X2Go Bug report logs - #1131
x2gosqlitewrapper - Session not opening when username starts with a number

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Frank Knoben <admin@igpm.rwth-aachen.de>

Date: Mon, 9 Jan 2017 13:40:01 UTC

Severity: normal

Found in version 4.0.1.20

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, owner@bugs.x2go.org:
Bug#1131; Package x2gosqlitewrapper. (Mon, 09 Jan 2017 13:40:01 GMT) (full text, mbox, link).


Acknowledgement sent to Frank Knoben <admin@igpm.rwth-aachen.de>:
New Bug report received and forwarded. Copy sent to owner@bugs.x2go.org. (Mon, 09 Jan 2017 13:40:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Frank Knoben <admin@igpm.rwth-aachen.de>
To: submit@bugs.x2go.org
Subject: x2gosqlitewrapper - Session not opening when username starts with a number
Date: Mon, 9 Jan 2017 14:25:59 +0100
Package: x2gosqlitewrapper
Version: 4.0.1.20-3.4

When a username starts with a number, the session on the client computer will not open, after connecting to the server.
The problem lies within x2gosqlitewrapper.pl in the sanitizer function.
This function will return 0 in the  $type eq "x2gosid" case, when the username starts with a number.
My workaround is to add a 0-9 in the line number 67 of x2gosqlitewrapper.pl


diff x2gosqlitewrapper.pl x2gosqlitewrapper.pl.original
67c67
<                       if ($string =~ /^([a-zA-Z0-9\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {
---
>                       if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {


elsif ($type eq "x2gosid") {
                $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g;
                if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) {
                        $string = $1;
-                        if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {
+                        if ($string =~ /^([a-zA-Z0-9\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) {
                                if ((length($1) > 0) and (length($1) < 48)){
                                        return $string;
                                } else {return 0;}
                        } else {return 0;}
                } else {return 0;}
        }

I  am using a OpenSuSE Leap System with x2goserver Version 4.0.1.20-3.4

Sincerly

Frank Knoben


Information forwarded to x2go-dev@lists.x2go.org, owner@bugs.x2go.org:
Bug#1131; Package x2gosqlitewrapper. (Mon, 09 Jan 2017 14:00:02 GMT) (full text, mbox, link).


Acknowledgement sent to Stefan Baur <X2Go-ML-1@baur-itcs.de>:
Extra info received and forwarded to list. Copy sent to owner@bugs.x2go.org. (Mon, 09 Jan 2017 14:00:02 GMT) (full text, mbox, link).


Message #10 received at 1131@bugs.x2go.org (full text, mbox, reply):

From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
To: Frank Knoben <admin@igpm.rwth-aachen.de>, 1131@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1131: x2gosqlitewrapper - Session not opening when username starts with a number
Date: Mon, 9 Jan 2017 14:50:01 +0100
[Message part 1 (text/plain, inline)]
reassign -1 x2goserver

Hi,

this problem occurs because your user names are violating the POSIX
standard, which states that usernames must not begin with digits.

Let me guess, you are authenticating against a Windows Domain / Active
Directory, which obviously doesn't care about POSIX (well, why should it).

So far, our stance was that we should conform to POSIX standards.

However, this issue has cropped up quite a bit lately, so maybe adding
support for corresponding config options to /etc/x2go/x2goserver.conf
would be an idea - something like

# support usernames that violate POSIX standard
allow_usernames_with_leading_digit=true|false
allow_usernames_with_backslashes=true|false # would fix Bug #227 as well

And while we're at it, let me suggest these as well, just for good
measure - not sure if they still pose a problem but we did have issues
with at least dashes in the past (ca. 2012):
allow_usernames_with_slashes=true|false
allow_usernames_with_dashes=true|false
allow_usernames_with_spaces=true|false

I wonder what the developers think about this approach?

Kind Regards,
Stefan Baur

Am 09.01.2017 um 14:25 schrieb Frank Knoben:
> Package: x2gosqlitewrapper
> Version: 4.0.1.20-3.4
> 
> When a username starts with a number, the session on the client computer
> will not open, after connecting to the server.
> The problem lies within x2gosqlitewrapper.pl in the sanitizer function.
> This function will return 0 in the  $type eq "x2gosid" case, when the
> username starts with a number.
> My workaround is to add a 0-9 in the line number 67 of x2gosqlitewrapper.pl
> 
> 
> diff x2gosqlitewrapper.pl x2gosqlitewrapper.pl.original
> 67c67
> <                       if ($string =~
> /^([a-zA-Z0-9\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
> {
> ---
>>                       if ($string =~
>> /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
>> {
> 
> 
> elsif ($type eq "x2gosid") {
>                 $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g;
>                 if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) {
>                         $string = $1;
> -                        if ($string =~
> /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
> {
> +                        if ($string =~
> /^([a-zA-Z0-9\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
> {
>                                 if ((length($1) > 0) and (length($1) <
> 48)){
>                                         return $string;
>                                 } else {return 0;}
>                         } else {return 0;}
>                 } else {return 0;}
>         }
> 
> I  am using a OpenSuSE Leap System with x2goserver Version 4.0.1.20-3.4
> 
> Sincerly
> 
> Frank Knoben
> _______________________________________________
> x2go-dev mailing list
> x2go-dev@lists.x2go.org
> http://lists.x2go.org/listinfo/x2go-dev


-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

[signature.asc (application/pgp-signature, attachment)]

Acknowledgement sent to Stefan Baur <X2Go-ML-1@baur-itcs.de>:
Extra info received and filed, but not forwarded. (Mon, 09 Jan 2017 14:10:02 GMT) (full text, mbox, link).


Message #13 received at 1131-quiet@bugs.x2go.org (full text, mbox, reply):

From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
To: 1131-quiet@bugs.x2go.org
Subject: Bug#1131: x2gosqlitewrapper - Session not opening when username starts with a number
Date: Mon, 9 Jan 2017 15:05:06 +0100
[Message part 1 (text/plain, inline)]
reassign -1 x2goserver
thanks

-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

[signature.asc (application/pgp-signature, attachment)]

Bug reassigned from package 'x2gosqlitewrapper' to 'x2goserver'. Request was from Mihai Moldovan <ionic@ionic.de> to control@bugs.x2go.org. (Tue, 10 Jan 2017 11:15:02 GMT) (full text, mbox, link).


No longer marked as found in versions 4.0.1.20-3.4. Request was from Mihai Moldovan <ionic@ionic.de> to control@bugs.x2go.org. (Tue, 10 Jan 2017 11:15:02 GMT) (full text, mbox, link).


Marked as found in versions 4.0.1.20. Request was from Mihai Moldovan <ionic@ionic.de> to control@bugs.x2go.org. (Tue, 10 Jan 2017 11:15:02 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Dec 22 05:27:59 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.