From mike.gabriel@das-netzwerkteam.de Mon Dec 8 13:19:22 2014 Received: (at 693) by bugs.x2go.org; 8 Dec 2014 12:19:23 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DB0DD5E0E6 for <693@bugs.x2go.org>; Mon, 8 Dec 2014 13:19:21 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 46F4016D1; Mon, 8 Dec 2014 13:19:21 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 050013BA1E; Mon, 8 Dec 2014 13:19:21 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3I1b5MdDTRJK; Mon, 8 Dec 2014 13:19:20 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id BBB573BA03; Mon, 8 Dec 2014 13:19:20 +0100 (CET) Received: from 134.245.44.2 ([134.245.44.2]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Mon, 08 Dec 2014 12:19:20 +0000 Date: Mon, 08 Dec 2014 12:19:20 +0000 Message-ID: <20141208121920.Horde.UpsLRgMKX0uzFSxqknJ8rA1@mail.das-netzwerkteam.de> From: Mike Gabriel To: Cristian Falcas , 693@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#693: domain users can't open sessions In-Reply-To: User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.44.2 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_kG9Co1GTpSHeftm2CWlmjA9"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_kG9Co1GTpSHeftm2CWlmjA9 Content-Type: text/plain; charset=us-ascii; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: tag -1 + moreinfo Hi Cristian, On Mo 08 Dez 2014 09:38:30 CET, Cristian Falcas wrote: > Package: x2goserver > Version: 4.0.1.18 > > Due to the sanitizer from "/usr/lib64/x2go/x2gosqlitewrapper.pl", > domain users can't login. Usually a login id is in for > "domain\username" or "username@domain". Bot "\" and "@" are stripped > and the sub check_user fails. > > Either allow at least "@" as a valid char to username, or make it > configurable and allow extra chars from a varible in the configuration > file. We are currently trying to fix X2Go logons with AD accounts containing=20= =20 "\"=20in the username. The concept for email based login, I propose, is: o allow "@" in usernames / session IDs o usernames are 48 chars long at maximum For usernames with backslashes, to do things properly, we need a=20=20 similar=20hack like Samba uses (replace the "\" by some other unique symbol. We have some places in the code that detect the=20=20 username=20from the session name so the mapping between username and session ID (concerning the username part) should=20=20 be=20bijective. We have some hacks for backslashed username in the code (e.g. for=20=20 fixing=20#664 [2]), but this actually needs a cleaner implementation. Can you please check/test... (1) How long are email-based logon names? Did they exceed 32 chars?=20= =20 This=20has been fixed just now for 4.0.1.19 and has been fixed on the master branch for quite a while. (2) Is the email-based logon used as username everywhere on the=20=20 system=20(echo $LOGON, echo $USER, echo $HOME)? (3) Does the patch provided here [1] fix your issue for backslashed=20= =20 usernames? =20 (4) Is logon for backslashed users possible if you have x2goserver=20= =20 4.1.0.0-preview=20(nightly builds) installed? [1]=20=20 http://code.x2go.org/gitweb?p=3Dx2goserver.git;a=3Dcommitdiff;h=3D5c11f3c67= f14db5f0e751f491017ab9f17c152d1 [2] http://bugs.x2go.org/664 Greets, Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_kG9Co1GTpSHeftm2CWlmjA9 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUhZdIAAoJEJr0azAldxsx2KcP/0m1d8+vu/Sc9ZPnDOawvyp2 sJfwo5PYZWEFUxdWD2/Uy4SvqdQcbiwxH0h14+6T5E2cquR47324FB3k2r+Eq8hN DVdT5y0BSopN6Wt5shomGNN7SUNE8XtQHZt14iAuYM0XqRmqxj7XLsXZ+kOSDwa8 aff5JESjxZHshN/vWP/rlqDWX9hNVnVXmCI5lPLDFxiH0+mKeISQ3R0Ir7R/Pi9O tUkxriSODWVq0Ju/WU5ZJZGxfubLjM9hoNbA78bgZbYhNOMaGk9ja2aj8Ou64kCe QsJJXzCz3pEaQ5XzF4HQ9HPgYkcaQzM9+3Mfmvn+8WnSW7imFuw05xxX46ZyIQua i8Bj3B18II2qzx3T8oNWHQK0LdsMwr/HDIMBlNjgj+N/UMOs+htZT2qvNJ8OJ8Ab wgOEymBVNEhrzd3l8RCf43ENcnr8G7DY8RaDDmV5NvWmXMFqZnS5GLanOAp3HglI LTCNKLc/G1zTqEaHd+CBRQVKygPhRqhtbRfoQw+66qLL3QbqFTYKOAW08Wuuc3Z3 zWXAJhhDDlmLmirpjyxl92YXMEnerbuerBhU+YSJmWBZZNMoDEwEd7BIysYRifzK OzBrP5P14q/QW2c6yPORFM7tpqwDWv6r4pPLcqvbGa5BKqf3J5q5tCayJ1kKhEA1 WQbElDgCQ/W1nQlOeClm =5jvg -----END PGP SIGNATURE----- --=_kG9Co1GTpSHeftm2CWlmjA9--