[X2Go-Dev] Bug#693: Bug#693: domain users can't open sessions

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Mon Dec 8 13:19:20 CET 2014 

Control: tag -1 + moreinfo

Hi Cristian,

On  Mo 08 Dez 2014 09:38:30 CET, Cristian Falcas wrote:

> Package: x2goserver
> Version: 4.0.1.18
>
> Due to the sanitizer from "/usr/lib64/x2go/x2gosqlitewrapper.pl",
> domain users can't login. Usually a login id is in for
> "domain\username" or "username at domain". Bot "\" and "@" are stripped
> and the sub check_user fails.
>
> Either allow at least "@" as a valid char to username, or make it
> configurable and allow extra chars from a varible in the configuration
> file.

We are currently trying to fix X2Go logons with AD accounts containing  
"\" in the username.

The concept for email based login, I propose, is:

   o allow "@" in usernames / session IDs
   o usernames are 48 chars long at maximum

For usernames with backslashes, to do things properly, we need a  
similar hack like Samba uses (replace the "\" by some other
unique symbol. We have some places in the code that detect the  
username from the session name so the mapping
between username and session ID (concerning the username part) should  
be bijective.

We have some hacks for backslashed username in the code (e.g. for  
fixing #664 [2]), but this actually needs a cleaner implementation.

Can you please check/test...

   (1) How long are email-based logon names? Did they exceed 32 chars?  
This has been fixed just now for
       4.0.1.19 and has been fixed on the master branch for quite a while.
   (2) Is the email-based logon used as username everywhere on the  
system (echo $LOGON, echo $USER,
       echo $HOME)?


   (3) Does the patch provided here [1] fix your issue for backslashed  
usernames?
   (4) Is logon for backslashed users possible if you have x2goserver  
4.1.0.0-preview (nightly builds)
       installed?

[1]  
http://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=5c11f3c67f14db5f0e751f491017ab9f17c152d1
[2] http://bugs.x2go.org/664

Greets,
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20141208/cd2e3c8c/attachment.pgp>

More information about the x2go-dev mailing list