python-x2go.git - master (branch) updated: 0.4.0.8-3-gc69719a - x2go-commits

3 Sep 2013

The branch, master has been updated
       via  c69719a3dd52d73fc18d48805b8fa3451d2b9212 (commit)
      from  19da038a1e697321203f2aaf9ac5138270ea296b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c69719a3dd52d73fc18d48805b8fa3451d2b9212
Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date:   Tue Sep 3 09:16:31 2013 +0200

    Store the session password in base64 encoded string in order to make  it harder spotting the long term stored (for the duration of the session) plain text password.

-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                 |    3 +++
 x2go/backends/control/_stdout.py |    5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

The diff of changes is:

diff --git a/debian/changelog b/debian/changelog
index 1302c02..0d84279 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ python-x2go (0.4.0.9-0~x2go1) UNRELEASED; urgency=low
   * New upstream version (0.4.0.9):
     - Agent channels in Paramiko can raise an EOFError if the connection
       has got disrupted. Ignoring this.
+    - Store the session password in base64 encoded string in order to make 
+      it harder spotting the long term stored (for the duration of the session)
+      plain text password.
 
  -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Wed, 07 Aug 2013 12:18:46 +0200
 
diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py
index 292c50b..7b73759 100644
--- a/x2go/backends/control/_stdout.py
+++ b/x2go/backends/control/_stdout.py
@@ -37,6 +37,7 @@ import re
 import locale
 import threading
 import cStringIO
+import base64
 
 from gevent import socket
 
@@ -404,7 +405,7 @@ class X2GoControlSessionSTDOUT(paramiko.SSHClient):
             timer.start()
             try:
                 self.logger("executing command on X2Go server ,,%s'': %s" % (self.profile_name, _rerewrite_blanks(cmd)), loglevel=loglevel)
-                _retval = self.exec_command(_rewrite_password(cmd, user=self.get_transport().get_username(), password=self._session_password), **kwargs)
+                _retval = self.exec_command(_rewrite_password(cmd, user=self.get_transport().get_username(), password=base64.b64decode(self._session_password)), **kwargs)
             except AttributeError:
                 self.session_died = True
                 self._transport_lock.release()
@@ -935,7 +936,7 @@ class X2GoControlSessionSTDOUT(paramiko.SSHClient):
 
         # mark Paramiko/SSH transport as X2GoControlSession
         ssh_transport._x2go_session_marker = True
-        self._session_password = password
+        self._session_password = base64.b64encode(password)
 
         if ssh_transport is not None:
             self.session_died = False


hooks/post-receive
-- 
python-x2go.git (Python X2Go Client API)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2Go Client API).

    