Am 21.02.2012 16:40, schrieb Mike Gabriel:
I just took a look at this and it is not so trivial to fix...
Debian's adduser (3.110) script checks validity of user names against
this regexp:
'/^[_.A-Za-z0-9][-@_.A-Za-z0-9]*$?$/'
Using a '-' as a field separator in the session ID intereferes with
the allowed characters in usernames.
The issue has to be addressed in x2goserver, x2goclient and
python-x2go. I am not sure about the other helper applications (like
the desktop bindings, desktopsharing, etc.).
Nasty bash hacker approach:
1) "#" isn't allowed, so it would work as a separator instead of the dash
2) To avoid confusion when server and client aren't using the same
version, prefix the string with "#" when it's the new version where all
dashes are replaced with "#"
3) in x2goclient, *only* replace the dashes when you detect that the
username does in fact contain a dash - that way, a new client can talk
to an old server (unless the username contains a dash, in which case it
would break - but that's what happens with an old client and old server
as well, so nothing gained, but also nothing lost)
Variant: Only apply the substitution to the user name field, i.e.:
myusername-remaining-parts-of-string -> myusername-remaining-parts-of-string
my-user-name-remaining-parts-of-string
->#my#user#name-remaining-parts-of-string
(Of course, if "#" causes trouble, too, substitute another character
that isn't allowed by the above regex.)
-Stefan
_______________________________________________
X2Go-Dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-dev
