GNOME Bugzilla – Bug 724133
No feedback on xfreerdp failures or user prompts
Last modified: 2014-11-26 08:37:01 UTC
Vinagre version: 3.10.1-1 and master freerdp version: 1.0.2-3 and 1.1.0~beta1 xfreerdp might prompt for a password or might ask the user to trust an invalid certificate. When vinagre is started from the command line one can see the following output $ vinagre connected to windows:3389 Password: It's possible to enter a password here but in my case I will be greeted with @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: CERTIFICATE NAME MISMATCH! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ The hostname used for this connection (windows) does not match the name given in the certificate: windows.domain.local A valid certificate for the wrong name should NOT be trusted! Certificate details: Subject: CN = windows.domain.local Issuer: CN = windows.domain.local Thumbprint: ab:cd:ef:01:23:45:cc:1d:94:81:81:34:8c:63:38:00:00:00:00 The above X.509 certificate could not be verified, possibly because you do not have the CA certificate in your certificate store, or the certificate has expired. Please look at the documentation on how to create local certificate store for a private CA. Do you trust the above certificate? (Y/N) Error: Could not read answer from stdin. SSL_write: Failure in SSL library (protocol error?) Authentication failure, check credentials. If credentials are valid, the NTLMSSP implementation may be to blame. It's not possible to answer the certificate question. This seems to be a limitation of the way xfreerdp is started. If my understanding is correct then the user will only see a error dialog when the command is unavailable or when something else prevents the execution of xfreerdp. But actual stdout/strerr output and return code is never checked and the tab just gets removed when the command ends.
Vinagre should either parse the output from xfreerdp or use the FreeRDP API inside the RDP plugin and handle the prompts with dialogues or some other mechanism inside Vinagre.
*** Bug 724723 has been marked as a duplicate of this bug. ***
Hi. There I get the same bls ehavior on a clean install of Fedora 20. Vinagre Version: 3.10.2 Vinagre Release: 1.fc20 FreeRDP Version: 1.0.2 FreeRDP Release: 6.fc20 Console output $ vinagre connected to some-server.domain.com:3389 Password: Certificate details: Subject: CN = some-server.domain.com Issuer: CN = some-server.domain.com Thumbprint: 05:6e:3d:56:6c:ca:09:f0:fa:58:19:ad:0b:41:61:27:7c:2c:60 The above X.509 certificate could not be verified, possibly because you do not have the CA certificate in your certificate store, or the certificate has expired. Please look at the documentation on how to create local certificate store for a private CA. Do you trust the above certificate? (Y/N) Error: Could not read answer from stdin. SSL_write: Failure in SSL library (protocol error?) Authentication failure, check credentials. If credentials are valid, the NTLMSSP implementation may be to blame. Launching freerdp from the console works just fine.
Created attachment 280966 [details] [review] Ask for certificate verification if needed The attached patch adds dialogs for asking of user whether he accepts certificate of the remote host if it is not known yet or if it has changed. It works with freerdp 1.0 and also freerdp 1.2. I've tested it with a Windows 7 Professional machine. The patch implements callbacks for VerifyCertificate and VerifyChangedCertificate members of the "freerdp" structure. It doesn't implement VerifyX509Certificate member of the structure (the previous two were enough during my testing and from the documentation it is not clear when this PEM-format callback is triggered). I'm just not sure about the wording. So I would appreciate if you could check that or propose something better. Regards Marek
Created attachment 280970 [details] screenshot of confirmation of an unknown certificate
Created attachment 280971 [details] screenshot of confirmation of changed certificate
Review of attachment 280966 [details] [review]: Looks simple and good in general, just some comments about dialog layout. The old (GNOME 2) HIG has some relevant guidance about alert dialog layout: https://developer.gnome.org/hig-book/stable/windows-alert.html.en#alert-text For the certificate information, is there a way to get the raw certificate data out of freerdp in some way? It would be nice (though not a blocker to merging this patch) to use Gcr to render the certificate information in a friendly way. gcr_simple_certificate_new() would seems ideal, if there is a way to get the raw DER certificate data. ::: data/vinagre.ui @@ +846,3 @@ </action-widgets> </object> + <object class="GtkDialog" id="certificate_changed_dialog"> This should probably be a GtkMessageDialog, as that seems to fit the "confirmation" nature of the dialog quite well. @@ +849,3 @@ + <property name="can_focus">False</property> + <property name="border_width">12</property> + <property name="title" translatable="yes">Certificate Verification</property> This should be the "text" property of the GtkMessageDialog. @@ +962,3 @@ + <property name="xalign">0</property> + <property name="label" translatable="yes">The remote host has changed its certificate. +Do you trust the new certificate?</property> If you switch this to a GtkMessageDialog, the string would seem to belong quite well in the "secondary-message" property. That will be styled by the relevant GTK+ theme, so it is best not to set the weight of the text.
Created attachment 281370 [details] [review] Ask for certificate verification if needed (In reply to comment #7) > Review of attachment 280966 [details] [review]: > > Looks simple and good in general, just some comments about dialog layout. The > old (GNOME 2) HIG has some relevant guidance about alert dialog layout: > > https://developer.gnome.org/hig-book/stable/windows-alert.html.en#alert-text > > For the certificate information, is there a way to get the raw certificate data > out of freerdp in some way? It would be nice (though not a blocker to merging > this patch) to use Gcr to render the certificate information in a friendly way. > gcr_simple_certificate_new() would seems ideal, if there is a way to get the > raw DER certificate data. It is possible to set the VerifyX509Certificate member of the freerdp structure which should receive the certificate in PEM format. I'll try to check how it works once I'll have a Windows machine available again. > ::: data/vinagre.ui > @@ +846,3 @@ > </action-widgets> > </object> > + <object class="GtkDialog" id="certificate_changed_dialog"> > > This should probably be a GtkMessageDialog, as that seems to fit the > "confirmation" nature of the dialog quite well. I've changed that to the GtkMessageDialog. > @@ +849,3 @@ > + <property name="can_focus">False</property> > + <property name="border_width">12</property> > + <property name="title" translatable="yes">Certificate > Verification</property> > > This should be the "text" property of the GtkMessageDialog. Done. > @@ +962,3 @@ > + <property name="xalign">0</property> > + <property name="label" translatable="yes">The remote host has > changed its certificate. > +Do you trust the new certificate?</property> > > If you switch this to a GtkMessageDialog, the string would seem to belong quite > well in the "secondary-message" property. That will be styled by the relevant > GTK+ theme, so it is best not to set the weight of the text. Done.
Created attachment 281371 [details] screenshot of confirmation of an unknown certificate
Created attachment 281372 [details] screenshot of confirmation of changed certificate
Comment on attachment 281370 [details] [review] Ask for certificate verification if needed Thanks for the updated patch! For the Gcr prompts, that can be dealt with later, so I have merged your patch to master now.
*** Bug 724135 has been marked as a duplicate of this bug. ***
Might be too late now, but usually GNOME dialogue buttons are descriptive rather than Yes/No; can I suggest something like "Don't Trust/Trust"?
*** Bug 734643 has been marked as a duplicate of this bug. ***
Do you think this could be backported to 3.12 branch as well?
(In reply to comment #13) > Might be too late now, but usually GNOME dialogue buttons are descriptive > rather than Yes/No; can I suggest something like "Don't Trust/Trust"? I opted for Connect/Cancel: https://git.gnome.org/browse/vinagre/commit/?id=853314e1a72f242ec95854f5eb36c14068452d6b (In reply to comment #15) > Do you think this could be backported to 3.12 branch as well? This is a large UI change, so it will not be backported to a branch which is in UI freeze.
The question is "Do you trust the new certificate?", so there are two problems with "Connect/Cancel": * Neither is an answer to the actual question. * If the user clicks "Connect", have they then permanently trusted the certificate/will they never see the dialogue again? There are three possible actions I can see a user wanting to take with an untrusted cert: * Leave as untrusted/don't connect * Leave as untrusted/connect this time * Set as trusted/connect I suggest a 3-button dialogue with something that covers the above cases (with the buttons being meaningful without context).
*** Bug 740663 has been marked as a duplicate of this bug. ***