search

liftoff / GateOne

Gate One is an HTML5-powered terminal emulator and SSH client
http://liftoffsoftware.com/Products/GateOne
Other
6.28k stars 925 forks source link

CAS authentication and unicode usernames #467

Open rene00 opened 9 years ago

rene00 commented 9 years ago

The CAS authentication module does not appear to support unicode usernames.

20access.conf

{
    "user.upn=(tùxtàilôr_)": {
        "terminal": {
            "allow": true
        }
    }
}

After CAS URL redirect, I get this stacktrace.

Traceback (most recent call last):
  File "/opt/virtualenvs/gateone/lib/python2.7/site-packages/tornado/web.py", line 1320, in _stack_context_handle_exception
    raise_exc_info((type, value, traceback))
  File "/opt/virtualenvs/gateone/lib/python2.7/site-packages/tornado/stack_context.py", line 302, in wrapped
    ret = fn(*args, **kwargs)
  File "/opt/virtualenvs/gateone/lib/python2.7/site-packages/gateone/auth/authentication.py", line 696, in _on_auth
    self.user_login(user)
  File "/opt/virtualenvs/gateone/lib/python2.7/site-packages/gateone/auth/authentication.py", line 156, in user_login
    user_dir = os.path.join(self.settings['user_dir'], user['upn'])
  File "/opt/virtualenvs/gateone/lib64/python2.7/posixpath.py", line 80, in join
    path += '/' + b
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 2: ordinal not in range(128)

Some system details.

node-1:~ # locale
LANG=en_AU.UTF-8
LC_CTYPE="en_AU.UTF-8"
LC_NUMERIC="en_AU.UTF-8"
LC_TIME="en_AU.UTF-8"
LC_COLLATE="en_AU.UTF-8"
LC_MONETARY="en_AU.UTF-8"
LC_MESSAGES="en_AU.UTF-8"
LC_PAPER="en_AU.UTF-8"
LC_NAME="en_AU.UTF-8"
LC_ADDRESS="en_AU.UTF-8"
LC_TELEPHONE="en_AU.UTF-8"
LC_MEASUREMENT="en_AU.UTF-8"
LC_IDENTIFICATION="en_AU.UTF-8"
LC_ALL=
node-1:~ # /opt/virtualenvs/gateone/bin/python --version
Python 2.7.6
node-1:~ # lsb_release -a
LSB Version:    core-2.0-noarch:core-3.2-noarch:core-4.0-noarch:core-2.0-x86_64:core-3.2-x86_64:core-4.0-x86_64:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch
Distributor ID: openSUSE project
Description:    openSUSE 13.1 (Bottle) (x86_64)
Release:    13.1
Codename:   Bottle
rene00 commented 9 years ago

This patch allows me to log into Gate One with an unicode CAS username.

--- lib/python2.7/site-packages/gateone/auth/authentication.py  2014-09-16 15:11:29.000000000 +0000
+++ lib/python2.7/site-packages/gateone/auth/authentication.py.344cac79-eefe-1f53-eec9-5406cc9136a5 2014-09-26 05:32:59.669244454 +0000
@@ -153,8 +153,8 @@
         user.update(additional_attributes(user))
         # Make a directory to store this user's settings/files/logs/etc
         try:
-            user_dir = os.path.join(self.settings['user_dir'], user['upn'])
-            if not os.path.exists(user_dir):
+            user_dir = os.path.join(self.settings['user_dir'], user['upn'].decode('utf-8'))
+            if not os.path.exists(user_dir.encode('utf-8')):
                 logging.info(_("Creating user directory: %s" % user_dir))
                 mkdir_p(user_dir)
                 os.chmod(user_dir, 0o700)
@@ -165,7 +165,7 @@
                 "your system's locale to something that supports Unicode "
                 "characters. "))
             return
-        session_file = os.path.join(user_dir, 'session')
+        session_file = os.path.join(user_dir.encode('utf-8'), 'session')
         session_file_exists = os.path.exists(session_file)
         if session_file_exists:
             session_data = open(session_file).read()

My session dir /var/lib/gateone/users/tùxtàilôr_ is created as expected. I'm running ext4 so cant comment on how any other filesystem will handle the UTF-8 encoding.