X2Go Bug report logs - #1131
x2gosqlitewrapper - Session not opening when username starts with a number

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Frank Knoben <admin@igpm.rwth-aachen.de>

Date: Mon, 9 Jan 2017 13:40:01 UTC

Severity: normal

Found in version 4.0.1.20

Full log


Message #10 received at 1131@bugs.x2go.org (full text, mbox, reply):

Received: (at 1131) by bugs.x2go.org; 9 Jan 2017 13:55:21 +0000
From X2Go-ML-1@baur-itcs.de  Mon Jan  9 14:55:19 2017
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from localhost (localhost [127.0.0.1])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTP id D723A3CC60
	for <1131@bugs.x2go.org>; Mon,  9 Jan 2017 14:55:18 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de
Received: from ymir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id kmNIBV11elWz for <1131@bugs.x2go.org>;
	Mon,  9 Jan 2017 14:55:12 +0100 (CET)
X-Greylist: delayed 304 seconds by postgrey-1.34 at ymir.das-netzwerkteam.de; Mon, 09 Jan 2017 14:55:12 CET
Received: from mout.kundenserver.de (mout.kundenserver.de [217.72.192.75])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 17B543CC5F
	for <1131@bugs.x2go.org>; Mon,  9 Jan 2017 14:55:12 +0100 (CET)
Received: from [192.168.0.23] ([78.43.90.159]) by mrelayeu.kundenserver.de
 (mreue102 [212.227.15.145]) with ESMTPSA (Nemesis) id
 0MWRtC-1bxXAf46pe-00Xeaz; Mon, 09 Jan 2017 14:50:04 +0100
Subject: Re: [X2Go-Dev] Bug#1131: x2gosqlitewrapper - Session not opening when
 username starts with a number
To: Frank Knoben <admin@igpm.rwth-aachen.de>, 1131@bugs.x2go.org
References: <9ed12fe6-4cf4-1730-5bef-318186c77ecd@igpm.rwth-aachen.de>
From: Stefan Baur <X2Go-ML-1@baur-itcs.de>
Message-ID: <0a8205f7-aa75-13f6-071d-1b52a4f74858@baur-itcs.de>
Date: Mon, 9 Jan 2017 14:50:01 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <9ed12fe6-4cf4-1730-5bef-318186c77ecd@igpm.rwth-aachen.de>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="LXVhf6wACA7xI6qLMFdTprTKE9csapXBJ"
X-Provags-ID: V03:K0:/AFG0GqdPWwfJKZZAOepon4aCv+oG0czaDe/VR5g5t6iWdFlxQe
 vTsGk73Fz7O4BfXkG7wfcSYGb+LJY8Oqf49cb9XiIEbcD+mv/zds6aF+8KiAr9BoB+jrAl2
 uCWwHTDvAn3sdf2oWfvlidzFxGK1FRw36DlisWOcMkuBJanB1hLd9PgAfsks3kfBAXhYfNh
 b8qLc/MEAHL26NED+8R1w==
X-UI-Out-Filterresults: notjunk:1;V01:K0:t6w7ILDlmwA=:BQs9fHX6tykuADdm1h/uJN
 NJ3dD7NJknXUSQMjQDz2Thin0CKuf50fwdtb4OLzDsxklWLZPZCR3zzDzjhl8wu5fTnHuWBNm
 Bod4LiPQdlLmltyW6hML5KW0EYbnlmLLlepTV4azpR39igqmhlkRIACen8J4+kq+JF+gScN3i
 lxETrhILjGU1aZIRM95riJDn1DbIiXISR0cM6UMzNqd4CjgtNBeAL9NGfPMYc7e0pCeeuvYg0
 KD8Rx1gU4H14TZSkXN7klZ6nElCPPodmLxrJ9NX4x4bNtm1J3wMU+uFz9iGbN/WUTmHN7XWUJ
 rA/MSyNWmetvKhJ7gkb/pfb8rXAiNNNrloqS4+PGNa2Egnhb4LpCxLxpwvozwxGfRgEiWZY5c
 7qsLgn2EcVlgCWSMzS5sgtNkJR1nMlAk7RN71H1bLRFT2box/Z9RfdIwpxdx/3yUN4VUoeVHg
 iWvNgIfah/xr68oCzSkRZs0cyvf+DyzlPLOEYgktxdnCd0d0eEgvfD5A7TWH/hobqe78b587g
 0gAVpv/QRc/+msGl6eJ1ytqb641oQfNsNJXtGp2Tj1l5/CDmIB+y3Dan4TSm8tqo7aGcYouZq
 T929ZYg9wKqvahb35poUoRJBjuVPGqo55H1m8PekdPd2h84CmQU/ZqN3BFa9sjV9agSgeSPQg
 Q0sp5U74ZS/dxYGjbt0EX7IYl0AeIHAWVSxuFIsXXuRS7XWYuFkd9Kv57hXb3t1ATGsA=
[Message part 1 (text/plain, inline)]
reassign -1 x2goserver

Hi,

this problem occurs because your user names are violating the POSIX
standard, which states that usernames must not begin with digits.

Let me guess, you are authenticating against a Windows Domain / Active
Directory, which obviously doesn't care about POSIX (well, why should it).

So far, our stance was that we should conform to POSIX standards.

However, this issue has cropped up quite a bit lately, so maybe adding
support for corresponding config options to /etc/x2go/x2goserver.conf
would be an idea - something like

# support usernames that violate POSIX standard
allow_usernames_with_leading_digit=true|false
allow_usernames_with_backslashes=true|false # would fix Bug #227 as well

And while we're at it, let me suggest these as well, just for good
measure - not sure if they still pose a problem but we did have issues
with at least dashes in the past (ca. 2012):
allow_usernames_with_slashes=true|false
allow_usernames_with_dashes=true|false
allow_usernames_with_spaces=true|false

I wonder what the developers think about this approach?

Kind Regards,
Stefan Baur

Am 09.01.2017 um 14:25 schrieb Frank Knoben:
> Package: x2gosqlitewrapper
> Version: 4.0.1.20-3.4
> 
> When a username starts with a number, the session on the client computer
> will not open, after connecting to the server.
> The problem lies within x2gosqlitewrapper.pl in the sanitizer function.
> This function will return 0 in the  $type eq "x2gosid" case, when the
> username starts with a number.
> My workaround is to add a 0-9 in the line number 67 of x2gosqlitewrapper.pl
> 
> 
> diff x2gosqlitewrapper.pl x2gosqlitewrapper.pl.original
> 67c67
> <                       if ($string =~
> /^([a-zA-Z0-9\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
> {
> ---
>>                       if ($string =~
>> /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
>> {
> 
> 
> elsif ($type eq "x2gosid") {
>                 $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g;
>                 if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) {
>                         $string = $1;
> -                        if ($string =~
> /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
> {
> +                        if ($string =~
> /^([a-zA-Z0-9\_][a-zA-Z0-9\_\-\.\@]{0,47}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/)
> {
>                                 if ((length($1) > 0) and (length($1) <
> 48)){
>                                         return $string;
>                                 } else {return 0;}
>                         } else {return 0;}
>                 } else {return 0;}
>         }
> 
> I  am using a OpenSuSE Leap System with x2goserver Version 4.0.1.20-3.4
> 
> Sincerly
> 
> Frank Knoben
> _______________________________________________
> x2go-dev mailing list
> x2go-dev@lists.x2go.org
> http://lists.x2go.org/listinfo/x2go-dev


-- 
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Apr 19 09:48:17 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.