[X2Go-Dev] [X2go-User] Usernames with dashes causes errors?
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Tue Feb 21 16:56:29 CET 2012
HI Stefan,
On Di 21 Feb 2012 16:51:40 CET "newsgroups.mail2 at stefanbaur.de" wrote:
> Am 21.02.2012 16:40, schrieb Mike Gabriel:
>> I just took a look at this and it is not so trivial to fix...
>>
>> Debian's adduser (3.110) script checks validity of user names
>> against this regexp:
>>
>> '/^[_.A-Za-z0-9][- at _.A-Za-z0-9]*$?$/'
>>
>> Using a '-' as a field separator in the session ID intereferes with
>> the allowed characters in usernames.
>>
>> The issue has to be addressed in x2goserver, x2goclient and
>> python-x2go. I am not sure about the other helper applications
>> (like the desktop bindings, desktopsharing, etc.).
>
> Nasty bash hacker approach:
> 1) "#" isn't allowed, so it would work as a separator instead of the dash
> 2) To avoid confusion when server and client aren't using the same
> version, prefix the string with "#" when it's the new version where
> all dashes are replaced with "#"
> 3) in x2goclient, *only* replace the dashes when you detect that the
> username does in fact contain a dash - that way, a new client can
> talk to an old server (unless the username contains a dash, in which
> case it would break - but that's what happens with an old client and
> old server as well, so nothing gained, but also nothing lost)
>
> Variant: Only apply the substitution to the user name field, i.e.:
> myusername-remaining-parts-of-string -> myusername-remaining-parts-of-string
> my-user-name-remaining-parts-of-string
> ->#my#user#name-remaining-parts-of-string
>
> (Of course, if "#" causes trouble, too, substitute another character
> that isn't allowed by the above regex.)
The solution is to pass the session id hash backwards.
Greets,
Mike
--
DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20120221/2bbd9d73/attachment.pgp>
More information about the x2go-dev
mailing list