load-checker profile option: Also tolerate 'TRUE' and 'True'. - x2gobroker/agent.py: Fix failing execution of LOCAL broker agent. As the LOCAL broker agent is executed setuid root, we cannot Popen.terminate() (which is unneeded anyway) the process after its execution. - Ignore SSH broker events for now. Not sure if we will ever support that. - Finalize API documentation. - Fix regression flaw in x2gobroker/web/json.py, introduced by commit 9fa371e9. * debian/*: + Trigger Makefile's install target and install those files. Drop debhelper from-source-installation magic. * debian/{control,compat}: Bump to DH version level 9. * debian/{control,x2gobroker-common.install}: + Split out common files into non-Pythonian bin:pkg. * debian/*.install: + Add EOLs at EOF. + Add tmpfiles.d files into bin:pkgs. + Fix installation to /usr/lib/python3.x paths. * debian/control: + Drop from D (several bin:pkgs): python3-argparse, argparse is shipped with Python3 core. + Switch from libapache2-mod-wsgi to libapache2-mod-wsgi-py3. + Add B-D: dh-python. + Add B-D: python3-netaddr (for unit tests). * debian/x2gobroker-loadchecker.postinst: + Do chown/chmod on the correct file (not authservice.log, but loadchecker.log). * debian/python-x2gobroker-doc.doc-base: + Drop leading white-space in Abstract: field. * x2gobroker.spec: + Adapt to Python3 port. + Bump package version. + CentOS 6 + 7 have python34-devel, not python3-devel. + Enable debug_packages for openSUSE Tumbleweed (suse_version > 1500). + CentOS 6 + 7 have python34-setuptools, not python3-setuptools. + Fix removal of conf files in tmpfiles.d where needed. + Install tmpfiles.d configs into bin:pkgs. + Only install tmpfiles.d configs on systems that support/have systemd. + Some path fixes for the new tmpfiles.d/. + Make sure the build chroot has all it needs to run the PyModule's unit tests. + Let's try to get unit tests working on Fedora first... . [ Mihai Moldovan ] * New upstream version (0.0.4.0): - src/x2gobroker-{agent,ssh}.c: catch errors in setuid wrappers and add general return clause to make compilers happy. - Makefile: make sure that we actually append our custom CFLAGS and LDFLAGS values, even if passed in through the make command line. - src/x2gobroker-{agent,ssh}.c: fix compile warnings/errors. - src/x2gobroker-{agent,ssh}.c: fix more compile errors. - misc: copyright update. - misc: switch to HTTPS-based URLs where appropriate. - man/*: update date and version stamps pre-release. - misc: add missing coding modelines. * x2gobroker.spec: - Add %debug_package macro when debugging is to be enabled, hoping that it will actually generate proper debuginfo (and -source) sub packages owning files. - Whitespace only. - Remove obsolete EPEL 5 support. - Switch to HTTPS-based links. - Use more curly braces. - Pull in gcc and redhat-rpm-config. - Re-enable debug file generation to see which OS versions still fail. - %exclude does not work with curly braces, revert. - Remove %debug_package macro usage, breaks builds nowadays. - Pass down global flags in CFLAGS and LDFLAGS. - Fix %{__global_ldflags} usage if variable does not exist. - Commands don't seem to work when wrapped in curly braces (at least on *SuSE), so revert. ------------=_1549141820-32097-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.x2go.org; 21 Nov 2017 17:25:38 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=0.7 required=3.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id 236335DACF for ; Tue, 21 Nov 2017 18:25:37 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQPJDRIQegSA for ; Tue, 21 Nov 2017 18:25:29 +0100 (CET) Received: from zm-01.servicemagic.eu (zm-01.servicemagic.eu [176.31.236.17]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id B1E415DACB for ; Tue, 21 Nov 2017 18:25:29 +0100 (CET) Received: from localhost (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id D32F28182764A for ; Tue, 21 Nov 2017 18:25:28 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 zm-01.servicemagic.eu D32F28182764A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=servicemagic.eu; s=frmailing; t=1511285128; bh=QKmLM2TdlaXzJ36gWvOiQ7c78G6AKzRhsAgK6lAmNwA=; h=Date:From:To:In-Reply-To:Subject:From; b=XQ4eNmHyyI0/sB9riyPH0L2XmGk51aKfpYh6AcrGLpqY6BLP57lllOJRwK7wQUR/0 mI3qD/1QyHL0pmvWSknzoQn7GZ/C/EIxcdicxOeKCFBhcDTBDDcHblU8/1+hr7BadN XPJqaykTJ4Zv+aQYUdwNIlm07ygfxCBjIXebTR3Q= X-Amavis-Modified: Mail body modified (using disclaimer) - zm-01.servicemagic.eu X-Virus-Scanned: amavisd-new at servicemagic.eu Received: from zm-01.servicemagic.eu ([127.0.0.1]) by localhost (zm-01.servicemagic.eu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzM3EMNZLojE for ; Tue, 21 Nov 2017 18:25:23 +0100 (CET) Received: from zm-01.servicemagic.eu (localhost.localdomain [127.0.0.1]) by zm-01.servicemagic.eu (Postfix) with ESMTP id EE51781D547FB for ; Tue, 21 Nov 2017 18:23:32 +0100 (CET) Date: Tue, 21 Nov 2017 18:23:32 +0100 (CET) From: Walid MOGHRABI To: submit@bugs.x2go.org Message-ID: <2074085984.30965501.1511285012453.JavaMail.root@servicemagic.eu> In-Reply-To: <973808472.30963275.1511284532921.JavaMail.root@servicemagic.eu> Subject: acl-users-allow=ALL superceeds acl-users-deny MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_30965499_1827115678.1511285012453" X-Originating-IP: [10.33.100.47] X-Mailer: Zimbra 7.2.0_GA_2669 (ZimbraWebClient - GC62 (Linux)/7.2.0_GA_2669) ------=_Part_30965499_1827115678.1511285012453 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit package: x2gobroker priority: normal tags: patch When using ACLs with the session broker, I wanted to give access to a session setting to ALL users EXCEPT some (namely "formation{1..9}"). I tried this but it didn't work : ================================================= [TRAVAUX] fullscreen=true clipboard=none name=TRAVAUX host=tce-server (10.10.10.1) acl-users-allow=ALL acl-users-deny=formation1, formation2, formation3, formation4, formation5, formation6, formation7, formation8, formation9 acl-any-order=deny-allow ================================================= I played with many settings, changing order, using only the "acl-users-deny" option, ... none of them worked as expected. I ended in thinking that there was a bug with acl-users-allow=ALL which was taking over any other setting. I did a little fix that seem to work, at least for this use case. Regards, Walid Moghrabi TRAVAUX.COM BAT I - PARC CEZANNE 2 290 AVENUE GALILEE - CS 80403 13591 AIX EN PROVENCE CEDEX 3 --- DISCLAIMER: This e-mail is private and confidential and may contain proprietary or legally privileged information. It is for the intended recipient only. If you have received this email in error, please notify the author by replying to it and then destroy it. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail or any attachment. Thank you ------=_Part_30965499_1827115678.1511285012453 Content-Type: text/x-patch; name=x2gobroker_acl-users-allow.patch Content-Disposition: attachment; filename=x2gobroker_acl-users-allow.patch Content-Transfer-Encoding: base64 ZGlmZiAtLWdpdCBhLy5naXRpZ25vcmUgYi8uZ2l0aWdub3JlCmluZGV4IDcyODhlZjUuLjE2MDU5 MjUgMTAwNjQ0Ci0tLSBhLy5naXRpZ25vcmUKKysrIGIvLmdpdGlnbm9yZQpAQCAtOSwzICs5LDUg QEAgZGViaWFuLyoucHJlcm0uZGViaGVscGVyCiBkZWJpYW4vKi5zdWJzdHZhcnMKIGRlYmlhbi8q eDJnbyovCiAqLmVnZy1pbmZvLworLy5wcm9qZWN0CisvLmdpdGlnbm9yZQpkaWZmIC0tZ2l0IGEv eDJnb2Jyb2tlci9icm9rZXJzL2Jhc2VfYnJva2VyLnB5IGIveDJnb2Jyb2tlci9icm9rZXJzL2Jh c2VfYnJva2VyLnB5CmluZGV4IGI2YTZlZTYuLjc5NTVjZGMgMTAwNjQ0Ci0tLSBhL3gyZ29icm9r ZXIvYnJva2Vycy9iYXNlX2Jyb2tlci5weQorKysgYi94MmdvYnJva2VyL2Jyb2tlcnMvYmFzZV9i cm9rZXIucHkKQEAgLTQzMSw3ICs0MzEsNyBAQCBjbGFzcyBYMkdvQnJva2VyKG9iamVjdCk6CiAg ICAgICAgICAgICBfYWxsb3dfdXNlciA9IEZhbHNlCiAgICAgICAgICAgICBfZGVueV91c2VyID0g RmFsc2UKIAotICAgICAgICAgICAgaWYgdXNlcm5hbWUgaW4gX2FjbHNbJ2FjbC11c2Vycy1hbGxv dyddIG9yICdBTEwnIGluIF9hY2xzWydhY2wtdXNlcnMtYWxsb3cnXToKKyAgICAgICAgICAgIGlm ICh1c2VybmFtZSBpbiBfYWNsc1snYWNsLXVzZXJzLWFsbG93J10gb3IgJ0FMTCcgaW4gX2FjbHNb J2FjbC11c2Vycy1hbGxvdyddKSBhbmQgdXNlcm5hbWUgbm90IGluIF9hY2xzWydhY2wtdXNlcnMt ZGVueSddOgogICAgICAgICAgICAgICAgIF9hbGxvd191c2VyX292ZXJyaWRlID0gVHJ1ZQogICAg ICAgICAgICAgICAgIF9hbGxvd191c2VyID0gVHJ1ZQoK ------=_Part_30965499_1827115678.1511285012453-- ------------=_1549141820-32097-0--