From unknown Fri Mar 29 02:19:25 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1550: X2Go/Server/DB/SQLite3.pm: Reads shadow entry ($pass) but it is never used Reply-To: Paul Menzel , 1550@bugs.x2go.org Resent-From: Paul Menzel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 02 Jun 2021 11:40:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 1550 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.162263389929178 (code B); Wed, 02 Jun 2021 11:40:02 +0000 Received: (at submit) by bugs.x2go.org; 2 Jun 2021 11:38:19 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.5 required=3.0 tests=BAYES_00,KHOP_HELO_FCRDNS, SPF_HELO_NONE,URIBL_BLOCKED,WEIRD_QUOTING autolearn=no autolearn_force=no version=3.4.2 Received: from mx1.molgen.mpg.de (mx3.molgen.mpg.de [141.14.17.11]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 6D7445DAFA for ; Wed, 2 Jun 2021 13:38:13 +0200 (CEST) Received: from [192.168.0.7] (ip5f5aef1a.dynamic.kabel-deutschland.de [95.90.239.26]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: pmenzel) by mx.molgen.mpg.de (Postfix) with ESMTPSA id 788CE61E646EF for ; Wed, 2 Jun 2021 13:38:12 +0200 (CEST) To: submit@bugs.x2go.org From: Paul Menzel Message-ID: Date: Wed, 2 Jun 2021 13:38:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Package: x2goserver Version: 4.1.0.3 Dear X2Go folks, We noticed, that every two seconds our “shadow server” (similar to NIS) gets a request for the shadow line of the x2go user [1]. Tracing this reveals: x2gocleansessio-3593 [112] .... 2334059.441996: sys_clone <-system_call_exception <...>-468193 [120] .... 2334059.538048: sys_clone <-system_call_exception <...>-468194 [128] .... 2334059.539367: sys_clone <-system_call_exception x2golistsession-468193 [120] .... 2334059.542178: sys_clone <-system_call_exception libx2go-server--468196 [136] .... 2334059.656827: tcp_connect <-tcp_v4_connect x2gocleansessio-3593 [112] .... 2334059.695737: sys_clone <-system_call_exception <...>-468197 [128] .... 2334059.793699: sys_clone <-system_call_exception x2gopath-468198 [137] .... 2334059.794604: sys_clone <-system_call_exception x2gogetstatus-468197 [128] .... 2334059.797066: sys_clone <-system_call_exception <...>-468200 [097] .... 2334059.912926: tcp_connect <-tcp_v4_connect /sys/kernel/debug/tracing# ps -fp 3593 UID PID PPID C STIME TTY TIME CMD root 3593 1 0 May06 ? 00:36:27 /usr/bin/perl /usr/sbin/x2gocleansessions and (for example the first `libx2go-server-db-sqlite3-wrapper`) → `/usr/share/perl5/X2Go/Server/DB/SQLite3.pm` contains: my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($x2gouser); my $dbfile="$homedir/x2go_sessions"; > The getpwnam() function returns a pointer to a structure containing the > broken-out fields of the record in the password database (e.g., the lo‐ > cal password file /etc/passwd, NIS, and LDAP) that matches the username > name. Reading `/usr/share/perl5/X2Go/Server/DB/SQLite3.pm` [2] it looks like, the variable `$pass` is never used? ``` sub init_db { # retrieve home dir of x2gouser my $x2gouser='x2gouser'; my ($uname, $pass, $uid, $pgid, $quota, $comment, $gcos, $homedir, $shell, $expire) = getpwnam($x2gouser); my $dbfile="$homedir/x2go_sessions"; my $dbh=DBI->connect("dbi:SQLite:dbname=$dbfile","","",{sqlite_use_immediate_transaction => 1, AutoCommit => 1, }) or die $_; # on SLE 11.x the sqlite_busy_timeout function does not exist, trying to work around that... if ( $dbh->can('sqlite_busy_timeout') ) { $dbh->sqlite_busy_timeout( 2000 ); } return $dbh; } ``` Kind regards, Paul [1]: https://salsa.debian.org/debian-remote-team/x2goserver/-/blob/master/x2goserver/sbin/x2gocleansessions#L166 [2]: https://code.x2go.org/gitweb?p=x2goserver.git;a=blob;f=X2Go/Server/DB/SQLite3.pm;h=e6fb22b884c869dc14c6471a99ba31a5d45a6c30;hb=HEAD#l64 From unknown Fri Mar 29 02:19:25 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#1550: [X2Go-Dev] Bug#1550: X2Go/Server/DB/SQLite3.pm: Reads shadow entry ($pass) but it is never used Reply-To: Mike Gabriel , 1550@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 02 Jun 2021 20:30:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 1550 X-X2Go-PR-Package: x2goserver X-X2Go-PR-Keywords: References: Received: via spool by 1550-submit@bugs.x2go.org id=B1550.162266563215631 (code B ref 1550); Wed, 02 Jun 2021 20:30:02 +0000 Received: (at 1550) by bugs.x2go.org; 2 Jun 2021 20:27:12 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from fregna.das-netzwerkteam.de (fregna.das-netzwerkteam.de [148.251.53.130]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 7466D5DAFA for <1550@bugs.x2go.org>; Wed, 2 Jun 2021 22:27:05 +0200 (CEST) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [148.251.201.105]) by fregna.das-netzwerkteam.de (Postfix) with ESMTPS id B9088603FF; Wed, 2 Jun 2021 20:27:04 +0000 (UTC) Received: from das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 974A8C061A; Wed, 2 Jun 2021 22:27:04 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=das-netzwerkteam.de; s=dkim; t=1622665624; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to; bh=Yf5sE4XgKO6NCsYdDEOgOFaKL/HZOUmQ5bpT3AXbahE=; b=mzJUT4GF72v+mkZV+E3Qqlwm8c1SreG5PhnjkaRUjjzr7bU6ZEwC6M2GZvwTJMVKH3+d5A hhym1aCPd1NqzHTejz11qV4zpOUSV4+NPIWd1NDcrwF/kTf3EBTdVU6wz5ZEK2cFcEU0VS VSBHWBaDGkABtWlYdqsk1E2Q/osDu+cOQO4wSPL7pPqjdLNn+pt3K88AaNOYtnB0pui8su E8Ah7lOS4NPEfI4ES62hsyZ3/Zx3uRPM/GQkjAue6LQkPmLyZnWkhG0rAE241cfVPhVbje BZ+agl4I1rb7ZQlXzV+ao00NNLeHulUXz3AaxY/OWM/zhOxTEehV6TP8PIigydo3vTnnNS D2Hr6KRocfRTX5cbtm9BWnH5sqdFz4+szUgiTlPbCM6HjlqaMnMzixiHJcz4OW3PwZ9LuL m2xYzzZNhkN7LpYalXBpFrIIJUffdeKFkwzufkYjWR8rZ6m/W+7zr28xdHT/JLoHxgGd5q b6L94mIfRVJoSVya1sM8PGzSREBq7WV+B2rC8FP6Y39cGwAwUIE1jXjpsDUcmIROJq2YVl VR0LLPHUAV+2Hyt0dfPZ8+QbC1xE6jYpqb/wvzZJFQU5nqBGU8aa6jiC0mz819SyX9cMY7 VQJULbGwyekNlPF+IeP37aVodq/xFXW6fzNERB5smvrGjyosk6kec= Received: from [176.126.93.55] ([176.126.93.55]) by mail.das-netzwerkteam.de (Horde Framework) with HTTPS; Wed, 02 Jun 2021 20:27:04 +0000 Date: Wed, 02 Jun 2021 20:27:04 +0000 Message-ID: <20210602202704.Horde.bI0UgfR8B7cHQYTWW6Hx-2d@mail.das-netzwerkteam.de> From: Mike Gabriel To: Paul Menzel , 1550@bugs.x2go.org In-Reply-To: User-Agent: Horde Application Framework 5 Accept-Language: de,en Organization: DAS-NETZWERKTEAM X-Originating-IP: 176.126.93.55 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Content-Type: multipart/signed; boundary="=_cbfFEyVoTOEvNDmlDovLUyY"; protocol="application/pgp-signature"; micalg=pgp-sha512 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_cbfFEyVoTOEvNDmlDovLUyY Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Paul, urgh, this one is a nasty one. On Mi 02 Jun 2021 13:38:12 CEST, Paul Menzel wrote: > We noticed, that every two seconds our =E2=80=9Cshadow server=E2=80=9D (s= imilar to=20=20 >=20NIS) gets a request for the shadow line of the x2go user [1]. It seems we should get the reported problem improved on the X2Go side, yes. I will put this on my list and take a look. Mike --=20 DAS-NETZWERKTEAM c\o=20Technik- und =C3=96kologiezentrum Eckernf=C3=B6rde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernf=C3=B6rde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de --=_cbfFEyVoTOEvNDmlDovLUyY Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIzBAABCgAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmC36ZYACgkQmvRrMCV3 GzGARQ//angWoG2jbBA4lsO3HsgZh4Jn5e01DCLhIacUqslbBDVuGwIF7b1RBO0Q RFjHQAPuYKSI8KBeXYQzXSN/mIM5Bb0s7QLke5W3d2dh0hGf9vEVsxBE0jFRTdeV cYllIFevOy7x2wyD7xj2BUGBEKiX+Dm7JhRul4yup0gGPoG5LGM84lIyIDunR8fj U5Sf3ibzLeT/3zregtiKYSDdjusZ4kzhKLsEGnaLkCjw+6om7O8hFf5/EW1SkHzX Z02k29xskMbcSW0bXSuMgpjP2wpOlwKx2aYTKj2PWIuB/ngh80zF1aAPwQrsQl1T Pp7RGufWREs2VfCASG770SAq74tf+IZCoPCJPTssHDbgI9+PMzHEK8RwqoUJXxOv heoiK4WCm8e885tfGGHlDw05oMK8HBQp7krJvmhweEEbn5+ZJwZ/5p7qDIk8My5O gpsejm8ygirHnX/NxCS++BHCdMlZabaJZlkU2iC5OWwArKr8NT6fH/HiU+BKqf8q LTmxPeWcLrzGn2aktyRsFDjsIvtJxc6dPT0TA8zSfPx+TEjmh6E990HkwtygL4oU aWMmZanKmm8wrGzoqnelTdTtAIqW1mEuCa8O/FLoUm/iTyfCgO9L6fclr1sv9Mvq qpFOOZpzlIFK1D1QND6jUIzCOnlx7Pc93g8vWrA1Bp04XVmveJw= =cQjx -----END PGP SIGNATURE----- --=_cbfFEyVoTOEvNDmlDovLUyY--