X2Go Bug report logs - #706
x2gobroker authservice fails to handle passwords with spaces in them

version graph

Package: x2gobroker-authservice; Maintainer for x2gobroker-authservice is X2Go Developers <x2go-dev@lists.x2go.org>; Source for x2gobroker-authservice is src:x2gobroker.

Reported by: Jason Alavaliant <alavaliant@ra09.com>

Date: Thu, 18 Dec 2014 02:10:01 UTC

Severity: normal

Tags: patch, pending

Found in version 0.0.2.3

Fixed in version 0.0.3.0

Done: X2Go Release Manager <git-admin@x2go.org>

Bug is archived. No further changes may be made.

Full log


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 18 Dec 2014 02:09:23 +0000
From alavaliant@ra09.com  Thu Dec 18 03:09:21 2014
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,
	T_FILL_THIS_FORM_SHORT,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from thetower.ra09.com (ra09.com [202.124.104.240])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id AB2545DB26
	for <submit@bugs.x2go.org>; Thu, 18 Dec 2014 03:09:20 +0100 (CET)
Received: from localhost ([127.0.0.1] helo=private.ra09.com)
	by thetower.ra09.com with esmtp (Exim 4.80)
	(envelope-from <alavaliant@ra09.com>)
	id 1Y1QWi-0002Hf-H3
	for submit@bugs.x2go.org; Thu, 18 Dec 2014 15:09:17 +1300
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="=_50e239c780a0524fd2e6f780f3ba2d2d"
Date: Thu, 18 Dec 2014 15:09:16 +1300
From: Jason Alavaliant <alavaliant@ra09.com>
To: submit@bugs.x2go.org
Subject: x2gobroker authservice fails to handle passwords with spaces in them
Message-ID: <1f449702f55c192bed3a6676f634afd8@private.ra09.com>
X-Sender: alavaliant@ra09.com
User-Agent: Roundcube Webmail/1.0.2
[Message part 1 (text/plain, inline)]
Package: x2gobroker-authservice
Version: 0.0.2.3
Tags: patch


Some of my users were getting authentication failed errors trying to 
login via our x2go broker setup (configured with http backend),     
further investigation revealed that the common factor was that they all 
had spaces in their passwords.

Digging through the code I found that the socket connection used by the 
x2gobroker authservice used spaces to separate the fields when passing 
user data to be validated which meant any password with a space was 
effectively truncated by the code when it was send to the authservice.   
    The two attached patches contain my proposed fix of changing the 
separation character to be \r instead which seems to fix the problem 
fine in my testing.

Thanks
Jason
[x2gobroker-authservice-handle-spaces-in-passwords.patch (text/x-diff, attachment)]
[authservice.py-handle-spaces-in-passwords.patch (text/x-diff, attachment)]

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Fri Mar 29 05:04:21 2024; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.