This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch release/4.0.1.x in repository x2goserver. from 7be656c Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). new 17d0210 Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: debian/changelog | 2 ++ x2goserver/lib/x2godbwrapper.pm | 24 +++++++++++----------- x2goserver/lib/x2gosqlitewrapper.pl | 38 +++++++++++++++++++---------------- x2goserver/lib/x2goutils.pm | 6 ------ 4 files changed, 35 insertions(+), 35 deletions(-) -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch release/4.0.1.x in repository x2goserver. commit 17d0210ae48d25a127373dbe9c3fd9d6aa235f06 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Dec 8 12:23:21 2014 +0100 Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. --- debian/changelog | 2 ++ x2goserver/lib/x2godbwrapper.pm | 24 +++++++++++----------- x2goserver/lib/x2gosqlitewrapper.pl | 38 +++++++++++++++++++---------------- x2goserver/lib/x2goutils.pm | 6 ------ 4 files changed, 35 insertions(+), 35 deletions(-) diff --git a/debian/changelog b/debian/changelog index 84cdd56..9b8fcba 100644 --- a/debian/changelog +++ b/debian/changelog @@ -52,6 +52,8 @@ x2goserver (4.0.1.19-0x2go1) UNRELEASED; urgency=medium server-side log output. - Handle AD domain users gracefully when X2Go is used with SQLite DB backend. (Fixes: #664). + - Improve sanitizer, use 'x2gosid' sanitizer for session IDs everywhere. + Drop unused 'pnixusername' sanitizer in 4.0.1.x release of X2Go Server. * debian/control: + Add D (x2goserver): libfile-which-perl. + Add C (x2goserver: x2godesktopsharing (<< 3.1.1.2). diff --git a/x2goserver/lib/x2godbwrapper.pm b/x2goserver/lib/x2godbwrapper.pm index 7c79a5d..03e4b9b 100644 --- a/x2goserver/lib/x2godbwrapper.pm +++ b/x2goserver/lib/x2godbwrapper.pm @@ -193,7 +193,7 @@ sub dbsys_getmounts my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my @strings; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts where session_id='$sid'"); @@ -223,7 +223,7 @@ sub db_getmounts my $sid=shift or die "argument \"session_id\" missed"; if($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my @strings; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select client, path from mounts_view where session_id='$sid'"); @@ -253,7 +253,7 @@ sub db_deletemount my $path=shift or die "argument \"path\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("delete from mounts_view where session_id='$sid' and path='$path'"); $sth->execute(); @@ -275,7 +275,7 @@ sub db_insertmount my $res_ok=0; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into mounts (session_id,path,client) values ('$sid','$path','$client')"); $sth->execute(); @@ -304,7 +304,7 @@ sub db_insertsession my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; $display = x2goutils::sanitizer('num', $display) or die "argument \"display\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id) values ('$display','$server','$uname','$sid')"); @@ -334,7 +334,7 @@ sub db_createsession my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; $pid = x2goutils::sanitizer('num', $pid) or die "argument \"pid\" malformed"; $gr_port = x2goutils::sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; $snd_port = x2goutils::sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; @@ -365,7 +365,7 @@ sub db_insertport my $sshport=shift or die "argument \"port\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values ('$server','$sid','$sshport')"); $sth->execute()or die; @@ -408,7 +408,7 @@ sub db_resume my $fs_port=shift or die "argument \"fs_port\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; $gr_port = x2goutils::sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; $snd_port = x2goutils::sanitizer('num', $snd_port) or die "argument \"snd_port\" malformed"; $fs_port = x2goutils::sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; @@ -432,7 +432,7 @@ sub db_changestatus my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("update sessions_view set last_time=now(),status='$status' where session_id = '$sid'"); $sth->execute()or die; @@ -452,7 +452,7 @@ sub db_getstatus my $status=''; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select status from sessions_view where session_id = '$sid'"); $sth->execute($sid) or die; @@ -566,7 +566,7 @@ sub db_getagent my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select agent_pid from sessions_view where session_id ='$sid'"); @@ -594,7 +594,7 @@ sub db_getdisplay my $sid=shift or die "argument \"session_id\" missed"; if ($backend eq 'postgres') { - $sid = x2goutils::sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = x2goutils::sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbuser", "$dbpass",{AutoCommit => 1}) or die $_; my $sth=$dbh->prepare("select display from sessions_view where session_id ='$sid'"); diff --git a/x2goserver/lib/x2gosqlitewrapper.pl b/x2goserver/lib/x2gosqlitewrapper.pl index 8a02f98..c51b7f7 100755 --- a/x2goserver/lib/x2gosqlitewrapper.pl +++ b/x2goserver/lib/x2gosqlitewrapper.pl @@ -60,11 +60,15 @@ sub sanitizer { $string = $1; return $string; } else {return 0;} - } elsif ($type eq "pnixusername") { - $string =~ s/[^a-zA-Z0-9\_\-\.]//g; - if ($string =~ /^([a-zA-Z0-9\_\-\.]*)$/) { + } elsif ($type eq "x2gosid") { + $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g; + if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) { $string = $1; - return $string; + if ($string =~ /^([a-zA-Z\_][a-zA-Z0-9\_\-\.\@]{0,31}[\$]?)\-([\d]{2,4})\-([\d]{9,12})\_[a-zA-Z0-9\_\-\.]*\_dp[\d]{1,2}$/) { + if ((length($1) > 0) and (length($1) < 48)){ + return $string; + } else {return 0;} + } else {return 0;} } else {return 0;} } elsif ($type eq "SOMETHINGELSE") { return 0; @@ -149,7 +153,7 @@ elsif($cmd eq "listsessionsroot_all") elsif($cmd eq "getmounts") { my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my @strings; my $sth=$dbh->prepare("select client, path from mounts where session_id=?"); @@ -165,7 +169,7 @@ elsif($cmd eq "getmounts") elsif($cmd eq "deletemount") { my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; check_user($sid); my $sth=$dbh->prepare("delete from mounts where session_id=? and path=?"); @@ -181,7 +185,7 @@ elsif($cmd eq "deletemount") elsif($cmd eq "deletemounts") { my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("delete from mounts where session_id=?"); $sth->execute($sid); @@ -196,7 +200,7 @@ elsif($cmd eq "deletemounts") elsif($cmd eq "insertmount") { my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $path=shift or die "argument \"path\" missed"; my $client=shift or die "argument \"client\" missed"; check_user($sid); @@ -217,7 +221,7 @@ elsif($cmd eq "insertsession") $display = sanitizer('num', $display) or die "argument \"display\" malformed"; my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("insert into sessions (display,server,uname,session_id, init_time, last_time) values (?, ?, ?, ?, datetime('now','localtime'), datetime('now','localtime'))"); @@ -239,7 +243,7 @@ elsif($cmd eq "createsession") my $fs_port=shift or die"argument \"fs_port\" missed"; $fs_port = sanitizer('num', $fs_port) or die "argument \"fs_port\" malformed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set status='R',last_time=datetime('now','localtime'),cookie=?,agent_pid=?, client=?,gr_port=?,sound_port=?,fs_port=? where session_id=? and uname=?"); @@ -257,7 +261,7 @@ elsif($cmd eq "insertport") { my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("insert into used_ports (server,session_id,port) values (?, ?, ?)"); check_user($sid); @@ -274,7 +278,7 @@ elsif($cmd eq "rmport") { my $server=shift or die "argument \"server\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $sshport=shift or die "argument \"port\" missed"; my $sth=$dbh->prepare("delete from used_ports where server=? and session_id=? and port=?"); check_user($sid); @@ -290,7 +294,7 @@ elsif($cmd eq "resume") { my $client=shift or die "argument \"client\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $gr_port=shift or die "argument \"gr_port\" missed"; $gr_port = sanitizer('num', $gr_port) or die "argument \"gr_port\" malformed"; my $snd_port=shift or die "argument \"snd_port\" missed"; @@ -313,7 +317,7 @@ elsif($cmd eq "changestatus") { my $status=shift or die "argument \"status\" missed"; my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("update sessions set last_time=datetime('now','localtime'), status=? where session_id = ? and uname=?"); @@ -329,7 +333,7 @@ elsif($cmd eq "changestatus") elsif($cmd eq "getstatus") { my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; check_user($sid); my $sth=$dbh->prepare("select status from sessions where session_id = ?"); $sth->execute($sid); @@ -415,7 +419,7 @@ elsif($cmd eq "getservers") elsif($cmd eq "getagent") { my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $agent; check_user($sid); my $sth=$dbh->prepare("select agent_pid from sessions @@ -439,7 +443,7 @@ elsif($cmd eq "getagent") elsif($cmd eq "getdisplay") { my $sid=shift or die "argument \"session_id\" missed"; - $sid = sanitizer('pnixusername', $sid) or die "argument \"session_id\" malformed"; + $sid = sanitizer('x2gosid', $sid) or die "argument \"session_id\" malformed"; my $display; check_user($sid); my $sth=$dbh->prepare("select display from sessions diff --git a/x2goserver/lib/x2goutils.pm b/x2goserver/lib/x2goutils.pm index a7eb265..0982df2 100644 --- a/x2goserver/lib/x2goutils.pm +++ b/x2goserver/lib/x2goutils.pm @@ -39,12 +39,6 @@ sub sanitizer { $string = $1; return $string; } else {return 0;} - } elsif ($type eq "pnixusername") { - $string =~ s/[^a-zA-Z0-9\_\-\.]//g; - if ($string =~ /^([a-zA-Z0-9\_\-\.]*)$/) { - $string = $1; - return $string; - } else {return 0;} } elsif ($type eq "x2gosid") { $string =~ s/[^a-zA-Z0-9\_\-\$\.\@]//g; if ($string =~ /^([a-zA-Z0-9\_\-\$\.\@]*)$/) { -- Alioth's /srv/git/_hooks_/post-receive-email on /srv/git/code.x2go.org/x2goserver.git
-
git-admin@x2go.org