The branch, master has been updated via 2250c18fe510008caa1969ebb54183706c94d53b (commit) from d3976677451cb417c2281944c25950700ef4fd19 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2250c18fe510008caa1969ebb54183706c94d53b Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Jan 6 13:49:05 2014 +0100 Allow dots (".") in sanitized session names. ----------------------------------------------------------------------- Summary of changes: X2Go/Server/DB/PostgreSQL.pm | 28 ++++++++++++++-------------- X2Go/Server/DB/SQLite3.pm | 28 ++++++++++++++-------------- X2Go/SupeReNicer.pm | 4 ++-- X2Go/Utils.pm | 6 ++++++ debian/changelog | 1 + x2goserver/bin/x2gostartagent | 2 +- 6 files changed, 38 insertions(+), 31 deletions(-) The diff of changes is: diff --git a/X2Go/Server/DB/PostgreSQL.pm b/X2Go/Server/DB/PostgreSQL.pm index 772bfe6..dbe3eaa 100644 --- a/X2Go/Server/DB/PostgreSQL.pm +++ b/X2Go/Server/DB/PostgreSQL.pm @@ -179,7 +179,7 @@ sub dbsys_getmounts { init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my @mounts; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'"); @@ -199,7 +199,7 @@ sub db_getmounts { init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my @mounts; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts_view where session_id='$sid'"); @@ -219,7 +219,7 @@ sub db_deletemount { init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("delete from mounts_view where session_id='$sid' and path='$path'"); @@ -232,7 +232,7 @@ sub db_insertmount { init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $client=shift or die "argument \"client\" missed"; my $res_ok=0; @@ -255,7 +255,7 @@ sub db_insertsession $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$uname','$sid')"); $sth->execute()or die $_; @@ -270,7 +270,7 @@ sub db_insertshadowsession $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $shadreq_user=shift or die "argument \"shadreq_user\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$shadreq_user','$sid')"); @@ -293,7 +293,7 @@ sub db_createsession my $fs_port=shift or die"argument \"fs_port\" missed"; $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set status='R',last_time=now(), cookie='$cookie',agent_pid='$pid',client='$client',gr_port='$gr_port', @@ -308,7 +308,7 @@ sub db_insertport init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values ('$server','$sid','$sshport')"); @@ -322,7 +322,7 @@ sub db_rmport init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("delete from used_ports where server='$server' and session_id='$sid' and port='$sshport'"); @@ -336,7 +336,7 @@ sub db_resume init_db(); my $client=shift or die "argument \"client\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $gr_port=shift or die "argument \"gr_port\" missed"; $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; my $snd_port=shift or die "argument \"sound_port\" missed"; @@ -356,7 +356,7 @@ sub db_changestatus init_db(); my $status=shift or die "argument \"status\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='$status' where session_id = '$sid'"); $sth->execute()or die; @@ -368,7 +368,7 @@ sub db_getstatus { init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $status=''; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select status from sessions_view where session_id = '$sid'"); @@ -446,7 +446,7 @@ sub db_getagent init_db(); my $agent; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select agent_pid from sessions_view where session_id ='$sid'"); @@ -467,7 +467,7 @@ sub db_getdisplay init_db(); my $display; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select display from sessions_view where session_id ='$sid'"); diff --git a/X2Go/Server/DB/SQLite3.pm b/X2Go/Server/DB/SQLite3.pm index 2894bfa..e1d2a50 100644 --- a/X2Go/Server/DB/SQLite3.pm +++ b/X2Go/Server/DB/SQLite3.pm @@ -152,7 +152,7 @@ sub db_getmounts { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my @strings; my $sth=$dbh->prepare("select client, path from mounts where session_id=?"); @@ -172,7 +172,7 @@ sub db_deletemount { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; check_user($sid); my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?"); @@ -190,7 +190,7 @@ sub db_insertmount { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $client=shift or die "argument \"client\" missed"; check_user($sid); @@ -215,7 +215,7 @@ sub db_insertsession $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values (?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))"); @@ -232,7 +232,7 @@ sub db_insertshadowsession $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $shadreq_user = shift or die "argument \"shadreq_user\" missed"; my $fake_sid = $sid; $fake_sid =~ s/$shadreq_user-/$realuser-/; @@ -259,7 +259,7 @@ sub db_createsession my $fs_port=shift or die"argument \"fs_port\" missed"; $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?, client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?"); @@ -288,7 +288,7 @@ sub db_createshadowsession my $fs_port=shift or die"argument \"fs_port\" missed"; $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $shadreq_user = shift or die "argument \"shadreq_user\" missed"; my $fake_sid = $sid; $fake_sid =~ s/^$shadreq_user-/$realuser-/; @@ -311,7 +311,7 @@ sub db_insertport my $dbh = init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values (?, ?, ?)"); check_user($sid); @@ -330,7 +330,7 @@ sub db_rmport my $dbh = init_db(); my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("delete from used_ports where server=? and session_id=? and port=?"); check_user($sid); @@ -348,7 +348,7 @@ sub db_resume my $dbh = init_db(); my $client=shift or die "argument \"client\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $gr_port=shift or die "argument \"gr_port\" missed"; $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; my $snd_port=shift or die "argument \"snd_port\" missed"; @@ -373,7 +373,7 @@ sub db_changestatus my $dbh = init_db(); my $status=shift or die "argument \"status\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'), status=? where session_id = ? and uname=?"); @@ -391,7 +391,7 @@ sub db_getstatus { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("select status from sessions where session_id = ?"); $sth->execute($sid); @@ -484,7 +484,7 @@ sub db_getagent { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $agent; check_user($sid); my $sth=$dbh->prepare("select agent_pid from sessions @@ -510,7 +510,7 @@ sub db_getdisplay { my $dbh = init_db(); my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('anumazcsdaus', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; my $display; check_user($sid); my $sth=$dbh->prepare("select display from sessions diff --git a/X2Go/SupeReNicer.pm b/X2Go/SupeReNicer.pm index 0f8a3cb..afda624 100644 --- a/X2Go/SupeReNicer.pm +++ b/X2Go/SupeReNicer.pm @@ -115,7 +115,7 @@ sub superenice { $agentPid = sanitizer("num",$agentPid); # We're only working with "portable" unix usernames. - $userID = sanitizer("anumazcsdaus",$userID); + $userID = sanitizer("pnixusername",$userID); # So if the sanitizer returns something we'll do this.... if ($userID) { @@ -194,7 +194,7 @@ sub superenice { close(XGOLS); foreach my $nUser (keys %niceUsers) { - $nUser = sanitizer("anumazcsdaus",$nUser); + $nUser = sanitizer("pnixusername",$nUser); # We're only working with "portable" unix usernames.. if ($nUser) { diff --git a/X2Go/Utils.pm b/X2Go/Utils.pm index 021af1b..9da44f4 100644 --- a/X2Go/Utils.pm +++ b/X2Go/Utils.pm @@ -102,6 +102,12 @@ sub sanitizer { if ($string =~ /^([a-zA-Z0-9\_\-]*)$/) { $string = $1; return $string; + } else {return 0;} + } elsif ($type eq "pnixusername") { + $string =~ s/[^a-zA-Z0-9\_\-\.]//g; + if ($string =~ /^([a-zA-Z0-9\_\-\.]*)$/) { + $string = $1; + return $string; } else {return 0;} } elsif ($type eq "SOMETHINGELSE") { return 0; diff --git a/debian/changelog b/debian/changelog index 617565d..5e522a2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -275,6 +275,7 @@ x2goserver (4.0.0.9-0x2go1) UNRELEASED; urgency=low - Sanitize session name in x2gostartagent, as well. Fixes problems with custom session commands containing characters that get sanitized out. + - Allow dots (".") in sanitized session names. -- Mike Gabriel <mga@listrac.informatik.uni-kiel.de> Mon, 06 Jan 2014 12:35:24 +0100 diff --git a/x2goserver/bin/x2gostartagent b/x2goserver/bin/x2gostartagent index cd690c1..17beae7 100755 --- a/x2goserver/bin/x2gostartagent +++ b/x2goserver/bin/x2gostartagent @@ -172,7 +172,7 @@ while [ "$OUTPUT" != "inserted" ]; do SESSION_NAME="${SESSION_NAME}_st${SESSION_TYPE}${X2GO_CMD}_dp${COLORDEPTH}" SESSION_NAME=`echo "$SESSION_NAME" | sed -e "s/:/PP/g"` # sanitize session name - SESSION_NAME=`echo "$SESSION_NAME" | sed -e "s/[^a-zA-Z0-9\_\-]//g"` + SESSION_NAME=`echo "$SESSION_NAME" | sed -e "s/[^a-zA-Z0-9\_\-\.]//g"` fi if [ -n "$SHADREQ_USER" ]; then $X2GO_LIB_PATH/x2gosyslog "$0" "debug" "initializing new shadow session with ID $SESSION_NAME" hooks/post-receive -- x2goserver.git (X2Go Server) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "x2goserver.git" (X2Go Server).