Bug 5174 - Shadowing doesn't work for non-ASCII shadower usernames
Summary: Shadowing doesn't work for non-ASCII shadower usernames
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VSM Server (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.8.0
Assignee: Pierre Ossman
URL:
Keywords: bojan_tester, focus_shadowing, relnotes
Depends on:
Blocks:
 
Reported: 2014-05-30 10:14 CEST by Samuel Mannehed
Modified: 2017-03-21 10:35 CET (History)
2 users (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Samuel Mannehed cendio 2014-05-30 10:14:04 CEST 
It seems like vsmserver doesn't support shadowers with non-ASCII usernames. For example, tester's session can be shadowed by user samuel but not by user båsse.

/vsmserver/allowed_shadowers:

allowed_shadowers=båsse samuel


vsmserver.log:

/opt/thinlinc/modules/thinlinc/vsm/vsmcommon.py:507: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal
  if not shadower . lower ( ) in I11IIIi :
2014-05-30 09:54:13 INFO vsmserver.shadow: User with uid 4036 requested shadowing of 127.0.0.1:1 (uid 1003)
2014-05-30 09:54:13 INFO vsmserver: Verifying that agent 127.0.0.1 running existing session for tester is alive
2014-05-30 09:54:13 INFO vsmserver: Verifying session 127.0.0.1:1 for tester
2014-05-30 10:01:52 WARNING vsmserver.shadow: Rejected shadowing for user båsse. User is not listed in /vsmserver/allowed_shadowers
2014-05-30 10:01:52 WARNING vsmserver.shadow: User with uid 1004 does not have permission to list sessions for tester
Comment 4 Pierre Ossman cendio 2016-12-28 11:12:30 CET 
Works fine now. Tested with username 'båsse' on Fedora 24. Also included unit tests.
Comment 5 Pierre Ossman cendio 2016-12-30 11:15:16 CET 
Also broken when the user being shadowed is non-ascii:

2016-12-30 11:13:59 ERROR vsmserver: Unhandled XMLRPC exception: <type 'exceptions.UnicodeEncodeError'> 'ascii' codec can't encode character u'\xe5' in position 1: ordinal not in range(128) Traceback (most recent call last):
  File "/opt/thinlinc/modules/thinlinc/vsm/async.py", line 105, in i1Iii
    obj . handle_read_event ( )
  File "/usr/lib64/python2.7/asyncore.py", line 449, in handle_read_event
    self.handle_read()
  File "/usr/lib64/python2.7/asynchat.py", line 147, in handle_read
    self.found_terminator()
  File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 530, in found_terminator
    self . handle_request ( )
  File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 544, in handle_request
    self . handle_method ( )
  File "/opt/thinlinc/modules/thinlinc/vsm/usersocketserverchannel.py", line 75, in handle_method
    self . uid )
  File "/opt/thinlinc/modules/thinlinc/vsm/handler_getusersessions.py", line 25, in handle
    I1IiI = pwd . getpwnam ( I1IiI ) . pw_name
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe5' in position 1: ordinal not in range(128)
Comment 7 Pierre Ossman cendio 2017-01-03 11:12:43 CET 
Works both ways now.
Comment 8 Samuel Mannehed cendio 2017-01-04 09:58:58 CET 
Tester should verify:

* User with non-ASCII username can shadow
* User with non-ASCII username can be shadowed
Comment 9 Pierre Ossman cendio 2017-01-04 10:09:09 CET 
I suspect we might have broken shadowing if case-insensitive users here. Need to have a look.
Comment 11 Bojan Memetovic cendio 2017-01-05 12:19:13 CET 
Following solutions was tested on Fedora 24. 
1. Identify that problem exist (test shadowing on older 4.7 server)
 - User with non-ASCII(Serbian Cyrillic) username can't shadow
 - User with non-ASCII(Serbian Cyrillic) username can't be shadowed
2. After downloading the newest server verified that shadowing works:
 - User with non-ASCII(Serbian Cyrillic) username can shadow
 - User with non-ASCII(Serbian Cyrillic) username can be shadowed
Note You need to log in before you can comment on or make changes to this bug.