Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Operation not permitted (connect failed) #10237

Closed
cyberduck opened this issue Feb 24, 2018 · 19 comments
Closed

Operation not permitted (connect failed) #10237

cyberduck opened this issue Feb 24, 2018 · 19 comments
Assignees
Labels
Milestone

Comments

@cyberduck
Copy link
Collaborator

74e3d70 created the issue

this is the massage i got when i try to connect however the I'm sure the connection is good with no problem.

"Operation not permitted (connect failed). The connection attempt was rejected. The server may be down, or your network may not be properly configured".


Attachments

@cyberduck
Copy link
Collaborator Author

96a0c75 commented

All connections are failing after update to Version 6.4.1 (27633) on macOS High Sierra Version 10.13.3. I was using Cyberduck with no issues immediately prior to installing both the CyberDuck 6.4.1 update immediately followed by the macOS His Sierra Supplemental Update. After the required restart, Cyberduck will no longer connect to any of my servers using FTP. I have not tested SFTP.

Message received: "CONNECTION FAILED - Operation not permitted (connect failed). The connection attempt was rejected. The server may be down, or your network may not be properly configured. [Network Diagnostics] [Cancel] [Try Again]"

@cyberduck
Copy link
Collaborator Author

@dkocher commented

We can reproduce this issue – thanks for notifying us about this severe issue. It looks like the codesigning security entitlements are not properly applied by the Mac App Store download. We are in contact with Apple Developer Support to get a resolution as soon as possible.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Fucked up entitlements for downloaded bundle from Mac App Store.

codesign -d --entitlements - /Applications/Cyberduck.app/
Executable=/Applications/Cyberduck.app/Contents/MacOS/Cyberduck
??qq?<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE plist PUBLIC "_Apple_DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>com.apple.security.network.server</key>
		<true/>

		<key>com.apple.security.files.bookmarks.app-scope</key>
		<true/>

		<key>com.apple.security.app-sandbox</key>
		<true/>

		<key>com.apple.security.files.bookmarks.document-scope</key>
		<true/>

		<key>com.apple.security.application-groups</key>
		<array>
			<string>G69SCX94XU.duck</string>
		</array>

		<key>com.apple.security.scripting-targets</key>
		<dict>
			<key>com.apple.systempreferences</key>
			<array>
				<string>preferencepane.reveal</string>
			</array>

		</dict>

	</dict>
</plist>

Missing several keys such as

        <key>com.apple.security.network.client</key>
        <!-- The ability to open an outgoing connection to another machine -->
        <true/>

from the original entitlements for the submitted binary

mellifera:~ dkocher$ codesign -d --entitlements - ~/Downloads/Cyberduck.app/
Executable=/Users/dkocher/Downloads/Cyberduck.app/Contents/MacOS/Cyberduck
??qqn<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "_Apple_DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
    <dict>
        <key>com.apple.security.app-sandbox</key>
        <true/>
        <key>com.apple.security.files.bookmarks.app-scope</key>
        <true/>
        <key>com.apple.security.files.bookmarks.document-scope</key>
        <true/>
        <key>com.apple.security.network.server</key>
        <!-- The ability to open a socket for listening. Used for Active (PORT) FTP data connections -->
        <true/>
        <key>com.apple.security.network.client</key>
        <!-- The ability to open an outgoing connection to another machine -->
        <true/>
        <key>com.apple.security.files.downloads.read-write</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-write</key>
        <true/>
        <key>com.apple.security.print</key>
        <!-- The ability to print -->
        <true/>
        <key>com.apple.security.application-groups</key>
        <array>
            <string>G69SCX94XU.duck</string>
        </array>
        <key>com.apple.security.scripting-targets</key>
        <dict>
            <key>com.apple.systempreferences</key>
            <array>
                <string>preferencepane.reveal</string>
            </array>
        </dict>
    </dict>
</plist>

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10239 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10241 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10238 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10242 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10243 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

We submitted rdar://37934094.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10248 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10246 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10244 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

87d9e23 commented

Today (2018-02-27) I tested the version 6.4.2 on appstore, but I still get the same error

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10250 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Milestone renamed

@cyberduck
Copy link
Collaborator Author

@dkocher commented

The issue has been resolved with version 6.4.3 now available in the Mac App Store. The fix is in 2825d81 deleting all comments in the codesign entitlements used to sign the application bundle. This file was last changed in 2015 (9aa0095) and caused no problems previously. Surely, some amateur at Apple has changed how the XML file is processed causing lines to be missed. The current entitlements processed on the application bundle signed by Apple still shows some different formatting with additional line breaks

mellifera:~ dkocher$ codesign -d --entitlements - /Applications/Cyberduck.app/
Executable=/Applications/Cyberduck.app/Contents/MacOS/Cyberduck
??qq?<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE plist PUBLIC "_Apple_DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
	<dict>
		<key>com.apple.security.network.server</key>
		<true/>

		<key>com.apple.security.files.bookmarks.app-scope</key>
		<true/>

		<key>com.apple.security.app-sandbox</key>
		<true/>

		<key>com.apple.security.files.downloads.read-write</key>
		<true/>

		<key>com.apple.security.files.bookmarks.document-scope</key>
		<true/>

		<key>com.apple.security.network.client</key>
		<true/>

		<key>com.apple.security.files.user-selected.read-write</key>
		<true/>

		<key>com.apple.security.print</key>
		<true/>

		<key>com.apple.security.application-groups</key>
		<array>
			<string>G69SCX94XU.duck</string>
		</array>

		<key>com.apple.security.scripting-targets</key>
		<dict>
			<key>com.apple.systempreferences</key>
			<array>
				<string>preferencepane.reveal</string>
			</array>

		</dict>

	</dict>
mellifera:~ dkocher$ open /Applications/Cyberduck.app/

We could only fix this with an educated guess but had no support from Apple so far from both rdar://37934094 and Developer Technical Support (Issue 685632930).

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10251 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10252 closed as duplicate.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

#10253 closed as duplicate.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants