-
-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTML5 client fails to authenticate when AES encryption is used #3475
Comments
Confirmed. Comparing a working python client:
with the failing html5 client:
|
I have found the problem, this was caused by #3229. The quick and dirty fix for the server is this one: --- a/xpra/net/crypto.py
+++ b/xpra/net/crypto.py
@@ -141,7 +141,7 @@ def get_iterations() -> int:
def new_cipher_caps(proto, cipher, cipher_mode, encryption_key, padding_options) -> dict:
assert backend
iv = get_iv()
- key_salt = get_salt()
+ key_salt = get_salt().decode("latin1")
key_size = DEFAULT_KEYSIZE
key_hash = DEFAULT_KEY_HASH
key_stretch = DEFAULT_KEY_STRETCH But I'm not sure that this is the solution I'm going to apply. |
The correct fix: This will be included in the next html5 client release. |
Your xpra-html5-only fix Xpra-org/xpra-html5@0d2d584 was not enough for us. I needed to add the fix from aboce #3475 (comment)
and open it in the browser with
(we are using the current Xpra release 4.3.2) |
@jhgoebbert is your connection using |
I can find this in
So I expect to have both installed. |
When I connect to Xpra's Windows client and check
But that is already after the error message which pops ups at Xpra's server start anyway. |
|
Good!
My guess is that the python conversion to bytes preserves one byte for every |
@jhgoebbert I'm out of ideas, I cannot make it break no matter how hard I try. There must be something different in your setup. Please try the steps from the OP to confirm that these do work. --- a/html5/js/Protocol.js
+++ b/html5/js/Protocol.js
@@ -633,6 +633,10 @@ XpraProtocol.prototype.setup_cipher = function(caps, key, setup_fn) {
throw "unsupported encryption specified: '"+cipher+"'";
}
let key_salt = caps["cipher.key_salt"];
+ console.warn("key_salt=", key_salt);
+ console.log("key_salt=", key_salt.constructor);
+ console.log("key_salt=", typeof key_salt);
+ console.log("from packet encoder", this.packet_encoder);
if (typeof key_salt !== 'string') {
key_salt = String.fromCharCode.apply(null, key_salt);
} And the salt always arrives as a I even tried forcing a different initial packet encoder by starting the server with --- a/html5/js/Protocol.js
+++ b/html5/js/Protocol.js
@@ -110,7 +110,7 @@ function XpraProtocol() {
//Queue processing via intervals
this.process_interval = 0; //milliseconds
- this.packet_encoder = "bencode";
+ this.packet_encoder = "rencodeplus";
}
XpraProtocol.prototype.close_event_str = function(event) { Still works fine. |
Sorry, for my late reply. I could not go on before the weekend.
I need to add this (2):
Let me check now, if I can get more details ... |
I added the patch for more console.logs from your comment above and build Xpra 4.3.2 (without patching crypto.py) with:
The URL parameter are:
|
Are you still running through JupyterLab or are you using the exact command lines from this ticket. PASSWORD=YOURPASSWORD
AES_KEY=0123456789ABCDEF
echo -n $PASSWORD > $HOME/password.txt
echo -n $AES_KEY > $HOME/key.txt
xpra start :10 --socket-dir=$HOME/sdir --bind-tcp=0.0.0.0:10000,encryption=AES,auth=file:filename=$HOME/password.txt,keyfile=$HOME/key.txt -d auth,crypto --html=on --start=xterm --no-daemon xdg-open "http://localhost:10000/index.html?username=$USER&password=$PASSWORD&encryption=AES&key=$AES_KEY" These instructions work for me with all the versions I've tried (xpra git master, 4.3.2) as long as I use the latest html5 client running in Firefox and Chrome. @jhgoebbert : If you are still having problems with these exact steps then perhaps you are not using the versions that you think you are, or somehow you are deviating from them in some way. |
I build Xpra from the sources
so I need to patch Xpra's |
Please try the official xpra.org builds instead - you will need the beta area to get the latest html5 client.
This change is not an acceptable solution and will not be applied without really understanding the issue. |
Run your server with |
I was really looking at the wrong place. The issue came from a non-existing path on our system, which was used by Xpra. |
As per https://github.com/Xpra-org/xpra/wiki/Reporting-Bugs |
You are right. I was wasting time of you (and also of myself). Sorry. |
Describe the bug
When I try to connect to the password protected Xpra server with AES encryption using HTML5 client, the authentication fails with
missing encryption tokens
message. Here is the relevant log:To Reproduce
Steps to reproduce the behavior:
server command
client command
xdg-open "http://localhost:10000/index.html?username=$USER&password=$PASSWORD&encryption=AES&key=$AES_KEY"
System Information (please complete the following information):
Additional context
Add any other context about the problem here.
Please see "reporting bugs" in the wiki section.
The text was updated successfully, but these errors were encountered: