HI Stefan, On Di 21 Feb 2012 16:51:40 CET "[email protected]" wrote:
Am 21.02.2012 16:40, schrieb Mike Gabriel:I just took a look at this and it is not so trivial to fix...Debian's adduser (3.110) script checks validity of user names against this regexp:'/^[_.A-Za-z0-9][-@_.A-Za-z0-9]*$?$/'Using a '-' as a field separator in the session ID intereferes with the allowed characters in usernames.The issue has to be addressed in x2goserver, x2goclient and python-x2go. I am not sure about the other helper applications (like the desktop bindings, desktopsharing, etc.).Nasty bash hacker approach: 1) "#" isn't allowed, so it would work as a separator instead of the dash2) To avoid confusion when server and client aren't using the same version, prefix the string with "#" when it's the new version where all dashes are replaced with "#" 3) in x2goclient, *only* replace the dashes when you detect that the username does in fact contain a dash - that way, a new client can talk to an old server (unless the username contains a dash, in which case it would break - but that's what happens with an old client and old server as well, so nothing gained, but also nothing lost)Variant: Only apply the substitution to the user name field, i.e.: myusername-remaining-parts-of-string -> myusername-remaining-parts-of-stringmy-user-name-remaining-parts-of-string ->#my#user#name-remaining-parts-of-string(Of course, if "#" causes trouble, too, substitute another character that isn't allowed by the above regex.)
The solution is to pass the session id hash backwards. Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: [email protected], http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
pgpJBrEkcAajz.pgp
Description: Digitale PGP-Unterschrift
_______________________________________________ X2Go-Dev mailing list [email protected] https://lists.berlios.de/mailman/listinfo/x2go-dev
