It seems like vsmserver doesn't support shadowers with non-ASCII usernames. For example, tester's session can be shadowed by user samuel but not by user båsse.
/opt/thinlinc/modules/thinlinc/vsm/vsmcommon.py:507: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal
if not shadower . lower ( ) in I11IIIi :
2014-05-30 09:54:13 INFO vsmserver.shadow: User with uid 4036 requested shadowing of 127.0.0.1:1 (uid 1003)
2014-05-30 09:54:13 INFO vsmserver: Verifying that agent 127.0.0.1 running existing session for tester is alive
2014-05-30 09:54:13 INFO vsmserver: Verifying session 127.0.0.1:1 for tester
2014-05-30 10:01:52 WARNING vsmserver.shadow: Rejected shadowing for user båsse. User is not listed in /vsmserver/allowed_shadowers
2014-05-30 10:01:52 WARNING vsmserver.shadow: User with uid 1004 does not have permission to list sessions for tester
Works fine now. Tested with username 'båsse' on Fedora 24. Also included unit tests.
Also broken when the user being shadowed is non-ascii:
2016-12-30 11:13:59 ERROR vsmserver: Unhandled XMLRPC exception: <type 'exceptions.UnicodeEncodeError'> 'ascii' codec can't encode character u'\xe5' in position 1: ordinal not in range(128) Traceback (most recent call last):
File "/opt/thinlinc/modules/thinlinc/vsm/async.py", line 105, in i1Iii
obj . handle_read_event ( )
File "/usr/lib64/python2.7/asyncore.py", line 449, in handle_read_event
File "/usr/lib64/python2.7/asynchat.py", line 147, in handle_read
File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 530, in found_terminator
self . handle_request ( )
File "/opt/thinlinc/modules/thinlinc/vsm/xmlrpc.py", line 544, in handle_request
self . handle_method ( )
File "/opt/thinlinc/modules/thinlinc/vsm/usersocketserverchannel.py", line 75, in handle_method
self . uid )
File "/opt/thinlinc/modules/thinlinc/vsm/handler_getusersessions.py", line 25, in handle
I1IiI = pwd . getpwnam ( I1IiI ) . pw_name
UnicodeEncodeError: 'ascii' codec can't encode character u'\xe5' in position 1: ordinal not in range(128)
Works both ways now.
Tester should verify:
* User with non-ASCII username can shadow
* User with non-ASCII username can be shadowed
I suspect we might have broken shadowing if case-insensitive users here. Need to have a look.
Following solutions was tested on Fedora 24.
1. Identify that problem exist (test shadowing on older 4.7 server)
- User with non-ASCII(Serbian Cyrillic) username can't shadow
- User with non-ASCII(Serbian Cyrillic) username can't be shadowed
2. After downloading the newest server verified that shadowing works:
- User with non-ASCII(Serbian Cyrillic) username can shadow
- User with non-ASCII(Serbian Cyrillic) username can be shadowed