X2Go Bug report logs - #693
domain users can't open sessions

version graph

Package: x2goserver; Maintainer for x2goserver is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2goserver is src:x2goserver.

Reported by: Cristian Falcas <cristi.falcas@gmail.com>

Date: Mon, 8 Dec 2014 08:40:02 UTC

Severity: normal

Tags: moreinfo

Found in version 4.0.1.18

Full log

Message #12 received at 693@bugs.x2go.org (full text, mbox, reply):

Received: (at 693) by bugs.x2go.org; 8 Dec 2014 12:19:23 +0000
From mike.gabriel@das-netzwerkteam.de  Mon Dec  8 13:19:22 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED
	autolearn=ham version=3.3.2
Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DB0DD5E0E6
	for <693@bugs.x2go.org>; Mon,  8 Dec 2014 13:19:21 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98])
	by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 46F4016D1;
	Mon,  8 Dec 2014 13:19:21 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 050013BA1E;
	Mon,  8 Dec 2014 13:19:21 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de
Received: from grimnir.das-netzwerkteam.de ([127.0.0.1])
	by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 3I1b5MdDTRJK; Mon,  8 Dec 2014 13:19:20 +0100 (CET)
Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1])
	by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id BBB573BA03;
	Mon,  8 Dec 2014 13:19:20 +0100 (CET)
Received: from 134.245.44.2 ([134.245.44.2]) by mail.das-netzwerkteam.de
 (Horde Framework) with HTTP; Mon, 08 Dec 2014 12:19:20 +0000
Date: Mon, 08 Dec 2014 12:19:20 +0000
Message-ID: <20141208121920.Horde.UpsLRgMKX0uzFSxqknJ8rA1@mail.das-netzwerkteam.de>
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Cristian Falcas <cristi.falcas@gmail.com>, 693@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#693: domain users can't open sessions
In-Reply-To: <CAMo7R_caAnCp_T4YuLZ02=eTLF02qfJY-rZadq05sVYK9S=qqw@mail.gmail.com>
User-Agent: Internet Messaging Program (IMP) H5 (6.2.2)
Accept-Language: en,de
Organization: DAS-NETZWERKTEAM
X-Originating-IP: 134.245.44.2
X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101
 Firefox/32.0 Iceweasel/32.0
Content-Type: multipart/signed; boundary="=_kG9Co1GTpSHeftm2CWlmjA9";
 protocol="application/pgp-signature"; micalg=pgp-sha1
MIME-Version: 1.0

[Message part 1 (text/plain, inline)]
Control: tag -1 + moreinfo

Hi Cristian,

On  Mo 08 Dez 2014 09:38:30 CET, Cristian Falcas wrote:

> Package: x2goserver
> Version: 4.0.1.18
>
> Due to the sanitizer from "/usr/lib64/x2go/x2gosqlitewrapper.pl",
> domain users can't login. Usually a login id is in for
> "domain\username" or "username@domain". Bot "\" and "@" are stripped
> and the sub check_user fails.
>
> Either allow at least "@" as a valid char to username, or make it
> configurable and allow extra chars from a varible in the configuration
> file.

We are currently trying to fix X2Go logons with AD accounts containing  
"\" in the username.

The concept for email based login, I propose, is:

  o allow "@" in usernames / session IDs
  o usernames are 48 chars long at maximum

For usernames with backslashes, to do things properly, we need a  
similar hack like Samba uses (replace the "\" by some other
unique symbol. We have some places in the code that detect the  
username from the session name so the mapping
between username and session ID (concerning the username part) should  
be bijective.

We have some hacks for backslashed username in the code (e.g. for  
fixing #664 [2]), but this actually needs a cleaner implementation.

Can you please check/test...

  (1) How long are email-based logon names? Did they exceed 32 chars?  
This has been fixed just now for
      4.0.1.19 and has been fixed on the master branch for quite a while.
  (2) Is the email-based logon used as username everywhere on the  
system (echo $LOGON, echo $USER,
      echo $HOME)?


  (3) Does the patch provided here [1] fix your issue for backslashed  
usernames?
  (4) Is logon for backslashed users possible if you have x2goserver  
4.1.0.0-preview (nightly builds)
      installed?

[1]  
http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=5c11f3c67f14db5f0e751f491017ab9f17c152d1
[2] http://bugs.x2go.org/664

Greets,
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

[Message part 2 (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Thu Nov 21 15:12:26 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.