X2Go Bug report logs - #1550
X2Go/Server/DB/SQLite3.pm: Reads shadow entry ($pass) but it is never used

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Paul Menzel <pmenzel@molgen.mpg.de>

Date: Wed, 2 Jun 2021 11:40:02 UTC

Severity: normal

Found in version 4.1.0.3

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1550; Package x2goserver. (Wed, 02 Jun 2021 11:40:02 GMT) (full text, mbox, link).


Acknowledgement sent to Paul Menzel <pmenzel@molgen.mpg.de>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Wed, 02 Jun 2021 11:40:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Paul Menzel <pmenzel@molgen.mpg.de>
To: submit@bugs.x2go.org
Subject: X2Go/Server/DB/SQLite3.pm: Reads shadow entry ($pass) but it is never used
Date: Wed, 2 Jun 2021 13:38:12 +0200
Package: x2goserver
Version: 4.1.0.3


Dear X2Go folks,


We noticed, that every two seconds our “shadow server” (similar to NIS) 
gets a request for the shadow line of the x2go user [1].

Tracing this reveals:

     x2gocleansessio-3593    [112] .... 2334059.441996: sys_clone 
<-system_call_exception
               <...>-468193  [120] .... 2334059.538048: sys_clone 
<-system_call_exception
               <...>-468194  [128] .... 2334059.539367: sys_clone 
<-system_call_exception
     x2golistsession-468193  [120] .... 2334059.542178: sys_clone 
<-system_call_exception
     libx2go-server--468196  [136] .... 2334059.656827: tcp_connect 
<-tcp_v4_connect
     x2gocleansessio-3593    [112] .... 2334059.695737: sys_clone 
<-system_call_exception
               <...>-468197  [128] .... 2334059.793699: sys_clone 
<-system_call_exception
            x2gopath-468198  [137] .... 2334059.794604: sys_clone 
<-system_call_exception
       x2gogetstatus-468197  [128] .... 2334059.797066: sys_clone 
<-system_call_exception
               <...>-468200  [097] .... 2334059.912926: tcp_connect 
<-tcp_v4_connect

    /sys/kernel/debug/tracing# ps -fp 3593
    UID          PID    PPID  C STIME TTY          TIME CMD
    root        3593       1  0 May06 ?        00:36:27 /usr/bin/perl 
/usr/sbin/x2gocleansessions

and (for example the first `libx2go-server-db-sqlite3-wrapper`) → 
`/usr/share/perl5/X2Go/Server/DB/SQLite3.pm` contains:

        my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, 
$homedir, $shell, $expire) = getpwnam($x2gouser);
        my $dbfile="$homedir/x2go_sessions";

> The getpwnam() function returns a pointer to a structure containing the
> broken-out fields of the record in the password database (e.g., the lo‐
> cal password file /etc/passwd, NIS, and LDAP) that matches the username
> name.

Reading `/usr/share/perl5/X2Go/Server/DB/SQLite3.pm` [2] it looks like, 
the variable `$pass` is never used?

```
sub init_db
{
	# retrieve home dir of x2gouser
	my $x2gouser='x2gouser';
	my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, 
$shell, $expire) = getpwnam($x2gouser);
	my $dbfile="$homedir/x2go_sessions";
	my 
$dbh=DBI->connect("dbi:SQLite:dbname=$dbfile","","",{sqlite_use_immediate_transaction 
=> 1, AutoCommit => 1, }) or die $_;

	# on SLE 11.x the sqlite_busy_timeout function does not exist, trying 
to work around that...
	if ( $dbh->can('sqlite_busy_timeout') )
	{
		$dbh->sqlite_busy_timeout( 2000 );
	}
	return $dbh;
}
```


Kind regards,

Paul


[1]: 
https://salsa.debian.org/debian-remote-team/x2goserver/-/blob/master/x2goserver/sbin/x2gocleansessions#L166
[2]: 
https://code.x2go.org/gitweb?p=x2goserver.git;a=blob;f=X2Go/Server/DB/SQLite3.pm;h=e6fb22b884c869dc14c6471a99ba31a5d45a6c30;hb=HEAD#l64


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#1550; Package x2goserver. (Wed, 02 Jun 2021 20:30:03 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Wed, 02 Jun 2021 20:30:03 GMT) (full text, mbox, link).


Message #10 received at 1550@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Paul Menzel <pmenzel@molgen.mpg.de>, 1550@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#1550: X2Go/Server/DB/SQLite3.pm: Reads shadow entry ($pass) but it is never used
Date: Wed, 02 Jun 2021 20:27:04 +0000
[Message part 1 (text/plain, inline)]
Hi Paul,

urgh, this one is a nasty one.

On  Mi 02 Jun 2021 13:38:12 CEST, Paul Menzel wrote:

> We noticed, that every two seconds our “shadow server” (similar to  
> NIS) gets a request for the shadow line of the x2go user [1].

It seems we should get the reported problem improved on the X2Go side, yes.

I will put this on my list and take a look.

Mike

-- 

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Jun 13 07:43:28 2021; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.