[X2Go-Commits] python-x2go.git - build-baikal (branch) updated: 0.4.0.8-3-gc69719a

X2Go dev team git-admin at x2go.org
Wed Jan 8 15:29:48 CET 2014 

The branch, build-baikal has been updated
       via  c69719a3dd52d73fc18d48805b8fa3451d2b9212 (commit)
      from  19da038a1e697321203f2aaf9ac5138270ea296b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                 |    3 +++
 x2go/backends/control/_stdout.py |    5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index 1302c02..0d84279 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,9 @@ python-x2go (0.4.0.9-0~x2go1) UNRELEASED; urgency=low
   * New upstream version (0.4.0.9):
     - Agent channels in Paramiko can raise an EOFError if the connection
       has got disrupted. Ignoring this.
+    - Store the session password in base64 encoded string in order to make 
+      it harder spotting the long term stored (for the duration of the session)
+      plain text password.
 
  -- Mike Gabriel <mike.gabriel at das-netzwerkteam.de>  Wed, 07 Aug 2013 12:18:46 +0200
 
diff --git a/x2go/backends/control/_stdout.py b/x2go/backends/control/_stdout.py
index 292c50b..7b73759 100644
--- a/x2go/backends/control/_stdout.py
+++ b/x2go/backends/control/_stdout.py
@@ -37,6 +37,7 @@ import re
 import locale
 import threading
 import cStringIO
+import base64
 
 from gevent import socket
 
@@ -404,7 +405,7 @@ class X2GoControlSessionSTDOUT(paramiko.SSHClient):
             timer.start()
             try:
                 self.logger("executing command on X2Go server ,,%s'': %s" % (self.profile_name, _rerewrite_blanks(cmd)), loglevel=loglevel)
-                _retval = self.exec_command(_rewrite_password(cmd, user=self.get_transport().get_username(), password=self._session_password), **kwargs)
+                _retval = self.exec_command(_rewrite_password(cmd, user=self.get_transport().get_username(), password=base64.b64decode(self._session_password)), **kwargs)
             except AttributeError:
                 self.session_died = True
                 self._transport_lock.release()
@@ -935,7 +936,7 @@ class X2GoControlSessionSTDOUT(paramiko.SSHClient):
 
         # mark Paramiko/SSH transport as X2GoControlSession
         ssh_transport._x2go_session_marker = True
-        self._session_password = password
+        self._session_password = base64.b64encode(password)
 
         if ssh_transport is not None:
             self.session_died = False


hooks/post-receive
-- 
python-x2go.git (Python X2Go Client API)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2Go Client API).

More information about the x2go-commits mailing list